diff --git a/src/server/SslServer.h b/src/server/SslServer.h new file mode 100644 index 0000000..57ac7cd --- /dev/null +++ b/src/server/SslServer.h @@ -0,0 +1,58 @@ +// =============================== +// PC-BSD REST/JSON API Server +// Available under the 3-clause BSD License +// Written by: Ken Moore July 2015 +// ================================= +// This class is a simple subclass of QTcpServer to use SSL connections instead +// ================================= +#ifndef _PCBSD_REST_WEB_SSL_SERVER_H +#define _PCBSD_REST_WEB_SSL_SERVER_H + +#include +#include +#include +#include +#include +#include + +class SslServer : public QTcpServer{ + Q_OBJECT +private: + QQueue pendingConnections; + +public: + SslServer(QObject *parent=0) : QTcpServer(parent){} + ~SslServer(){} + + bool hasPendingConnections() const{ + return !pendingConnections.isEmpty(); + } + + QSslSocket* nextPendingConnection(){ + if( pendingConnections.isEmpty() ){ return 0; } + else{ return pendingConnections.dequeue(); } + } +protected: + void incomingConnection(qintptr socketDescriptor){ + QSslSocket *serverSocket = new QSslSocket(this); + qDebug() << "New Ssl Connection:"; + //setup any supported encruption types here + serverSocket->setSslConfiguration(QSslConfiguration::defaultConfiguration()); + serverSocket->setProtocol(QSsl::SslV3); //no TLS support (all sorts of issues with that) + //serverSocket->setPrivateKey(); + //serverSocket->setLocalCertificate(); + qDebug() << " - Supported Protocols:" << serverSocket->sslConfiguration().protocol(); + + if (serverSocket->setSocketDescriptor(socketDescriptor)) { + pendingConnections.enqueue(serverSocket); + //connect(serverSocket, SIGNAL(encrypted()), this, SLOT(ready())); + qDebug() << " - Starting Server Encryption Handshake"; + serverSocket->startServerEncryption(); + } else { + delete serverSocket; + } + } + + +}; +#endif diff --git a/src/server/WebServer.cpp b/src/server/WebServer.cpp index 71faee0..93b1ac4 100644 --- a/src/server/WebServer.cpp +++ b/src/server/WebServer.cpp @@ -87,7 +87,12 @@ bool WebServer::setupWebSocket(quint16 port){ } bool WebServer::setupTcp(quint16 port){ - TCPServer = new QTcpServer(this); + if(!QSslSocket::supportsSsl()){ qDebug() << "No SSL Support on this system!!!"; return false; } + else{ + qDebug() << "Using SSL Library:"; + qDebug() << " - Version:" << QSslSocket::sslLibraryVersionString(); + } + TCPServer = new SslServer(this); //Setup Connections connect(TCPServer, SIGNAL(newConnection()), this, SLOT(NewSocketConnection()) ); connect(TCPServer, SIGNAL(acceptError(QAbstractSocket::SocketError)), this, SLOT(NewConnectError(QAbstractSocket::SocketError)) ); @@ -123,7 +128,7 @@ void WebServer::NewSocketConnection(){ if(WSServer!=0){ if(WSServer->hasPendingConnections()){ sock = new WebSocket( WSServer->nextPendingConnection(), generateID(), AUTH); } }else if(TCPServer!=0){ - if(TCPServer->hasPendingConnections()){ sock = new WebSocket( static_cast(TCPServer->nextPendingConnection()), generateID(), AUTH); } + if(TCPServer->hasPendingConnections()){ sock = new WebSocket( TCPServer->nextPendingConnection(), generateID(), AUTH); } } if(sock==0){ return; } //no new connection qDebug() << "New Socket Connection"; diff --git a/src/server/WebServer.h b/src/server/WebServer.h index 285a97f..9c44486 100644 --- a/src/server/WebServer.h +++ b/src/server/WebServer.h @@ -21,7 +21,7 @@ #include "WebSocket.h" #include "AuthorizationManager.h" - +#include "SslServer.h" class WebServer : public QObject{ Q_OBJECT public: @@ -35,7 +35,7 @@ public slots: private: QWebSocketServer *WSServer; - QTcpServer *TCPServer; + SslServer *TCPServer; QList OpenSockets; AuthorizationManager *AUTH; QFileSystemWatcher *watcher; diff --git a/src/server/server.pro b/src/server/server.pro index 46bb74e..8ef8272 100644 --- a/src/server/server.pro +++ b/src/server/server.pro @@ -9,7 +9,8 @@ HEADERS += WebServer.h \ syscache-client.h \ dispatcher-client.h \ RestStructs.h \ - AuthorizationManager.h + AuthorizationManager.h \ + SslServer.h SOURCES += main.cpp \ WebServer.cpp \