KIO

ktcpsocket.h
1 /*
2  This file is part of the KDE libraries
3  SPDX-FileCopyrightText: 2007 Thiago Macieira <[email protected]>
4  SPDX-FileCopyrightText: 2007 Andreas Hartmetz <[email protected]>
5 
6  SPDX-License-Identifier: LGPL-2.0-or-later
7 */
8 
9 #ifndef KTCPSOCKET_H
10 #define KTCPSOCKET_H
11 
12 #include "kiocore_export.h"
13 
14 #if KIOCORE_ENABLE_DEPRECATED_SINCE(5, 65)
15 #include "ksslerroruidata.h"
16 
17 #include <QSslSocket>
18 #include <QSslConfiguration>
19 
20 
21 /*
22  Notes on QCA::TLS compatibility
23  In order to check for all validation problems as far as possible we need to use:
24  Validity QCA::TLS::peerCertificateValidity()
25  TLS::IdentityResult QCA::TLS::peerIdentityResult()
26  CertificateChain QCA::TLS::peerCertificateChain().validate() - to find the failing cert!
27  TLS::Error QCA::TLS::errorCode() - for more generic (but stil SSL) errors
28  */
29 
30 class KSslKeyPrivate;
31 
35 class KIOCORE_DEPRECATED_VERSION(5, 65, "Use QSslKey") KIOCORE_EXPORT KSslKey
36 {
37 public:
38  enum Algorithm {
39  Rsa = 0,
40  Dsa,
41  Dh
42  };
43  enum KeySecrecy {
44  PublicKey,
45  PrivateKey
46  };
47 
48  KSslKey();
49  KSslKey(const KSslKey &other);
50  KSslKey(const QSslKey &sslKey);
51  ~KSslKey();
52  KSslKey &operator=(const KSslKey &other);
53 
54  Algorithm algorithm() const;
55  bool isExportable() const;
56  KeySecrecy secrecy() const;
57  QByteArray toDer() const;
58 private:
59  KSslKeyPrivate *const d;
60 };
61 
62 class KSslCipherPrivate;
63 
67 class KIOCORE_DEPRECATED_VERSION(5, 65, "Use QSslCipher") KIOCORE_EXPORT KSslCipher
68 {
69 public:
70  KSslCipher();
71  KSslCipher(const KSslCipher &other);
72  KSslCipher(const QSslCipher &);
73  ~KSslCipher();
74  KSslCipher &operator=(const KSslCipher &other);
75 
76  bool isNull() const;
77  QString authenticationMethod() const;
78  QString encryptionMethod() const;
79  QString keyExchangeMethod() const;
80  QString digestMethod() const;
81  /* mainly for internal use */
82  QString name() const;
83  int supportedBits() const;
84  int usedBits() const;
85 
86  static QList<KSslCipher> supportedCiphers();
87 
88 private:
89  KSslCipherPrivate *const d;
90 };
91 
92 class KSslErrorPrivate;
93 class KTcpSocket;
94 
98 class KIOCORE_DEPRECATED_VERSION(5, 65, "Use QSslError") KIOCORE_EXPORT KSslError
99 {
100 public:
101  enum Error {
102  NoError = 0,
103  UnknownError,
104  InvalidCertificateAuthorityCertificate,
105  InvalidCertificate,
106  CertificateSignatureFailed,
107  SelfSignedCertificate,
108  ExpiredCertificate,
109  RevokedCertificate,
110  InvalidCertificatePurpose,
111  RejectedCertificate,
112  UntrustedCertificate,
113  NoPeerCertificate,
114  HostNameMismatch,
115  PathLengthExceeded
116  };
117 
118 #if KIOCORE_ENABLE_DEPRECATED_SINCE(5, 63)
119 
120  KIOCORE_DEPRECATED_VERSION(5, 63, "Use KSslError(const QSslError &)")
121  KSslError(KSslError::Error error = NoError, const QSslCertificate &cert = QSslCertificate());
122 #endif
123  KSslError(const QSslError &error);
124  KSslError(const KSslError &other);
125  ~KSslError();
126  KSslError &operator=(const KSslError &other);
127 
128  Error error() const;
129  QString errorString() const;
130  QSslCertificate certificate() const;
135  QSslError sslError() const;
136 private:
137  KSslErrorPrivate *const d;
138 };
139 
140 //consider killing more convenience functions with huge signatures
141 //### do we need setSession() / session() ?
