qt5base-lts/tests/auto/network/ssl/qocsp/tst_qocsp.cpp

824 lines
30 KiB
C++
Raw Normal View History

/****************************************************************************
**
** Copyright (C) 2018 The Qt Company Ltd.
** Contact: https://www.qt.io/licensing/
**
** This file is part of the test suite of the Qt Toolkit.
**
** $QT_BEGIN_LICENSE:GPL-EXCEPT$
** Commercial License Usage
** Licensees holding valid commercial Qt licenses may use this file in
** accordance with the commercial license agreement provided with the
** Software or, alternatively, in accordance with the terms contained in
** a written agreement between you and The Qt Company. For licensing terms
** and conditions see https://www.qt.io/terms-conditions. For further
** information use the contact form at https://www.qt.io/contact-us.
**
** GNU General Public License Usage
** Alternatively, this file may be used under the terms of the GNU
** General Public License version 3 as published by the Free Software
** Foundation with exceptions as appearing in the file LICENSE.GPL3-EXCEPT
** included in the packaging of this file. Please review the following
** information to ensure the GNU General Public License requirements will
** be met: https://www.gnu.org/licenses/gpl-3.0.html.
**
** $QT_END_LICENSE$
**
****************************************************************************/
#include <QtTest/QtTest>
#include <QtNetwork/private/qtnetworkglobal_p.h>
#include <QtNetwork/private/qsslsocket_openssl_symbols_p.h>
#include <QtNetwork/private/qsslsocket_openssl_p.h>
#include <QtNetwork/qsslcertificate.h>
#include <QtNetwork/qtcpserver.h>
#include <QtNetwork/qsslerror.h>
#include <QtNetwork/qsslkey.h>
#include <QtNetwork/qssl.h>
#include <QtCore/qsharedpointer.h>
#include <QtCore/qbytearray.h>
#include <QtCore/qfileinfo.h>
#include <QtCore/qstring.h>
#include <QtCore/qfile.h>
#include <QtCore/qlist.h>
#include <QtCore/qdir.h>
#include <openssl/ocsp.h>
#include <algorithm>
#include <utility>
// NOTE: the word 'subject' in the code below means the subject of a status request,
// so in general it's our peer's certificate we are asking about.
using SslError = QT_PREPEND_NAMESPACE(QSslError);
using VectorOfErrors = QT_PREPEND_NAMESPACE(QVector<SslError>);
using Latin1String = QT_PREPEND_NAMESPACE(QLatin1String);
Q_DECLARE_METATYPE(SslError)
Q_DECLARE_METATYPE(VectorOfErrors)
Q_DECLARE_METATYPE(Latin1String)
QT_BEGIN_NAMESPACE
namespace {
using OcspResponse = QSharedPointer<OCSP_RESPONSE>;
using BasicResponse = QSharedPointer<OCSP_BASICRESP>;
using SingleResponse = QSharedPointer<OCSP_SINGLERESP>;
using CertId = QSharedPointer<OCSP_CERTID>;
using EvpKey = QSharedPointer<EVP_PKEY>;
using Asn1Time = QSharedPointer<ASN1_TIME>;
using CertificateChain = QList<QSslCertificate>;
using NativeX509Ptr = X509 *;
class X509Stack {
public:
explicit X509Stack(const QList<QSslCertificate> &chain);
~X509Stack();
int size() const;
X509 *operator[](int index) const;
operator STACK_OF(X509) *() const;
private:
OPENSSL_STACK *stack = nullptr;
Q_DISABLE_COPY(X509Stack)
};
X509Stack::X509Stack(const QList<QSslCertificate> &chain)
{
if (!chain.size())
