sharpetronics/QGIS
1
0
Fork 0
mirror of https://github.com/qgis/QGIS.git synced 2025-10-17 00:09:36 -04:00
Code Issues Packages Projects Releases Wiki Activity

[auth] Update auth config tests; strip passphrase from QgsPkiBundle

Browse Source
This commit is contained in:
Larry Shaffer 2015-09-24 06:44:05 -06:00
parent 83e0b81afc
commit 264d2ebbdd
5 changed files with 37 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
python/core/auth/qgsauthconfig.sip
View File

@ -65,7 +65,6 @@ class QgsPkiBundle
public: public:
QgsPkiBundle( const QSslCertificate &clientCert = QSslCertificate(), QgsPkiBundle( const QSslCertificate &clientCert = QSslCertificate(),
const QSslKey &clientKey = QSslKey(), const QSslKey &clientKey = QSslKey(),
const QString &keyPassphrase = QString::null ,
const QList<QSslCertificate> &caChain = QList<QSslCertificate>() ); const QList<QSslCertificate> &caChain = QList<QSslCertificate>() );
~QgsPkiBundle(); ~QgsPkiBundle();
@ -85,12 +84,9 @@ class QgsPkiBundle
const QSslCertificate clientCert() const; const QSslCertificate clientCert() const;
void setClientCert( const QSslCertificate &cert ); void setClientCert( const QSslCertificate &cert );
const QSslKey clientKey( bool reencrypt = true ) const; const QSslKey clientKey() const;
void setClientKey( const QSslKey &certkey ); void setClientKey( const QSslKey &certkey );
const QString keyPassphrase() const;
void setKeyPassphrase( const QString &pass );
const QList<QSslCertificate> caChain() const; const QList<QSslCertificate> caChain() const;
void setCaChain( const QList<QSslCertificate> &cachain ); void setCaChain( const QList<QSslCertificate> &cachain );
}; };

13
src/core/auth/qgsauthconfig.cpp
View File

@ -174,11 +174,9 @@ bool QgsAuthMethodConfig::uriToResource( const QString &accessurl, QString *reso
QgsPkiBundle::QgsPkiBundle( const QSslCertificate &clientCert, QgsPkiBundle::QgsPkiBundle( const QSslCertificate &clientCert,
const QSslKey &clientKey, const QSslKey &clientKey,
const QString &keyPassphrase,
const QList<QSslCertificate> &caChain ) const QList<QSslCertificate> &caChain )
: mCert( QSslCertificate() ) : mCert( QSslCertificate() )
, mCertKey( QSslKey() ) , mCertKey( QSslKey() )
, mKeyPassphrase( keyPassphrase )
, mCaChain( caChain ) , mCaChain( caChain )
{ {
setClientCert( clientCert ); setClientCert( clientCert );
@ -330,17 +328,6 @@ void QgsPkiBundle::setClientCert( const QSslCertificate &cert )
} }
} }
const QSslKey QgsPkiBundle::clientKey( bool reencrypt ) const
{
if ( reencrypt )
{
QSslKey cert_key( mCertKey.toPem( QByteArray() ),
QSsl::Rsa, QSsl::Pem, QSsl::PrivateKey, mKeyPassphrase.toUtf8() );
return cert_key;
}
return mCertKey;
}
void QgsPkiBundle::setClientKey( const QSslKey &certkey ) void QgsPkiBundle::setClientKey( const QSslKey &certkey )
{ {
mCertKey.clear(); mCertKey.clear();

