/*!
\internal
*/
void QWebSocketPrivate::processHandshake(QTcpSocket *pSocket)
{
Q_Q(QWebSocket);
if (Q_UNLIKELY(!pSocket))
return;
bool ok = false;
QString errorDescription;
const QString regExpStatusLine(QStringLiteral("^(HTTP/[0-9]+\\.[0-9]+)\\s([0-9]+)\\s(.*)"));
const QRegularExpression regExp(regExpStatusLine);
const QString statusLine = readLine(pSocket);
QString httpProtocol;
int httpStatusCode;
QString httpStatusMessage;
const QRegularExpressionMatch match = regExp.match(statusLine);
if (Q_LIKELY(match.hasMatch())) {
QStringList tokens = match.capturedTexts();
tokens.removeFirst(); //remove the search string
if (tokens.length() == 3) {
httpProtocol = tokens[0];
httpStatusCode = tokens[1].toInt();
httpStatusMessage = tokens[2].trimmed();
ok = true;
}
}
if (Q_UNLIKELY(!ok)) {
errorDescription = QWebSocket::tr("Invalid statusline in response: %1.").arg(statusLine);
} else {
QString headerLine = readLine(pSocket);
QMap<QString, QString> headers;
while (!headerLine.isEmpty()) {
const QStringList headerField = headerLine.split(QStringLiteral(": "),
QString::SkipEmptyParts);
if (headerField.size() == 2) {
headers.insertMulti(headerField[0].toLower(), headerField[1]);
}
headerLine = readLine(pSocket);
}
const QString acceptKey = headers.value(QStringLiteral("sec-websocket-accept"),
QString());
const QString upgrade = headers.value(QStringLiteral("upgrade"), QString());
const QString connection = headers.value(QStringLiteral("connection"), QString());
// unused for the moment
// const QString extensions = headers.value(QStringLiteral("sec-websocket-extensions"),
// QString());
// const QString protocol = headers.value(QStringLiteral("sec-websocket-protocol"),
// QString());
const QString version = headers.value(QStringLiteral("sec-websocket-version"),
QString());
if (Q_LIKELY(httpStatusCode == 101)) {
//HTTP/x.y 101 Switching Protocols
bool conversionOk = false;
const float version = httpProtocol.midRef(5).toFloat(&conversionOk);
//TODO: do not check the httpStatusText right now
ok = !(acceptKey.isEmpty() ||
(!conversionOk || (version < 1.1f)) ||
(upgrade.toLower() != QStringLiteral("websocket")) ||
(connection.toLower() != QStringLiteral("upgrade")));
if (ok) {
const QString accept = calculateAcceptKey(m_key);
ok = (accept == acceptKey);
if (!ok)
errorDescription =
QWebSocket::tr("Accept-Key received from server %1 does not match the client key %2.")
.arg(acceptKey).arg(accept);
} else {
errorDescription =
QWebSocket::tr("QWebSocketPrivate::processHandshake: Invalid statusline in response: %1.")
.arg(statusLine);
}
} else if (httpStatusCode == 400) {
//HTTP/1.1 400 Bad Request
if (!version.isEmpty()) {
const QStringList versions = version.split(QStringLiteral(", "),
QString::SkipEmptyParts);
if (!versions.contains(QString::number(QWebSocketProtocol::currentVersion()))) {
//if needed to switch protocol version, then we are finished here
//because we cannot handle other protocols than the RFC one (v13)
errorDescription =
QWebSocket::tr("Handshake: Server requests a version that we don't support: %1.")
.arg(versions.join(QStringLiteral(", ")));
ok = false;
} else {
//we tried v13, but something different went wrong
errorDescription =
QWebSocket::tr("QWebSocketPrivate::processHandshake: Unknown error condition encountered. Aborting connection.");
ok = false;
}
}
} else {
errorDescription =
QWebSocket::tr("QWebSocketPrivate::processHandshake: Unhandled http status code: %1 (%2).")
