2011-04-27 10:05:43 +00:00
|
|
|
/****************************************************************************
|
|
|
|
|
**
|
2016-01-15 12:36:27 +00:00
|
|
|
** Copyright (C) 2016 The Qt Company Ltd.
|
|
|
|
|
** Contact: https://www.qt.io/licensing/
|
2011-04-27 10:05:43 +00:00
|
|
|
**
|
|
|
|
|
** This file is part of the test suite of the Qt Toolkit.
|
|
|
|
|
**
|
2016-01-15 12:36:27 +00:00
|
|
|
** $QT_BEGIN_LICENSE:GPL-EXCEPT$
|
2012-09-19 12:28:29 +00:00
|
|
|
** Commercial License Usage
|
|
|
|
|
** Licensees holding valid commercial Qt licenses may use this file in
|
|
|
|
|
** accordance with the commercial license agreement provided with the
|
|
|
|
|
** Software or, alternatively, in accordance with the terms contained in
|
2015-01-28 08:44:43 +00:00
|
|
|
** a written agreement between you and The Qt Company. For licensing terms
|
2016-01-15 12:36:27 +00:00
|
|
|
** and conditions see https://www.qt.io/terms-conditions. For further
|
|
|
|
|
** information use the contact form at https://www.qt.io/contact-us.
|
2012-09-19 12:28:29 +00:00
|
|
|
**
|
2016-01-15 12:36:27 +00:00
|
|
|
** GNU General Public License Usage
|
|
|
|
|
** Alternatively, this file may be used under the terms of the GNU
|
|
|
|
|
** General Public License version 3 as published by the Free Software
|
|
|
|
|
** Foundation with exceptions as appearing in the file LICENSE.GPL3-EXCEPT
|
|
|
|
|
** included in the packaging of this file. Please review the following
|
|
|
|
|
** information to ensure the GNU General Public License requirements will
|
|
|
|
|
** be met: https://www.gnu.org/licenses/gpl-3.0.html.
|
2011-04-27 10:05:43 +00:00
|
|
|
**
|
|
|
|
|
** $QT_END_LICENSE$
|
|
|
|
|
**
|
|
|
|
|
****************************************************************************/
|
|
|
|
|
|
|
|
|
|
|
2020-11-26 16:31:50 +00:00
|
|
|
#include <QTest>
|
Move plugin code from QtNetwork to qtbase/plugins
All TLS (and non-TLS) backends that QSsl classes rely
on are now in plugins/tls (as openssl, securetransport,
schannel and certonly plugins).
For now, I have to disable some tests that were using OpenSSL
calls - this to be refactored/re-thought. These include:
qsslsocket auto-test (test-case where we work with private keys),
qsslkey auto-test (similar to qsslsocket - test-case working with
keys using OpenSSL calls).
qasn1element moved to plugins too, so its auto-test have to
be re-thought.
Since now we can have more than one working TLS-backend on a given
platform, the presence of OpenSSL also means I force this backend
as active before running tests, to make sure features implemented
only in OpenSSL-backend are tested.
OCSP auto test is disabled for now, since it heavily relies on
OpenSSL symbols (to be refactored).
[ChangeLog][QtNetwork][QSslSocket] QSslSocket by default prefers 'openssl' backend
if it is available.
[ChangeLog][QtNetwork][QSslSocket] TLS-backends are not mutually exclusive anymore,
depending on a platform, more than one TLS backend can be built. E.g., configuring
Qt with -openssl does not prevent SecureTransport or Schannel plugin from being
built.
Fixes: QTBUG-91928
Change-Id: I4c05e32f10179066bee3a518bdfdd6c4b15320c3
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
2021-03-25 11:41:08 +00:00
|
|
|
|
2021-05-13 05:32:10 +00:00
|
|
|
#include <QtNetwork/qtnetworkglobal.h>
|
|
|
|
|
|
2011-04-27 10:05:43 +00:00
|
|
|
#include <qsslcertificate.h>
|
|
|
|
|
#include <qsslkey.h>
|
|
|
|
|
#include <qsslsocket.h>
|
2011-11-02 14:25:03 +00:00
|
|
|
#include <qsslcertificateextension.h>
|
2020-06-15 14:23:28 +00:00
|
|
|
#include <qscopeguard.h>
|
2011-04-27 10:05:43 +00:00
|
|
|
|
2019-11-28 12:14:03 +00:00
|
|
|
#ifndef QT_NO_OPENSSL
|
|
|
|
|
#include <openssl/obj_mac.h>
|
|
|
|
|
#endif
|
|
|
|
|
|
2011-04-27 10:05:43 +00:00
|
|
|
class tst_QSslCertificate : public QObject
|
|
|
|
|
{
|
|
|
|
|
Q_OBJECT
|
|
|
|
|
|
|
|
|
|
struct CertInfo {
|
|
|
|
|
QFileInfo fileInfo;
|
|
|
|
|
QFileInfo fileInfo_digest_md5;
|
|
|
|
|
QFileInfo fileInfo_digest_sha1;
|
|
|
|
|
QSsl::EncodingFormat format;
|
|
|
|
|
CertInfo(const QFileInfo &fileInfo, QSsl::EncodingFormat format)
|
|
|
|
|
: fileInfo(fileInfo), format(format) {}
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
QList<CertInfo> certInfoList;
|
|
|
|
|
QMap<QString, QString> subjAltNameMap;
|
|
|
|
|
QMap<QString, QString> pubkeyMap;
|
|
|
|
|
QMap<QString, QString> md5Map;
|
|
|
|
|
QMap<QString, QString> sha1Map;
|
|
|
|
|
|
|
|
|
|
void createTestRows();
|
2021-05-13 05:32:10 +00:00
|
|
|
#if QT_CONFIG(ssl)
|
2011-04-27 10:05:43 +00:00
|
|
|
void compareCertificates(const QSslCertificate & cert1, const QSslCertificate & cert2);
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
public slots:
|
2012-02-15 22:13:13 +00:00
|
|
|
void initTestCase();
|
2011-04-27 10:05:43 +00:00
|
|
|
|
2021-05-13 05:32:10 +00:00
|
|
|
#if QT_CONFIG(ssl)
|
2011-04-27 10:05:43 +00:00
|
|
|
private slots:
|
Add qHash(QSslCertificate) overload
qsslsocket_winrt.cpp defined it locally, which runs the risk of
clashes with a potential user-defined qHash(QSslCertificate), so
make it public.
Also, the implementation in qsslsocket_winrt.cpp simply hashed
the handle(), which violates the principle that equal instances
must hash to the same value. Also, for some platforms, the
implementation returns nullptr unconditionally, which, while not
violating the above-mentioned principle, will make all users of
the hash have worst-case complexity.
To calculate a meaningful hash, therefore, the certificate needs
to be inspected deeper than just the handle.
