qsslcertificate.cpp

Absolute File Name:

/home/qt/qt5_coco/qt5/qtbase/src/network/ssl/qsslcertificate.cpp

Source code

Switch to Preprocessed file

Line Source Count

1 /**************************************************************************** -

2 ** -

4 ** Contact: http://www.qt.io/licensing/ -

5 ** -

6 ** This file is part of the QtNetwork module of the Qt Toolkit. -

7 ** -

8 ** $QT_BEGIN_LICENSE:LGPL21$ -

9 ** Commercial License Usage -

10 ** Licensees holding valid commercial Qt licenses may use this file in -

11 ** accordance with the commercial license agreement provided with the -

12 ** Software or, alternatively, in accordance with the terms contained in -

13 ** a written agreement between you and The Qt Company. For licensing terms -

14 ** and conditions see http://www.qt.io/terms-conditions. For further -

15 ** information use the contact form at http://www.qt.io/contact-us. -

16 ** -

17 ** GNU Lesser General Public License Usage -

18 ** Alternatively, this file may be used under the terms of the GNU Lesser -

19 ** General Public License version 2.1 or version 3 as published by the Free -

20 ** Software Foundation and appearing in the file LICENSE.LGPLv21 and -

21 ** LICENSE.LGPLv3 included in the packaging of this file. Please review the -

22 ** following information to ensure the GNU Lesser General Public License -

23 ** requirements will be met: https://www.gnu.org/licenses/lgpl.html and -

24 ** http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html. -

25 ** -

26 ** As a special exception, The Qt Company gives you certain additional -

27 ** rights. These rights are described in The Qt Company LGPL Exception -

28 ** version 1.1, included in the file LGPL_EXCEPTION.txt in this package. -

29 ** -

30 ** $QT_END_LICENSE$ -

31 ** -

32 ****************************************************************************/ -

33 -

34 -

35 /*! -

36 \class QSslCertificate -

37 \brief The QSslCertificate class provides a convenient API for an X509 certificate. -

38 \since 4.3 -

39 -

40 \reentrant -

41 \ingroup network -

42 \ingroup ssl -

43 \ingroup shared -

44 \inmodule QtNetwork -

45 -

46 QSslCertificate stores an X509 certificate, and is commonly used -

47 to verify the identity and store information about the local host, -

48 a remotely connected peer, or a trusted third party Certificate -

49 Authority. -

50 -

51 There are many ways to construct a QSslCertificate. The most -

52 common way is to call QSslSocket::peerCertificate(), which returns -

53 a QSslCertificate object, or QSslSocket::peerCertificateChain(), -

54 which returns a list of them. You can also load certificates from -

55 a DER (binary) or PEM (Base64) encoded bundle, typically stored as -

56 one or more local files, or in a Qt Resource. -

57 -

58 You can call isNull() to check if your certificate is null. By default, -

59 QSslCertificate constructs a null certificate. A null certificate is -

60 invalid, but an invalid certificate is not necessarily null. If you want -

61 to reset all contents in a certificate, call clear(). -

62 -

63 After loading a certificate, you can find information about the -

64 certificate, its subject, and its issuer, by calling one of the -

65 many accessor functions, including version(), serialNumber(), -

66 issuerInfo() and subjectInfo(). You can call effectiveDate() and -

67 expiryDate() to check when the certificate starts being -

68 effective and when it expires. -

69 The publicKey() function returns the certificate -

70 subject's public key as a QSslKey. You can call issuerInfo() or -

71 subjectInfo() to get detailed information about the certificate -

72 issuer and its subject. -

73 -

74 Internally, QSslCertificate is stored as an X509 structure. You -

75 can access this handle by calling handle(), but the results are -

76 likely to not be portable. -

77 -

78 \sa QSslSocket, QSslKey, QSslCipher, QSslError -

79 */ -

80 -

81 /*! -

82 \enum QSslCertificate::SubjectInfo -

83 -

84 Describes keys that you can pass to QSslCertificate::issuerInfo() or -

85 QSslCertificate::subjectInfo() to get information about the certificate -

86 issuer or subject. -

87 -

88 \value Organization "O" The name of the organization. -

89 -

90 \value CommonName "CN" The common name; most often this is used to store -

91 the host name. -

92 -

93 \value LocalityName "L" The locality. -

94 -

95 \value OrganizationalUnitName "OU" The organizational unit name. -

96 -

97 \value CountryName "C" The country. -

98 -

99 \value StateOrProvinceName "ST" The state or province. -

100 -

101 \value DistinguishedNameQualifier The distinguished name qualifier -

102 -

103 \value SerialNumber The certificate's serial number -

104 -

105 \value EmailAddress The email address associated with the certificate -

106 */ -

107 -

108 #include <QtCore/qglobal.h> -

109 #ifndef QT_NO_OPENSSL -

110 #include "qsslsocket_openssl_symbols_p.h" -

111 #endif -

112 #ifdef Q_OS_WINRT -

113 #include "qsslsocket_winrt_p.h" -

114 #endif -

115 #ifdef QT_SECURETRANSPORT -

116 #include "qsslsocket_mac_p.h" -

117 #endif -

118 -

119 #include "qssl_p.h" -

120 #include "qsslcertificate.h" -

121 #include "qsslcertificate_p.h" -

122 #include "qsslkey_p.h" -

123 -

124 #include <QtCore/qdir.h> -

125 #include <QtCore/qdiriterator.h> -

126 #include <QtCore/qfile.h> -

127 -

128 QT_BEGIN_NAMESPACE -

129 -

130 /*! -

131 Constructs a QSslCertificate by reading \a format encoded data -

132 from \a device and using the first certificate found. You can -

133 later call isNull() to see if \a device contained a certificate, -

134 and if this certificate was loaded successfully. -

135 */ -

136 QSslCertificate::QSslCertificate(QIODevice *device, QSsl::EncodingFormat format) -

137 : d(new QSslCertificatePrivate) -

138 { -

139 QSslSocketPrivate::ensureInitialized(); -

140

if (device)

device	Description
TRUE	evaluated 4 times by 1 test Evaluated by: tst_qsslcertificate - unknown status
FALSE	never evaluated

0-4

141

d->init(device->readAll(), format);

executed 4 times by 1 test: d->init(device->readAll(), format);

