[auth] Update auth config tests; strip passphrase from QgsPkiBundle

qgis · Sep 24, 2015 · 264d2eb · 264d2eb
1 parent 83e0b81
commit 264d2eb
Show file tree

Hide file tree

Showing 5 changed files with 37 additions and 62 deletions.
diff --git a/python/core/auth/qgsauthconfig.sip b/python/core/auth/qgsauthconfig.sip
@@ -65,7 +65,6 @@ class QgsPkiBundle
   public:
     QgsPkiBundle( const QSslCertificate &clientCert = QSslCertificate(),
                   const QSslKey &clientKey = QSslKey(),
-                  const QString &keyPassphrase = QString::null ,
                   const QList<QSslCertificate> &caChain = QList<QSslCertificate>() );
     ~QgsPkiBundle();
 
@@ -85,12 +84,9 @@ class QgsPkiBundle
     const QSslCertificate clientCert() const;
     void setClientCert( const QSslCertificate &cert );
 
-    const QSslKey clientKey( bool reencrypt = true ) const;
+    const QSslKey clientKey() const;
     void setClientKey( const QSslKey &certkey );
 
-    const QString keyPassphrase() const;
-    void setKeyPassphrase( const QString &pass );
-
     const QList<QSslCertificate> caChain() const;
     void setCaChain( const QList<QSslCertificate> &cachain );
 };

diff --git a/src/core/auth/qgsauthconfig.cpp b/src/core/auth/qgsauthconfig.cpp
@@ -174,11 +174,9 @@ bool QgsAuthMethodConfig::uriToResource( const QString &accessurl, QString *reso
 
 QgsPkiBundle::QgsPkiBundle( const QSslCertificate &clientCert,
                             const QSslKey &clientKey,
-                            const QString &keyPassphrase,
                             const QList<QSslCertificate> &caChain )
     : mCert( QSslCertificate() )
     , mCertKey( QSslKey() )
-    , mKeyPassphrase( keyPassphrase )
     , mCaChain( caChain )
 {
   setClientCert( clientCert );
@@ -330,17 +328,6 @@ void QgsPkiBundle::setClientCert( const QSslCertificate &cert )
   }
 }
 
-const QSslKey QgsPkiBundle::clientKey( bool reencrypt ) const
-{
-  if ( reencrypt )
-  {
-    QSslKey cert_key( mCertKey.toPem( QByteArray() ),
-                      QSsl::Rsa, QSsl::Pem, QSsl::PrivateKey, mKeyPassphrase.toUtf8() );
-    return cert_key;
-  }
-  return mCertKey;
-}
-
 void QgsPkiBundle::setClientKey( const QSslKey &certkey )
 {
   mCertKey.clear();

diff --git a/src/core/auth/qgsauthconfig.h b/src/core/auth/qgsauthconfig.h
@@ -192,12 +192,10 @@ class CORE_EXPORT QgsPkiBundle
      * Construct a bundle from existing PKI components
      * @param clientCert Certificate to store in bundle
      * @param clientKey Private key to store in bundle
-     * @param keyPassphrase Private key passphrase
      * @param caChain Chain of Certificate Authorities for client certificate
      */
     QgsPkiBundle( const QSslCertificate &clientCert = QSslCertificate(),
                   const QSslKey &clientKey = QSslKey(),
-                  const QString &keyPassphrase = QString::null ,
                   const QList<QSslCertificate> &caChain = QList<QSslCertificate>() );
     ~QgsPkiBundle();
 
@@ -236,15 +234,10 @@ class CORE_EXPORT QgsPkiBundle
     void setClientCert( const QSslCertificate &cert );
 
     /** Private key object */
-    const QSslKey clientKey( bool reencrypt = true ) const;
+    const QSslKey clientKey() const { return mCertKey; }
     /** Set private key object */
     void setClientKey( const QSslKey &certkey );
 
-    /** Private key passphrase */
-    const QString keyPassphrase() const { return mKeyPassphrase; }
-    /** Set private key passphrase */
-    void setKeyPassphrase( const QString &pass ) { mKeyPassphrase = pass; }
-
     /** Chain of Certificate Authorities for client certificate */
     const QList<QSslCertificate> caChain() const { return mCaChain; }
     /** Set chain of Certificate Authorities for client certificate */
@@ -253,7 +246,6 @@ class CORE_EXPORT QgsPkiBundle
   private:
     QSslCertificate mCert;
     QSslKey mCertKey;
-    QString mKeyPassphrase;
     QList<QSslCertificate> mCaChain;
 };
 

diff --git a/src/gui/auth/qgsauthimportidentitydialog.cpp b/src/gui/auth/qgsauthimportidentitydialog.cpp
@@ -312,7 +312,6 @@ bool QgsAuthImportIdentityDialog::validatePkiPaths()
     mCertBundle = qMakePair( clientcert, clientkey );
     mPkiBundle = QgsPkiBundle( clientcert,
                                clientkey,
-                               !keypass.isEmpty() ? keypass : QString::null,
                                ca_certs );
   }
 