return;
stack = q_OPENSSL_sk_new_null();
if (!stack)
return;
for (const QSslCertificate &cert : chain) {
X509 *nativeCert = NativeX509Ptr(cert.handle());
if (!nativeCert)
continue;
q_OPENSSL_sk_push(stack, nativeCert);
q_X509_up_ref(nativeCert);
}
}
X509Stack::~X509Stack()
{
if (stack)
q_OPENSSL_sk_pop_free(stack, reinterpret_cast<void(*)(void*)>(q_X509_free));
}
int X509Stack::size() const
{
if (stack)
return q_OPENSSL_sk_num(stack);
return 0;
}
X509 *X509Stack::operator[](int index) const
{
return NativeX509Ptr(q_OPENSSL_sk_value(stack, index));
}
X509Stack::operator STACK_OF(X509) *() const
{
return reinterpret_cast<STACK_OF(X509)*>(stack);
}
struct OcspTimeStamp
{
OcspTimeStamp() = default;
OcspTimeStamp(long secondsBeforeNow, long secondsAfterNow);
static Asn1Time timeToAsn1Time(long adjustment);
Asn1Time thisUpdate;
Asn1Time nextUpdate;
};
OcspTimeStamp::OcspTimeStamp(long secondsBeforeNow, long secondsAfterNow)
{
Asn1Time start = timeToAsn1Time(secondsBeforeNow);
Asn1Time end = timeToAsn1Time(secondsAfterNow);
if (start.data() && end.data()) {
thisUpdate.swap(start);
nextUpdate.swap(end);
}
}
Asn1Time OcspTimeStamp::timeToAsn1Time(long adjustment)
{
if (ASN1_TIME *adjusted = q_X509_gmtime_adj(nullptr, adjustment))
return Asn1Time(adjusted, q_ASN1_TIME_free);
return Asn1Time{};
}
struct OcspResponder
{
OcspResponder(const OcspTimeStamp &stamp, const CertificateChain &subjs,
const CertificateChain &respChain, const QSslKey &respPKey);
QByteArray buildResponse(int responseStatus, int certificateStatus) const;
static EvpKey privateKeyToEVP_PKEY(const QSslKey &privateKey);
static CertId certificateToCertId(X509 *subject, X509 *issuer);
static QByteArray responseToDer(OCSP_RESPONSE *response);
OcspTimeStamp timeStamp;
// Plural, we can send a 'wrong' BasicResponse containing more than
// 1 SingleResponse.
X509Stack subjects;
X509Stack responderChain;
QSslKey responderKey;
};
OcspResponder::OcspResponder(const OcspTimeStamp &stamp, const CertificateChain &subjs,
const CertificateChain &respChain, const QSslKey &respPKey)
: timeStamp(stamp),
subjects(subjs),
responderChain(respChain),
responderKey(respPKey)
{
}
QByteArray OcspResponder::buildResponse(int responseStatus, int certificateStatus) const
{
if (responseStatus != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
OCSP_RESPONSE *response = q_OCSP_response_create(responseStatus, nullptr);
if (!response)
return {};
const OcspResponse rGuard(response, q_OCSP_RESPONSE_free);
return responseToDer(response);
}
Q_ASSERT(subjects.size() && responderChain.size() && responderKey.handle());
const EvpKey nativeKey = privateKeyToEVP_PKEY(responderKey);
if (!nativeKey.data())
return {};
OCSP_BASICRESP *basicResponse = q_OCSP_BASICRESP_new();
if (!basicResponse)
return {};
const BasicResponse brGuard(basicResponse, q_OCSP_BASICRESP_free);
for (int i = 0, e = subjects.size(); i < e; ++i) {
X509 *subject = subjects[i];
Q_ASSERT(subject);
CertId certId = certificateToCertId(subject, responderChain[0]);
if (!certId.data())
return {};
// NOTE: we do not own this 'singleResponse':
ASN1_TIME *revisionTime = certificateStatus == V_OCSP_CERTSTATUS_REVOKED ?