Executed by:

tst_qsslcertificate - unknown status

142

}

executed 4 times by 1 test: end of block

Executed by:

tst_qsslcertificate - unknown status

143 -

144 /*! -

145 Constructs a QSslCertificate by parsing the \a format encoded -

146 \a data and using the first available certificate found. You can -

147 later call isNull() to see if \a data contained a certificate, -

148 and if this certificate was loaded successfully. -

149 */ -

150 QSslCertificate::QSslCertificate(const QByteArray &data, QSsl::EncodingFormat format) -

151 : d(new QSslCertificatePrivate) -

152 { -

153 QSslSocketPrivate::ensureInitialized(); -

154 d->init(data, format); -

155

}

executed 30293 times by 16 tests: end of block

Executed by:

tst_NetworkSelfTest
tst_QAbstractNetworkCache
tst_QHttpNetworkConnection
tst_QNetworkAccessManager_And_QProgressDialog
tst_QNetworkDiskCache
tst_QNetworkProxyFactory
tst_QNetworkReply
tst_QXmlInputSource
tst_Spdy
tst_qsslcertificate - unknown status
tst_qsslellipticcurve - unknown status
tst_qsslerror - unknown status
tst_qsslsocket - unknown status
tst_qsslsocket_onDemandCertificates_member - unknown status
tst_qsslsocket_onDemandCertificates_static - unknown status
tst_qtcpsocket - unknown status

30293

156 -

157 /*! -

158 Constructs an identical copy of \a other. -

159 */ -

160 QSslCertificate::QSslCertificate(const QSslCertificate &other) : d(other.d) -

161 { -

162

}

executed 50512 times by 9 tests: end of block

Executed by:

tst_NetworkSelfTest
tst_QHttpNetworkConnection
tst_QNetworkReply
tst_Spdy
tst_qsslcertificate - unknown status
tst_qsslerror - unknown status
tst_qsslsocket - unknown status
tst_qsslsocket_onDemandCertificates_member - unknown status
tst_qsslsocket_onDemandCertificates_static - unknown status

50512

163 -

164 /*! -

165 Destroys the QSslCertificate. -

166 */ -

167 QSslCertificate::~QSslCertificate() -

168 { -

169 } -

170 -

171 /*! -

172 Copies the contents of \a other into this certificate, making the two -

173 certificates identical. -

174 */ -

175 QSslCertificate &QSslCertificate::operator=(const QSslCertificate &other) -

176 { -

177 d = other.d; -

178

return *this;

executed 2163 times by 10 tests: return *this;

Executed by:

tst_NetworkSelfTest
tst_QHttpNetworkConnection
tst_QNetworkReply
tst_Spdy
tst_qsslcertificate - unknown status
tst_qsslerror - unknown status
tst_qsslsocket - unknown status
tst_qsslsocket_onDemandCertificates_member - unknown status
tst_qsslsocket_onDemandCertificates_static - unknown status
tst_qtcpsocket - unknown status

2163

179 } -

180 -

181 /*! -

182 \fn void QSslCertificate::swap(QSslCertificate &other) -

183 \since 5.0 -

184 -

185 Swaps this certificate instance with \a other. This function is -

186 very fast and never fails. -

187 */ -

188 -

189 /*! -

190 \fn bool QSslCertificate::operator==(const QSslCertificate &other) const -

191 -

192 Returns \c true if this certificate is the same as \a other; otherwise -

193 returns \c false. -

194 */ -

195 -

196 /*! -

197 \fn bool QSslCertificate::operator!=(const QSslCertificate &other) const -

198 -

199 Returns \c true if this certificate is not the same as \a other; otherwise -

200 returns \c false. -

201 */ -

202 -

203 /*! -

204 \fn bool QSslCertificate::isNull() const -

205 -

206 Returns \c true if this is a null certificate (i.e., a certificate -

207 with no contents); otherwise returns \c false. -

208 -

209 By default, QSslCertificate constructs a null certificate. -

210 -

211 \sa clear() -

212 */ -

213 -

214 #if QT_DEPRECATED_SINCE(5,0) -

215 /*! -

216 \fn bool QSslCertificate::isValid() const -

217 \obsolete -

218 -

219 To verify a certificate, use verify(). -

220 To check if a certificate is blacklisted, use isBlacklisted(). -

221 To check if a certificate has expired or is not yet valid, compare -

222 expiryDate() and effectiveDate() with QDateTime::currentDateTime() -

223 -

224 This function checks that the current -

225 date-time is within the date-time range during which the -

226 certificate is considered valid, and checks that the -

227 certificate is not in a blacklist of fraudulent certificates. -

228 -

229 \sa isNull(), verify(), isBlacklisted(), expiryDate(), effectiveDate() -

230 */ -

231 #endif -

232 -

233 /*! -

234 Returns \c true if this certificate is blacklisted; otherwise -

235 returns \c false. -

236 -

237 \sa isNull() -

238 */ -

239 bool QSslCertificate::isBlacklisted() const -

240 { -

241

return QSslCertificatePrivate::isBlacklisted(*this);

executed 55 times by 1 test: return QSslCertificatePrivate::isBlacklisted(*this);

Executed by:

tst_qsslcertificate - unknown status

242 } -

243 -

244 /*! -

245 \fn bool QSslCertificate::isSelfSigned() const -

246 \since 5.4 -

247 -

248 Returns \c true if this certificate is self signed; otherwise -

249 returns \c false. -

250 -

251 A certificate is considered self-signed its issuer and subject -

252 are identical. -

253 */ -

254 -

255 /*! -

256 Clears the contents of this certificate, making it a null -

257 certificate. -

258 -

259 \sa isNull() -

260 */ -

261 void QSslCertificate::clear() -

262 { -

263

if (isNull())

isNull()	Description
TRUE	evaluated 2055 times by 8 tests Evaluated by: tst_NetworkSelfTest tst_QHttpNetworkConnection tst_QNetworkReply tst_Spdy tst_qsslsocket - unknown status tst_qsslsocket_onDemandCertificates_member - unknown status tst_qsslsocket_onDemandCertificates_static - unknown status tst_qtcpsocket - unknown status
FALSE	evaluated 59 times by 2 tests Evaluated by: tst_QNetworkReply tst_qsslsocket - unknown status

59-2055

264

return;

executed 2055 times by 8 tests: return;