For OpenSSL, we use X509::sha1_hash, which also X509_cmp uses
internally to determine inequality (it checks more stuff, but
if X059::sha1_hash is different, X509_cmp() returns non-zero,
which is sufficient for the purposes of qHash()). sha1_hash may
not be up-to-date, though, so we call X509_cmp to make it valid.
Ugh.
For WinRT/Qt, we use the DER encoding, as that is the native
storage format used in QSslCertificate. This is not equivalent
to the implementation used in qsslsocket_winrt.cpp before, but
since handle() == handle() => toDer() == toDer(), it should not
be a problem.
[ChangeLog][QtNetwork][QSslCertificate] Can now be used as a key in QSet/QHash.
Change-Id: I10858fe648c70fc9535af6913dd3b7f3b2cf0eba
Reviewed-by: Oliver Wolff <oliver.wolff@digia.com>
2014-09-25 13:55:35 +00:00
|
|
|
void hash();
|
2011-04-27 10:05:43 +00:00
|
|
|
void emptyConstructor();
|
|
|
|
|
void constructor_data();
|
|
|
|
|
void constructor();
|
2014-05-05 15:42:14 +00:00
|
|
|
void constructor_device();
|
2011-04-27 10:05:43 +00:00
|
|
|
void constructingGarbage();
|
|
|
|
|
void copyAndAssign_data();
|
|
|
|
|
void copyAndAssign();
|
|
|
|
|
void digest_data();
|
|
|
|
|
void digest();
|
2011-08-03 16:36:55 +00:00
|
|
|
void subjectAlternativeNames_data();
|
2011-03-21 17:15:01 +00:00
|
|
|
void utf8SubjectNames();
|
2011-08-03 16:36:55 +00:00
|
|
|
void subjectAlternativeNames();
|
2020-11-19 11:35:14 +00:00
|
|
|
void subjectInfoToString();
|
|
|
|
|
void subjectIssuerDisplayName_data();
|
|
|
|
|
void subjectIssuerDisplayName();
|
2011-04-27 10:05:43 +00:00
|
|
|
void publicKey_data();
|
|
|
|
|
void publicKey();
|
|
|
|
|
void toPemOrDer_data();
|
|
|
|
|
void toPemOrDer();
|
|
|
|
|
void fromDevice();
|
2019-11-26 22:55:01 +00:00
|
|
|
void fromPath_qregularexpression_data();
|
|
|
|
|
void fromPath_qregularexpression();
|
2011-04-27 10:05:43 +00:00
|
|
|
void certInfo();
|
|
|
|
|
void certInfoQByteArray();
|
|
|
|
|
void task256066toPem();
|
|
|
|
|
void nulInCN();
|
|
|
|
|
void nulInSan();
|
|
|
|
|
void largeSerialNumber();
|
|
|
|
|
void largeExpirationDate();
|
|
|
|
|
void blacklistedCertificates();
|
2014-04-13 10:11:16 +00:00
|
|
|
void selfsignedCertificates();
|
2011-06-20 16:11:34 +00:00
|
|
|
void toText();
|
2011-06-24 20:40:52 +00:00
|
|
|
void multipleCommonNames();
|
2011-07-11 14:39:14 +00:00
|
|
|
void subjectAndIssuerAttributes();
|
2011-06-18 14:53:53 +00:00
|
|
|
void verify();
|
2011-11-02 14:25:03 +00:00
|
|
|
void extensions();
|
2014-09-03 13:38:47 +00:00
|
|
|
void extensionsCritical();
|
2012-02-29 15:53:24 +00:00
|
|
|
void threadSafeConstMethods();
|
2014-05-05 15:32:10 +00:00
|
|
|
void version_data();
|
|
|
|
|
void version();
|
2014-05-12 20:16:20 +00:00
|
|
|
void pkcs12();
|
2020-06-10 16:41:36 +00:00
|
|
|
void invalidDateTime_data();
|
|
|
|
|
void invalidDateTime();
|
2011-04-27 10:05:43 +00:00
|
|
|
|
2011-08-02 07:06:34 +00:00
|
|
|
// helper for verbose test failure messages
|
|
|
|
|
QString toString(const QList<QSslError>&);
|
|
|
|
|
|
2011-04-27 10:05:43 +00:00
|
|
|
// ### add tests for certificate bundles (multiple certificates concatenated into a single
|
|
|
|
|
// structure); both PEM and DER formatted
|
2021-05-13 05:32:10 +00:00
|
|
|
#endif // QT_CONFIG(ssl)
|
2018-01-05 12:18:28 +00:00
|
|
|
private:
|
|
|
|
|
QString testDataDir;
|
Move plugin code from QtNetwork to qtbase/plugins
All TLS (and non-TLS) backends that QSsl classes rely
on are now in plugins/tls (as openssl, securetransport,
schannel and certonly plugins).
For now, I have to disable some tests that were using OpenSSL
calls - this to be refactored/re-thought. These include:
qsslsocket auto-test (test-case where we work with private keys),
qsslkey auto-test (similar to qsslsocket - test-case working with
keys using OpenSSL calls).
qasn1element moved to plugins too, so its auto-test have to
be re-thought.
Since now we can have more than one working TLS-backend on a given
platform, the presence of OpenSSL also means I force this backend
as active before running tests, to make sure features implemented
only in OpenSSL-backend are tested.
OCSP auto test is disabled for now, since it heavily relies on
OpenSSL symbols (to be refactored).
[ChangeLog][QtNetwork][QSslSocket] QSslSocket by default prefers 'openssl' backend
if it is available.
[ChangeLog][QtNetwork][QSslSocket] TLS-backends are not mutually exclusive anymore,
depending on a platform, more than one TLS backend can be built. E.g., configuring
Qt with -openssl does not prevent SecureTransport or Schannel plugin from being
built.
Fixes: QTBUG-91928
Change-Id: I4c05e32f10179066bee3a518bdfdd6c4b15320c3
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
2021-03-25 11:41:08 +00:00
|
|
|
bool isNonOpenSslTls = false;
|
2011-04-27 10:05:43 +00:00
|
|
|
};
|
|
|
|
|
|
2012-02-15 22:13:13 +00:00
|
|
|
void tst_QSslCertificate::initTestCase()
|
2011-04-27 10:05:43 +00:00
|
|
|
{
|
2018-01-05 12:18:28 +00:00
|
|
|
testDataDir = QFileInfo(QFINDTESTDATA("certificates")).absolutePath();
|
|
|
|
|
if (testDataDir.isEmpty())
|
|
|
|
|
testDataDir = QCoreApplication::applicationDirPath();
|
2018-01-05 12:58:51 +00:00
|
|
|
if (!testDataDir.endsWith(QLatin1String("/")))
|
|
|
|
|
testDataDir += QLatin1String("/");
|
Move plugin code from QtNetwork to qtbase/plugins
All TLS (and non-TLS) backends that QSsl classes rely
on are now in plugins/tls (as openssl, securetransport,
schannel and certonly plugins).
