/src/qtbase/src/network/ssl/qsslconfiguration.h

Source
// Copyright (C) 2016 The Qt Company Ltd.
// Copyright (C) 2014 BlackBerry Limited. All rights reserved.
// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
// Qt-Security score:significant reason:default

/****************************************************************************
**
** In addition, as a special exception, the copyright holders listed above give
** permission to link the code of its release of Qt with the OpenSSL project's
** "OpenSSL" library (or modified versions of the "OpenSSL" library that use the
** same license as the original version), and distribute the linked executables.
**
** You must comply with the GNU General Public License version 2 in all
** respects for all of the code used other than the "OpenSSL" code.  If you
** modify this file, you may extend this exception to your version of the file,
** but you are not obligated to do so.  If you do not wish to do so, delete
** this exception statement from your version of this file.
**
****************************************************************************/

#ifndef QSSLCONFIGURATION_H
#define QSSLCONFIGURATION_H

#include <QtNetwork/qtnetworkglobal.h>
#include <QtCore/qmap.h>
#include <QtCore/qshareddata.h>
#include <QtNetwork/qsslsocket.h>
#include <QtNetwork/qssl.h>

#ifndef QT_NO_SSL

QT_BEGIN_NAMESPACE

class QSslCertificate;
class QSslCipher;
class QSslKey;
class QSslKeyingMaterial;
class QSslEllipticCurve;
class QSslDiffieHellmanParameters;

class QSslConfigurationPrivate;
class Q_NETWORK_EXPORT QSslConfiguration
{
public:
    QSslConfiguration();
    QSslConfiguration(const QSslConfiguration &other);
    ~QSslConfiguration();
    QSslConfiguration &operator=(QSslConfiguration &&other) noexcept { swap(other); return *this; }
    QSslConfiguration &operator=(const QSslConfiguration &other);

    void swap(QSslConfiguration &other) noexcept
    { d.swap(other.d); }

    bool operator==(const QSslConfiguration &other) const;
    inline bool operator!=(const QSslConfiguration &other) const
    { return !(*this == other); }

    bool isNull() const;

    QSsl::SslProtocol protocol() const;
    void setProtocol(QSsl::SslProtocol protocol);

    // Verification
    QSslSocket::PeerVerifyMode peerVerifyMode() const;
    void setPeerVerifyMode(QSslSocket::PeerVerifyMode mode);

    int peerVerifyDepth() const;
    void setPeerVerifyDepth(int depth);

    // Certificate & cipher configuration
    QList<QSslCertificate> localCertificateChain() const;
    void setLocalCertificateChain(const QList<QSslCertificate> &localChain);

    QSslCertificate localCertificate() const;
    void setLocalCertificate(const QSslCertificate &certificate);

    QSslCertificate peerCertificate() const;
    QList<QSslCertificate> peerCertificateChain() const;
    QSslCipher sessionCipher() const;
    QSsl::SslProtocol sessionProtocol() const;

    // Private keys, for server sockets
    QSslKey privateKey() const;
    void setPrivateKey(const QSslKey &key);

    // Cipher settings
    QList<QSslCipher> ciphers() const;
    void setCiphers(const QList<QSslCipher> &ciphers);
    void setCiphers(const QString &ciphers);
    static QList<QSslCipher> supportedCiphers();

    // Certificate Authority (CA) settings
    QList<QSslCertificate> caCertificates() const;
    void setCaCertificates(const QList<QSslCertificate> &certificates);
    bool addCaCertificates(
            const QString &path, QSsl::EncodingFormat format = QSsl::Pem,
            QSslCertificate::PatternSyntax syntax = QSslCertificate::PatternSyntax::FixedString);
    void addCaCertificate(const QSslCertificate &certificate);
    void addCaCertificates(const QList<QSslCertificate> &certificates);

    static QList<QSslCertificate> systemCaCertificates();

    void setSslOption(QSsl::SslOption option, bool on);
    bool testSslOption(QSsl::SslOption option) const;

    QByteArray sessionTicket() const;
    void setSessionTicket(const QByteArray &sessionTicket);
    int sessionTicketLifeTimeHint() const;

    QSslKey ephemeralServerKey() const;

    // EC settings
    QList<QSslEllipticCurve> ellipticCurves() const;
    void setEllipticCurves(const QList<QSslEllipticCurve> &curves);
    static QList<QSslEllipticCurve> supportedEllipticCurves();

    QByteArray preSharedKeyIdentityHint() const;
    void setPreSharedKeyIdentityHint(const QByteArray &hint);

    QSslDiffieHellmanParameters diffieHellmanParameters() const;
    void setDiffieHellmanParameters(const QSslDiffieHellmanParameters &dhparams);

    QMap<QByteArray, QVariant> backendConfiguration() const;
    void setBackendConfigurationOption(const QByteArray &name, const QVariant &value);
    void setBackendConfiguration(const QMap<QByteArray, QVariant> &backendConfiguration = QMap<QByteArray, QVariant>());

    static QSslConfiguration defaultConfiguration();
    static void setDefaultConfiguration(const QSslConfiguration &configuration);