.arg(httpStatusCode).arg(httpStatusMessage);
ok = false;
}
if (!ok) {
setErrorString(errorDescription);
Q_EMIT q->error(QAbstractSocket::ConnectionRefusedError);
} else {
//handshake succeeded
setSocketState(QAbstractSocket::ConnectedState);
Q_EMIT q->connected();
}
}
}
/*!
\internal
*/
void WebSocket::processHandshake(QTcpSocket *pSocket)
{
if (pSocket == 0)
{
return;
}
bool ok = false;
QString errorDescription;
const QString regExpStatusLine("^(HTTP/1.1)\\s([0-9]+)\\s(.*)");
const QRegExp regExp(regExpStatusLine);
QString statusLine = readLine(pSocket);
QString httpProtocol;
int httpStatusCode;
QString httpStatusMessage;
if (regExp.indexIn(statusLine) != -1)
{
QStringList tokens = regExp.capturedTexts();
tokens.removeFirst(); //remove the search string
if (tokens.length() == 3)
{
httpProtocol = tokens[0];
httpStatusCode = tokens[1].toInt();
httpStatusMessage = tokens[2].trimmed();
ok = true;
}
}
if (!ok)
{
errorDescription = "WebSocket::processHandshake: Invalid statusline in response: " + statusLine;
}
else
{
QString headerLine = readLine(pSocket);
QMap<QString, QString> headers;
while (!headerLine.isEmpty())
{
QStringList headerField = headerLine.split(QString(": "), QString::SkipEmptyParts);
headers.insertMulti(headerField[0], headerField[1]);
headerLine = readLine(pSocket);
}
QString acceptKey = headers.value("Sec-WebSocket-Accept", "");
QString upgrade = headers.value("Upgrade", "");
QString connection = headers.value("Connection", "");
QString extensions = headers.value("Sec-WebSocket-Extensions", "");
QString protocol = headers.value("Sec-WebSocket-Protocol", "");
QString version = headers.value("Sec-WebSocket-Version", "");
if (httpStatusCode == 101) //HTTP/1.1 101 Switching Protocols
{
//TODO: do not check the httpStatusText right now
ok = !(acceptKey.isEmpty() ||
(httpProtocol.toLower() != "http/1.1") ||
(upgrade.toLower() != "websocket") ||
(connection.toLower() != "upgrade"));
if (ok)
{
QString accept = calculateAcceptKey(m_key);
ok = (accept == acceptKey);
if (!ok)
{
errorDescription = "WebSocket::processHandshake: Accept-Key received from server " + acceptKey + " does not match the client key " + accept;
}
}
else
{
errorDescription = "WebSocket::processHandshake: Invalid statusline in response: " + statusLine;
}
}
else if (httpStatusCode == 400) //HTTP/1.1 400 Bad Request
{
if (!version.isEmpty())
{
QStringList versions = version.split(", ", QString::SkipEmptyParts);
if (!versions.contains("13"))
{
//if needed to switch protocol version, then we are finished here
//because we cannot handle other protocols than the RFC one (v13)
errorDescription = "WebSocket::processHandshake: Server requests a version that we don't support: " + versions.join(", ");
ok = false;
}
else
{
//we tried v13, but something different went wrong
errorDescription = "WebSocket::processHandshake: Unknown error condition encountered. Aborting connection.";
ok = false;
}
}
}
else
{
errorDescription = "WebSocket::processHandshake: Unhandled http status code " + QString::number(httpStatusCode);
ok = false;
}
if (!ok)
{
qDebug() << errorDescription;
setErrorString(errorDescription);
Q_EMIT error(QAbstractSocket::ConnectionRefusedError);
}
else
{
//handshake succeeded
setSocketState(QAbstractSocket::ConnectedState);
Q_EMIT connected();
}
}
}
/*!
