sharpetronics/QGIS
1
0
Fork 0
mirror of https://github.com/qgis/QGIS.git synced 2025-10-16 00:05:45 -04:00
Code Issues Packages Projects Releases Wiki Activity

[auth] Update auth config tests; strip passphrase from QgsPkiBundle

Browse Source
This commit is contained in:
Larry Shaffer 2015-09-24 06:44:05 -06:00
parent 83e0b81afc
commit 264d2ebbdd
5 changed files with 37 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
python/core/auth/qgsauthconfig.sip
View File

@ -65,7 +65,6 @@ class QgsPkiBundle
public:
QgsPkiBundle( const QSslCertificate &clientCert = QSslCertificate(),
const QSslKey &clientKey = QSslKey(),
const QString &keyPassphrase = QString::null ,
const QList<QSslCertificate> &caChain = QList<QSslCertificate>() );
~QgsPkiBundle();
@ -85,12 +84,9 @@ class QgsPkiBundle
const QSslCertificate clientCert() const;
void setClientCert( const QSslCertificate &cert );
const QSslKey clientKey( bool reencrypt = true ) const;
const QSslKey clientKey() const;
void setClientKey( const QSslKey &certkey );
const QString keyPassphrase() const;
void setKeyPassphrase( const QString &pass );
const QList<QSslCertificate> caChain() const;
void setCaChain( const QList<QSslCertificate> &cachain );
};

13
src/core/auth/qgsauthconfig.cpp
View File

@ -174,11 +174,9 @@ bool QgsAuthMethodConfig::uriToResource( const QString &accessurl, QString *reso
QgsPkiBundle::QgsPkiBundle( const QSslCertificate &clientCert,
const QSslKey &clientKey,
const QString &keyPassphrase,
const QList<QSslCertificate> &caChain )
: mCert( QSslCertificate() )
, mCertKey( QSslKey() )
, mKeyPassphrase( keyPassphrase )
, mCaChain( caChain )
{
setClientCert( clientCert );
@ -330,17 +328,6 @@ void QgsPkiBundle::setClientCert( const QSslCertificate &cert )
}
}
const QSslKey QgsPkiBundle::clientKey( bool reencrypt ) const
{
if ( reencrypt )
{
QSslKey cert_key( mCertKey.toPem( QByteArray() ),
QSsl::Rsa, QSsl::Pem, QSsl::PrivateKey, mKeyPassphrase.toUtf8() );
return cert_key;
}
return mCertKey;
}
void QgsPkiBundle::setClientKey( const QSslKey &certkey )
{
mCertKey.clear();

10
src/core/auth/qgsauthconfig.h
View File

@ -192,12 +192,10 @@ class CORE_EXPORT QgsPkiBundle
* Construct a bundle from existing PKI components
* @param clientCert Certificate to store in bundle
* @param clientKey Private key to store in bundle
* @param keyPassphrase Private key passphrase
* @param caChain Chain of Certificate Authorities for client certificate
*/
QgsPkiBundle( const QSslCertificate &clientCert = QSslCertificate(),
const QSslKey &clientKey = QSslKey(),
const QString &keyPassphrase = QString::null ,
const QList<QSslCertificate> &caChain = QList<QSslCertificate>() );
~QgsPkiBundle();
@ -236,15 +234,10 @@ class CORE_EXPORT QgsPkiBundle
void setClientCert( const QSslCertificate &cert );
/** Private key object */
const QSslKey clientKey( bool reencrypt = true ) const;
const QSslKey clientKey() const { return mCertKey; }
/** Set private key object */
void setClientKey( const QSslKey &certkey );
/** Private key passphrase */
const QString keyPassphrase() const { return mKeyPassphrase; }
/** Set private key passphrase */
void setKeyPassphrase( const QString &pass ) { mKeyPassphrase = pass; }
/** Chain of Certificate Authorities for client certificate */
const QList<QSslCertificate> caChain() const { return mCaChain; }
/** Set chain of Certificate Authorities for client certificate */
@ -253,7 +246,6 @@ class CORE_EXPORT QgsPkiBundle
private:
QSslCertificate mCert;
QSslKey mCertKey;
QString mKeyPassphrase;
QList<QSslCertificate> mCaChain;
};

