1 | // Copyright (C) 2016 The Qt Company Ltd. |
2 | // Copyright (C) 2014 BlackBerry Limited. All rights reserved. |
3 | // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only |
4 | |
5 | /**************************************************************************** |
6 | ** |
7 | ** In addition, as a special exception, the copyright holders listed above give |
8 | ** permission to link the code of its release of Qt with the OpenSSL project's |
9 | ** "OpenSSL" library (or modified versions of the "OpenSSL" library that use the |
10 | ** same license as the original version), and distribute the linked executables. |
11 | ** |
12 | ** You must comply with the GNU General Public License version 2 in all |
13 | ** respects for all of the code used other than the "OpenSSL" code. If you |
14 | ** modify this file, you may extend this exception to your version of the file, |
15 | ** but you are not obligated to do so. If you do not wish to do so, delete |
16 | ** this exception statement from your version of this file. |
17 | ** |
18 | ****************************************************************************/ |
19 | |
20 | #ifndef QSSLCONFIGURATION_H |
21 | #define QSSLCONFIGURATION_H |
22 | |
23 | #include <QtNetwork/qtnetworkglobal.h> |
24 | #include <QtCore/qmap.h> |
25 | #include <QtCore/qshareddata.h> |
26 | #include <QtNetwork/qsslsocket.h> |
27 | #include <QtNetwork/qssl.h> |
28 | |
29 | #ifndef QT_NO_SSL |
30 | |
31 | QT_BEGIN_NAMESPACE |
32 | |
33 | class QSslCertificate; |
34 | class QSslCipher; |
35 | class QSslKey; |
36 | class QSslEllipticCurve; |
37 | class QSslDiffieHellmanParameters; |
38 | |
39 | class QSslConfigurationPrivate; |
40 | class Q_NETWORK_EXPORT QSslConfiguration |
41 | { |
42 | public: |
43 | QSslConfiguration(); |
44 | QSslConfiguration(const QSslConfiguration &other); |
45 | ~QSslConfiguration(); |
46 | QSslConfiguration &operator=(QSslConfiguration &&other) noexcept { swap(other); return *this; } |
47 | QSslConfiguration &operator=(const QSslConfiguration &other); |
48 | |
49 | void swap(QSslConfiguration &other) noexcept |
50 | { d.swap(other&: other.d); } |
51 | |
52 | bool operator==(const QSslConfiguration &other) const; |
53 | inline bool operator!=(const QSslConfiguration &other) const |
54 | { return !(*this == other); } |
55 | |
56 | bool isNull() const; |
57 | |
58 | QSsl::SslProtocol protocol() const; |
59 | void setProtocol(QSsl::SslProtocol protocol); |
60 | |
61 | // Verification |
62 | QSslSocket::PeerVerifyMode peerVerifyMode() const; |
63 | void setPeerVerifyMode(QSslSocket::PeerVerifyMode mode); |
64 | |
65 | int peerVerifyDepth() const; |
66 | void setPeerVerifyDepth(int depth); |
67 | |
68 | // Certificate & cipher configuration |
69 | QList<QSslCertificate> localCertificateChain() const; |
70 | void setLocalCertificateChain(const QList<QSslCertificate> &localChain); |
71 | |
72 | QSslCertificate localCertificate() const; |
73 | void setLocalCertificate(const QSslCertificate &certificate); |
74 | |
75 | QSslCertificate peerCertificate() const; |
76 | QList<QSslCertificate> peerCertificateChain() const; |
77 | QSslCipher sessionCipher() const; |
78 | QSsl::SslProtocol sessionProtocol() const; |
79 | |
80 | // Private keys, for server sockets |
81 | QSslKey privateKey() const; |
82 | void setPrivateKey(const QSslKey &key); |
83 | |
84 | // Cipher settings |
85 | QList<QSslCipher> ciphers() const; |
86 | void setCiphers(const QList<QSslCipher> &ciphers); |
87 | void setCiphers(const QString &ciphers); |
88 | static QList<QSslCipher> supportedCiphers(); |
89 | |
90 | // Certificate Authority (CA) settings |
