qsslkey_p.cpp

Absolute File Name:/home/qt/qt5_coco/qt5/qtbase/src/network/ssl/qsslkey_p.cpp
Source codeSwitch to Preprocessed file
LineSourceCount
1/****************************************************************************-
2**-
3** Copyright (C) 2016 The Qt Company Ltd.-
4** Contact: https://www.qt.io/licensing/-
5**-
6** This file is part of the QtNetwork module of the Qt Toolkit.-
7**-
8** $QT_BEGIN_LICENSE:LGPL$-
9** Commercial License Usage-
10** Licensees holding valid commercial Qt licenses may use this file in-
11** accordance with the commercial license agreement provided with the-
12** Software or, alternatively, in accordance with the terms contained in-
13** a written agreement between you and The Qt Company. For licensing terms-
14** and conditions see https://www.qt.io/terms-conditions. For further-
15** information use the contact form at https://www.qt.io/contact-us.-
16**-
17** GNU Lesser General Public License Usage-
18** Alternatively, this file may be used under the terms of the GNU Lesser-
19** General Public License version 3 as published by the Free Software-
20** Foundation and appearing in the file LICENSE.LGPL3 included in the-
21** packaging of this file. Please review the following information to-
22** ensure the GNU Lesser General Public License version 3 requirements-
23** will be met: https://www.gnu.org/licenses/lgpl-3.0.html.-
24**-
25** GNU General Public License Usage-
26** Alternatively, this file may be used under the terms of the GNU-
27** General Public License version 2.0 or (at your option) the GNU General-
28** Public license version 3 or any later version approved by the KDE Free-
29** Qt Foundation. The licenses are as published by the Free Software-
30** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3-
31** included in the packaging of this file. Please review the following-
32** information to ensure the GNU General Public License requirements will-
33** be met: https://www.gnu.org/licenses/gpl-2.0.html and-
34** https://www.gnu.org/licenses/gpl-3.0.html.-
35**-
36** $QT_END_LICENSE$-
37**-
38****************************************************************************/-
39-
40-
41/*!-
42 \class QSslKey-
43 \brief The QSslKey class provides an interface for private and public keys.-
44 \since 4.3-
45-
46 \reentrant-
47 \ingroup network-
48 \ingroup ssl-
49 \ingroup shared-
50 \inmodule QtNetwork-
51-
52 QSslKey provides a simple API for managing keys.-
53-
54 \sa QSslSocket, QSslCertificate, QSslCipher-
55*/-
56-
57#include "qsslkey.h"-
58#include "qsslkey_p.h"-
59#include "qsslsocket.h"-
60#include "qsslsocket_p.h"-
61-
62#include <QtCore/qatomic.h>-
63#include <QtCore/qbytearray.h>-
#include <QtCore/qbytearraymatcher.h>
64#include <QtCore/qiodevice.h>-
65#ifndef QT_NO_DEBUG_STREAM-
66#include <QtCore/qdebug.h>-
67#endif-
68-
69QT_BEGIN_NAMESPACE-
70-
71/*!-
72 \fn void QSslKeyPrivate::clear(bool deep)-
73 \internal-
74 */-
75-
76/*!-
77 \fn void QSslKeyPrivate::decodePem(const QByteArray &pem, const QByteArray &passPhrase,-
78 bool deepClear)-
79 \internal-
80-
81 Allocates a new rsa or dsa struct and decodes \a pem into it-
82 according to the current algorithm and type.-
83-
84 If \a deepClear is true, the rsa/dsa struct is freed if it is was-
85 already allocated, otherwise we "leak" memory (which is exactly-
86 what we want for copy construction).-
87-
88 If \a passPhrase is non-empty, it will be used for decrypting-
89 \a pem.-
90*/-
91-
92/*!-
93 Constructs a null key.-
94-
95 \sa isNull()-
96*/-
97QSslKey::QSslKey()-
98 : d(new QSslKeyPrivate)-
99{-
100}-
101-
102/*!-
103 \internal-
104*/-
105QByteArray QSslKeyPrivate::pemHeader() const-
106{-
107 if (type == QSsl::PublicKey)-
108 return QByteArrayLiteral("-----BEGIN PUBLIC KEY-----");-
109 else if (algorithm == QSsl::Rsa)-
110 return QByteArrayLiteral("-----BEGIN RSA PRIVATE KEY-----");-
