Move the PKCS#12 support from QSslSocket to QSslCertificate.

Discussed with Peter and agreed that it's a slightly better fit there. Change-Id: If8db777336e2273670a23d75d8542b30c07e0d7b Reviewed-by: Daniel Molkentin <daniel@molkentin.de> Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
2014-05-12 21:16:20 +01:00 · 2014-05-12 21:16:20 +01:00 · 1a8788d966
commit 1a8788d966
parent b861c43395
13 changed files with 149 additions and 74 deletions
--- a/src/network/ssl/qsslcertificate.cpp
+++ b/src/network/ssl/qsslcertificate.cpp
@ -979,6 +979,26 @@ QList<QSslError> QSslCertificate::verify(QList<QSslCertificate> certificateChain
    return QSslSocketBackendPrivate::verify(certificateChain, hostName);
 }

+/*!
+  \since 5.4
+
+  Imports a PKCS#12 (pfx) file from the specified \a device. A PKCS#12
+  file is a bundle that can contain a number of certificates and keys.
+  This method reads a single \a key, its \a certificate and any
+  associated \a caCertificates from the bundle. If a \a passPhrase is
+  specified then this will be used to decrypt the bundle. Returns
+  \c true if the PKCS#12 file was successfully loaded.
+
+  \note The \a device must be open and ready to be read from.
+ */
+bool QSslCertificate::importPKCS12(QIODevice *device,
+                                   QSslKey *key, QSslCertificate *certificate,
+                                   QList<QSslCertificate> *caCertificates,
+                                   const QByteArray &passPhrase)
+{
+    return QSslSocketBackendPrivate::importPKCS12(device, key, certificate, caCertificates, passPhrase);
+}
+
 void QSslCertificatePrivate::init(const QByteArray &data, QSsl::EncodingFormat format)
 {
    if (!data.isEmpty()) {
--- a/src/network/ssl/qsslcertificate.h
+++ b/src/network/ssl/qsslcertificate.h
@ -142,6 +142,11 @@ public:

    static QList<QSslError> verify(QList<QSslCertificate> certificateChain, const QString &hostName = QString());

+    static bool importPKCS12(QIODevice *device,
+                             QSslKey *key, QSslCertificate *cert,
+                             QList<QSslCertificate> *caCertificates=0,
+                             const QByteArray &passPhrase=QByteArray());
+
    Qt::HANDLE handle() const;

 private:
--- a/src/network/ssl/qsslsocket.cpp
+++ b/src/network/ssl/qsslsocket.cpp
@ -1455,26 +1455,6 @@ QList<QSslCertificate> QSslSocket::systemCaCertificates()
    return QSslSocketPrivate::systemCaCertificates();
 }

-/*!
-  \since 5.4
-
-  Imports a PKCS#12 (pfx) file from the specified \a device. A PKCS#12
-  file is a bundle that can contain a number of certificates and keys.
-  This method reads a single \a key, it's \a certificate and any
-  associated \a caCertificates from the bundle. If a \a passPhrase is
-  specified then this will be used to decrypt the bundle. Returns
-  \c true if the PKCS#12 file was successfully loaded.
-
-  \note The \a device must be open and ready to be read from.
- */
-bool QSslSocket::importPKCS12(QIODevice *device,
-                              QSslKey *key, QSslCertificate *certificate,
-                              QList<QSslCertificate> *caCertificates,
-                              const QByteArray &passPhrase)
-{
-    return QSslSocketBackendPrivate::importPKCS12(device, key, certificate, caCertificates, passPhrase);
-}
-
 /*!
    Waits until the socket is connected, or \a msecs milliseconds,
    whichever happens first. If the connection has been established,
--- a/src/network/ssl/qsslsocket.h
+++ b/src/network/ssl/qsslsocket.h
@ -172,11 +172,6 @@ public:
    static QList<QSslCertificate> defaultCaCertificates();
    static QList<QSslCertificate> systemCaCertificates();

