1	// Copyright (C) 2016 The Qt Company Ltd.
2	// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
3	// Qt-Security score:critical reason:network-protocol
4
5	#include "qhttpnetworkconnection_p.h"
6	#include <private/qabstractsocket_p.h>
7	#include "qhttpnetworkconnectionchannel_p.h"
8	#include "private/qnoncontiguousbytedevice_p.h"
9	#include <private/qnetworkrequest_p.h>
10	#include <private/qobject_p.h>
11	#include <private/qauthenticator_p.h>
12	#include "private/qhostinfo_p.h"
13	#include <qnetworkproxy.h>
14	#include <qauthenticator.h>
15	#include <qcoreapplication.h>
16	#include <private/qdecompresshelper_p.h>
17	#include <private/qsocketabstraction_p.h>
18
19	#include <qbuffer.h>
20	#include <qdebug.h>
21	#include <qspan.h>
22	#include <qvarlengtharray.h>
23
24	#ifndef QT_NO_SSL
25	# include <private/qsslsocket_p.h>
26	# include <QtNetwork/qsslkey.h>
27	# include <QtNetwork/qsslcipher.h>
28	# include <QtNetwork/qsslconfiguration.h>
29	# include <QtNetwork/qsslerror.h>
30	#endif
31
32
33
34	QT_BEGIN_NAMESPACE
35
36	using namespace Qt::StringLiterals;
37
38	// The pipeline length. So there will be 4 requests in flight.
39	const int QHttpNetworkConnectionPrivate::defaultPipelineLength = 3;
40	// Only re-fill the pipeline if there's defaultRePipelineLength slots free in the pipeline.
41	// This means that there are 2 requests in flight and 2 slots free that will be re-filled.
42	const int QHttpNetworkConnectionPrivate::defaultRePipelineLength = 2;
43
44	static int getPreferredActiveChannelCount(QHttpNetworkConnection::ConnectionType type,
45	int defaultValue)
46	{
47	return (type == QHttpNetworkConnection::ConnectionTypeHTTP2
48	|| type == QHttpNetworkConnection::ConnectionTypeHTTP2Direct)
49	? 1
50	: defaultValue;
51	}
52
53	QHttpNetworkConnectionPrivate::QHttpNetworkConnectionPrivate(
54	quint16 connectionCount, const QString &hostName, quint16 port, bool encrypt,
55	bool isLocalSocket, QHttpNetworkConnection::ConnectionType type)
56	: hostName(hostName),
57	port(port),
58	encrypt(encrypt),
59	isLocalSocket(isLocalSocket),
60	activeChannelCount(getPreferredActiveChannelCount(type, defaultValue: connectionCount)),
61	channelCount(connectionCount),
62	channels(new QHttpNetworkConnectionChannel[channelCount]),
63	#ifndef QT_NO_NETWORKPROXY
64	networkProxy(QNetworkProxy::NoProxy),
65	#endif
66	connectionType(type)
67	{
68	if (isLocalSocket) // Don't try to do host lookup for local sockets
69	networkLayerState = IPv4;
70	// We allocate all 6 channels even if it's an HTTP/2-enabled
71	// connection: in case the protocol negotiation via NPN/ALPN fails,
72	// we will have normally working HTTP/1.1.
73	Q_ASSERT(channelCount >= activeChannelCount);
74	}
75
76
77
78	QHttpNetworkConnectionPrivate::~QHttpNetworkConnectionPrivate()
79	{
80	for (int i = 0; i < channelCount; ++i) {
81	if (channels[i].socket) {
82	QObject::disconnect(sender: channels[i].socket, signal: nullptr, receiver: &channels[i], member: nullptr);
83	channels[i].socket->close();
84	delete channels[i].socket;
85	}
86	}
87	delete []channels;
88	}
89
90	void QHttpNetworkConnectionPrivate::init()
91	{
92	Q_Q(QHttpNetworkConnection);
93	for (int i = 0; i < channelCount; i++) {
94	channels[i].setConnection(this->q_func());
95	channels[i].ssl = encrypt;
96	}
97
98	delayedConnectionTimer.setSingleShot(true);
99	QObject::connect(sender: &delayedConnectionTimer, SIGNAL(timeout()), receiver: q, SLOT(_q_connectDelayedChannel()));
100	}
101
102	void QHttpNetworkConnectionPrivate::pauseConnection()
103	{
104	state = PausedState;
105
106	// Disable all socket notifiers
107	for (int i = 0; i < activeChannelCount; i++) {
108	if (auto *absSocket = qobject_cast<QAbstractSocket *>(object: channels[i].socket)) {
109	#ifndef QT_NO_SSL
110	if (encrypt)
111	QSslSocketPrivate::pauseSocketNotifiers(static_cast<QSslSocket*>(absSocket));
112	else
113	#endif
114	QAbstractSocketPrivate::pauseSocketNotifiers(absSocket);
115	#if QT_CONFIG(localserver)
116	} else if (qobject_cast<QLocalSocket *>(object: channels[i].socket)) {
117	// @todo how would we do this?
118	#if 0 // @todo Enable this when there is a debug category for this
119	qDebug() << "Should pause socket but there is no way to do it for local sockets";
120	#endif
121	#endif
122	}
123	}
124	}
125
126	void QHttpNetworkConnectionPrivate::resumeConnection()
127	{
128	state = RunningState;
129	// Enable all socket notifiers
130	for (int i = 0; i < activeChannelCount; i++) {
131	if (auto *absSocket = qobject_cast<QAbstractSocket *>(object: channels[i].socket)) {
132	#ifndef QT_NO_SSL
133	if (encrypt)
134	QSslSocketPrivate::resumeSocketNotifiers(static_cast<QSslSocket*>(absSocket));
135	else
136	#endif
137	QAbstractSocketPrivate::resumeSocketNotifiers(absSocket);
138
139	// Resume pending upload if needed
140	if (channels[i].state == QHttpNetworkConnectionChannel::WritingState)
141	QMetaObject::invokeMethod(obj: &channels[i], member: "_q_uploadDataReadyRead", c: Qt::QueuedConnection);
142	#if QT_CONFIG(localserver)
143	} else if (qobject_cast<QLocalSocket *>(object: channels[i].socket)) {
144	#if 0 // @todo Enable this when there is a debug category for this
145	qDebug() << "Should resume socket but there is no way to do it for local sockets";
146	#endif
147	#endif
148	}
149	}
150
151	// queue _q_startNextRequest
152	QMetaObject::invokeMethod(obj: this->q_func(), member: "_q_startNextRequest", c: Qt::QueuedConnection);
153	}
154
155	int QHttpNetworkConnectionPrivate::indexOf(QIODevice *socket) const
156	{
157	for (int i = 0; i < activeChannelCount; ++i)
158	if (channels[i].socket == socket)
159	return i;
160
161	qFatal(msg: "Called with unknown socket object.");
162	return 0;
163	}
164
165	// If the connection is in the HostLookupPendening state channel errors should not always be
166	// emitted. This function will check the status of the connection channels if we
167	// have not decided the networkLayerState and will return true if the channel error
168	// should be emitted by the channel.
169	bool QHttpNetworkConnectionPrivate::shouldEmitChannelError(QIODevice *socket)
170	{
171	Q_Q(QHttpNetworkConnection);
172
173	bool emitError = true;
174	int i = indexOf(socket);
175	int otherSocket = (i == 0 ? 1 : 0);
176
177	// If the IPv4 connection still isn't started we need to start it now.
178	if (delayedConnectionTimer.isActive()) {
179	delayedConnectionTimer.stop();
180	channels[otherSocket].ensureConnection();
181	}
182
183	if (activeChannelCount < channelCount) {
184	if (networkLayerState == HostLookupPending || networkLayerState == IPv4or6)
185	networkLayerState = QHttpNetworkConnectionPrivate::Unknown;
186	channels[0].close();
187	emitError = true;
188	} else {
189	if (networkLayerState == HostLookupPending || networkLayerState == IPv4or6) {
190	if (channels[otherSocket].isSocketBusy() && (channels[otherSocket].state != QHttpNetworkConnectionChannel::ClosingState)) {
191	// this was the first socket to fail.
192	channels[i].close();
193	emitError = false;
194	}
195	else {
196	// Both connection attempts has failed.
197	networkLayerState = QHttpNetworkConnectionPrivate::Unknown;
198	channels[i].close();
199	emitError = true;
200	}
201	} else {
202	if (((networkLayerState == QHttpNetworkConnectionPrivate::IPv4) && (channels[i].networkLayerPreference != QAbstractSocket::IPv4Protocol))
203	|| ((networkLayerState == QHttpNetworkConnectionPrivate::IPv6) && (channels[i].networkLayerPreference != QAbstractSocket::IPv6Protocol))) {
204	// First connection worked so this is the second one to complete and it failed.