10
src/core/auth/qgsauthconfig.h
View File

@ -192,12 +192,10 @@ class CORE_EXPORT QgsPkiBundle
* Construct a bundle from existing PKI components * Construct a bundle from existing PKI components
* @param clientCert Certificate to store in bundle * @param clientCert Certificate to store in bundle
* @param clientKey Private key to store in bundle * @param clientKey Private key to store in bundle
* @param keyPassphrase Private key passphrase
* @param caChain Chain of Certificate Authorities for client certificate * @param caChain Chain of Certificate Authorities for client certificate
*/ */
QgsPkiBundle( const QSslCertificate &clientCert = QSslCertificate(), QgsPkiBundle( const QSslCertificate &clientCert = QSslCertificate(),
const QSslKey &clientKey = QSslKey(), const QSslKey &clientKey = QSslKey(),
const QString &keyPassphrase = QString::null ,
const QList<QSslCertificate> &caChain = QList<QSslCertificate>() ); const QList<QSslCertificate> &caChain = QList<QSslCertificate>() );
~QgsPkiBundle(); ~QgsPkiBundle();
@ -236,15 +234,10 @@ class CORE_EXPORT QgsPkiBundle
void setClientCert( const QSslCertificate &cert ); void setClientCert( const QSslCertificate &cert );
/** Private key object */ /** Private key object */
const QSslKey clientKey( bool reencrypt = true ) const; const QSslKey clientKey() const { return mCertKey; }
/** Set private key object */ /** Set private key object */
void setClientKey( const QSslKey &certkey ); void setClientKey( const QSslKey &certkey );
/** Private key passphrase */
const QString keyPassphrase() const { return mKeyPassphrase; }
/** Set private key passphrase */
void setKeyPassphrase( const QString &pass ) { mKeyPassphrase = pass; }
/** Chain of Certificate Authorities for client certificate */ /** Chain of Certificate Authorities for client certificate */
const QList<QSslCertificate> caChain() const { return mCaChain; } const QList<QSslCertificate> caChain() const { return mCaChain; }
/** Set chain of Certificate Authorities for client certificate */ /** Set chain of Certificate Authorities for client certificate */
@ -253,7 +246,6 @@ class CORE_EXPORT QgsPkiBundle
private: private:
QSslCertificate mCert; QSslCertificate mCert;
QSslKey mCertKey; QSslKey mCertKey;
QString mKeyPassphrase;
QList<QSslCertificate> mCaChain; QList<QSslCertificate> mCaChain;
}; };

3
src/gui/auth/qgsauthimportidentitydialog.cpp
View File

@ -312,7 +312,6 @@ bool QgsAuthImportIdentityDialog::validatePkiPaths()
mCertBundle = qMakePair( clientcert, clientkey ); mCertBundle = qMakePair( clientcert, clientkey );
mPkiBundle = QgsPkiBundle( clientcert, mPkiBundle = QgsPkiBundle( clientcert,
clientkey, clientkey,
!keypass.isEmpty() ? keypass : QString::null,
ca_certs ); ca_certs );
} }
@ -425,7 +424,7 @@ bool QgsAuthImportIdentityDialog::validatePkiPkcs12()
} }
mCertBundle = qMakePair( clientcert, clientkey ); mCertBundle = qMakePair( clientcert, clientkey );
mPkiBundle = QgsPkiBundle( clientcert, clientkey, keypass, ca_certs ); mPkiBundle = QgsPkiBundle( clientcert, clientkey, ca_certs );
} }
return bundlevalid; return bundlevalid;

