remove unnecessary secure array usage from cert api

svn path=/trunk/kdesupport/qca/; revision=674313

examples/cmssigner/main.cpp

@@ -152,7 +152,7 @@ bool CertItem::fromString(const QString &in)
 	chain.clear();
 	for(int n = 0; n < chainCount; ++n)
 	{
-		QCA::Certificate cert = QCA::Certificate::fromDER(QCA::Base64().stringToArray(parts[n + 2]));
+		QCA::Certificate cert = QCA::Certificate::fromDER(QCA::Base64().stringToArray(parts[n + 2]).toByteArray());
 		if(cert.isNull())
 			return false;
 		chain += cert;

include/QtCrypto/qca_cert.h

@@ -949,7 +949,7 @@ CertificateInfoOrdered info = cert.subjectInfoOrdered();
 	/**
 	   Export the Certificate into a DER format
 	*/
-	SecureArray toDER() const;
+	QByteArray toDER() const;
 
 	/**
 	   Export the Certificate into a PEM format
@@ -975,7 +975,7 @@ CertificateInfoOrdered info = cert.subjectInfoOrdered();
 	   \return the Certificate corresponding to the certificate in the
 	   provided array
 	*/
-	static Certificate fromDER(const SecureArray &a, ConvertResult *result = 0, const QString &provider = QString());
+	static Certificate fromDER(const QByteArray &a, ConvertResult *result = 0, const QString &provider = QString());
 
 	/**
 	   Import the certificate from PEM format
@@ -1292,7 +1292,7 @@ public:
 
 	   \note this only applies to PKCS#10 format certificate requests
 	*/
-	SecureArray toDER() const;
+	QByteArray toDER() const;
 
 	/**
 	   Export the Certificate Request into a PEM format
@@ -1324,7 +1324,7 @@ public:
 
 	   \note this only applies to PKCS#10 format certificate requests
 	*/
-	static CertificateRequest fromDER(const SecureArray &a, ConvertResult *result = 0, const QString &provider = QString());
+	static CertificateRequest fromDER(const QByteArray &a, ConvertResult *result = 0, const QString &provider = QString());
 
 	/**
 	   Import the certificate request from PEM format
@@ -1629,7 +1629,7 @@ public:
 
 	   \return an array containing the CRL in DER format
 	*/
-	SecureArray toDER() const;
+	QByteArray toDER() const;
 
 	/**
 	   Export the %Certificate Revocation List (CRL) in PEM format
@@ -1657,7 +1657,7 @@ public:
 
 	   \return the CRL corresponding to the contents of the array
 	*/
-	static CRL fromDER(const SecureArray &a, ConvertResult *result = 0, const QString &provider = QString());
+	static CRL fromDER(const QByteArray &a, ConvertResult *result = 0, const QString &provider = QString());
 
 	/**
 	   Import a PEM encoded %Certificate Revocation List (CRL)

include/QtCrypto/qcaprovider.h

@@ -222,9 +222,9 @@ public:
 	CertBase(Provider *p, const QString &type) : BasicContext(p, type) {}
 
 	// import / export
-	virtual SecureArray toDER() const = 0;
+	virtual QByteArray toDER() const = 0;
 	virtual QString toPEM() const = 0;
-	virtual ConvertResult fromDER(const SecureArray &a) = 0;
+	virtual ConvertResult fromDER(const QByteArray &a) = 0;
 	virtual ConvertResult fromPEM(const QString &s) = 0;
 };
 
