void HttpsServer::incomingConnection(qintptr socketDescriptor)
#endif
{
QSslSocket* sslSocket = new QSslSocket(this);
if (sslSocket->setSocketDescriptor(socketDescriptor))
{
sslSocket->setPrivateKey(privateKey());
sslSocket->setLocalCertificate(certificate());
sslSocket->startServerEncryption();
connect(sslSocket, SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(sslSocket_sslErrors(QList<QSslError>)));
connect(sslSocket, SIGNAL(encrypted()), this, SLOT(sslSocket_encrypted()));
addPendingConnection(sslSocket);
nextPendingConnection();
createHttpConnection()->initialize(sslSocket, sslSocket);
}
else
{
qWarning() << "HttpsServer::incomingConnection: failed to set socket descriptor '" << socketDescriptor << "' on ssl socket.";
delete sslSocket;
}
}
void QSslServer::incomingConnection(qintptr socket)
{
QSslSocket *pSslSocket = new QSslSocket();
if (Q_LIKELY(pSslSocket)) {
pSslSocket->setSslConfiguration(m_sslConfiguration);
if (Q_LIKELY(pSslSocket->setSocketDescriptor(socket)))
{
typedef void (QSslSocket::* sslErrorsSignal)(const QList<QSslError> &);
#if QT_VERSION >= QT_VERSION_CHECK(5, 0, 2)
connect(pSslSocket, &QSslSocket::peerVerifyError, this, &QSslServer::peerVerifyError);
connect(pSslSocket, &QSslSocket::encrypted, this, &QSslServer::newEncryptedConnection);
#else
connect(pSslSocket,SIGNAL(peerVerifyError(QSslError)), this, SIGNAL(peerVerifyError(QSslError)));
connect(pSslSocket, SIGNAL(sslErrors(QList<QSslError>)), this, SIGNAL(sslErrors(QList<QSslError>)));
connect(pSslSocket, SIGNAL(encrypted()), this, SIGNAL(newEncryptedConnection()));
#endif
addPendingConnection(pSslSocket);
pSslSocket->startServerEncryption();
}
else
{
delete pSslSocket;
}
}
}
void QTlsServer::incomingConnection(int socketDescriptor)
{
QSslSocket* serverSocket = new QSslSocket;
QObject::connect(serverSocket, SIGNAL(sslErrors(const QList<QSslError>&)), this, SLOT(displayTlsErrors(const QList<QSslError>&)));
if (serverSocket->setSocketDescriptor(socketDescriptor))
{
QFile file("server-key.pem");
if (!file.open(QIODevice::ReadOnly))
{
std::cout << "can't open key" << "server-key.pem";
return;
}
QSslKey key(&file, QSsl::Rsa, QSsl::Pem, QSsl::PrivateKey, QByteArray("qtwebsocket-server-key"));
file.close();
serverSocket->setPrivateKey(key);
if (!serverSocket->addCaCertificates("ca.pem"))
{
std::cout << "open certificate ca error" << "ca.pem";
return;
}
serverSocket->setLocalCertificate("server-crt.pem");
serverSocket->setPeerVerifyMode(QSslSocket::VerifyNone);
//serverSocket->ignoreSslErrors();
QObject::connect(serverSocket, SIGNAL(encrypted()), this, SLOT(tlsSocketEncrypted()));
serverSocket->startServerEncryption();
}
else
{
serverSocket->deleteLater();
}
}
//We received a UDP package and answered by connecting to them by TCP. This gets called on a succesful connection.