111 else if (algorithm == QSsl::Dsa)-
112 return QByteArrayLiteral("-----BEGIN DSA PRIVATE KEY-----");-
113 else if (algorithm == QSsl::Ec)-
114 return QByteArrayLiteral("-----BEGIN EC PRIVATE KEY-----");-
115-
116 Q_UNREACHABLE();-
117 return QByteArray();-
118}-
119-
120/*!-
121 \internal-
122*/-
123QByteArray QSslKeyPrivate::pemFooter() const-
124{-
125 if (type == QSsl::PublicKey)-
126 return QByteArrayLiteral("-----END PUBLIC KEY-----");-
127 else if (algorithm == QSsl::Rsa)-
128 return QByteArrayLiteral("-----END RSA PRIVATE KEY-----");-
129 else if (algorithm == QSsl::Dsa)-
130 return QByteArrayLiteral("-----END DSA PRIVATE KEY-----");-
131 else if (algorithm == QSsl::Ec)-
132 return QByteArrayLiteral("-----END EC PRIVATE KEY-----");-
133-
134 Q_UNREACHABLE();-
135 return QByteArray();-
136}-
137-
138/*!-
139 \internal-
140-
141 Returns a DER key formatted as PEM.-
142*/-
143QByteArray QSslKeyPrivate::pemFromDer(const QByteArray &der, const QMap<QByteArray, QByteArray> &headers) const-
144{-
145 QByteArray pem(der.toBase64());-
146-
147 const int lineWidth = 64; // RFC 1421-
148 const int newLines = pem.size() / lineWidth;-
149 const bool rem = pem.size() % lineWidth;-
150-
151 // ### optimize-
152 for (int i = 0; i < newLines; ++i)-
153 pem.insert((i + 1) * lineWidth + i, '\n');-
154 if (rem)-
155 pem.append('\n'); // ###-
156-
157 QByteArray extra;-
158 if (!headers.isEmpty()) {-
159 QMap<QByteArray, QByteArray>::const_iterator it = headers.constEnd();-
160 do {-
161 --it;-
162 extra += it.key() + ": " + it.value() + '\n';-
163 } while (it != headers.constBegin());-
164 extra += '\n';-
165 }-
166 pem.prepend(pemHeader() + '\n' + extra);-
167 pem.append(pemFooter() + '\n');-
168-
169 return pem;-
170}-
171-
172/*!-
173 \internal-
174-
175 Returns a PEM key formatted as DER.-
176*/-
177QByteArray QSslKeyPrivate::derFromPem(const QByteArray &pem, QMap<QByteArray, QByteArray> *headers) const-
178{-
179 const QByteArray header = pemHeader();-
180 const QByteArray footer = pemFooter();-
181-
182 QByteArray der(pem);-
183-
184 const int headerIndex = der.indexOf(header);-
185 const int footerIndex = der.indexOf(footer);-
186 if (headerIndex == -1 || footerIndex == -1)
headerIndex == -1Description
TRUEnever evaluated
FALSEevaluated 940 times by 2 tests
Evaluated by:
  • tst_qsslcertificate - unknown status
  • tst_qsslkey - unknown status
footerIndex == -1Description
TRUEnever evaluated
FALSEevaluated 940 times by 2 tests
Evaluated by:
  • tst_qsslcertificate - unknown status
  • tst_qsslkey - unknown status
0-940
187 return QByteArray();
never executed: return QByteArray();
0
188-
189 der = der.mid(headerIndex + header.size(), footerIndex - (headerIndex + header.size()));-
190-
191 if (der.contains("Proc-Type:")) {
der.contains("Proc-Type:")Description
TRUEnever evaluated
FALSEevaluated 940 times by 2 tests
Evaluated by:
  • tst_qsslcertificate - unknown status
  • tst_qsslkey - unknown status
0-940
192 // taken from QHttpNetworkReplyPrivate::parseHeader-
193 const QByteArrayMatcher lf("\n");-
const QByteArrayMatcher colon(":");int i = 0;
194 while (i < der.count()) {
i < der.count()Description
TRUEnever evaluated
FALSEnever evaluated
0
195 int j = colonder.indexInindexOf(der':', i); // field-name-
196 if (j == -1)
j == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
197 break;
never executed: break;
0
198 const QByteArray field = der.mid(i, j - i).trimmed();-
199 j++;-
200 // any number of LWS is allowed before and after the value-
201 QByteArray value;-
202 do {-
203 i = lfder.indexInindexOf(der'\n', j);-
204 if (i == -1)
i == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
205 break;
never executed: break;
0
206 if (!value.isEmpty())
!value.isEmpty()Description
TRUEnever evaluated
FALSEnever evaluated
0
207 value += ' ';
never executed: value += ' ';
0