@@ -242,7 +242,7 @@ public:
 	bool isCA;
 	bool isSelfSigned;               // cert only
 	int pathLimit;
-	SecureArray sig;
+	QByteArray sig;
 	SignatureAlgorithm sigalgo;
 	QByteArray subjectId, issuerId;  // cert only
 	QString challenge;               // csr only
@@ -256,7 +256,7 @@ public:
 	int number;
 	QDateTime thisUpdate, nextUpdate;
 	QList<CRLEntry> revoked;
-	SecureArray sig;
+	QByteArray sig;
 	SignatureAlgorithm sigalgo;
 	QByteArray issuerId;
 };

plugins/qca-openssl/qca-openssl.cpp

@@ -2880,7 +2880,7 @@ public:
 		return (!cert && !req && !crl);
 	}
 
-	SecureArray toDER() const
+	QByteArray toDER() const
 	{
 		BIO *bo = BIO_new(BIO_s_mem());
 		if(cert)
@@ -2889,7 +2889,7 @@ public:
 			i2d_X509_REQ_bio(bo, req);
 		else if(crl)
 			i2d_X509_CRL_bio(bo, crl);
-		SecureArray buf = bio2buf(bo);
+		QByteArray buf = bio2ba(bo);
 		return buf;
 	}
 
@@ -2902,11 +2902,11 @@ public:
 			PEM_write_bio_X509_REQ(bo, req);
 		else if(crl)
 			PEM_write_bio_X509_CRL(bo, crl);
-		SecureArray buf = bio2buf(bo);
+		QByteArray buf = bio2ba(bo);
-		return QString::fromLatin1(buf.toByteArray());
+		return QString::fromLatin1(buf);
 	}
 
-	ConvertResult fromDER(const SecureArray &in, Type t)
+	ConvertResult fromDER(const QByteArray &in, Type t)
 	{
 		reset();
 
@@ -3023,7 +3023,7 @@ public:
 		return new MyCertContext(*this);
 	}
 
-	virtual SecureArray toDER() const
+	virtual QByteArray toDER() const
 	{
 		return item.toDER();
 	}
@@ -3033,7 +3033,7 @@ public:
 		return item.toPEM();
 	}
 
-	virtual ConvertResult fromDER(const SecureArray &a)
+	virtual ConvertResult fromDER(const QByteArray &a)
 	{
 		_props = CertContextProps();
 		ConvertResult r = item.fromDER(a, X509Item::TypeCert);
@@ -3332,7 +3332,7 @@ public:
 
 		if (x->signature)
 		{
-			p.sig = SecureArray(x->signature->length);
+			p.sig = QByteArray(x->signature->length, 0);
 			for (int i=0; i< x->signature->length; i++)
 				p.sig[i] = x->signature->data[i];
 		}
@@ -3425,7 +3425,7 @@ public:
 		return new MyCSRContext(*this);
 	}
 
-	virtual SecureArray toDER() const
+	virtual QByteArray toDER() const
 	{
 		return item.toDER();
 	}
@@ -3435,7 +3435,7 @@ public:
 		return item.toPEM();
 	}
 
-	virtual ConvertResult fromDER(const SecureArray &a)
+	virtual ConvertResult fromDER(const QByteArray &a)
 	{
 		_props = CertContextProps();
 		ConvertResult r = item.fromDER(a, X509Item::TypeReq);
@@ -3649,7 +3649,7 @@ public:
 
 		if (x->signature)
 		{
-			p.sig = SecureArray(x->signature->length);
+			p.sig = QByteArray(x->signature->length, 0);
 			for (int i=0; i< x->signature->length; i++)
 				p.sig[i] = x->signature->data[i];
 		}
@@ -3707,7 +3707,7 @@ public:
 		return new MyCRLContext(*this);
 	}
 
-	virtual SecureArray toDER() const
+	virtual QByteArray toDER() const
 	{
 		return item.toDER();
 	}
@@ -3717,8 +3717,9 @@ public:
 		return item.toPEM();
 	}
 