\internal
*/
void QWebSocketPrivate::processHandshake(QTcpSocket *pSocket)
{
Q_Q(QWebSocket);
if (Q_UNLIKELY(!pSocket))
return;
// Reset handshake on a new connection.
if (m_handshakeState == AllDoneState)
m_handshakeState = NothingDoneState;
QString errorDescription;
switch (m_handshakeState) {
case NothingDoneState:
m_headers.clear();
m_handshakeState = ReadingStatusState;
// no break
case ReadingStatusState:
if (!pSocket->canReadLine())
return;
m_statusLine = pSocket->readLine();
if (Q_UNLIKELY(!parseStatusLine(m_statusLine, &m_httpMajorVersion, &m_httpMinorVersion, &m_httpStatusCode, &m_httpStatusMessage))) {
errorDescription = QWebSocket::tr("Invalid statusline in response: %1.").arg(QString::fromLatin1(m_statusLine));
break;
}
m_handshakeState = ReadingHeaderState;
// no break
case ReadingHeaderState:
while (pSocket->canReadLine()) {
QString headerLine = readLine(pSocket);
const QStringList headerField = headerLine.split(QStringLiteral(": "),
QString::SkipEmptyParts);
if (headerField.size() == 2) {
m_headers.insertMulti(headerField[0].toLower(), headerField[1]);
}
if (headerField.isEmpty()) {
m_handshakeState = ParsingHeaderState;
break;
}
}
if (m_handshakeState != ParsingHeaderState) {
if (pSocket->atEnd()) {
errorDescription = QWebSocket::tr("QWebSocketPrivate::processHandshake: Connection closed while reading header.");
break;
}
return;
}
// no break
case ParsingHeaderState: {
const QString acceptKey = m_headers.value(QStringLiteral("sec-websocket-accept"), QString());
const QString upgrade = m_headers.value(QStringLiteral("upgrade"), QString());
const QString connection = m_headers.value(QStringLiteral("connection"), QString());
// unused for the moment
// const QString extensions = m_headers.value(QStringLiteral("sec-websocket-extensions"),
// QString());
// const QString protocol = m_headers.value(QStringLiteral("sec-websocket-protocol"),
// QString());
const QString version = m_headers.value(QStringLiteral("sec-websocket-version"), QString());
bool ok = false;
if (Q_LIKELY(m_httpStatusCode == 101)) {
//HTTP/x.y 101 Switching Protocols
//TODO: do not check the httpStatusText right now
ok = !(acceptKey.isEmpty() ||
(m_httpMajorVersion < 1 || m_httpMinorVersion < 1) ||
(upgrade.toLower() != QStringLiteral("websocket")) ||
(connection.toLower() != QStringLiteral("upgrade")));
if (ok) {
const QString accept = calculateAcceptKey(m_key);
ok = (accept == acceptKey);
if (!ok)
errorDescription =
QWebSocket::tr("Accept-Key received from server %1 does not match the client key %2.")
.arg(acceptKey).arg(accept);
} else {
errorDescription =
QWebSocket::tr("QWebSocketPrivate::processHandshake: Invalid statusline in response: %1.")
.arg(QString::fromLatin1(m_statusLine));
}
} else if (m_httpStatusCode == 400) {
//HTTP/1.1 400 Bad Request
if (!version.isEmpty()) {
const QStringList versions = version.split(QStringLiteral(", "),
QString::SkipEmptyParts);
if (!versions.contains(QString::number(QWebSocketProtocol::currentVersion()))) {
//if needed to switch protocol version, then we are finished here
//because we cannot handle other protocols than the RFC one (v13)
errorDescription =
QWebSocket::tr("Handshake: Server requests a version that we don't support: %1.")
.arg(versions.join(QStringLiteral(", ")));
} else {
//we tried v13, but something different went wrong
errorDescription =
QWebSocket::tr("QWebSocketPrivate::processHandshake: Unknown error condition encountered. Aborting connection.");
}
} else {
errorDescription =
QWebSocket::tr("QWebSocketPrivate::processHandshake: Unknown error condition encountered. Aborting connection.");
}
} else {
errorDescription =
QWebSocket::tr("QWebSocketPrivate::processHandshake: Unhandled http status code: %1 (%2).")