@@ -425,7 +424,7 @@ bool QgsAuthImportIdentityDialog::validatePkiPkcs12()
     }
 
     mCertBundle = qMakePair( clientcert, clientkey );
-    mPkiBundle = QgsPkiBundle( clientcert, clientkey, keypass, ca_certs );
+    mPkiBundle = QgsPkiBundle( clientcert, clientkey, ca_certs );
   }
 
   return bundlevalid;

diff --git a/tests/src/core/testqgsauthconfig.cpp b/tests/src/core/testqgsauthconfig.cpp
@@ -60,14 +60,14 @@ void TestQgsAuthConfig::cleanupTestCase()
 void TestQgsAuthConfig::testMethodConfig()
 {
   QgsAuthMethodConfig mconfig;
-  Q_ASSERT( !mconfig.isValid() );
+  QVERIFY( !mconfig.isValid() );
 
   mconfig.setName( "Some Name" );
   mconfig.setMethod( "MethodKey" );
-  Q_ASSERT( mconfig.isValid() );
+  QVERIFY( mconfig.isValid() );
 
   mconfig.setId( "0000000" );
-  Q_ASSERT( mconfig.isValid( true ) );
+  QVERIFY( mconfig.isValid( true ) );
 
   mconfig.setVersion( 1 );
   mconfig.setUri( "http://example.com" );
@@ -89,7 +89,7 @@ void TestQgsAuthConfig::testMethodConfig()
   QCOMPARE( mconfig.configString(), confstr );
 
   mconfig.clearConfigMap();
-  Q_ASSERT( mconfig.configMap().isEmpty() );
+  QVERIFY( mconfig.configMap().isEmpty() );
 
   mconfig.setConfig( "key1", "value1" );
   mconfig.setConfig( "key2", "value2" );
@@ -102,65 +102,62 @@ void TestQgsAuthConfig::testMethodConfig()
   QCOMPARE( mconfig.config( "key1" ), QString( "value1" ) );
   QCOMPARE( mconfig.configList( "key3" ), key3list );
 
-  Q_ASSERT( mconfig.hasConfig( "key2" ) );
+  QVERIFY( mconfig.hasConfig( "key2" ) );
   mconfig.removeConfig( "key2" );
-  Q_ASSERT( !mconfig.hasConfig( "key2" ) );
+  QVERIFY( !mconfig.hasConfig( "key2" ) );
 
   mconfig.loadConfigString( confstr );
   QCOMPARE( mconfig.configMap(), confmap );
   QCOMPARE( mconfig.configString(), confstr );
 
   QgsAuthMethodConfig mconfig2( mconfig );
-  Q_ASSERT( mconfig2 == mconfig );
+  QVERIFY( mconfig2 == mconfig );
 
   mconfig.setMethod( "MethodKey2" );
-  Q_ASSERT( mconfig2 != mconfig );
+  QVERIFY( mconfig2 != mconfig );
 }
 
 void TestQgsAuthConfig::testPkiBundle()
 {
   QgsPkiBundle bundle;
-  Q_ASSERT( bundle.isNull() );
-  Q_ASSERT( !bundle.isValid() );
+  QVERIFY( bundle.isNull() );
+  QVERIFY( !bundle.isValid() );
 
   QList<QSslCertificate> cacerts( QSslCertificate::fromPath( smPkiData + "/chain_subissuer-issuer-root.pem" ) );
-  Q_ASSERT( !cacerts.isEmpty() );
+  QVERIFY( !cacerts.isEmpty() );
   QCOMPARE( cacerts.size(), 3 );
   QgsPkiBundle bundle2( QgsPkiBundle::fromPemPaths( smPkiData + "/fra_cert.pem",
                         smPkiData + "/fra_key_w-pass.pem",
                         "password",
                         cacerts ) );
-  Q_ASSERT( !bundle2.isNull() );
-  Q_ASSERT( bundle2.isValid() );
+  QVERIFY( !bundle2.isNull() );
+  QVERIFY( bundle2.isValid() );
   QCOMPARE( bundle2.certId(), QString( "c3633c428d441853973e5081ba9be39f667f5af6" ) );
 