3
src/gui/auth/qgsauthimportidentitydialog.cpp
View File

@ -312,7 +312,6 @@ bool QgsAuthImportIdentityDialog::validatePkiPaths()
mCertBundle = qMakePair( clientcert, clientkey );
mPkiBundle = QgsPkiBundle( clientcert,
clientkey,
!keypass.isEmpty() ? keypass : QString::null,
ca_certs );
}
@ -425,7 +424,7 @@ bool QgsAuthImportIdentityDialog::validatePkiPkcs12()
}
mCertBundle = qMakePair( clientcert, clientkey );
mPkiBundle = QgsPkiBundle( clientcert, clientkey, keypass, ca_certs );
mPkiBundle = QgsPkiBundle( clientcert, clientkey, ca_certs );
}
return bundlevalid;

67
tests/src/core/testqgsauthconfig.cpp
View File

@ -60,14 +60,14 @@ void TestQgsAuthConfig::cleanupTestCase()
void TestQgsAuthConfig::testMethodConfig()
{
QgsAuthMethodConfig mconfig;
Q_ASSERT( !mconfig.isValid() );
QVERIFY( !mconfig.isValid() );
mconfig.setName( "Some Name" );
mconfig.setMethod( "MethodKey" );
Q_ASSERT( mconfig.isValid() );
QVERIFY( mconfig.isValid() );
mconfig.setId( "0000000" );
Q_ASSERT( mconfig.isValid( true ) );
QVERIFY( mconfig.isValid( true ) );
mconfig.setVersion( 1 );
mconfig.setUri( "http://example.com" );
@ -89,7 +89,7 @@ void TestQgsAuthConfig::testMethodConfig()
QCOMPARE( mconfig.configString(), confstr );
mconfig.clearConfigMap();
Q_ASSERT( mconfig.configMap().isEmpty() );
QVERIFY( mconfig.configMap().isEmpty() );
mconfig.setConfig( "key1", "value1" );
mconfig.setConfig( "key2", "value2" );
@ -102,65 +102,62 @@ void TestQgsAuthConfig::testMethodConfig()
QCOMPARE( mconfig.config( "key1" ), QString( "value1" ) );
QCOMPARE( mconfig.configList( "key3" ), key3list );
Q_ASSERT( mconfig.hasConfig( "key2" ) );
QVERIFY( mconfig.hasConfig( "key2" ) );
mconfig.removeConfig( "key2" );
Q_ASSERT( !mconfig.hasConfig( "key2" ) );
QVERIFY( !mconfig.hasConfig( "key2" ) );
mconfig.loadConfigString( confstr );
QCOMPARE( mconfig.configMap(), confmap );
QCOMPARE( mconfig.configString(), confstr );
QgsAuthMethodConfig mconfig2( mconfig );
Q_ASSERT( mconfig2 == mconfig );
QVERIFY( mconfig2 == mconfig );
mconfig.setMethod( "MethodKey2" );
Q_ASSERT( mconfig2 != mconfig );
QVERIFY( mconfig2 != mconfig );
}
void TestQgsAuthConfig::testPkiBundle()
{
QgsPkiBundle bundle;
Q_ASSERT( bundle.isNull() );
Q_ASSERT( !bundle.isValid() );
QVERIFY( bundle.isNull() );
QVERIFY( !bundle.isValid() );
QList<QSslCertificate> cacerts( QSslCertificate::fromPath( smPkiData + "/chain_subissuer-issuer-root.pem" ) );
Q_ASSERT( !cacerts.isEmpty() );
QVERIFY( !cacerts.isEmpty() );
QCOMPARE( cacerts.size(), 3 );
QgsPkiBundle bundle2( QgsPkiBundle::fromPemPaths( smPkiData + "/fra_cert.pem",
smPkiData + "/fra_key_w-pass.pem",
"password",
cacerts ) );
Q_ASSERT( !bundle2.isNull() );
Q_ASSERT( bundle2.isValid() );
QVERIFY( !bundle2.isNull() );
QVERIFY( bundle2.isValid() );
QCOMPARE( bundle2.certId(), QString( "c3633c428d441853973e5081ba9be39f667f5af6" ) );
QSslCertificate clientcert( bundle2.clientCert() );
Q_ASSERT( !clientcert.isNull() );
QSslKey clientkey( bundle2.clientKey( true ) );
Q_ASSERT( !clientkey.isNull() );
QString keypass( bundle2.keyPassphrase() );