205	channels[i].close();
206	QMetaObject::invokeMethod(obj: q, member: "_q_startNextRequest", c: Qt::QueuedConnection);
207	emitError = false;
208	}
209	if (networkLayerState == QHttpNetworkConnectionPrivate::Unknown)
210	qWarning(msg: "We got a connection error when networkLayerState is Unknown");
211	}
212	}
213	return emitError;
214	}
215
216
217	qint64 QHttpNetworkConnectionPrivate::uncompressedBytesAvailable(const QHttpNetworkReply &reply) const
218	{
219	return reply.d_func()->responseData.byteAmount();
220	}
221
222	qint64 QHttpNetworkConnectionPrivate::uncompressedBytesAvailableNextBlock(const QHttpNetworkReply &reply) const
223	{
224	return reply.d_func()->responseData.sizeNextBlock();
225	}
226
227	static QByteArray makeAcceptLanguage()
228	{
229	QString systemLocale = QLocale::system().name();
230	if (systemLocale == "C"_L1)
231	return "en,*"_ba;
232	systemLocale.replace(before: '_'_L1, after: '-'_L1);
233	if (systemLocale.startsWith(s: "en-"_L1))
234	return (systemLocale + ",*"_L1).toLatin1();
235	return (systemLocale + ",en,*"_L1).toLatin1();
236	}
237
238	static QStringView removeZoneId(QStringView ipv6HostAddress)
239	{
240	const auto zoneIdentfierIndex = ipv6HostAddress.indexOf(c: u'%');
241	// Only perform a minimal sanity check, as at this point the
242	// ipv6HostAddress was already used successfully to establish the connection.
243	if (zoneIdentfierIndex == -1) {
244	return ipv6HostAddress;
245	}
246
247	return ipv6HostAddress.left(n: zoneIdentfierIndex);
248	}
249
250	void QHttpNetworkConnectionPrivate::prepareRequest(HttpMessagePair &messagePair)
251	{
252	QHttpNetworkRequest &request = messagePair.first;
253	QHttpNetworkReply *reply = messagePair.second;
254
255	// add missing fields for the request
256	QByteArray value;
257	#ifndef Q_OS_WASM
258	// check if Content-Length is provided
259	QNonContiguousByteDevice* uploadByteDevice = request.uploadByteDevice();
260	if (uploadByteDevice) {
261	const qint64 contentLength = request.contentLength();
262	const qint64 uploadDeviceSize = uploadByteDevice->size();
263	if (contentLength != -1 && uploadDeviceSize != -1) {
264	// Both values known: use the smaller one.
265	if (uploadDeviceSize < contentLength)
266	request.setContentLength(uploadDeviceSize);
267	} else if (contentLength == -1 && uploadDeviceSize != -1) {
268	// content length not supplied by user, but the upload device knows it
269	request.setContentLength(uploadDeviceSize);
270	} else if (contentLength != -1 && uploadDeviceSize == -1) {
271	// everything OK, the user supplied us the contentLength
272	} else if (Q_UNLIKELY(contentLength == -1 && uploadDeviceSize == -1)) {
273	qFatal(msg: "QHttpNetworkConnectionPrivate: Neither content-length nor upload device size were given");
274	}
275	}
276	#endif
277	// set the Connection/Proxy-Connection: Keep-Alive headers
278	#ifndef QT_NO_NETWORKPROXY
279	if (networkProxy.type() == QNetworkProxy::HttpCachingProxy) {
280	value = request.headerField(name: "proxy-connection");
281	if (value.isEmpty())
282	request.setHeaderField(name: "Proxy-Connection", data: "Keep-Alive");
283	} else {
284	#endif
285	value = request.headerField(name: "connection");
286	if (value.isEmpty())
287	request.setHeaderField(name: "Connection", data: "Keep-Alive");
288	#ifndef QT_NO_NETWORKPROXY
289	}
290	#endif
291
292	// If the request had a accept-encoding set, we better not mess
293	// with it. If it was not set, we announce that we understand gzip
294	// and remember this fact in request.d->autoDecompress so that
295	// we can later decompress the HTTP reply if it has such an
296	// encoding.
297	value = request.headerField(name: "accept-encoding");
298	if (value.isEmpty()) {
299	#ifndef QT_NO_COMPRESS
300	const static QByteArray acceptedEncoding = QDecompressHelper::acceptedEncoding().join(sep: ", ");
301	request.setHeaderField(name: "Accept-Encoding", data: acceptedEncoding);
302	request.d->autoDecompress = true;
303	#else
304	// if zlib is not available set this to false always
305	request.d->autoDecompress = false;
306	#endif
307	}
308
309	// some websites mandate an accept-language header and fail
310	// if it is not sent. This is a problem with the website and
311	// not with us, but we work around this by setting
312	// one always.
313	value = request.headerField(name: "accept-language");
314	if (value.isEmpty())
315	request.setHeaderField(name: "Accept-Language", data: makeAcceptLanguage());
316
317	// set the User Agent
318	value = request.headerField(name: "user-agent");
319	if (value.isEmpty())
320	request.setHeaderField(name: "User-Agent", data: "Mozilla/5.0");
321	// set the host
322	value = request.headerField(name: "host");
323	if (isLocalSocket && value.isEmpty()) {
324	// The local socket connections might have a full file path, and that
325	// may not be suitable for the Host header. But we can use whatever the
326	// user has set in the URL.
327	request.prependHeaderField(name: "Host", data: request.url().host().toLocal8Bit());
328	} else if (value.isEmpty()) {
329	QHostAddress add;
330	QByteArray host;
331	if (add.setAddress(hostName)) {
332	if (add.protocol() == QAbstractSocket::IPv6Protocol)
333	host = (u'[' + removeZoneId(ipv6HostAddress: hostName) + u']').toLatin1(); //format the ipv6 in the standard way
334	else
335	host = hostName.toLatin1();
336
337	} else {
338	host = QUrl::toAce(domain: hostName);
339	}
340
341	int port = request.url().port();
342	if (port != -1) {
343	host += ':';
344	host += QByteArray::number(port);
345	}
346
347	request.prependHeaderField(name: "Host", data: host);
348	}
349
350	reply->d_func()->requestIsPrepared = true;
351	}
352
353
354
355
356	void QHttpNetworkConnectionPrivate::emitReplyError(QIODevice *socket,
357	QHttpNetworkReply *reply,
358	QNetworkReply::NetworkError errorCode)
359	{
360	Q_Q(QHttpNetworkConnection);
361
362	int i = 0;
363	if (socket)
364	i = indexOf(socket);
365
366	if (reply) {
367	// this error matters only to this reply
368	reply->d_func()->errorString = errorDetail(errorCode, socket);
369	emit reply->finishedWithError(errorCode, detail: reply->d_func()->errorString);
370	// remove the corrupt data if any
371	reply->d_func()->eraseData();
372
373	// Clean the channel
374	channels[i].close();
375	channels[i].reply = nullptr;
376	if (channels[i].protocolHandler)
377	channels[i].protocolHandler->setReply(nullptr);
378	channels[i].request = QHttpNetworkRequest();
379	if (socket)
380	channels[i].requeueCurrentlyPipelinedRequests();
381
382	// send the next request
383	QMetaObject::invokeMethod(obj: q, member: "_q_startNextRequest", c: Qt::QueuedConnection);
384	}
385	}
386
387	void QHttpNetworkConnectionPrivate::copyCredentials(int fromChannel, QAuthenticator *auth, bool isProxy)
388	{
389	Q_ASSERT(auth);
390
391	// NTLM and Negotiate do multi-phase authentication.
392	// Copying credentialsbetween authenticators would mess things up.
393	if (fromChannel >= 0) {
394	QAuthenticatorPrivate *priv = QAuthenticatorPrivate::getPrivate(auth&: *auth);
395	if (priv
396	&& (priv->method == QAuthenticatorPrivate::Ntlm
397	|| priv->method == QAuthenticatorPrivate::Negotiate)) {
398	return;
399	}
400	}
401
402	// select another channel
403	QAuthenticator* otherAuth = nullptr;
404	for (int i = 0; i < activeChannelCount; ++i) {
405	if (i == fromChannel)
406	continue;
407	if (isProxy)
408	otherAuth = &channels[i].proxyAuthenticator;
409	else
410	otherAuth = &channels[i].authenticator;
411	// if the credentials are different, copy them
412	if (otherAuth->user().compare(s: auth->user()))
413	otherAuth->setUser(auth->user());
414	if (otherAuth->password().compare(s: auth->password()))
415	otherAuth->setPassword(auth->password());
416	}
417	}
418
419
420	// handles the authentication for one channel and eventually re-starts the other channels
421	bool QHttpNetworkConnectionPrivate::handleAuthenticateChallenge(QIODevice *socket, QHttpNetworkReply *reply,
422	bool isProxy, bool &resend)
423	{
424	Q_ASSERT(socket);
425	Q_ASSERT(reply);
426
427	resend = false;
428	//create the response header to be used with QAuthenticatorPrivate.
