[auth] Integrate cert viable functions into auth system

dakcarto · dakcarto · commit 671ce6359f5c · 2017-10-27T14:06:52.000-06:00
diff --git a/src/auth/identcert/qgsauthidentcertmethod.cpp b/src/auth/identcert/qgsauthidentcertmethod.cpp
@@ -251,9 +251,9 @@ QgsPkiConfigBundle *QgsAuthIdentCertMethod::getPkiConfigBundle( const QString &a
   // init client cert
   // Note: if this is not valid, no sense continuing
   QSslCertificate clientcert( cibundle.first );
-  if ( !clientcert.isValid() )
+  if ( !QgsAuthCertUtils::certIsViable( clientcert ) )
   {
-    QgsDebugMsg( QString( "PKI bundle for authcfg %1: insert FAILED, client cert is not valid" ).arg( authcfg ) );
+    QgsDebugMsg( QString( "PKI bundle for authcfg %1: insert FAILED, client cert is not viable" ).arg( authcfg ) );
     return bundle;
   }
 
diff --git a/src/auth/pkipaths/qgsauthpkipathsedit.cpp b/src/auth/pkipaths/qgsauthpkipathsedit.cpp
@@ -24,6 +24,7 @@
 #include <QSslKey>
 
 #include "qgsapplication.h"
+#include "qgsauthcertutils.h"
 #include "qgsauthmanager.h"
 #include "qgsauthguiutils.h"
 #include "qgslogger.h"
@@ -97,21 +98,21 @@ bool QgsAuthPkiPathsEdit::validateConfig()
     return validityChange( false );
   }
 
-  bool certvalid = cert.isValid();
   QDateTime startdate( cert.effectiveDate() );
   QDateTime enddate( cert.expiryDate() );
 
   writePkiMessage( lePkiPathsMsg,
                    tr( "%1 thru %2" ).arg( startdate.toString(), enddate.toString() ),
-                   ( certvalid ? Valid : Invalid ) );
+                   ( QgsAuthCertUtils::certIsCurrent( cert ) ? Valid : Invalid ) );
 
-  bool showCas( certvalid && populateCas() );
+  bool certviable = QgsAuthCertUtils::certIsViable( cert );
+  bool showCas( certviable && populateCas() );
   lblCas->setVisible( showCas );
   twCas->setVisible( showCas );
   cbAddCas->setVisible( showCas );
   cbAddRootCa->setVisible( showCas );
 
-  return validityChange( certvalid );
+  return validityChange( certviable );
 }
 
 QgsStringMap QgsAuthPkiPathsEdit::configMap() const
diff --git a/src/auth/pkipaths/qgsauthpkipathsmethod.cpp b/src/auth/pkipaths/qgsauthpkipathsmethod.cpp
@@ -284,9 +284,9 @@ QgsPkiConfigBundle *QgsAuthPkiPathsMethod::getPkiConfigBundle( const QString &au
   // init client cert
   // Note: if this is not valid, no sense continuing
   QSslCertificate clientcert( QgsAuthCertUtils::certFromFile( mconfig.config( QStringLiteral( "certpath" ) ) ) );
-  if ( !clientcert.isValid() )
+  if ( !QgsAuthCertUtils::certIsViable( clientcert ) )
   {
-    QgsDebugMsg( QString( "PKI bundle for authcfg %1: insert FAILED, client cert is not valid" ).arg( authcfg ) );
+    QgsDebugMsg( QString( "PKI bundle for authcfg %1: insert FAILED, client cert is not viable" ).arg( authcfg ) );
     return bundle;
   }
 