-    static bool importPKCS12(QIODevice *device,
-                             QSslKey *key, QSslCertificate *cert,
-                             QList<QSslCertificate> *caCertificates=0,
-                             const QByteArray &passPhrase=QByteArray());
-
    bool waitForConnected(int msecs = 30000);
    bool waitForEncrypted(int msecs = 30000);
    bool waitForReadyRead(int msecs = 30000);
--- a/tests/auto/network/ssl/qsslcertificate/pkcs12/README
+++ b/tests/auto/network/ssl/qsslcertificate/pkcs12/README
@ -1,4 +1,5 @@
-The PKCS#12 bundle was created by running:
+The PKCS#12 bundle was created by running the following on
+in the qsslsocket/certs directory:

 openssl pkcs12 -export -in leaf.crt -inkey leaf.key \
               -out leaf.p12 \
--- a/tests/auto/network/ssl/qsslcertificate/pkcs12/inter.crt
+++ b/tests/auto/network/ssl/qsslcertificate/pkcs12/inter.crt
@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDvDCCAnSgAwIBAgIQO+uZxerYC10Ll11PBnVL4TANBgkqhkiG9w0BAQUFADA8
+MQswCQYDVQQGEwJHQjEZMBcGA1UEChMQV2VzdHBvaW50IENBIEtleTESMBAGA1UE
+ChMJV2VzdHBvaW50MB4XDTEzMDIxNjE2NTMwOFoXDTIzMDIxNjE2NTMwOFowMjEL
+MAkGA1UEBhMCR0IxIzAhBgNVBAoTGldlc3Rwb2ludCBJbnRlcm1lZGlhdGUgS2V5
+MIIBUjANBgkqhkiG9w0BAQEFAAOCAT8AMIIBOgKCATEAsR4tRskg2IFfQFMfGBJ1
+eqlrNejANw0oM6k5HlEB8uFA9qeyAzmflwQUPoJ55KRQ/gVHTOBdWrtgGgPMiekF
+1Q36Ry1elwbAl4a+LZ6qsc9ASipvk8HirKpt1v5L9hG+aI4yDxyvjNztFtg5R4P5
+zqsh/WwhCgsYmEVfcSDbhUjqoqxGRLaZxPKO+IMCNFrjZqi0yxc8f6Un4G5SQzHA
+4szi/ezcITnAFYWxHG2yaed4hawpxNS1WXabk2rzCi0pWeIcHuIczaCfZ7ElRcqV
+VNNXbGTtUDlfIsh6FAVI5kTUDcPV27uf6BmHuFOu/R9Tjni25+vBFvohwQh7ZwCX
+5COXnfkJLPkJQQEFVQv8nS27ht/vmyoKjERUeiuMd+hFcN5zl7bS5A2JCgi7erlP
+ZQIDAQABo2QwYjAPBgNVHRMBAf8EBTADAQH/MA8GA1UdDwEB/wQFAwMHBgAwHQYD
+VR0OBBYEFGn5shQ0SeTcc3x/cNu6TkoV0bPmMB8GA1UdIwQYMBaAFJQnOLW5hBTG
+pvc2vfcs4sJpRRPJMA0GCSqGSIb3DQEBBQUAA4IBMQAVDS0enQQ1FL0d92xOFfwx
+mjcNPz9oO7jMyEVxAs2eR2QD+xZ3Xj4gAiUEp40aGieDcLv+dg+cmuBFWF61IYSR
+UyuoakVm08VDcLAwUzU+xtSvJiSSROb0GsAnVsYZj4TYlvKDplqfapOYaiIkwF+c
+iE4n7G0hQW9fzqO+n3FGtBD8YUjghRqLggeRVJ2+8S3Bm8cfx8xPpRIO3ksA6opn
+CORRGuzetDHihbks59mkoY3GqKFgBOyrC3kG07nv5wtKjdKDtmD/kS/SAc4fIXKy