Executed by:

tst_NetworkSelfTest
tst_QHttpNetworkConnection
tst_QNetworkReply
tst_Spdy
tst_qsslsocket - unknown status
tst_qsslsocket_onDemandCertificates_member - unknown status
tst_qsslsocket_onDemandCertificates_static - unknown status
tst_qtcpsocket - unknown status

2055

265 d = new QSslCertificatePrivate; -

266

}

executed 59 times by 2 tests: end of block

Executed by:

tst_QNetworkReply
tst_qsslsocket - unknown status

267 -

268 /*! -

269 \fn QByteArray QSslCertificate::version() const -

270 Returns the certificate's version string. -

271 */ -

272 -

273 /*! -

274 \fn QByteArray QSslCertificate::serialNumber() const -

275 -

276 Returns the certificate's serial number string in hexadecimal format. -

277 */ -

278 -

279 /*! -

280 Returns a cryptographic digest of this certificate. By default, -

281 an MD5 digest will be generated, but you can also specify a -

282 custom \a algorithm. -

283 */ -

284 QByteArray QSslCertificate::digest(QCryptographicHash::Algorithm algorithm) const -

285 { -

286

return QCryptographicHash::hash(toDer(), algorithm);

executed 49 times by 1 test: return QCryptographicHash::hash(toDer(), algorithm);

Executed by:

tst_qsslcertificate - unknown status

287 } -

288 -

289 /*! -

290 \fn QString QSslCertificate::issuerInfo(SubjectInfo subject) const -

291 -

292 Returns the issuer information for the \a subject from the -

293 certificate, or an empty list if there is no information for -

294 \a subject in the certificate. There can be more than one entry -

295 of each type. -

296 -

297 \sa subjectInfo() -

298 */ -

299 -

300 /*! -

301 \fn QStringList QSslCertificate::issuerInfo(const QByteArray &attribute) const -

302 -

303 Returns the issuer information for \a attribute from the certificate, -

304 or an empty list if there is no information for \a attribute in the -

305 certificate. There can be more than one entry for an attribute. -

306 -

307 \sa subjectInfo() -

308 */ -

309 -

310 /*! -

311 \fn QString QSslCertificate::subjectInfo(SubjectInfo subject) const -

312 -

313 Returns the information for the \a subject, or an empty list if -

314 there is no information for \a subject in the certificate. There -

315 can be more than one entry of each type. -

316 -

317 \sa issuerInfo() -

318 */ -

319 -

320 /*! -

321 \fn QStringList QSslCertificate::subjectInfo(const QByteArray &attribute) const -

322 -

323 Returns the subject information for \a attribute, or an empty list if -

324 there is no information for \a attribute in the certificate. There -

325 can be more than one entry for an attribute. -

326 -

327 \sa issuerInfo() -

328 */ -

329 -

330 /*! -

331 \fn QList<QByteArray> QSslCertificate::subjectInfoAttributes() const -

332 -

333 \since 5.0 -

334 Returns a list of the attributes that have values in the subject -

335 information of this certificate. The information associated -

336 with a given attribute can be accessed using the subjectInfo() -

337 method. Note that this list may include the OIDs for any -

338 elements that are not known by the SSL backend. -

339 -

340 \sa subjectInfo() -

341 */ -

342 -

343 /*! -

344 \fn QList<QByteArray> QSslCertificate::issuerInfoAttributes() const -

345 -

346 \since 5.0 -

347 Returns a list of the attributes that have values in the issuer -

348 information of this certificate. The information associated -

349 with a given attribute can be accessed using the issuerInfo() -

350 method. Note that this list may include the OIDs for any -

351 elements that are not known by the SSL backend. -

352 -

353 \sa subjectInfo() -

354 */ -

355 -

356 #if QT_DEPRECATED_SINCE(5,0) -

357 /*! -

358 \fn QMultiMap<QSsl::AlternateNameEntryType, QString> QSslCertificate::alternateSubjectNames() const -

359 \obsolete -

360 -

361 Use QSslCertificate::subjectAlternativeNames(); -

362 */ -

363 #endif -

364 -

365 /*! -

366 \fn QMultiMap<QSsl::AlternativeNameEntryType, QString> QSslCertificate::subjectAlternativeNames() const -

367 -

368 Returns the list of alternative subject names for this -

369 certificate. The alternative names typically contain host -

370 names, optionally with wildcards, that are valid for this -

371 certificate. -

372 -

373 These names are tested against the connected peer's host name, if -

374 either the subject information for \l CommonName doesn't define a -

375 valid host name, or the subject info name doesn't match the peer's -

376 host name. -

377 -

378 \sa subjectInfo() -

379 */ -

380 -

381 /*! -

382 \fn QDateTime QSslCertificate::effectiveDate() const -

383 -

384 Returns the date-time that the certificate becomes valid, or an -

385 empty QDateTime if this is a null certificate. -

386 -

387 \sa expiryDate() -

388 */ -

389 -

390 /*! -

391 \fn QDateTime QSslCertificate::expiryDate() const -

392 -

393 Returns the date-time that the certificate expires, or an empty -

394 QDateTime if this is a null certificate. -

395 -

396 \sa effectiveDate() -

397 */ -

398 -

399 /*! -

400 \fn Qt::HANDLE QSslCertificate::handle() const -

401 Returns a pointer to the native certificate handle, if there is -

402 one, or a null pointer otherwise. -

403 -

404 You can use this handle, together with the native API, to access -

405 extended information about the certificate. -

406 -

407 \warning Use of this function has a high probability of being -

408 non-portable, and its return value may vary from platform to -

409 platform or change from minor release to minor release. -

410 */ -

411 -

412 /*! -

413 \fn QSslKey QSslCertificate::publicKey() const -

414 Returns the certificate subject's public key. -

415 */ -

416 -

417 /*! -

418 \fn QList<QSslCertificateExtension> QSslCertificate::extensions() const -

419 -

420 Returns a list containing the X509 extensions of this certificate. -

421 \since 5.0 -

422 */ -

423 -

424 /*! -

425 \fn QByteArray QSslCertificate::toPem() const -

426 -

427 Returns this certificate converted to a PEM (Base64) encoded -

428 representation. -

429 */ -

430 -

431 /*! -

432 \fn QByteArray QSslCertificate::toDer() const -

433 -

434 Returns this certificate converted to a DER (binary) encoded -

435 representation. -

436 */ -

437 -

438 /*! -

439 \fn QString QSslCertificate::toText() const -

440 -

441 Returns this certificate converted to a human-readable text -

442 representation. -

443 -

444 \since 5.0 -

445 */ -

446 -

447 /*! -

448 Searches all files in the \a path for certificates encoded in the -

449 specified \a format and returns them in a list. \a path must be a file -

450 or a pattern matching one or more files, as specified by \a syntax. -

451 -

452 Example: -

453 -

454 \snippet code/src_network_ssl_qsslcertificate.cpp 0 -

455 -

456 \sa fromData() -

457 */ -

458 QList<QSslCertificate> QSslCertificate::fromPath(const QString &path, -

459 QSsl::EncodingFormat format, -

460 QRegExp::PatternSyntax syntax) -

461 { -

462 // $, (,), *, +, ., ?, [, ,], ^, {, | and }. -

463 -

464 // make sure to use the same path separators on Windows and Unix like systems. -

