Skip to content
Permalink
Browse files

[auth] Update auth config tests; strip passphrase from QgsPkiBundle

  • Loading branch information
dakcarto committed Sep 24, 2015
1 parent 83e0b81 commit 264d2ebbdd261c9607e13ef30f9b0b6a546b2001
@@ -65,7 +65,6 @@ class QgsPkiBundle
public:
QgsPkiBundle( const QSslCertificate &clientCert = QSslCertificate(),
const QSslKey &clientKey = QSslKey(),
const QString &keyPassphrase = QString::null ,
const QList<QSslCertificate> &caChain = QList<QSslCertificate>() );
~QgsPkiBundle();

@@ -85,12 +84,9 @@ class QgsPkiBundle
const QSslCertificate clientCert() const;
void setClientCert( const QSslCertificate &cert );

const QSslKey clientKey( bool reencrypt = true ) const;
const QSslKey clientKey() const;
void setClientKey( const QSslKey &certkey );

const QString keyPassphrase() const;
void setKeyPassphrase( const QString &pass );

const QList<QSslCertificate> caChain() const;
void setCaChain( const QList<QSslCertificate> &cachain );
};
@@ -174,11 +174,9 @@ bool QgsAuthMethodConfig::uriToResource( const QString &accessurl, QString *reso

QgsPkiBundle::QgsPkiBundle( const QSslCertificate &clientCert,
const QSslKey &clientKey,
const QString &keyPassphrase,
const QList<QSslCertificate> &caChain )
: mCert( QSslCertificate() )
, mCertKey( QSslKey() )
, mKeyPassphrase( keyPassphrase )
, mCaChain( caChain )
{
setClientCert( clientCert );
@@ -330,17 +328,6 @@ void QgsPkiBundle::setClientCert( const QSslCertificate &cert )
}
}

const QSslKey QgsPkiBundle::clientKey( bool reencrypt ) const
{
if ( reencrypt )
{
QSslKey cert_key( mCertKey.toPem( QByteArray() ),
QSsl::Rsa, QSsl::Pem, QSsl::PrivateKey, mKeyPassphrase.toUtf8() );
return cert_key;
}
return mCertKey;
}

void QgsPkiBundle::setClientKey( const QSslKey &certkey )
{
mCertKey.clear();
@@ -192,12 +192,10 @@ class CORE_EXPORT QgsPkiBundle
* Construct a bundle from existing PKI components
* @param clientCert Certificate to store in bundle
* @param clientKey Private key to store in bundle
* @param keyPassphrase Private key passphrase
* @param caChain Chain of Certificate Authorities for client certificate
*/
QgsPkiBundle( const QSslCertificate &clientCert = QSslCertificate(),
const QSslKey &clientKey = QSslKey(),
const QString &keyPassphrase = QString::null ,
const QList<QSslCertificate> &caChain = QList<QSslCertificate>() );
~QgsPkiBundle();

@@ -236,15 +234,10 @@ class CORE_EXPORT QgsPkiBundle
void setClientCert( const QSslCertificate &cert );

/** Private key object */
const QSslKey clientKey( bool reencrypt = true ) const;
const QSslKey clientKey() const { return mCertKey; }
/** Set private key object */
void setClientKey( const QSslKey &certkey );

/** Private key passphrase */
const QString keyPassphrase() const { return mKeyPassphrase; }
/** Set private key passphrase */
void setKeyPassphrase( const QString &pass ) { mKeyPassphrase = pass; }

/** Chain of Certificate Authorities for client certificate */
const QList<QSslCertificate> caChain() const { return mCaChain; }
/** Set chain of Certificate Authorities for client certificate */
@@ -253,7 +246,6 @@ class CORE_EXPORT QgsPkiBundle
private:
QSslCertificate mCert;
QSslKey mCertKey;
QString mKeyPassphrase;
QList<QSslCertificate> mCaChain;
};

@@ -312,7 +312,6 @@ bool QgsAuthImportIdentityDialog::validatePkiPaths()
mCertBundle = qMakePair( clientcert, clientkey );
mPkiBundle = QgsPkiBundle( clientcert,
clientkey,
!keypass.isEmpty() ? keypass : QString::null,
ca_certs );
}