429	const auto headers = reply->header();
430
431	// Check that any of the proposed authenticate methods are supported
432	const QByteArray header = isProxy ? "proxy-authenticate" : "www-authenticate";
433	const QByteArrayList &authenticationMethods = reply->d_func()->headerFieldValues(name: header);
434	const bool isSupported = std::any_of(first: authenticationMethods.begin(), last: authenticationMethods.end(),
435	pred: QAuthenticatorPrivate::isMethodSupported);
436	if (isSupported) {
437	int i = indexOf(socket);
438	//Use a single authenticator for all domains. ### change later to use domain/realm
439	QAuthenticator *auth = isProxy ? &channels[i].proxyAuthenticator
440	: &channels[i].authenticator;
441	//proceed with the authentication.
442	if (auth->isNull())
443	auth->detach();
444	QAuthenticatorPrivate *priv = QAuthenticatorPrivate::getPrivate(auth&: *auth);
445	priv->parseHttpResponse(headers, isProxy, host: reply->url().host());
446	// Update method in case it changed
447	if (priv->method == QAuthenticatorPrivate::None)
448	return false;
449
450	if (priv->phase == QAuthenticatorPrivate::Done ||
451	(priv->phase == QAuthenticatorPrivate::Start
452	&& (priv->method == QAuthenticatorPrivate::Ntlm
453	|| priv->method == QAuthenticatorPrivate::Negotiate))) {
454	if (priv->phase == QAuthenticatorPrivate::Start)
455	priv->phase = QAuthenticatorPrivate::Phase1;
456
457	pauseConnection();
458	if (!isProxy) {
459	if (channels[i].authenticationCredentialsSent) {
460	auth->detach();
461	priv = QAuthenticatorPrivate::getPrivate(auth&: *auth);
462	priv->hasFailed = true;
463	priv->phase = QAuthenticatorPrivate::Done;
464	channels[i].authenticationCredentialsSent = false;
465	}
466	emit reply->authenticationRequired(request: reply->request(), authenticator: auth);
467	#ifndef QT_NO_NETWORKPROXY
468	} else {
469	if (channels[i].proxyCredentialsSent) {
470	auth->detach();
471	priv = QAuthenticatorPrivate::getPrivate(auth&: *auth);
472	priv->hasFailed = true;
473	priv->phase = QAuthenticatorPrivate::Done;
474	channels[i].proxyCredentialsSent = false;
475	}
476	emit reply->proxyAuthenticationRequired(proxy: networkProxy, authenticator: auth);
477	#endif
478	}
479	resumeConnection();
480
481	if (priv->phase != QAuthenticatorPrivate::Done) {
482	// send any pending requests
483	copyCredentials(fromChannel: i, auth, isProxy);
484	}
485	} else if (priv->phase == QAuthenticatorPrivate::Start) {
486	// If the url's authenticator has a 'user' set we will end up here (phase is only set to 'Done' by
487	// parseHttpResponse above if 'user' is empty). So if credentials were supplied with the request,
488	// such as in the case of an XMLHttpRequest, this is our only opportunity to cache them.
489	emit reply->cacheCredentials(request: reply->request(), authenticator: auth);
490	}
491	// - Changing values in QAuthenticator will reset the 'phase'. Therefore if it is still "Done"
492	// then nothing was filled in by the user or the cache
493	// - If withCredentials has been set to false (e.g. by Qt WebKit for a cross-origin XMLHttpRequest) then
494	// we need to bail out if authentication is required.
495	if (priv->phase == QAuthenticatorPrivate::Done || !reply->request().withCredentials()) {
496	// Reset authenticator so the next request on that channel does not get messed up
497	auth = nullptr;
498	if (isProxy)
499	channels[i].proxyAuthenticator = QAuthenticator();
500	else
501	channels[i].authenticator = QAuthenticator();
502
503	// authentication is cancelled, send the current contents to the user.
504	emit reply->headerChanged();
505	emit reply->readyRead();
506	QNetworkReply::NetworkError errorCode =
507	isProxy
508	? QNetworkReply::ProxyAuthenticationRequiredError
509	: QNetworkReply::AuthenticationRequiredError;
510	reply->d_func()->errorString = errorDetail(errorCode, socket);
511	emit reply->finishedWithError(errorCode, detail: reply->d_func()->errorString);
512	// ### at this point the reply could be deleted
513	return true;
514	}
515	//resend the request
516	resend = true;
517	return true;
518	}
519	return false;
520	}
521
522	// Used by the HTTP1 code-path
523	QUrl QHttpNetworkConnectionPrivate::parseRedirectResponse(QIODevice *socket,
524	QHttpNetworkReply *reply)
525	{
526	ParseRedirectResult result = parseRedirectResponse(reply);
527	if (result.errorCode != QNetworkReply::NoError) {
528	emitReplyError(socket, reply, errorCode: result.errorCode);
529	return {};
530	}
531	return std::move(result.redirectUrl);
532	}
533
534	QHttpNetworkConnectionPrivate::ParseRedirectResult
535	QHttpNetworkConnectionPrivate::parseRedirectResponse(QHttpNetworkReply *reply)
536	{
537	if (!reply->request().isFollowRedirects())
538	return {.redirectUrl: {}, .errorCode: QNetworkReply::NoError};
539
540	QUrl redirectUrl;
541	const QHttpHeaders fields = reply->header();
542	if (const auto h = fields.values(name: QHttpHeaders::WellKnownHeader::Location); !h.empty()) {
543	redirectUrl = QUrl::fromEncoded(input: h.first());
544	}
545
546	// If the location url is invalid/empty, we return ProtocolUnknownError
547	if (!redirectUrl.isValid())
548	return {.redirectUrl: {}, .errorCode: QNetworkReply::ProtocolUnknownError};
549
550	// Check if we have exceeded max redirects allowed
551	if (reply->request().redirectCount() <= 0)
552	return {.redirectUrl: {}, .errorCode: QNetworkReply::TooManyRedirectsError};
553
554	// Resolve the URL if it's relative
555	if (redirectUrl.isRelative())
556	redirectUrl = reply->request().url().resolved(relative: redirectUrl);
557
558	// Check redirect url protocol
559	const QUrl priorUrl(reply->request().url());
560	const QString targetUrlScheme = redirectUrl.scheme();
561	if (targetUrlScheme == "http"_L1 || targetUrlScheme == "https"_L1
562	|| targetUrlScheme.startsWith(s: "unix"_L1)) {
563	switch (reply->request().redirectPolicy()) {
564	case QNetworkRequest::NoLessSafeRedirectPolicy:
565	// Here we could handle https->http redirects as InsecureProtocolError.
566	// However, if HSTS is enabled and redirectUrl.host() is a known STS
567	// host, then we'll replace its scheme and this won't downgrade protocol,
568	// after all. We cannot access QNAM's STS cache from here, so delegate
569	// this check to QNetworkReplyHttpImpl.
570	break;
571	case QNetworkRequest::SameOriginRedirectPolicy:
572	if (priorUrl.host() != redirectUrl.host()
573	|| priorUrl.scheme() != targetUrlScheme
574	|| priorUrl.port() != redirectUrl.port()) {
575	return {.redirectUrl: {}, .errorCode: QNetworkReply::InsecureRedirectError};
576	}
577	break;
578	case QNetworkRequest::UserVerifiedRedirectPolicy:
579	break;
580	default:
581	Q_ASSERT(!"Unexpected redirect policy");
582	}
583	} else {
584	return {.redirectUrl: {}, .errorCode: QNetworkReply::ProtocolUnknownError};
585	}
586	return {.redirectUrl: std::move(redirectUrl), .errorCode: QNetworkReply::NoError};
587	}
588
589	void QHttpNetworkConnectionPrivate::createAuthorization(QIODevice *socket, QHttpNetworkRequest &request)
590	{
591	Q_ASSERT(socket);
592
593	QHttpNetworkConnectionChannel &channel = channels[indexOf(socket)];
594
595	QAuthenticator *authenticator = &channel.authenticator;
596	QAuthenticatorPrivate *priv = QAuthenticatorPrivate::getPrivate(auth&: *authenticator);
597	// Send "Authorization" header, but not if it's NTLM and the socket is already authenticated.