For now, I have to disable some tests that were using OpenSSL
calls - this to be refactored/re-thought. These include:
qsslsocket auto-test (test-case where we work with private keys),
qsslkey auto-test (similar to qsslsocket - test-case working with
keys using OpenSSL calls).
qasn1element moved to plugins too, so its auto-test have to
be re-thought.
Since now we can have more than one working TLS-backend on a given
platform, the presence of OpenSSL also means I force this backend
as active before running tests, to make sure features implemented
only in OpenSSL-backend are tested.
OCSP auto test is disabled for now, since it heavily relies on
OpenSSL symbols (to be refactored).
[ChangeLog][QtNetwork][QSslSocket] QSslSocket by default prefers 'openssl' backend
if it is available.
[ChangeLog][QtNetwork][QSslSocket] TLS-backends are not mutually exclusive anymore,
depending on a platform, more than one TLS backend can be built. E.g., configuring
Qt with -openssl does not prevent SecureTransport or Schannel plugin from being
built.
Fixes: QTBUG-91928
Change-Id: I4c05e32f10179066bee3a518bdfdd6c4b15320c3
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
2021-03-25 11:41:08 +00:00
|
|
|
#if QT_CONFIG(opensslv11)
|
|
|
|
|
// In the presence of 'openssl' backend, QSslSocket will
|
|
|
|
|
// select 'openssl' as the default one.
|
2021-05-13 05:32:10 +00:00
|
|
|
isNonOpenSslTls = QSslSocket::activeBackend() != QStringLiteral("openssl");
|
Move plugin code from QtNetwork to qtbase/plugins
All TLS (and non-TLS) backends that QSsl classes rely
on are now in plugins/tls (as openssl, securetransport,
schannel and certonly plugins).
For now, I have to disable some tests that were using OpenSSL
calls - this to be refactored/re-thought. These include:
qsslsocket auto-test (test-case where we work with private keys),
qsslkey auto-test (similar to qsslsocket - test-case working with
keys using OpenSSL calls).
qasn1element moved to plugins too, so its auto-test have to
be re-thought.
Since now we can have more than one working TLS-backend on a given
platform, the presence of OpenSSL also means I force this backend
as active before running tests, to make sure features implemented
only in OpenSSL-backend are tested.
OCSP auto test is disabled for now, since it heavily relies on
OpenSSL symbols (to be refactored).
[ChangeLog][QtNetwork][QSslSocket] QSslSocket by default prefers 'openssl' backend
if it is available.
[ChangeLog][QtNetwork][QSslSocket] TLS-backends are not mutually exclusive anymore,
depending on a platform, more than one TLS backend can be built. E.g., configuring
Qt with -openssl does not prevent SecureTransport or Schannel plugin from being
built.
Fixes: QTBUG-91928
Change-Id: I4c05e32f10179066bee3a518bdfdd6c4b15320c3
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
2021-03-25 11:41:08 +00:00
|
|
|
#else
|
|
|
|
|
isNonOpenSslTls = true;
|
|
|
|
|
#endif // QT_CONFIG(ssl)
|
2018-01-05 12:18:28 +00:00
|
|
|
|
2018-01-05 12:58:51 +00:00
|
|
|
QDir dir(testDataDir + "certificates");
|
2011-04-27 10:05:43 +00:00
|
|
|
QFileInfoList fileInfoList = dir.entryInfoList(QDir::Files | QDir::Readable);
|
2020-03-30 14:06:26 +00:00
|
|
|
QRegularExpression rxCert(QLatin1String("^.+\\.(pem|der)$"));
|
|
|
|
|
QRegularExpression rxSan(QLatin1String("^(.+\\.(?:pem|der))\\.san$"));
|
|
|
|
|
QRegularExpression rxPubKey(QLatin1String("^(.+\\.(?:pem|der))\\.pubkey$"));
|
|
|
|
|
QRegularExpression rxDigest(QLatin1String("^(.+\\.(?:pem|der))\\.digest-(md5|sha1)$"));
|
|
|
|
|
QRegularExpressionMatch match;
|
2011-04-27 10:05:43 +00:00
|
|
|
foreach (QFileInfo fileInfo, fileInfoList) {
|
2020-03-30 14:06:26 +00:00
|
|
|
if ((match = rxCert.match(fileInfo.fileName())).hasMatch())
|
2011-04-27 10:05:43 +00:00
|
|
|
certInfoList <<
|
|
|
|
|
CertInfo(fileInfo,
|
2020-03-30 14:06:26 +00:00
|
|
|
match.captured(1) == QLatin1String("pem") ? QSsl::Pem : QSsl::Der);
|
|
|
|
|
if ((match = rxSan.match(fileInfo.fileName())).hasMatch())
|
|
|
|
|
subjAltNameMap.insert(match.captured(1), fileInfo.absoluteFilePath());
|
|
|
|
|
if ((match = rxPubKey.match(fileInfo.fileName())).hasMatch())
|
|
|
|
|
pubkeyMap.insert(match.captured(1), fileInfo.absoluteFilePath());
|
|
|
|
|
if ((match = rxDigest.match(fileInfo.fileName())).hasMatch()) {
|
|
|
|
|
if (match.captured(2) == QLatin1String("md5"))
|
|
|
|
|
md5Map.insert(match.captured(1), fileInfo.absoluteFilePath());
|
2011-04-27 10:05:43 +00:00
|
|
|
else
|
2020-03-30 14:06:26 +00:00
|
|
|
sha1Map.insert(match.captured(1), fileInfo.absoluteFilePath());
|
2011-04-27 10:05:43 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-05-13 05:32:10 +00:00
|
|
|
#if QT_CONFIG(ssl)
|
2012-05-18 15:02:54 +00:00
|
|
|
|
Add qHash(QSslCertificate) overload
qsslsocket_winrt.cpp defined it locally, which runs the risk of
clashes with a potential user-defined qHash(QSslCertificate), so
make it public.
Also, the implementation in qsslsocket_winrt.cpp simply hashed
the handle(), which violates the principle that equal instances
must hash to the same value. Also, for some platforms, the
implementation returns nullptr unconditionally, which, while not
violating the above-mentioned principle, will make all users of
the hash have worst-case complexity.
To calculate a meaningful hash, therefore, the certificate needs
to be inspected deeper than just the handle.
For OpenSSL, we use X509::sha1_hash, which also X509_cmp uses
internally to determine inequality (it checks more stuff, but
if X059::sha1_hash is different, X509_cmp() returns non-zero,
which is sufficient for the purposes of qHash()). sha1_hash may
not be up-to-date, though, so we call X509_cmp to make it valid.
