26a6afd472
The one we had before was invalid and we ended up with defaultDtlsConfiguration which has peerVerifyMode == AutoVerify. Change-Id: I5b9ceb027e90189325c1d8fd0db37d1b212ebbc8 Reviewed-by: Edward Welbourne <edward.welbourne@qt.io> Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
278 lines
8.9 KiB
C++
278 lines
8.9 KiB
C++
/****************************************************************************
|
|
**
|
|
** Copyright (C) 2018 The Qt Company Ltd.
|
|
** Contact: https://www.qt.io/licensing/
|
|
**
|
|
** This file is part of the examples of the Qt Toolkit.
|
|
**
|
|
** $QT_BEGIN_LICENSE:BSD$
|
|
** Commercial License Usage
|
|
** Licensees holding valid commercial Qt licenses may use this file in
|
|
** accordance with the commercial license agreement provided with the
|
|
** Software or, alternatively, in accordance with the terms contained in
|
|
** a written agreement between you and The Qt Company. For licensing terms
|
|
** and conditions see https://www.qt.io/terms-conditions. For further
|
|
** information use the contact form at https://www.qt.io/contact-us.
|
|
**
|
|
** BSD License Usage
|
|
** Alternatively, you may use this file under the terms of the BSD license
|
|
** as follows:
|
|
**
|
|
** "Redistribution and use in source and binary forms, with or without
|
|
** modification, are permitted provided that the following conditions are
|
|
** met:
|
|
** * Redistributions of source code must retain the above copyright
|
|
** notice, this list of conditions and the following disclaimer.
|
|
** * Redistributions in binary form must reproduce the above copyright
|
|
** notice, this list of conditions and the following disclaimer in
|
|
** the documentation and/or other materials provided with the
|
|
** distribution.
|
|
** * Neither the name of The Qt Company Ltd nor the names of its
|
|
** contributors may be used to endorse or promote products derived
|
|
** from this software without specific prior written permission.
|
|
**
|
|
**
|
|
** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
** "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
** LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
** A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
** OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
** SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
** LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
** DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
** THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
** (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
** OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE."
|
|
**
|
|
** $QT_END_LICENSE$
|
|
**
|
|
****************************************************************************/
|
|
|
|
#include "server.h"
|
|
|
|
#include <algorithm>
|
|
|
|
QT_BEGIN_NAMESPACE
|
|
|
|
namespace {
|
|
|
|
QString peer_info(const QHostAddress &address, quint16 port)
|
|
{
|
|
const static QString info = QStringLiteral("(%1:%2)");
|
|
return info.arg(address.toString()).arg(port);
|
|
}
|
|
|
|
QString connection_info(QSharedPointer<QDtls> connection)
|
|
{
|
|
QString info(DtlsServer::tr("Session cipher: "));
|
|
info += connection->sessionCipher().name();
|
|
|
|
info += DtlsServer::tr("; session protocol: ");
|
|
switch (connection->sessionProtocol()) {
|
|
case QSsl::DtlsV1_0:
|
|
info += DtlsServer::tr("DTLS 1.0.");
|
|
break;
|
|
case QSsl::DtlsV1_2:
|
|
info += DtlsServer::tr("DTLS 1.2.");
|
|
break;
|
|
case QSsl::DtlsV1_2OrLater:
|
|
info += DtlsServer::tr("DTLS 1.2 or later.");
|
|
break;
|
|
default:
|
|
info += DtlsServer::tr("Unknown protocol.");
|
|
}
|
|
|
|
return info;
|
|
}
|
|
|
|
} // unnamed namespace
|
|
|
|
//! [1]
|
|
DtlsServer::DtlsServer()
|
|
{
|
|
connect(&serverSocket, &QAbstractSocket::readyRead, this, &DtlsServer::readyRead);
|
|
|
|
serverConfiguration = QSslConfiguration::defaultDtlsConfiguration();
|
|
serverConfiguration.setPreSharedKeyIdentityHint("Qt DTLS example server");
|
|
serverConfiguration.setPeerVerifyMode(QSslSocket::VerifyNone);
|
|
}
|
|
//! [1]
|
|
|
|
DtlsServer::~DtlsServer()
|
|
{
|
|
shutdown();
|
|
}
|
|
|
|
//! [2]
|
|
bool DtlsServer::listen(const QHostAddress &address, quint16 port)
|
|
{
|
|
if (address != serverSocket.localAddress() || port != serverSocket.localPort()) {
|
|
shutdown();
|
|
listening = serverSocket.bind(address, port);
|
|
if (!listening)
|
|
emit errorMessage(serverSocket.errorString());
|
|
} else {
|
|
listening = true;
|
|
}
|
|
|
|
return listening;
|
|
}
|
|
//! [2]
|
|
|
|
bool DtlsServer::isListening() const
|
|
{
|
|
return listening;
|
|
}
|
|
|
|
void DtlsServer::close()
|
|
{
|
|
listening = false;
