1 /****************************************************************************
2 **
3 ** Copyright (C) 2017 The Qt Company Ltd.
4 ** Contact: https://www.qt.io/licensing/
5 **
6 ** This file is part of the QtNetwork module of the Qt Toolkit.
7 **
8 ** $QT_BEGIN_LICENSE:LGPL$
9 ** Commercial License Usage
10 ** Licensees holding valid commercial Qt licenses may use this file in
11 ** accordance with the commercial license agreement provided with the
12 ** Software or, alternatively, in accordance with the terms contained in
13 ** a written agreement between you and The Qt Company. For licensing terms
14 ** and conditions see https://www.qt.io/terms-conditions. For further
15 ** information use the contact form at https://www.qt.io/contact-us.
16 **
17 ** GNU Lesser General Public License Usage
18 ** Alternatively, this file may be used under the terms of the GNU Lesser
19 ** General Public License version 3 as published by the Free Software
20 ** Foundation and appearing in the file LICENSE.LGPL3 included in the
21 ** packaging of this file. Please review the following information to
22 ** ensure the GNU Lesser General Public License version 3 requirements
23 ** will be met: https://www.gnu.org/licenses/lgpl-3.0.html.
24 **
25 ** GNU General Public License Usage
26 ** Alternatively, this file may be used under the terms of the GNU
27 ** General Public License version 2.0 or (at your option) the GNU General
28 ** Public license version 3 or any later version approved by the KDE Free
29 ** Qt Foundation. The licenses are as published by the Free Software
30 ** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3
31 ** included in the packaging of this file. Please review the following
32 ** information to ensure the GNU General Public License requirements will
33 ** be met: https://www.gnu.org/licenses/gpl-2.0.html and
34 ** https://www.gnu.org/licenses/gpl-3.0.html.
35 **
36 ** $QT_END_LICENSE$
37 **
38 ****************************************************************************/
39
40 #include "qhstspolicy.h"
41
42 #include <QtCore/qdatetime.h>
43 #include <QtCore/qstring.h>
44
45 QT_BEGIN_NAMESPACE
46
47 /*!
48 \class QHstsPolicy
49 \brief The QHstsPolicy class specifies that a host supports HTTP Strict Transport
50 Security policy (HSTS).
51 \since 5.9
52 \ingroup network
53 \inmodule QtNetwork
54
55 HSTS policy defines a period of time during which QNetworkAccessManager
56 should only access a host in a secure fashion. HSTS policy is defined by
57 RFC6797.
58
59 You can set expiry time and host name for this policy, and control whether it
60 applies to subdomains, either in the constructor or by calling setExpiry(),
61 setHost() and setIncludesSubdomains().
62
63 \sa QNetworkAccessManager::setStrictTransportSecurityEnabled()
64 */
65
66 /*
67 \enum QHstsPolicy::PolicyFlag
68
69 Specifies attributes that a policy can have.
70
71 \value IncludeSubDomains HSTS policy also applies to subdomains.
72 */
73
74 class QHstsPolicyPrivate : public QSharedData
75 {
76 public:
77 QUrl url;
78 QDateTime expiry;
79 bool includeSubDomains = false;
80
operator ==(const QHstsPolicyPrivate & other) const81 bool operator == (const QHstsPolicyPrivate &other) const
82 {
83 return url.host() == other.url.host() && expiry == other.expiry
84 && includeSubDomains == other.includeSubDomains;
85 }
86 };
87
88 /*!
89 Returns \c true if the two policies have the same host and expiration date
90 while agreeing on whether to include or exclude subdomains.
91 */
operator ==(const QHstsPolicy & lhs,const QHstsPolicy & rhs)92 bool operator==(const QHstsPolicy &lhs, const QHstsPolicy &rhs)
93 {
94 return *lhs.d == *rhs.d;
95 }
96
97 /*!
98 Constructs an invalid (expired) policy with empty host name and subdomains
99 not included.
100 */
QHstsPolicy()101 QHstsPolicy::QHstsPolicy() : d(new QHstsPolicyPrivate)
102 {
103 }
104
105 /*!