Ugh.
For WinRT/Qt, we use the DER encoding, as that is the native
storage format used in QSslCertificate. This is not equivalent
to the implementation used in qsslsocket_winrt.cpp before, but
since handle() == handle() => toDer() == toDer(), it should not
be a problem.
[ChangeLog][QtNetwork][QSslCertificate] Can now be used as a key in QSet/QHash.
Change-Id: I10858fe648c70fc9535af6913dd3b7f3b2cf0eba
Reviewed-by: Oliver Wolff <oliver.wolff@digia.com>
2014-09-25 13:55:35 +00:00
|
|
|
void tst_QSslCertificate::hash()
|
|
|
|
|
{
|
|
|
|
|
// mostly a compile-only test, to check that qHash(QSslCertificate) is found.
|
|
|
|
|
QSet<QSslCertificate> certs;
|
|
|
|
|
certs << QSslCertificate();
|
|
|
|
|
QCOMPARE(certs.size(), 1);
|
|
|
|
|
}
|
|
|
|
|
|
2011-04-27 10:05:43 +00:00
|
|
|
static QByteArray readFile(const QString &absFilePath)
|
|
|
|
|
{
|
|
|
|
|
QFile file(absFilePath);
|
|
|
|
|
if (!file.open(QIODevice::ReadOnly)) {
|
2021-07-31 16:25:42 +00:00
|
|
|
qWarning("failed to open file");
|
2011-04-27 10:05:43 +00:00
|
|
|
return QByteArray();
|
|
|
|
|
}
|
|
|
|
|
return file.readAll();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void tst_QSslCertificate::emptyConstructor()
|
|
|
|
|
{
|
|
|
|
|
if (!QSslSocket::supportsSsl())
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
QSslCertificate certificate;
|
|
|
|
|
QVERIFY(certificate.isNull());
|
|
|
|
|
//make sure none of the functions crash (task 203035)
|
2011-11-11 23:08:42 +00:00
|
|
|
QVERIFY(!certificate.isBlacklisted());
|
2011-04-27 10:05:43 +00:00
|
|
|
QCOMPARE(certificate.version() , QByteArray());
|
|
|
|
|
QCOMPARE(certificate.serialNumber(), QByteArray());
|
|
|
|
|
QCOMPARE(certificate.digest(), QCryptographicHash::hash(QByteArray(), QCryptographicHash::Md5));
|
2011-06-24 20:40:52 +00:00
|
|
|
QCOMPARE(certificate.issuerInfo(QSslCertificate::Organization), QStringList());
|
|
|
|
|
QCOMPARE(certificate.subjectInfo(QSslCertificate::Organization), QStringList());
|
2011-08-03 16:36:55 +00:00
|
|
|
QCOMPARE(certificate.subjectAlternativeNames(),(QMultiMap<QSsl::AlternativeNameEntryType, QString>()));
|
2011-04-27 10:05:43 +00:00
|
|
|
QCOMPARE(certificate.effectiveDate(), QDateTime());
|
|
|
|
|
QCOMPARE(certificate.expiryDate(), QDateTime());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
Q_DECLARE_METATYPE(QSsl::EncodingFormat);
|
|
|
|
|
|
|
|
|
|
void tst_QSslCertificate::createTestRows()
|
|
|
|
|
{
|
|
|
|
|
QTest::addColumn<QString>("absFilePath");
|
|
|
|
|
QTest::addColumn<QSsl::EncodingFormat>("format");
|
|
|
|
|
foreach (CertInfo certInfo, certInfoList) {
|
|
|
|
|
QTest::newRow(certInfo.fileInfo.fileName().toLatin1())
|
|
|
|
|
<< certInfo.fileInfo.absoluteFilePath() << certInfo.format;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void tst_QSslCertificate::constructor_data()
|
|
|
|
|
{
|
|
|
|
|
createTestRows();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void tst_QSslCertificate::constructor()
|
|
|
|
|
{
|
|
|
|
|
if (!QSslSocket::supportsSsl())
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
QFETCH(QString, absFilePath);
|
|
|
|
|
QFETCH(QSsl::EncodingFormat, format);
|
|
|
|
|
|
|
|
|
|
QByteArray encoded = readFile(absFilePath);
|
|
|
|
|
QSslCertificate certificate(encoded, format);
|
|
|
|
|
QVERIFY(!certificate.isNull());
|
|
|
|
|
}
|
|
|
|
|
|
2014-05-05 15:42:14 +00:00
|
|
|
void tst_QSslCertificate::constructor_device()
|
|
|
|
|
{
|
|
|
|
|
if (!QSslSocket::supportsSsl())
|
|
|
|
|
return;
|
|
|
|
|
|
2018-01-05 12:58:51 +00:00
|
|
|
QFile f(testDataDir + "verify-certs/test-ocsp-good-cert.pem");
|
2014-05-05 15:42:14 +00:00
|
|
|
bool ok = f.open(QIODevice::ReadOnly);
|
|
|
|
|
QVERIFY(ok);
|
|
|
|
|
|
|
|
|
|
QSslCertificate cert(&f);
|
|
|
|
|
QVERIFY(!cert.isNull());
|
|
|
|
|
f.close();
|
|
|
|
|
|
|
|
|
|
// Check opening a DER as a PEM fails
|
2018-01-05 12:58:51 +00:00
|
|
|
QFile f2(testDataDir + "certificates/cert.der");
|
2014-05-05 15:42:14 +00:00
|
|
|
ok = f2.open(QIODevice::ReadOnly);
|
|
|
|
|
QVERIFY(ok);
|
|
|
|
|
|
|
|
|
|
QSslCertificate cert2(&f2);
|
|
|
|
|
QVERIFY(cert2.isNull());
|
|
|
|
|
f2.close();
|
|
|
|
|
|
|
|
|
|
// Check opening a DER as a DER works
|
2018-01-05 12:58:51 +00:00
|
|
|
QFile f3(testDataDir + "certificates/cert.der");
|
2014-05-05 15:42:14 +00:00
|
|
|
ok = f3.open(QIODevice::ReadOnly);
|
|
|
|
|
QVERIFY(ok);
|
|
|
|
|
|
|
|
|
|
QSslCertificate cert3(&f3, QSsl::Der);
|
|
|
|
|
QVERIFY(!cert3.isNull());
|
|
|
|
|
f3.close();
|
|
|
|
|
|
|
|
|
|
// Check opening a PEM as a DER fails
|
2018-01-05 12:58:51 +00:00
|
|
|
QFile f4(testDataDir + "verify-certs/test-ocsp-good-cert.pem");
|
2014-05-05 15:42:14 +00:00
|
|
|
ok = f4.open(QIODevice::ReadOnly);
|
|
|
|
|
QVERIFY(ok);
|
|
|
|
|
|
|
|
|
|
QSslCertificate cert4(&f4, QSsl::Der);
|
|
|
|
|
QVERIFY(cert4.isNull());
|
|
|
|
|
f4.close();
|
|
|
|
|
}
|
|
|
|
|
|
2011-04-27 10:05:43 +00:00
|
|
|
void tst_QSslCertificate::constructingGarbage()
|
|
|
|
|
{
|
|
|
|
|
if (!QSslSocket::supportsSsl())
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
QByteArray garbage("garbage");
|
|
|
|
|
QSslCertificate certificate(garbage);
|
|
|
|
|
QVERIFY(certificate.isNull());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void tst_QSslCertificate::copyAndAssign_data()
|
|
|
|
|
{
|
|
|
|
|
createTestRows();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void tst_QSslCertificate::compareCertificates(
|
|
|
|
|
const QSslCertificate & cert1, const QSslCertificate & cert2)
|
|
|
|
|
{
|
|
|
|
|
QCOMPARE(cert1.isNull(), cert2.isNull());
|
|
|
|
|
// Note: in theory, the next line could fail even if the certificates are identical!