void LanLinkProvider::connected()
{
qCDebug(KDECONNECT_CORE) << "Socket connected";
QSslSocket* socket = qobject_cast<QSslSocket*>(sender());
if (!socket) return;
disconnect(socket, &QAbstractSocket::connected, this, &LanLinkProvider::connected);
disconnect(socket, SIGNAL(error(QAbstractSocket::SocketError)), this, SLOT(connectError()));
configureSocket(socket);
// If socket disconnects due to any reason after connection, link on ssl faliure
connect(socket, &QAbstractSocket::disconnected, socket, &QObject::deleteLater);
NetworkPackage* receivedPackage = receivedIdentityPackages[socket].np;
const QString& deviceId = receivedPackage->get<QString>(QStringLiteral("deviceId"));
//qCDebug(KDECONNECT_CORE) << "Connected" << socket->isWritable();
// If network is on ssl, do not believe when they are connected, believe when handshake is completed
NetworkPackage np2(QLatin1String(""));
NetworkPackage::createIdentityPackage(&np2);
socket->write(np2.serialize());
bool success = socket->waitForBytesWritten();
if (success) {
qCDebug(KDECONNECT_CORE) << "TCP connection done (i'm the existing device)";
// if ssl supported
if (receivedPackage->get<int>(QStringLiteral("protocolVersion")) >= MIN_VERSION_WITH_SSL_SUPPORT) {
bool isDeviceTrusted = KdeConnectConfig::instance()->trustedDevices().contains(deviceId);
configureSslSocket(socket, deviceId, isDeviceTrusted);
qCDebug(KDECONNECT_CORE) << "Starting server ssl (I'm the client TCP socket)";
connect(socket, &QSslSocket::encrypted, this, &LanLinkProvider::encrypted);
if (isDeviceTrusted) {
connect(socket, SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(sslErrors(QList<QSslError>)));
}
socket->startServerEncryption();
return; // Return statement prevents from deleting received package, needed in slot "encrypted"
} else {
qWarning() << receivedPackage->get<QString>(QStringLiteral("deviceName")) << "uses an old protocol version, this won't work";
//addLink(deviceId, socket, receivedPackage, LanDeviceLink::Remotely);
}
} else {
//I think this will never happen, but if it happens the deviceLink
//(or the socket that is now inside it) might not be valid. Delete them.
qCDebug(KDECONNECT_CORE) << "Fallback (2), try reverse connection (send udp packet)";
mUdpSocket.writeDatagram(np2.serialize(), receivedIdentityPackages[socket].sender, PORT);
}
delete receivedIdentityPackages.take(socket).np;
//We don't delete the socket because now it's owned by the LanDeviceLink
}
QTcpSocket *Nuria::Internal::TcpServer::handleToSocket (qintptr handle) {
if (!this->m_ssl) {
QTcpSocket *socket = new QTcpSocket;
socket->setSocketDescriptor (handle);
return socket;
}
// SSL
#ifndef NURIA_NO_SSL_HTTP
QSslSocket *socket = new QSslSocket (this);
// Certificate and private key
socket->setPrivateKey (this->m_key);
socket->setLocalCertificate (this->m_cert);
// Set handle
if (!socket->setSocketDescriptor (handle)) {
delete socket;
return nullptr;
}
//
socket->startServerEncryption ();
return socket;
#else
return nullptr;
#endif
}
HttpServer::HttpServer( QAbstractSocket * parent )
: Protocol( parent, defaultTimeout ), state( ReadingHeader )
{
#ifdef DEBUG_XMLRPC
qDebug() << this << "HttpServer():" << parent;
#endif
connect( socket, SIGNAL( readyRead() ), this, SLOT( slotReadyRead() ) );
connect( socket, SIGNAL( bytesWritten(qint64) ), this, SLOT( slotBytesWritten(qint64) ) );
#ifndef QT_NO_OPENSSL
if ( socket->inherits( "QSslSocket" ) )
{
QSslSocket *sslServer = qobject_cast<QSslSocket *>( socket );
sslServer->startServerEncryption();
}
else
{
if ( socket->bytesAvailable() > 0 )
{
slotReadyRead();
}
}
#else
if ( socket->bytesAvailable() > 0 )
{
slotReadyRead();
}
#endif
}
void SshServer::slot_newIncommingConnection( int socketDescriptor )
{
QSslSocket* sslSocket = new QSslSocket();
// before the handshake, we need to adjust some security parameters for SSL