|
|
}
|
|
|
|
void DtlsServer::readyRead()
|
|
{
|
|
//! [3]
|
|
const qint64 bytesToRead = serverSocket.pendingDatagramSize();
|
|
if (bytesToRead <= 0) {
|
|
emit warningMessage(tr("A spurious read notification"));
|
|
return;
|
|
}
|
|
|
|
QByteArray dgram(bytesToRead, Qt::Uninitialized);
|
|
QHostAddress peerAddress;
|
|
quint16 peerPort = 0;
|
|
const qint64 bytesRead = serverSocket.readDatagram(dgram.data(), dgram.size(),
|
|
&peerAddress, &peerPort);
|
|
if (bytesRead <= 0) {
|
|
emit warningMessage(tr("Failed to read a datagram: ") + serverSocket.errorString());
|
|
return;
|
|
}
|
|
|
|
dgram.resize(bytesRead);
|
|
//! [3]
|
|
//! [4]
|
|
if (peerAddress.isNull() || !peerPort) {
|
|
emit warningMessage(tr("Failed to extract peer info (address, port)"));
|
|
return;
|
|
}
|
|
|
|
const auto client = std::find_if(knownClients.begin(), knownClients.end(),
|
|
[&](const DtlsConnection &connection){
|
|
return connection->peerAddress() == peerAddress
|
|
&& connection->peerPort() == peerPort;
|
|
});
|
|
//! [4]
|
|
|
|
//! [5]
|
|
if (client == knownClients.end())
|
|
return handleNewConnection(peerAddress, peerPort, dgram);
|
|
//! [5]
|
|
|
|
//! [6]
|
|
if ((*client)->isConnectionEncrypted()) {
|
|
decryptDatagram(*client, dgram);
|
|
if ((*client)->dtlsError() == QDtlsError::RemoteClosedConnectionError)
|
|
knownClients.erase(client);
|
|
return;
|
|
}
|
|
//! [6]
|
|
|
|
//! [7]
|
|
doHandshake(*client, dgram);
|
|
//! [7]
|
|
}
|
|
|
|
//! [13]
|
|
void DtlsServer::pskRequired(QSslPreSharedKeyAuthenticator *auth)
|
|
{
|
|
Q_ASSERT(auth);
|
|
|
|
emit infoMessage(tr("PSK callback, received a client's identity: '%1'")
|
|
.arg(QString::fromLatin1(auth->identity())));
|
|
auth->setPreSharedKey(QByteArrayLiteral("\x1a\x2b\x3c\x4d\x5e\x6f"));
|
|
}
|
|
//! [13]
|
|
|
|
//! [8]
|
|
void DtlsServer::handleNewConnection(const QHostAddress &peerAddress,
|
|
quint16 peerPort, const QByteArray &clientHello)
|
|
{
|
|
if (!listening)
|
|
return;
|
|
|
|
const QString peerInfo = peer_info(peerAddress, peerPort);
|
|
if (cookieSender.verifyClient(&serverSocket, clientHello, peerAddress, peerPort)) {
|
|
emit infoMessage(peerInfo + tr(": verified, starting a handshake"));
|
|
//! [8]
|
|
//! [9]
|
|
DtlsConnection newConnection(new QDtls(QSslSocket::SslServerMode));
|
|
newConnection->setDtlsConfiguration(serverConfiguration);
|
|
newConnection->setPeer(peerAddress, peerPort);
|
|
newConnection->connect(newConnection.data(), &QDtls::pskRequired,
|
|
this, &DtlsServer::pskRequired);
|
|
knownClients.push_back(newConnection);
|
|
doHandshake(newConnection, clientHello);
|
|
//! [9]
|
|
} else if (cookieSender.dtlsError() != QDtlsError::NoError) {
|
|
emit errorMessage(tr("DTLS error: ") + cookieSender.dtlsErrorString());
|
|
} else {
|
|
emit infoMessage(peerInfo + tr(": not verified yet"));
|
|
}
|
|
}
|
|
|
|
//! [11]
|
|
void DtlsServer::doHandshake(DtlsConnection newConnection, const QByteArray &clientHello)
|
|
{
|
|
const bool result = newConnection->doHandshake(&serverSocket, clientHello);
|
|
if (!result) {
|
|
emit errorMessage(newConnection->dtlsErrorString());
|
|
return;
|
|
}
|
|
|
|
const QString peerInfo = peer_info(newConnection->peerAddress(),
|
|
newConnection->peerPort());
|
|
switch (newConnection->handshakeState()) {
|
|
case QDtls::HandshakeInProgress:
|
|
emit infoMessage(peerInfo + tr(": handshake is in progress ..."));
|
|
break;
|
|
case QDtls::HandshakeComplete:
|
|
emit infoMessage(tr("Connection with %1 encrypted. %2")
|
|
.arg(peerInfo, connection_info(newConnection)));
|
|
break;
|
|
default:
|
|
Q_UNREACHABLE();
|
|
}
|
|
}
|
|
//! [11]
|
|
|
|
//! [12]
|
|
void DtlsServer::decryptDatagram(DtlsConnection connection, const QByteArray &clientMessage)
|
|
{
|
|
Q_ASSERT(connection->isConnectionEncrypted());
|
|
|
|
const QString peerInfo = peer_info(connection->peerAddress(), connection->peerPort());
|
|
const QByteArray dgram = connection->decryptDatagram(&serverSocket, clientMessage);
|
|
if (dgram.size()) {
|
|
emit datagramReceived(peerInfo, clientMessage, dgram);
|
|
connection->writeDatagramEncrypted(&serverSocket, tr("to %1: ACK").arg(peerInfo).toLatin1());
|
|
} else if (connection->dtlsError() == QDtlsError::NoError) {
|
|
emit warningMessage(peerInfo + ": " + tr("0 byte dgram, could be a re-connect attempt?"));
|
|
} else {
|
|
emit errorMessage(peerInfo + ": " + connection->dtlsErrorString());
|
|
}
|
|
}
|
|
//! [12]
|
|
|
|
//! [14]
|
|
void DtlsServer::shutdown()
|
|
{
|
|
for (DtlsConnection &connection : knownClients)
|
|
connection->shutdown(&serverSocket);
|
|
|
|
knownClients.clear();
|
|
serverSocket.close();
|
|
}
|
|
//! [14]
|
|
|
|
QT_END_NAMESPACE
|