timeStamp.thisUpdate.data() : nullptr;
if (!q_OCSP_basic_add1_status(basicResponse, certId.data(), certificateStatus, 0, revisionTime,
timeStamp.thisUpdate.data(), timeStamp.nextUpdate.data())) {
return {};
}
}
if (q_OCSP_basic_sign(basicResponse, responderChain[0], nativeKey.data(), q_EVP_sha1(),
responderChain, 0) != 1) {
return {};
}
OCSP_RESPONSE *ocspResponse = q_OCSP_response_create(OCSP_RESPONSE_STATUS_SUCCESSFUL, basicResponse);
if (!ocspResponse)
return {};
const OcspResponse rGuard(ocspResponse, q_OCSP_RESPONSE_free);
return responseToDer(ocspResponse);
}
EvpKey OcspResponder::privateKeyToEVP_PKEY(const QSslKey &privateKey)
{
const EvpKey nullKey;
if (privateKey.isNull() || privateKey.algorithm() != QSsl::Rsa) {
// We use only RSA keys in this auto-test, since we test OCSP only,
// not handshake/TLS in general.
return nullKey;
}
EVP_PKEY *nativeKey = q_EVP_PKEY_new();
if (!nativeKey)
return nullKey;
const EvpKey keyGuard(nativeKey, q_EVP_PKEY_free);
if (!q_EVP_PKEY_set1_RSA(nativeKey, reinterpret_cast<RSA *>(privateKey.handle())))
return nullKey;
return keyGuard;
}
CertId OcspResponder::certificateToCertId(X509 *subject, X509 *issuer)
{
const CertId nullId;
if (!subject || !issuer)
return nullId;
const EVP_MD *digest = q_EVP_sha1();
if (!digest)
return nullId;
OCSP_CERTID *certId = q_OCSP_cert_to_id(digest, subject, issuer);
if (!certId)
return nullId;
return CertId(certId, q_OCSP_CERTID_free);
}
QByteArray OcspResponder::responseToDer(OCSP_RESPONSE *response)
{
if (!response)
return {};
const int derSize = q_i2d_OCSP_RESPONSE(response, nullptr);
if (derSize <= 0)
return {};
QByteArray derData(derSize, Qt::Uninitialized);
unsigned char *pData = reinterpret_cast<unsigned char *>(derData.data());
const int serializedSize = q_i2d_OCSP_RESPONSE(response, &pData);
if (serializedSize != derSize)
return {};
return derData;
}
// The QTcpServer capable of sending OCSP status responses.
class OcspServer : public QTcpServer
{
Q_OBJECT
public:
OcspServer(const CertificateChain &serverChain, const QSslKey &privateKey);
void configureResponse(const QByteArray &responseDer);
QString hostName() const;
QString peerVerifyName() const;
Q_SIGNALS:
void internalServerError();
private:
void incomingConnection(qintptr descriptor) override;
public:
QSslConfiguration serverConfig;
QSslSocket serverSocket;
};
OcspServer::OcspServer(const CertificateChain &serverChain, const QSslKey &privateKey)
{
Q_ASSERT(serverChain.size());
Q_ASSERT(!privateKey.isNull());
serverConfig = QSslConfiguration::defaultConfiguration();
serverConfig.setLocalCertificateChain(serverChain);
serverConfig.setPrivateKey(privateKey);
}
void OcspServer::configureResponse(const QByteArray &responseDer)
{
serverConfig.setBackendConfigurationOption("Qt-OCSP-response", responseDer);
}
QString OcspServer::hostName() const
{
// It's 'name' and not 'address' to be consistent with QSslSocket's naming style,
// where it's connectToHostEncrypted(hostName, ...)
const QHostAddress &addr = serverAddress();
if (addr == QHostAddress::Any || addr == QHostAddress::AnyIPv4)
return QStringLiteral("127.0.0.1");
if (addr == QHostAddress::AnyIPv6)
return QStringLiteral("::1");
return addr.toString();
}
QString OcspServer::peerVerifyName() const
{
const CertificateChain &localChain = serverConfig.localCertificateChain();
if (localChain.isEmpty())
return {};
const auto cert = localChain.first();
if (cert.isNull())
return {};
const QStringList &names = cert.subjectInfo(QSslCertificate::CommonName);
return names.isEmpty() ? QString{} : names.first();
}
void OcspServer::incomingConnection(qintptr socketDescriptor)
{
close();
if (!serverSocket.setSocketDescriptor(socketDescriptor)) {
emit internalServerError();
return;
}
serverSocket.setSslConfiguration(serverConfig);
// Since we test a client, not a server, we don't care about any
// possible errors on the server (QAbstractSocket or QSslSocket-related).