465 QString sourcePath = QDir::fromNativeSeparators(path); -

466 -

467 // Find the path without the filename -

468 QString pathPrefix = sourcePath.left(sourcePath.lastIndexOf(QLatin1Char('/'))); -

469 -

470 // Check if the path contains any special chars -

471 int pos = -1; -

472

if (syntax == QRegExp::Wildcard)

syntax == QRegExp::Wildcard	Description
TRUE	evaluated 22 times by 1 test Evaluated by: tst_qsslcertificate - unknown status
FALSE	evaluated 9843 times by 4 tests Evaluated by: tst_QNetworkReply tst_qsslcertificate - unknown status tst_qsslsocket - unknown status tst_qsslsocket_onDemandCertificates_static - unknown status

22-9843

473

pos = pathPrefix.indexOf(QRegExp(QLatin1String("[*?[]")));

executed 22 times by 1 test: pos = pathPrefix.indexOf(QRegExp(QLatin1String("[*?[]")));

Executed by:

tst_qsslcertificate - unknown status

474

else if (syntax != QRegExp::FixedString)

syntax != QRegExp::FixedString	Description
TRUE	evaluated 16 times by 1 test Evaluated by: tst_qsslcertificate - unknown status
FALSE	evaluated 9827 times by 4 tests Evaluated by: tst_QNetworkReply tst_qsslcertificate - unknown status tst_qsslsocket - unknown status tst_qsslsocket_onDemandCertificates_static - unknown status

16-9827

475

pos = sourcePath.indexOf(QRegExp(QLatin1String("[\\$\$\$\\*\\+\\.\\?\\[\\]\\^\\{\\}\\|]")));

executed 16 times by 1 test: pos = sourcePath.indexOf(QRegExp(QLatin1String("[\\$\$\$\\*\\+\\.\\?\\[\\]\\^\\{\\}\\|]")));

Executed by:

tst_qsslcertificate - unknown status

476

if (pos != -1) {

pos != -1	Description
TRUE	evaluated 20 times by 1 test Evaluated by: tst_qsslcertificate - unknown status
FALSE	evaluated 9845 times by 4 tests Evaluated by: tst_QNetworkReply tst_qsslcertificate - unknown status tst_qsslsocket - unknown status tst_qsslsocket_onDemandCertificates_static - unknown status

20-9845

477 // there was a special char in the path so cut of the part containing that char. -

478 pathPrefix = pathPrefix.left(pos); -

479

if (pathPrefix.contains(QLatin1Char('/')))

pathPrefix.con...tin1Char('/'))	Description
TRUE	never evaluated
FALSE	evaluated 20 times by 1 test Evaluated by: tst_qsslcertificate - unknown status

0-20

480

pathPrefix = pathPrefix.left(pathPrefix.lastIndexOf(QLatin1Char('/')));

never executed: pathPrefix = pathPrefix.left(pathPrefix.lastIndexOf(QLatin1Char('/')));

481 else -

482

pathPrefix.clear();

executed 20 times by 1 test: pathPrefix.clear();

Executed by:

tst_qsslcertificate - unknown status

483 } else { -

484 // Check if the path is a file. -

485

if (QFileInfo(sourcePath).isFile()) {

QFileInfo(sourcePath).isFile()	Description
TRUE	evaluated 9707 times by 4 tests Evaluated by: tst_QNetworkReply tst_qsslcertificate - unknown status tst_qsslsocket - unknown status tst_qsslsocket_onDemandCertificates_static - unknown status
FALSE	evaluated 138 times by 3 tests Evaluated by: tst_qsslcertificate - unknown status tst_qsslsocket - unknown status tst_qsslsocket_onDemandCertificates_static - unknown status

138-9707

486 QFile file(sourcePath); -

487 QIODevice::OpenMode openMode = QIODevice::ReadOnly; -

488

if (format == QSsl::Pem)

format == QSsl::Pem	Description
TRUE	evaluated 9705 times by 4 tests Evaluated by: tst_QNetworkReply tst_qsslcertificate - unknown status tst_qsslsocket - unknown status tst_qsslsocket_onDemandCertificates_static - unknown status
FALSE	evaluated 2 times by 1 test Evaluated by: tst_qsslcertificate - unknown status

2-9705

489

openMode |= QIODevice::Text;

executed 9705 times by 4 tests: openMode |= QIODevice::Text;

Executed by:

tst_QNetworkReply
tst_qsslcertificate - unknown status
tst_qsslsocket - unknown status
tst_qsslsocket_onDemandCertificates_static - unknown status

9705

490

if (file.open(openMode))

file.open(openMode)	Description
TRUE	evaluated 9707 times by 4 tests Evaluated by: tst_QNetworkReply tst_qsslcertificate - unknown status tst_qsslsocket - unknown status tst_qsslsocket_onDemandCertificates_static - unknown status
FALSE	never evaluated

0-9707

491

return QSslCertificate::fromData(file.readAll(), format);

executed 9707 times by 4 tests: return QSslCertificate::fromData(file.readAll(), format);

Executed by:

tst_QNetworkReply
tst_qsslcertificate - unknown status
tst_qsslsocket - unknown status
tst_qsslsocket_onDemandCertificates_static - unknown status

9707

492

return QList<QSslCertificate>();

never executed: return QList<QSslCertificate>();

493 } -

494

}

executed 138 times by 3 tests: end of block

Executed by:

tst_qsslcertificate - unknown status
tst_qsslsocket - unknown status
tst_qsslsocket_onDemandCertificates_static - unknown status

