1// Copyright (C) 2016 The Qt Company Ltd.
2// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
3
4
5/*!
6 \class QSslError
7 \brief The QSslError class provides an SSL error.
8 \since 4.3
9
10 \reentrant
11 \ingroup network
12 \ingroup ssl
13 \ingroup shared
14 \inmodule QtNetwork
15
16 QSslError provides a simple API for managing errors during QSslSocket's
17 SSL handshake.
18
19 \sa QSslSocket, QSslCertificate, QSslCipher
20*/
21
22/*!
23 \enum QSslError::SslError
24
25 Describes all recognized errors that can occur during an SSL handshake.
26
27 \value NoError
28 \value UnableToGetIssuerCertificate
29 \value UnableToDecryptCertificateSignature
30 \value UnableToDecodeIssuerPublicKey
31 \value CertificateSignatureFailed
32 \value CertificateNotYetValid
33 \value CertificateExpired
34 \value InvalidNotBeforeField
35 \value InvalidNotAfterField
36 \value SelfSignedCertificate
37 \value SelfSignedCertificateInChain
38 \value UnableToGetLocalIssuerCertificate
39 \value UnableToVerifyFirstCertificate
40 \value CertificateRevoked
41 \value InvalidCaCertificate
42 \value PathLengthExceeded
43 \value InvalidPurpose
44 \value CertificateUntrusted
45 \value CertificateRejected
46 \value SubjectIssuerMismatch
47 \value AuthorityIssuerSerialNumberMismatch
48 \value NoPeerCertificate
49 \value HostNameMismatch
50 \value UnspecifiedError
51 \value NoSslSupport
52 \value CertificateBlacklisted
53 \value CertificateStatusUnknown
54 \value OcspNoResponseFound
55 \value OcspMalformedRequest
56 \value OcspMalformedResponse
57 \value OcspInternalError
58 \value OcspTryLater
59 \value OcspSigRequred
60 \value OcspUnauthorized
61 \value OcspResponseCannotBeTrusted
62 \value OcspResponseCertIdUnknown
63 \value OcspResponseExpired
64 \value OcspStatusUnknown
65
66
67 \sa QSslError::errorString()
68*/
69
70#include "qsslerror.h"
71#include "qsslsocket.h"
72#ifndef QT_NO_DEBUG_STREAM
73#include <QtCore/qdebug.h>
74#endif
75
76QT_BEGIN_NAMESPACE
77
78#ifndef QT_NO_SSL
79QT_IMPL_METATYPE_EXTERN_TAGGED(QList<QSslError>, QList_QSslError)
80#endif
81
82
83#if QT_VERSION < QT_VERSION_CHECK(7, 0, 0)
84// Avoid an ABI break due to the QScopedPointer->std::unique_ptr change
85static_assert(sizeof(QScopedPointer<QSslErrorPrivate>) == sizeof(std::unique_ptr<QSslErrorPrivate>));
86#endif
87
88class QSslErrorPrivate
89{
90public:
91 QSslError::SslError error = QSslError::NoError;
92 QSslCertificate certificate;
93};
94
95// RVCT compiler in debug build does not like about default values in const-
96// So as an workaround we define all constructor overloads here explicitly
97/*!
98 Constructs a QSslError object with no error and default certificate.
99
100*/
101
102QSslError::QSslError()
103 : d(new QSslErrorPrivate)
104{
105}
106
107/*!
108 Constructs a QSslError object. The argument specifies the \a
109 error that occurred.
110
111*/
112QSslError::QSslError(SslError error)
113 : d(new QSslErrorPrivate)
114{
115 d->error = error;
116}
117
118/*!
119 Constructs a QSslError object. The two arguments specify the \a
120 error that occurred, and which \a certificate the error relates to.
121
122 \sa QSslCertificate
123*/
124QSslError::QSslError(SslError error, const QSslCertificate &certificate)
125 : d(new QSslErrorPrivate)
126{
127 d->error = error;
128 d->certificate = certificate;
129}
130
131/*!