598	if (priv && priv->method != QAuthenticatorPrivate::None) {
599	const bool ntlmNego = priv->method == QAuthenticatorPrivate::Ntlm
600	|| priv->method == QAuthenticatorPrivate::Negotiate;
601	const bool authNeeded = channel.lastStatus == 401;
602	const bool ntlmNegoOk = ntlmNego && authNeeded
603	&& (priv->phase != QAuthenticatorPrivate::Done
604	|| !channel.authenticationCredentialsSent);
605	const bool otherOk =
606	!ntlmNego && (authNeeded || request.headerField(name: "Authorization").isEmpty());
607	if (ntlmNegoOk || otherOk) {
608	QByteArray response = priv->calculateResponse(method: request.methodName(), path: request.uri(throughProxy: false),
609	host: request.url().host());
610	request.setHeaderField(name: "Authorization", data: response);
611	channel.authenticationCredentialsSent = true;
612	}
613	}
614
615	#if QT_CONFIG(networkproxy)
616	authenticator = &channel.proxyAuthenticator;
617	priv = QAuthenticatorPrivate::getPrivate(auth&: *authenticator);
618	// Send "Proxy-Authorization" header, but not if it's NTLM and the socket is already authenticated.
619	if (priv && priv->method != QAuthenticatorPrivate::None) {
620	const bool ntlmNego = priv->method == QAuthenticatorPrivate::Ntlm
621	|| priv->method == QAuthenticatorPrivate::Negotiate;
622	const bool proxyAuthNeeded = channel.lastStatus == 407;
623	const bool ntlmNegoOk = ntlmNego && proxyAuthNeeded
624	&& (priv->phase != QAuthenticatorPrivate::Done || !channel.proxyCredentialsSent);
625	const bool otherOk = !ntlmNego;
626	if (ntlmNegoOk || otherOk) {
627	QByteArray response = priv->calculateResponse(method: request.methodName(), path: request.uri(throughProxy: false),
628	host: networkProxy.hostName());
629	request.setHeaderField(name: "Proxy-Authorization", data: response);
630	channel.proxyCredentialsSent = true;
631	}
632	}
633	#endif // QT_CONFIG(networkproxy)
634	}
635
636	QHttpNetworkReply* QHttpNetworkConnectionPrivate::queueRequest(const QHttpNetworkRequest &request)
637	{
638	Q_Q(QHttpNetworkConnection);
639
640	// The reply component of the pair is created initially.
641	QHttpNetworkReply *reply = new QHttpNetworkReply(request.url());
642	reply->setRequest(request);
643	reply->d_func()->connection = q;
644	reply->d_func()->connectionChannel = &channels[0]; // will have the correct one set later
645	HttpMessagePair pair = std::pair(request, reply);
646
647	if (request.isPreConnect())
648	preConnectRequests++;
649
650	if (connectionType == QHttpNetworkConnection::ConnectionTypeHTTP
651	|| (!encrypt && connectionType == QHttpNetworkConnection::ConnectionTypeHTTP2 && !channels[0].switchedToHttp2)) {
652	switch (request.priority()) {
653	case QHttpNetworkRequest::HighPriority:
654	highPriorityQueue.prepend(t: pair);
655	break;
656	case QHttpNetworkRequest::NormalPriority:
657	case QHttpNetworkRequest::LowPriority:
658	lowPriorityQueue.prepend(t: pair);
659	break;
660	}
661	}
662	else { // HTTP/2 ('h2' mode)
663	if (!pair.second->d_func()->requestIsPrepared)
664	prepareRequest(messagePair&: pair);
665	channels[0].h2RequestsToSend.insert(key: request.priority(), value: pair);
666	}
667
668	// For Happy Eyeballs the networkLayerState is set to Unknown
669	// until we have started the first connection attempt. So no
670	// request will be started until we know if IPv4 or IPv6
671	// should be used.
672	if (networkLayerState == Unknown || networkLayerState == HostLookupPending) {
673	startHostInfoLookup();
674	} else if ( networkLayerState == IPv4 || networkLayerState == IPv6 ) {
675	// this used to be called via invokeMethod and a QueuedConnection
676	// It is the only place _q_startNextRequest is called directly without going
677	// through the event loop using a QueuedConnection.
678	// This is dangerous because of recursion that might occur when emitting
679	// signals as DirectConnection from this code path. Therefore all signal
680	// emissions that can come out from this code path need to
681	// be QueuedConnection.
682	// We are currently trying to fine-tune this.
683	_q_startNextRequest();
684	}
685	return reply;
686	}
687
688	void QHttpNetworkConnectionPrivate::fillHttp2Queue()
689	{
690	for (auto &pair : highPriorityQueue) {
691	if (!pair.second->d_func()->requestIsPrepared)
692	prepareRequest(messagePair&: pair);
693	channels[0].h2RequestsToSend.insert(key: QHttpNetworkRequest::HighPriority, value: pair);
694	}
695
696	highPriorityQueue.clear();
697
698	for (auto &pair : lowPriorityQueue) {
699	if (!pair.second->d_func()->requestIsPrepared)
700	prepareRequest(messagePair&: pair);
701	channels[0].h2RequestsToSend.insert(key: pair.first.priority(), value: pair);
702	}
703
704	lowPriorityQueue.clear();
705	}
706
707	void QHttpNetworkConnectionPrivate::requeueRequest(const HttpMessagePair &pair)
708	{
709	Q_Q(QHttpNetworkConnection);
710
711	QHttpNetworkRequest request = pair.first;
712	switch (request.priority()) {
713	case QHttpNetworkRequest::HighPriority:
714	highPriorityQueue.prepend(t: pair);
715	break;
716	case QHttpNetworkRequest::NormalPriority:
717	case QHttpNetworkRequest::LowPriority:
718	lowPriorityQueue.prepend(t: pair);
719	break;
720	}
721
722	QMetaObject::invokeMethod(obj: q, member: "_q_startNextRequest", c: Qt::QueuedConnection);
723	}
724
725	bool QHttpNetworkConnectionPrivate::dequeueRequest(QIODevice *socket)
726	{
727	int i = 0;
728	if (socket)
729	i = indexOf(socket);
730
731	if (!highPriorityQueue.isEmpty()) {
732	// remove from queue before sendRequest! else we might pipeline the same request again
733	HttpMessagePair messagePair = highPriorityQueue.takeLast();
734	if (!messagePair.second->d_func()->requestIsPrepared)
735	prepareRequest(messagePair);
736	updateChannel(i, messagePair);
737	return true;
738	}
739
740	if (!lowPriorityQueue.isEmpty()) {
741	// remove from queue before sendRequest! else we might pipeline the same request again
742	HttpMessagePair messagePair = lowPriorityQueue.takeLast();
743	if (!messagePair.second->d_func()->requestIsPrepared)
744	prepareRequest(messagePair);
745	updateChannel(i, messagePair);
746	return true;
747	}
748	return false;
749	}
750
751	void QHttpNetworkConnectionPrivate::updateChannel(int i, const HttpMessagePair &messagePair)
752	{
753	channels[i].request = messagePair.first;
754	channels[i].reply = messagePair.second;
755	// Now that reply is assigned a channel, correct reply to channel association
756	// previously set in queueRequest.
