void HttpsServer::incomingConnection(qintptr socketDescriptor) #endif { QSslSocket* sslSocket = new QSslSocket(this); if (sslSocket->setSocketDescriptor(socketDescriptor)) { sslSocket->setPrivateKey(privateKey()); sslSocket->setLocalCertificate(certificate()); sslSocket->startServerEncryption(); connect(sslSocket, SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(sslSocket_sslErrors(QList<QSslError>))); connect(sslSocket, SIGNAL(encrypted()), this, SLOT(sslSocket_encrypted())); addPendingConnection(sslSocket); nextPendingConnection(); createHttpConnection()->initialize(sslSocket, sslSocket); } else { qWarning() << "HttpsServer::incomingConnection: failed to set socket descriptor '" << socketDescriptor << "' on ssl socket."; delete sslSocket; } }
void QSslServer::incomingConnection(qintptr socket) { QSslSocket *pSslSocket = new QSslSocket(); if (Q_LIKELY(pSslSocket)) { pSslSocket->setSslConfiguration(m_sslConfiguration); if (Q_LIKELY(pSslSocket->setSocketDescriptor(socket))) { typedef void (QSslSocket::* sslErrorsSignal)(const QList<QSslError> &); #if QT_VERSION >= QT_VERSION_CHECK(5, 0, 2) connect(pSslSocket, &QSslSocket::peerVerifyError, this, &QSslServer::peerVerifyError); connect(pSslSocket, &QSslSocket::encrypted, this, &QSslServer::newEncryptedConnection); #else connect(pSslSocket,SIGNAL(peerVerifyError(QSslError)), this, SIGNAL(peerVerifyError(QSslError))); connect(pSslSocket, SIGNAL(sslErrors(QList<QSslError>)), this, SIGNAL(sslErrors(QList<QSslError>))); connect(pSslSocket, SIGNAL(encrypted()), this, SIGNAL(newEncryptedConnection())); #endif addPendingConnection(pSslSocket); pSslSocket->startServerEncryption(); } else { delete pSslSocket; } } }
void QTlsServer::incomingConnection(int socketDescriptor) { QSslSocket* serverSocket = new QSslSocket; QObject::connect(serverSocket, SIGNAL(sslErrors(const QList<QSslError>&)), this, SLOT(displayTlsErrors(const QList<QSslError>&))); if (serverSocket->setSocketDescriptor(socketDescriptor)) { QFile file("server-key.pem"); if (!file.open(QIODevice::ReadOnly)) { std::cout << "can't open key" << "server-key.pem"; return; } QSslKey key(&file, QSsl::Rsa, QSsl::Pem, QSsl::PrivateKey, QByteArray("qtwebsocket-server-key")); file.close(); serverSocket->setPrivateKey(key); if (!serverSocket->addCaCertificates("ca.pem")) { std::cout << "open certificate ca error" << "ca.pem"; return; } serverSocket->setLocalCertificate("server-crt.pem"); serverSocket->setPeerVerifyMode(QSslSocket::VerifyNone); //serverSocket->ignoreSslErrors(); QObject::connect(serverSocket, SIGNAL(encrypted()), this, SLOT(tlsSocketEncrypted())); serverSocket->startServerEncryption(); } else { serverSocket->deleteLater(); } }
//We received a UDP package and answered by connecting to them by TCP. This gets called on a succesful connection. void LanLinkProvider::connected() { qCDebug(KDECONNECT_CORE) << "Socket connected"; QSslSocket* socket = qobject_cast<QSslSocket*>(sender()); if (!socket) return; disconnect(socket, &QAbstractSocket::connected, this, &LanLinkProvider::connected); disconnect(socket, SIGNAL(error(QAbstractSocket::SocketError)), this, SLOT(connectError())); configureSocket(socket); // If socket disconnects due to any reason after connection, link on ssl faliure connect(socket, &QAbstractSocket::disconnected, socket, &QObject::deleteLater); NetworkPackage* receivedPackage = receivedIdentityPackages[socket].np; const QString& deviceId = receivedPackage->get<QString>(QStringLiteral("deviceId")); //qCDebug(KDECONNECT_CORE) << "Connected" << socket->isWritable(); // If