208 // check if we have CRLF or only LF-
209 bool hasCR = (i && der[i-1] == '\r');
iDescription
TRUEnever evaluated
FALSEnever evaluated
der[i-1] == '\r'Description
TRUEnever evaluated
FALSEnever evaluated
0
210 int length = i -(hasCR ? 1: 0) - j;
hasCRDescription
TRUEnever evaluated
FALSEnever evaluated
0
211 value += der.mid(j, length).trimmed();-
212 j = ++i;-
213 } while (i < der.count() && (der.at(i) == ' ' || der.at(i) == '\t'));
never executed: end of block
i < der.count()Description
TRUEnever evaluated
FALSEnever evaluated
der.at(i) == ' 'Description
TRUEnever evaluated
FALSEnever evaluated
der.at(i) == '\t'Description
TRUEnever evaluated
FALSEnever evaluated
0
214 if (i == -1)
i == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
215 break; // something is wrong
never executed: break;
0
216-
217 headers->insert(field, value);-
218 }
never executed: end of block
0
219 der = der.mid(i);-
220 }
never executed: end of block
0
221-
222 return QByteArray::fromBase64(der); // ignores newlines
executed 940 times by 2 tests: return QByteArray::fromBase64(der);
Executed by:
  • tst_qsslcertificate - unknown status
  • tst_qsslkey - unknown status
940
223}-
224-
225/*!-
226 Constructs a QSslKey by decoding the string in the byte array-
227 \a encoded using a specified \a algorithm and \a encoding format.-
228 \a type specifies whether the key is public or private.-
229-
230 If the key is encoded as PEM and encrypted, \a passPhrase is used-
231 to decrypt it.-
232-
233 After construction, use isNull() to check if \a encoded contained-
234 a valid key.-
235*/-
236QSslKey::QSslKey(const QByteArray &encoded, QSsl::KeyAlgorithm algorithm,-
237 QSsl::EncodingFormat encoding, QSsl::KeyType type, const QByteArray &passPhrase)-
238 : d(new QSslKeyPrivate)-
239{-
240 d->type = type;-
241 d->algorithm = algorithm;-
242 if (encoding == QSsl::Der)-
243 d->decodeDer(encoded);-
244 else-
245 d->decodePem(encoded, passPhrase);-
246}-
247-
248/*!-
249 Constructs a QSslKey by reading and decoding data from a-
250 \a device using a specified \a algorithm and \a encoding format.-
251 \a type specifies whether the key is public or private.-
252-
253 If the key is encoded as PEM and encrypted, \a passPhrase is used-
254 to decrypt it.-
255-
256 After construction, use isNull() to check if \a device provided-
257 a valid key.-
258*/-
259QSslKey::QSslKey(QIODevice *device, QSsl::KeyAlgorithm algorithm, QSsl::EncodingFormat encoding,-
260 QSsl::KeyType type, const QByteArray &passPhrase)-
261 : d(new QSslKeyPrivate)-
262{-
263 QByteArray encoded;-
264 if (device)-
265 encoded = device->readAll();-
266 d->type = type;-
267 d->algorithm = algorithm;-
268 if (encoding == QSsl::Der)-
269 d->decodeDer(encoded);-
270 else-
271 d->decodePem(encoded, passPhrase);-
272}-
273-
274/*!-
275 \since 5.0-
276 Constructs a QSslKey from a valid native key \a handle.-
277 \a type specifies whether the key is public or private.-
278-
279 QSslKey will take ownership for this key and you must not-
280 free the key using the native library. The algorithm used-
281 when creating a key from a handle will always be QSsl::Opaque.-
282*/-
283QSslKey::QSslKey(Qt::HANDLE handle, QSsl::KeyType type)-
284 : d(new QSslKeyPrivate)-
285{-
286#ifndef QT_NO_OPENSSL-
287 d->opaque = reinterpret_cast<EVP_PKEY *>(handle);-
288#else-
289 d->opaque = handle;-
290#endif-
291 d->algorithm = QSsl::Opaque;-
292 d->type = type;-
293 d->isNull = !d->opaque;-
294}-
295-
296/*!-
297 Constructs an identical copy of \a other.-
298*/-
299QSslKey::QSslKey(const QSslKey &other) : d(other.d)-
300{-
301}-
302-
303/*!-
304 Destroys the QSslKey object.-
305*/-
306QSslKey::~QSslKey()-
307{-
308}-
309-
310/*!-
311 Copies the contents of \a other into this key, making the two keys-
312 identical.-
313-
314 Returns a reference to this QSslKey.-
315*/-
316QSslKey &QSslKey::operator=(const QSslKey &other)-