142 
143 //BIG FAT TODO: do we keep openMode() up to date everywhere it can change?
144 
145 //other TODO: limit possible error strings?, SSL key stuff
146 
147 //TODO protocol (or maybe even application?) dependent automatic proxy choice
148 
149 class KTcpSocketPrivate;
150 class QHostAddress;
151 
155 class KIOCORE_DEPRECATED_VERSION(5, 65, "Use QSslSocket") KIOCORE_EXPORT KTcpSocket: public QIODevice
156 {
157  Q_OBJECT
158 public:
159  enum State {
160  UnconnectedState = 0,
161  HostLookupState,
162  ConnectingState,
163  ConnectedState,
164  BoundState,
165  ListeningState,
166  ClosingState
167  //hmmm, do we need an SslNegotiatingState?
168  };
169  enum SslVersion {
170  UnknownSslVersion = 0x01,
171  SslV2 = 0x02,
172  SslV3 = 0x04,
173  TlsV1 = 0x08,
174  SslV3_1 = 0x08,
175  TlsV1SslV3 = 0x10,
176  SecureProtocols = 0x20,
177  TlsV1_0 = TlsV1,
178  TlsV1_1 = 0x40,
179  TlsV1_2 = 0x80,
180  TlsV1_3 = 0x100,
181  AnySslVersion = SslV2 | SslV3 | TlsV1
182  };
183  Q_DECLARE_FLAGS(SslVersions, SslVersion)
184 
185  enum Error {
186  UnknownError = 0,
187  ConnectionRefusedError,
188  RemoteHostClosedError,
189  HostNotFoundError,
190  SocketAccessError,
191  SocketResourceError,
192  SocketTimeoutError,
193  NetworkError,
194  UnsupportedSocketOperationError,
195  SslHandshakeFailedError
196  };
197  /*
198  The following is based on reading the OpenSSL interface code of both QSslSocket
199  and QCA::TLS. Barring oversights it should be accurate. The two cases with the
200  question marks apparently will never be emitted by QSslSocket so there is nothing
201  to compare.