91 | QList<QSslCertificate> caCertificates() const; |
92 | void setCaCertificates(const QList<QSslCertificate> &certificates); |
93 | bool addCaCertificates( |
94 | const QString &path, QSsl::EncodingFormat format = QSsl::Pem, |
95 | QSslCertificate::PatternSyntax syntax = QSslCertificate::PatternSyntax::FixedString); |
96 | void addCaCertificate(const QSslCertificate &certificate); |
97 | void addCaCertificates(const QList<QSslCertificate> &certificates); |
98 | |
99 | static QList<QSslCertificate> systemCaCertificates(); |
100 | |
101 | void setSslOption(QSsl::SslOption option, bool on); |
102 | bool testSslOption(QSsl::SslOption option) const; |
103 | |
104 | QByteArray sessionTicket() const; |
105 | void setSessionTicket(const QByteArray &sessionTicket); |
106 | int sessionTicketLifeTimeHint() const; |
107 | |
108 | QSslKey ephemeralServerKey() const; |
109 | |
110 | // EC settings |
111 | QList<QSslEllipticCurve> ellipticCurves() const; |
112 | void setEllipticCurves(const QList<QSslEllipticCurve> &curves); |
113 | static QList<QSslEllipticCurve> supportedEllipticCurves(); |
114 | |
115 | QByteArray preSharedKeyIdentityHint() const; |
116 | void setPreSharedKeyIdentityHint(const QByteArray &hint); |
117 | |
118 | QSslDiffieHellmanParameters diffieHellmanParameters() const; |
119 | void setDiffieHellmanParameters(const QSslDiffieHellmanParameters &dhparams); |
120 | |
121 | QMap<QByteArray, QVariant> backendConfiguration() const; |
122 | void setBackendConfigurationOption(const QByteArray &name, const QVariant &value); |
123 | void setBackendConfiguration(const QMap<QByteArray, QVariant> &backendConfiguration = QMap<QByteArray, QVariant>()); |
124 | |
125 | static QSslConfiguration defaultConfiguration(); |
126 | static void setDefaultConfiguration(const QSslConfiguration &configuration); |
127 | |
128 | #if QT_CONFIG(dtls) || defined(Q_QDOC) |
129 | bool dtlsCookieVerificationEnabled() const; |
130 | void setDtlsCookieVerificationEnabled(bool enable); |
131 | |
132 | static QSslConfiguration defaultDtlsConfiguration(); |
133 | static void setDefaultDtlsConfiguration(const QSslConfiguration &configuration); |
134 | #endif // dtls |
135 | |
136 | bool handshakeMustInterruptOnError() const; |
137 | void setHandshakeMustInterruptOnError(bool interrupt); |
138 | |
139 | bool missingCertificateIsFatal() const; |
140 | void setMissingCertificateIsFatal(bool cannotRecover); |
141 | |
142 | void setOcspStaplingEnabled(bool enable); |
143 | bool ocspStaplingEnabled() const; |
144 | |
145 | enum NextProtocolNegotiationStatus { |
146 | NextProtocolNegotiationNone, |
147 | NextProtocolNegotiationNegotiated, |
148 | NextProtocolNegotiationUnsupported |
149 | }; |
150 | |
151 | void setAllowedNextProtocols(const QList<QByteArray> &protocols); |
152 | QList<QByteArray> allowedNextProtocols() const; |
153 | |
154 | QByteArray nextNegotiatedProtocol() const; |
155 | NextProtocolNegotiationStatus nextProtocolNegotiationStatus() const; |
156 | |
157 | static const char ALPNProtocolHTTP2[]; |
158 | static const char NextProtocolHttp1_1[]; |
159 | |
160 | private: |
161 | friend class QSslSocket; |
162 | friend class QSslConfigurationPrivate; |
163 | friend class QSslContext; |
164 | friend class QTlsBackend; |
165 | QSslConfiguration(QSslConfigurationPrivate *dd); |
166 | QSharedDataPointer<QSslConfigurationPrivate> d; |
167 | }; |
168 | |
169 | Q_DECLARE_SHARED(QSslConfiguration) |
170 | |
171 | QT_END_NAMESPACE |
172 | |
173 | QT_DECL_METATYPE_EXTERN(QSslConfiguration, Q_NETWORK_EXPORT) |
174 | |
175 | #endif // QT_NO_SSL |
176 | |
177 | #endif |
178 | |