diff --git a/server/servermanager.cpp b/server/servermanager.cpp index f4a66892..ab271750 100644 --- a/server/servermanager.cpp +++ b/server/servermanager.cpp @@ -79,7 +79,7 @@ ServerManager::ServerManager(GuhConfiguration* configuration, QObject *parent) : } } if (certsLoaded) { - m_sslConfiguration.setProtocol(QSsl::TlsV1_2); + m_sslConfiguration.setProtocol(QSsl::TlsV1_1OrLater); m_sslConfiguration.setPrivateKey(m_certificateKey); m_sslConfiguration.setLocalCertificate(m_certificate); } @@ -94,7 +94,7 @@ ServerManager::ServerManager(GuhConfiguration* configuration, QObject *parent) : #ifdef TESTING_ENABLED m_tcpServer = new MockTcpServer(this); #else - m_tcpServer = new TcpServer(configuration->tcpServerAddress(), configuration->tcpServerPort(), this); + m_tcpServer = new TcpServer(configuration->tcpServerAddress(), configuration->tcpServerPort(), configuration->sslEnabled(), m_sslConfiguration, this); #endif m_webSocketServer = new WebSocketServer(configuration->webSocketAddress(), configuration->webSocketPort(), configuration->sslEnabled(), m_sslConfiguration, this); diff --git a/server/tcpserver.cpp b/server/tcpserver.cpp index ee08cc72..0722f05e 100644 --- a/server/tcpserver.cpp +++ b/server/tcpserver.cpp @@ -34,7 +34,6 @@ */ #include "tcpserver.h" -#include "loggingcategories.h" #include "guhsettings.h" #include "guhcore.h" @@ -46,11 +45,13 @@ namespace guhserver { * * \sa ServerManager */ -TcpServer::TcpServer(const QHostAddress &host, const uint &port, QObject *parent) : +TcpServer::TcpServer(const QHostAddress &host, const uint &port, bool sslEnabled, const QSslConfiguration &sslConfiguration, QObject *parent) : TransportInterface(parent), m_server(NULL), m_host(host), - m_port(port) + m_port(port), + m_sslEnabled(sslEnabled), + m_sslConfig(sslConfiguration) { #ifndef TESTING_ENABLED m_avahiService = new QtAvahiService(this); @@ -83,20 +84,15 @@ void TcpServer::sendData(const QUuid &clientId, const QByteArray &data) } } -void TcpServer::onClientConnected() +void TcpServer::onClientConnected(QSslSocket *socket) { // got a new client connected - QTcpServer *server = qobject_cast(sender()); - QTcpSocket *newConnection = server->nextPendingConnection(); - qCDebug(dcConnection) << "Tcp server: new client connected:" << newConnection->peerAddress().toString(); + qCDebug(dcConnection) << "Tcp server: new client connected:" << socket->peerAddress().toString(); QUuid clientId = QUuid::createUuid(); // append the new client to the client list - m_clientList.insert(clientId, newConnection); - - connect(newConnection, SIGNAL(readyRead()),this,SLOT(readPackage())); - connect(newConnection,SIGNAL(disconnected()),this,SLOT(onClientDisconnected())); + m_clientList.insert(clientId, socket); emit clientConnected(clientId); } @@ -104,7 +100,7 @@ void TcpServer::onClientConnected() void TcpServer::readPackage() { QTcpSocket *client = qobject_cast(sender()); - qCDebug(dcTcpServer) << "Data comming from" << client->peerAddress().toString(); + qCDebug(dcTcpServer) << "Data coming from" << client->peerAddress().toString(); QByteArray message; while (client->canReadLine()) { QByteArray dataLine = client->readLine(); @@ -117,6 +113,11 @@ void TcpServer::readPackage() } } +void TcpServer::onSslErrors(const QList &errors) +{ + qCWarning(dcTcpServer) << "SSL errors:" << errors; +} + void TcpServer::onClientDisconnected() { QPointer client = qobject_cast(sender()); @@ -135,6 +136,11 @@ void TcpServer::onError(QAbstractSocket::SocketError error) stopServer(); } +void TcpServer::onEncrypted() +{ + qCDebug(dcTcpServer) << "TCP Server connection encrypted"; +} + void TcpServer::onAvahiServiceStateChanged(const QtAvahiService::QtAvahiServiceState &state) { if (state == QtAvahiService::QtAvahiServiceStateEstablished) { @@ -151,7 +157,7 @@ bool TcpServer::reconfigureServer(const QHostAddress &address, const uint &port) stopServer(); - QTcpServer *server = new QTcpServer(this); + SslServer *server = new SslServer(m_sslEnabled, m_sslConfig); if(!server->listen(address, port)) { qCWarning(dcConnection) << "Tcp server error: can not listen on" << address.toString() << port; delete server; @@ -176,13 +182,14 @@ bool TcpServer::reconfigureServer(const QHostAddress &address, const uint &port) */ bool TcpServer::startServer() { - m_server = new QTcpServer(this); + m_server = new SslServer(m_sslEnabled, m_sslConfig); if(!m_server->listen(m_host, m_port)) { qCWarning(dcConnection) << "Tcp server error: can not listen on" << m_host.toString() << m_port; delete m_server; m_server = NULL; return false; } + qWarning() << "tcp listening"; #ifndef TESTING_ENABLED // Note: reversed order @@ -196,7 +203,7 @@ bool TcpServer::startServer() #endif qCDebug(dcConnection) << "Started Tcp server on" << m_server->serverAddress().toString() << m_server->serverPort(); - connect(m_server, SIGNAL(newConnection()), SLOT(onClientConnected())); + connect(m_server, SIGNAL(clientConnected(QSslSocket *)), SLOT(onClientConnected(QSslSocket *))); return true; } @@ -220,4 +227,32 @@ bool TcpServer::stopServer() return true; } +void SslServer::incomingConnection(qintptr socketDescriptor) +{ + qWarning() << "incoming"; + QSslSocket *sslSocket = new QSslSocket(this); + connect(sslSocket, &QSslSocket::encrypted, [this, sslSocket](){ + qWarning() << "encrypted"; + emit clientConnected(sslSocket); + }); + + connect(sslSocket, &QSslSocket::readyRead, [this, sslSocket]() { + qWarning() << "readyRead:" << sslSocket->readAll(); +// sslSocket->startServerEncryption(); + }); + + if (!sslSocket->setSocketDescriptor(socketDescriptor)) { + qCWarning(dcConnection) << "Failed to set SSL socket"; + delete sslSocket; + return; + } + if (m_sslEnabled) { + qWarning() << "starting encryption"; + sslSocket->setSslConfiguration(m_config); + sslSocket->startServerEncryption(); + } else { + emit clientConnected(sslSocket); + } +} + } diff --git a/server/tcpserver.h b/server/tcpserver.h index 4ce071a6..1fd65bdb 100644 --- a/server/tcpserver.h +++ b/server/tcpserver.h @@ -28,17 +28,44 @@ #include #include #include +#include +#include #include "transportinterface.h" #include "network/avahi/qtavahiservice.h" +#include "loggingcategories.h" + namespace guhserver { +class SslServer: public QTcpServer +{ + Q_OBJECT +public: + SslServer(bool sslEnabled, const QSslConfiguration &config, QObject *parent = nullptr): + QTcpServer(parent), + m_sslEnabled(sslEnabled), + m_config(config) + { + + } + +signals: + void clientConnected(QSslSocket *socket); + +protected: + void incomingConnection(qintptr socketDescriptor) override; + +private: + bool m_sslEnabled = false; + QSslConfiguration m_config; +}; + class TcpServer : public TransportInterface { Q_OBJECT public: - explicit TcpServer(const QHostAddress &host, const uint &port, QObject *parent = 0); + explicit TcpServer(const QHostAddress &host, const uint &port, bool sslEnabled, const QSslConfiguration &sslConfiguration, QObject *parent = 0); ~TcpServer(); void sendData(const QUuid &clientId, const QByteArray &data) override; @@ -49,20 +76,26 @@ private: QtAvahiService *m_avahiService; - QTcpServer * m_server; + SslServer * m_server; QHash m_clientList; QHostAddress m_host; qint16 m_port; + bool m_sslEnabled = false; + QSslConfiguration m_sslConfig; + private slots: - void onClientConnected(); + void onClientConnected(QSslSocket *socket); void onClientDisconnected(); void readPackage(); + void onSslErrors(const QList &errors); void onError(QAbstractSocket::SocketError error); + void onEncrypted(); void onAvahiServiceStateChanged(const QtAvahiService::QtAvahiServiceState &state); + public slots: bool reconfigureServer(const QHostAddress &address, const uint &port); bool startServer() override;