network is on ssl, do not believe when they are connected, believe when handshake is completed NetworkPackage np2(QLatin1String("")); NetworkPackage::createIdentityPackage(&np2); socket->write(np2.serialize()); bool success = socket->waitForBytesWritten(); if (success) { qCDebug(KDECONNECT_CORE) << "TCP connection done (i'm the existing device)"; // if ssl supported if (receivedPackage->get<int>(QStringLiteral("protocolVersion")) >= MIN_VERSION_WITH_SSL_SUPPORT) { bool isDeviceTrusted = KdeConnectConfig::instance()->trustedDevices().contains(deviceId); configureSslSocket(socket, deviceId, isDeviceTrusted); qCDebug(KDECONNECT_CORE) << "Starting server ssl (I'm the client TCP socket)"; connect(socket, &QSslSocket::encrypted, this, &LanLinkProvider::encrypted); if (isDeviceTrusted) { connect(socket, SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(sslErrors(QList<QSslError>))); } socket->startServerEncryption(); return; // Return statement prevents from deleting received package, needed in slot "encrypted" } else { qWarning() << receivedPackage->get<QString>(QStringLiteral("deviceName")) << "uses an old protocol version, this won't work"; //addLink(deviceId, socket, receivedPackage, LanDeviceLink::Remotely); } } else { //I think this will never happen, but if it happens the deviceLink //(or the socket that is now inside it) might not be valid. Delete them. qCDebug(KDECONNECT_CORE) << "Fallback (2), try reverse connection (send udp packet)"; mUdpSocket.writeDatagram(np2.serialize(), receivedIdentityPackages[socket].sender, PORT); } delete receivedIdentityPackages.take(socket).np; //We don't delete the socket because now it's owned by the LanDeviceLink }
QTcpSocket *Nuria::Internal::TcpServer::handleToSocket (qintptr handle) { if (!this->m_ssl) { QTcpSocket *socket = new QTcpSocket; socket->setSocketDescriptor (handle); return socket; } // SSL #ifndef NURIA_NO_SSL_HTTP QSslSocket *socket = new QSslSocket (this); // Certificate and private key socket->setPrivateKey (this->m_key); socket->setLocalCertificate (this->m_cert); // Set handle if (!socket->setSocketDescriptor (handle)) { delete socket; return nullptr; } // socket->startServerEncryption (); return socket; #else return nullptr; #endif }
HttpServer::HttpServer( QAbstractSocket * parent ) : Protocol( parent, defaultTimeout ), state( ReadingHeader ) { #ifdef DEBUG_XMLRPC qDebug() << this << "HttpServer():" << parent; #endif connect( socket, SIGNAL( readyRead() ), this, SLOT( slotReadyRead() ) ); connect( socket, SIGNAL( bytesWritten(qint64) ), this, SLOT( slotBytesWritten(qint64) ) ); #ifndef QT_NO_OPENSSL if ( socket->inherits( "QSslSocket" ) ) { QSslSocket *sslServer = qobject_cast<QSslSocket *>( socket ); sslServer->startServerEncryption(); } else { if ( socket->bytesAvailable() > 0 ) { slotReadyRead(); } } #else if ( socket->bytesAvailable() > 0 ) { slotReadyRead(); } #endif }
void SshServer::slot_newIncommingConnection( int socketDescriptor ) { QSslSocket* sslSocket = new QSslSocket(); // before the handshake, we need to adjust some security parameters for SSL QSsl::SslProtocol sslProtocol; if( "SSL-v3" == _sshServerSettings._version ) sslProtocol = QSsl::SslV3; else if( "TLS-v1" == _sshServerSettings._version ) sslProtocol = QSsl::TlsV1; else { logError( this, "no valid SSL version to use" ); delete sslSocket; return; } QSsl::EncodingFormat ecodingFormat = ("PER"==_sshServerSettings._format) ? QSsl::Pem : QSsl::Der; QSsl::KeyAlgorithm algorithm = ("RSA"==_sshServerSettings._cipher) ? QSsl::Rsa : QSsl::Dsa; QByteArray password; // setting the SSL version to use sslSocket->setProtocol( sslProtocol ); // ensure that the peer's certificate will be verified sslSocket->setPeerVerifyMode( QSslSocket::VerifyPeer ); // ensure that the peer's cerficiate and its issuer's certificate will be verified sslSocket->setPeerVerifyDepth( 2 ); // setting server's certificate sslSocket->setLocalCertificate( _sshServerSettings._certificate, ecodingFormat ); // setting server's private key sslSocket->setPrivateKey( _sshServerSettings._privateKey, algorithm, ecodingFormat, password ); // setting the CA ceritificate QList<QSslCertificate> caCertificates = QSslCertificate::fromPath( _sshServerSettings._certificate, ecodingFormat ); sslSocket->setDefaultCaCertificates( caCertificates ); // setup some traps for the socket events connect( sslSocket, SIGNAL(disconnected()), sslSocket, SLOT(deleteLater()) ); connect( sslSocket, SIGNAL(encrypted()), SLOT(slot_SuccessfulConnected()) ); connect( sslSocket, SIGNAL(sslErrors(const QList<QSslError>&)), this, SLOT(slot_UnSuccessfulConnected(const QList<QSslError>&)) ); connect( sslSocket, SIGNAL(readyRead()), this, SLOT(slot_IncommingData()) ); // start the handshake bool result = sslSocket->setSocketDescriptor( socketDescriptor ); if( false == result ) { logError( this, QString("failed to set socket descriptor: %1").arg(sslSocket->errorString()) ); delete sslSocket; return; } sslSocket->startServerEncryption(); }
//! [1] void SslServer::incomingConnection(qintptr socketDescriptor) { QSslSocket *serverSocket = new QSslSocket; if (serverSocket->setSocketDescriptor(socketDescriptor)) { connect(serverSocket, SIGNAL(encrypted()), this, SLOT(ready())); serverSocket->startServerEncryption(); } else { delete serverSocket; } }
//! [1] void SslServer::incomingConnection(qintptr socketDescriptor) { QSslSocket *serverSocket = new QSslSocket; if (serverSocket->setSocketDescriptor(socketDescriptor)) { addPendingConnection(serverSocket); connect(serverSocket, &QSslSocket::encrypted, this, &SslServer::ready); serverSocket->startServerEncryption(); } else { delete serverSocket; } }
QAbstractSocket* SslSocketCreation::operator()() const { QSslSocket* socket = new QSslSocket(); socket->setSocketDescriptor(socketDescriptor); socket->setLocalCertificate(certificate); socket->setPrivateKey(privateKey); socket->startServerEncryption(); return socket; }
void CoreAuthHandler::startSsl() { #ifdef HAVE_SSL QSslSocket *sslSocket = qobject_cast<QSslSocket *>(socket()); Q_ASSERT(sslSocket); qDebug() << qPrintable(tr("Starting encryption for Client:")) << _peer->description(); connect(sslSocket, SIGNAL(sslErrors(const QList<QSslError> &)), SLOT(onSslErrors())); sslSocket->flush(); // ensure that the write cache is flushed before we switch to ssl (bug 682) sslSocket->startServerEncryption(); #endif }
QAbstractSocket * HttpsSocket::createSocket(qintptr socketDescriptor) { QSslSocket * socket = new QSslSocket(); socket->setSocketDescriptor(socketDescriptor); socket->setLocalCertificate(m_certificate); socket->setPrivateKey(m_privateKey); socket->startServerEncryption(); return socket; }
void Transfer::onConnected() { QSslSocket *socket = qobject_cast<QSslSocket*>(mSocket); if (socket) { if (mDirection == TransferModel::Send) { socket->startClientEncryption(); } else { socket->startServerEncryption(); } } else { initTransfer(); } }