-	virtual ConvertResult fromDER(const SecureArray &a)
+	virtual ConvertResult fromDER(const QByteArray &a)
 	{
+		_props = CRLContextProps();
 		ConvertResult r = item.fromDER(a, X509Item::TypeCRL);
 		if(r == ConvertGood)
 			make_props();
@@ -3839,7 +3840,7 @@ public:
 
 		if (x->signature)
 		{
-			p.sig = SecureArray(x->signature->length);
+			p.sig = QByteArray(x->signature->length, 0);
 			for (int i=0; i< x->signature->length; i++)
 				p.sig[i] = x->signature->data[i];
 		}

plugins/qca-pkcs11/qca-pkcs11.cpp

@@ -2476,7 +2476,7 @@ pkcs11KeyStoreListContext::_deserializeCertificate (
 
 		*p_has_private = list[n++].toInt () != 0;
 
-		SecureArray endCertificateBytes = Base64 ().stringToArray (_unescapeString (list[n++]));
+		QByteArray endCertificateBytes = Base64 ().stringToArray (_unescapeString (list[n++])).toByteArray ();
 		Certificate endCertificate = Certificate::fromDER (endCertificateBytes);
 
 		if (endCertificate.isNull ()) {
@@ -2496,7 +2496,7 @@ pkcs11KeyStoreListContext::_deserializeCertificate (
 		chain = endCertificate;
 		while (n < list.size ()) {
 			Certificate cert = Certificate::fromDER (
-				Base64 ().stringToArray (_unescapeString (list[n++]))
+				Base64 ().stringToArray (_unescapeString (list[n++])).toByteArray ()
 			);
 			if (cert.isNull ()) {
 				throw pkcs11Exception (rv, "Invalid certificate");

plugins/qca-softstore/qca-softstore.cpp

@@ -1155,7 +1155,7 @@ public:
 
 						foreach (QString s, base64certs) {
 							entry.chain += Certificate::fromDER (
-								Base64 ().stringToArray (s),
+								Base64 ().stringToArray (s).toByteArray (),
 								&cresult
 							);
 						}
@@ -1270,7 +1270,7 @@ private:
 
 		while (n < list.size ()) {
 			Certificate cert = Certificate::fromDER (
-				Base64 ().stringToArray (_unescapeString (list[n++]))
+				Base64 ().stringToArray (_unescapeString (list[n++])).toByteArray ()
 			);
 			if (cert.isNull ()) {
 				goto cleanup;

src/qca_cert.cpp

@@ -1429,7 +1429,7 @@ Validity Certificate::validate(const CertificateCollection &trusted, const Certi
 	return static_cast<const CertContext *>(context())->validate(trusted_list, untrusted_list, crl_list, u);*/
 }
 
-SecureArray Certificate::toDER() const
+QByteArray Certificate::toDER() const
 {
 	return static_cast<const CertContext *>(context())->toDER();
 }
@@ -1444,7 +1444,7 @@ bool Certificate::toPEMFile(const QString &fileName) const
 	return stringToFile(fileName, toPEM());
 }
 
-Certificate Certificate::fromDER(const SecureArray &a, ConvertResult *result, const QString &provider)
+Certificate Certificate::fromDER(const QByteArray &a, ConvertResult *result, const QString &provider)
 {
 	Certificate c;
 	CertContext *cc = static_cast<CertContext *>(getContext("cert", provider));
@@ -1733,7 +1733,7 @@ bool CertificateRequest::operator==(const CertificateRequest &otherCsr) const
 	return static_cast<const CSRContext *>(context())->compare(other);
 }
 
-SecureArray CertificateRequest::toDER() const
+QByteArray CertificateRequest::toDER() const
 {
 	return static_cast<const CSRContext *>(context())->toDER();
 }
@@ -1748,7 +1748,7 @@ bool CertificateRequest::toPEMFile(const QString &fileName) const
 	return stringToFile(fileName, toPEM());
 }
 
-CertificateRequest CertificateRequest::fromDER(const SecureArray &a, ConvertResult *result, const QString &provider)
+CertificateRequest CertificateRequest::fromDER(const QByteArray &a, ConvertResult *result, const QString &provider)
 {
 	CertificateRequest c;
 	CSRContext *csr = static_cast<CSRContext *>(getContext("csr", provider));
@@ -1987,7 +1987,7 @@ QByteArray CRL::issuerKeyId() const
 	return static_cast<const CRLContext *>(context())->props()->issuerId;
 }
 