// Thus, we don't connect to any error signal.
serverSocket.startServerEncryption();
}
} // unnamed namespace
class tst_QOcsp : public QObject
{
Q_OBJECT
public slots:
void initTestCase();
private slots:
void connectSelfSigned();
void badStatus_data();
void badStatus();
void multipleSingleResponses();
void malformedResponse();
void expiredResponse_data();
void expiredResponse();
void noNextUpdate();
void wrongCertificateInResponse_data();
void wrongCertificateInResponse();
void untrustedResponder();
// OCSPTODO: more tests in future ...
private:
void setupOcspClient(QSslSocket &clientSocket, const CertificateChain &trustedCAs,
const QString &peerName);
bool containsOcspErrors(const QList<QSslError> &errorsFound) const;
static bool containsError(const QList<QSslError> &errors, QSslError::SslError code);
static QByteArray goodResponse(const CertificateChain &subject, const CertificateChain &responder,
const QSslKey &privateKey, long beforeNow = -1000, long afterNow = 1000);
static bool loadPrivateKey(const QString &keyName, QSslKey &key);
static CertificateChain issuerToChain(const CertificateChain &chain);
static CertificateChain subjectToChain(const CertificateChain &chain);
static QString certDirPath;
void (QSslSocket::*socketErrorSignal)(QAbstractSocket::SocketError) = &QAbstractSocket::error;
void (QSslSocket::*tlsErrorsSignal)(const QList<QSslError> &) = &QSslSocket::sslErrors;
void (QTestEventLoop::*exitLoopSlot)() = &QTestEventLoop::exitLoop;
const int handshakeTimeoutMS = 500;
QTestEventLoop loop;
std::vector<QSslError::SslError> ocspErrorCodes = {QSslError::OcspNoResponseFound,
QSslError::OcspMalformedRequest,
QSslError::OcspMalformedResponse,
QSslError::OcspInternalError,
QSslError::OcspTryLater,
QSslError::OcspSigRequred,
QSslError::OcspUnauthorized,
QSslError::OcspResponseCannotBeTrusted,
QSslError::OcspResponseCertIdUnknown,
QSslError::OcspResponseExpired,
QSslError::OcspStatusUnknown};
};
#define QCOMPARE_SINGLE_ERROR(sslSocket, expectedError) \
const auto &tlsErrors = sslSocket.sslErrors(); \
QCOMPARE(tlsErrors.size(), 1); \
QCOMPARE(tlsErrors[0].error(), expectedError)
#define QVERIFY_HANDSHAKE_WITHOUT_ERRORS(sslSocket) \
QVERIFY(sslSocket.isEncrypted()); \
QCOMPARE(sslSocket.state(), QAbstractSocket::ConnectedState); \
QVERIFY(sslSocket.sslErrors().isEmpty())
#define QDECLARE_CHAIN(object, chainFileName) \
CertificateChain object = QSslCertificate::fromPath(certDirPath + QLatin1String(chainFileName)); \
QVERIFY(object.size())
#define QDECLARE_PRIVATE_KEY(key, keyFileName) \
QSslKey key; \
QVERIFY(loadPrivateKey(QLatin1String(keyFileName), key))
QString tst_QOcsp::certDirPath;
void tst_QOcsp::initTestCase()
{
QVERIFY(QSslSocket::supportsSsl());
certDirPath = QFileInfo(QFINDTESTDATA("certs")).absolutePath();
QVERIFY(certDirPath.size() > 0);
certDirPath += QDir::separator() + QStringLiteral("certs") + QDir::separator();
}
void tst_QOcsp::connectSelfSigned()
{
// This test may look a bit confusing, since we have essentially 1
// self-signed certificate, which we trust for the purpose of this test,
// but we also request its (the certificate's) status and then we sign
// the status response using the same certificate and the corresponding
// private key. Anyway, we test the very basic things here: we send
// an OCSP status request, we verify the response (if server has sent it),
// and detect errors (if any).
