Skip to content
GitLab
Select Git revision
  • 6.2.2
  • dev default
  • 6.2
  • 6.2.1
  • 6.2.0
  • 5.12
  • 5.12.12
  • 5.15
  • 5.12.11
  • 5.15.2
  • 5.12.10
  • 5.15.1
  • 5.12.9
  • 5.15.0
  • 5.14
  • wip/cmake
  • 5.12.8
  • 5.14.2
  • 5.14.1
  • 5.12.7
  • v5.15.0-alpha1
  • v5.12.7
  • v5.14.1
  • v5.9.9
  • v5.14.0
  • v5.14.0-rc2
  • v5.14.0-rc1
  • v5.12.6
  • v5.14.0-beta3
  • v5.13.2
  • v5.14.0-beta2
  • v5.14.0-beta1
  • v5.14.0-alpha1
  • v5.12.5
  • v5.13.1
  • v5.13.0
  • v5.13.0-rc3
  • v5.12.4
  • v5.13.0-rc2
  • v5.13.0-rc1
Find file BlameHistoryPermalink
qwebsockethandshakeresponse.cpp 9.42 KiB
1 
/****************************************************************************
2 
**
3 
** Copyright (C) 2014 Kurt Pattyn <pattyn.kurt@gmail.com>.
4 
** Contact: http://www.qt-project.org/legal
5 
**
6 
** This file is part of the QtWebSockets module of the Qt Toolkit.
7 
**
8 
** $QT_BEGIN_LICENSE:LGPL21$
9 
** Commercial License Usage
10 
** Licensees holding valid commercial Qt licenses may use this file in
11 
** accordance with the commercial license agreement provided with the
12 
** Software or, alternatively, in accordance with the terms contained in
13 
** a written agreement between you and Digia. For licensing terms and
14 
** conditions see http://qt.digia.com/licensing. For further information
15 
** use the contact form at http://qt.digia.com/contact-us.
16 
**
17 
** GNU Lesser General Public License Usage
18 
** Alternatively, this file may be used under the terms of the GNU Lesser
19 
** General Public License version 2.1 or version 3 as published by the Free
20 
** Software Foundation and appearing in the file LICENSE.LGPLv21 and
21 
** LICENSE.LGPLv3 included in the packaging of this file. Please review the
22 
** following information to ensure the GNU Lesser General Public License
23 
** requirements will be met: https://www.gnu.org/licenses/lgpl.html and
24 
** http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html.
25 
**
26 
** In addition, as a special exception, Digia gives you certain additional
27 
** rights. These rights are described in the Digia Qt LGPL Exception
28 
** version 1.1, included in the file LGPL_EXCEPTION.txt in this package.
29 
**
30 
** $QT_END_LICENSE$
31 
**
32 
****************************************************************************/
33
34 
#include "qwebsockethandshakeresponse_p.h"
35 
#include "qwebsockethandshakerequest_p.h"
36 
#include "qwebsocketprotocol.h"
37 
#include "qwebsocketprotocol_p.h"
38
39 
#include <QtCore/QString>
40 
#include <QtCore/QTextStream>
41 
#include <QtCore/QByteArray>
42 
#include <QtCore/QStringList>
43 
#include <QtCore/QDateTime>
44 
#include <QtCore/QLocale>
45 
#include <QtCore/QCryptographicHash>
46 
#include <QtCore/QSet>
47 
#include <QtCore/QList>
48 
#include <QtCore/QStringBuilder>   //for more efficient string concatenation
49
50 
#include <functional>   //for std::greater
51
52 
QT_BEGIN_NAMESPACE
53
54 
/*!
55 
    \internal
56 
 */
57 
QWebSocketHandshakeResponse::QWebSocketHandshakeResponse(
58 
        const QWebSocketHandshakeRequest &request,
59 
        const QString &serverName,
60 
        bool isOriginAllowed,
61 
        const QList<QWebSocketProtocol::Version> &supportedVersions,
62 
        const QList<QString> &supportedProtocols,
63 
        const QList<QString> &supportedExtensions) :
64 
    m_isValid(false),
65 
    m_canUpgrade(false),
66 
    m_response(),
67 
    m_acceptedProtocol(),
68 
    m_acceptedExtension(),
69 
    m_acceptedVersion(QWebSocketProtocol::VersionUnknown),
70 
    m_error(QWebSocketProtocol::CloseCodeNormal),
7172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140
m_errorString() { m_response = getHandshakeResponse(request, serverName, isOriginAllowed, supportedVersions, supportedProtocols, supportedExtensions); m_isValid = true; } /*! \internal */ QWebSocketHandshakeResponse::~QWebSocketHandshakeResponse() { } /*! \internal */ bool QWebSocketHandshakeResponse::isValid() const { return m_isValid; } /*! \internal */ bool QWebSocketHandshakeResponse::canUpgrade() const { return m_isValid && m_canUpgrade; } /*! \internal */ QString QWebSocketHandshakeResponse::acceptedProtocol() const { return m_acceptedProtocol; } /*! \internal */ QString QWebSocketHandshakeResponse::calculateAcceptKey(const QString &key) const { //the UID comes from RFC6455 const QString tmpKey = key % QStringLiteral("258EAFA5-E914-47DA-95CA-C5AB0DC85B11"); const QByteArray hash = QCryptographicHash::hash(tmpKey.toLatin1(), QCryptographicHash::Sha1); return QString::fromLatin1(hash.toBase64()); } /*! \internal */ QString QWebSocketHandshakeResponse::getHandshakeResponse( const QWebSocketHandshakeRequest &request, const QString &serverName, bool isOriginAllowed, const QList<QWebSocketProtocol::Version> &supportedVersions, const QList<QString> &supportedProtocols, const QList<QString> &supportedExtensions) { QStringList response; m_canUpgrade = false; if (!isOriginAllowed) { if (!m_canUpgrade) { m_error = QWebSocketProtocol::CloseCodePolicyViolated; m_errorString = tr("Access forbidden."); response << QStringLiteral("HTTP/1.1 403 Access Forbidden"); }