106 \enum QHstsPolicy::PolicyFlag
107
108 \value IncludeSubDomains Indicates whether a policy must include subdomains
109 */
110
111 /*!
112 Constructs QHstsPolicy with \a expiry (in UTC); \a flags is a value indicating
113 whether this policy must also include subdomains, \a host data is interpreted
114 according to \a mode.
115
116 \sa QUrl::setHost(), QUrl::ParsingMode, QHstsPolicy::PolicyFlag
117 */
QHstsPolicy(const QDateTime & expiry,PolicyFlags flags,const QString & host,QUrl::ParsingMode mode)118 QHstsPolicy::QHstsPolicy(const QDateTime &expiry, PolicyFlags flags,
119 const QString &host, QUrl::ParsingMode mode)
120 : d(new QHstsPolicyPrivate)
121 {
122 d->url.setHost(host, mode);
123 d->expiry = expiry;
124 d->includeSubDomains = flags.testFlag(IncludeSubDomains);
125 }
126
127 /*!
128 Creates a copy of \a other object.
129 */
QHstsPolicy(const QHstsPolicy & other)130 QHstsPolicy::QHstsPolicy(const QHstsPolicy &other)
131 : d(new QHstsPolicyPrivate(*other.d))
132 {
133 }
134
135 /*!
136 Destructor.
137 */
~QHstsPolicy()138 QHstsPolicy::~QHstsPolicy()
139 {
140 }
141
142 /*!
143 Copy-assignment operator, makes a copy of \a other.
144 */
operator =(const QHstsPolicy & other)145 QHstsPolicy &QHstsPolicy::operator=(const QHstsPolicy &other)
146 {
147 d = other.d;
148 return *this;
149 }
150
151 /*!
152 Sets a host, \a host data is interpreted according to \a mode parameter.
153
154 \sa host(), QUrl::setHost(), QUrl::ParsingMode
155 */
setHost(const QString & host,QUrl::ParsingMode mode)156 void QHstsPolicy::setHost(const QString &host, QUrl::ParsingMode mode)
157 {
158 d->url.setHost(host, mode);
159 }
160
161 /*!
162 Returns a host for a given policy, formatted according to \a options.
163
164 \sa setHost(), QUrl::host(), QUrl::ComponentFormattingOptions
165 */
host(QUrl::ComponentFormattingOptions options) const166 QString QHstsPolicy::host(QUrl::ComponentFormattingOptions options) const
167 {
168 return d->url.host(options);
169 }
170
171 /*!
172 Sets the expiration date for the policy (in UTC) to \a expiry.
173
174 \sa expiry()
175 */
setExpiry(const QDateTime & expiry)176 void QHstsPolicy::setExpiry(const QDateTime &expiry)
177 {
178 d->expiry = expiry;
179 }
180
181 /*!
182 Returns the expiration date for the policy (in UTC).
183
184 \sa setExpiry()
185 */
expiry() const186 QDateTime QHstsPolicy::expiry() const
187 {
188 return d->expiry;
189 }
190
191 /*!
192 Sets whether subdomains are included for this policy to \a include.
193
194 \sa includesSubDomains()
195 */
setIncludesSubDomains(bool include)196 void QHstsPolicy::setIncludesSubDomains(bool include)
197 {
198 d->includeSubDomains = include;
199 }
200
201 /*!
202 Returns \c true if this policy also includes subdomains.
203
204 \sa setIncludesSubDomains()
205 */
includesSubDomains() const206 bool QHstsPolicy::includesSubDomains() const
207 {
208 return d->includeSubDomains;
209 }
210
211 /*!
212 Return \c true if this policy has a valid expiration date and this date
213 is greater than QDateTime::currentGetDateTimeUtc().
214
215 \sa setExpiry(), expiry()
216 */
isExpired() const217 bool QHstsPolicy::isExpired() const
218 {
219 return !d->expiry.isValid() || d->expiry <= QDateTime::currentDateTimeUtc();
220 }
221
222 /*!
223 \fn void QHstsPolicy::swap(QHstsPolicy &other)
224
225 Swaps this policy with the \a other policy.
226 */
227
228 QT_END_NAMESPACE
229