-SecureArray CRL::toDER() const
+QByteArray CRL::toDER() const
 {
 	return static_cast<const CRLContext *>(context())->toDER();
 }
@@ -2013,7 +2013,7 @@ bool CRL::operator==(const CRL &otherCrl) const
 	return static_cast<const CRLContext *>(context())->compare(other);
 }
 
-CRL CRL::fromDER(const SecureArray &a, ConvertResult *result, const QString &provider)
+CRL CRL::fromDER(const QByteArray &a, ConvertResult *result, const QString &provider)
 {
 	CRL c;
 	CRLContext *cc = static_cast<CRLContext *>(getContext("crl", provider));

src/qca_default.cpp

@@ -1023,7 +1023,7 @@ public:
 			//c->item_id = QString::number(n);
 			QString ename = c->makeName();
 			//QString ename = names[n];
-			QString eid = QString::number(qHash(certs[n].toDER().toByteArray()));
+			QString eid = QString::number(qHash(certs[n].toDER()));
 			c->item_name = ename;
 			c->item_id = eid;
 			c->item_save = makeId(storeId(0), name(0), eid, ename, "cert", certs[n].toPEM());
@@ -1033,7 +1033,7 @@ public:
 		{
 			DefaultKeyStoreEntry *c = new DefaultKeyStoreEntry(crls[n], storeId(0), name(0), provider());
 			QString ename = c->makeName();
-			QString eid = QString::number(qHash(certs[n].toDER().toByteArray()));
+			QString eid = QString::number(qHash(certs[n].toDER()));
 			c->item_name = ename;
 			c->item_id = eid;
 			c->item_save = makeId(storeId(0), name(0), eid, ename, "crl", crls[n].toPEM());

unittest/certunittest/certunittest.cpp

@@ -115,10 +115,9 @@ void CertUnitTest::CAcertstest()
 	    QCA::ConvertResult resultca1;
 	    QCA::Certificate ca1 = QCA::Certificate::fromPEMFile( "certs/RootCAcert.pem", &resultca1, provider);
 
-	    QCOMPARE( ca1.pathLimit(), 0 );
-
 	    QCOMPARE( resultca1, QCA::ConvertGood );
 	    QCOMPARE( ca1.isNull(), false );
+	    QCOMPARE( ca1.pathLimit(), 0 );
 	    QCOMPARE( ca1.isCA(), true );
 	    QCOMPARE( ca1.isSelfSigned(), true );
 
@@ -298,7 +297,7 @@ void CertUnitTest::checkExpiredClientCerts()
 	    QCOMPARE( client1.validate( trusted, untrusted, QCA::UsageTimeStamping ), QCA::ErrorExpired );
 	    QCOMPARE( client1.validate( trusted, untrusted, QCA::UsageEmailProtection ), QCA::ErrorExpired );
 	    QCOMPARE( client1.validate( trusted, untrusted, QCA::UsageCRLSigning ), QCA::ErrorExpired );
-	    QCA::SecureArray derClient1 = client1.toDER();
+	    QByteArray derClient1 = client1.toDER();
 	    QCOMPARE( derClient1.isEmpty(), false );
 	    QCA::Certificate fromDer1 = QCA::Certificate::fromDER( derClient1, &resultClient1, provider );
 	    QCOMPARE( resultClient1, QCA::ConvertGood );
@@ -406,7 +405,7 @@ void CertUnitTest::checkClientCerts()
 	    QCOMPARE( client2.validate( trusted, untrusted, QCA::UsageTimeStamping ), QCA::ErrorInvalidPurpose );
 	    QCOMPARE( client2.validate( trusted, untrusted, QCA::UsageEmailProtection ), QCA::ValidityGood );
 	    QCOMPARE( client2.validate( trusted, untrusted, QCA::UsageCRLSigning ), QCA::ErrorInvalidPurpose );
-	    QCA::SecureArray derClient2 = client2.toDER();
+	    QByteArray derClient2 = client2.toDER();
 	    QCOMPARE( derClient2.isEmpty(), false );
 	    QCA::Certificate fromDer2 = QCA::Certificate::fromDER( derClient2, &resultClient2, provider );
 	    QCOMPARE( resultClient2, QCA::ConvertGood );
@@ -436,7 +435,7 @@ void CertUnitTest::derCAcertstest()
             QVERIFY(f.open(QFile::ReadOnly));
             QByteArray der = f.readAll();
             QCA::ConvertResult resultca1;
-            QCA::Certificate ca1 = QCA::Certificate::fromDER( QCA::SecureArray(der),
+            QCA::Certificate ca1 = QCA::Certificate::fromDER(der,
                                                               &resultca1,
                                                               provider);
 