67
tests/src/core/testqgsauthconfig.cpp
View File

@ -60,14 +60,14 @@ void TestQgsAuthConfig::cleanupTestCase()
void TestQgsAuthConfig::testMethodConfig() void TestQgsAuthConfig::testMethodConfig()
{ {
QgsAuthMethodConfig mconfig; QgsAuthMethodConfig mconfig;
Q_ASSERT( !mconfig.isValid() ); QVERIFY( !mconfig.isValid() );
mconfig.setName( "Some Name" ); mconfig.setName( "Some Name" );
mconfig.setMethod( "MethodKey" ); mconfig.setMethod( "MethodKey" );
Q_ASSERT( mconfig.isValid() ); QVERIFY( mconfig.isValid() );
mconfig.setId( "0000000" ); mconfig.setId( "0000000" );
Q_ASSERT( mconfig.isValid( true ) ); QVERIFY( mconfig.isValid( true ) );
mconfig.setVersion( 1 ); mconfig.setVersion( 1 );
mconfig.setUri( "http://example.com" ); mconfig.setUri( "http://example.com" );
@ -89,7 +89,7 @@ void TestQgsAuthConfig::testMethodConfig()
QCOMPARE( mconfig.configString(), confstr ); QCOMPARE( mconfig.configString(), confstr );
mconfig.clearConfigMap(); mconfig.clearConfigMap();
Q_ASSERT( mconfig.configMap().isEmpty() ); QVERIFY( mconfig.configMap().isEmpty() );
mconfig.setConfig( "key1", "value1" ); mconfig.setConfig( "key1", "value1" );
mconfig.setConfig( "key2", "value2" ); mconfig.setConfig( "key2", "value2" );
@ -102,65 +102,62 @@ void TestQgsAuthConfig::testMethodConfig()
QCOMPARE( mconfig.config( "key1" ), QString( "value1" ) ); QCOMPARE( mconfig.config( "key1" ), QString( "value1" ) );
QCOMPARE( mconfig.configList( "key3" ), key3list ); QCOMPARE( mconfig.configList( "key3" ), key3list );
Q_ASSERT( mconfig.hasConfig( "key2" ) ); QVERIFY( mconfig.hasConfig( "key2" ) );
mconfig.removeConfig( "key2" ); mconfig.removeConfig( "key2" );
Q_ASSERT( !mconfig.hasConfig( "key2" ) ); QVERIFY( !mconfig.hasConfig( "key2" ) );
mconfig.loadConfigString( confstr ); mconfig.loadConfigString( confstr );
QCOMPARE( mconfig.configMap(), confmap ); QCOMPARE( mconfig.configMap(), confmap );
QCOMPARE( mconfig.configString(), confstr ); QCOMPARE( mconfig.configString(), confstr );
QgsAuthMethodConfig mconfig2( mconfig ); QgsAuthMethodConfig mconfig2( mconfig );
Q_ASSERT( mconfig2 == mconfig ); QVERIFY( mconfig2 == mconfig );
mconfig.setMethod( "MethodKey2" ); mconfig.setMethod( "MethodKey2" );
Q_ASSERT( mconfig2 != mconfig ); QVERIFY( mconfig2 != mconfig );
} }
void TestQgsAuthConfig::testPkiBundle() void TestQgsAuthConfig::testPkiBundle()
{ {
QgsPkiBundle bundle; QgsPkiBundle bundle;
Q_ASSERT( bundle.isNull() ); QVERIFY( bundle.isNull() );
Q_ASSERT( !bundle.isValid() ); QVERIFY( !bundle.isValid() );
QList<QSslCertificate> cacerts( QSslCertificate::fromPath( smPkiData + "/chain_subissuer-issuer-root.pem" ) ); QList<QSslCertificate> cacerts( QSslCertificate::fromPath( smPkiData + "/chain_subissuer-issuer-root.pem" ) );
Q_ASSERT( !cacerts.isEmpty() ); QVERIFY( !cacerts.isEmpty() );
QCOMPARE( cacerts.size(), 3 ); QCOMPARE( cacerts.size(), 3 );
QgsPkiBundle bundle2( QgsPkiBundle::fromPemPaths( smPkiData + "/fra_cert.pem", QgsPkiBundle bundle2( QgsPkiBundle::fromPemPaths( smPkiData + "/fra_cert.pem",
smPkiData + "/fra_key_w-pass.pem", smPkiData + "/fra_key_w-pass.pem",
"password", "password",
cacerts ) ); cacerts ) );
Q_ASSERT( !bundle2.isNull() ); QVERIFY( !bundle2.isNull() );
Q_ASSERT( bundle2.isValid() ); QVERIFY( bundle2.isValid() );
QCOMPARE( bundle2.certId(), QString( "c3633c428d441853973e5081ba9be39f667f5af6" ) ); QCOMPARE( bundle2.certId(), QString( "c3633c428d441853973e5081ba9be39f667f5af6" ) );
QSslCertificate clientcert( bundle2.clientCert() ); QSslCertificate clientcert( bundle2.clientCert() );
Q_ASSERT( !clientcert.isNull() ); QVERIFY( !clientcert.isNull() );
QSslKey clientkey( bundle2.clientKey( true ) ); QSslKey clientkey( bundle2.clientKey() );
Q_ASSERT( !clientkey.isNull() ); QVERIFY( !clientkey.isNull() );
QString keypass( bundle2.keyPassphrase() );
Q_ASSERT( !keypass.isEmpty() );
QList<QSslCertificate> cachain( bundle2.caChain() ); QList<QSslCertificate> cachain( bundle2.caChain() );
Q_ASSERT( !cachain.isEmpty() ); QVERIFY( !cachain.isEmpty() );
QCOMPARE( cachain.size(), 3 ); QCOMPARE( cachain.size(), 3 );
QgsPkiBundle bundle3( clientcert, clientkey, keypass, cachain ); QgsPkiBundle bundle3( clientcert, clientkey, cachain );