|
2011-11-11 23:08:42 +00:00
|
|
|
QCOMPARE(cert1.isBlacklisted(), cert2.isBlacklisted());
|
2011-04-27 10:05:43 +00:00
|
|
|
QCOMPARE(cert1.version(), cert2.version());
|
|
|
|
|
QCOMPARE(cert1.serialNumber(), cert2.serialNumber());
|
|
|
|
|
QCOMPARE(cert1.digest(), cert2.digest());
|
|
|
|
|
QCOMPARE(cert1.toPem(), cert2.toPem());
|
|
|
|
|
QCOMPARE(cert1.toDer(), cert2.toDer());
|
|
|
|
|
for (int info = QSslCertificate::Organization;
|
|
|
|
|
info <= QSslCertificate::StateOrProvinceName; info++) {
|
|
|
|
|
const QSslCertificate::SubjectInfo subjectInfo = (QSslCertificate::SubjectInfo)info;
|
|
|
|
|
QCOMPARE(cert1.issuerInfo(subjectInfo), cert2.issuerInfo(subjectInfo));
|
|
|
|
|
QCOMPARE(cert1.subjectInfo(subjectInfo), cert2.subjectInfo(subjectInfo));
|
|
|
|
|
}
|
2011-08-03 16:36:55 +00:00
|
|
|
QCOMPARE(cert1.subjectAlternativeNames(), cert2.subjectAlternativeNames());
|
2011-04-27 10:05:43 +00:00
|
|
|
QCOMPARE(cert1.effectiveDate(), cert2.effectiveDate());
|
|
|
|
|
QCOMPARE(cert1.expiryDate(), cert2.expiryDate());
|
|
|
|
|
QCOMPARE(cert1.version(), cert2.version());
|
|
|
|
|
QCOMPARE(cert1.serialNumber(), cert2.serialNumber());
|
|
|
|
|
// ### add more functions here ...
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void tst_QSslCertificate::copyAndAssign()
|
|
|
|
|
{
|
|
|
|
|
if (!QSslSocket::supportsSsl())
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
QFETCH(QString, absFilePath);
|
|
|
|
|
QFETCH(QSsl::EncodingFormat, format);
|
|
|
|
|
|
|
|
|
|
QByteArray encoded = readFile(absFilePath);
|
|
|
|
|
QSslCertificate certificate(encoded, format);
|
|
|
|
|
|
|
|
|
|
QVERIFY(!certificate.isNull());
|
|
|
|
|
|
|
|
|
|
QSslCertificate copied(certificate);
|
|
|
|
|
compareCertificates(certificate, copied);
|
|
|
|
|
|
|
|
|
|
QSslCertificate assigned = certificate;
|
|
|
|
|
compareCertificates(certificate, assigned);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void tst_QSslCertificate::digest_data()
|
|
|
|
|
{
|
|
|
|
|
QTest::addColumn<QString>("absFilePath");
|
|
|
|
|
QTest::addColumn<QSsl::EncodingFormat>("format");
|
|
|
|
|
QTest::addColumn<QString>("absFilePath_digest_md5");
|
|
|
|
|
QTest::addColumn<QString>("absFilePath_digest_sha1");
|
|
|
|
|
foreach (CertInfo certInfo, certInfoList) {
|
|
|
|
|
QString certName = certInfo.fileInfo.fileName();
|
|
|
|
|
QTest::newRow(certName.toLatin1())
|
|
|
|
|
<< certInfo.fileInfo.absoluteFilePath()
|
|
|
|
|
<< certInfo.format
|
|
|
|
|
<< md5Map.value(certName)
|
|
|
|
|
<< sha1Map.value(certName);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Converts a digest of the form '{MD5|SHA1} Fingerprint=AB:B8:32...' to binary format.