757	channels[i].reply->d_func()->connectionChannel = &channels[i];
758	}
759
760	QHttpNetworkRequest QHttpNetworkConnectionPrivate::predictNextRequest() const
761	{
762	if (!highPriorityQueue.isEmpty())
763	return highPriorityQueue.last().first;
764	if (!lowPriorityQueue.isEmpty())
765	return lowPriorityQueue.last().first;
766	return QHttpNetworkRequest();
767	}
768
769	QHttpNetworkReply* QHttpNetworkConnectionPrivate::predictNextRequestsReply() const
770	{
771	if (!highPriorityQueue.isEmpty())
772	return highPriorityQueue.last().second;
773	if (!lowPriorityQueue.isEmpty())
774	return lowPriorityQueue.last().second;
775	return nullptr;
776	}
777
778	// this is called from _q_startNextRequest and when a request has been sent down a socket from the channel
779	void QHttpNetworkConnectionPrivate::fillPipeline(QIODevice *socket)
780	{
781	// return fast if there is nothing to pipeline
782	if (highPriorityQueue.isEmpty() && lowPriorityQueue.isEmpty())
783	return;
784
785	int i = indexOf(socket);
786
787	// return fast if there was no reply right now processed
788	if (channels[i].reply == nullptr)
789	return;
790
791	if (! (defaultPipelineLength - channels[i].alreadyPipelinedRequests.size() >= defaultRePipelineLength)) {
792	return;
793	}
794
795	if (channels[i].pipeliningSupported != QHttpNetworkConnectionChannel::PipeliningProbablySupported)
796	return;
797
798	// the current request that is in must already support pipelining
799	if (!channels[i].request.isPipeliningAllowed())
800	return;
801
802	// the current request must be a idempotent (right now we only check GET)
803	if (channels[i].request.operation() != QHttpNetworkRequest::Get)
804	return;
805
806	// check if socket is connected
807	if (QSocketAbstraction::socketState(device: socket) != QAbstractSocket::ConnectedState)
808	return;
809
810	// check for resendCurrent
811	if (channels[i].resendCurrent)
812	return;
813
814	// we do not like authentication stuff
815	// ### make sure to be OK with this in later releases
816	if (!channels[i].authenticator.isNull()
817	&& (!channels[i].authenticator.user().isEmpty()
818	|| !channels[i].authenticator.password().isEmpty()))
819	return;
820	if (!channels[i].proxyAuthenticator.isNull()
821	&& (!channels[i].proxyAuthenticator.user().isEmpty()
822	|| !channels[i].proxyAuthenticator.password().isEmpty()))
823	return;
824
825	// must be in ReadingState or WaitingState
826	if (! (channels[i].state == QHttpNetworkConnectionChannel::WaitingState
827	|| channels[i].state == QHttpNetworkConnectionChannel::ReadingState))
828	return;
829
830	int lengthBefore;
831	while (!highPriorityQueue.isEmpty()) {
832	lengthBefore = channels[i].alreadyPipelinedRequests.size();
833	fillPipeline(queue&: highPriorityQueue, channel&: channels[i]);
834
835	if (channels[i].alreadyPipelinedRequests.size() >= defaultPipelineLength) {
836	channels[i].pipelineFlush();
837	return;
838	}
839
840	if (lengthBefore == channels[i].alreadyPipelinedRequests.size())
841	break; // did not process anything, now do the low prio queue
842	}
843
844	while (!lowPriorityQueue.isEmpty()) {
845	lengthBefore = channels[i].alreadyPipelinedRequests.size();
846	fillPipeline(queue&: lowPriorityQueue, channel&: channels[i]);
847
848	if (channels[i].alreadyPipelinedRequests.size() >= defaultPipelineLength) {
849	channels[i].pipelineFlush();
850	return;
851	}
852
853	if (lengthBefore == channels[i].alreadyPipelinedRequests.size())
854	break; // did not process anything
855	}
856
857
858	channels[i].pipelineFlush();
859	}
860
861	// returns true when the processing of a queue has been done
862	bool QHttpNetworkConnectionPrivate::fillPipeline(QList<HttpMessagePair> &queue, QHttpNetworkConnectionChannel &channel)
863	{
864	if (queue.isEmpty())
865	return true;
866
867	for (int i = queue.size() - 1; i >= 0; --i) {
868	HttpMessagePair messagePair = queue.at(i);
869	const QHttpNetworkRequest &request = messagePair.first;
870
871	// we currently do not support pipelining if HTTP authentication is used
872	if (!request.url().userInfo().isEmpty())
873	continue;
874
875	// take only GET requests
876	if (request.operation() != QHttpNetworkRequest::Get)
877	continue;
878
879	if (!request.isPipeliningAllowed())
880	continue;
881
882	// remove it from the queue
883	queue.takeAt(i);
884	// we modify the queue we iterate over here, but since we return from the function
885	// afterwards this is fine.
886
887	// actually send it
888	if (!messagePair.second->d_func()->requestIsPrepared)
889	prepareRequest(messagePair);
890	channel.pipelineInto(pair&: messagePair);
891
892	// return false because we processed something and need to process again
893	return false;
894	}
895
896	// return true, the queue has been processed and not changed
897	return true;
898	}
899
900
901	QString QHttpNetworkConnectionPrivate::errorDetail(QNetworkReply::NetworkError errorCode, QIODevice *socket, const QString &extraDetail)
902	{
903	QString errorString;
904	switch (errorCode) {
905	case QNetworkReply::HostNotFoundError: {
906	const QString peerName = socket ? QSocketAbstraction::socketPeerName(device: socket) : hostName;
907	errorString = QCoreApplication::translate(context: "QHttp", key: "Host %1 not found").arg(a: peerName);
908	break;
909	}
910	case QNetworkReply::ConnectionRefusedError:
911	errorString = QCoreApplication::translate(context: "QHttp", key: "Connection refused");
912	break;
913	case QNetworkReply::RemoteHostClosedError:
914	errorString = QCoreApplication::translate(context: "QHttp", key: "Connection closed");
915	break;
916	case QNetworkReply::TimeoutError:
917	errorString = QCoreApplication::translate(context: "QAbstractSocket", key: "Socket operation timed out");
918	break;
919	case QNetworkReply::ProxyAuthenticationRequiredError:
920	errorString = QCoreApplication::translate(context: "QHttp", key: "Proxy requires authentication");
921	break;
922	case QNetworkReply::AuthenticationRequiredError:
923	errorString = QCoreApplication::translate(context: "QHttp", key: "Host requires authentication");
924	break;
925	case QNetworkReply::ProtocolFailure:
926	errorString = QCoreApplication::translate(context: "QHttp", key: "Data corrupted");
927	break;
928	case QNetworkReply::ProtocolUnknownError:
929	errorString = QCoreApplication::translate(context: "QHttp", key: "Unknown protocol specified");
930	break;
931	case QNetworkReply::SslHandshakeFailedError:
932	errorString = QCoreApplication::translate(context: "QHttp", key: "SSL handshake failed");
933	if (socket)
934	errorString += ": "_L1 + socket->errorString();
935	break;
936	case QNetworkReply::TooManyRedirectsError:
937	errorString = QCoreApplication::translate(context: "QHttp", key: "Too many redirects");
938	break;
939	case QNetworkReply::InsecureRedirectError:
940	errorString = QCoreApplication::translate(context: "QHttp", key: "Insecure redirect");
941	break;
942	default:
943	// all other errors are treated as QNetworkReply::UnknownNetworkError
944	errorString = extraDetail;
945	break;
946	}
947	return errorString;
948	}
949
950	// this is called from the destructor of QHttpNetworkReply. It is called when
951	// the reply was finished correctly or when it was aborted.
952	void QHttpNetworkConnectionPrivate::removeReply(QHttpNetworkReply *reply)
953	{
954	Q_Q(QHttpNetworkConnection);
955
956	// check if the reply is currently being processed or it is pipelined in
957	for (int i = 0; i < activeChannelCount; ++i) {
958	// is the reply associated the currently processing of this channel?
959	if (channels[i].reply == reply) {
960	channels[i].reply = nullptr;
961	if (channels[i].protocolHandler)
962	channels[i].protocolHandler->setReply(nullptr);
963	channels[i].request = QHttpNetworkRequest();
964	channels[i].resendCurrent = false;
965
966	if (!reply->isFinished() && !channels[i].alreadyPipelinedRequests.isEmpty()) {
967	// the reply had to be prematurely removed, e.g. it was not finished
968	// therefore we have to requeue the already pipelined requests.
969	channels[i].requeueCurrentlyPipelinedRequests();
970	}
971
972	// if HTTP mandates we should close
973	// or the reply is not finished yet, e.g. it was aborted
974	// we have to close that connection
975	if (reply->d_func()->isConnectionCloseEnabled() || !reply->isFinished()) {
976	if (reply->isAborted()) {
977	channels[i].abort();
978	} else {
979	channels[i].close();
980	}
981	}
982
983	QMetaObject::invokeMethod(obj: q, member: "_q_startNextRequest", c: Qt::QueuedConnection);
984	return;
985	}
986
987	// is the reply inside the pipeline of this channel already?
988	for (int j = 0; j < channels[i].alreadyPipelinedRequests.size(); j++) {
989	if (channels[i].alreadyPipelinedRequests.at(i: j).second == reply) {
990	// Remove that HttpMessagePair
991	channels[i].alreadyPipelinedRequests.removeAt(i: j);
992
993	channels[i].requeueCurrentlyPipelinedRequests();
994
995	// Since some requests had already been pipelined, but we removed
996	// one and re-queued the others
997	// we must force a connection close after the request that is
998	// currently in processing has been finished.
999	if (channels[i].reply)
1000	channels[i].reply->d_func()->forceConnectionCloseEnabled = true;
1001
1002	QMetaObject::invokeMethod(obj: q, member: "_q_startNextRequest", c: Qt::QueuedConnection);
1003	return;
1004	}
1005	}
1006	// is the reply inside the H2 pipeline of this channel already?