@@ -802,7 +801,7 @@ void CertUnitTest::checkExpiredServerCerts()
 	    QCOMPARE( server1.validate( trusted, untrusted, QCA::UsageEmailProtection ), QCA::ErrorExpired );
 	    QCOMPARE( server1.validate( trusted, untrusted, QCA::UsageCRLSigning ), QCA::ErrorExpired );
 
-	    QCA::SecureArray derServer1 = server1.toDER();
+	    QByteArray derServer1 = server1.toDER();
 	    QCOMPARE( derServer1.isEmpty(), false );
 	    QCA::Certificate fromDer1 = QCA::Certificate::fromDER( derServer1, &resultServer1, provider );
 	    QCOMPARE( resultServer1, QCA::ConvertGood );
@@ -905,7 +904,7 @@ void CertUnitTest::checkServerCerts()
 	    QCOMPARE( server1.validate( trusted, untrusted, QCA::UsageEmailProtection ), QCA::ErrorInvalidPurpose );
 	    QCOMPARE( server1.validate( trusted, untrusted, QCA::UsageCRLSigning ), QCA::ErrorInvalidPurpose );
 
-	    QCA::SecureArray derServer1 = server1.toDER();
+	    QByteArray derServer1 = server1.toDER();
 	    QCOMPARE( derServer1.isEmpty(), false );
 	    QCA::Certificate fromDer1 = QCA::Certificate::fromDER( derServer1, &resultServer1, provider );
 	    QCOMPARE( resultServer1, QCA::ConvertGood );
@@ -973,7 +972,7 @@ void CertUnitTest::crl()
 	    QCOMPARE( revokedList[1].time(), QDateTime(QDate(2001, 8, 17), QTime(11, 11, 59)) );
 
 	    // convert to DER
-	    QCA::SecureArray derCRL1 = crl1.toDER();
+	    QByteArray derCRL1 = crl1.toDER();
 	    // check we got something, at least
 	    QCOMPARE( derCRL1.isEmpty(), false );
 	    // convert back from DER
@@ -1029,7 +1028,7 @@ void CertUnitTest::crl2()
 	    QCOMPARE( revokedList[1].time(), QDateTime(QDate(2001, 4, 19), QTime(14, 57, 20)) );
 
 	    // convert to DER
-	    QCA::SecureArray derCRL1 = crl1.toDER();
+	    QByteArray derCRL1 = crl1.toDER();
 	    // check we got something, at least
 	    QCOMPARE( derCRL1.isEmpty(), false );
 	    // convert back from DER
@@ -1133,7 +1132,7 @@ void CertUnitTest::csr2()
 	    QCOMPARE( csr1.signatureAlgorithm(), QCA::EMSA3_MD5 );
 
 	    // convert to DER
-	    QCA::SecureArray derCSR1 = csr1.toDER();
+	    QByteArray derCSR1 = csr1.toDER();
 	    // check we got something, at least
 	    QCOMPARE( derCSR1.isEmpty(), false );
 	    // convert back from DER