Q_ASSERT( !keypass.isEmpty() );
QVERIFY( !clientcert.isNull() );
QSslKey clientkey( bundle2.clientKey() );
QVERIFY( !clientkey.isNull() );
QList<QSslCertificate> cachain( bundle2.caChain() );
Q_ASSERT( !cachain.isEmpty() );
QVERIFY( !cachain.isEmpty() );
QCOMPARE( cachain.size(), 3 );
QgsPkiBundle bundle3( clientcert, clientkey, keypass, cachain );
Q_ASSERT( !bundle3.isNull() );
Q_ASSERT( bundle3.isValid() );
QgsPkiBundle bundle3( clientcert, clientkey, cachain );
QVERIFY( !bundle3.isNull() );
QVERIFY( bundle3.isValid() );
bundle.setClientCert( clientcert );
bundle.setClientKey( clientkey );
bundle.setKeyPassphrase( keypass );
bundle.setCaChain( cachain );
Q_ASSERT( !bundle.isNull() );
Q_ASSERT( bundle.isValid() );
QVERIFY( !bundle.isNull() );
QVERIFY( bundle.isValid() );
QgsPkiBundle bundle4( QgsPkiBundle::fromPkcs12Paths( smPkiData + "/fra_w-chain.p12",
"password" ) );
Q_ASSERT( !bundle4.isNull() );
Q_ASSERT( bundle4.isValid() );
QVERIFY( !bundle4.isNull() );
QVERIFY( bundle4.isValid() );
QList<QSslCertificate> cachain4( bundle2.caChain() );
Q_ASSERT( !cachain4.isEmpty() );
QVERIFY( !cachain4.isEmpty() );
QCOMPARE( cachain4.size(), 3 );
}
@ -172,7 +169,7 @@ void TestQgsAuthConfig::testPkiConfigBundle()
mconfig.setId( "0000000" );
mconfig.setVersion( 1 );
mconfig.setUri( "http://example.com" );
Q_ASSERT( mconfig.isValid( true ) );
QVERIFY( mconfig.isValid( true ) );
QSslCertificate clientcert( QSslCertificate::fromPath( smPkiData + "/gerardus_cert.pem" ).first() );
QByteArray keydata;
@ -183,7 +180,7 @@ void TestQgsAuthConfig::testPkiConfigBundle()
QSslKey clientkey( keydata, QSsl::Rsa );
QgsPkiConfigBundle bundle( mconfig, clientcert, clientkey );
Q_ASSERT( bundle.isValid() );
QVERIFY( bundle.isValid() );
QCOMPARE( bundle.config(), mconfig );
QCOMPARE( bundle.clientCert(), clientcert );
@ -191,7 +188,7 @@ void TestQgsAuthConfig::testPkiConfigBundle()
bundle.setConfig( mconfig );
bundle.setClientCert( clientcert );
bundle.setClientCertKey( clientkey );
Q_ASSERT( bundle.isValid() );
QVERIFY( bundle.isValid() );
QCOMPARE( bundle.config(), mconfig );
QCOMPARE( bundle.clientCert(), clientcert );
QCOMPARE( bundle.clientCertKey(), clientkey );
@ -204,8 +201,12 @@ void TestQgsAuthConfig::testConfigSslServer()
QSslCertificate sslcert( QSslCertificate::fromPath( smPkiData + "/localhost_ssl_cert.pem" ).first() );
QgsAuthConfigSslServer sslconfig;
Q_ASSERT( sslconfig.isNull() );
QVERIFY( sslconfig.isNull() );
#if QT_VERSION >= 0x040800
QCOMPARE( sslconfig.qtVersion(), 480 );
#else
QCOMPARE( sslconfig.qtVersion(), 470 );
#endif
QCOMPARE( sslconfig.version(), 1 );
QCOMPARE( sslconfig.sslPeerVerifyMode(), QSslSocket::VerifyPeer );
@ -219,7 +220,7 @@ void TestQgsAuthConfig::testConfigSslServer()
QList<QSslError::SslError> sslerrenums;
sslerrenums << QSslError::SelfSignedCertificateInChain << QSslError::SubjectIssuerMismatch;
sslconfig.setSslIgnoredErrorEnums( sslerrenums );
Q_ASSERT( !sslconfig.isNull() );
QVERIFY( !sslconfig.isNull() );
QCOMPARE( sslconfig.configString(), confstr );
QCOMPARE( sslconfig.sslHostPort(), hostport );