1007	const auto foundReply = [reply](const HttpMessagePair &pair) {
1008	return pair.second == reply;
1009	};
1010	auto &seq = channels[i].h2RequestsToSend;
1011	const auto end = seq.cend();
1012	auto it = std::find_if(first: seq.cbegin(), last: end, pred: foundReply);
1013	if (it != end) {
1014	seq.erase(it);
1015	QMetaObject::invokeMethod(obj: q, member: "_q_startNextRequest", c: Qt::QueuedConnection);
1016	return;
1017	}
1018	// Check if the h2 protocol handler already started processing it
1019	if ((connectionType == QHttpNetworkConnection::ConnectionTypeHTTP2Direct
1020	|| channels[i].switchedToHttp2)
1021	&& channels[i].protocolHandler) {
1022	if (channels[i].protocolHandler->tryRemoveReply(reply))
1023	return;
1024	}
1025	}
1026	// remove from the high priority queue
1027	if (!highPriorityQueue.isEmpty()) {
1028	for (int j = highPriorityQueue.size() - 1; j >= 0; --j) {
1029	HttpMessagePair messagePair = highPriorityQueue.at(i: j);
1030	if (messagePair.second == reply) {
1031	highPriorityQueue.removeAt(i: j);
1032	QMetaObject::invokeMethod(obj: q, member: "_q_startNextRequest", c: Qt::QueuedConnection);
1033	return;
1034	}
1035	}
1036	}
1037	// remove from the low priority queue
1038	if (!lowPriorityQueue.isEmpty()) {
1039	for (int j = lowPriorityQueue.size() - 1; j >= 0; --j) {
1040	HttpMessagePair messagePair = lowPriorityQueue.at(i: j);
1041	if (messagePair.second == reply) {
1042	lowPriorityQueue.removeAt(i: j);
1043	QMetaObject::invokeMethod(obj: q, member: "_q_startNextRequest", c: Qt::QueuedConnection);
1044	return;
1045	}
1046	}
1047	}
1048	}
1049
1050
1051
1052	// This function must be called from the event loop. The only
1053	// exception is documented in QHttpNetworkConnectionPrivate::queueRequest
1054	// although it is called _q_startNextRequest, it will actually start multiple requests when possible
1055	void QHttpNetworkConnectionPrivate::_q_startNextRequest()
1056	{
1057	// If there is no network layer state decided we should not start any new requests.
1058	if (networkLayerState == Unknown || networkLayerState == HostLookupPending || networkLayerState == IPv4or6)
1059	return;
1060
1061	// If the QHttpNetworkConnection is currently paused then bail out immediately
1062	if (state == PausedState)
1063	return;
1064
1065	//resend the necessary ones.
1066	for (int i = 0; i < activeChannelCount; ++i) {
1067	if (channels[i].resendCurrent && (channels[i].state != QHttpNetworkConnectionChannel::ClosingState)) {
1068	if (!channels[i].socket
1069	|| QSocketAbstraction::socketState(device: channels[i].socket) == QAbstractSocket::UnconnectedState) {
1070	if (!channels[i].ensureConnection())
1071	continue;
1072	}
1073	channels[i].resendCurrent = false;
1074
1075	// if this is not possible, error will be emitted and connection terminated
1076	if (!channels[i].resetUploadData())
1077	continue;
1078	channels[i].sendRequest();
1079	}
1080	}
1081
1082	// dequeue new ones
1083
1084	switch (connectionType) {
1085	case QHttpNetworkConnection::ConnectionTypeHTTP: {
1086	// return fast if there is nothing to do
1087	if (highPriorityQueue.isEmpty() && lowPriorityQueue.isEmpty())
1088	return;
1089
1090	// try to get a free AND connected socket
1091	for (int i = 0; i < activeChannelCount; ++i) {
1092	if (channels[i].socket) {
1093	if (!channels[i].reply && !channels[i].isSocketBusy()
1094	&& QSocketAbstraction::socketState(device: channels[i].socket)
1095	== QAbstractSocket::ConnectedState) {
1096	if (dequeueRequest(socket: channels[i].socket))
1097	channels[i].sendRequest();
1098	}
1099	}
1100	}
1101	break;
1102	}
1103	case QHttpNetworkConnection::ConnectionTypeHTTP2Direct:
1104	case QHttpNetworkConnection::ConnectionTypeHTTP2: {
1105	if (channels[0].h2RequestsToSend.isEmpty() && !channels[0].reply
1106	&& highPriorityQueue.isEmpty() && lowPriorityQueue.isEmpty()) {
1107	return;
1108	}
1109
1110	if (networkLayerState == IPv4)
1111	channels[0].networkLayerPreference = QAbstractSocket::IPv4Protocol;
1112	else if (networkLayerState == IPv6)
1113	channels[0].networkLayerPreference = QAbstractSocket::IPv6Protocol;
1114	channels[0].ensureConnection();
1115	if (auto *s = channels[0].socket; s
1116	&& QSocketAbstraction::socketState(device: s) == QAbstractSocket::ConnectedState
1117	&& !channels[0].pendingEncrypt) {
1118	if (channels[0].h2RequestsToSend.size()) {
1119	channels[0].sendRequest();
1120	} else if (!channels[0].reply && !channels[0].switchedToHttp2) {
1121	// This covers an edge-case where we're already connected and the "connected"
1122	// signal was already sent, but we didn't have any request available at the time,
1123	// so it was missed. As such we need to dequeue a request and send it now that we
1124	// have one.
1125	dequeueRequest(socket: channels[0].socket);
1126	channels[0].sendRequest();
1127	}
1128	}
1129	break;
1130	}
1131	}
1132
1133	// try to push more into all sockets
1134	// ### FIXME we should move this to the beginning of the function
1135	// as soon as QtWebkit is properly using the pipelining
1136	// (e.g. not for XMLHttpRequest or the first page load)
1137	// ### FIXME we should also divide the requests more even
1138	// on the connected sockets
1139	//tryToFillPipeline(socket);
1140	// return fast if there is nothing to pipeline
1141	if (highPriorityQueue.isEmpty() && lowPriorityQueue.isEmpty())
1142	return;
1143	for (int i = 0; i < activeChannelCount; i++) {
1144	if (channels[i].socket
1145	&& QSocketAbstraction::socketState(device: channels[i].socket)
1146	== QAbstractSocket::ConnectedState) {
1147	fillPipeline(socket: channels[i].socket);
1148	}
1149	}
1150
1151	// If there is not already any connected channels we need to connect a new one.
1152	// We do not pair the channel with the request until we know if it is
1153	// connected or not. This is to reuse connected channels before we connect new once.
1154	int queuedRequests = highPriorityQueue.size() + lowPriorityQueue.size();
1155
1156	// in case we have in-flight preconnect requests and normal requests,
1157	// we only need one socket for each (preconnect, normal request) pair
1158	int neededOpenChannels = queuedRequests;
1159	if (preConnectRequests > 0) {
1160	int normalRequests = queuedRequests - preConnectRequests;
1161	neededOpenChannels = qMax(a: normalRequests, b: preConnectRequests);
1162	}
1163
1164	if (neededOpenChannels <= 0)
1165	return;
1166
1167	QVarLengthArray<int> channelsToConnect;
1168
1169	// use previously used channels first
1170	for (int i = 0; i < activeChannelCount && neededOpenChannels > 0; ++i) {
1171	if (!channels[i].socket)
1172	continue;
1173
1174	using State = QAbstractSocket::SocketState;
1175	if ((QSocketAbstraction::socketState(device: channels[i].socket) == State::ConnectingState)
1176	|| (QSocketAbstraction::socketState(device: channels[i].socket) == State::HostLookupState)
1177	|| channels[i].pendingEncrypt) { // pendingEncrypt == "EncryptingState"
1178	neededOpenChannels--;
1179	continue;
1180	}
1181
1182	if (!channels[i].reply && !channels[i].isSocketBusy()
1183	&& (QSocketAbstraction::socketState(device: channels[i].socket) == State::UnconnectedState)) {
1184	channelsToConnect.push_back(t: i);
1185	neededOpenChannels--;
1186	}
1187	}
1188
1189	// use other channels
1190	for (int i = 0; i < activeChannelCount && neededOpenChannels > 0; ++i) {
1191	if (channels[i].socket)
1192	continue;
1193
1194	channelsToConnect.push_back(t: i);
1195	neededOpenChannels--;
1196	}
1197
1198	auto channelToConnectSpan = QSpan{channelsToConnect};
1199	while (!channelToConnectSpan.isEmpty()) {
1200	const int channel = channelToConnectSpan.front();
1201	channelToConnectSpan = channelToConnectSpan.sliced(pos: 1);
1202
1203	if (networkLayerState == IPv4)
1204	channels[channel].networkLayerPreference = QAbstractSocket::IPv4Protocol;
1205	else if (networkLayerState == IPv6)
1206	channels[channel].networkLayerPreference = QAbstractSocket::IPv6Protocol;
1207
1208	channels[channel].ensureConnection();
1209	}
1210	}
1211
1212
1213	void QHttpNetworkConnectionPrivate::readMoreLater(QHttpNetworkReply *reply)
1214	{
1215	for (int i = 0 ; i < activeChannelCount; ++i) {
1216	if (channels[i].reply == reply) {
1217	// emulate a readyRead() from the socket
1218	QMetaObject::invokeMethod(obj: &channels[i], member: "_q_readyRead", c: Qt::QueuedConnection);
1219	return;
1220	}
1221	}
1222	}
1223
1224
1225
1226	// The first time we start the connection is used we do not know if we
1227	// should use IPv4 or IPv6. So we start a hostlookup to figure this out.