QDECLARE_CHAIN(subjectChain, "ss1.crt");
QDECLARE_CHAIN(responderChain, "ss1.crt");
QDECLARE_PRIVATE_KEY(privateKey, "ss1-private.key");
{
// This server ignores our status request:
const QSslError::SslError expectedError = QSslError::OcspNoResponseFound;
OcspServer server(subjectChain, privateKey);
QVERIFY(server.listen());
connect(&server, &OcspServer::internalServerError, &loop, exitLoopSlot);
QSslSocket clientSocket;
QSslConfiguration clientConfig = QSslConfiguration::defaultConfiguration();
auto roots = clientConfig.caCertificates();
setupOcspClient(clientSocket, issuerToChain(subjectChain), server.peerVerifyName());
clientSocket.connectToHostEncrypted(server.hostName(), server.serverPort());
loop.enterLoopMSecs(handshakeTimeoutMS);
QVERIFY(!clientSocket.isEncrypted());
QCOMPARE_SINGLE_ERROR(clientSocket, expectedError);
}
{
// Now the server will send a valid 'status: good' response.
OcspServer server(subjectChain, privateKey);
const QByteArray response(goodResponse(subjectChain, responderChain, privateKey));
QVERIFY(response.size());
server.configureResponse(response);
QVERIFY(server.listen());
QSslSocket clientSocket;
setupOcspClient(clientSocket, issuerToChain(subjectChain), server.peerVerifyName());
clientSocket.connectToHostEncrypted(server.hostName(), server.serverPort());
loop.enterLoopMSecs(handshakeTimeoutMS);
QVERIFY_HANDSHAKE_WITHOUT_ERRORS(clientSocket);
}
}
void tst_QOcsp::badStatus_data()
{
QTest::addColumn<int>("responseStatus");
QTest::addColumn<int>("certificateStatus");
QTest::addColumn<QSslError>("expectedError");
QTest::addRow("malformed-request") << OCSP_RESPONSE_STATUS_MALFORMEDREQUEST << 1 << QSslError(QSslError::OcspMalformedRequest);
QTest::addRow("internal-error") << OCSP_RESPONSE_STATUS_INTERNALERROR << 2 << QSslError(QSslError::OcspInternalError);
QTest::addRow("try-later") << OCSP_RESPONSE_STATUS_TRYLATER << 3 << QSslError(QSslError::OcspTryLater);
QTest::addRow("signed-request-require") << OCSP_RESPONSE_STATUS_SIGREQUIRED << 2 << QSslError(QSslError::OcspSigRequred);
QTest::addRow("unauthorized-request") << OCSP_RESPONSE_STATUS_UNAUTHORIZED << 1 <<QSslError(QSslError::OcspUnauthorized);
QTest::addRow("certificate-revoked") << OCSP_RESPONSE_STATUS_SUCCESSFUL << V_OCSP_CERTSTATUS_REVOKED
<< QSslError(QSslError::CertificateRevoked);
QTest::addRow("status-unknown") << OCSP_RESPONSE_STATUS_SUCCESSFUL << V_OCSP_CERTSTATUS_UNKNOWN
<< QSslError(QSslError::OcspStatusUnknown);
}
void tst_QOcsp::badStatus()
{
// This test works with two types of 'bad' responses:
// 1. 'Error messages' (the response's status is anything but SUCCESSFUL,
// no information about the certificate itself, no signature);
// 2. 'REVOKED' or 'UNKNOWN' status for a certificate in question.
