HSTS - API/naming fixes

As recommended in API review: use 'is...STS...Enabled' and 'set...STS..Enabled(bool)' function names instead of stsEnabled and separate enable/disable functions. Replace QList with QVector in the public API. Change-Id: I1526124c830450058967ebc192d27575cc89292d Reviewed-by: Marc Mutz <marc.mutz@kdab.com>
author: Timur Pocheptsov <timur.pocheptsov@qt.io> 2017-02-22 18:22:02 +0100
committer: Timur Pocheptsov <timur.pocheptsov@qt.io> 2017-02-23 14:21:35 +0000
commit: b48e960969bee08174c79d6660de1e448f1c6b5c (patch)
tree: 0829d91de70220d759d55db9060b923b3482f3f4 /src/network
parent: 8fd6cef3724b2d676c5f6ae235956192d85eac39 (diff)
6 files changed, 34 insertions, 42 deletions
diff --git a/src/network/access/qhsts.cpp b/src/network/access/qhsts.cpp
index 5e4f75b0ed..3581fbc796 100644
--- a/src/network/access/qhsts.cpp
+++ b/src/network/access/qhsts.cpp
@@ -39,9 +39,9 @@
 
 #include "qhsts_p.h"
 
-#include "QtCore/qstringlist.h"
-
 #include "QtCore/private/qipaddress_p.h"
+#include "QtCore/qvector.h"
+#include "QtCore/qlist.h"
 
 QT_BEGIN_NAMESPACE
 
@@ -84,7 +84,7 @@ void QHstsCache::updateFromHeaders(const QList<QPair<QByteArray, QByteArray>> &h
         updateKnownHost(url.host(), parser.expirationDate(), parser.includeSubDomains());
 }
 
-void QHstsCache::updateFromPolicies(const QList<QHstsPolicy> &policies)
+void QHstsCache::updateFromPolicies(const QVector<QHstsPolicy> &policies)
 {
     for (const auto &policy : policies)
         updateKnownHost(policy.host(), policy.expiry(), policy.includesSubDomains());
@@ -183,9 +183,13 @@ void QHstsCache::clear()
     knownHosts.clear();
 }
 
-QList<QHstsPolicy> QHstsCache::policies() const
+QVector<QHstsPolicy> QHstsCache::policies() const
 {
-    return knownHosts.values();
+    QVector<QHstsPolicy> values;
+    values.reserve(knownHosts.size());
+    for (const auto &host : knownHosts)
+        values << host;
+    return values;
 }
 
 // The parser is quite simple: 'nextToken' knowns exactly what kind of tokens
diff --git a/src/network/access/qhsts_p.h b/src/network/access/qhsts_p.h
index 5d95f39b96..ab3ca536fb 100644
--- a/src/network/access/qhsts_p.h
+++ b/src/network/access/qhsts_p.h
@@ -57,26 +57,28 @@
 #include <QtCore/qdatetime.h>
 #include <QtCore/qstring.h>
 #include <QtCore/qglobal.h>
-#include <QtCore/qlist.h>
 #include <QtCore/qpair.h>
 #include <QtCore/qurl.h>
 #include <QtCore/qmap.h>
 
 QT_BEGIN_NAMESPACE
 
+template<typename T> class QList;
+template <typename T> class QVector;
+
 class Q_AUTOTEST_EXPORT QHstsCache
 {
 public:
 
     void updateFromHeaders(const QList<QPair<QByteArray, QByteArray>> &headers,
                            const QUrl &url);
-    void updateFromPolicies(const QList<QHstsPolicy> &hosts);
+    void updateFromPolicies(const QVector<QHstsPolicy> &hosts);
     void updateKnownHost(const QUrl &url, const QDateTime &expires,
                          bool includeSubDomains);
     bool isKnownHost(const QUrl &url) const;
     void clear();
 
-    QList<QHstsPolicy> policies() const;
+    QVector<QHstsPolicy> policies() const;
 
 private:
 
diff --git a/src/network/access/qhstspolicy.cpp b/src/network/access/qhstspolicy.cpp
index 6922e1d8f9..e8b4e0aeff 100644
--- a/src/network/access/qhstspolicy.cpp
+++ b/src/network/access/qhstspolicy.cpp
@@ -60,7 +60,7 @@ QT_BEGIN_NAMESPACE
     applies to subdomains, either in the constructor or by calling setExpiry(),
     setHost() and setIncludesSubdomains().
 