202 
203  QSslError::NoError KTcpSocket::NoError
204  QSslError::UnableToGetIssuerCertificate QCA::ErrorSignatureFailed
205  QSslError::UnableToDecryptCertificateSignature QCA::ErrorSignatureFailed
206  QSslError::UnableToDecodeIssuerPublicKey QCA::ErrorInvalidCA
207  QSslError::CertificateSignatureFailed QCA::ErrorSignatureFailed
208  QSslError::CertificateNotYetValid QCA::ErrorExpired
209  QSslError::CertificateExpired QCA::ErrorExpired
210  QSslError::InvalidNotBeforeField QCA::ErrorExpired
211  QSslError::InvalidNotAfterField QCA::ErrorExpired
212  QSslError::SelfSignedCertificate QCA::ErrorSelfSigned
213  QSslError::SelfSignedCertificateInChain QCA::ErrorSelfSigned
214  QSslError::UnableToGetLocalIssuerCertificate QCA::ErrorInvalidCA
215  QSslError::UnableToVerifyFirstCertificate QCA::ErrorSignatureFailed
216  QSslError::CertificateRevoked QCA::ErrorRevoked
217  QSslError::InvalidCaCertificate QCA::ErrorInvalidCA
218  QSslError::PathLengthExceeded QCA::ErrorPathLengthExceeded
219  QSslError::InvalidPurpose QCA::ErrorInvalidPurpose
220  QSslError::CertificateUntrusted QCA::ErrorUntrusted
221  QSslError::CertificateRejected QCA::ErrorRejected
222  QSslError::SubjectIssuerMismatch QCA::TLS::InvalidCertificate ?
223  QSslError::AuthorityIssuerSerialNumberMismatch QCA::TLS::InvalidCertificate ?
224  QSslError::NoPeerCertificate QCA::TLS::NoCertificate
225  QSslError::HostNameMismatch QCA::TLS::HostMismatch
226  QSslError::UnspecifiedError KTcpSocket::UnknownError
227  QSslError::NoSslSupport Never happens :)
228  */
229  enum EncryptionMode {
230  UnencryptedMode = 0,
231  SslClientMode,
232  SslServerMode //### not implemented
233  };
234  enum ProxyPolicy {
236  AutoProxy = 0,
238  ManualProxy
239  };
240 
241  KTcpSocket(QObject *parent = nullptr);
242  ~KTcpSocket();
243 
244  //from QIODevice
245  //reimplemented virtuals - the ones not reimplemented are OK for us
246  bool atEnd() const override;
247  qint64 bytesAvailable() const override;
248  qint64 bytesToWrite() const override;
249  bool canReadLine() const override;
250  void close() override;
251  bool isSequential() const override;
252  bool open(QIODevice::OpenMode open) override;
253  bool waitForBytesWritten(int msecs) override;
254  //### Document that this actually tries to read *more* data
255  bool waitForReadyRead(int msecs = 30000) override;
256 protected:
257  qint64 readData(char *data, qint64 maxSize) override;
258  qint64 writeData(const char *data, qint64 maxSize) override;
259 Q_SIGNALS:
262  void encryptedBytesWritten(qint64 written);
263 public:
264  //from QAbstractSocket
265  void abort();
266  void connectToHost(const QString &hostName, quint16 port, ProxyPolicy policy = AutoProxy);
267  void connectToHost(const QHostAddress &hostAddress, quint16 port, ProxyPolicy policy = AutoProxy);
268 
275  void connectToHost(const QUrl &url, ProxyPolicy policy = AutoProxy);
276  void disconnectFromHost();
277  Error error() const; //### QAbstractSocket's model is strange. error() should be related to the
278  //current state and *NOT* just report the last error if there was one.
279  QList<KSslError> sslErrors() const; //### the errors returned can only have a subset of all
280  //possible QSslError::SslError enum values depending on backend
281  bool flush();
282  bool isValid() const;
283  QHostAddress localAddress() const;
284  QHostAddress peerAddress() const;
285  QString peerName() const;
286  quint16 peerPort() const;
287  void setVerificationPeerName(const QString &hostName);
288 
289 #ifndef QT_NO_NETWORKPROXY
290 
293  QNetworkProxy proxy() const;
294 #endif
295  qint64 readBufferSize() const; //probably hard to implement correctly
296 
297 #ifndef QT_NO_NETWORKPROXY
298 
301  void setProxy(const QNetworkProxy &proxy); //people actually seem to need it
302 #endif
303  void setReadBufferSize(qint64 size);
304  State state() const;
305  bool waitForConnected(int msecs = 30000);
306  bool waitForDisconnected(int msecs = 30000);
307 
308  //from QSslSocket
309  void addCaCertificate(const QSslCertificate &certificate);
310 // bool addCaCertificates(const QString &path, QSsl::EncodingFormat format = QSsl::Pem,
311 // QRegExp::PatternSyntax syntax = QRegExp::FixedString);
312  void addCaCertificates(const QList<QSslCertificate> &certificates);
313  QList<QSslCertificate> caCertificates() const;
314  QList<KSslCipher> ciphers() const;
315  void connectToHostEncrypted(const QString &hostName, quint16 port, OpenMode openMode = ReadWrite);
316  // bool isEncrypted() const { return encryptionMode() != UnencryptedMode }
317  QSslCertificate localCertificate() const;
318  QList<QSslCertificate> peerCertificateChain() const;
319  KSslKey privateKey() const;
320  KSslCipher sessionCipher() const;
321  void setCaCertificates(const QList<QSslCertificate> &certificates);
322  void setCiphers(const QList<KSslCipher> &ciphers);
323  //### void setCiphers(const QString &ciphers); //what about i18n?