.arg(m_httpStatusCode).arg(m_httpStatusMessage);
}
if (ok)
m_handshakeState = AllDoneState;
break;
}
case AllDoneState:
Q_UNREACHABLE();
break;
}
if (m_handshakeState == AllDoneState) {
// handshake succeeded
setSocketState(QAbstractSocket::ConnectedState);
Q_EMIT q->connected();
} else {
// handshake failed
m_handshakeState = AllDoneState;
setErrorString(errorDescription);
Q_EMIT q->error(QAbstractSocket::ConnectionRefusedError);
}
}
/*!
\internal
*/
QString QWebSocketHandshakeResponse::getHandshakeResponse(
const QWebSocketHandshakeRequest &request,
const QString &serverName,
bool isOriginAllowed,
const QList<QWebSocketProtocol::Version> &supportedVersions,
const QList<QString> &supportedProtocols,
const QList<QString> &supportedExtensions)
{
QStringList response;
m_canUpgrade = false;
if (!isOriginAllowed) {
if (!m_canUpgrade) {
m_error = QWebSocketProtocol::CC_POLICY_VIOLATED;
m_errorString = ("Access forbidden.");
response << QStringLiteral("HTTP/1.1 403 Access Forbidden");
}
} else {
if (request.isValid()) {
const QString acceptKey = calculateAcceptKey(request.key());
const QList<QString> matchingProtocols =
supportedProtocols.toSet().intersect(request.protocols().toSet()).toList();
const QList<QString> matchingExtensions =
supportedExtensions.toSet().intersect(request.extensions().toSet()).toList();
QList<QWebSocketProtocol::Version> matchingVersions =
request.versions().toSet().intersect(supportedVersions.toSet()).toList();
std::sort(matchingVersions.begin(), matchingVersions.end(),
std::greater<QWebSocketProtocol::Version>()); //sort in descending order
if (Q_UNLIKELY(matchingVersions.isEmpty())) {
m_error = QWebSocketProtocol::CC_PROTOCOL_ERROR;
m_errorString = ("Unsupported version requested.");
m_canUpgrade = false;
} else {
response << QStringLiteral("HTTP/1.1 101 Switching Protocols") <<
QStringLiteral("Upgrade: websocket") <<
QStringLiteral("Connection: Upgrade") <<
QStringLiteral("Sec-WebSocket-Accept: ") % acceptKey;
if (!matchingProtocols.isEmpty()) {
m_acceptedProtocol = matchingProtocols.first();
response << QStringLiteral("Sec-WebSocket-Protocol: ") % m_acceptedProtocol;
}
if (!matchingExtensions.isEmpty()) {
m_acceptedExtension = matchingExtensions.first();
response << QStringLiteral("Sec-WebSocket-Extensions: ") % m_acceptedExtension;
}
QString origin = request.origin().trimmed();
if (origin.isEmpty())
origin = QStringLiteral("*");
response << QStringLiteral("Server: ") % serverName <<
QStringLiteral("Access-Control-Allow-Credentials: false") <<
QStringLiteral("Access-Control-Allow-Methods: GET") <<
QStringLiteral("Access-Control-Allow-Headers: content-type") <<
QStringLiteral("Access-Control-Allow-Origin: ") % origin <<
QStringLiteral("Date: ") %
QDateTime::currentDateTimeUtc()
.toString(QStringLiteral("ddd, dd MMM yyyy hh:mm:ss 'GMT'"));
m_acceptedVersion = QWebSocketProtocol::currentVersion();
m_canUpgrade = true;
}
} else {
m_error = QWebSocketProtocol::CC_PROTOCOL_ERROR;
m_errorString = ("Bad handshake request received.");
m_canUpgrade = false;
}
if (Q_UNLIKELY(!m_canUpgrade)) {
response << QStringLiteral("HTTP/1.1 400 Bad Request");
QStringList versions;
Q_FOREACH (QWebSocketProtocol::Version version, supportedVersions)
versions << QString::number(static_cast<int>(version));
response << QStringLiteral("Sec-WebSocket-Version: ")
% versions.join(QStringLiteral(", "));
}
}
response << QStringLiteral("\r\n"); //append empty line at end of header
return response.join(QStringLiteral("\r\n"));
}
/*!