diff --git a/src/auth/pkipkcs12/qgsauthpkcs12method.cpp b/src/auth/pkipkcs12/qgsauthpkcs12method.cpp
@@ -292,9 +292,9 @@ QgsPkiConfigBundle *QgsAuthPkcs12Method::getPkiConfigBundle( const QString &auth
   // init client cert
   // Note: if this is not valid, no sense continuing
   QSslCertificate clientcert( bundlelist.at( 0 ).toLatin1() );
-  if ( !clientcert.isValid() )
+  if ( !QgsAuthCertUtils::certIsViable( clientcert ) )
   {
-    QgsDebugMsg( QString( "PKI bundle for authcfg %1: insert FAILED, client cert is not valid" ).arg( authcfg ) );
+    QgsDebugMsg( QString( "PKI bundle for authcfg %1: insert FAILED, client cert is not viable" ).arg( authcfg ) );
     return bundle;
   }
 
diff --git a/src/core/auth/qgsauthconfig.cpp b/src/core/auth/qgsauthconfig.cpp
@@ -275,7 +275,7 @@ bool QgsPkiBundle::isNull() const
 
 bool QgsPkiBundle::isValid() const
 {
-  return ( !isNull() && mCert.isValid() );
+  return ( !isNull() && QgsAuthCertUtils::certIsViable( mCert ) );
 }
 
 const QString QgsPkiBundle::certId() const
diff --git a/src/core/auth/qgsauthmanager.cpp b/src/core/auth/qgsauthmanager.cpp
@@ -1784,7 +1784,7 @@ const QPair<QSslCertificate, QSslKey> QgsAuthManager::certIdentityBundle( const
 const QStringList QgsAuthManager::certIdentityBundleToPem( const QString &id )
 {
   QPair<QSslCertificate, QSslKey> bundle( certIdentityBundle( id ) );
-  if ( bundle.first.isValid() && !bundle.second.isNull() )
+  if ( QgsAuthCertUtils::certIsViable( bundle.first ) && !bundle.second.isNull() )
   {
     return QStringList() << QString( bundle.first.toPem() ) << QString( bundle.second.toPem() );
   }
@@ -2719,7 +2719,7 @@ const QList<QSslCertificate> QgsAuthManager::trustedCaCerts( bool includeinvalid
     }
     else if ( defaultpolicy == QgsAuthCertUtils::Trusted && !untrustedids.contains( certid ) )
     {
-      if ( !includeinvalid && !cert.isValid() )
+      if ( !includeinvalid && !QgsAuthCertUtils::certIsViable( cert ) )
         continue;
       trustedcerts.append( cert );
     }
diff --git a/src/gui/auth/qgsauthcertificateinfo.cpp b/src/gui/auth/qgsauthcertificateinfo.cpp
@@ -295,7 +295,7 @@ void QgsAuthCertInfo::updateCurrentCertInfo( int chainindx )
     mCurrentTrustPolicy = trustpolicy;
 
     cmbbxTrust->setTrustPolicy( trustpolicy );
-    if ( !mCurrentQCert.isValid() )
+    if ( !QgsAuthCertUtils::certIsViable( mCurrentQCert ) )
     {
       cmbbxTrust->setDefaultTrustPolicy( QgsAuthCertUtils::Untrusted );
     }
@@ -880,7 +880,7 @@ void QgsAuthCertInfo::decorateCertTreeItem( const QSslCertificate &cert,
     return;
   }
 
-  if ( !cert.isValid() )
+  if ( !QgsAuthCertUtils::certIsViable( cert ) )
   {
     item->setIcon( 0, QgsApplication::getThemeIcon( QStringLiteral( "/mIconCertificateUntrusted.svg" ) ) );
     return;
diff --git a/src/gui/auth/qgsauthidentitieseditor.cpp b/src/gui/auth/qgsauthidentitieseditor.cpp
@@ -205,7 +205,7 @@ void QgsAuthIdentitiesEditor::appendIdentitiesToItem( const QList<QSslCertificat
     QTreeWidgetItem *item( new QTreeWidgetItem( parent, coltxts, ( int )identype ) );
 
     item->setIcon( 0, QgsApplication::getThemeIcon( QStringLiteral( "/mIconCertificate.svg" ) ) );
-    if ( !cert.isValid() )
+    if ( !QgsAuthCertUtils::certIsViable( cert ) )
     {
       item->setForeground( 2, redb );
       item->setIcon( 0, QgsApplication::getThemeIcon( QStringLiteral( "/mIconCertificateUntrusted.svg" ) ) );
diff --git a/src/gui/auth/qgsauthimportcertdialog.cpp b/src/gui/auth/qgsauthimportcertdialog.cpp
@@ -170,7 +170,7 @@ void QgsAuthImportCertDialog::validateCertificates()
 