QSsl::SslProtocol sslProtocol;
if( "SSL-v3" == _sshServerSettings._version )
sslProtocol = QSsl::SslV3;
else if( "TLS-v1" == _sshServerSettings._version )
sslProtocol = QSsl::TlsV1;
else
{
logError( this, "no valid SSL version to use" );
delete sslSocket;
return;
}
QSsl::EncodingFormat ecodingFormat = ("PER"==_sshServerSettings._format) ? QSsl::Pem : QSsl::Der;
QSsl::KeyAlgorithm algorithm = ("RSA"==_sshServerSettings._cipher) ? QSsl::Rsa : QSsl::Dsa;
QByteArray password;
// setting the SSL version to use
sslSocket->setProtocol( sslProtocol );
// ensure that the peer's certificate will be verified
sslSocket->setPeerVerifyMode( QSslSocket::VerifyPeer );
// ensure that the peer's cerficiate and its issuer's certificate will be verified
sslSocket->setPeerVerifyDepth( 2 );
// setting server's certificate
sslSocket->setLocalCertificate( _sshServerSettings._certificate, ecodingFormat );
// setting server's private key
sslSocket->setPrivateKey( _sshServerSettings._privateKey, algorithm, ecodingFormat, password );
// setting the CA ceritificate
QList<QSslCertificate> caCertificates = QSslCertificate::fromPath( _sshServerSettings._certificate, ecodingFormat );
sslSocket->setDefaultCaCertificates( caCertificates );
// setup some traps for the socket events
connect( sslSocket, SIGNAL(disconnected()), sslSocket, SLOT(deleteLater()) );
connect( sslSocket, SIGNAL(encrypted()), SLOT(slot_SuccessfulConnected()) );
connect( sslSocket, SIGNAL(sslErrors(const QList<QSslError>&)), this, SLOT(slot_UnSuccessfulConnected(const QList<QSslError>&)) );
connect( sslSocket, SIGNAL(readyRead()), this, SLOT(slot_IncommingData()) );
// start the handshake
bool result = sslSocket->setSocketDescriptor( socketDescriptor );
if( false == result )
{
logError( this, QString("failed to set socket descriptor: %1").arg(sslSocket->errorString()) );
delete sslSocket;
return;
}
sslSocket->startServerEncryption();
}
//! [1]
void SslServer::incomingConnection(qintptr socketDescriptor)
{
QSslSocket *serverSocket = new QSslSocket;
if (serverSocket->setSocketDescriptor(socketDescriptor)) {
connect(serverSocket, SIGNAL(encrypted()), this, SLOT(ready()));
serverSocket->startServerEncryption();
} else {
delete serverSocket;
}
}
//! [1]
void SslServer::incomingConnection(qintptr socketDescriptor)
{
QSslSocket *serverSocket = new QSslSocket;
if (serverSocket->setSocketDescriptor(socketDescriptor)) {
addPendingConnection(serverSocket);
connect(serverSocket, &QSslSocket::encrypted, this, &SslServer::ready);
serverSocket->startServerEncryption();
} else {
delete serverSocket;
}
}
QAbstractSocket* SslSocketCreation::operator()() const {
QSslSocket* socket = new QSslSocket();
socket->setSocketDescriptor(socketDescriptor);
socket->setLocalCertificate(certificate);
socket->setPrivateKey(privateKey);
socket->startServerEncryption();
return socket;
}
void CoreAuthHandler::startSsl()
{
#ifdef HAVE_SSL
QSslSocket *sslSocket = qobject_cast<QSslSocket *>(socket());
Q_ASSERT(sslSocket);
qDebug() << qPrintable(tr("Starting encryption for Client:")) << _peer->description();
connect(sslSocket, SIGNAL(sslErrors(const QList<QSslError> &)), SLOT(onSslErrors()));
sslSocket->flush(); // ensure that the write cache is flushed before we switch to ssl (bug 682)
sslSocket->startServerEncryption();
#endif
}
QAbstractSocket * HttpsSocket::createSocket(qintptr socketDescriptor)
{
QSslSocket * socket = new QSslSocket();
socket->setSocketDescriptor(socketDescriptor);
socket->setLocalCertificate(m_certificate);
socket->setPrivateKey(m_privateKey);
socket->startServerEncryption();
return socket;
}
void Transfer::onConnected()
{
QSslSocket *socket = qobject_cast<QSslSocket*>(mSocket);
if (socket) {
if (mDirection == TransferModel::Send) {
socket->startClientEncryption();
} else {
socket->startServerEncryption();
}