QFETCH(const int, responseStatus);
QFETCH(const int, certificateStatus);
QFETCH(const QSslError, expectedError);
QDECLARE_CHAIN(subjectChain, "infbobchain.crt");
QCOMPARE(subjectChain.size(), 2);
QDECLARE_CHAIN(responderChain, "ca1.crt");
QDECLARE_PRIVATE_KEY(subjPrivateKey, "infbob.key");
QDECLARE_PRIVATE_KEY(respPrivateKey, "ca1.key");
OcspServer server(subjectChain, subjPrivateKey);
const OcspTimeStamp stamp(-1000, 1000);
OcspResponder builder(stamp, subjectToChain(subjectChain), responderChain, respPrivateKey);
const QByteArray response(builder.buildResponse(responseStatus, certificateStatus));
QVERIFY(response.size());
server.configureResponse(response);
QVERIFY(server.listen());
connect(&server, &OcspServer::internalServerError, &loop, exitLoopSlot);
QSslSocket clientSocket;
setupOcspClient(clientSocket, issuerToChain(subjectChain), server.peerVerifyName());
clientSocket.connectToHostEncrypted(server.hostName(), server.serverPort());
loop.enterLoopMSecs(handshakeTimeoutMS);
QVERIFY(!clientSocket.isEncrypted());
QCOMPARE_SINGLE_ERROR(clientSocket, expectedError.error());
}
void tst_QOcsp::multipleSingleResponses()
{
// We handle a response with more than one SingleResponse as malformed:
const QSslError::SslError expectedError = QSslError::OcspMalformedResponse;
// Here we use subjectChain only to generate a response, the server
// is configured with the responder chain (it's the same cert after all).
QDECLARE_CHAIN(subjectChain, "ss1.crt");
QDECLARE_CHAIN(responderChain, "ss1.crt");
QDECLARE_PRIVATE_KEY(privateKey, "ss1-private.key");
// Let's have more than 1 certificate in a chain:
subjectChain.append(subjectChain[0]);
OcspServer server(responderChain, privateKey);
// Generate a BasicOCSPResponse containing 2 SingleResponses:
const QByteArray response(goodResponse(subjectChain, responderChain, privateKey));
QVERIFY(response.size());
server.configureResponse(response);
QVERIFY(server.listen());
connect(&server, &OcspServer::internalServerError, &loop, exitLoopSlot);
QSslSocket clientSocket;
setupOcspClient(clientSocket, issuerToChain(responderChain), server.peerVerifyName());
clientSocket.connectToHostEncrypted(server.hostName(), server.serverPort());
loop.enterLoopMSecs(handshakeTimeoutMS);
QVERIFY(!clientSocket.isEncrypted());
QCOMPARE_SINGLE_ERROR(clientSocket, expectedError);
}
void tst_QOcsp::malformedResponse()
{
QDECLARE_CHAIN(serverChain, "ss1.crt");
QDECLARE_PRIVATE_KEY(privateKey, "ss1-private.key");
OcspServer server(serverChain, privateKey);
// Let's send some arbitrary bytes instead of DER and see what happens next:
server.configureResponse("Sure, you can trust me, this cert was not revoked (I don't say it was issued at all)!");
QVERIFY(server.listen());
connect(&server, &OcspServer::internalServerError, &loop, exitLoopSlot);
QSslSocket clientSocket;
setupOcspClient(clientSocket, issuerToChain(serverChain), server.peerVerifyName());
clientSocket.connectToHostEncrypted(server.hostName(), server.serverPort());
loop.enterLoopMSecs(handshakeTimeoutMS);
QVERIFY(!clientSocket.isEncrypted());
QCOMPARE(clientSocket.error(), QAbstractSocket::SslHandshakeFailedError);
}
void tst_QOcsp::expiredResponse_data()
{
QTest::addColumn<long>("beforeNow");
QTest::addColumn<long>("afterNow");
QTest::addRow("expired") << -2000L << -1000L;
QTest::addRow("not-valid-yet") << 5000L << 10000L;
QTest::addRow("next-before-this") << -1000L << -2000L;
}
void tst_QOcsp::expiredResponse()
{
// We report different kinds of problems with [thisUpdate, nextUpdate]
// as 'expired' (to keep it simple):
const QSslError::SslError expectedError = QSslError::OcspResponseExpired;
QFETCH(const long, beforeNow);
QFETCH(const long, afterNow);
QDECLARE_CHAIN(subjectChain, "ss1.crt");
QDECLARE_CHAIN(responderChain, "ss1.crt");
QDECLARE_PRIVATE_KEY(privateKey, "ss1-private.key");
OcspServer server(subjectChain, privateKey);
const QByteArray response(goodResponse(subjectChain, responderChain, privateKey, beforeNow, afterNow));
QVERIFY(response.size());
server.configureResponse(response);
QVERIFY(server.listen());
connect(&server, &OcspServer::internalServerError, &loop, exitLoopSlot);
QSslSocket clientSocket;
setupOcspClient(clientSocket, issuerToChain(subjectChain), server.peerVerifyName());
clientSocket.connectToHostEncrypted(server.hostName(), server.serverPort());
loop.enterLoopMSecs(handshakeTimeoutMS);
QVERIFY(!clientSocket.isEncrypted());
QCOMPARE_SINGLE_ERROR(clientSocket, expectedError);
}
void tst_QOcsp::noNextUpdate()
{
// RFC2560, 2.4:
// "If nextUpdate is not set, the responder is indicating that newer
// revocation information is available all the time."
