/src/qtbase/src/network/ssl/qsslconfiguration.h

Source
// Copyright (C) 2016 The Qt Company Ltd.
// Copyright (C) 2014 BlackBerry Limited. All rights reserved.
// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
// Qt-Security score:significant reason:default

/****************************************************************************
**
** In addition, as a special exception, the copyright holders listed above give
** permission to link the code of its release of Qt with the OpenSSL project's
** "OpenSSL" library (or modified versions of the "OpenSSL" library that use the
** same license as the original version), and distribute the linked executables.
**
** You must comply with the GNU General Public License version 2 in all
** respects for all of the code used other than the "OpenSSL" code.  If you
** modify this file, you may extend this exception to your version of the file,
** but you are not obligated to do so.  If you do not wish to do so, delete
** this exception statement from your version of this file.
**
****************************************************************************/

#ifndef QSSLCONFIGURATION_H
#define QSSLCONFIGURATION_H

#include <QtNetwork/qtnetworkglobal.h>
#include <QtCore/qmap.h>
#include <QtCore/qshareddata.h>
#include <QtNetwork/qsslsocket.h>
#include <QtNetwork/qssl.h>

#ifndef QT_NO_SSL

QT_BEGIN_NAMESPACE

class QSslCertificate;
class QSslCipher;
class QSslKey;
class QSslEllipticCurve;
class QSslDiffieHellmanParameters;

class QSslConfigurationPrivate;
class Q_NETWORK_EXPORT QSslConfiguration
{
public:
    QSslConfiguration();
    QSslConfiguration(const QSslConfiguration &other);
    ~QSslConfiguration();
    QSslConfiguration &operator=(QSslConfiguration &&other) noexcept { swap(other); return *this; }
    QSslConfiguration &operator=(const QSslConfiguration &other);

    void swap(QSslConfiguration &other) noexcept
    { d.swap(other.d); }

    bool operator==(const QSslConfiguration &other) const;
    inline bool operator!=(const QSslConfiguration &other) const
    { return !(*this == other); }

    bool isNull() const;

    QSsl::SslProtocol protocol() const;
    void setProtocol(QSsl::SslProtocol protocol);

    // Verification
    QSslSocket::PeerVerifyMode peerVerifyMode() const;
    void setPeerVerifyMode(QSslSocket::PeerVerifyMode mode);

    int peerVerifyDepth() const;
    void setPeerVerifyDepth(int depth);

    // Certificate & cipher configuration
    QList<QSslCertificate> localCertificateChain() const;
    void setLocalCertificateChain(const QList<QSslCertificate> &localChain);

    QSslCertificate localCertificate() const;
    void setLocalCertificate(const QSslCertificate &certificate);

    QSslCertificate peerCertificate() const;
    QList<QSslCertificate> peerCertificateChain() const;
    QSslCipher sessionCipher() const;
    QSsl::SslProtocol sessionProtocol() const;

    // Private keys, for server sockets
    QSslKey privateKey() const;
    void setPrivateKey(const QSslKey &key);

    // Cipher settings
    QList<QSslCipher> ciphers() const;
    void setCiphers(const QList<QSslCipher> &ciphers);
    void setCiphers(const QString &ciphers);
    static QList<QSslCipher> supportedCiphers();

    // Certificate Authority (CA) settings
    QList<QSslCertificate> caCertificates() const;
    void setCaCertificates(const QList<QSslCertificate> &certificates);
    bool addCaCertificates(
            const QString &path, QSsl::EncodingFormat format = QSsl::Pem,
            QSslCertificate::PatternSyntax syntax = QSslCertificate::PatternSyntax::FixedString);
    void addCaCertificate(const QSslCertificate &certificate);
    void addCaCertificates(const QList<QSslCertificate> &certificates);

    static QList<QSslCertificate> systemCaCertificates();

    void setSslOption(QSsl::SslOption option, bool on);
    bool testSslOption(QSsl::SslOption option) const;

    QByteArray sessionTicket() const;
    void setSessionTicket(const QByteArray &sessionTicket);
    int sessionTicketLifeTimeHint() const;

    QSslKey ephemeralServerKey() const;

    // EC settings
    QList<QSslEllipticCurve> ellipticCurves() const;
    void setEllipticCurves(const QList<QSslEllipticCurve> &curves);
    static QList<QSslEllipticCurve> supportedEllipticCurves();

    QByteArray preSharedKeyIdentityHint() const;
    void setPreSharedKeyIdentityHint(const QByteArray &hint);

    QSslDiffieHellmanParameters diffieHellmanParameters() const;
    void setDiffieHellmanParameters(const QSslDiffieHellmanParameters &dhparams);

    QMap<QByteArray, QVariant> backendConfiguration() const;
    void setBackendConfigurationOption(const QByteArray &name, const QVariant &value);
    void setBackendConfiguration(const QMap<QByteArray, QVariant> &backendConfiguration = QMap<QByteArray, QVariant>());

    static QSslConfiguration defaultConfiguration();
    static void setDefaultConfiguration(const QSslConfiguration &configuration);