+Uruq2uXNf/1BUgF5gFGRyj22yB2D0763fJJpl5nqcLrL5RmnVObQKZGhE2VsRTV0
+untj+AmiJivhiAjjkHfw3XDf8tuL7D4pTmEkGgl5xl23fyeTIuygDCLT8fRD3ZqQ
+-----END CERTIFICATE-----
--- a/tests/auto/network/ssl/qsslcertificate/pkcs12/leaf.crt
+++ b/tests/auto/network/ssl/qsslcertificate/pkcs12/leaf.crt
@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID3zCCApegAwIBAgIQEKCtd1j2bq5Gk6ND+VmKnjANBgkqhkiG9w0BAQUFADAy
+MQswCQYDVQQGEwJHQjEjMCEGA1UEChMaV2VzdHBvaW50IEludGVybWVkaWF0ZSBL
+ZXkwHhcNMTMwMjE2MTY1MzA4WhcNMjMwMjE2MTY1MzA4WjA1MQswCQYDVQQGEwJH
+QjESMBAGA1UEChMJV2VzdHBvaW50MRIwEAYDVQQDEwkxMjcuMC4wLjEwggFSMA0G
+CSqGSIb3DQEBAQUAA4IBPwAwggE6AoIBMQC7EIWIzb7XCfmQQ1KFdZ5E9f49eNK/
+KvsXYfq/iV29K1cz2hUyvfdKgyU5F/+BOPQKQ5zdWn1CraZosFv/ibuO3mhRpMfB
+SfNn3rfdrE7WtA0wgT2YNIN0L4aCe+C15j2ESdmyMaFLUaUIS47JS66UtaYxp5ia
+mJFO1hSNaoI0pGHyPFTTtfOza9z/01qkBbHB4htzauqs/fX5ZrnyCDSrfpVipXke
+zkPKg4MkkytEkjRKw6tSXLpWIgF3ee2N/jBdefqlw8YPW08K0wmwF5qGuX6PZ8vB
+sOZeWeCfVr136BopkbfP3TkGWw2BrD8xSzOUez9HVc0v4SZ/7pe5w3L4V/mzYQLt
+O+1AHevCjX8+M58HYGBaWCAjxYUPGcGKcj0LLtgZgL6wY88N7RtfeOY3AgMBAAGj
+gY0wgYowFAYDVR0RBA0wC4IJMTI3LjAuMC4xMAwGA1UdEwEB/wQCMAAwEwYDVR0l
+BAwwCgYIKwYBBQUHAwEwDwYDVR0PAQH/BAUDAwcoADAdBgNVHQ4EFgQUKKuyJSrT
+Y+dnm1do7l0sVMX96SYwHwYDVR0jBBgwFoAUafmyFDRJ5NxzfH9w27pOShXRs+Yw
+DQYJKoZIhvcNAQEFBQADggExAHELijlIFdcncP3B+vxEp0SGKl0arIaCXahivb2F
+VxeM3WajN6O+oDRLFltzMeDKA9RVkao7fgITzXQgCGzeNhKv0vc9iDyvR9/67vuS
+W8xEEJrYowtw3VK5H1y0ewqZaxJhvKUjm4TBRWe8FGKD3s64lEsfbjOaI5VPidVc
+DXmdAlXsj0Hk+v4Ej8mshPQAnVSyJ3D0ZMgTjk8Di28N0qROFIYJaTObK1rCb1nQ
+GaCcmbZU6JnkYvVZ+iUe5U0GXFbb+LRNTUT8/fw1zADeHnv/G+WWVrfND+sov5Oc
+33fkNE6z+n6ayABVnGLuCYhbzD38sv0dnxeh8vbykNBPzYdzPg6nw3Czv2vlhKpJ
+8Yj/maoXuAyTXVf30K1/fAWyU45noq57MjQpU6UxIX1D7qw=
+-----END CERTIFICATE-----
--- a/tests/auto/network/ssl/qsslcertificate/pkcs12/leaf.key
+++ b/tests/auto/network/ssl/qsslcertificate/pkcs12/leaf.key
@ -0,0 +1,32 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIFfAIBAAKCATEAuxCFiM2+1wn5kENShXWeRPX+PXjSvyr7F2H6v4ldvStXM9oV
+Mr33SoMlORf/gTj0CkOc3Vp9Qq2maLBb/4m7jt5oUaTHwUnzZ9633axO1rQNMIE9
+mDSDdC+GgnvgteY9hEnZsjGhS1GlCEuOyUuulLWmMaeYmpiRTtYUjWqCNKRh8jxU