\internal
*/
QString QWebSocketHandshakeResponse::getHandshakeResponse(
const QWebSocketHandshakeRequest &request,
const QString &serverName,
bool isOriginAllowed,
const QList<QWebSocketProtocol::Version> &supportedVersions,
const QList<QString> &supportedProtocols,
const QList<QString> &supportedExtensions)
{
QStringList response;
m_canUpgrade = false;
if (!isOriginAllowed) {
if (!m_canUpgrade) {
m_error = QWebSocketProtocol::CloseCodePolicyViolated;
m_errorString = tr("Access forbidden.");
response << QStringLiteral("HTTP/1.1 403 Access Forbidden");
}
} else {
if (request.isValid()) {
const QString acceptKey = calculateAcceptKey(request.key());
const QList<QString> matchingProtocols =
supportedProtocols.toSet().intersect(request.protocols().toSet()).toList();
//TODO: extensions must be kept in the order in which they arrive
//cannot use set.intersect() to get the supported extensions
const QList<QString> matchingExtensions =
supportedExtensions.toSet().intersect(request.extensions().toSet()).toList();
QList<QWebSocketProtocol::Version> matchingVersions =
request.versions().toSet().intersect(supportedVersions.toSet()).toList();
std::sort(matchingVersions.begin(), matchingVersions.end(),
std::greater<QWebSocketProtocol::Version>()); //sort in descending order
if (Q_UNLIKELY(matchingVersions.isEmpty())) {
m_error = QWebSocketProtocol::CloseCodeProtocolError;
m_errorString = tr("Unsupported version requested.");
m_canUpgrade = false;
} else {
response << QStringLiteral("HTTP/1.1 101 Switching Protocols") <<
QStringLiteral("Upgrade: websocket") <<
QStringLiteral("Connection: Upgrade") <<
QStringLiteral("Sec-WebSocket-Accept: ") % acceptKey;
if (!matchingProtocols.isEmpty()) {
m_acceptedProtocol = matchingProtocols.first();
response << QStringLiteral("Sec-WebSocket-Protocol: ") % m_acceptedProtocol;
}
if (!matchingExtensions.isEmpty()) {
m_acceptedExtension = matchingExtensions.first();
response << QStringLiteral("Sec-WebSocket-Extensions: ") % m_acceptedExtension;
}
QString origin = request.origin().trimmed();
if (origin.contains(QStringLiteral("\r\n")) ||
serverName.contains(QStringLiteral("\r\n"))) {
m_error = QWebSocketProtocol::CloseCodeAbnormalDisconnection;
m_errorString = tr("One of the headers contains a newline. " \
"Possible attack detected.");
m_canUpgrade = false;
} else {
if (origin.isEmpty())
origin = QStringLiteral("*");
response << QStringLiteral("Server: ") % serverName <<
QStringLiteral("Access-Control-Allow-Credentials: false") <<
QStringLiteral("Access-Control-Allow-Methods: GET") <<
QStringLiteral("Access-Control-Allow-Headers: content-type") <<
QStringLiteral("Access-Control-Allow-Origin: ") % origin <<
QStringLiteral("Date: ") %
QDateTime::currentDateTimeUtc()
.toString(QStringLiteral("ddd, dd MMM yyyy hh:mm:ss 'GMT'"));
m_acceptedVersion = QWebSocketProtocol::currentVersion();
m_canUpgrade = true;
}
}
} else {
m_error = QWebSocketProtocol::CloseCodeProtocolError;
m_errorString = tr("Bad handshake request received.");
m_canUpgrade = false;
}
if (Q_UNLIKELY(!m_canUpgrade)) {
response << QStringLiteral("HTTP/1.1 400 Bad Request");
QStringList versions;
Q_FOREACH (const QWebSocketProtocol::Version &version, supportedVersions)
versions << QString::number(static_cast<int>(version));
response << QStringLiteral("Sec-WebSocket-Version: ")
% versions.join(QStringLiteral(", "));
}
}
