/*
# Copyright (c) 2009 - OpenSLX Project, Computer Center University of Freiburg
#
# This program is free software distributed under the GPL version 2.
# See http://openslx.org/COPYING
#
# If you have any feedback please consult http://openslx.org/feedback and
# send your suggestions, praise, or complaints to feedback@openslx.org
#
# General information about OpenSLX can be found at http://openslx.org/
# -----------------------------------------------------------------------------
# src/net/SslServer.cpp
# - provide QTcpServer-like behaviour for SSL
# -----------------------------------------------------------------------------
*/
#include "sslserver.h"
#include <QtNetwork/QSslCipher>
#include <QtNetwork/QSslSocket>
#include "certmanager.h"
#include <unistd.h>
SslServer::SslServer() : QTcpServer(nullptr)
{
_tmr = startTimer(5123);
}
SslServer::~SslServer()
{
killTimer(_tmr);
}
/**
* Handle incomming connection.
* @param socketDescriptor
*/
void SslServer::incomingConnection(qintptr socketDescriptor)
{
static int certFails = 0;
QSslKey key;
QSslCertificate cert;
if (!CertManager::getPrivateKeyAndCert("manager", key, cert)) {
if (++certFails > 5) {
CertManager::fatal();
}
::close((int)socketDescriptor);
return;
}
QSslSocket *serverSocket = new QSslSocket(nullptr);
connect(serverSocket, SIGNAL(sslErrors(const QList<QSslError> &)), this, SLOT(sslErrors(const QList<QSslError> &)));
connect(serverSocket, SIGNAL(disconnected()), this, SLOT(sock_closed()));
connect(serverSocket, SIGNAL(error(QAbstractSocket::SocketError)), this, SLOT(sock_error(QAbstractSocket::SocketError)));
serverSocket->setPrivateKey(key);
serverSocket->setLocalCertificate(cert);
serverSocket->setPeerVerifyMode(QSslSocket::VerifyNone);
serverSocket->setProtocol(QSsl::SecureProtocols);
if (serverSocket->setSocketDescriptor(socketDescriptor)) {
// Once the connection is successfully encrypted, raise our newConnection event
connect(serverSocket, &QSslSocket::encrypted, [=]() {
disconnect(serverSocket, SIGNAL(sslErrors(const QList<QSslError> &)), this, SLOT(sslErrors(const QList<QSslError> &)));
disconnect(serverSocket, SIGNAL(disconnected()), this, SLOT(sock_closed()));
disconnect(serverSocket, SIGNAL(error(QAbstractSocket::SocketError)), this, SLOT(sock_error(QAbstractSocket::SocketError)));
});
connect(serverSocket, SIGNAL(encrypted()), this, SIGNAL(newConnection()));
serverSocket->startServerEncryption();
_pending.push_back(serverSocket);
} else {
qDebug() << "Failed to setSocketDescriptor on new SSL Socket";
serverSocket->deleteLater();
}
}
void SslServer::sslErrors(const QList<QSslError>& /* errors */)
{
/*
qDebug() << "Client caused sslErrors before connection:";
for (QList<QSslError>::const_iterator it = errors.begin(); it != errors.end(); it++) {
qDebug() << it->errorString();
}
*/
}
void SslServer::sock_closed()
{
qDebug() << "Client closed connection before SSL handshake completed.";
sender()->deleteLater();
}
void SslServer::sock_error(QAbstractSocket::SocketError err)
{
qDebug() << "Client error before SSL handshake completed: " << err;
sender()->deleteLater();
}
void SslServer::timerEvent(QTimerEvent* /* event */ )
{
// Remove all sockets marked for deletion
while (!_delete.isEmpty()) {
QSslSocket *sock = _delete.takeFirst();
sock->blockSignals(true);
sock->deleteLater();
}
_delete = _pending;
_pending.clear();
}
bool SslServer::hasPendingConnections() const
{
for (QList<QSslSocket*>::const_iterator it(_pending.begin()); it != _pending.end(); it++) {
qDebug("State: %d - Encrypted: %d", (int)(*it)->state(), (*it)->isEncrypted());
if ((*it)->state() == QAbstractSocket::ConnectedState && (*it)->isEncrypted())
return true;
}
return false;
}
QTcpSocket* SslServer::nextPendingConnection()
{
for (QList<QSslSocket*>::iterator it(_pending.begin()); it != _pending.end(); it++) {
if ((*it)->state() == QAbstractSocket::ConnectedState && (*it)->isEncrypted()) {
QSslSocket *sock = *it;
QObject::disconnect(sock, SIGNAL(encrypted()), this, SIGNAL(newConnection()));
_pending.removeAll(sock);
_delete.removeAll(sock);
return sock;
}
}
for (QList<QSslSocket*>::iterator it(_delete.begin()); it != _delete.end(); it++) {
if ((*it)->state() == QAbstractSocket::ConnectedState && (*it)->isEncrypted()) {
QSslSocket *sock = *it;
QObject::disconnect(sock, SIGNAL(encrypted()), this, SIGNAL(newConnection()));
_pending.removeAll(sock);
_delete.removeAll(sock);
return sock;
}
}
return nullptr;
}