|
|
|
|
|
static QByteArray convertDigest(const QByteArray &input)
|
|
|
|
|
{
|
|
|
|
|
QByteArray result;
|
2020-03-30 14:06:26 +00:00
|
|
|
QRegularExpression rx(QLatin1String("(?:=|:)([0-9A-Fa-f]{2})"));
|
|
|
|
|
QRegularExpressionMatch match;
|
2011-04-27 10:05:43 +00:00
|
|
|
int pos = 0;
|
2020-03-30 14:06:26 +00:00
|
|
|
while ((match = rx.match(input, pos)).hasMatch()) {
|
|
|
|
|
result.append(match.captured(1).toLatin1());
|
|
|
|
|
pos = match.capturedEnd();
|
2011-04-27 10:05:43 +00:00
|
|
|
}
|
|
|
|
|
return QByteArray::fromHex(result);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void tst_QSslCertificate::digest()
|
|
|
|
|
{
|
|
|
|
|
if (!QSslSocket::supportsSsl())
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
QFETCH(QString, absFilePath);
|
|
|
|
|
QFETCH(QSsl::EncodingFormat, format);
|
|
|
|
|
QFETCH(QString, absFilePath_digest_md5);
|
|
|
|
|
QFETCH(QString, absFilePath_digest_sha1);
|
|
|
|
|
|
|
|
|
|
QByteArray encoded = readFile(absFilePath);
|
|
|
|
|
QSslCertificate certificate(encoded, format);
|
|
|
|
|
QVERIFY(!certificate.isNull());
|
|
|
|
|
|
|
|
|
|
if (!absFilePath_digest_md5.isEmpty())
|
|
|
|
|
QCOMPARE(convertDigest(readFile(absFilePath_digest_md5)),
|
|
|
|
|
certificate.digest(QCryptographicHash::Md5));
|
|
|
|
|
|
|
|
|
|
if (!absFilePath_digest_sha1.isEmpty())
|
|
|
|
|
QCOMPARE(convertDigest(readFile(absFilePath_digest_sha1)),
|
|
|
|
|
certificate.digest(QCryptographicHash::Sha1));
|
|
|
|
|
}
|
|
|
|
|
|
2011-08-03 16:36:55 +00:00
|
|
|
void tst_QSslCertificate::subjectAlternativeNames_data()
|
2011-04-27 10:05:43 +00:00
|
|
|
{
|
|
|
|
|
QTest::addColumn<QString>("certFilePath");
|
|
|
|
|
QTest::addColumn<QSsl::EncodingFormat>("format");
|
|
|
|
|
QTest::addColumn<QString>("subjAltNameFilePath");
|
|
|
|
|
|
|
|
|
|
foreach (CertInfo certInfo, certInfoList) {
|
|
|
|
|
QString certName = certInfo.fileInfo.fileName();
|
|
|
|
|
if (subjAltNameMap.contains(certName))
|
|
|
|
|
QTest::newRow(certName.toLatin1())
|
|
|
|
|
<< certInfo.fileInfo.absoluteFilePath()
|
|
|
|
|
<< certInfo.format
|
|
|
|
|
<< subjAltNameMap.value(certName);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2011-08-03 16:36:55 +00:00
|
|
|
void tst_QSslCertificate::subjectAlternativeNames()
|
2011-04-27 10:05:43 +00:00
|
|
|
{
|
|
|
|
|
if (!QSslSocket::supportsSsl())
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
QFETCH(QString, certFilePath);
|
|
|
|
|
QFETCH(QSsl::EncodingFormat, format);
|
|
|
|
|
QFETCH(QString, subjAltNameFilePath);
|
|
|
|
|
|
|
|
|
|
QByteArray encodedCert = readFile(certFilePath);
|
|
|
|
|
QSslCertificate certificate(encodedCert, format);
|
|
|
|
|
QVERIFY(!certificate.isNull());
|
|
|
|
|
|
|
|
|
|
QByteArray fileContents = readFile(subjAltNameFilePath);
|
|
|
|
|
|
2011-08-03 16:36:55 +00:00
|
|
|
const QMultiMap<QSsl::AlternativeNameEntryType, QString> altSubjectNames =
|
|
|
|
|
certificate.subjectAlternativeNames();
|
2011-04-27 10:05:43 +00:00
|
|
|
|
|
|
|
|
// verify that each entry in subjAltNames is present in fileContents
|
2019-05-19 21:10:38 +00:00
|
|
|
for (auto it = altSubjectNames.cbegin(), end = altSubjectNames.cend(); it != end; ++it) {
|
2015-10-19 09:14:55 +00:00
|
|
|
QByteArray type;
|
2011-04-27 10:05:43 +00:00
|
|
|
if (it.key() == QSsl::EmailEntry)
|
2015-10-19 09:14:55 +00:00
|
|
|
type = "email";
|
2011-04-27 10:05:43 +00:00
|
|
|
else if (it.key() == QSsl::DnsEntry)
|
2015-10-19 09:14:55 +00:00
|
|
|
type = "DNS";
|
2011-04-27 10:05:43 +00:00
|
|
|
else
|
|
|
|
|
QFAIL("unsupported alternative name type");
|
2015-10-19 09:14:55 +00:00
|
|
|
const QByteArray entry = type + ':' + it.value().toLatin1();
|
|
|
|
|
QVERIFY(fileContents.contains(entry));
|
2011-04-27 10:05:43 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// verify that each entry in fileContents is present in subjAltNames
|
2020-03-30 14:06:26 +00:00
|
|
|
QRegularExpression rx(QLatin1String("(email|DNS):([^,\\r\\n]+)"));
|
|
|
|
|
QRegularExpressionMatch match;
|
|
|
|
|
for (int pos = 0; (match = rx.match(fileContents, pos)).hasMatch(); pos = match.capturedEnd()) {
|
2011-08-03 16:36:55 +00:00
|
|
|
QSsl::AlternativeNameEntryType key;
|
2020-03-30 14:06:26 +00:00
|
|
|
if (match.captured(1) == QLatin1String("email"))
|
2011-04-27 10:05:43 +00:00
|
|
|
key = QSsl::EmailEntry;
|
2020-03-30 14:06:26 +00:00
|
|
|
else if (match.captured(1) == QLatin1String("DNS"))
|
2011-04-27 10:05:43 +00:00
|
|
|
key = QSsl::DnsEntry;
|
|
|
|
|
else
|
|
|
|
|
QFAIL("unsupported alternative name type");
|
2020-03-30 14:06:26 +00:00
|
|
|
QVERIFY(altSubjectNames.contains(key, match.captured(2)));
|
2011-04-27 10:05:43 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2020-11-19 11:35:14 +00:00
|
|
|
void tst_QSslCertificate::subjectInfoToString()
|
|
|
|
|
{
|
|
|
|
|
QFile certFile(testDataDir + "more-certificates/aspiriniks.ca.crt");
|
|
|
|
|
const bool ok = certFile.open(QIODevice::ReadOnly);
|
|
|
|
|
QVERIFY(ok);
|
|
|
|
|
const auto chain = QSslCertificate::fromDevice(&certFile, QSsl::Pem);
|
|
|
|
|
QCOMPARE(chain.size(), 1);
|
|
|
|
|
const auto cert = chain.at(0);
|
|
|
|
|
QVERIFY(!cert.isNull());
|
|
|
|
|
|
|
|
|
|
const auto testInfo = [&cert](QSslCertificate::SubjectInfo info, const QString &expected) {
|
|
|
|
|
const auto infoAsList = cert.subjectInfo(info);
|
|
|
|
|
if (infoAsList.size())
|
|
|
|
|
return expected == infoAsList.at(0);
|
|
|
|
|
return expected == QString();
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
QVERIFY(testInfo(QSslCertificate::Organization, QStringLiteral("TT ASA")));
|
|
|
|
|
QVERIFY(testInfo(QSslCertificate::CommonName, QStringLiteral("aspiriniks.troll.no")));
|
|
|
|
|
QVERIFY(testInfo(QSslCertificate::LocalityName, QStringLiteral("Oslo")));
|
|
|
|
|
QVERIFY(testInfo(QSslCertificate::OrganizationalUnitName, QStringLiteral("QT SW")));
|
|
|
|
|
QVERIFY(testInfo(QSslCertificate::CountryName, QStringLiteral("NO")));
|
|
|
|
|
QVERIFY(testInfo(QSslCertificate::StateOrProvinceName, QStringLiteral("Oslo")));
|
|
|
|
|
QVERIFY(testInfo(QSslCertificate::DistinguishedNameQualifier, QString()));
|
|
|
|
|
QVERIFY(testInfo(QSslCertificate::SerialNumber, QString()));
|
|
|
|
|
// TODO: check why generic code does not handle this!