Q_ASSERT( !bundle3.isNull() ); QVERIFY( !bundle3.isNull() );
Q_ASSERT( bundle3.isValid() ); QVERIFY( bundle3.isValid() );
bundle.setClientCert( clientcert ); bundle.setClientCert( clientcert );
bundle.setClientKey( clientkey ); bundle.setClientKey( clientkey );
bundle.setKeyPassphrase( keypass );
bundle.setCaChain( cachain ); bundle.setCaChain( cachain );
Q_ASSERT( !bundle.isNull() ); QVERIFY( !bundle.isNull() );
Q_ASSERT( bundle.isValid() ); QVERIFY( bundle.isValid() );
QgsPkiBundle bundle4( QgsPkiBundle::fromPkcs12Paths( smPkiData + "/fra_w-chain.p12", QgsPkiBundle bundle4( QgsPkiBundle::fromPkcs12Paths( smPkiData + "/fra_w-chain.p12",
"password" ) ); "password" ) );
Q_ASSERT( !bundle4.isNull() ); QVERIFY( !bundle4.isNull() );
Q_ASSERT( bundle4.isValid() ); QVERIFY( bundle4.isValid() );
QList<QSslCertificate> cachain4( bundle2.caChain() ); QList<QSslCertificate> cachain4( bundle2.caChain() );
Q_ASSERT( !cachain4.isEmpty() ); QVERIFY( !cachain4.isEmpty() );
QCOMPARE( cachain4.size(), 3 ); QCOMPARE( cachain4.size(), 3 );
} }
@ -172,7 +169,7 @@ void TestQgsAuthConfig::testPkiConfigBundle()
mconfig.setId( "0000000" ); mconfig.setId( "0000000" );
mconfig.setVersion( 1 ); mconfig.setVersion( 1 );
mconfig.setUri( "http://example.com" ); mconfig.setUri( "http://example.com" );
Q_ASSERT( mconfig.isValid( true ) ); QVERIFY( mconfig.isValid( true ) );
QSslCertificate clientcert( QSslCertificate::fromPath( smPkiData + "/gerardus_cert.pem" ).first() ); QSslCertificate clientcert( QSslCertificate::fromPath( smPkiData + "/gerardus_cert.pem" ).first() );
QByteArray keydata; QByteArray keydata;
@ -183,7 +180,7 @@ void TestQgsAuthConfig::testPkiConfigBundle()
QSslKey clientkey( keydata, QSsl::Rsa ); QSslKey clientkey( keydata, QSsl::Rsa );
QgsPkiConfigBundle bundle( mconfig, clientcert, clientkey ); QgsPkiConfigBundle bundle( mconfig, clientcert, clientkey );
Q_ASSERT( bundle.isValid() ); QVERIFY( bundle.isValid() );
QCOMPARE( bundle.config(), mconfig ); QCOMPARE( bundle.config(), mconfig );
QCOMPARE( bundle.clientCert(), clientcert ); QCOMPARE( bundle.clientCert(), clientcert );
@ -191,7 +188,7 @@ void TestQgsAuthConfig::testPkiConfigBundle()
bundle.setConfig( mconfig ); bundle.setConfig( mconfig );
bundle.setClientCert( clientcert ); bundle.setClientCert( clientcert );
bundle.setClientCertKey( clientkey ); bundle.setClientCertKey( clientkey );
Q_ASSERT( bundle.isValid() ); QVERIFY( bundle.isValid() );
QCOMPARE( bundle.config(), mconfig ); QCOMPARE( bundle.config(), mconfig );
QCOMPARE( bundle.clientCert(), clientcert ); QCOMPARE( bundle.clientCert(), clientcert );
QCOMPARE( bundle.clientCertKey(), clientkey ); QCOMPARE( bundle.clientCertKey(), clientkey );
@ -204,8 +201,12 @@ void TestQgsAuthConfig::testConfigSslServer()
QSslCertificate sslcert( QSslCertificate::fromPath( smPkiData + "/localhost_ssl_cert.pem" ).first() ); QSslCertificate sslcert( QSslCertificate::fromPath( smPkiData + "/localhost_ssl_cert.pem" ).first() );
QgsAuthConfigSslServer sslconfig; QgsAuthConfigSslServer sslconfig;
Q_ASSERT( sslconfig.isNull() ); QVERIFY( sslconfig.isNull() );
#if QT_VERSION >= 0x040800
QCOMPARE( sslconfig.qtVersion(), 480 ); QCOMPARE( sslconfig.qtVersion(), 480 );
#else
QCOMPARE( sslconfig.qtVersion(), 470 );
#endif
QCOMPARE( sslconfig.version(), 1 ); QCOMPARE( sslconfig.version(), 1 );
QCOMPARE( sslconfig.sslPeerVerifyMode(), QSslSocket::VerifyPeer ); QCOMPARE( sslconfig.sslPeerVerifyMode(), QSslSocket::VerifyPeer );
@ -219,7 +220,7 @@ void TestQgsAuthConfig::testConfigSslServer()
QList<QSslError::SslError> sslerrenums; QList<QSslError::SslError> sslerrenums;
sslerrenums << QSslError::SelfSignedCertificateInChain << QSslError::SubjectIssuerMismatch; sslerrenums << QSslError::SelfSignedCertificateInChain << QSslError::SubjectIssuerMismatch;
sslconfig.setSslIgnoredErrorEnums( sslerrenums ); sslconfig.setSslIgnoredErrorEnums( sslerrenums );
Q_ASSERT( !sslconfig.isNull() ); QVERIFY( !sslconfig.isNull() );
QCOMPARE( sslconfig.configString(), confstr ); QCOMPARE( sslconfig.configString(), confstr );
QCOMPARE( sslconfig.sslHostPort(), hostport ); QCOMPARE( sslconfig.sslHostPort(), hostport );