   Q_FOREACH ( const QSslCertificate &cert, certs )
   {
-    if ( cert.isValid() )
+    if ( QgsAuthCertUtils::certIsViable( cert ) )
       ++validcerts;
 
     if ( filterCAs )
diff --git a/src/gui/auth/qgsauthimportidentitydialog.cpp b/src/gui/auth/qgsauthimportidentitydialog.cpp
@@ -277,12 +277,13 @@ bool QgsAuthImportIdentityDialog::validatePkiPaths()
     ca_certs = certs;
   }
 
-  isvalid = clientcert.isValid();
+  isvalid = QgsAuthCertUtils::certIsViable( clientcert );
+
   QDateTime startdate( clientcert.effectiveDate() );
   QDateTime enddate( clientcert.expiryDate() );
 
   writeValidation( tr( "%1 thru %2" ).arg( startdate.toString(), enddate.toString() ),
-                   ( isvalid ? Valid : Invalid ) );
+                   ( QgsAuthCertUtils::certIsCurrent( clientcert ) ? Valid : Invalid ) );
   //TODO: set enabled on cert info button, relative to cert validity
 
   // check for valid private key and that any supplied password works
diff --git a/src/gui/auth/qgsauthserverseditor.cpp b/src/gui/auth/qgsauthserverseditor.cpp
@@ -24,6 +24,7 @@
 #include "qgssettings.h"
 #include "qgsapplication.h"
 #include "qgsauthcertificateinfo.h"
+#include "qgsauthcertutils.h"
 #include "qgsauthmanager.h"
 #include "qgsauthguiutils.h"
 #include "qgslogger.h"
@@ -206,7 +207,7 @@ void QgsAuthServersEditor::appendSslConfigsToItem( const QList<QgsAuthConfigSslS
     QTreeWidgetItem *item( new QTreeWidgetItem( parent, coltxts, ( int )conftype ) );
 
     item->setIcon( 0, QgsApplication::getThemeIcon( QStringLiteral( "/mIconCertificate.svg" ) ) );
-    if ( !cert.isValid() )
+    if ( !QgsAuthCertUtils::certIsViable( cert ) )
     {
       item->setForeground( 2, redb );
       item->setIcon( 0, QgsApplication::getThemeIcon( QStringLiteral( "/mIconCertificateUntrusted.svg" ) ) );
diff --git a/src/gui/auth/qgsauthtrustedcasdialog.cpp b/src/gui/auth/qgsauthtrustedcasdialog.cpp
@@ -22,6 +22,7 @@
 #include "qgssettings.h"
 #include "qgsapplication.h"
 #include "qgsauthcertificateinfo.h"
+#include "qgsauthcertutils.h"
 #include "qgsauthguiutils.h"
 #include "qgsauthmanager.h"
 #include "qgslogger.h"
@@ -196,7 +197,7 @@ void QgsAuthTrustedCAsDialog::appendCertsToItem( const QList<QSslCertificate> &c
     QTreeWidgetItem *item( new QTreeWidgetItem( parent, coltxts, ( int )catype ) );
 
     item->setIcon( 0, QgsApplication::getThemeIcon( QStringLiteral( "/mIconCertificate.svg" ) ) );
-    if ( !cert.isValid() )
+    if ( !QgsAuthCertUtils::certIsViable( cert ) )
     {
       item->setForeground( 2, redb );
       item->setIcon( 0, QgsApplication::getThemeIcon( QStringLiteral( "/mIconCertificateUntrusted.svg" ) ) );