   QSslCertificate clientcert( bundle2.clientCert() );
-  Q_ASSERT( !clientcert.isNull() );
-  QSslKey clientkey( bundle2.clientKey( true ) );
-  Q_ASSERT( !clientkey.isNull() );
-  QString keypass( bundle2.keyPassphrase() );
-  Q_ASSERT( !keypass.isEmpty() );
+  QVERIFY( !clientcert.isNull() );
+  QSslKey clientkey( bundle2.clientKey() );
+  QVERIFY( !clientkey.isNull() );
   QList<QSslCertificate> cachain( bundle2.caChain() );
-  Q_ASSERT( !cachain.isEmpty() );
+  QVERIFY( !cachain.isEmpty() );
   QCOMPARE( cachain.size(), 3 );
 
-  QgsPkiBundle bundle3( clientcert, clientkey, keypass, cachain );
-  Q_ASSERT( !bundle3.isNull() );
-  Q_ASSERT( bundle3.isValid() );
+  QgsPkiBundle bundle3( clientcert, clientkey, cachain );
+  QVERIFY( !bundle3.isNull() );
+  QVERIFY( bundle3.isValid() );
 
   bundle.setClientCert( clientcert );
   bundle.setClientKey( clientkey );
-  bundle.setKeyPassphrase( keypass );
   bundle.setCaChain( cachain );
-  Q_ASSERT( !bundle.isNull() );
-  Q_ASSERT( bundle.isValid() );
+  QVERIFY( !bundle.isNull() );
+  QVERIFY( bundle.isValid() );
 
   QgsPkiBundle bundle4( QgsPkiBundle::fromPkcs12Paths( smPkiData + "/fra_w-chain.p12",
                         "password" ) );
-  Q_ASSERT( !bundle4.isNull() );
-  Q_ASSERT( bundle4.isValid() );
+  QVERIFY( !bundle4.isNull() );
+  QVERIFY( bundle4.isValid() );
   QList<QSslCertificate> cachain4( bundle2.caChain() );
-  Q_ASSERT( !cachain4.isEmpty() );
+  QVERIFY( !cachain4.isEmpty() );
   QCOMPARE( cachain4.size(), 3 );
 }
 
@@ -172,7 +169,7 @@ void TestQgsAuthConfig::testPkiConfigBundle()
   mconfig.setId( "0000000" );
   mconfig.setVersion( 1 );
   mconfig.setUri( "http://example.com" );
-  Q_ASSERT( mconfig.isValid( true ) );
+  QVERIFY( mconfig.isValid( true ) );
 
   QSslCertificate clientcert( QSslCertificate::fromPath( smPkiData + "/gerardus_cert.pem" ).first() );
   QByteArray keydata;
@@ -183,15 +180,15 @@ void TestQgsAuthConfig::testPkiConfigBundle()
   QSslKey clientkey( keydata, QSsl::Rsa );
 
   QgsPkiConfigBundle bundle( mconfig, clientcert, clientkey );
-  Q_ASSERT( bundle.isValid() );
+  QVERIFY( bundle.isValid() );
   QCOMPARE( bundle.config(), mconfig );
 
   QCOMPARE( bundle.clientCert(), clientcert );
   QCOMPARE( bundle.clientCertKey(), clientkey );
   bundle.setConfig( mconfig );
   bundle.setClientCert( clientcert );
   bundle.setClientCertKey( clientkey );
-  Q_ASSERT( bundle.isValid() );
+  QVERIFY( bundle.isValid() );
   QCOMPARE( bundle.config(), mconfig );
   QCOMPARE( bundle.clientCert(), clientcert );
   QCOMPARE( bundle.clientCertKey(), clientkey );
@@ -204,8 +201,12 @@ void TestQgsAuthConfig::testConfigSslServer()
   QSslCertificate sslcert( QSslCertificate::fromPath( smPkiData + "/localhost_ssl_cert.pem" ).first() );
 
   QgsAuthConfigSslServer sslconfig;
-  Q_ASSERT( sslconfig.isNull() );
+  QVERIFY( sslconfig.isNull() );
+#if QT_VERSION >= 0x040800
   QCOMPARE( sslconfig.qtVersion(), 480 );
+#else
+  QCOMPARE( sslconfig.qtVersion(), 470 );
+#endif
   QCOMPARE( sslconfig.version(), 1 );
   QCOMPARE( sslconfig.sslPeerVerifyMode(), QSslSocket::VerifyPeer );
 
@@ -219,7 +220,7 @@ void TestQgsAuthConfig::testConfigSslServer()
   QList<QSslError::SslError> sslerrenums;
   sslerrenums << QSslError::SelfSignedCertificateInChain << QSslError::SubjectIssuerMismatch;
   sslconfig.setSslIgnoredErrorEnums( sslerrenums );
-  Q_ASSERT( !sslconfig.isNull() );
+  QVERIFY( !sslconfig.isNull() );
 
   QCOMPARE( sslconfig.configString(), confstr );
   QCOMPARE( sslconfig.sslHostPort(), hostport );