1228	// Later when we do the connection the socket will not need to do another
1229	// lookup as then the hostinfo will already be in the cache.
1230	void QHttpNetworkConnectionPrivate::startHostInfoLookup()
1231	{
1232	networkLayerState = HostLookupPending;
1233
1234	// check if we already now can decide if this is IPv4 or IPv6
1235	QString lookupHost = hostName;
1236	#ifndef QT_NO_NETWORKPROXY
1237	if (networkProxy.capabilities() & QNetworkProxy::HostNameLookupCapability) {
1238	lookupHost = networkProxy.hostName();
1239	} else if (channels[0].proxy.capabilities() & QNetworkProxy::HostNameLookupCapability) {
1240	lookupHost = channels[0].proxy.hostName();
1241	}
1242	#endif
1243	QHostAddress temp;
1244	if (temp.setAddress(lookupHost)) {
1245	const QAbstractSocket::NetworkLayerProtocol protocol = temp.protocol();
1246	if (protocol == QAbstractSocket::IPv4Protocol) {
1247	networkLayerState = QHttpNetworkConnectionPrivate::IPv4;
1248	QMetaObject::invokeMethod(obj: this->q_func(), member: "_q_startNextRequest", c: Qt::QueuedConnection);
1249	return;
1250	} else if (protocol == QAbstractSocket::IPv6Protocol) {
1251	networkLayerState = QHttpNetworkConnectionPrivate::IPv6;
1252	QMetaObject::invokeMethod(obj: this->q_func(), member: "_q_startNextRequest", c: Qt::QueuedConnection);
1253	return;
1254	}
1255	} else {
1256	int hostLookupId;
1257	bool immediateResultValid = false;
1258	QHostInfo hostInfo = qt_qhostinfo_lookup(name: lookupHost,
1259	receiver: this->q_func(),
1260	SLOT(_q_hostLookupFinished(QHostInfo)),
1261	valid: &immediateResultValid,
1262	id: &hostLookupId);
1263	if (immediateResultValid) {
1264	_q_hostLookupFinished(info: hostInfo);
1265	}
1266	}
1267	}
1268
1269
1270	void QHttpNetworkConnectionPrivate::_q_hostLookupFinished(const QHostInfo &info)
1271	{
1272	bool bIpv4 = false;
1273	bool bIpv6 = false;
1274	bool foundAddress = false;
1275	if (networkLayerState == IPv4 || networkLayerState == IPv6 || networkLayerState == IPv4or6)
1276	return;
1277
1278	const auto addresses = info.addresses();
1279	for (const QHostAddress &address : addresses) {
1280	const QAbstractSocket::NetworkLayerProtocol protocol = address.protocol();
1281	if (protocol == QAbstractSocket::IPv4Protocol) {
1282	if (!foundAddress) {
1283	foundAddress = true;
1284	delayIpv4 = false;
1285	}
1286	bIpv4 = true;
1287	} else if (protocol == QAbstractSocket::IPv6Protocol) {
1288	if (!foundAddress) {
1289	foundAddress = true;
1290	delayIpv4 = true;
1291	}
1292	bIpv6 = true;
1293	}
1294	}
1295
1296	if (bIpv4 && bIpv6)
1297	startNetworkLayerStateLookup();
1298	else if (bIpv4) {
1299	networkLayerState = QHttpNetworkConnectionPrivate::IPv4;
1300	QMetaObject::invokeMethod(obj: this->q_func(), member: "_q_startNextRequest", c: Qt::QueuedConnection);
1301	} else if (bIpv6) {
1302	networkLayerState = QHttpNetworkConnectionPrivate::IPv6;
1303	QMetaObject::invokeMethod(obj: this->q_func(), member: "_q_startNextRequest", c: Qt::QueuedConnection);
1304	} else {
1305	auto lookupError = QNetworkReply::HostNotFoundError;
1306	#ifndef QT_NO_NETWORKPROXY
1307	// if the proxy can lookup hostnames, all hostname lookups except for the lookup of the
1308	// proxy hostname are delegated to the proxy.
1309	auto proxyCapabilities = networkProxy.capabilities() | channels[0].proxy.capabilities();
1310	if (proxyCapabilities & QNetworkProxy::HostNameLookupCapability)
1311	lookupError = QNetworkReply::ProxyNotFoundError;
1312	#endif
1313	if (dequeueRequest(socket: channels[0].socket)) {
1314	emitReplyError(socket: channels[0].socket, reply: channels[0].reply, errorCode: lookupError);
1315	networkLayerState = QHttpNetworkConnectionPrivate::Unknown;
1316	} else if (connectionType == QHttpNetworkConnection::ConnectionTypeHTTP2
1317	|| connectionType == QHttpNetworkConnection::ConnectionTypeHTTP2Direct) {
1318	for (const HttpMessagePair &h2Pair : std::as_const(t&: channels[0].h2RequestsToSend)) {
1319	// emit error for all replies
1320	QHttpNetworkReply *currentReply = h2Pair.second;
1321	Q_ASSERT(currentReply);
1322	emitReplyError(socket: channels[0].socket, reply: currentReply, errorCode: lookupError);
1323	}
1324	} else {
1325	// We can end up here if a request has been aborted or otherwise failed (e.g. timeout)
1326	// before the host lookup was finished.
1327	qDebug(msg: "QHttpNetworkConnectionPrivate::_q_hostLookupFinished"
1328	" could not de-queue request, failed to report HostNotFoundError");
1329	networkLayerState = QHttpNetworkConnectionPrivate::Unknown;
1330	}
1331	}
1332	}
1333
1334
1335	// This will be used if the host lookup found both and Ipv4 and
1336	// Ipv6 address. Then we will start up two connections and pick
1337	// the network layer of the one that finish first. The second
1338	// connection will then be disconnected.
1339	void QHttpNetworkConnectionPrivate::startNetworkLayerStateLookup()
1340	{
1341	if (activeChannelCount > 1) {
1342	// At this time all channels should be unconnected.