QIODevice* QxtSslConnectionManager::incomingConnection(int socketDescriptor) #endif { QSslSocket* socket = new QSslSocket(this); if(socket->setSocketDescriptor(socketDescriptor)) { socket->setLocalCertificate(qxt_d().localCertificate()); socket->setPrivateKey(qxt_d().privateKey()); if(qxt_d().autoEncrypt()) socket->startServerEncryption(); return socket; } else { delete socket; return 0; } }
// Accept connection from server and initiate the SSL handshake void Server::acceptConnection() { QSslSocket *socket = server.nextPendingConnection(); assert(socket); // QSslSocket emits the encrypted() signal after the encrypted connection is established connect(socket, SIGNAL(encrypted()), this, SLOT(handshakeComplete())); // Report any SSL errors that occur connect(socket, SIGNAL(sslErrors(const QList<QSslError> &)), this, SLOT(sslErrors(const QList<QSslError> &))); connect(socket, SIGNAL(error(QAbstractSocket::SocketError)), this, SLOT(connectionFailure())); socket->setPrivateKey(key); socket->setLocalCertificate(certificate); socket->setPeerVerifyMode(QSslSocket::VerifyNone); socket->startServerEncryption(); }
void QxtSslServer::incomingConnection(int socketDescriptor) #endif { QSslSocket* socket = new QSslSocket(this); if(socket->setSocketDescriptor(socketDescriptor)) { socket->setLocalCertificate(qxt_d().localCertificate); socket->setPrivateKey(qxt_d().privateKey); if(parent()){ connect(socket, SIGNAL(sslErrors(const QList<QSslError>&)), parent(), SLOT(sslErrors(const QList<QSslError>&))); connect(socket, SIGNAL(peerVerifyError(const QSslError&)), parent(), SLOT(peerVerifyError(const QSslError&))); } qxt_d().pendingConnections.enqueue(socket); // emit newConnection(); // removed: QTcpServerPrivate emits this for us if(qxt_d().autoEncrypt) socket->startServerEncryption(); } else { delete socket; } }
/*! Called when a new connection is established. Converts \a socket to a QSslSocket. \internal */ void QSslServer::incomingConnection(qintptr socket) { QSslSocket *pSslSocket = new QSslSocket(); if (Q_LIKELY(pSslSocket)) { pSslSocket->setSslConfiguration(m_sslConfiguration); if (Q_LIKELY(pSslSocket->setSocketDescriptor(socket))) { connect(pSslSocket, &QSslSocket::peerVerifyError, this, &QSslServer::peerVerifyError); typedef void (QSslSocket::* sslErrorsSignal)(const QList<QSslError> &); connect(pSslSocket, static_cast<sslErrorsSignal>(&QSslSocket::sslErrors), this, &QSslServer::sslErrors); connect(pSslSocket, &QSslSocket::encrypted, this, &QSslServer::newEncryptedConnection); addPendingConnection(pSslSocket); pSslSocket->startServerEncryption(); } else { delete pSslSocket; } } }
void SSLServer::incomingConnection(int socketDescriptor) { // On an incoming connection we want // to create a new secure socket. QSslSocket *secureSocket = new QSslSocket; // Add to list so that we can find it with // nextConnection m_secureSocketList.append(secureSocket); // We need to read in the local certificate and // and the private key that we generated // with openssl. Read the README to see // how these are generated. secureSocket->setLocalCertificate("cacert.pem"); secureSocket->setPrivateKey("privkey.pem"); // check that the certificate / private key are not null if (secureSocket->localCertificate().isNull()) { qDebug() << "WARNING: The local certificate appears to be null! "; } if (secureSocket->privateKey().isNull()) { qDebug() << "WARNING: The private key appears to be null! "; } // debug message on success qDebug() << "Created the SSL socket, Read local cert. / private key files"; // From incoming connection we obtain the socket descriptor, // we associate this with our new SSL socket secureSocket->setSocketDescriptor(socketDescriptor); // Begin encryption. Note from the documentation // all the key stuff must be done prior to doing this. secureSocket->startServerEncryption(); qDebug() << "Started encryption for new secure socket"; }
