diff options
| author | Marc Mutz <marc.mutz@kdab.com> | 2014-09-25 15:55:35 +0200 |
|---|---|---|
| committer | Giuseppe D'Angelo <giuseppe.dangelo@kdab.com> | 2014-10-19 07:32:37 +0200 |
| commit | e8bdc949fc3646ff323a4fb4b83835e089a86b77 (patch) | |
| tree | 2fe58431501cec9f66d514be66ba39bff4b9121f /src/network | |
| parent | adadb5e870c1b805aa3dabe12ae29005c8f1a406 (diff) | |
Add qHash(QSslCertificate) overload
qsslsocket_winrt.cpp defined it locally, which runs the risk of
clashes with a potential user-defined qHash(QSslCertificate), so
make it public.
Also, the implementation in qsslsocket_winrt.cpp simply hashed
the handle(), which violates the principle that equal instances
must hash to the same value. Also, for some platforms, the
implementation returns nullptr unconditionally, which, while not
violating the above-mentioned principle, will make all users of
the hash have worst-case complexity.
To calculate a meaningful hash, therefore, the certificate needs
to be inspected deeper than just the handle.
For OpenSSL, we use X509::sha1_hash, which also X509_cmp uses
internally to determine inequality (it checks more stuff, but
if X059::sha1_hash is different, X509_cmp() returns non-zero,
which is sufficient for the purposes of qHash()). sha1_hash may
not be up-to-date, though, so we call X509_cmp to make it valid.
Ugh.
For WinRT/Qt, we use the DER encoding, as that is the native
storage format used in QSslCertificate. This is not equivalent
to the implementation used in qsslsocket_winrt.cpp before, but
since handle() == handle() => toDer() == toDer(), it should not
be a problem.
[ChangeLog][QtNetwork][QSslCertificate] Can now be used as a key in QSet/QHash.
Change-Id: I10858fe648c70fc9535af6913dd3b7f3b2cf0eba
Reviewed-by: Oliver Wolff <oliver.wolff@digia.com>
Diffstat (limited to 'src/network')
| -rw-r--r-- | src/network/ssl/qsslcertificate.cpp | 6 | ||||
| -rw-r--r-- | src/network/ssl/qsslcertificate.h | 6 | ||||
| -rw-r--r-- | src/network/ssl/qsslcertificate_openssl.cpp | 11 | ||||
| -rw-r--r-- | src/network/ssl/qsslcertificate_qt.cpp | 6 | ||||
| -rw-r--r-- | src/network/ssl/qsslsocket_winrt.cpp | 5 |
5 files changed, 29 insertions, 5 deletions
diff --git a/src/network/ssl/qsslcertificate.cpp b/src/network/ssl/qsslcertificate.cpp index 8d38a5fd54..13bddcb3ea 100644 --- a/src/network/ssl/qsslcertificate.cpp +++ b/src/network/ssl/qsslcertificate.cpp @@ -662,7 +662,13 @@ QByteArray QSslCertificatePrivate::subjectInfoToString(QSslCertificate::SubjectI return str; } +/*! + \fn uint qHash(const QSslCertificate &key, uint seed) + Returns the hash value for the \a key, using \a seed to seed the calculation. + \since 5.4 + \relates QHash +*/ #ifndef QT_NO_DEBUG_STREAM QDebug operator<<(QDebug debug, const QSslCertificate &certificate) diff --git a/src/network/ssl/qsslcertificate.h b/src/network/ssl/qsslcertificate.h index d1290b1d42..e34ea97fc4 100644 --- a/src/network/ssl/qsslcertificate.h +++ b/src/network/ssl/qsslcertificate.h @@ -59,6 +59,10 @@ class QSslKey; class QSslCertificateExtension; class QStringList; +class QSslCertificate; +// qHash is a friend, but we can't use default arguments for friends (ยง8.3.6.4) +Q_NETWORK_EXPORT uint qHash(const QSslCertificate &key, uint seed = 0) Q_DECL_NOTHROW; + class QSslCertificatePrivate; class Q_NETWORK_EXPORT QSslCertificate { @@ -145,6 +149,8 @@ private: QExplicitlySharedDataPointer<QSslCertificatePrivate> d; friend class QSslCertificatePrivate; friend class QSslSocketBackendPrivate; + + friend Q_NETWORK_EXPORT uint qHash(const QSslCertificate &key, uint seed) Q_DECL_NOTHROW; }; Q_DECLARE_SHARED(QSslCertificate) diff --git a/src/network/ssl/qsslcertificate_openssl.cpp b/src/network/ssl/qsslcertificate_openssl.cpp index 850654835d..1906c72ff8 100644 --- a/src/network/ssl/qsslcertificate_openssl.cpp +++ b/src/network/ssl/qsslcertificate_openssl.cpp @@ -62,6 +62,17 @@ bool QSslCertificate::operator==(const QSslCertificate &other) const return false; } +uint qHash(const QSslCertificate &key, uint seed) Q_DECL_NOTHROW +{ + if (X509 * const x509 = key.d->x509) { + (void)q_X509_cmp(x509, x509); // populate x509->sha1_hash + // (if someone knows a better way...) + return qHashBits(x509->sha1_hash, SHA_DIGEST_LENGTH, seed); + } else { + return seed; + } +} + bool QSslCertificate::isNull() const { return d->null; diff --git a/src/network/ssl/qsslcertificate_qt.cpp b/src/network/ssl/qsslcertificate_qt.cpp index 16df4a8f73..d74042a95f 100644 --- a/src/network/ssl/qsslcertificate_qt.cpp +++ b/src/network/ssl/qsslcertificate_qt.cpp @@ -67,6 +67,12 @@ bool QSslCertificate::operator==(const QSslCertificate &other) const return d->derData == other.d->derData; } +uint qHash(const QSslCertificate &key, uint seed) Q_DECL_NOTHROW +{ + // DER is the native encoding here, so toDer() is just "return d->derData": + return qHash(key.toDer(), seed); +} + bool QSslCertificate::isNull() const { return d->null; diff --git a/src/network/ssl/qsslsocket_winrt.cpp b/src/network/ssl/qsslsocket_winrt.cpp index c9ddd9ec1b..69f8b6d68a 100644 --- a/src/network/ssl/qsslsocket_winrt.cpp +++ b/src/network/ssl/qsslsocket_winrt.cpp @@ -70,11 +70,6 @@ inline uint qHash(const QSslError &error, uint seed) Q_DECL_NOEXCEPT_EXPR(noexcept(qHash(error))) { return (qHash(error.error()) ^ seed); } -// For QSet<QSslCertificate> -inline uint qHash(const QSslCertificate &certificate, uint seed) - Q_DECL_NOEXCEPT_EXPR(noexcept(qHash(certificate))) -{ return (qHash(certificate.handle()) ^ seed); } - bool QSslSocketPrivate::s_libraryLoaded = true; bool QSslSocketPrivate::s_loadRootCertsOnDemand = true; bool QSslSocketPrivate::s_loadedCiphersAndCerts = false; |