//
// This test is just to verify that we correctly handle such responses.
QDECLARE_CHAIN(subjectChain, "ss1.crt");
QDECLARE_CHAIN(responderChain, "ss1.crt");
QDECLARE_PRIVATE_KEY(privateKey, "ss1-private.key");
OcspServer server(subjectChain, privateKey);
OcspTimeStamp openRange(-1000, 0);
openRange.nextUpdate.clear();
const OcspResponder responder(openRange, subjectChain, responderChain, privateKey);
const QByteArray response(responder.buildResponse(OCSP_RESPONSE_STATUS_SUCCESSFUL,
V_OCSP_CERTSTATUS_GOOD));
QVERIFY(response.size());
server.configureResponse(response);
QVERIFY(server.listen());
connect(&server, &OcspServer::internalServerError, &loop, exitLoopSlot);
QSslSocket clientSocket;
setupOcspClient(clientSocket, issuerToChain(subjectChain), server.peerVerifyName());
clientSocket.connectToHostEncrypted(server.hostName(), server.serverPort());
loop.enterLoopMSecs(handshakeTimeoutMS);
QVERIFY_HANDSHAKE_WITHOUT_ERRORS(clientSocket);
}
void tst_QOcsp::wrongCertificateInResponse_data()
{
QTest::addColumn<QLatin1String>("respChainName");
QTest::addColumn<QLatin1String>("respKeyName");
QTest::addColumn<QLatin1String>("wrongChainName");
QTest::addRow("same-CA-wrong-subject") << QLatin1String("ca1.crt") << QLatin1String("ca1.key")
<< QLatin1String("alice.crt");
QTest::addRow("wrong-CA-same-subject") << QLatin1String("ss1.crt") << QLatin1String("ss1-private.key")
<< QLatin1String("alice.crt");
QTest::addRow("wrong-CA-wrong-subject") << QLatin1String("ss1.crt") << QLatin1String("ss1-private.key")
<< QLatin1String("ss1.crt");
}
void tst_QOcsp::wrongCertificateInResponse()
{
QFETCH(const QLatin1String, respChainName);
QFETCH(const QLatin1String, respKeyName);
QFETCH(const QLatin1String, wrongChainName);
// In this test, the server will send a valid response (correctly signed
// by a trusted key/cert) but for a wrong certificate (not the one the
// server presented to the client in the server's 'Certificate' message).