} else {
initTransfer();
}
}
QIODevice* QxtSslConnectionManager::incomingConnection(int socketDescriptor)
#endif
{
QSslSocket* socket = new QSslSocket(this);
if(socket->setSocketDescriptor(socketDescriptor)) {
socket->setLocalCertificate(qxt_d().localCertificate());
socket->setPrivateKey(qxt_d().privateKey());
if(qxt_d().autoEncrypt()) socket->startServerEncryption();
return socket;
} else {
delete socket;
return 0;
}
}
// Accept connection from server and initiate the SSL handshake
void Server::acceptConnection()
{
QSslSocket *socket = server.nextPendingConnection();
assert(socket);
// QSslSocket emits the encrypted() signal after the encrypted connection is established
connect(socket, SIGNAL(encrypted()), this, SLOT(handshakeComplete()));
// Report any SSL errors that occur
connect(socket, SIGNAL(sslErrors(const QList<QSslError> &)), this, SLOT(sslErrors(const QList<QSslError> &)));
connect(socket, SIGNAL(error(QAbstractSocket::SocketError)), this, SLOT(connectionFailure()));
socket->setPrivateKey(key);
socket->setLocalCertificate(certificate);
socket->setPeerVerifyMode(QSslSocket::VerifyNone);
socket->startServerEncryption();
}
void QxtSslServer::incomingConnection(int socketDescriptor)
#endif
{
QSslSocket* socket = new QSslSocket(this);
if(socket->setSocketDescriptor(socketDescriptor)) {
socket->setLocalCertificate(qxt_d().localCertificate);
socket->setPrivateKey(qxt_d().privateKey);
if(parent()){
connect(socket, SIGNAL(sslErrors(const QList<QSslError>&)),
parent(), SLOT(sslErrors(const QList<QSslError>&)));
connect(socket, SIGNAL(peerVerifyError(const QSslError&)),
parent(), SLOT(peerVerifyError(const QSslError&)));
}
qxt_d().pendingConnections.enqueue(socket);
// emit newConnection(); // removed: QTcpServerPrivate emits this for us
if(qxt_d().autoEncrypt) socket->startServerEncryption();
} else {
delete socket;
}
}
/*!
Called when a new connection is established.
Converts \a socket to a QSslSocket.
\internal
*/
void QSslServer::incomingConnection(qintptr socket)
{
QSslSocket *pSslSocket = new QSslSocket();
if (Q_LIKELY(pSslSocket)) {
pSslSocket->setSslConfiguration(m_sslConfiguration);
if (Q_LIKELY(pSslSocket->setSocketDescriptor(socket))) {
connect(pSslSocket, &QSslSocket::peerVerifyError, this, &QSslServer::peerVerifyError);
typedef void (QSslSocket::* sslErrorsSignal)(const QList<QSslError> &);
connect(pSslSocket, static_cast<sslErrorsSignal>(&QSslSocket::sslErrors),
this, &QSslServer::sslErrors);
connect(pSslSocket, &QSslSocket::encrypted, this, &QSslServer::newEncryptedConnection);
addPendingConnection(pSslSocket);
pSslSocket->startServerEncryption();
} else {
delete pSslSocket;
}
}
}
void SSLServer::incomingConnection(int socketDescriptor)
{
// On an incoming connection we want
// to create a new secure socket.
QSslSocket *secureSocket = new QSslSocket;
// Add to list so that we can find it with
// nextConnection
m_secureSocketList.append(secureSocket);
// We need to read in the local certificate and
// and the private key that we generated
// with openssl. Read the README to see
// how these are generated.
secureSocket->setLocalCertificate("cacert.pem");
secureSocket->setPrivateKey("privkey.pem");
// check that the certificate / private key are not null
if (secureSocket->localCertificate().isNull()) {
qDebug() << "WARNING: The local certificate appears to be null! ";
}
if (secureSocket->privateKey().isNull()) {
qDebug() << "WARNING: The private key appears to be null! ";
}
// debug message on success
qDebug() << "Created the SSL socket, Read local cert. / private key files";
// From incoming connection we obtain the socket descriptor,
// we associate this with our new SSL socket
secureSocket->setSocketDescriptor(socketDescriptor);
// Begin encryption. Note from the documentation
// all the key stuff must be done prior to doing this.
