Remove legacy ssl error handler

3 files changed, 0 insertions, 126 deletions

diff --git a/src/libsync/abstractnetworkjob.h b/src/libsync/abstractnetworkjob.h
index 411ea1efd..d33f15a23 100644
--- a/src/libsync/abstractnetworkjob.h
+++ b/src/libsync/abstractnetworkjob.h
@@ -40,8 +40,6 @@ OWNCLOUDSYNC_EXPORT QDebug operator<<(QDebug debug, const OCC::AbstractNetworkJo
 
 namespace OCC {
 
-class AbstractSslErrorHandler;
-
 using HeaderMap = QMap<QByteArray, QByteArray>;
 
 /**
diff --git a/src/libsync/account.cpp b/src/libsync/account.cpp
index 2b18fa52d..3dc44d18a 100644
--- a/src/libsync/account.cpp
+++ b/src/libsync/account.cpp
@@ -169,8 +169,6 @@ void Account::setCredentials(AbstractCredentials *cred)
     if (jar) {
         _am->setCookieJar(jar);
     }
-    connect(_am.data(), &QNetworkAccessManager::sslErrors,
-        this, &Account::slotHandleSslErrors);
     connect(_am.data(), &QNetworkAccessManager::proxyAuthenticationRequired,
         this, &Account::proxyAuthenticationRequired);
     connect(_credentials.data(), &AbstractCredentials::fetched,
@@ -232,8 +230,6 @@ void Account::resetAccessManager()
     _am->setCustomTrustedCaCertificates(approvedCerts());
 
     _am->setCookieJar(jar); // takes ownership of the old cookie jar
-    connect(_am.data(), &QNetworkAccessManager::sslErrors, this,
-        &Account::slotHandleSslErrors);
     connect(_am.data(), &QNetworkAccessManager::proxyAuthenticationRequired,
         this, &Account::proxyAuthenticationRequired);
 }
@@ -283,11 +279,6 @@ void Account::resetRejectedCertificates()
     _rejectedCertificates.clear();
 }
 
-void Account::setSslErrorHandler(AbstractSslErrorHandler *handler)
-{
-    _sslErrorHandler.reset(handler);
-}
-
 void Account::setUrl(const QUrl &url)
 {
     _url = url;
@@ -314,105 +305,6 @@ void Account::setCredentialSetting(const QString &key, const QVariant &value)
     }
 }
 