317{-
318 d = other.d;-
319 return *this;-
320}-
321-
322/*!-
323 \fn void QSslKey::swap(QSslKey &other)-
324 \since 5.0-
325-
326 Swaps this ssl key with \a other. This function is very fast and-
327 never fails.-
328*/-
329-
330/*!-
331 Returns \c true if this is a null key; otherwise false.-
332-
333 \sa clear()-
334*/-
335bool QSslKey::isNull() const-
336{-
337 return d->isNull;-
338}-
339-
340/*!-
341 Clears the contents of this key, making it a null key.-
342-
343 \sa isNull()-
344*/-
345void QSslKey::clear()-
346{-
347 d = new QSslKeyPrivate;-
348}-
349-
350/*!-
351 Returns the length of the key in bits, or -1 if the key is null.-
352*/-
353int QSslKey::length() const-
354{-
355 return d->length();-
356}-
357-
358/*!-
359 Returns the type of the key (i.e., PublicKey or PrivateKey).-
360*/-
361QSsl::KeyType QSslKey::type() const-
362{-
363 return d->type;-
364}-
365-
366/*!-
367 Returns the key algorithm.-
368*/-
369QSsl::KeyAlgorithm QSslKey::algorithm() const-
370{-
371 return d->algorithm;-
372}-
373-
374/*!-
375 Returns the key in DER encoding.-
376-
377 The \a passPhrase argument should be omitted as DER cannot be-
378 encrypted. It will be removed in a future version of Qt.-
379*/-
380QByteArray QSslKey::toDer(const QByteArray &passPhrase) const-
381{-
382 if (d->isNull || d->algorithm == QSsl::Opaque)-
383 return QByteArray();-
384-
385 // Encrypted DER is nonsense, see QTBUG-41038.-
386 if (d->type == QSsl::PrivateKey && !passPhrase.isEmpty())-
387 return QByteArray();-
388-
389#ifndef QT_NO_OPENSSL-
390 QMap<QByteArray, QByteArray> headers;-
391 return d->derFromPem(toPem(passPhrase), &headers);-
392#else-
393 return d->derData;-
394#endif-
395}-
396-
397/*!-
398 Returns the key in PEM encoding. The result is encrypted with-
399 \a passPhrase if the key is a private key and \a passPhrase is-
400 non-empty.-
401*/-
402QByteArray QSslKey::toPem(const QByteArray &passPhrase) const-
403{-
404 return d->toPem(passPhrase);-
405}-
406-
407/*!-
408 Returns a pointer to the native key handle, if it is available;-
409 otherwise a null pointer is returned.-
410-
411 You can use this handle together with the native API to access-
412 extended information about the key.-
413-
414 \warning Use of this function has a high probability of being-
415 non-portable, and its return value may vary across platforms, and-
416 between minor Qt releases.-
417*/-
418Qt::HANDLE QSslKey::handle() const-
419{-
420 return d->handle();-
421}-
422-
423/*!-
424 Returns \c true if this key is equal to \a other; otherwise returns \c false.-
425*/-
426bool QSslKey::operator==(const QSslKey &other) const-
427{-
428 if (isNull())-
429 return other.isNull();-
430 if (other.isNull())-
431 return isNull();-
432 if (algorithm() != other.algorithm())-
433 return false;-
434 if (type() != other.type())-
435 return false;-
436 if (length() != other.length())-
437 return false;-
438 if (algorithm() == QSsl::Opaque)-
439 return handle() == other.handle();-
440 return toDer() == other.toDer();-
441}-
442-
443/*! \fn bool QSslKey::operator!=(const QSslKey &other) const-
444-
445 Returns \c true if this key is not equal to key \a other; otherwise-
446 returns \c false.-
447*/-
448-
449#ifndef QT_NO_DEBUG_STREAM-
450QDebug operator<<(QDebug debug, const QSslKey &key)-
451{-
452 QDebugStateSaver saver(debug);-
453 debug.resetFormat().nospace();-
454 debug << "QSslKey("-
455 << (key.type() == QSsl::PublicKey ? "PublicKey" : "PrivateKey")-
456 << ", " << (key.algorithm() == QSsl::Opaque ? "OPAQUE" :-
457 (key.algorithm() == QSsl::Rsa ? "RSA" : ((key.algorithm() == QSsl::Dsa) ? "DSA" : "EC")))-
458 << ", " << key.length()-
459 << ')';-
460 return debug;-
461}-
462#endif-
463-
464QT_END_NAMESPACE-
Source codeSwitch to Preprocessed file
Generated by Squish Coco Non-Commercial 4.3.0-BETA-master-30-08-2018-4cb69e9