secureSocket->startServerEncryption();
qDebug() << "Started encryption for new secure socket";
}
void SslServer::newConnectionPrivate(qintptr descriptor)
{
QSslSocket *socket = new QSslSocket(this);
socket->setSocketDescriptor(descriptor);
if (m_max_connections == 0)
{
socket->abort();
return;
}
socket->setProtocol(QSsl::TlsV1_2OrLater);
socket->addCaCertificate(m_cert);
socket->setLocalCertificate(m_cert);
socket->setPrivateKey(m_key);
//New connection done, set one less available connection
m_max_connections--;
QByteArray m_buffer;
qint32 size = 0;
m_socket_list.append(socket);
m_descriptor_hash.insert(socket, descriptor);
m_socket_hash.insert(descriptor, socket);
m_buffer_hash.insert(socket, m_buffer);
m_size_hash.insert(socket, size);
connect(socket, &QSslSocket::encrypted, this, &SslServer::encrypted);
connect(socket, &QSslSocket::disconnected, this, &SslServer::disconnectedPrivate);
connect(socket, static_cast<void(QSslSocket::*)(const QList<QSslError>&)>(&QSslSocket::sslErrors), this, &SslServer::sslErrors);
m_alive_hash[socket].start();
socket->startServerEncryption();
}
void Client::startTls()
{
QSslSocket *socket = qobject_cast<QSslSocket*>(d->socket);
Q_ASSERT(socket);
socket->startServerEncryption();
}
void WebSocketWorker::SetupSocket()
{
if (m_connectionType == kSSLServer)
{
#ifndef QT_NO_OPENSSL
QSslSocket *pSslSocket = new QSslSocket();
if (pSslSocket->setSocketDescriptor(m_socketFD)
&& gCoreContext->CheckSubnet(pSslSocket))
{
pSslSocket->setSslConfiguration(m_sslConfig);
pSslSocket->startServerEncryption();
if (pSslSocket->waitForEncrypted(5000))
{
LOG(VB_HTTP, LOG_INFO, "SSL Handshake occurred, connection encrypted");
LOG(VB_HTTP, LOG_INFO, QString("Using %1 cipher").arg(pSslSocket->sessionCipher().name()));
}
else
{
LOG(VB_HTTP, LOG_WARNING, "SSL Handshake FAILED, connection terminated");
delete pSslSocket;
pSslSocket = nullptr;
}
}
else
{
delete pSslSocket;
pSslSocket = nullptr;
}
if (pSslSocket)
m_socket = dynamic_cast<QTcpSocket *>(pSslSocket);
else
return;
#else
return;
#endif
}
else // Plain old unencrypted socket
{
m_socket = new QTcpSocket();
m_socket->setSocketDescriptor(m_socketFD);
if (!gCoreContext->CheckSubnet(m_socket))
{
delete m_socket;
m_socket = nullptr;
return;
}
}
m_socket->setSocketOption(QAbstractSocket::KeepAliveOption, QVariant(1));
connect(m_socket, SIGNAL(readyRead()), SLOT(doRead()));
connect(m_socket, SIGNAL(disconnected()), SLOT(CloseConnection()));
// Setup heartbeat
m_heartBeat->setInterval(20000); // 20 second
m_heartBeat->setSingleShot(false);
connect(m_heartBeat, SIGNAL(timeout()), SLOT(SendHeartBeat()));
}
void LanLinkProvider::connected()
{
qCDebug(KDECONNECT_CORE) << "Socket connected";
QSslSocket* socket = qobject_cast<QSslSocket*>(sender());
if (!socket) return;
disconnect(socket, SIGNAL(connected()), this, SLOT(connected()));
disconnect(socket, SIGNAL(error(QAbstractSocket::SocketError)), this, SLOT(connectError()));
configureSocket(socket);
// If socket disconnects due to any reason after connection, link on ssl faliure
connect(socket, SIGNAL(disconnected()), socket, SLOT(deleteLater()));
NetworkPackage* receivedPackage = receivedIdentityPackages[socket].np;
const QString& deviceId = receivedPackage->get<QString>("deviceId");
//qCDebug(KDECONNECT_CORE) << "Connected" << socket->isWritable();
// If network is on ssl, do not believe when they are connected, believe when handshake is completed