132 Constructs an identical copy of \a other.
133*/
134QSslError::QSslError(const QSslError &other)
135 : d(new QSslErrorPrivate)
136{
137 *d.get() = *other.d.get();
138}
139
140/*!
141 Destroys the QSslError object.
142*/
143QSslError::~QSslError()
144{
145}
146
147/*!
148 \since 4.4
149
150 Assigns the contents of \a other to this error.
151*/
152QSslError &QSslError::operator=(const QSslError &other)
153{
154 *d.get() = *other.d.get();
155 return *this;
156}
157
158/*!
159 \fn void QSslError::swap(QSslError &other)
160 \since 5.0
161
162 Swaps this error instance with \a other. This function is very
163 fast and never fails.
164*/
165
166/*!
167 \since 4.4
168
169 Returns \c true if this error is equal to \a other; otherwise returns \c false.
170*/
171bool QSslError::operator==(const QSslError &other) const
172{
173 return d->error == other.d->error
174 && d->certificate == other.d->certificate;
175}
176
177/*!
178 \fn bool QSslError::operator!=(const QSslError &other) const
179 \since 4.4
180
181 Returns \c true if this error is not equal to \a other; otherwise returns
182 false.
183*/
184
185/*!
186 Returns the type of the error.
187
188 \sa errorString(), certificate()
189*/
190QSslError::SslError QSslError::error() const
191{
192 return d->error;
193}
194
195/*!
196 Returns a short localized human-readable description of the error.
197
198 \sa error(), certificate()
199*/
200QString QSslError::errorString() const
201{
202 QString errStr;
203 switch (d->error) {
204 case NoError:
205 errStr = QSslSocket::tr(s: "No error");
206 break;
207 case UnableToGetIssuerCertificate:
208 errStr = QSslSocket::tr(s: "The issuer certificate could not be found");
209 break;
210 case UnableToDecryptCertificateSignature:
211 errStr = QSslSocket::tr(s: "The certificate signature could not be decrypted");
212 break;
213 case UnableToDecodeIssuerPublicKey:
214 errStr = QSslSocket::tr(s: "The public key in the certificate could not be read");
215 break;
216 case CertificateSignatureFailed:
217 errStr = QSslSocket::tr(s: "The signature of the certificate is invalid");
218 break;
219 case CertificateNotYetValid:
220 errStr = QSslSocket::tr(s: "The certificate is not yet valid");
221 break;
222 case CertificateExpired:
223 errStr = QSslSocket::tr(s: "The certificate has expired");
224 break;
225 case InvalidNotBeforeField:
226 errStr = QSslSocket::tr(s: "The certificate's notBefore field contains an invalid time");
227 break;
228 case InvalidNotAfterField:
229 errStr = QSslSocket::tr(s: "The certificate's notAfter field contains an invalid time");
230 break;
231 case SelfSignedCertificate:
232 errStr = QSslSocket::tr(s: "The certificate is self-signed, and untrusted");
233 break;
234 case SelfSignedCertificateInChain:
235 errStr = QSslSocket::tr(s: "The root certificate of the certificate chain is self-signed, and untrusted");
236 break;
237 case UnableToGetLocalIssuerCertificate:
238 errStr = QSslSocket::tr(s: "The issuer certificate of a locally looked up certificate could not be found");
239 break;
240 case UnableToVerifyFirstCertificate:
241 errStr = QSslSocket::tr(s: "No certificates could be verified");
242 break;
243 case InvalidCaCertificate:
244 errStr = QSslSocket::tr(s: "One of the CA certificates is invalid");
245 break;
246 case PathLengthExceeded:
247 errStr = QSslSocket::tr(s: "The basicConstraints path length parameter has been exceeded");
248 break;
249 case InvalidPurpose:
250 errStr = QSslSocket::tr(s: "The supplied certificate is unsuitable for this purpose");
251 break;
252 case CertificateUntrusted:
253 errStr = QSslSocket::tr(s: "The root CA certificate is not trusted for this purpose");
254 break;
255 case CertificateRejected:
256 errStr = QSslSocket::tr(s: "The root CA certificate is marked to reject the specified purpose");
257 break;
258 case SubjectIssuerMismatch: // hostname mismatch
259 errStr = QSslSocket::tr(s: "The current candidate issuer certificate was rejected because its"
260 " subject name did not match the issuer name of the current certificate");
261 break;
262 case AuthorityIssuerSerialNumberMismatch:
263 errStr = QSslSocket::tr(s: "The current candidate issuer certificate was rejected because"
264 " its issuer name and serial number was present and did not match the"
265 " authority key identifier of the current certificate");
266 break;
267 case NoPeerCertificate:
268 errStr = QSslSocket::tr(s: "The peer did not present any certificate");
269 break;
270 case HostNameMismatch:
271 errStr = QSslSocket::tr(s: "The host name did not match any of the valid hosts"
272 " for this certificate");
273 break;
274 case NoSslSupport:
275 break;
276 case CertificateBlacklisted:
277 errStr = QSslSocket::tr(s: "The peer certificate is blacklisted");
278 break;
279 case OcspNoResponseFound:
280 errStr = QSslSocket::tr(s: "No OCSP status response found");
281 break;
282 case OcspMalformedRequest:
283 errStr = QSslSocket::tr(s: "The OCSP status request had invalid syntax");
284 break;
285 case OcspMalformedResponse:
286 errStr = QSslSocket::tr(s: "OCSP response contains an unexpected number of SingleResponse structures");
287 break;
288 case OcspInternalError:
289 errStr = QSslSocket::tr(s: "OCSP responder reached an inconsistent internal state");
290 break;
291 case OcspTryLater:
292 errStr = QSslSocket::tr(s: "OCSP responder was unable to return a status for the requested certificate");
293 break;
294 case OcspSigRequred:
295 errStr = QSslSocket::tr(s: "The server requires the client to sign the OCSP request in order to construct a response");
296 break;
297 case OcspUnauthorized:
298 errStr = QSslSocket::tr(s: "The client is not authorized to request OCSP status from this server");
299 break;
300 case OcspResponseCannotBeTrusted:
301 errStr = QSslSocket::tr(s: "OCSP responder's identity cannot be verified");
302 break;
303 case OcspResponseCertIdUnknown:
304 errStr = QSslSocket::tr(s: "The identity of a certificate in an OCSP response cannot be established");
305 break;
306 case OcspResponseExpired:
307 errStr = QSslSocket::tr(s: "The certificate status response has expired");
308 break;
309 case OcspStatusUnknown:
310 errStr = QSslSocket::tr(s: "The certificate's status is unknown");
311 break;
312 default:
313 errStr = QSslSocket::tr(s: "Unknown error");
314 break;
315 }
316
317 return errStr;
318}
319
320/*!
321 Returns the certificate associated with this error, or a null certificate
322 if the error does not relate to any certificate.
323
324 \sa error(), errorString()
325*/
326QSslCertificate QSslError::certificate() const
327{
328 return d->certificate;
329}
330
331/*!
332 Returns the hash value for the \a key, using \a seed to seed the calculation.
333 \since 5.4
334 \relates QHash
335*/
336size_t qHash(const QSslError &key, size_t seed) noexcept
337{
338 QtPrivate::QHashCombine hash;
339 seed = hash(seed, key.error());
340 seed = hash(seed, key.certificate());
341 return seed;
342}
343
344#ifndef QT_NO_DEBUG_STREAM
345//class QDebug;
346QDebug operator<<(QDebug debug, const QSslError &error)
347{
348 debug << error.errorString();
349 return debug;
350}
351
352QDebug print(QDebug debug, QSslError::SslError error)
353{
354 debug << QSslError(error).errorString();
355 return debug;
356}
357#endif
358
359QT_END_NAMESPACE
360
361#include "moc_qsslerror.cpp"
362

Provided by KDAB

Privacy Policy
Learn Advanced QML with KDAB
Find out more

source code of qtbase/src/network/ssl/qsslerror.cpp