138

495 -

496 // Special case - if the prefix ends up being nothing, use "." instead. -

497 int startIndex = 0; -

498

if (pathPrefix.isEmpty()) {

pathPrefix.isEmpty()	Description
TRUE	evaluated 26 times by 1 test Evaluated by: tst_qsslcertificate - unknown status
FALSE	evaluated 132 times by 3 tests Evaluated by: tst_qsslcertificate - unknown status tst_qsslsocket - unknown status tst_qsslsocket_onDemandCertificates_static - unknown status

26-132

499 pathPrefix = QLatin1String("."); -

500 startIndex = 2; -

501

}

executed 26 times by 1 test: end of block

Executed by:

tst_qsslcertificate - unknown status

502 -

503 // The path can be a file or directory. -

504 QList<QSslCertificate> certs; -

505 QRegExp pattern(sourcePath, Qt::CaseSensitive, syntax); -

506 QDirIterator it(pathPrefix, QDir::Files, QDirIterator::FollowSymlinks | QDirIterator::Subdirectories); -

507

while (it.hasNext()) {

it.hasNext()	Description
TRUE	evaluated 2628 times by 1 test Evaluated by: tst_qsslcertificate - unknown status
FALSE	evaluated 158 times by 3 tests Evaluated by: tst_qsslcertificate - unknown status tst_qsslsocket - unknown status tst_qsslsocket_onDemandCertificates_static - unknown status

158-2628

508

QString filePath = startIndex == 0 ? it.next() : it.next().mid(startIndex);

startIndex == 0	Description
TRUE	evaluated 496 times by 1 test Evaluated by: tst_qsslcertificate - unknown status
FALSE	evaluated 2132 times by 1 test Evaluated by: tst_qsslcertificate - unknown status

496-2132

509

if (!pattern.exactMatch(filePath))

!pattern.exactMatch(filePath)	Description
TRUE	evaluated 2492 times by 1 test Evaluated by: tst_qsslcertificate - unknown status
FALSE	evaluated 136 times by 1 test Evaluated by: tst_qsslcertificate - unknown status

136-2492

510

continue;

executed 2492 times by 1 test: continue;

Executed by:

tst_qsslcertificate - unknown status

2492

511 -

512 QFile file(filePath); -

513 QIODevice::OpenMode openMode = QIODevice::ReadOnly; -

514

if (format == QSsl::Pem)

format == QSsl::Pem	Description
TRUE	evaluated 94 times by 1 test Evaluated by: tst_qsslcertificate - unknown status
FALSE	evaluated 42 times by 1 test Evaluated by: tst_qsslcertificate - unknown status

42-94

515

openMode |= QIODevice::Text;

executed 94 times by 1 test: openMode |= QIODevice::Text;

Executed by:

tst_qsslcertificate - unknown status

516

if (file.open(openMode))

file.open(openMode)	Description
TRUE	evaluated 136 times by 1 test Evaluated by: tst_qsslcertificate - unknown status
FALSE	never evaluated

0-136

517

certs += QSslCertificate::fromData(file.readAll(), format);

executed 136 times by 1 test: certs += QSslCertificate::fromData(file.readAll(), format);

Executed by:

tst_qsslcertificate - unknown status

136

518

}

executed 136 times by 1 test: end of block

Executed by:

tst_qsslcertificate - unknown status

136

519

return certs;

executed 158 times by 3 tests: return certs;

Executed by:

tst_qsslcertificate - unknown status
tst_qsslsocket - unknown status
tst_qsslsocket_onDemandCertificates_static - unknown status

158

520 } -

521 -

522 /*! -

523 Searches for and parses all certificates in \a device that are -

524 encoded in the specified \a format and returns them in a list of -

525 certificates. -

526 -

527 \sa fromData() -

528 */ -

529 QList<QSslCertificate> QSslCertificate::fromDevice(QIODevice *device, QSsl::EncodingFormat format) -

530 { -

531

if (!device) {

!device	Description
TRUE	evaluated 1 time by 1 test Evaluated by: tst_qsslcertificate - unknown status
FALSE	never evaluated

0-1

532

qCWarning(lcSsl, "QSslCertificate::fromDevice: cannot read from a null device");

executed 1 time by 1 test:

QMessageLogger(__FILE__, 532, __PRETTY_FUNCTION__, lcSsl().categoryName()).warning("QSslCertificate::fromDevice: cannot read from a null device");

Executed by:

tst_qsslcertificate - unknown status

qt_category_enabled	Description
TRUE	evaluated 1 time by 1 test Evaluated by: tst_qsslcertificate - unknown status
FALSE	evaluated 1 time by 1 test Evaluated by: tst_qsslcertificate - unknown status

533

return QList<QSslCertificate>();

executed 1 time by 1 test: return QList<QSslCertificate>();

Executed by:

tst_qsslcertificate - unknown status

534 } -

535

return fromData(device->readAll(), format);

never executed: return fromData(device->readAll(), format);

536 } -

537 -

538 /*! -

539 Searches for and parses all certificates in \a data that are -

540 encoded in the specified \a format and returns them in a list of -

541 certificates. -

542 -

543 \sa fromDevice() -

544 */ -

545 QList<QSslCertificate> QSslCertificate::fromData(const QByteArray &data, QSsl::EncodingFormat format) -

546 { -

547

return (format == QSsl::Pem)

executed 9843 times by 4 tests:

return (format == QSsl::Pem) ? QSslCertificatePrivate::certificatesFromPem(data) : QSslCertificatePrivate::certificatesFromDer(data);

Executed by:

tst_QNetworkReply
tst_qsslcertificate - unknown status
tst_qsslsocket - unknown status
tst_qsslsocket_onDemandCertificates_static - unknown status

(format == QSsl::Pem)	Description
TRUE	evaluated 9799 times by 4 tests Evaluated by: tst_QNetworkReply tst_qsslcertificate - unknown status tst_qsslsocket - unknown status tst_qsslsocket_onDemandCertificates_static - unknown status
FALSE	evaluated 44 times by 1 test Evaluated by: tst_qsslcertificate - unknown status

44-9843

548

? QSslCertificatePrivate::certificatesFromPem(data)

executed 9843 times by 4 tests:

return (format == QSsl::Pem) ? QSslCertificatePrivate::certificatesFromPem(data) : QSslCertificatePrivate::certificatesFromDer(data);