#if QT_CONFIG(dtls) || defined(Q_QDOC)
    bool dtlsCookieVerificationEnabled() const;
    void setDtlsCookieVerificationEnabled(bool enable);

    static QSslConfiguration defaultDtlsConfiguration();
    static void setDefaultDtlsConfiguration(const QSslConfiguration &configuration);
#endif // dtls

    bool handshakeMustInterruptOnError() const;
    void setHandshakeMustInterruptOnError(bool interrupt);

    bool missingCertificateIsFatal() const;
    void setMissingCertificateIsFatal(bool cannotRecover);

    void setOcspStaplingEnabled(bool enable);
    bool ocspStaplingEnabled() const;

    enum NextProtocolNegotiationStatus {
        NextProtocolNegotiationNone,
        NextProtocolNegotiationNegotiated,
        NextProtocolNegotiationUnsupported
    };

    void setAllowedNextProtocols(const QList<QByteArray> &protocols);
    QList<QByteArray> allowedNextProtocols() const;

    QByteArray nextNegotiatedProtocol() const;
    NextProtocolNegotiationStatus nextProtocolNegotiationStatus() const;

    static const char ALPNProtocolHTTP2[];
    static const char NextProtocolHttp1_1[];

private:
    friend class QSslSocket;
    friend class QSslConfigurationPrivate;
    friend class QSslContext;
    friend class QTlsBackend;
    QSslConfiguration(QSslConfigurationPrivate *dd);
    QSharedDataPointer<QSslConfigurationPrivate> d;
};

Q_DECLARE_SHARED(QSslConfiguration)

QT_END_NAMESPACE

QT_DECL_METATYPE_EXTERN(QSslConfiguration, Q_NETWORK_EXPORT)

