Deprecate QSslCertificate::isValid() replace with isBlacklisted()

Currently isValid wrongly gives the impression it checks a certificate for validity - it doesn't. It merely checks if the certificate dates are valid and if the certificate is blacklisted. Since it's already easy for users to check the dates, let's just give them access to the ability to check for blacklisting. Change-Id: I25be3bde6a01063034702a9574b28469bf4882cd Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
2011-11-11 23:08:42 +00:00 · 2011-11-11 23:08:42 +00:00 · e66d3d9899
commit e66d3d9899
parent fd3d7429b2
5 changed files with 39 additions and 18 deletions
--- a/dist/changes-5.0.0
+++ b/dist/changes-5.0.0
@ -11,9 +11,14 @@ information about a particular change.
 *                       Source incompatible changes                        *
 ****************************************************************************

+
 - QSslCertificate::subjectInfo() and QSslCertificate::issuerInfo() now
  return a QStringList instead of a QString

+- QSslCertificate::isValid() has been deprecated. Originally it only checked
+  the certificate dates, but later checking for blacklisting was added. Now
+  there's a more specific QSslCertificate::isBlacklisted() method.
+
 - Unite clipping support has been removed from QPainter. The alternative is
  to unite QRegion's and using the result on QPainter.

--- a/src/network/ssl/qsslcertificate.cpp
+++ b/src/network/ssl/qsslcertificate.cpp
@ -62,11 +62,10 @@
    a DER (binary) or PEM (Base64) encoded bundle, typically stored as
    one or more local files, or in a Qt Resource.

-    You can call isNull() to check if your certificate is null. By
-    default, QSslCertificate constructs a null certificate. To check
-    if the certificate is valid, call isValid(). A null certificate is
-    invalid, but an invalid certificate is not necessarily null. If
-    you want to reset all contents in a certificate, call clear().
+    You can call isNull() to check if your certificate is null. By default,
+    QSslCertificate constructs a null certificate. A null certificate is
+    invalid, but an invalid certificate is not necessarily null. If you want
+    to reset all contents in a certificate, call clear().

    After loading a certificate, you can find information about the
    certificate, its subject, and its issuer, by calling one of the
@ -212,14 +211,17 @@ bool QSslCertificate::operator==(const QSslCertificate &other) const

    By default, QSslCertificate constructs a null certificate.

-    \sa isValid(), clear()
+    \sa clear()
 */
 bool QSslCertificate::isNull() const
 {
    return d->null;
 }

+#if QT_DEPRECATED_SINCE(5,0)
 /*!
+    \fn bool QSslCertificate::isValid() const
+
    Returns true if this certificate is valid; otherwise returns
    false.

@ -230,12 +232,17 @@ bool QSslCertificate::isNull() const

    \sa isNull()
 */
-bool QSslCertificate::isValid() const
+#endif
+
+/*!
+    Returns true if this certificate is blacklisted; otherwise
+    returns false.
+
+    \sa isNull()
+*/
+bool QSslCertificate::isBlacklisted() const
 {
-    const QDateTime currentTime = QDateTime::currentDateTime();
-    return currentTime >= d->notValidBefore &&
-            currentTime <= d->notValidAfter &&
-            ! QSslCertificatePrivate::isBlacklisted(*this);
+    return QSslCertificatePrivate::isBlacklisted(*this);
 }

 /*!
--- a/src/network/ssl/qsslcertificate.h
+++ b/src/network/ssl/qsslcertificate.h
@ -46,6 +46,7 @@
 #include <QtCore/qnamespace.h>
 #include <QtCore/qbytearray.h>
 #include <QtCore/qcryptographichash.h>
+#include <QtCore/qdatetime.h>
 #include <QtCore/qregexp.h>
 #include <QtCore/qsharedpointer.h>
 #include <QtCore/qmap.h>
@ -94,7 +95,15 @@ public:
    inline bool operator!=(const QSslCertificate &other) const { return !operator==(other); }

    bool isNull() const;
-    bool isValid() const;
+#if QT_DEPRECATED_SINCE(5,0)
+    QT_DEPRECATED inline bool isValid() const {
+        const QDateTime currentTime = QDateTime::currentDateTime();
+        return currentTime >= effectiveDate() &&
+               currentTime <= expiryDate() &&
+               !isBlacklisted();
+    }
+#endif
+    bool isBlacklisted() const;
    void clear();