#if QT_CONFIG(dtls) || defined(Q_QDOC)
    bool dtlsCookieVerificationEnabled() const;
    void setDtlsCookieVerificationEnabled(bool enable);

    static QSslConfiguration defaultDtlsConfiguration();
    static void setDefaultDtlsConfiguration(const QSslConfiguration &configuration);
#endif // dtls

    bool handshakeMustInterruptOnError() const;
    void setHandshakeMustInterruptOnError(bool interrupt);

    bool missingCertificateIsFatal() const;
    void setMissingCertificateIsFatal(bool cannotRecover);

    void setOcspStaplingEnabled(bool enable);
    bool ocspStaplingEnabled() const;

    enum NextProtocolNegotiationStatus {
        NextProtocolNegotiationNone,
        NextProtocolNegotiationNegotiated,
        NextProtocolNegotiationUnsupported
    };

    void setAllowedNextProtocols(const QList<QByteArray> &protocols);
    QList<QByteArray> allowedNextProtocols() const;

    QByteArray nextNegotiatedProtocol() const;
    NextProtocolNegotiationStatus nextProtocolNegotiationStatus() const;

    static const char ALPNProtocolHTTP2[];
    static const char NextProtocolHttp1_1[];

    QList<QSslKeyingMaterial> keyingMaterial() const;
    std::optional<QSslKeyingMaterial> keyingMaterial(const QSslKeyingMaterial &material) const;
    void setKeyingMaterial(const QList<QSslKeyingMaterial> &keyMaterial);

private:
    friend class QSslSocket;
    friend class QSslConfigurationPrivate;
    friend class QSslContext;
    friend class QTlsBackend;
    QSslConfiguration(QSslConfigurationPrivate *dd);
    QSharedDataPointer<QSslConfigurationPrivate> d;
};

Q_DECLARE_SHARED(QSslConfiguration)

QT_END_NAMESPACE

QT_DECL_METATYPE_EXTERN(QSslConfiguration, Q_NETWORK_EXPORT)