#endif  // QT_NO_SSL

#endif

Line	Count	Source
1		// Copyright (C) 2016 The Qt Company Ltd.
2		// Copyright (C) 2014 BlackBerry Limited. All rights reserved.
3		// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
4		// Qt-Security score:significant reason:default
5
6		/****************************************************************************
7		**
8		** In addition, as a special exception, the copyright holders listed above give
9		** permission to link the code of its release of Qt with the OpenSSL project's
10		** "OpenSSL" library (or modified versions of the "OpenSSL" library that use the
11		** same license as the original version), and distribute the linked executables.
12		**
13		** You must comply with the GNU General Public License version 2 in all
14		** respects for all of the code used other than the "OpenSSL" code. If you
15		** modify this file, you may extend this exception to your version of the file,
16		** but you are not obligated to do so. If you do not wish to do so, delete
17		** this exception statement from your version of this file.
18		**
19		****************************************************************************/
20
21		#ifndef QSSLCONFIGURATION_H
22		#define QSSLCONFIGURATION_H
23
24		#include <QtNetwork/qtnetworkglobal.h>
25		#include <QtCore/qmap.h>
26		#include <QtCore/qshareddata.h>
27		#include <QtNetwork/qsslsocket.h>
28		#include <QtNetwork/qssl.h>
29
30		#ifndef QT_NO_SSL
31
32		QT_BEGIN_NAMESPACE
33
34		class QSslCertificate;
35		class QSslCipher;
36		class QSslKey;
37		class QSslEllipticCurve;
38		class QSslDiffieHellmanParameters;
39
40		class QSslConfigurationPrivate;
41		class Q_NETWORK_EXPORT QSslConfiguration
42		{
43		public:
44		QSslConfiguration();
45		QSslConfiguration(const QSslConfiguration &other);
46		~QSslConfiguration();
47	0	QSslConfiguration &operator=(QSslConfiguration &&other) noexcept { swap(other); return *this; }
48		QSslConfiguration &operator=(const QSslConfiguration &other);
49
50		void swap(QSslConfiguration &other) noexcept
51	0	{ d.swap(other.d); }
52
53		bool operator==(const QSslConfiguration &other) const;
54		inline bool operator!=(const QSslConfiguration &other) const
55	0	{ return !(*this == other); }
56
57		bool isNull() const;
58
59		QSsl::SslProtocol protocol() const;
60		void setProtocol(QSsl::SslProtocol protocol);
61
62		// Verification
63		QSslSocket::PeerVerifyMode peerVerifyMode() const;
64		void setPeerVerifyMode(QSslSocket::PeerVerifyMode mode);
65
66		int peerVerifyDepth() const;
67		void setPeerVerifyDepth(int depth);
68
69		// Certificate & cipher configuration
70		QList<QSslCertificate> localCertificateChain() const;
71		void setLocalCertificateChain(const QList<QSslCertificate> &localChain);
72
73		QSslCertificate localCertificate() const;
74		void setLocalCertificate(const QSslCertificate &certificate);
75
76		QSslCertificate peerCertificate() const;
77		QList<QSslCertificate> peerCertificateChain() const;
78		QSslCipher sessionCipher() const;
79		QSsl::SslProtocol sessionProtocol() const;
80
81		// Private keys, for server sockets
82		QSslKey privateKey() const;
83		void setPrivateKey(const QSslKey &key);
84
85		// Cipher settings
86		QList<QSslCipher> ciphers() const;
87		void setCiphers(const QList<QSslCipher> &ciphers);
88		void setCiphers(const QString &ciphers);
89		static QList<QSslCipher> supportedCiphers();
90
91		// Certificate Authority (CA) settings
92		QList<QSslCertificate> caCertificates() const;
93		void setCaCertificates(const QList<QSslCertificate> &certificates);
94		bool addCaCertificates(
95		const QString &path, QSsl::EncodingFormat format = QSsl::Pem,
96		QSslCertificate::PatternSyntax syntax = QSslCertificate::PatternSyntax::FixedString);
97		void addCaCertificate(const QSslCertificate &certificate);
98		void addCaCertificates(const QList<QSslCertificate> &certificates);
99
100		static QList<QSslCertificate> systemCaCertificates();
101
102		void setSslOption(QSsl::SslOption option, bool on);
103		bool testSslOption(QSsl::SslOption option) const;
104
105		QByteArray sessionTicket() const;
106		void setSessionTicket(const QByteArray &sessionTicket);
107		int sessionTicketLifeTimeHint() const;
108
109		QSslKey ephemeralServerKey() const;
110
111		// EC settings
112		QList<QSslEllipticCurve> ellipticCurves() const;
113		void setEllipticCurves(const QList<QSslEllipticCurve> &curves);
114		static QList<QSslEllipticCurve> supportedEllipticCurves();
115
116		QByteArray preSharedKeyIdentityHint() const;
117		void setPreSharedKeyIdentityHint(const QByteArray &hint);
118
119		QSslDiffieHellmanParameters diffieHellmanParameters() const;
120		void setDiffieHellmanParameters(const QSslDiffieHellmanParameters &dhparams);
121
122		QMap<QByteArray, QVariant> backendConfiguration() const;
123		void setBackendConfigurationOption(const QByteArray &name, const QVariant &value);
124		void setBackendConfiguration(const QMap<QByteArray, QVariant> &backendConfiguration = QMap<QByteArray, QVariant>());
125
126		static QSslConfiguration defaultConfiguration();
127		static void setDefaultConfiguration(const QSslConfiguration &configuration);
128
129		#if QT_CONFIG(dtls) \|\| defined(Q_QDOC)
130		bool dtlsCookieVerificationEnabled() const;
131		void setDtlsCookieVerificationEnabled(bool enable);
132
133		static QSslConfiguration defaultDtlsConfiguration();
134		static void setDefaultDtlsConfiguration(const QSslConfiguration &configuration);
135		#endif // dtls
136
137		bool handshakeMustInterruptOnError() const;
138		void setHandshakeMustInterruptOnError(bool interrupt);
139
140		bool missingCertificateIsFatal() const;
141		void setMissingCertificateIsFatal(bool cannotRecover);
142
143		void setOcspStaplingEnabled(bool enable);
144		bool ocspStaplingEnabled() const;
145
146		enum NextProtocolNegotiationStatus {
147		NextProtocolNegotiationNone,
148		NextProtocolNegotiationNegotiated,
149		NextProtocolNegotiationUnsupported
150		};
151
152		void setAllowedNextProtocols(const QList<QByteArray> &protocols);
153		QList<QByteArray> allowedNextProtocols() const;
154
155		QByteArray nextNegotiatedProtocol() const;
156		NextProtocolNegotiationStatus nextProtocolNegotiationStatus() const;
157
158		static const char ALPNProtocolHTTP2[];
159		static const char NextProtocolHttp1_1[];
160
161		private:
162		friend class QSslSocket;
163		friend class QSslConfigurationPrivate;
164		friend class QSslContext;
165		friend class QTlsBackend;
166		QSslConfiguration(QSslConfigurationPrivate *dd);
167		QSharedDataPointer<QSslConfigurationPrivate> d;
168		};
169
170	0	Q_DECLARE_SHARED(QSslConfiguration)
171	0
172	0	QT_END_NAMESPACE
173	0
174		QT_DECL_METATYPE_EXTERN(QSslConfiguration, Q_NETWORK_EXPORT) Unexecuted instantiation: int qRegisterNormalizedMetaType<QSslConfiguration>(QByteArray const&) Unexecuted instantiation: QMetaTypeId<QSslConfiguration>::qt_metatype_id()
175
176		#endif // QT_NO_SSL
177
178		#endif

Coverage Report

Created: 2026-01-25 07:18