1 | /**************************************************************************** |
2 | ** |
3 | ** Copyright (C) 2017 The Qt Company Ltd. |
4 | ** Contact: https://www.qt.io/licensing/ |
5 | ** |
6 | ** This file is part of the QtNetwork module of the Qt Toolkit. |
7 | ** |
8 | ** $QT_BEGIN_LICENSE:LGPL$ |
9 | ** Commercial License Usage |
10 | ** Licensees holding valid commercial Qt licenses may use this file in |
11 | ** accordance with the commercial license agreement provided with the |
12 | ** Software or, alternatively, in accordance with the terms contained in |
13 | ** a written agreement between you and The Qt Company. For licensing terms |
14 | ** and conditions see https://www.qt.io/terms-conditions. For further |
15 | ** information use the contact form at https://www.qt.io/contact-us. |
16 | ** |
17 | ** GNU Lesser General Public License Usage |
18 | ** Alternatively, this file may be used under the terms of the GNU Lesser |
19 | ** General Public License version 3 as published by the Free Software |
20 | ** Foundation and appearing in the file LICENSE.LGPL3 included in the |
21 | ** packaging of this file. Please review the following information to |
22 | ** ensure the GNU Lesser General Public License version 3 requirements |
23 | ** will be met: https://www.gnu.org/licenses/lgpl-3.0.html. |
24 | ** |
25 | ** GNU General Public License Usage |
26 | ** Alternatively, this file may be used under the terms of the GNU |
27 | ** General Public License version 2.0 or (at your option) the GNU General |
28 | ** Public license version 3 or any later version approved by the KDE Free |
29 | ** Qt Foundation. The licenses are as published by the Free Software |
30 | ** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3 |
31 | ** included in the packaging of this file. Please review the following |
32 | ** information to ensure the GNU General Public License requirements will |
33 | ** be met: https://www.gnu.org/licenses/gpl-2.0.html and |
34 | ** https://www.gnu.org/licenses/gpl-3.0.html. |
35 | ** |
36 | ** $QT_END_LICENSE$ |
37 | ** |
38 | ****************************************************************************/ |
39 | |
40 | #include "qhstsstore_p.h" |
41 | #include "qhstspolicy.h" |
42 | |
43 | #include "qstandardpaths.h" |
44 | #include "qdatastream.h" |
45 | #include "qbytearray.h" |
46 | #include "qdatetime.h" |
47 | #include "qvariant.h" |
48 | #include "qstring.h" |
49 | #include "qdir.h" |
50 | |
51 | #include <utility> |
52 | |
53 | QT_BEGIN_NAMESPACE |
54 | |
55 | static QString host_name_to_settings_key(const QString &hostName) |
56 | { |
57 | const QByteArray hostNameAsHex(hostName.toUtf8().toHex()); |
58 | return QString::fromLatin1(str: hostNameAsHex); |
59 | } |
60 | |
61 | static QString settings_key_to_host_name(const QString &key) |
62 | { |
63 | const QByteArray hostNameAsUtf8(QByteArray::fromHex(hexEncoded: key.toLatin1())); |
64 | return QString::fromUtf8(str: hostNameAsUtf8); |
65 | } |
66 | |
67 | QHstsStore::QHstsStore(const QString &dirName) |
68 | : store(absoluteFilePath(dirName), QSettings::IniFormat) |
69 | { |
70 | // Disable fallbacks, we do not want to use anything but our own ini file. |
71 | store.setFallbacksEnabled(false); |
72 | } |
73 | |
74 | QHstsStore::~QHstsStore() |
75 | { |
76 | synchronize(); |
77 | } |
78 | |
79 | QVector<QHstsPolicy> QHstsStore::readPolicies() |
80 | { |
81 | // This function only attempts to read policies, making no decision about |
82 | // expired policies. It's up to a user (QHstsCache) to mark these policies |
83 | // for deletion and sync the store later. But we immediately remove keys/values |
84 | // (if the store isWritable) for the policies that we fail to read. |