Original file line number	Diff line number	Diff line change
`@@ -251,9 +251,9 @@ QgsPkiConfigBundle *QgsAuthIdentCertMethod::getPkiConfigBundle( const QString &a`
`251`	`251`	`// init client cert`
`252`	`252`	`// Note: if this is not valid, no sense continuing`
`253`	`253`	`QSslCertificate clientcert( cibundle.first );`
`254`		`- if ( !clientcert.isValid() )`
	`254`	`+ if ( !QgsAuthCertUtils::certIsViable( clientcert ) )`
`255`	`255`	`{`
`256`		`- QgsDebugMsg( QString( "PKI bundle for authcfg %1: insert FAILED, client cert is not valid" ).arg( authcfg ) );`
	`256`	`+ QgsDebugMsg( QString( "PKI bundle for authcfg %1: insert FAILED, client cert is not viable" ).arg( authcfg ) );`
`257`	`257`	`return bundle;`
`258`	`258`	`}`
`259`	`259`
Original file line number	Diff line number	Diff line change
`@@ -284,9 +284,9 @@ QgsPkiConfigBundle *QgsAuthPkiPathsMethod::getPkiConfigBundle( const QString &au`
`284`	`284`	`// init client cert`
`285`	`285`	`// Note: if this is not valid, no sense continuing`
`286`	`286`	`QSslCertificate clientcert( QgsAuthCertUtils::certFromFile( mconfig.config( QStringLiteral( "certpath" ) ) ) );`
`287`		`- if ( !clientcert.isValid() )`
	`287`	`+ if ( !QgsAuthCertUtils::certIsViable( clientcert ) )`
`288`	`288`	`{`
`289`		`- QgsDebugMsg( QString( "PKI bundle for authcfg %1: insert FAILED, client cert is not valid" ).arg( authcfg ) );`
	`289`	`+ QgsDebugMsg( QString( "PKI bundle for authcfg %1: insert FAILED, client cert is not viable" ).arg( authcfg ) );`
`290`	`290`	`return bundle;`
`291`	`291`	`}`
`292`	`292`
Original file line number	Diff line number	Diff line change
`@@ -292,9 +292,9 @@ QgsPkiConfigBundle *QgsAuthPkcs12Method::getPkiConfigBundle( const QString &auth`
`292`	`292`	`// init client cert`
`293`	`293`	`// Note: if this is not valid, no sense continuing`
`294`	`294`	`QSslCertificate clientcert( bundlelist.at( 0 ).toLatin1() );`
`295`		`- if ( !clientcert.isValid() )`
	`295`	`+ if ( !QgsAuthCertUtils::certIsViable( clientcert ) )`
`296`	`296`	`{`
`297`		`- QgsDebugMsg( QString( "PKI bundle for authcfg %1: insert FAILED, client cert is not valid" ).arg( authcfg ) );`
	`297`	`+ QgsDebugMsg( QString( "PKI bundle for authcfg %1: insert FAILED, client cert is not viable" ).arg( authcfg ) );`
`298`	`298`	`return bundle;`
`299`	`299`	`}`
`300`	`300`
Original file line number	Diff line number	Diff line change
`@@ -275,7 +275,7 @@ bool QgsPkiBundle::isNull() const`
`275`	`275`
`276`	`276`	`bool QgsPkiBundle::isValid() const`
`277`	`277`	`{`
`278`		`- return ( !isNull() && mCert.isValid() );`
	`278`	`+ return ( !isNull() && QgsAuthCertUtils::certIsViable( mCert ) );`
`279`	`279`	`}`
`280`	`280`
`281`	`281`	`const QString QgsPkiBundle::certId() const`
Original file line number	Diff line number	Diff line change
`@@ -1784,7 +1784,7 @@ const QPair<QSslCertificate, QSslKey> QgsAuthManager::certIdentityBundle( const`