void SslServer::newConnectionPrivate(qintptr descriptor) { QSslSocket *socket = new QSslSocket(this); socket->setSocketDescriptor(descriptor); if (m_max_connections == 0) { socket->abort(); return; } socket->setProtocol(QSsl::TlsV1_2OrLater); socket->addCaCertificate(m_cert); socket->setLocalCertificate(m_cert); socket->setPrivateKey(m_key); //New connection done, set one less available connection m_max_connections--; QByteArray m_buffer; qint32 size = 0; m_socket_list.append(socket); m_descriptor_hash.insert(socket, descriptor); m_socket_hash.insert(descriptor, socket); m_buffer_hash.insert(socket, m_buffer); m_size_hash.insert(socket, size); connect(socket, &QSslSocket::encrypted, this, &SslServer::encrypted); connect(socket, &QSslSocket::disconnected, this, &SslServer::disconnectedPrivate); connect(socket, static_cast<void(QSslSocket::*)(const QList<QSslError>&)>(&QSslSocket::sslErrors), this, &SslServer::sslErrors); m_alive_hash[socket].start(); socket->startServerEncryption(); }
void Client::startTls() { QSslSocket *socket = qobject_cast<QSslSocket*>(d->socket); Q_ASSERT(socket); socket->startServerEncryption(); }
void WebSocketWorker::SetupSocket() { if (m_connectionType == kSSLServer) { #ifndef QT_NO_OPENSSL QSslSocket *pSslSocket = new QSslSocket(); if (pSslSocket->setSocketDescriptor(m_socketFD) && gCoreContext->CheckSubnet(pSslSocket)) { pSslSocket->setSslConfiguration(m_sslConfig); pSslSocket->startServerEncryption(); if (pSslSocket->waitForEncrypted(5000)) { LOG(VB_HTTP, LOG_INFO, "SSL Handshake occurred, connection encrypted"); LOG(VB_HTTP, LOG_INFO, QString("Using %1 cipher").arg(pSslSocket->sessionCipher().name())); } else { LOG(VB_HTTP, LOG_WARNING, "SSL Handshake FAILED, connection terminated"); delete pSslSocket; pSslSocket = nullptr; } } else { delete pSslSocket; pSslSocket = nullptr; } if (pSslSocket) m_socket = dynamic_cast<QTcpSocket *>(pSslSocket); else return; #else return; #endif } else // Plain old unencrypted socket { m_socket = new QTcpSocket(); m_socket->setSocketDescriptor(m_socketFD); if (!gCoreContext->CheckSubnet(m_socket)) { delete m_socket; m_socket = nullptr; return; } } m_socket->setSocketOption(QAbstractSocket::KeepAliveOption, QVariant(1)); connect(m_socket, SIGNAL(readyRead()), SLOT(doRead())); connect(m_socket, SIGNAL(disconnected()), SLOT(CloseConnection())); // Setup heartbeat m_heartBeat->setInterval(20000); // 20 second m_heartBeat->setSingleShot(false); connect(m_heartBeat, SIGNAL(timeout()), SLOT(SendHeartBeat())); }
void LanLinkProvider::connected() { qCDebug(KDECONNECT_CORE) << "Socket connected"; QSslSocket* socket = qobject_cast<QSslSocket*>(sender()); if (!socket) return; disconnect(socket, SIGNAL(connected()), this, SLOT(connected())); disconnect(socket, SIGNAL(error(QAbstractSocket::SocketError)), this, SLOT(connectError())); configureSocket(socket); // If socket disconnects due to any reason after connection, link on ssl faliure connect(socket, SIGNAL(disconnected()), socket, SLOT(deleteLater())); NetworkPackage* receivedPackage = receivedIdentityPackages[socket].np; const QString& deviceId = receivedPackage->get<QString>("deviceId"); //qCDebug(KDECONNECT_CORE) << "Connected" << socket->isWritable(); // If network is on ssl, do not believe when they are connected, believe when handshake is completed NetworkPackage np2(""); NetworkPackage::createIdentityPackage(&np2); socket->write(np2.serialize()); bool success = socket->waitForBytesWritten(); if (success) { qCDebug(KDECONNECT_CORE) << "Handshaking done (i'm the existing device)"; // if ssl supported if (receivedPackage->get<int>("protocolVersion") >= NetworkPackage::ProtocolVersion) { // since I support ssl and remote device support ssl socket->setPeerVerifyName(deviceId); QString certString = KdeConnectConfig::instance()->getDeviceProperty(deviceId, "certificate", QString()); if (!certString.isEmpty()) { qCDebug(KDECONNECT_CORE) << "Device trusted"; socket->addCaCertificate(QSslCertificate(certString.toLatin1())); socket->setPeerVerifyMode(QSslSocket::VerifyPeer); connect(socket, SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(sslErrors(QList<QSslError>))); } else { qCDebug(KDECONNECT_CORE) << "Device untrusted"; // Do not care about ssl errors here, socket will not be closed due to errors because of query peer socket->setPeerVerifyMode(QSslSocket::QueryPeer); connect(socket, SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(sslErrorsLogButIgnore(QList<QSslError>))); } qCDebug(KDECONNECT_CORE) << "Starting server ssl (I'm the client TCP socket)"; connect(socket, SIGNAL(encrypted()), this, SLOT(encrypted())); socket->startServerEncryption(); return; // Return statement prevents from deleting received package, needed in slot "encrypted" } else { qWarning() << "Incompatible protocol version, this won't work"; //addLink(deviceId, socket, receivedPackage, LanDeviceLink::Remotely); } } else { //I think this will never happen, but if it happens the deviceLink //(or the socket that is now inside it) might not be valid. Delete them. qCDebug(KDECONNECT_CORE) << "Fallback (2), try reverse connection (send udp packet)"; mUdpSocket.writeDatagram(np2.serialize(), receivedIdentityPackages[socket].sender, port); } delete receivedIdentityPackages.take(socket).np; //We don't delete the socket because now it's owned by the LanDeviceLink }
// Accept connection from server and initiate the SSL handshake void Server::acceptConnection() { if (sockets.empty() == false) std::cout << "Server is mad efor 1 connection also. Need to update to handle multiple connections" << std::endl; QSslSocket *socket = dynamic_cast<QSslSocket *>(server.nextPendingConnection()); assert(socket); // Report any SSL errors that occur connect(socket, SIGNAL(sslErrors(const QList<QSslError> &)), this, SLOT(sslErrors(const QList<QSslError> &))); connect(socket, SIGNAL(error(QAbstractSocket::SocketError)), this, SLOT(connectionFailure())); // QSslSocket emits the encrypted() signal after the encrypted connection is established #define _USE_ENCRYPTION #ifdef _USE_ENCRYPTION connect(socket, SIGNAL(encrypted()), this, SLOT(handshakeComplete())); socket->setPrivateKey(key); socket->setLocalCertificate(certificate); socket->setPeerVerifyMode(QSslSocket::VerifyNone); socket->startServerEncryption(); #else connect(socket, SIGNAL(disconnected()), this, SLOT(connectionClosed())); connect(socket, SIGNAL(readyRead()), this, SLOT(receiveMessage())); sockets.push_back(socket); std::cout << "Accepted connection from " << socket->peerAddress().toString().toStdString() << ":" << socket->peerPort() << " .Encrypted : " << socket->isEncrypted() << std::endl; #endif }