NetworkPackage np2("");
NetworkPackage::createIdentityPackage(&np2);
socket->write(np2.serialize());
bool success = socket->waitForBytesWritten();
if (success) {
qCDebug(KDECONNECT_CORE) << "Handshaking done (i'm the existing device)";
// if ssl supported
if (receivedPackage->get<int>("protocolVersion") >= NetworkPackage::ProtocolVersion) {
// since I support ssl and remote device support ssl
socket->setPeerVerifyName(deviceId);
QString certString = KdeConnectConfig::instance()->getDeviceProperty(deviceId, "certificate", QString());
if (!certString.isEmpty()) {
qCDebug(KDECONNECT_CORE) << "Device trusted";
socket->addCaCertificate(QSslCertificate(certString.toLatin1()));
socket->setPeerVerifyMode(QSslSocket::VerifyPeer);
connect(socket, SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(sslErrors(QList<QSslError>)));
} else {
qCDebug(KDECONNECT_CORE) << "Device untrusted";
// Do not care about ssl errors here, socket will not be closed due to errors because of query peer
socket->setPeerVerifyMode(QSslSocket::QueryPeer);
connect(socket, SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(sslErrorsLogButIgnore(QList<QSslError>)));
}
qCDebug(KDECONNECT_CORE) << "Starting server ssl (I'm the client TCP socket)";
connect(socket, SIGNAL(encrypted()), this, SLOT(encrypted()));
socket->startServerEncryption();
return; // Return statement prevents from deleting received package, needed in slot "encrypted"
} else {
qWarning() << "Incompatible protocol version, this won't work";
//addLink(deviceId, socket, receivedPackage, LanDeviceLink::Remotely);
}
} else {
//I think this will never happen, but if it happens the deviceLink
//(or the socket that is now inside it) might not be valid. Delete them.
qCDebug(KDECONNECT_CORE) << "Fallback (2), try reverse connection (send udp packet)";
mUdpSocket.writeDatagram(np2.serialize(), receivedIdentityPackages[socket].sender, port);
}
delete receivedIdentityPackages.take(socket).np;
//We don't delete the socket because now it's owned by the LanDeviceLink
}
// Accept connection from server and initiate the SSL handshake
void Server::acceptConnection()
{
if (sockets.empty() == false)
std::cout << "Server is mad efor 1 connection also. Need to update to handle multiple connections" << std::endl;
QSslSocket *socket = dynamic_cast<QSslSocket *>(server.nextPendingConnection());
assert(socket);
// Report any SSL errors that occur
connect(socket, SIGNAL(sslErrors(const QList<QSslError> &)), this, SLOT(sslErrors(const QList<QSslError> &)));
connect(socket, SIGNAL(error(QAbstractSocket::SocketError)), this, SLOT(connectionFailure()));
// QSslSocket emits the encrypted() signal after the encrypted connection is established
#define _USE_ENCRYPTION
#ifdef _USE_ENCRYPTION
connect(socket, SIGNAL(encrypted()), this, SLOT(handshakeComplete()));
socket->setPrivateKey(key);
socket->setLocalCertificate(certificate);
socket->setPeerVerifyMode(QSslSocket::VerifyNone);
socket->startServerEncryption();
#else
connect(socket, SIGNAL(disconnected()), this, SLOT(connectionClosed()));
connect(socket, SIGNAL(readyRead()), this, SLOT(receiveMessage()));
sockets.push_back(socket);
std::cout << "Accepted connection from " << socket->peerAddress().toString().toStdString() << ":" << socket->peerPort() << " .Encrypted : " << socket->isEncrypted() << std::endl;
#endif
}