+07Xzs2vc/9NapAWxweIbc2rqrP31+Wa58gg0q36VYqV5Hs5DyoODJJMrRJI0SsOr
+Uly6ViIBd3ntjf4wXXn6pcPGD1tPCtMJsBeahrl+j2fLwbDmXlngn1a9d+gaKZG3
+z905BlsNgaw/MUszlHs/R1XNL+Emf+6XucNy+Ff5s2EC7TvtQB3rwo1/PjOfB2Bg
+WlggI8WFDxnBinI9Cy7YGYC+sGPPDe0bX3jmNwIDAQABAoIBMQCczBNyAStGqjjC
+oHuKHHWmTh9mPWFBFfDTv6/jXmvxRWPZtaHxH2Qp09Wejqv/D9MWy2ev7spx2oZS
+2Ai1ICjTbz83uAwryyW4Wen6aBTJSLCJiLstWk8ZU0DHHLjVH4FO4mwUPh95t5zC
+YDr2JXbXdY8xrc5vPxUFZNJjWvR61ZK37bQYpTn5mZ7r3KfsNk2yOylRTDwa9XFo
+ZZ+B82NKdrrz0UvGOnXZa5qd1ap7V+67FIAS2Mt8AMzSCG8TW0JXRUk89ISgAd8r
+NQTPtX9XCnMZSbBzDKdznXfHS9ZlJcSrpsbQCPcvMVNrdBfCF0eNnsRJffJGdaXI
+MsN6PvbcXWD08lXNGyeLjon03RdJnTAamNM3YQEIcjFmu5Y0o0CCJkZSCJPKJGMG
+0d/1tN/5AoGZANOcOgQZ9Wiu0ej3YoQ3aSHu3y8ZBJH4B3ViX8i+2x/6UnG7KNaa
+4Ygid1upnX6hk4CW5WZcoxGFacrFRpInKh5Ng8lEIHGp0VSzOBVDR0L5sAxutFuX
+6N9C0CuH80vD101mOloNnfT5KHZMI5RXqP6sDGUFlwak2XybDL1qOAza3gZAy25H
+vS/ll1BneBavikR5j+zxoTztAoGZAOJOJ5RyOrqpNuhiWZylah5LIFT9N1lCF4Hl
+ZbFIjUZ4jcApJ7JxkMXNQ4RU/3AiKCC1xr5ib7dd/qyjKXhdMo4SnLoKhapx5R9G
+3XOsQMahiCD/Zcymv9tmk8MxxzbLxhZYhEPzIP/NFkua3CHiX+d1e6fkzFLF/EiX
+ZGQOgRcFKrlzUeBputRQRXAkKJH+kMClgAWvy28zAoGYKyaMXhG9DV+4xjzMBhIW
+iijfsgbz+6AMRU+OIK1qmZa+ARsdNMXYf54noLVxvETOg0ZB+SGizwvZitO3lE4Q
+NKWx3fTaeNMcMJ1rLkrN2UZ5M8/PT24muoAxWu8aGbURzmKuO3bTYwT7z0OvbayC
+dYw36tG8/knXX6Vub6GdVGG9LKFB2nceiQnUVT0EK/wXwebYBoUvT/ECgZgF9qdG
+Wyg/CPyAbS8NWLKOL86fTrjpqjsyWhgu7smCROT/XlZEdoepHrqbvx2oF85U5lVh
+aPimrVxrsjUCjfoqEkV9BY/2KOAvzc9CIBTo5xLOQ8yr8uz1XCOiriogwIfsyNJb
+dAm3k/D1dxQ79FowoEDs8LONrtfyFcM4e8VdFO7GSkqrDj41IBRkWx+SkVHBMdtI
+yxQiTwKBmQCWym2iDCJg1ZZq4/lVwRudMhVmHoD0yoCAwADYHjjAi8QBplM0vfdd
+CESKsnBhlcrPGB279BKVJyZHehKZG+/dfnFs+to14l6A3IqU2d6+pu3EyFNX34HS
+xo+64QxMeF0akWnSaIPfUJfk36phjCvLBr4eLXN1i4jW3RdGFwF1THXt29VSSGmU
+q/hM51H0bsQ13AIVUSdNHA==
+-----END RSA PRIVATE KEY-----
--- a/tests/auto/network/ssl/qsslcertificate/pkcs12/leaf.p12
+++ b/tests/auto/network/ssl/qsslcertificate/pkcs12/leaf.p12
--- a/tests/auto/network/ssl/qsslcertificate/qsslcertificate.pro
+++ b/tests/auto/network/ssl/qsslcertificate/qsslcertificate.pro
@ -6,5 +6,6 @@ SOURCES += tst_qsslcertificate.cpp
 QT = core network testlib