Executed by:

tst_QNetworkReply
tst_qsslcertificate - unknown status
tst_qsslsocket - unknown status
tst_qsslsocket_onDemandCertificates_static - unknown status

9843

549

: QSslCertificatePrivate::certificatesFromDer(data);

executed 9843 times by 4 tests:

return (format == QSsl::Pem) ? QSslCertificatePrivate::certificatesFromPem(data) : QSslCertificatePrivate::certificatesFromDer(data);

Executed by:

tst_QNetworkReply
tst_qsslcertificate - unknown status
tst_qsslsocket - unknown status
tst_qsslsocket_onDemandCertificates_static - unknown status

9843

550 } -

551 -

552 /*! -

553 Verifies a certificate chain. The chain to be verified is passed in the -

554 \a certificateChain parameter. The first certificate in the list should -

555 be the leaf certificate of the chain to be verified. If \a hostName is -

556 specified then the certificate is also checked to see if it is valid for -

557 the specified host name. -

558 -

559 Note that the root (CA) certificate should not be included in the list to be verified, -

560 this will be looked up automatically either using the CA list specified by -

561 QSslSocket::defaultCaCertificates() or, if possible, it will be loaded on demand -

562 on Unix. -

563 -

564 \since 5.0 -

565 */ -

566 #if QT_VERSION >= QT_VERSION_CHECK(6,0,0) -

567 QList<QSslError> QSslCertificate::verify(const QList<QSslCertificate> &certificateChain, const QString &hostName) -

568 #else -

569 QList<QSslError> QSslCertificate::verify(QList<QSslCertificate> certificateChain, const QString &hostName) -

570 #endif -

571 { -

572

return QSslSocketBackendPrivate::verify(certificateChain, hostName);

executed 8 times by 1 test: return QSslSocketBackendPrivate::verify(certificateChain, hostName);

Executed by:

tst_qsslcertificate - unknown status

573 } -

574 -

575 /*! -

576 \since 5.4 -

577 -

578 Imports a PKCS#12 (pfx) file from the specified \a device. A PKCS#12 -

579 file is a bundle that can contain a number of certificates and keys. -

580 This method reads a single \a key, its \a certificate and any -

581 associated \a caCertificates from the bundle. If a \a passPhrase is -

582 specified then this will be used to decrypt the bundle. Returns -

583 \c true if the PKCS#12 file was successfully loaded. -

584 -

585 \note The \a device must be open and ready to be read from. -

586 */ -

587 bool QSslCertificate::importPkcs12(QIODevice *device, -

588 QSslKey *key, QSslCertificate *certificate, -

589 QList<QSslCertificate> *caCertificates, -

590 const QByteArray &passPhrase) -

591 { -

592

return QSslSocketBackendPrivate::importPkcs12(device, key, certificate, caCertificates, passPhrase);

executed 1 time by 1 test: return QSslSocketBackendPrivate::importPkcs12(device, key, certificate, caCertificates, passPhrase);

Executed by:

tst_qsslcertificate - unknown status

593 } -

594 -

595 // These certificates are known to be fraudulent and were created during the comodo -

596 // compromise. See http://www.comodo.com/Comodo-Fraud-Incident-2011-03-23.html -

597 static const char *const certificate_blacklist[] = { -

598 "04:7e:cb:e9:fc:a5:5f:7b:d0:9e:ae:36:e1:0c:ae:1e", "mail.google.com", // Comodo -

599 "f5:c8:6a:f3:61:62:f1:3a:64:f5:4f:6d:c9:58:7c:06", "www.google.com", // Comodo -

600 "d7:55:8f:da:f5:f1:10:5b:b2:13:28:2b:70:77:29:a3", "login.yahoo.com", // Comodo -

601 "39:2a:43:4f:0e:07:df:1f:8a:a3:05:de:34:e0:c2:29", "login.yahoo.com", // Comodo -

602 "3e:75:ce:d4:6b:69:30:21:21:88:30:ae:86:a8:2a:71", "login.yahoo.com", // Comodo -

603 "e9:02:8b:95:78:e4:15:dc:1a:71:0a:2b:88:15:44:47", "login.skype.com", // Comodo -

604 "92:39:d5:34:8f:40:d1:69:5a:74:54:70:e1:f2:3f:43", "addons.mozilla.org", // Comodo -

605 "b0:b7:13:3e:d0:96:f9:b5:6f:ae:91:c8:74:bd:3a:c0", "login.live.com", // Comodo -

606 "d8:f3:5f:4e:b7:87:2b:2d:ab:06:92:e3:15:38:2f:b0", "global trustee", // Comodo -

607 -

608 "05:e2:e6:a4:cd:09:ea:54:d6:65:b0:75:fe:22:a2:56", "*.google.com", // leaf certificate issued by DigiNotar -

609 "0c:76:da:9c:91:0c:4e:2c:9e:fe:15:d0:58:93:3c:4c", "DigiNotar Root CA", // DigiNotar root -

610 "f1:4a:13:f4:87:2b:56:dc:39:df:84:ca:7a:a1:06:49", "DigiNotar Services CA", // DigiNotar intermediate signed by DigiNotar Root -

611 "36:16:71:55:43:42:1b:9d:e6:cb:a3:64:41:df:24:38", "DigiNotar Services 1024 CA", // DigiNotar intermediate signed by DigiNotar Root -

612 "0a:82:bd:1e:14:4e:88:14:d7:5b:1a:55:27:be:bf:3e", "DigiNotar Root CA G2", // other DigiNotar Root CA -

613 "a4:b6:ce:e3:2e:d3:35:46:26:3c:b3:55:3a:a8:92:21", "CertiID Enterprise Certificate Authority", // DigiNotar intermediate signed by "DigiNotar Root CA G2" -

614 "5b:d5:60:9c:64:17:68:cf:21:0e:35:fd:fb:05:ad:41", "DigiNotar Qualified CA", // DigiNotar intermediate signed by DigiNotar Root -

615 -

616 "46:9c:2c:b0", "DigiNotar Services 1024 CA", // DigiNotar intermediate cross-signed by Entrust -

617 "07:27:10:0d", "DigiNotar Cyber CA", // DigiNotar intermediate cross-signed by CyberTrust -

