341 static QString msgUnsupportedMulticastAddress()
343 return QDtls::tr(
"Multicast and broadcast addresses are not supported");
368 :
hash(algorithm), secret(secret)
376 qCWarning(lcSsl,
"No TLS backend is available, cannot verify DTLS client");
379 backend.reset(tlsBackend->createDtlsCookieVerifier());
381 qCWarning(lcSsl) <<
"The backend" << tlsBackend->backendName() <<
"does not support DTLS cookies";
395 if (
auto *backend =
d->backend.get()) {
399 auto conf = QSslConfiguration::defaultDtlsConfiguration();
401 backend->setConfiguration(conf);
426 if (
auto *backend =
d->backend.get())
427 return backend->setCookieGeneratorParameters(
params);
446 if (
const auto *backend =
d->backend.get())
447 return backend->cookieGeneratorParameters();
472 auto *backend =
d->backend.get();
478 tr(
"A valid UDP socket, non-empty datagram, and valid address/port were expected"));
484 msgUnsupportedMulticastAddress());
501 if (
const auto *backend =
d->backend.get())
502 return backend->verifiedHello();
516 if (
const auto *backend =
d->backend.get())
517 return backend->error();
531 if (
const auto *backend =
d->backend.get())
532 return backend->errorString();
534 return QStringLiteral(
"No TLS backend is available, no client verification");
553 qCWarning(lcSsl,
"No TLS backend found, QDtls is unsupported");
556 d->backend.reset(tlsBackend->createDtlsCryptograph(
this,
mode));
557 if (!
d->backend.get()) {
558 qCWarning(lcSsl) <<
"TLS backend" << tlsBackend->backendName()
559 <<
"does not support the protocol DTLS";
579 const QString &verificationName)
583 auto *backend =
d->backend.get();
589 tr(
"Cannot set peer after handshake started"));
595 tr(
"Invalid address"));
601 msgUnsupportedMulticastAddress());
605 backend->clearDtlsError();
623 auto *backend =
d->backend.get();
629 tr(
"Cannot set verification name after handshake started"));
633 backend->clearDtlsError();
634 backend->setPeerVerificationName(
name);
648 if (
const auto *backend =
d->backend.get())
649 return backend->peerAddress();
663 if (
const auto *backend =
d->backend.get())
664 return backend->peerPort();
679 if (
const auto *backend =
d->backend.get())
680 return backend->peerVerificationName();
695 if (
const auto *backend =
d->backend.get())
696 return backend->cryptographMode();
711 if (
auto *backend =
d->backend.get())
712 backend->setDtlsMtuHint(
mtuHint);
724 if (
const auto *backend =
d->backend.get())
725 return backend->dtlsMtuHint();
744 if (
auto *backend =
d->backend.get())
745 backend->setCookieGeneratorParameters(
params);
765 if (
const auto *backend =
d->backend.get())
766 return backend->cookieGeneratorParameters();
783 auto *backend =
d->backend.get();
789 tr(
"Cannot set configuration after handshake started"));
793 backend->setConfiguration(configuration);
806 if (
const auto *backend =
d->backend.get())
807 return backend->configuration();
821 if (
const auto *backend =
d->backend.get())
822 return backend->state();
850 auto *backend =
d->backend.get();
855 return startHandshake(
socket, dgram);
857 return continueHandshake(
socket, dgram);
860 tr(
"Cannot start/continue handshake, invalid handshake state"));
871 auto *backend =
d->backend.get();
880 if (backend->peerAddress().isNull()) {
882 tr(
"To start a handshake you must set peer's address and port first"));
888 tr(
"To start a handshake, DTLS server requires non-empty datagram (client hello)"));
894 tr(
"Cannot start handshake, already done/in progress"));
898 return backend->startHandshake(
socket, datagram);
913 auto *backend =
d->backend.get();
922 return backend->handleTimeout(
socket);
932 auto *backend =
d->backend.get();
938 tr(
"A valid QUdpSocket and non-empty datagram are needed to continue the handshake"));
944 tr(
"Cannot continue handshake, not in InProgress state"));
948 return backend->continueHandshake(
socket, datagram);
963 auto *backend =
d->backend.get();
974 tr(
"Cannot resume, not in VerificationError state"));