85 | QVector<QHstsPolicy> policies; |
86 | |
87 | beginHstsGroups(); |
88 | |
89 | const QStringList keys = store.childKeys(); |
90 | for (const auto &key : keys) { |
91 | QHstsPolicy restoredPolicy; |
92 | if (deserializePolicy(key, policy&: restoredPolicy)) { |
93 | restoredPolicy.setHost(host: settings_key_to_host_name(key)); |
94 | policies.push_back(t: std::move(restoredPolicy)); |
95 | } else if (isWritable()) { |
96 | evictPolicy(key); |
97 | } |
98 | } |
99 | |
100 | endHstsGroups(); |
101 | |
102 | return policies; |
103 | } |
104 | |
105 | void QHstsStore::addToObserved(const QHstsPolicy &policy) |
106 | { |
107 | observedPolicies.push_back(t: policy); |
108 | } |
109 | |
110 | void QHstsStore::synchronize() |
111 | { |
112 | if (!isWritable()) |
113 | return; |
114 | |
115 | if (observedPolicies.size()) { |
116 | beginHstsGroups(); |
117 | for (const QHstsPolicy &policy : qAsConst(t&: observedPolicies)) { |
118 | const QString key(host_name_to_settings_key(hostName: policy.host())); |
119 | // If we fail to write a new, updated policy, we also remove the old one. |
120 | if (policy.isExpired() || !serializePolicy(key, policy)) |
121 | evictPolicy(key); |
122 | } |
123 | observedPolicies.clear(); |
124 | endHstsGroups(); |
125 | } |
126 | |
127 | store.sync(); |
128 | } |
129 | |
130 | bool QHstsStore::isWritable() const |
131 | { |
132 | return store.isWritable(); |
133 | } |
134 | |
135 | QString QHstsStore::absoluteFilePath(const QString &dirName) |
136 | { |
137 | const QDir dir(dirName.isEmpty() ? QStandardPaths::writableLocation(type: QStandardPaths::CacheLocation) |
138 | : dirName); |
139 | return dir.absoluteFilePath(fileName: QLatin1String("hstsstore" )); |
140 | } |
141 | |
142 | void QHstsStore::beginHstsGroups() |
143 | { |
144 | store.beginGroup(prefix: QLatin1String("StrictTransportSecurity" )); |
145 | store.beginGroup(prefix: QLatin1String("Policies" )); |
146 | } |
147 | |
148 | void QHstsStore::endHstsGroups() |
149 | { |
150 | store.endGroup(); |
151 | store.endGroup(); |
152 | } |
153 | |
154 | bool QHstsStore::deserializePolicy(const QString &key, QHstsPolicy &policy) |
155 | { |
156 | Q_ASSERT(store.contains(key)); |
157 | |
158 | const QVariant data(store.value(key)); |
159 | if (data.isNull() || !data.canConvert<QByteArray>()) |
160 | return false; |
161 | |
162 | const QByteArray serializedData(data.toByteArray()); |
163 | QDataStream streamer(serializedData); |
164 | qint64 expiryInMS = 0; |
165 | streamer >> expiryInMS; |
166 | if (streamer.status() != QDataStream::Ok) |
167 | return false; |
168 | bool includesSubDomains = false; |
169 | streamer >> includesSubDomains; |
170 | if (streamer.status() != QDataStream::Ok) |
171 | return false; |
172 | |
173 | policy.setExpiry(QDateTime::fromMSecsSinceEpoch(msecs: expiryInMS)); |
174 | policy.setIncludesSubDomains(includesSubDomains); |
175 | |
176 | return true; |
177 | } |
178 | |
179 | bool QHstsStore::serializePolicy(const QString &key, const QHstsPolicy &policy) |
180 | { |
181 | Q_ASSERT(store.isWritable()); |
182 | |
183 | QByteArray serializedData; |
184 | QDataStream streamer(&serializedData, QIODevice::WriteOnly); |
185 | streamer << policy.expiry().toMSecsSinceEpoch(); |
186 | streamer << policy.includesSubDomains(); |
187 | |
188 | if (streamer.status() != QDataStream::Ok) |
189 | return false; |
190 | |
191 | store.setValue(key, value: serializedData); |
192 | return true; |
193 | } |
194 | |
195 | void QHstsStore::evictPolicy(const QString &key) |
196 | { |
197 | Q_ASSERT(store.isWritable()); |
198 | if (store.contains(key)) |
199 | store.remove(key); |
200 | } |
201 | |
202 | QT_END_NAMESPACE |
203 | |