-    \sa QNetworkAccessManager::enableStrictTransportSecurity()
+    \sa QNetworkAccessManager::setStrictTransportSecurityEnabled()
 */
 
 class QHstsPolicyPrivate
diff --git a/src/network/access/qnetworkaccessmanager.cpp b/src/network/access/qnetworkaccessmanager.cpp
index 19e9ecc265..0b03865df8 100644
--- a/src/network/access/qnetworkaccessmanager.cpp
+++ b/src/network/access/qnetworkaccessmanager.cpp
@@ -697,36 +697,22 @@ void QNetworkAccessManager::setCookieJar(QNetworkCookieJar *cookieJar)
 /*!
     \since 5.9
 
-    Enables HTTP Strict Transport Security (HSTS, RFC6797). When processing a
-    request, QNetworkAccessManager automatically replaces "http" scheme with
-    "https" and uses a secure transport if a host is a known HSTS host.
-    Port 80 if it's set explicitly is replaced by port 443.
+    If \a enabled is \c true, QNetworkAccessManager follows the HTTP Strict Transport
+    Security policy (HSTS, RFC6797). When processing a request, QNetworkAccessManager
+    automatically replaces the "http" scheme with "https" and uses a secure transport
+    for HSTS hosts. If it's set explicitly, port 80 is replaced by port 443.
 
     When HSTS is enabled, for each HTTP response containing HSTS header and
     received over a secure transport, QNetworkAccessManager will update its HSTS
     cache, either remembering a host with a valid policy or removing a host with
-    expired/disabled HSTS policy.
+    an expired or disabled HSTS policy.
 
-    \sa disableStrictTransportSecurity(), strictTransportSecurityEnabled()
+    \sa isStrictTransportSecurityEnabled()
 */
-void QNetworkAccessManager::enableStrictTransportSecurity()
+void QNetworkAccessManager::setStrictTransportSecurityEnabled(bool enabled)
 {
     Q_D(QNetworkAccessManager);
-    d->stsEnabled = true;
-}
-
-/*!
-    \since 5.9
-
-    Disables HTTP Strict Transport Security (HSTS). HSTS headers in responses would
-    be ignored, no scheme/port mapping is done.
-
-    \sa enableStrictTransportSecurity()
-*/
-void QNetworkAccessManager::disableStrictTransportSecurity()
-{
-    Q_D(QNetworkAccessManager);
-    d->stsEnabled = false;
+    d->stsEnabled = enabled;
 }
 
 /*!
@@ -735,9 +721,9 @@ void QNetworkAccessManager::disableStrictTransportSecurity()
     Returns true if HTTP Strict Transport Security (HSTS) was enabled. By default
     HSTS is disabled.
 
-    \sa enableStrictTransportSecurity
+    \sa setStrictTransportSecurityEnabled()
 */
-bool QNetworkAccessManager::strictTransportSecurityEnabled() const
+bool QNetworkAccessManager::isStrictTransportSecurityEnabled() const
 {
     Q_D(const QNetworkAccessManager);
     return d->stsEnabled;
@@ -761,7 +747,7 @@ bool QNetworkAccessManager::strictTransportSecurityEnabled() const
     \sa addStrictTransportSecurityHosts(), QHstsPolicy
 */
 