    // Certificate info
--- a/src/network/ssl/qsslsocket_openssl.cpp
+++ b/src/network/ssl/qsslsocket_openssl.cpp
@ -336,7 +336,7 @@ init_context:
    foreach (const QSslCertificate &caCertificate, q->caCertificates()) {
        // add expired certs later, so that the
        // valid ones are used before the expired ones
-        if (! caCertificate.isValid()) {
+        if (caCertificate.expiryDate() > QDateTime::currentDateTime()) {
            expiredCerts.append(caCertificate);
        } else {
            q_X509_STORE_add_cert(ctx->cert_store, reinterpret_cast<X509 *>(caCertificate.handle()));
@ -1533,7 +1533,7 @@ QList<QSslError> QSslSocketBackendPrivate::verify(QList<QSslCertificate> certifi
    foreach (const QSslCertificate &caCertificate, QSslSocket::defaultCaCertificates()) {
        // add expired certs later, so that the
        // valid ones are used before the expired ones
-        if (!caCertificate.isValid()) {
+        if (caCertificate.expiryDate() > QDateTime::currentDateTime()) {
            expiredCerts.append(caCertificate);
        } else {
            q_X509_STORE_add_cert(certStore, reinterpret_cast<X509 *>(caCertificate.handle()));
--- a/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp
+++ b/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp
@ -193,7 +193,7 @@ void tst_QSslCertificate::emptyConstructor()
    QSslCertificate certificate;
    QVERIFY(certificate.isNull());
    //make sure none of the functions crash  (task 203035)
-    QVERIFY(!certificate.isValid());
+    QVERIFY(!certificate.isBlacklisted());
    QCOMPARE(certificate.version() , QByteArray());
    QCOMPARE(certificate.serialNumber(), QByteArray());
    QCOMPARE(certificate.digest(), QCryptographicHash::hash(QByteArray(), QCryptographicHash::Md5));
@ -256,7 +256,7 @@ void tst_QSslCertificate::compareCertificates(
 {
    QCOMPARE(cert1.isNull(), cert2.isNull());
    // Note: in theory, the next line could fail even if the certificates are identical!
-    QCOMPARE(cert1.isValid(), cert2.isValid());
+    QCOMPARE(cert1.isBlacklisted(), cert2.isBlacklisted());
    QCOMPARE(cert1.version(), cert2.version());
    QCOMPARE(cert1.serialNumber(), cert2.serialNumber());
    QCOMPARE(cert1.digest(), cert2.digest());
@ -723,7 +723,7 @@ void tst_QSslCertificate::certInfo()

    QCOMPARE(cert.effectiveDate().toUTC(), QDateTime(QDate(2007, 4, 17), QTime(7,40,26), Qt::UTC));
    QCOMPARE(cert.expiryDate().toUTC(), QDateTime(QDate(2007, 5, 17), QTime(7,40,26), Qt::UTC));
-    QVERIFY(!cert.isValid());   // cert has expired
+    QVERIFY(cert.expiryDate() < QDateTime::currentDateTime());   // cert has expired

    QSslCertificate copy = cert;
    QVERIFY(cert == copy);
@ -849,7 +849,7 @@ void tst_QSslCertificate::blacklistedCertificates()
    QList<QSslCertificate> blacklistedCerts = QSslCertificate::fromPath("more-certificates/blacklisted*.pem", QSsl::Pem, QRegExp::Wildcard);
    QVERIFY2(blacklistedCerts.count() > 0, "Please run this test from the source directory");
    for (int a = 0; a < blacklistedCerts.count(); a++) {
-        QVERIFY(! blacklistedCerts.at(a).isValid());
+        QVERIFY(blacklistedCerts.at(a).isBlacklisted());
    }
 }