 TARGET = tst_qsslcertificate
+DEFINES += SRCDIR=\\\"$$PWD/\\\"

-TESTDATA += certificates/* more-certificates/* verify-certs/*
+TESTDATA += certificates/* more-certificates/* verify-certs/* pkcs12/*
--- a/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp
+++ b/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp
@ -114,6 +114,7 @@ private slots:
    void threadSafeConstMethods();
    void version_data();
    void version();
+    void pkcs12();

    // helper for verbose test failure messages
    QString toString(const QList<QSslError>&);
@ -1229,6 +1230,48 @@ void tst_QSslCertificate::version()
    QCOMPARE(certificate.version(), result);
 }

+void tst_QSslCertificate::pkcs12()
+{
+    if (!QSslSocket::supportsSsl()) {
+        qWarning("SSL not supported, skipping test");
+        return;
+    }
+
+    QFile f(QLatin1String(SRCDIR "pkcs12/leaf.p12"));
+    bool ok = f.open(QIODevice::ReadOnly);
+    QVERIFY(ok);
+
+    QSslKey key;
+    QSslCertificate cert;
+    QList<QSslCertificate> caCerts;
+
+    ok = QSslCertificate::importPKCS12(&f, &key, &cert, &caCerts);
+    QVERIFY(ok);
+    f.close();
+
+    QList<QSslCertificate> leafCert = QSslCertificate::fromPath(QLatin1String( SRCDIR "pkcs12/leaf.crt"));
+    QVERIFY(!leafCert.isEmpty());
+
+    QCOMPARE(cert, leafCert.first());
+
+    QFile f2(QLatin1String(SRCDIR "pkcs12/leaf.key"));
+    ok = f2.open(QIODevice::ReadOnly);
+    QVERIFY(ok);
+
+    QSslKey leafKey(&f2, QSsl::Rsa);
+    f2.close();
+
+    QVERIFY(!leafKey.isNull());
+    QCOMPARE(key, leafKey);
+
+    QList<QSslCertificate> caCert = QSslCertificate::fromPath(QLatin1String(SRCDIR "pkcs12/inter.crt"));
+    QVERIFY(!caCert.isEmpty());
+
+    QVERIFY(!caCerts.isEmpty());
+    QCOMPARE(caCerts.first(), caCert.first());
+    QCOMPARE(caCerts, caCert);
+}
+
 #endif // QT_NO_SSL

 QTEST_MAIN(tst_QSslCertificate)
--- a/tests/auto/network/ssl/qsslsocket/certs/fluke.p12
+++ b/tests/auto/network/ssl/qsslsocket/certs/fluke.p12
--- a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
+++ b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
@ -194,7 +194,6 @@ private slots:
    void qtbug18498_peek2();
    void dhServer();
    void ecdhServer();
-    void pkcs12();
    void setEmptyDefaultConfiguration(); // this test should be last

    static void exitLoop()
@ -2735,52 +2734,6 @@ void tst_QSslSocket::ecdhServer()
    QVERIFY(client->state() == QAbstractSocket::ConnectedState);
 }

-void tst_QSslSocket::pkcs12()
-{
-    if (!QSslSocket::supportsSsl()) {
-        qWarning("SSL not supported, skipping test");
-        return;
-    }
-
-    QFETCH_GLOBAL(bool, setProxy);
-    if (setProxy)
-        return;
-
-    QFile f(QLatin1String(SRCDIR "certs/leaf.p12"));
-    bool ok = f.open(QIODevice::ReadOnly);
-    QVERIFY(ok);
-
-    QSslKey key;
-    QSslCertificate cert;
-    QList<QSslCertificate> caCerts;
-
-    ok = QSslSocket::importPKCS12(&f, &key, &cert, &caCerts);
-    QVERIFY(ok);
-    f.close();
-
-    QList<QSslCertificate> leafCert = QSslCertificate::fromPath(SRCDIR "certs/leaf.crt");
-    QVERIFY(!leafCert.isEmpty());
-
-    QCOMPARE(cert, leafCert.first());
-
-    QFile f2(QLatin1String(SRCDIR "certs/leaf.key"));
-    ok = f2.open(QIODevice::ReadOnly);
-    QVERIFY(ok);
-
-    QSslKey leafKey(&f2, QSsl::Rsa);
-    f2.close();
-
-    QVERIFY(!leafKey.isNull());
-    QCOMPARE(key, leafKey);
-
-    QList<QSslCertificate> caCert = QSslCertificate::fromPath(SRCDIR "certs/inter.crt");
-    QVERIFY(!caCert.isEmpty());
-
-    QVERIFY(!caCerts.isEmpty());
-    QCOMPARE(caCerts.first(), caCert.first());
-    QCOMPARE(caCerts, caCert);
-}
-
 void tst_QSslSocket::setEmptyDefaultConfiguration() // this test should be last, as it has some side effects
 {
    // used to produce a crash in QSslConfigurationPrivate::deepCopyDefaultConfiguration, QTBUG-13265