-void QNetworkAccessManager::addStrictTransportSecurityHosts(const QList<QHstsPolicy> &knownHosts)
+void QNetworkAccessManager::addStrictTransportSecurityHosts(const QVector<QHstsPolicy> &knownHosts)
 {
     Q_D(QNetworkAccessManager);
     d->stsCache.updateFromPolicies(knownHosts);
@@ -776,7 +762,7 @@ void QNetworkAccessManager::addStrictTransportSecurityHosts(const QList<QHstsPol
 
     \sa addStrictTransportSecurityHosts(), QHstsPolicy
 */
-QList<QHstsPolicy> QNetworkAccessManager::strictTransportSecurityHosts() const
+QVector<QHstsPolicy> QNetworkAccessManager::strictTransportSecurityHosts() const
 {
     Q_D(const QNetworkAccessManager);
     return d->stsCache.policies();
@@ -1390,7 +1376,7 @@ QNetworkReply *QNetworkAccessManager::createRequest(QNetworkAccessManager::Opera
 #endif
         ) {
 #ifndef QT_NO_SSL
-        if (strictTransportSecurityEnabled() && d->stsCache.isKnownHost(request.url())) {
+        if (isStrictTransportSecurityEnabled() && d->stsCache.isKnownHost(request.url())) {
             QUrl stsUrl(request.url());
             // RFC6797, 8.3:
             // The UA MUST replace the URI scheme with "https" [RFC2818],
diff --git a/src/network/access/qnetworkaccessmanager.h b/src/network/access/qnetworkaccessmanager.h
index 52769627f3..7a03a29377 100644
--- a/src/network/access/qnetworkaccessmanager.h
+++ b/src/network/access/qnetworkaccessmanager.h
@@ -42,6 +42,7 @@
 
 #include <QtNetwork/qtnetworkglobal.h>
 #include <QtNetwork/qnetworkrequest.h>
+#include <QtCore/QVector>
 #include <QtCore/QObject>
 #ifndef QT_NO_SSL
 #include <QtNetwork/QSslConfiguration>
@@ -121,11 +122,10 @@ public:
     QNetworkCookieJar *cookieJar() const;
     void setCookieJar(QNetworkCookieJar *cookieJar);
 
-    void enableStrictTransportSecurity();
-    void disableStrictTransportSecurity();
-    bool strictTransportSecurityEnabled() const;
-    void addStrictTransportSecurityHosts(const QList<QHstsPolicy> &knownHosts);
-    QList<QHstsPolicy> strictTransportSecurityHosts() const;
+    void setStrictTransportSecurityEnabled(bool enabled);
+    bool isStrictTransportSecurityEnabled() const;
+    void addStrictTransportSecurityHosts(const QVector<QHstsPolicy> &knownHosts);
+    QVector<QHstsPolicy> strictTransportSecurityHosts() const;
 
     QNetworkReply *head(const QNetworkRequest &request);
     QNetworkReply *get(const QNetworkRequest &request);
diff --git a/src/network/access/qnetworkreply.cpp b/src/network/access/qnetworkreply.cpp
index ca27e66791..79afd21a1a 100644
--- a/src/network/access/qnetworkreply.cpp
+++ b/src/network/access/qnetworkreply.cpp
@@ -736,7 +736,7 @@ void QNetworkReply::setSslConfiguration(const QSslConfiguration &config)
     this function has no effect.
 
     \sa sslConfiguration(), sslErrors(), QSslSocket::ignoreSslErrors(),
-    QNetworkAccessManager::enableStrictTransportSecurity()
+    QNetworkAccessManager::setStrictTransportSecurityEnabled()
 */
 void QNetworkReply::ignoreSslErrors(const QList<QSslError> &errors)
 {
author	Timur Pocheptsov <timur.pocheptsov@qt.io>	2017-02-22 18:22:02 +0100
committer	Timur Pocheptsov <timur.pocheptsov@qt.io>	2017-02-23 14:21:35 +0000
commit	b48e960969bee08174c79d6660de1e448f1c6b5c (patch)
tree	0829d91de70220d759d55db9060b923b3482f3f4 /src/network
parent	8fd6cef3724b2d676c5f6ae235956192d85eac39 (diff)