qt6windows7/examples/network/secureudpserver/server.cpp
2023-10-29 23:33:08 +01:00

220 lines
6.4 KiB
C++

// Copyright (C) 2018 The Qt Company Ltd.
// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR BSD-3-Clause
#include "server.h"
#include <algorithm>
namespace {
QString peer_info(const QHostAddress &address, quint16 port)
{
const static QString info = QStringLiteral("(%1:%2)");
return info.arg(address.toString()).arg(port);
}
QString connection_info(QDtls *connection)
{
QString info(DtlsServer::tr("Session cipher: "));
info += connection->sessionCipher().name();
info += DtlsServer::tr("; session protocol: ");
switch (connection->sessionProtocol()) {
case QSsl::DtlsV1_2:
info += DtlsServer::tr("DTLS 1.2.");
break;
default:
info += DtlsServer::tr("Unknown protocol.");
}
return info;
}
} // unnamed namespace
//! [1]
DtlsServer::DtlsServer()
{
connect(&serverSocket, &QAbstractSocket::readyRead, this, &DtlsServer::readyRead);
serverConfiguration = QSslConfiguration::defaultDtlsConfiguration();
serverConfiguration.setPreSharedKeyIdentityHint("Qt DTLS example server");
serverConfiguration.setPeerVerifyMode(QSslSocket::VerifyNone);
}
//! [1]
DtlsServer::~DtlsServer()
{
shutdown();
}
//! [2]
bool DtlsServer::listen(const QHostAddress &address, quint16 port)
{
if (address != serverSocket.localAddress() || port != serverSocket.localPort()) {
shutdown();
listening = serverSocket.bind(address, port);
if (!listening)
emit errorMessage(serverSocket.errorString());
} else {
listening = true;
}
return listening;
}
//! [2]
bool DtlsServer::isListening() const
{
return listening;
}
void DtlsServer::close()
{
listening = false;
}
void DtlsServer::readyRead()
{
//! [3]
const qint64 bytesToRead = serverSocket.pendingDatagramSize();
if (bytesToRead <= 0) {
emit warningMessage(tr("A spurious read notification"));
return;
}
QByteArray dgram(bytesToRead, Qt::Uninitialized);
QHostAddress peerAddress;
quint16 peerPort = 0;
const qint64 bytesRead = serverSocket.readDatagram(dgram.data(), dgram.size(),
&peerAddress, &peerPort);
if (bytesRead <= 0) {
emit warningMessage(tr("Failed to read a datagram: ") + serverSocket.errorString());
return;
}
dgram.resize(bytesRead);
//! [3]
//! [4]
if (peerAddress.isNull() || !peerPort) {
emit warningMessage(tr("Failed to extract peer info (address, port)"));
return;
}
const auto client = std::find_if(knownClients.begin(), knownClients.end(),
[&](const std::unique_ptr<QDtls> &connection){
return connection->peerAddress() == peerAddress
&& connection->peerPort() == peerPort;
});
//! [4]
//! [5]
if (client == knownClients.end())
return handleNewConnection(peerAddress, peerPort, dgram);
//! [5]
//! [6]
if ((*client)->isConnectionEncrypted()) {
decryptDatagram(client->get(), dgram);
if ((*client)->dtlsError() == QDtlsError::RemoteClosedConnectionError)
knownClients.erase(client);
return;
}
//! [6]
//! [7]
doHandshake(client->get(), dgram);
//! [7]
}
//! [13]
void DtlsServer::pskRequired(QSslPreSharedKeyAuthenticator *auth)
{
Q_ASSERT(auth);
emit infoMessage(tr("PSK callback, received a client's identity: '%1'")
.arg(QString::fromLatin1(auth->identity())));
auth->setPreSharedKey(QByteArrayLiteral("\x1a\x2b\x3c\x4d\x5e\x6f"));
}
//! [13]
//! [8]
void DtlsServer::handleNewConnection(const QHostAddress &peerAddress,
quint16 peerPort, const QByteArray &clientHello)
{
if (!listening)
return;
const QString peerInfo = peer_info(peerAddress, peerPort);
if (cookieSender.verifyClient(&serverSocket, clientHello, peerAddress, peerPort)) {
emit infoMessage(peerInfo + tr(": verified, starting a handshake"));
//! [8]
//! [9]
std::unique_ptr<QDtls> newConnection{new QDtls{QSslSocket::SslServerMode}};
newConnection->setDtlsConfiguration(serverConfiguration);
newConnection->setPeer(peerAddress, peerPort);
newConnection->connect(newConnection.get(), &QDtls::pskRequired,
this, &DtlsServer::pskRequired);
knownClients.push_back(std::move(newConnection));
doHandshake(knownClients.back().get(), clientHello);
//! [9]
} else if (cookieSender.dtlsError() != QDtlsError::NoError) {
emit errorMessage(tr("DTLS error: ") + cookieSender.dtlsErrorString());
} else {
emit infoMessage(peerInfo + tr(": not verified yet"));
}
}
//! [11]
void DtlsServer::doHandshake(QDtls *newConnection, const QByteArray &clientHello)
{
const bool result = newConnection->doHandshake(&serverSocket, clientHello);
if (!result) {
emit errorMessage(newConnection->dtlsErrorString());
return;
}
const QString peerInfo = peer_info(newConnection->peerAddress(),
newConnection->peerPort());
switch (newConnection->handshakeState()) {
case QDtls::HandshakeInProgress:
emit infoMessage(peerInfo + tr(": handshake is in progress ..."));
break;
case QDtls::HandshakeComplete:
emit infoMessage(tr("Connection with %1 encrypted. %2")
.arg(peerInfo, connection_info(newConnection)));
break;
default:
Q_UNREACHABLE();
}
}
//! [11]
//! [12]
void DtlsServer::decryptDatagram(QDtls *connection, const QByteArray &clientMessage)
{
Q_ASSERT(connection->isConnectionEncrypted());
const QString peerInfo = peer_info(connection->peerAddress(), connection->peerPort());
const QByteArray dgram = connection->decryptDatagram(&serverSocket, clientMessage);
if (dgram.size()) {
emit datagramReceived(peerInfo, clientMessage, dgram);
connection->writeDatagramEncrypted(&serverSocket, tr("to %1: ACK").arg(peerInfo).toLatin1());
} else if (connection->dtlsError() == QDtlsError::NoError) {
emit warningMessage(peerInfo + ": " + tr("0 byte dgram, could be a re-connect attempt?"));
} else {
emit errorMessage(peerInfo + ": " + connection->dtlsErrorString());
}
}
//! [12]
//! [14]
void DtlsServer::shutdown()
{
for (const auto &connection : std::exchange(knownClients, {}))
connection->shutdown(&serverSocket);
serverSocket.close();
}
//! [14]