141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210
} else { if (request.isValid()) { const QString acceptKey = calculateAcceptKey(request.key()); const QList<QString> matchingProtocols = supportedProtocols.toSet().intersect(request.protocols().toSet()).toList(); //TODO: extensions must be kept in the order in which they arrive //cannot use set.intersect() to get the supported extensions const QList<QString> matchingExtensions = supportedExtensions.toSet().intersect(request.extensions().toSet()).toList(); QList<QWebSocketProtocol::Version> matchingVersions = request.versions().toSet().intersect(supportedVersions.toSet()).toList(); std::sort(matchingVersions.begin(), matchingVersions.end(), std::greater<QWebSocketProtocol::Version>()); //sort in descending order if (Q_UNLIKELY(matchingVersions.isEmpty())) { m_error = QWebSocketProtocol::CloseCodeProtocolError; m_errorString = tr("Unsupported version requested."); m_canUpgrade = false; } else { response << QStringLiteral("HTTP/1.1 101 Switching Protocols") << QStringLiteral("Upgrade: websocket") << QStringLiteral("Connection: Upgrade") << QStringLiteral("Sec-WebSocket-Accept: ") % acceptKey; if (!matchingProtocols.isEmpty()) { m_acceptedProtocol = matchingProtocols.first(); response << QStringLiteral("Sec-WebSocket-Protocol: ") % m_acceptedProtocol; } if (!matchingExtensions.isEmpty()) { m_acceptedExtension = matchingExtensions.first(); response << QStringLiteral("Sec-WebSocket-Extensions: ") % m_acceptedExtension; } QString origin = request.origin().trimmed(); if (origin.contains(QStringLiteral("\r\n")) || serverName.contains(QStringLiteral("\r\n"))) { m_error = QWebSocketProtocol::CloseCodeAbnormalDisconnection; m_errorString = tr("One of the headers contains a newline. " \ "Possible attack detected."); m_canUpgrade = false; } else { if (origin.isEmpty()) origin = QStringLiteral("*"); QDateTime datetime = QDateTime::currentDateTimeUtc(); response << QStringLiteral("Server: ") % serverName << QStringLiteral("Access-Control-Allow-Credentials: false") << QStringLiteral("Access-Control-Allow-Methods: GET") << QStringLiteral("Access-Control-Allow-Headers: content-type") << QStringLiteral("Access-Control-Allow-Origin: ") % origin << QStringLiteral("Date: ") % QLocale::c() .toString(datetime, QStringLiteral("ddd, dd MMM yyyy hh:mm:ss 'GMT'")); m_acceptedVersion = QWebSocketProtocol::currentVersion(); m_canUpgrade = true; } } } else { m_error = QWebSocketProtocol::CloseCodeProtocolError; m_errorString = tr("Bad handshake request received."); m_canUpgrade = false; } if (Q_UNLIKELY(!m_canUpgrade)) { response << QStringLiteral("HTTP/1.1 400 Bad Request"); QStringList versions; Q_FOREACH (const QWebSocketProtocol::Version &version, supportedVersions) versions << QString::number(static_cast<int>(version)); response << QStringLiteral("Sec-WebSocket-Version: ") % versions.join(QStringLiteral(", ")); } } response << QStringLiteral("\r\n"); //append empty line at end of header
211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267
return response.join(QStringLiteral("\r\n")); } /*! \internal */ QTextStream &QWebSocketHandshakeResponse::writeToStream(QTextStream &textStream) const { if (Q_LIKELY(!m_response.isEmpty())) textStream << m_response.toLatin1().constData(); else textStream.setStatus(QTextStream::WriteFailed); return textStream; } /*! \internal */ QTextStream &operator <<(QTextStream &stream, const QWebSocketHandshakeResponse &response) { return response.writeToStream(stream); } /*! \internal */ QWebSocketProtocol::Version QWebSocketHandshakeResponse::acceptedVersion() const { return m_acceptedVersion; } /*! \internal */ QWebSocketProtocol::CloseCode QWebSocketHandshakeResponse::error() const { return m_error; } /*! \internal */ QString QWebSocketHandshakeResponse::errorString() const { return m_errorString; } /*! \internal */ QString QWebSocketHandshakeResponse::acceptedExtension() const { return m_acceptedExtension; } QT_END_NAMESPACE