@@ -425,7 +424,7 @@ bool QgsAuthImportIdentityDialog::validatePkiPkcs12()
}

mCertBundle = qMakePair( clientcert, clientkey );
mPkiBundle = QgsPkiBundle( clientcert, clientkey, keypass, ca_certs );
mPkiBundle = QgsPkiBundle( clientcert, clientkey, ca_certs );
}

return bundlevalid;
@@ -60,14 +60,14 @@ void TestQgsAuthConfig::cleanupTestCase()
void TestQgsAuthConfig::testMethodConfig()
{
QgsAuthMethodConfig mconfig;
Q_ASSERT( !mconfig.isValid() );
QVERIFY( !mconfig.isValid() );

mconfig.setName( "Some Name" );
mconfig.setMethod( "MethodKey" );
Q_ASSERT( mconfig.isValid() );
QVERIFY( mconfig.isValid() );

mconfig.setId( "0000000" );
Q_ASSERT( mconfig.isValid( true ) );
QVERIFY( mconfig.isValid( true ) );

mconfig.setVersion( 1 );
mconfig.setUri( "http://example.com" );
@@ -89,7 +89,7 @@ void TestQgsAuthConfig::testMethodConfig()
QCOMPARE( mconfig.configString(), confstr );

mconfig.clearConfigMap();
Q_ASSERT( mconfig.configMap().isEmpty() );
QVERIFY( mconfig.configMap().isEmpty() );

mconfig.setConfig( "key1", "value1" );
mconfig.setConfig( "key2", "value2" );
@@ -102,65 +102,62 @@ void TestQgsAuthConfig::testMethodConfig()
QCOMPARE( mconfig.config( "key1" ), QString( "value1" ) );
QCOMPARE( mconfig.configList( "key3" ), key3list );

Q_ASSERT( mconfig.hasConfig( "key2" ) );
QVERIFY( mconfig.hasConfig( "key2" ) );
mconfig.removeConfig( "key2" );
Q_ASSERT( !mconfig.hasConfig( "key2" ) );
QVERIFY( !mconfig.hasConfig( "key2" ) );

mconfig.loadConfigString( confstr );
QCOMPARE( mconfig.configMap(), confmap );
QCOMPARE( mconfig.configString(), confstr );

QgsAuthMethodConfig mconfig2( mconfig );
Q_ASSERT( mconfig2 == mconfig );
QVERIFY( mconfig2 == mconfig );

mconfig.setMethod( "MethodKey2" );
Q_ASSERT( mconfig2 != mconfig );
QVERIFY( mconfig2 != mconfig );
}

void TestQgsAuthConfig::testPkiBundle()
{
QgsPkiBundle bundle;
Q_ASSERT( bundle.isNull() );
Q_ASSERT( !bundle.isValid() );
QVERIFY( bundle.isNull() );
QVERIFY( !bundle.isValid() );

QList<QSslCertificate> cacerts( QSslCertificate::fromPath( smPkiData + "/chain_subissuer-issuer-root.pem" ) );
Q_ASSERT( !cacerts.isEmpty() );
QVERIFY( !cacerts.isEmpty() );
QCOMPARE( cacerts.size(), 3 );
QgsPkiBundle bundle2( QgsPkiBundle::fromPemPaths( smPkiData + "/fra_cert.pem",
smPkiData + "/fra_key_w-pass.pem",
"password",
cacerts ) );
Q_ASSERT( !bundle2.isNull() );
Q_ASSERT( bundle2.isValid() );
QVERIFY( !bundle2.isNull() );
QVERIFY( bundle2.isValid() );
QCOMPARE( bundle2.certId(), QString( "c3633c428d441853973e5081ba9be39f667f5af6" ) );

QSslCertificate clientcert( bundle2.clientCert() );
Q_ASSERT( !clientcert.isNull() );
QSslKey clientkey( bundle2.clientKey( true ) );
Q_ASSERT( !clientkey.isNull() );
QString keypass( bundle2.keyPassphrase() );
Q_ASSERT( !keypass.isEmpty() );
QVERIFY( !clientcert.isNull() );
QSslKey clientkey( bundle2.clientKey() );
QVERIFY( !clientkey.isNull() );
QList<QSslCertificate> cachain( bundle2.caChain() );
Q_ASSERT( !cachain.isEmpty() );
QVERIFY( !cachain.isEmpty() );
QCOMPARE( cachain.size(), 3 );