|
2021-05-13 05:32:10 +00:00
|
|
|
if (!isNonOpenSslTls)
|
|
|
|
|
QVERIFY(testInfo(QSslCertificate::EmailAddress, QStringLiteral("ababic@trolltech.com")));
|
2020-11-19 11:35:14 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void tst_QSslCertificate::subjectIssuerDisplayName_data()
|
|
|
|
|
{
|
|
|
|
|
QTest::addColumn<QString>("certName");
|
|
|
|
|
QTest::addColumn<QString>("expectedName");
|
|
|
|
|
|
|
|
|
|
QTest::addRow("CommonName") << QStringLiteral("more-certificates/cert-cn.pem") << QStringLiteral("YOUR name");
|
|
|
|
|
QTest::addRow("OrganizationName") << QStringLiteral("more-certificates/cert-on.pem") << QStringLiteral("R&D");
|
|
|
|
|
QTest::addRow("OrganizationUnitName") << QStringLiteral("more-certificates/cert-oun.pem") << QStringLiteral("Foundations");
|
|
|
|
|
#ifndef QT_NO_OPENSSL
|
|
|
|
|
QTest::addRow("NoSubjectName") << QStringLiteral("more-certificates/cert-noname.pem") << QString();
|
|
|
|
|
#endif
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void tst_QSslCertificate::subjectIssuerDisplayName()
|
|
|
|
|
{
|
|
|
|
|
QFETCH(const QString, certName);
|
|
|
|
|
QFETCH(const QString, expectedName);
|
|
|
|
|
|
|
|
|
|
const auto chain = QSslCertificate::fromPath(testDataDir + certName);
|
|
|
|
|
QCOMPARE(chain.size(), 1);
|
|
|
|
|
const auto cert = chain.at(0);
|
|
|
|
|
QVERIFY(!cert.isNull());
|
|
|
|
|
QCOMPARE(cert.subjectDisplayName(), expectedName);
|
|
|
|
|
QCOMPARE(cert.issuerDisplayName(), expectedName);
|
|
|
|
|
}
|
|
|
|
|
|
2011-03-21 17:15:01 +00:00
|
|
|
void tst_QSslCertificate::utf8SubjectNames()
|
|
|
|
|
{
|
2017-12-27 14:39:10 +00:00
|
|
|
QSslCertificate cert = QSslCertificate::fromPath(testDataDir + "certificates/cert-ss-san-utf8.pem", QSsl::Pem,
|
2020-02-25 10:55:30 +00:00
|
|
|
QSslCertificate::PatternSyntax::FixedString).first();
|
2011-03-21 17:15:01 +00:00
|
|
|
QVERIFY(!cert.isNull());
|
|
|
|
|
|
|
|
|
|
// O is "Heavy Metal Records" with heavy use of "decorations" like accents, umlauts etc.,
|
|
|
|
|
// OU uses arabian / asian script letters near codepoint 64K.
|
|
|
|
|
// strings split where the compiler would otherwise find three-digit hex numbers
|
|
|
|
|
static const char *o = "H\xc4\x95\xc4\x82\xc6\xb2\xc3\xbf \xca\x8d\xe1\xba\xbf\xca\x88\xe1\xba"
|
|
|
|
|
"\xb7\xe1\xb8\xbb R\xc3\xa9" "c" "\xc3\xb6rd\xc5\x9d";
|
|
|
|
|
static const char *ou = "\xe3\x88\xa7" "A" "\xe3\x89\x81\xef\xbd\xab" "BC";
|
|
|
|
|
|
|
|
|
|
// the following two tests should help find "\x"-literal encoding bugs in the test itself
|
2011-06-24 20:23:45 +00:00
|
|
|
QCOMPARE(cert.subjectInfo("O")[0].length(), QString::fromUtf8(o).length());
|
|
|
|
|
QCOMPARE (cert.subjectInfo("O")[0].toUtf8().toHex(), QByteArray(o).toHex());
|
2011-03-21 17:15:01 +00:00
|
|
|
|
2011-06-24 20:23:45 +00:00
|
|
|
QCOMPARE(cert.subjectInfo("O")[0], QString::fromUtf8(o));
|
|
|
|
|
QCOMPARE(cert.subjectInfo("OU")[0], QString::fromUtf8(ou));
|
2011-03-21 17:15:01 +00:00
|
|
|
}
|
|
|
|
|
|
2011-04-27 10:05:43 +00:00
|
|
|
void tst_QSslCertificate::publicKey_data()
|
|
|
|
|
{
|
|
|
|
|
QTest::addColumn<QString>("certFilePath");
|
|
|
|
|
QTest::addColumn<QSsl::EncodingFormat>("format");
|
|
|
|
|
QTest::addColumn<QString>("pubkeyFilePath");
|
|
|
|
|
|
|
|
|
|
foreach (CertInfo certInfo, certInfoList) {
|
|
|
|
|
QString certName = certInfo.fileInfo.fileName();
|
|
|
|
|
if (pubkeyMap.contains(certName))
|
|
|
|
|
QTest::newRow(certName.toLatin1())
|
|
|
|
|
<< certInfo.fileInfo.absoluteFilePath()
|
|
|
|
|
<< certInfo.format
|
|
|
|
|
<< pubkeyMap.value(certName);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void tst_QSslCertificate::publicKey()
|
|
|
|
|
{
|
|
|
|
|
if (!QSslSocket::supportsSsl())
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
QFETCH(QString, certFilePath);
|
|
|
|
|
QFETCH(QSsl::EncodingFormat, format);
|
|
|
|
|
QFETCH(QString, pubkeyFilePath);
|
|
|
|
|
|
2015-07-29 12:22:12 +00:00
|
|
|
QSsl::KeyAlgorithm algorithm;
|
|
|
|
|
if (QFileInfo(pubkeyFilePath).fileName().startsWith("dsa-"))
|
|
|
|
|
algorithm = QSsl::Dsa;
|
|
|
|
|
else if (QFileInfo(pubkeyFilePath).fileName().startsWith("ec-"))
|
|
|
|
|
algorithm = QSsl::Ec;
|
|
|
|
|
else
|
|
|
|
|
algorithm = QSsl::Rsa;
|
|
|
|
|
|
2011-04-27 10:05:43 +00:00
|
|
|
QByteArray encodedCert = readFile(certFilePath);
|
|
|
|
|
QSslCertificate certificate(encodedCert, format);
|
|
|
|
|
QVERIFY(!certificate.isNull());
|
|
|
|
|
|
|
|
|
|
QByteArray encodedPubkey = readFile(pubkeyFilePath);
|
2015-07-29 12:22:12 +00:00
|
|
|
QSslKey pubkey(encodedPubkey, algorithm, format, QSsl::PublicKey);
|
2011-04-27 10:05:43 +00:00
|
|
|
QVERIFY(!pubkey.isNull());
|
|
|
|
|
|
|
|
|
|
QCOMPARE(certificate.publicKey(), pubkey);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void tst_QSslCertificate::toPemOrDer_data()
|
|
|
|
|
{
|
|
|
|
|
createTestRows();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static const char BeginCertString[] = "-----BEGIN CERTIFICATE-----";
|
|
|
|
|
static const char EndCertString[] = "-----END CERTIFICATE-----";
|
|
|
|
|
|
|
|
|
|
// Returns, in Pem-format, the first certificate found in a Pem-formatted block
|
|
|
|
|
// (Note that such a block may contain e.g. a private key at the end).