`1784`	`1784`	`const QStringList QgsAuthManager::certIdentityBundleToPem( const QString &id )`
`1785`	`1785`	`{`
`1786`	`1786`	`QPair<QSslCertificate, QSslKey> bundle( certIdentityBundle( id ) );`
`1787`		`- if ( bundle.first.isValid() && !bundle.second.isNull() )`
	`1787`	`+ if ( QgsAuthCertUtils::certIsViable( bundle.first ) && !bundle.second.isNull() )`
`1788`	`1788`	`{`
`1789`	`1789`	`return QStringList() << QString( bundle.first.toPem() ) << QString( bundle.second.toPem() );`
`1790`	`1790`	`}`
`@@ -2719,7 +2719,7 @@ const QList<QSslCertificate> QgsAuthManager::trustedCaCerts( bool includeinvalid`
`2719`	`2719`	`}`
`2720`	`2720`	`else if ( defaultpolicy == QgsAuthCertUtils::Trusted && !untrustedids.contains( certid ) )`
`2721`	`2721`	`{`
`2722`		`- if ( !includeinvalid && !cert.isValid() )`
	`2722`	`+ if ( !includeinvalid && !QgsAuthCertUtils::certIsViable( cert ) )`
`2723`	`2723`	`continue;`
`2724`	`2724`	`trustedcerts.append( cert );`
`2725`	`2725`	`}`
Original file line number	Diff line number	Diff line change
`@@ -295,7 +295,7 @@ void QgsAuthCertInfo::updateCurrentCertInfo( int chainindx )`
`295`	`295`	`mCurrentTrustPolicy = trustpolicy;`
`296`	`296`
`297`	`297`	`cmbbxTrust->setTrustPolicy( trustpolicy );`
`298`		`- if ( !mCurrentQCert.isValid() )`
	`298`	`+ if ( !QgsAuthCertUtils::certIsViable( mCurrentQCert ) )`
`299`	`299`	`{`
`300`	`300`	`cmbbxTrust->setDefaultTrustPolicy( QgsAuthCertUtils::Untrusted );`
`301`	`301`	`}`
`@@ -880,7 +880,7 @@ void QgsAuthCertInfo::decorateCertTreeItem( const QSslCertificate &cert,`
`880`	`880`	`return;`
`881`	`881`	`}`
`882`	`882`
`883`		`- if ( !cert.isValid() )`
	`883`	`+ if ( !QgsAuthCertUtils::certIsViable( cert ) )`
`884`	`884`	`{`
`885`	`885`	`item->setIcon( 0, QgsApplication::getThemeIcon( QStringLiteral( "/mIconCertificateUntrusted.svg" ) ) );`
`886`	`886`	`return;`
Original file line number	Diff line number	Diff line change
`@@ -205,7 +205,7 @@ void QgsAuthIdentitiesEditor::appendIdentitiesToItem( const QList<QSslCertificat`
`205`	`205`	`QTreeWidgetItem *item( new QTreeWidgetItem( parent, coltxts, ( int )identype ) );`
`206`	`206`
`207`	`207`	`item->setIcon( 0, QgsApplication::getThemeIcon( QStringLiteral( "/mIconCertificate.svg" ) ) );`
`208`		`- if ( !cert.isValid() )`
	`208`	`+ if ( !QgsAuthCertUtils::certIsViable( cert ) )`
`209`	`209`	`{`
`210`	`210`	`item->setForeground( 2, redb );`
`211`	`211`	`item->setIcon( 0, QgsApplication::getThemeIcon( QStringLiteral( "/mIconCertificateUntrusted.svg" ) ) );`
Original file line number	Diff line number	Diff line change
`@@ -170,7 +170,7 @@ void QgsAuthImportCertDialog::validateCertificates()`
`170`	`170`
`171`	`171`	`Q_FOREACH ( const QSslCertificate &cert, certs )`
`172`	`172`	`{`
`173`		`- if ( cert.isValid() )`
	`173`	`+ if ( QgsAuthCertUtils::certIsViable( cert ) )`
`174`	`174`	`++validcerts;`
`175`	`175`
`176`	`176`	`if ( filterCAs )`