df/ddd/src__network__ssl__qdtlscookie_8cpp_source.html

// Copyright (C) 2018 The Qt Company Ltd.

// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR BSD-3-Clause


class DtlsServer : public QObject

{

public:

    bool listen(const QHostAddress &address, quint16 port);

    // ...


private:

    void readyRead();

    // ...


    QUdpSocket serverSocket;

    QDtlsClientVerifier verifier;

    // ...

};


bool DtlsServer::listen(const QHostAddress &serverAddress, quint16 serverPort)

{

    if (serverSocket.bind(serverAddress, serverPort))

        connect(&serverSocket, &QUdpSocket::readyRead, this, &DtlsServer::readyRead);

    return serverSocket.state() == QAbstractSocket::BoundState;

}


void DtlsServer::readyRead()

{

    QByteArray dgram(serverSocket.pendingDatagramSize(), Qt::Uninitialized);

    QHostAddress address;

    quint16 port = {};

    serverSocket.readDatagram(dgram.data(), dgram.size(), &address, &port);

    if (verifiedClients.contains({address, port}) {

        // This client was verified previously, we either continue the

        // handshake or decrypt the incoming message.

    } else if (verifier.verifyClient(&serverSocket, dgram, address, port)) {

        // Apparently we have a real DTLS client who wants to send us

        // encrypted datagrams. Remember this client as verified

        // and proceed with a handshake.

    } else {

        // No matching cookie was found in the incoming datagram,

        // verifyClient() has sent a ClientVerify message.

        // We'll hear from the client again soon, if they're real.

    }

}


void DtlsServer::updateServerSecret()

{

    const QByteArray newSecret(generateCryptoStrongSecret());

    if (newSecret.size()) {

        usedCookies.append(newSecret);

        verifier.setCookieGeneratorParameters({QCryptographicHash::Sha1, newSecret});

    }

}


if (!verifier.verifyClient(&socket, message, address, port)) {

    switch (verifyClient.dtlsError()) {

    case QDtlsError::NoError:

        // Not verified yet, but no errors found and we have to wait for the next

        // message from this client.

        return;

    case QDtlsError::TlsInitializationError:

        // This error is fatal, nothing we can do about it.

        // Probably, quit the server after reporting the error.

        return;

    case QDtlsError::UnderlyingSocketError:

        // There is some problem in QUdpSocket, handle it (see QUdpSocket::error())

        return;

    case QDtlsError::InvalidInputParameters:

    default:

        Q_UNREACHABLE();

    }

}


DtlsServer
[0]
Definition src_network_ssl_qdtlscookie.cpp:6

DtlsServer::listen
bool listen(const QHostAddress &address, quint16 port)
Definition src_network_ssl_qdtlscookie.cpp:20

QAbstractSocket::BoundState
@ BoundState
Definition qabstractsocket.h:94

QAbstractSocket::bind
virtual bool bind(const QHostAddress &address, quint16 port=0, BindMode mode=DefaultForPlatform)
Definition qabstractsocket.cpp:1495

QAbstractSocket::state
SocketState state() const
Returns the state of the socket.
Definition qabstractsocket.cpp:2757

QByteArray
\inmodule QtCore
Definition qbytearray.h:57

QCryptographicHash::Sha1
@ Sha1
Definition qcryptographichash.h:27

QDtlsClientVerifier
This class implements server-side DTLS cookie generation and verification.
Definition qdtls.h:44

QDtlsClientVerifier::verifyClient
bool verifyClient(QUdpSocket *socket, const QByteArray &dgram, const QHostAddress &address, quint16 port)
socket must be a valid pointer, dgram must be a non-empty datagram, address cannot be null,...
Definition qdtls.cpp:431

QDtlsClientVerifier::setCookieGeneratorParameters
bool setCookieGeneratorParameters(const GeneratorParameters &params)
Sets the secret and the cryptographic hash algorithm from params.
Definition qdtls.cpp:387

QHostAddress
The QHostAddress class provides an IP address.
Definition qhostaddress.h:38

QIODevice::readyRead
void readyRead()
This signal is emitted once every time new data is available for reading from the device's current re...

QObject
\inmodule QtCore
Definition qobject.h:103

QObject::connect
static QMetaObject::Connection connect(const QObject *sender, const char *signal, const QObject *receiver, const char *member, Qt::ConnectionType=Qt::AutoConnection)
\threadsafe
Definition qobject.cpp:2960

QUdpSocket
\reentrant
Definition qudpsocket.h:21

QUdpSocket::readDatagram
qint64 readDatagram(char *data, qint64 maxlen, QHostAddress *host=nullptr, quint16 *port=nullptr)
Receives a datagram no larger than maxSize bytes and stores it in data.
Definition qudpsocket.cpp:459

QUdpSocket::pendingDatagramSize
qint64 pendingDatagramSize() const
Returns the size of the first pending UDP datagram.
Definition qudpsocket.cpp:278

Qt::Uninitialized
constexpr Initialization Uninitialized
Definition qnamespace.h:1597

QDtlsError::TlsInitializationError
@ TlsInitializationError

QDtlsError::UnderlyingSocketError
@ UnderlyingSocketError

QDtlsError::InvalidInputParameters
@ InvalidInputParameters

QDtlsError::NoError
@ NoError

port
EGLOutputPortEXT port
Definition qeglstreamconvenience_p.h:49

message
GLuint GLsizei const GLchar * message
Definition qopengles2ext.h:154

address
GLuint GLuint64EXT address
Definition qopenglext.h:11428

quint16
unsigned short quint16
Definition qtypes.h:48

if
if(qFloatDistance(a, b)<(1<< 7))
[0]
Definition src_corelib_global_qnumeric.cpp:5

socket
QTcpSocket * socket
[1]
Definition src_corelib_kernel_qobject.cpp:392

listen
socketLayer listen()