#endif  // QT_NO_SSL

#endif

Line	Count	Source
1		// Copyright (C) 2016 The Qt Company Ltd.
2		// Copyright (C) 2014 BlackBerry Limited. All rights reserved.
3		// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
4		// Qt-Security score:significant reason:default
5
6		/****************************************************************************
7		**
8		** In addition, as a special exception, the copyright holders listed above give
9		** permission to link the code of its release of Qt with the OpenSSL project's
10		** "OpenSSL" library (or modified versions of the "OpenSSL" library that use the
11		** same license as the original version), and distribute the linked executables.
12		**
13		** You must comply with the GNU General Public License version 2 in all
14		** respects for all of the code used other than the "OpenSSL" code. If you
15		** modify this file, you may extend this exception to your version of the file,
16		** but you are not obligated to do so. If you do not wish to do so, delete
17		** this exception statement from your version of this file.
18		**
19		****************************************************************************/
20
21		#ifndef QSSLCONFIGURATION_H
22		#define QSSLCONFIGURATION_H
23
24		#include <QtNetwork/qtnetworkglobal.h>
25		#include <QtCore/qmap.h>
26		#include <QtCore/qshareddata.h>
27		#include <QtNetwork/qsslsocket.h>
28		#include <QtNetwork/qssl.h>
29
30		#ifndef QT_NO_SSL
31
32		QT_BEGIN_NAMESPACE
33
34		class QSslCertificate;
35		class QSslCipher;
36		class QSslKey;
37		class QSslKeyingMaterial;
38		class QSslEllipticCurve;
39		class QSslDiffieHellmanParameters;
40
41		class QSslConfigurationPrivate;
42		class Q_NETWORK_EXPORT QSslConfiguration
43		{
44		public:
45		QSslConfiguration();
46		QSslConfiguration(const QSslConfiguration &other);
47		~QSslConfiguration();
48	0	QSslConfiguration &operator=(QSslConfiguration &&other) noexcept { swap(other); return *this; }
49		QSslConfiguration &operator=(const QSslConfiguration &other);
50
51		void swap(QSslConfiguration &other) noexcept
52	0	{ d.swap(other.d); }
53
54		bool operator==(const QSslConfiguration &other) const;
55		inline bool operator!=(const QSslConfiguration &other) const
56	0	{ return !(*this == other); }
57
58		bool isNull() const;
59
60		QSsl::SslProtocol protocol() const;
61		void setProtocol(QSsl::SslProtocol protocol);
62
63		// Verification
64		QSslSocket::PeerVerifyMode peerVerifyMode() const;
65		void setPeerVerifyMode(QSslSocket::PeerVerifyMode mode);
66
67		int peerVerifyDepth() const;
68		void setPeerVerifyDepth(int depth);
69
70		// Certificate & cipher configuration
71		QList<QSslCertificate> localCertificateChain() const;
72		void setLocalCertificateChain(const QList<QSslCertificate> &localChain);
73
74		QSslCertificate localCertificate() const;
75		void setLocalCertificate(const QSslCertificate &certificate);
76
77		QSslCertificate peerCertificate() const;
78		QList<QSslCertificate> peerCertificateChain() const;
79		QSslCipher sessionCipher() const;
80		QSsl::SslProtocol sessionProtocol() const;
81
82		// Private keys, for server sockets
83		QSslKey privateKey() const;
84		void setPrivateKey(const QSslKey &key);
85
86		// Cipher settings
87		QList<QSslCipher> ciphers() const;
88		void setCiphers(const QList<QSslCipher> &ciphers);
89		void setCiphers(const QString &ciphers);
90		static QList<QSslCipher> supportedCiphers();
91
92		// Certificate Authority (CA) settings
93		QList<QSslCertificate> caCertificates() const;
94		void setCaCertificates(const QList<QSslCertificate> &certificates);
95		bool addCaCertificates(
96		const QString &path, QSsl::EncodingFormat format = QSsl::Pem,
97		QSslCertificate::PatternSyntax syntax = QSslCertificate::PatternSyntax::FixedString);
98		void addCaCertificate(const QSslCertificate &certificate);
99		void addCaCertificates(const QList<QSslCertificate> &certificates);
100
101		static QList<QSslCertificate> systemCaCertificates();
102
103		void setSslOption(QSsl::SslOption option, bool on);
104		bool testSslOption(QSsl::SslOption option) const;
105
106		QByteArray sessionTicket() const;
107		void setSessionTicket(const QByteArray &sessionTicket);
108		int sessionTicketLifeTimeHint() const;
109
110		QSslKey ephemeralServerKey() const;
111
112		// EC settings
113		QList<QSslEllipticCurve> ellipticCurves() const;
114		void setEllipticCurves(const QList<QSslEllipticCurve> &curves);
115		static QList<QSslEllipticCurve> supportedEllipticCurves();
116
117		QByteArray preSharedKeyIdentityHint() const;
118		void setPreSharedKeyIdentityHint(const QByteArray &hint);
119
120		QSslDiffieHellmanParameters diffieHellmanParameters() const;
121		void setDiffieHellmanParameters(const QSslDiffieHellmanParameters &dhparams);
122
123		QMap<QByteArray, QVariant> backendConfiguration() const;
124		void setBackendConfigurationOption(const QByteArray &name, const QVariant &value);
125		void setBackendConfiguration(const QMap<QByteArray, QVariant> &backendConfiguration = QMap<QByteArray, QVariant>());
126
127		static QSslConfiguration defaultConfiguration();
128		static void setDefaultConfiguration(const QSslConfiguration &configuration);
129
130		#if QT_CONFIG(dtls) \|\| defined(Q_QDOC)
131		bool dtlsCookieVerificationEnabled() const;
132		void setDtlsCookieVerificationEnabled(bool enable);
133
134		static QSslConfiguration defaultDtlsConfiguration();
135		static void setDefaultDtlsConfiguration(const QSslConfiguration &configuration);
136		#endif // dtls
137
138		bool handshakeMustInterruptOnError() const;
139		void setHandshakeMustInterruptOnError(bool interrupt);
140
141		bool missingCertificateIsFatal() const;
142		void setMissingCertificateIsFatal(bool cannotRecover);
143
144		void setOcspStaplingEnabled(bool enable);
145		bool ocspStaplingEnabled() const;
146
147		enum NextProtocolNegotiationStatus {
148		NextProtocolNegotiationNone,
149		NextProtocolNegotiationNegotiated,
150		NextProtocolNegotiationUnsupported
151		};
152
153		void setAllowedNextProtocols(const QList<QByteArray> &protocols);
154		QList<QByteArray> allowedNextProtocols() const;
155
156		QByteArray nextNegotiatedProtocol() const;
157		NextProtocolNegotiationStatus nextProtocolNegotiationStatus() const;
158
159		static const char ALPNProtocolHTTP2[];
160		static const char NextProtocolHttp1_1[];
161
162		QList<QSslKeyingMaterial> keyingMaterial() const;
163		std::optional<QSslKeyingMaterial> keyingMaterial(const QSslKeyingMaterial &material) const;
164		void setKeyingMaterial(const QList<QSslKeyingMaterial> &keyMaterial);
165
166		private:
167		friend class QSslSocket;
168		friend class QSslConfigurationPrivate;
169		friend class QSslContext;
170		friend class QTlsBackend;
171		QSslConfiguration(QSslConfigurationPrivate *dd);
172		QSharedDataPointer<QSslConfigurationPrivate> d;
173		};
174
175	0	Q_DECLARE_SHARED(QSslConfiguration)
176	0
177	0	QT_END_NAMESPACE
178	0
179		QT_DECL_METATYPE_EXTERN(QSslConfiguration, Q_NETWORK_EXPORT) Unexecuted instantiation: int qRegisterNormalizedMetaType<QSslConfiguration>(QByteArray const&) Unexecuted instantiation: QMetaTypeId<QSslConfiguration>::qt_metatype_id()
180
181		#endif // QT_NO_SSL
182
183		#endif

Coverage Report

Created: 2026-04-29 07:00