const QSslError::SslError expectedError = QSslError::OcspResponseCertIdUnknown;
QDECLARE_CHAIN(subjectChain, "infbobchain.crt");
QDECLARE_PRIVATE_KEY(subjectKey, "infbob.key");
QDECLARE_CHAIN(responderChain, respChainName);
QDECLARE_PRIVATE_KEY(responderKey, respKeyName);
QDECLARE_CHAIN(wrongChain, wrongChainName);
OcspServer server(subjectToChain(subjectChain), subjectKey);
const QByteArray wrongResponse(goodResponse(wrongChain, responderChain, responderKey));
QVERIFY(wrongResponse.size());
server.configureResponse(wrongResponse);
QVERIFY(server.listen());
connect(&server, &OcspServer::internalServerError, &loop, exitLoopSlot);
QSslSocket clientSocket;
setupOcspClient(clientSocket, issuerToChain(subjectChain), server.peerVerifyName());
clientSocket.connectToHostEncrypted(server.hostName(), server.serverPort());
loop.enterLoopMSecs(handshakeTimeoutMS);
QVERIFY(!clientSocket.isEncrypted());
QVERIFY(containsError(clientSocket.sslErrors(), expectedError));
}
void tst_QOcsp::untrustedResponder()
{
const QSslError::SslError expectedError = QSslError::OcspResponseCannotBeTrusted;
QDECLARE_CHAIN(subjectChain, "infbobchain.crt");
QDECLARE_PRIVATE_KEY(subjectKey, "infbob.key");
QDECLARE_CHAIN(responderChain, "ca1.crt");
QDECLARE_PRIVATE_KEY(responderKey, "ca1.key");
OcspServer server(subjectChain, subjectKey);
const QByteArray response(goodResponse(subjectToChain(subjectChain), responderChain, responderKey));
QVERIFY(response.size());
server.configureResponse(response);
QVERIFY(server.listen());
connect(&server, &OcspServer::internalServerError, &loop, exitLoopSlot);
QSslSocket clientSocket;
setupOcspClient(clientSocket, {}, server.peerVerifyName());
clientSocket.connectToHostEncrypted(server.hostName(), server.serverPort());
loop.enterLoopMSecs(handshakeTimeoutMS);
QVERIFY(!clientSocket.isEncrypted());
QVERIFY(containsError(clientSocket.sslErrors(), expectedError));
}
void tst_QOcsp::setupOcspClient(QSslSocket &clientSocket, const CertificateChain &caCerts, const QString &name)
{
QSslConfiguration clientConfig = QSslConfiguration::defaultConfiguration();
clientConfig.setOcspStaplingEnabled(true);
if (caCerts.size()) {
auto roots = clientConfig.caCertificates();
roots.append(caCerts);
clientConfig.setCaCertificates(roots);
}
clientSocket.setSslConfiguration(clientConfig);
clientSocket.setPeerVerifyName(name);
connect(&clientSocket, socketErrorSignal, &loop, exitLoopSlot);
connect(&clientSocket, tlsErrorsSignal, &loop, exitLoopSlot);
connect(&clientSocket, &QSslSocket::encrypted, &loop, exitLoopSlot);
}
bool tst_QOcsp::containsOcspErrors(const QList<QSslError> &errorsFound) const
{
for (auto code : ocspErrorCodes) {
if (containsError(errorsFound, code))
return true;
}
return false;
}
bool tst_QOcsp::containsError(const QList<QSslError> &errors, QSslError::SslError code)
{
const auto it = std::find_if(errors.begin(), errors.end(),
[&code](const QSslError &other){return other.error() == code;});
return it != errors.end();
}
QByteArray tst_QOcsp::goodResponse(const CertificateChain &subject, const CertificateChain &responder,
const QSslKey &privateKey, long beforeNow, long afterNow)
{
const OcspResponder builder(OcspTimeStamp(beforeNow, afterNow), subject, responder, privateKey);
return builder.buildResponse(OCSP_RESPONSE_STATUS_SUCCESSFUL, V_OCSP_CERTSTATUS_GOOD);
}
bool tst_QOcsp::loadPrivateKey(const QString &keyFileName, QSslKey &key)
{
QFile keyFile(certDirPath + keyFileName);
if (!keyFile.open(QIODevice::ReadOnly))
return false;
key = QSslKey(keyFile.readAll(), QSsl::Rsa, QSsl::Pem, QSsl::PrivateKey);
return !key.isNull();
}
CertificateChain tst_QOcsp::issuerToChain(const CertificateChain &chain)
{
// Here we presume that, if the chain isn't a single self-signed certificate, its second
// entry is the issuer.
const int length = chain.size();
Q_ASSERT(length > 0);
return CertificateChain() << chain[length > 1 ? 1 : 0];
}
CertificateChain tst_QOcsp::subjectToChain(const CertificateChain &chain)
{
Q_ASSERT(chain.size());
return CertificateChain() << chain[0];
}
QT_END_NAMESPACE
QTEST_MAIN(tst_QOcsp)
#include "tst_qocsp.moc"