QgsPkiBundle bundle3( clientcert, clientkey, keypass, cachain );
Q_ASSERT( !bundle3.isNull() );
Q_ASSERT( bundle3.isValid() );
QgsPkiBundle bundle3( clientcert, clientkey, cachain );
QVERIFY( !bundle3.isNull() );
QVERIFY( bundle3.isValid() );

bundle.setClientCert( clientcert );
bundle.setClientKey( clientkey );
bundle.setKeyPassphrase( keypass );
bundle.setCaChain( cachain );
Q_ASSERT( !bundle.isNull() );
Q_ASSERT( bundle.isValid() );
QVERIFY( !bundle.isNull() );
QVERIFY( bundle.isValid() );

QgsPkiBundle bundle4( QgsPkiBundle::fromPkcs12Paths( smPkiData + "/fra_w-chain.p12",
"password" ) );
Q_ASSERT( !bundle4.isNull() );
Q_ASSERT( bundle4.isValid() );
QVERIFY( !bundle4.isNull() );
QVERIFY( bundle4.isValid() );
QList<QSslCertificate> cachain4( bundle2.caChain() );
Q_ASSERT( !cachain4.isEmpty() );
QVERIFY( !cachain4.isEmpty() );
QCOMPARE( cachain4.size(), 3 );
}

@@ -172,7 +169,7 @@ void TestQgsAuthConfig::testPkiConfigBundle()
mconfig.setId( "0000000" );
mconfig.setVersion( 1 );
mconfig.setUri( "http://example.com" );
Q_ASSERT( mconfig.isValid( true ) );
QVERIFY( mconfig.isValid( true ) );

QSslCertificate clientcert( QSslCertificate::fromPath( smPkiData + "/gerardus_cert.pem" ).first() );
QByteArray keydata;
@@ -183,15 +180,15 @@ void TestQgsAuthConfig::testPkiConfigBundle()
QSslKey clientkey( keydata, QSsl::Rsa );

QgsPkiConfigBundle bundle( mconfig, clientcert, clientkey );
Q_ASSERT( bundle.isValid() );
QVERIFY( bundle.isValid() );
QCOMPARE( bundle.config(), mconfig );

QCOMPARE( bundle.clientCert(), clientcert );
QCOMPARE( bundle.clientCertKey(), clientkey );
bundle.setConfig( mconfig );
bundle.setClientCert( clientcert );
bundle.setClientCertKey( clientkey );
Q_ASSERT( bundle.isValid() );
QVERIFY( bundle.isValid() );
QCOMPARE( bundle.config(), mconfig );
QCOMPARE( bundle.clientCert(), clientcert );
QCOMPARE( bundle.clientCertKey(), clientkey );
@@ -204,8 +201,12 @@ void TestQgsAuthConfig::testConfigSslServer()
QSslCertificate sslcert( QSslCertificate::fromPath( smPkiData + "/localhost_ssl_cert.pem" ).first() );

QgsAuthConfigSslServer sslconfig;
Q_ASSERT( sslconfig.isNull() );
QVERIFY( sslconfig.isNull() );
#if QT_VERSION >= 0x040800
QCOMPARE( sslconfig.qtVersion(), 480 );
#else
QCOMPARE( sslconfig.qtVersion(), 470 );
#endif
QCOMPARE( sslconfig.version(), 1 );
QCOMPARE( sslconfig.sslPeerVerifyMode(), QSslSocket::VerifyPeer );

@@ -219,7 +220,7 @@ void TestQgsAuthConfig::testConfigSslServer()
QList<QSslError::SslError> sslerrenums;
sslerrenums << QSslError::SelfSignedCertificateInChain << QSslError::SubjectIssuerMismatch;
sslconfig.setSslIgnoredErrorEnums( sslerrenums );
Q_ASSERT( !sslconfig.isNull() );
QVERIFY( !sslconfig.isNull() );

QCOMPARE( sslconfig.configString(), confstr );
QCOMPARE( sslconfig.sslHostPort(), hostport );

0 comments on commit 264d2eb

Please sign in to comment.
You can’t perform that action at this time.