-void Account::slotHandleSslErrors(QPointer<QNetworkReply> reply, const QList<QSslError> &errors)
-{
-    // Copy info out of reply ASAP
-    if (reply.isNull()) {
-        return;
-    }
-
-    const QString urlString = reply->url().toString();
-    const auto sslConfiguration = reply->sslConfiguration();
-
-    qCDebug(lcAccount) << "SSL diagnostics for url " << urlString;
-    QList<QSslError> filteredErrors;
-    QList<QSslError> ignoredErrors;
-    for (const auto &error : qAsConst(errors)) {
-        if (error.error() == QSslError::UnableToGetLocalIssuerCertificate) {
-            // filter out this "error"
-            qCDebug(lcAccount) << "- Info for " << error.certificate() << ": " << error.errorString()
-                               << ". Local SSL certificates are known and always accepted.";
-            ignoredErrors << error;
-        } else {
-            qCDebug(lcAccount) << "- Error for " << error.certificate() << ": "
-                               << error.errorString() << "(" << int(error.error()) << ")"
-                               << "\n";
-            filteredErrors << error;
-        }
-    }
-
-    // ask the _sslErrorHandler what to do with filteredErrors
-    const auto handleErrors = [&urlString, &sslConfiguration, this](const QList<QSslError> &filteredErrors) -> QList<QSslError> {
-        if (filteredErrors.isEmpty()) {
-            return {};
-        }
-        bool allPreviouslyRejected = true;
-        for (const auto &error : qAsConst(filteredErrors)) {
-            if (!_rejectedCertificates.contains(error.certificate())) {
-                allPreviouslyRejected = false;
-                break;
-            }
-        }
-
-        // If all certs have previously been rejected by the user, don't ask again.
-        if (allPreviouslyRejected) {
-            qCInfo(lcAccount) << "SSL diagnostics for url " << urlString
-                              << ": certificates not trusted by user decision, returning.";
-            return {};
-        }
-
-        if (_sslErrorHandler.isNull()) {
-            qCWarning(lcAccount) << Q_FUNC_INFO << " called without a valid SSL error handler for account" << url()
-                                 << "(" << urlString << ")";
-            return {};
-        }
-
-        // SslDialogErrorHandler::handleErrors will run an event loop that might execute
-        // the deleteLater() of the QNAM before we have the chance of unwinding our stack.
-        // Keep a ref here on our stackframe to make sure that it doesn't get deleted before
-        // handleErrors returns.
-        QSharedPointer<QNetworkAccessManager> qnamLock = _am;
-        QList<QSslCertificate> approvedCerts;
-        if (_sslErrorHandler->handleErrors(filteredErrors, sslConfiguration, &approvedCerts, sharedFromThis())) {
-            if (!approvedCerts.isEmpty()) {
-                addApprovedCerts(approvedCerts);
-                emit wantsAccountSaved(this);
-
-                // all ssl certs are known and accepted. We can ignore the problems right away.
-                qCDebug(lcAccount) << "Certs are known and trusted! This is not an actual error.";
-            }
-            return filteredErrors;
-        } else {
-            // Mark all involved certificates as rejected, so we don't ask the user again.
-            for (const auto &error : qAsConst(filteredErrors)) {
-                if (!_rejectedCertificates.contains(error.certificate())) {
-                    _rejectedCertificates.insert(error.certificate());
-                }
-            }
-        }
-        return {};
-    };
-
-    // FIXME: outdated comment
-    // Call `handleErrors` NOW, BEFORE checking if the scoped `reply` pointer. The lambda might take
-    // a long time to complete: if a dialog is shown, the user could be "slow" to click it away, and
-    // the reply might have been deleted at that point. So if we'd do this call inside the if below,
-    // the object inside the reply guarded pointer could there, but might be gone *after* we finish
-    // with `ignoreSslErrors`. Even when the scenario with a deleted reply happens, the handling is
-    // still needed: the `handleErrors` call will also set the default CA certificates through
-    // `QSslSocket::addDefaultCaCertificates()`, so future requests/replies can use those
-    // user-approved certificates.
-    auto moreIgnoredErrors = handleErrors(filteredErrors);
-
-    // always apply the filter when we leave the scope
-    if (reply) {
-        // Warning: Do *not* use ignoreSslErrors() (without args) here:
-        // it permanently ignores all SSL errors for this host, even
-        // certificate changes.
-        reply->ignoreSslErrors(ignoredErrors + moreIgnoredErrors);
-    }
-}
-
 void Account::slotCredentialsFetched()
 {
     emit credentialsFetched(_credentials.data());
diff --git a/src/libsync/account.h b/src/libsync/account.h
index f4bd141d0..84f0d0be1 100644
--- a/src/libsync/account.h
+++ b/src/libsync/account.h
@@ -55,17 +55,6 @@ class SimpleNetworkJob;
 
 
 /**
- * @brief Reimplement this to handle SSL errors from libsync
- * @ingroup libsync
- */
-class AbstractSslErrorHandler
-{
-public:
-    virtual ~AbstractSslErrorHandler() {}
-    virtual bool handleErrors(const QList<QSslError> &, const QSslConfiguration &conf, QList<QSslCertificate> *, AccountPtr) = 0;
-};
-
-/**
  * @brief The Account class represents an account on an ownCloud Server
  * @ingroup libsync
  *
@@ -172,9 +161,6 @@ public:
     // the next unknown certificate is encountered.
     void resetRejectedCertificates();
 
-    // pluggable handler
-    void setSslErrorHandler(AbstractSslErrorHandler *handler);
-
     // To be called by credentials only, for storing username and the like
     QVariant credentialSetting(const QString &key) const;
     void setCredentialSetting(const QString &key, const QVariant &value);
@@ -236,7 +222,6 @@ public:
 public slots:
     /// Used when forgetting credentials
     void clearAMCache();
-    void slotHandleSslErrors(QPointer<QNetworkReply>, const QList<QSslError> &);
 
 signals:
     /// Triggered by handleInvalidCredentials()
@@ -283,7 +268,6 @@ private:
     QSet<QSslCertificate> _approvedCerts;
     Capabilities _capabilities;
     QString _serverVersion;
-    QScopedPointer<AbstractSslErrorHandler> _sslErrorHandler;
     QuotaInfo *_quotaInfo;
     QSharedPointer<AccessManager> _am;
     QScopedPointer<AbstractCredentials> _credentials;