1343	Q_ASSERT(!channels[0].isSocketBusy());
1344	Q_ASSERT(!channels[1].isSocketBusy());
1345
1346	networkLayerState = IPv4or6;
1347
1348	channels[0].networkLayerPreference = QAbstractSocket::IPv4Protocol;
1349	channels[1].networkLayerPreference = QAbstractSocket::IPv6Protocol;
1350
1351	int timeout = 300;
1352	delayedConnectionTimer.start(msec: timeout);
1353	if (delayIpv4)
1354	channels[1].ensureConnection();
1355	else
1356	channels[0].ensureConnection();
1357	} else {
1358	networkLayerState = IPv4or6;
1359	channels[0].networkLayerPreference = QAbstractSocket::AnyIPProtocol;
1360	channels[0].ensureConnection();
1361	}
1362	}
1363
1364	void QHttpNetworkConnectionPrivate::networkLayerDetected(QAbstractSocket::NetworkLayerProtocol protocol)
1365	{
1366	for (int i = 0 ; i < activeChannelCount; ++i) {
1367	if ((channels[i].networkLayerPreference != protocol) && (channels[i].state == QHttpNetworkConnectionChannel::ConnectingState)) {
1368	channels[i].close();
1369	}
1370	}
1371	}
1372
1373	void QHttpNetworkConnectionPrivate::_q_connectDelayedChannel()
1374	{
1375	if (delayIpv4)
1376	channels[0].ensureConnection();
1377	else
1378	channels[1].ensureConnection();
1379	}
1380
1381	QHttpNetworkConnection::QHttpNetworkConnection(quint16 connectionCount, const QString &hostName,
1382	quint16 port, bool encrypt, bool isLocalSocket, QObject *parent,
1383	QHttpNetworkConnection::ConnectionType connectionType)
1384	: QObject(*(new QHttpNetworkConnectionPrivate(connectionCount, hostName, port, encrypt, isLocalSocket,
1385	connectionType)), parent)
1386	{
1387	Q_D(QHttpNetworkConnection);
1388	d->init();
1389	if (QNetworkConnectionMonitor::isEnabled()) {
1390	connect(sender: &d->connectionMonitor, signal: &QNetworkConnectionMonitor::reachabilityChanged,
1391	context: this, slot: &QHttpNetworkConnection::onlineStateChanged, type: Qt::QueuedConnection);
1392	}
1393	}
1394
1395	QHttpNetworkConnection::~QHttpNetworkConnection()
1396	{
1397	}
1398
1399	QString QHttpNetworkConnection::hostName() const
1400	{
1401	Q_D(const QHttpNetworkConnection);
1402	return d->hostName;
1403	}
1404
1405	quint16 QHttpNetworkConnection::port() const
1406	{
1407	Q_D(const QHttpNetworkConnection);
1408	return d->port;
1409	}
1410
1411	QHttpNetworkReply* QHttpNetworkConnection::sendRequest(const QHttpNetworkRequest &request)
1412	{
1413	Q_D(QHttpNetworkConnection);
1414	return d->queueRequest(request);
1415	}
1416
1417	void QHttpNetworkConnection::fillHttp2Queue()
1418	{
1419	Q_D(QHttpNetworkConnection);
1420	d->fillHttp2Queue();
1421	}
1422
1423	bool QHttpNetworkConnection::isSsl() const
1424	{
1425	Q_D(const QHttpNetworkConnection);
1426	return d->encrypt;
1427	}
1428
1429	QHttpNetworkConnectionChannel *QHttpNetworkConnection::channels() const
1430	{
1431	return d_func()->channels;
1432	}
1433
1434	#ifndef QT_NO_NETWORKPROXY
1435	void QHttpNetworkConnection::setCacheProxy(const QNetworkProxy &networkProxy)
1436	{
1437	Q_D(QHttpNetworkConnection);
1438	d->networkProxy = networkProxy;
1439	// update the authenticator
1440	if (!d->networkProxy.user().isEmpty()) {
1441	for (int i = 0; i < d->channelCount; ++i) {
1442	d->channels[i].proxyAuthenticator.setUser(d->networkProxy.user());
1443	d->channels[i].proxyAuthenticator.setPassword(d->networkProxy.password());
1444	}
1445	}
1446	}
1447
1448	QNetworkProxy QHttpNetworkConnection::cacheProxy() const
1449	{
1450	Q_D(const QHttpNetworkConnection);
1451	return d->networkProxy;
1452	}
1453
1454	void QHttpNetworkConnection::setTransparentProxy(const QNetworkProxy &networkProxy)
1455	{
1456	Q_D(QHttpNetworkConnection);
1457	for (int i = 0; i < d->channelCount; ++i)
1458	d->channels[i].setProxy(networkProxy);
1459	}
1460
1461	QNetworkProxy QHttpNetworkConnection::transparentProxy() const
1462	{
1463	Q_D(const QHttpNetworkConnection);
1464	return d->channels[0].proxy;
1465	}
1466	#endif
1467
1468	QHttpNetworkConnection::ConnectionType QHttpNetworkConnection::connectionType() const
1469	{
1470	Q_D(const QHttpNetworkConnection);
1471	return d->connectionType;
1472	}
1473
1474	void QHttpNetworkConnection::setConnectionType(ConnectionType type)
1475	{
1476	Q_D(QHttpNetworkConnection);
1477	d->connectionType = type;
1478	}
1479
1480	QHttp2Configuration QHttpNetworkConnection::http2Parameters() const
1481	{
1482	Q_D(const QHttpNetworkConnection);
1483	return d->http2Parameters;
1484	}
1485
1486	void QHttpNetworkConnection::setHttp2Parameters(const QHttp2Configuration &params)
1487	{
1488	Q_D(QHttpNetworkConnection);
1489	d->http2Parameters = params;
1490	}
1491
1492	// SSL support below
1493	#ifndef QT_NO_SSL
1494	void QHttpNetworkConnection::setSslConfiguration(const QSslConfiguration &config)
1495	{
1496	Q_D(QHttpNetworkConnection);
1497	if (!d->encrypt)
1498	return;
1499
1500	// set the config on all channels
1501	for (int i = 0; i < d->activeChannelCount; ++i)
1502	d->channels[i].setSslConfiguration(config);
1503	}
1504
1505	std::shared_ptr<QSslContext> QHttpNetworkConnection::sslContext() const
1506	{
1507	Q_D(const QHttpNetworkConnection);
1508	return d->sslContext;
1509	}
1510
1511	void QHttpNetworkConnection::setSslContext(std::shared_ptr<QSslContext> context)
1512	{
1513	Q_D(QHttpNetworkConnection);
1514	d->sslContext = std::move(context);
1515	}
1516
1517	void QHttpNetworkConnection::ignoreSslErrors(int channel)
1518	{
1519	Q_D(QHttpNetworkConnection);
1520	if (!d->encrypt)
1521	return;
1522
1523	if (channel == -1) { // ignore for all channels
1524	// We need to ignore for all channels, even the ones that are not in use just in case they
1525	// will be in the future.
1526	for (int i = 0; i < d->channelCount; ++i) {
1527	d->channels[i].ignoreSslErrors();
1528	}
1529
1530	} else {
1531	d->channels[channel].ignoreSslErrors();
1532	}
1533	}
1534
1535	void QHttpNetworkConnection::ignoreSslErrors(const QList<QSslError> &errors, int channel)
1536	{
1537	Q_D(QHttpNetworkConnection);
1538	if (!d->encrypt)
1539	return;
1540
1541	if (channel == -1) { // ignore for all channels
1542	// We need to ignore for all channels, even the ones that are not in use just in case they
1543	// will be in the future.
1544	for (int i = 0; i < d->channelCount; ++i) {
1545	d->channels[i].ignoreSslErrors(errors);
1546	}
1547
1548	} else {
1549	d->channels[channel].ignoreSslErrors(errors);
1550	}
1551	}
1552
1553	#endif //QT_NO_SSL
1554
1555	void QHttpNetworkConnection::preConnectFinished()
1556	{
1557	d_func()->preConnectRequests--;
1558	}
1559
1560	QString QHttpNetworkConnection::peerVerifyName() const
1561	{
1562	Q_D(const QHttpNetworkConnection);
1563	return d->peerVerifyName;
1564	}
1565
1566	void QHttpNetworkConnection::setPeerVerifyName(const QString &peerName)
1567	{
1568	Q_D(QHttpNetworkConnection);
1569	d->peerVerifyName = peerName;
1570	}
1571
1572	void QHttpNetworkConnection::onlineStateChanged(bool isOnline)
1573	{
1574	Q_D(QHttpNetworkConnection);
1575
1576	if (isOnline) {
1577	// If we did not have any 'isOffline' previously - well, good
1578	// to know, we are 'online' apparently.
1579	return;
1580	}
1581
1582	for (int i = 0; i < d->activeChannelCount; i++) {
1583	auto &channel = d->channels[i];
1584	channel.emitFinishedWithError(error: QNetworkReply::TemporaryNetworkFailureError, message: "Temporary network failure.");
1585	channel.close();
1586	}
1587
1588	// We don't care, this connection is broken from our POV.
1589	d->connectionMonitor.stopMonitoring();
1590	}
1591
1592	#ifndef QT_NO_NETWORKPROXY
1593	// only called from QHttpNetworkConnectionChannel::_q_proxyAuthenticationRequired, not
1594	// from QHttpNetworkConnectionChannel::handleAuthenticationChallenge
1595	// e.g. it is for SOCKS proxies which require authentication.
1596	void QHttpNetworkConnectionPrivate::emitProxyAuthenticationRequired(const QHttpNetworkConnectionChannel *chan, const QNetworkProxy &proxy, QAuthenticator* auth)
1597	{
1598	// Also pause the connection because socket notifiers may fire while an user
1599	// dialog is displaying
1600	pauseConnection();
1601	QHttpNetworkReply *reply;
1602	if ((connectionType == QHttpNetworkConnection::ConnectionTypeHTTP2
1603	&& (chan->switchedToHttp2 || chan->h2RequestsToSend.size() > 0))
1604	|| connectionType == QHttpNetworkConnection::ConnectionTypeHTTP2Direct) {
1605	// we choose the reply to emit the proxyAuth signal from somewhat arbitrarily,
1606	// but that does not matter because the signal will ultimately be emitted
1607	// by the QNetworkAccessManager.
1608	Q_ASSERT(chan->h2RequestsToSend.size() > 0);
1609	reply = chan->h2RequestsToSend.cbegin().value().second;
1610	} else { // HTTP
1611	reply = chan->reply;
1612	}
1613
1614	Q_ASSERT(reply);
1615	emit reply->proxyAuthenticationRequired(proxy, authenticator: auth);
1616	resumeConnection();
1617	int i = indexOf(socket: chan->socket);
1618	copyCredentials(fromChannel: i, auth, isProxy: true);
1619	}
1620	#endif
1621
1622
1623	QT_END_NAMESPACE
1624
1625	#include "moc_qhttpnetworkconnection_p.cpp"
1626