324  void setLocalCertificate(const QSslCertificate &certificate);
325  void setLocalCertificate(const QString &fileName, QSsl::EncodingFormat format = QSsl::Pem);
326  void setPrivateKey(const KSslKey &key);
327  void setPrivateKey(const QString &fileName, KSslKey::Algorithm algorithm = KSslKey::Rsa,
329  const QByteArray &passPhrase = QByteArray());
330  void setAdvertisedSslVersion(SslVersion version);
331  SslVersion advertisedSslVersion() const; //always equal to last setSslAdvertisedVersion
332  SslVersion negotiatedSslVersion() const; //negotiated version; downgrades are possible.
333  QString negotiatedSslVersionName() const;
334  bool waitForEncrypted(int msecs = 30000);
335 
336  EncryptionMode encryptionMode() const;
337 
345  QVariant socketOption(QAbstractSocket::SocketOption options) const;
346 
354  void setSocketOption(QAbstractSocket::SocketOption options, const QVariant &value);
355 
361  QSslConfiguration sslConfiguration() const;
362 
368  void setSslConfiguration(const QSslConfiguration &configuration);
369 
370 Q_SIGNALS:
371  //from QAbstractSocket
372  void connected();
373  void disconnected();
374  void error(KTcpSocket::Error);
375  void hostFound();
376 #ifndef QT_NO_NETWORKPROXY
377  void proxyAuthenticationRequired(const QNetworkProxy &proxy, QAuthenticator *authenticator);
378 #endif
379  // only for raw socket state, SSL is separate
380  void stateChanged(KTcpSocket::State);
381 
382  //from QSslSocket
383  void encrypted();
384  void encryptionModeChanged(EncryptionMode);
385  void sslErrors(const QList<KSslError> &errors);
386 
387 public Q_SLOTS:
388  void ignoreSslErrors();
389  void startClientEncryption();
390  // void startServerEncryption(); //not implemented
391 private:
392  Q_PRIVATE_SLOT(d, void reemitReadyRead())
393  Q_PRIVATE_SLOT(d, void reemitSocketError(QAbstractSocket::SocketError))
394  Q_PRIVATE_SLOT(d, void reemitSslErrors(const QList<QSslError> &))
395  Q_PRIVATE_SLOT(d, void reemitStateChanged(QAbstractSocket::SocketState))
396  Q_PRIVATE_SLOT(d, void reemitModeChanged(QSslSocket::SslMode))
397 
398 //debugging H4X
399  void showSslErrors();
400 
401  friend class KTcpSocketPrivate;
402  KTcpSocketPrivate *const d;
403 };
404 
405 #endif // deprecated since 5.65
406 
407 #endif // KTCPSOCKET_H
virtual bool atEnd() const const
virtual qint64 bytesToWrite() const const
typedef OpenMode
SSL Cipher.
Definition: ktcpsocket.h:67
virtual bool open(QIODevice::OpenMode mode)
virtual qint64 readData(char *data, qint64 maxSize)=0
virtual void close()
virtual bool isSequential() const const
SSL Key.
Definition: ktcpsocket.h:35
TCP socket.
Definition: ktcpsocket.h:155
virtual bool waitForBytesWritten(int msecs)
virtual bool waitForReadyRead(int msecs)
virtual qint64 bytesAvailable() const const
EncodingFormat
virtual qint64 writeData(const char *data, qint64 maxSize)=0
To be replaced by QSslError.
Definition: ktcpsocket.h:98
virtual bool canReadLine() const const
This file is part of the KDE documentation.
Documentation copyright © 1996-2020 The KDE developers.
Generated on Wed Oct 28 2020 23:05:44 by doxygen 1.8.11 written by Dimitri van Heesch, © 1997-2006

KDE's Doxygen guidelines are available online.