978 return backend->resumeHandshake(
socket);
991 auto *backend =
d->backend.get();
1002 tr(
"No handshake in progress, nothing to abort"));
1006 backend->abortHandshake(
socket);
1021 auto *backend =
d->backend.get();
1027 tr(
"Invalid (nullptr) socket"));
1031 if (!backend->isConnectionEncrypted()) {
1033 tr(
"Cannot send shutdown alert, not encrypted"));
1037 backend->sendShutdownAlert(
socket);
1051 if (
const auto *backend =
d->backend.get())
1052 return backend->isConnectionEncrypted();
1073 if (
const auto *backend =
d->backend.get())
1074 return backend->dtlsSessionCipher();
1093 if (
const auto *backend =
d->backend.get())
1094 return backend->dtlsSessionProtocol();
1111 auto *backend =
d->backend.get();
1122 tr(
"Cannot write a datagram, not in encrypted state"));
1126 return backend->writeDatagramEncrypted(
socket, dgram);
1139 auto *backend =
d->backend.get();
1150 tr(
"Cannot read a datagram, not in encrypted state"));
1157 return backend->decryptDatagram(
socket, dgram);
1169 if (
const auto *backend =
d->backend.get())
1170 return backend->error();
1185 if (
const auto *backend =
d->backend.get())
1186 return backend->errorString();
1201 if (
const auto *backend =
d->backend.get())
1202 return backend->peerVerificationErrors();
1230 if (
auto *backend =
d->backend.get())
1231 backend->ignoreVerificationErrors(errorsToIgnore);
The QByteArray class provides an array of bytes.
qsizetype size() const noexcept
This class implements server-side DTLS cookie generation and verification.
QString dtlsErrorString() const
GeneratorParameters cookieGeneratorParameters() const
QByteArray verifiedHello() const
bool verifyClient(QUdpSocket *socket, const QByteArray &dgram, const QHostAddress &address, quint16 port)
QDtlsError dtlsError() const
bool setCookieGeneratorParameters(const GeneratorParameters ¶ms)
QDtlsClientVerifier(QObject *parent=nullptr)
QDtlsClientVerifierPrivate()
~QDtlsClientVerifierPrivate()
This class provides encryption for UDP sockets.
HandshakeState
Describes the current state of DTLS handshake.
bool setPeer(const QHostAddress &address, quint16 port, const QString &verificationName={})
bool handleTimeout(QUdpSocket *socket)
QSslConfiguration dtlsConfiguration() const
qint64 writeDatagramEncrypted(QUdpSocket *socket, const QByteArray &dgram)
bool setDtlsConfiguration(const QSslConfiguration &configuration)
bool doHandshake(QUdpSocket *socket, const QByteArray &dgram={})
QString peerVerificationName() const
bool shutdown(QUdpSocket *socket)
bool resumeHandshake(QUdpSocket *socket)
void ignoreVerificationErrors(const QList< QSslError > &errorsToIgnore)
QString dtlsErrorString() const
QDtls(QSslSocket::SslMode mode, QObject *parent=nullptr)
QByteArray decryptDatagram(QUdpSocket *socket, const QByteArray &dgram)
bool setCookieGeneratorParameters(const GeneratorParameters ¶ms)
bool isConnectionEncrypted() const
QList< QSslError > peerVerificationErrors() const
void setMtuHint(quint16 mtuHint)
QSslSocket::SslMode sslMode() const
HandshakeState handshakeState() const
QDtlsError dtlsError() const
QHostAddress peerAddress() const
QSslCipher sessionCipher() const
bool abortHandshake(QUdpSocket *socket)
GeneratorParameters cookieGeneratorParameters() const
QSsl::SslProtocol sessionProtocol() const
bool setPeerVerificationName(const QString &name)
The QHostAddress class provides an IP address.\inmodule QtNetwork.
The QObject class is the base class of all Qt objects.
The QSslCipher class represents an SSL cryptographic cipher.
The QSslConfiguration class holds the configuration and state of an SSL connection.
static QTlsBackend * tlsBackendInUse()
The QString class provides a Unicode character string.
The QUdpSocket class provides a UDP socket.
QHash< int, QWidget * > hash
[35multi]
#define qCWarning(category,...)
GLuint GLuint64EXT address
#define QStringLiteral(str)
This class defines parameters for DTLS cookie generator.
IUIAutomationTreeWalker __RPC__deref_out_opt IUIAutomationElement ** parent