1 /**************************************************************************** 2 ** 3 ** Copyright (C) 2018 The Qt Company Ltd. 4 ** Contact: https://www.qt.io/licensing/ 5 ** 6 ** This file is part of the QtNetwork module of the Qt Toolkit. 7 ** 8 ** $QT_BEGIN_LICENSE:LGPL$ 9 ** Commercial License Usage 10 ** Licensees holding valid commercial Qt licenses may use this file in 11 ** accordance with the commercial license agreement provided with the 12 ** Software or, alternatively, in accordance with the terms contained in 13 ** a written agreement between you and The Qt Company. For licensing terms 14 ** and conditions see https://www.qt.io/terms-conditions. For further 15 ** information use the contact form at https://www.qt.io/contact-us. 16 ** 17 ** GNU Lesser General Public License Usage 18 ** Alternatively, this file may be used under the terms of the GNU Lesser 19 ** General Public License version 3 as published by the Free Software 20 ** Foundation and appearing in the file LICENSE.LGPL3 included in the 21 ** packaging of this file. Please review the following information to 22 ** ensure the GNU Lesser General Public License version 3 requirements 23 ** will be met: https://www.gnu.org/licenses/lgpl-3.0.html. 24 ** 25 ** GNU General Public License Usage 26 ** Alternatively, this file may be used under the terms of the GNU 27 ** General Public License version 2.0 or (at your option) the GNU General 28 ** Public license version 3 or any later version approved by the KDE Free 29 ** Qt Foundation. The licenses are as published by the Free Software 30 ** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3 31 ** included in the packaging of this file. Please review the following 32 ** information to ensure the GNU General Public License requirements will 33 ** be met: https://www.gnu.org/licenses/gpl-2.0.html and 34 ** https://www.gnu.org/licenses/gpl-3.0.html. 35 ** 36 ** $QT_END_LICENSE$ 37 ** 38 ****************************************************************************/ 39 40 #ifndef QSSLSOCKET_SCHANNEL_P_H 41 #define QSSLSOCKET_SCHANNEL_P_H 42 43 // 44 // W A R N I N G 45 // ------------- 46 // 47 // This file is not part of the Qt API. It exists purely as an 48 // implementation detail. This header file may change from version to 49 // version without notice, or even be removed. 50 // 51 // We mean it. 52 // 53 54 QT_REQUIRE_CONFIG(schannel); 55 56 #include <QtNetwork/private/qtnetworkglobal_p.h> 57 58 #include "qsslsocket_p.h" 59 60 #define SECURITY_WIN32 61 #include <security.h> 62 #include <schnlsp.h> 63 #undef SECURITY_WIN32 64 65 QT_BEGIN_NAMESPACE 66 67 class QSslSocketBackendPrivate final : public QSslSocketPrivate 68 { 69 Q_DISABLE_COPY_MOVE(QSslSocketBackendPrivate) 70 Q_DECLARE_PUBLIC(QSslSocket) 71 public: 72 QSslSocketBackendPrivate(); 73 ~QSslSocketBackendPrivate(); 74 75 // Platform specific functions 76 void startClientEncryption() override; 77 void startServerEncryption() override; 78 void transmit() override; 79 void disconnectFromHost() override; 80 void disconnected() override; 81 QSslCipher sessionCipher() const override; 82 QSsl::SslProtocol sessionProtocol() const override; 83 void continueHandshake() override; 84 85 static QList<QSslCipher> defaultCiphers(); 86 static QList<QSslError> verify(const QList<QSslCertificate> &certificateChain, 87 const QString &hostName); 88 static bool importPkcs12(QIODevice *device, QSslKey *key, QSslCertificate *cert, 89 QList<QSslCertificate> *caCertificates, const QByteArray &passPhrase); 90 91 private: 92 enum class SchannelState { 93 InitializeHandshake, // create and transmit context (client)/accept context (server) 94 PerformHandshake, // get token back, process it 95 VerifyHandshake, // Verify that things are OK 96 Done, // Connection encrypted! 97 Renegotiate // Renegotiating! 98 } schannelState = SchannelState::InitializeHandshake; 99 100 void reset(); 101 bool acquireCredentialsHandle(); 102 ULONG getContextRequirements(); 103 bool createContext(); // for clients 104 bool acceptContext(); // for server 105 bool performHandshake(); 106 bool verifyHandshake(); 107 bool renegotiate(); 108 109 bool sendToken(void *token, unsigned long tokenLength, bool emitError = true); 110 QString targetName() const; 111 112 bool checkSslErrors(); 113 void deallocateContext(); 114 void freeCredentialsHandle(); 115 void closeCertificateStores(); 116 void sendShutdown(); 117 118 void initializeCertificateStores(); 119 bool verifyCertContext(CERT_CONTEXT *certContext); 120 121 bool rootCertOnDemandLoadingAllowed(); 122 123 SecPkgContext_ConnectionInfo connectionInfo = {}; 124 SecPkgContext_StreamSizes streamSizes = {}; 125 126 CredHandle credentialHandle; // Initialized in ctor 127 CtxtHandle contextHandle; // Initialized in ctor 128 129 QByteArray intermediateBuffer; // data which is left-over or incomplete 130 131 QHCertStorePointer localCertificateStore = nullptr; 132 QHCertStorePointer peerCertificateStore = nullptr; 133 QHCertStorePointer caCertificateStore = nullptr; 134 135 const CERT_CONTEXT *localCertContext = nullptr; 136 137 ULONG contextAttributes = 0; 138 qint64 missingData = 0; 139 140 bool renegotiating = false; 141 }; 142 143 QT_END_NAMESPACE 144 145 #endif // QSSLSOCKET_SCHANNEL_P_H 146