618 "07:27:0f:f9", "DigiNotar Cyber CA", // DigiNotar intermediate cross-signed by CyberTrust -

619 "07:27:10:03", "DigiNotar Cyber CA", // DigiNotar intermediate cross-signed by CyberTrust -

620 "01:31:69:b0", "DigiNotar PKIoverheid CA Overheid en Bedrijven", // DigiNotar intermediate cross-signed by the Dutch government -

621 "01:31:34:bf", "DigiNotar PKIoverheid CA Organisatie - G2", // DigiNotar intermediate cross-signed by the Dutch government -

622 "d6:d0:29:77:f1:49:fd:1a:83:f2:b9:ea:94:8c:5c:b4", "DigiNotar Extended Validation CA", // DigiNotar intermediate signed by DigiNotar EV Root -

623 "1e:7d:7a:53:3d:45:30:41:96:40:0f:71:48:1f:45:04", "DigiNotar Public CA 2025", // DigiNotar intermediate -

624 // "(has not been seen in the wild so far)", "DigiNotar Public CA - G2", // DigiNotar intermediate -

625 // "(has not been seen in the wild so far)", "Koninklijke Notariele Beroepsorganisatie CA", // compromised during DigiNotar breach -

626 // "(has not been seen in the wild so far)", "Stichting TTP Infos CA," // compromised during DigiNotar breach -

627 "46:9c:2c:af", "DigiNotar Root CA", // DigiNotar intermediate cross-signed by Entrust -

628 "46:9c:3c:c9", "DigiNotar Root CA", // DigiNotar intermediate cross-signed by Entrust -

629 -

630 "07:27:14:a9", "Digisign Server ID (Enrich)", // (Malaysian) Digicert Sdn. Bhd. cross-signed by Verizon CyberTrust -

631 "4c:0e:63:6a", "Digisign Server ID - (Enrich)", // (Malaysian) Digicert Sdn. Bhd. cross-signed by Entrust -

632 "72:03:21:05:c5:0c:08:57:3d:8e:a5:30:4e:fe:e8:b0", "UTN-USERFirst-Hardware", // comodogate test certificate -

633 "41", "MD5 Collisions Inc. (http://www.phreedom.org/md5)", // http://www.phreedom.org/research/rogue-ca/ -

634 -

635 "08:27", "*.EGO.GOV.TR", // Turktrust mis-issued intermediate certificate -

636 "08:64", "e-islem.kktcmerkezbankasi.org", // Turktrust mis-issued intermediate certificate -

637 -

638 "03:1d:a7", "AC DG Tr\xC3\xA9sor SSL", // intermediate certificate linking back to ANSSI French National Security Agency -

639 "27:83", "NIC Certifying Authority", // intermediate certificate from NIC India (2007) -

640 "27:92", "NIC CA 2011", // intermediate certificate from NIC India (2011) -

641 "27:b1", "NIC CA 2014", // intermediate certificate from NIC India (2014) -

642 0 -

643 }; -

644 -

645 bool QSslCertificatePrivate::isBlacklisted(const QSslCertificate &certificate) -

646 { -

647

for (int a = 0; certificate_blacklist[a] != 0; a++) {

certificate_blacklist[a] != 0	Description
TRUE	evaluated 16867 times by 8 tests Evaluated by: tst_NetworkSelfTest tst_QHttpNetworkConnection tst_QNetworkReply tst_Spdy tst_qsslcertificate - unknown status tst_qsslsocket - unknown status tst_qsslsocket_onDemandCertificates_member - unknown status tst_qsslsocket_onDemandCertificates_static - unknown status
FALSE	evaluated 461 times by 8 tests Evaluated by: tst_NetworkSelfTest tst_QHttpNetworkConnection tst_QNetworkReply tst_Spdy tst_qsslcertificate - unknown status tst_qsslsocket - unknown status tst_qsslsocket_onDemandCertificates_member - unknown status tst_qsslsocket_onDemandCertificates_static - unknown status

461-16867

648 QString blacklistedCommonName = QString::fromUtf8(certificate_blacklist[(a+1)]); -

649

if (certificate.serialNumber() == certificate_blacklist[a++] &&

certificate.se...blacklist[a++]	Description
TRUE	evaluated 18 times by 2 tests Evaluated by: tst_qsslcertificate - unknown status tst_qsslsocket - unknown status
FALSE	evaluated 16849 times by 8 tests Evaluated by: tst_NetworkSelfTest tst_QHttpNetworkConnection tst_QNetworkReply tst_Spdy tst_qsslcertificate - unknown status tst_qsslsocket - unknown status tst_qsslsocket_onDemandCertificates_member - unknown status tst_qsslsocket_onDemandCertificates_static - unknown status

18-16849

650

(certificate.subjectInfo(QSslCertificate::CommonName).contains(blacklistedCommonName) ||

certificate.su...tedCommonName)	Description
TRUE	evaluated 18 times by 2 tests Evaluated by: tst_qsslcertificate - unknown status tst_qsslsocket - unknown status
FALSE	never evaluated

0-18

651

certificate.issuerInfo(QSslCertificate::CommonName).contains(blacklistedCommonName)))

certificate.is...tedCommonName)	Description
TRUE	never evaluated
FALSE	never evaluated

652

return true;

executed 18 times by 2 tests: return true;

Executed by:

tst_qsslcertificate - unknown status
tst_qsslsocket - unknown status

653

}

executed 16849 times by 8 tests: end of block

Executed by:

tst_NetworkSelfTest
tst_QHttpNetworkConnection
tst_QNetworkReply
tst_Spdy
tst_qsslcertificate - unknown status
tst_qsslsocket - unknown status
tst_qsslsocket_onDemandCertificates_member - unknown status
tst_qsslsocket_onDemandCertificates_static - unknown status

16849

654

return false;

executed 461 times by 8 tests: return false;

Executed by:

tst_NetworkSelfTest
tst_QHttpNetworkConnection
tst_QNetworkReply
tst_Spdy
tst_qsslcertificate - unknown status
tst_qsslsocket - unknown status
tst_qsslsocket_onDemandCertificates_member - unknown status
tst_qsslsocket_onDemandCertificates_static - unknown status

461

655 } -

656 -

657 QByteArray QSslCertificatePrivate::subjectInfoToString(QSslCertificate::SubjectInfo info) -

658 { -

659 QByteArray str; -

660 switch (info) { -

661

case QSslCertificate::Organization: str = QByteArray("O"); break;

executed 76 times by 1 test: break;

Executed by:

tst_qsslcertificate - unknown status

executed 76 times by 1 test: case QSslCertificate::Organization:

Executed by:

tst_qsslcertificate - unknown status

662

case QSslCertificate::CommonName: str = QByteArray("CN"); break;

executed 481 times by 8 tests: break;

Executed by:

tst_NetworkSelfTest
tst_QHttpNetworkConnection
tst_QNetworkReply
tst_Spdy
tst_qsslcertificate - unknown status
tst_qsslsocket - unknown status
tst_qsslsocket_onDemandCertificates_member - unknown status
tst_qsslsocket_onDemandCertificates_static - unknown status

executed 481 times by 8 tests: case QSslCertificate::CommonName:

Executed by:

tst_NetworkSelfTest
tst_QHttpNetworkConnection
tst_QNetworkReply
tst_Spdy
tst_qsslcertificate - unknown status
tst_qsslsocket - unknown status
tst_qsslsocket_onDemandCertificates_member - unknown status
tst_qsslsocket_onDemandCertificates_static - unknown status

481

663

case QSslCertificate::LocalityName: str = QByteArray("L"); break;

executed 74 times by 1 test: break;

Executed by:

tst_qsslcertificate - unknown status

executed 74 times by 1 test: case QSslCertificate::LocalityName:

Executed by:

tst_qsslcertificate - unknown status

664

case QSslCertificate::OrganizationalUnitName: str = QByteArray("OU"); break;

executed 74 times by 1 test: break;

Executed by:

tst_qsslcertificate - unknown status

executed 74 times by 1 test: case QSslCertificate::OrganizationalUnitName:

Executed by:

tst_qsslcertificate - unknown status

665

case QSslCertificate::CountryName: str = QByteArray("C"); break;

executed 74 times by 1 test: break;

Executed by:

tst_qsslcertificate - unknown status

executed 74 times by 1 test: case QSslCertificate::CountryName:

Executed by:

tst_qsslcertificate - unknown status

666

case QSslCertificate::StateOrProvinceName: str = QByteArray("ST"); break;

executed 74 times by 1 test: break;

Executed by:

tst_qsslcertificate - unknown status

executed 74 times by 1 test: case QSslCertificate::StateOrProvinceName:

Executed by:

tst_qsslcertificate - unknown status

667

case QSslCertificate::DistinguishedNameQualifier: str = QByteArray("dnQualifier"); break;

never executed: break;

never executed: case QSslCertificate::DistinguishedNameQualifier:

668

case QSslCertificate::SerialNumber: str = QByteArray("serialNumber"); break;

never executed: break;

never executed: case QSslCertificate::SerialNumber:

669

case QSslCertificate::EmailAddress: str = QByteArray("emailAddress"); break;

never executed: break;

never executed: case QSslCertificate::EmailAddress:

670 } -

671

return str;

executed 853 times by 8 tests: return str;

Executed by:

tst_NetworkSelfTest
tst_QHttpNetworkConnection
tst_QNetworkReply
tst_Spdy
tst_qsslcertificate - unknown status
tst_qsslsocket - unknown status
tst_qsslsocket_onDemandCertificates_member - unknown status
tst_qsslsocket_onDemandCertificates_static - unknown status

853

672 } -

673 -

674 /*! -

675 \fn uint qHash(const QSslCertificate &key, uint seed) -

676 -

677 Returns the hash value for the \a key, using \a seed to seed the calculation. -

678 \since 5.4 -

679 \relates QHash -

680 */ -

681 -

682 #ifndef QT_NO_DEBUG_STREAM -

683 QDebug operator<<(QDebug debug, const QSslCertificate &certificate) -

684 { -

685 QDebugStateSaver saver(debug); -

686 debug.resetFormat().nospace(); -

687 debug << "QSslCertificate(" -

688 << certificate.version() -

689 << ", " << certificate.serialNumber() -

690 << ", " << certificate.digest().toBase64() -

691 << ", " << certificate.issuerInfo(QSslCertificate::Organization) -

692 << ", " << certificate.subjectInfo(QSslCertificate::Organization) -

693 << ", " << certificate.subjectAlternativeNames() -

694 #ifndef QT_NO_DATESTRING -

695 << ", " << certificate.effectiveDate() -

696 << ", " << certificate.expiryDate() -

697 #endif -

698 << ')'; -

699

return debug;

never executed: return debug;

700 } -

701 QDebug operator<<(QDebug debug, QSslCertificate::SubjectInfo info) -

702 { -

703 switch (info) { -

704

case QSslCertificate::Organization: debug << "Organization"; break;

never executed: break;

never executed: case QSslCertificate::Organization:

705

case QSslCertificate::CommonName: debug << "CommonName"; break;

never executed: break;

never executed: case QSslCertificate::CommonName:

706

case QSslCertificate::CountryName: debug << "CountryName"; break;

never executed: break;

never executed: case QSslCertificate::CountryName:

707

case QSslCertificate::LocalityName: debug << "LocalityName"; break;

never executed: break;

never executed: case QSslCertificate::LocalityName:

708

case QSslCertificate::OrganizationalUnitName: debug << "OrganizationalUnitName"; break;

never executed: break;

never executed: case QSslCertificate::OrganizationalUnitName:

709

case QSslCertificate::StateOrProvinceName: debug << "StateOrProvinceName"; break;

never executed: break;

never executed: case QSslCertificate::StateOrProvinceName:

710

case QSslCertificate::DistinguishedNameQualifier: debug << "DistinguishedNameQualifier"; break;

never executed: break;

never executed: case QSslCertificate::DistinguishedNameQualifier:

711

case QSslCertificate::SerialNumber: debug << "SerialNumber"; break;

never executed: break;

never executed: case QSslCertificate::SerialNumber:

712

case QSslCertificate::EmailAddress: debug << "EmailAddress"; break;

never executed: break;

never executed: case QSslCertificate::EmailAddress:

713 } -

714

return debug;

never executed: return debug;

715 } -

716 #endif -

717 -

718 QT_END_NAMESPACE -

Source code

Switch to Preprocessed file

Generated by Squish Coco Non-Commercial 4.3.0-BETA-master-30-08-2018-4cb69e9