|
|
|
|
|
static QByteArray firstPemCertificateFromPem(const QByteArray &pem)
|
|
|
|
|
{
|
|
|
|
|
int startPos = pem.indexOf(BeginCertString);
|
|
|
|
|
int endPos = pem.indexOf(EndCertString);
|
|
|
|
|
if (startPos == -1 || endPos == -1)
|
|
|
|
|
return QByteArray();
|
|
|
|
|
return pem.mid(startPos, endPos + sizeof(EndCertString) - startPos);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void tst_QSslCertificate::toPemOrDer()
|
|
|
|
|
{
|
|
|
|
|
if (!QSslSocket::supportsSsl())
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
QFETCH(QString, absFilePath);
|
|
|
|
|
QFETCH(QSsl::EncodingFormat, format);
|
|
|
|
|
|
|
|
|
|
QByteArray encoded = readFile(absFilePath);
|
|
|
|
|
QSslCertificate certificate(encoded, format);
|
|
|
|
|
QVERIFY(!certificate.isNull());
|
|
|
|
|
if (format == QSsl::Pem) {
|
|
|
|
|
encoded.replace('\r',"");
|
|
|
|
|
QByteArray firstPem = firstPemCertificateFromPem(encoded);
|
|
|
|
|
QCOMPARE(certificate.toPem(), firstPem);
|
|
|
|
|
} else {
|
|
|
|
|
// ### for now, we assume that DER-encoded certificates don't contain bundled stuff
|
|
|
|
|
QCOMPARE(certificate.toDer(), encoded);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void tst_QSslCertificate::fromDevice()
|
|
|
|
|
{
|
|
|
|
|
QTest::ignoreMessage(QtWarningMsg, "QSslCertificate::fromDevice: cannot read from a null device");
|
2020-11-19 11:35:14 +00:00
|
|
|
QList<QSslCertificate> certs = QSslCertificate::fromDevice(nullptr); // don't crash
|
2011-04-27 10:05:43 +00:00
|
|
|
QVERIFY(certs.isEmpty());
|
2020-11-19 11:35:14 +00:00
|
|
|
|
|
|
|
|
QFile certFile(testDataDir + "certificates/cert.der");
|
|
|
|
|
const bool ok = certFile.open(QIODevice::ReadOnly);
|
|
|
|
|
QVERIFY(ok);
|
|
|
|
|
const auto chain = QSslCertificate::fromDevice(&certFile, QSsl::Der);
|
|
|
|
|
QCOMPARE(chain.size(), 1);
|
|
|
|
|
QVERIFY(!chain.at(0).isNull());
|
2011-04-27 10:05:43 +00:00
|
|
|
}
|
|
|
|
|
|
2019-11-26 22:55:01 +00:00
|
|
|
void tst_QSslCertificate::fromPath_qregularexpression_data()
|
|
|
|
|
{
|
|
|
|
|
QTest::addColumn<QString>("path");
|
|
|
|
|
QTest::addColumn<int>("syntax");
|
|
|
|
|
QTest::addColumn<bool>("pemencoding");
|
|
|
|
|
QTest::addColumn<int>("numCerts");
|
|
|
|
|
|
2020-02-25 10:55:30 +00:00
|
|
|
QTest::newRow("empty fixed pem") << QString() << int(QSslCertificate::PatternSyntax::FixedString) << true << 0;
|
|
|
|
|
QTest::newRow("empty fixed der") << QString() << int(QSslCertificate::PatternSyntax::FixedString) << false << 0;
|
|
|
|
|
QTest::newRow("empty regexp pem") << QString() << int(QSslCertificate::PatternSyntax::RegularExpression) << true << 0;
|
|
|
|
|
QTest::newRow("empty regexp der") << QString() << int(QSslCertificate::PatternSyntax::RegularExpression) << false << 0;
|
|
|
|
|
QTest::newRow("empty wildcard pem") << QString() << int(QSslCertificate::PatternSyntax::Wildcard) << true << 0;
|
|
|
|
|
QTest::newRow("empty wildcard der") << QString() << int(QSslCertificate::PatternSyntax::Wildcard) << false << 0;
|
|
|
|
|
QTest::newRow("\"certificates\" fixed pem") << (testDataDir + "certificates") << int(QSslCertificate::PatternSyntax::FixedString) << true << 0;
|
|
|
|
|
QTest::newRow("\"certificates\" fixed der") << (testDataDir + "certificates") << int(QSslCertificate::PatternSyntax::FixedString) << false << 0;
|
|
|
|
|
QTest::newRow("\"certificates\" regexp pem") << (testDataDir + "certificates") << int(QSslCertificate::PatternSyntax::RegularExpression) << true << 0;
|
|
|
|
|
QTest::newRow("\"certificates\" regexp der") << (testDataDir + "certificates") << int(QSslCertificate::PatternSyntax::RegularExpression) << false << 0;
|
|
|
|
|
QTest::newRow("\"certificates\" wildcard pem") << (testDataDir + "certificates") << int(QSslCertificate::PatternSyntax::Wildcard) << true << 0;
|
|
|
|
|
QTest::newRow("\"certificates\" wildcard der") << (testDataDir + "certificates") << int(QSslCertificate::PatternSyntax::Wildcard) << false << 0;
|
|
|
|
|
QTest::newRow("\"certificates/cert.pem\" fixed pem") << (testDataDir + "certificates/cert.pem") << int(QSslCertificate::PatternSyntax::FixedString) << true << 1;
|
|
|
|
|
QTest::newRow("\"certificates/cert.pem\" fixed der") << (testDataDir + "certificates/cert.pem") << int(QSslCertificate::PatternSyntax::FixedString) << false << 0;
|
|
|
|
|
QTest::newRow("\"certificates/cert.pem\" regexp pem") << (testDataDir + "certificates/cert.pem") << int(QSslCertificate::PatternSyntax::RegularExpression) << true << 1;
|
|
|
|
|
QTest::newRow("\"certificates/cert.pem\" regexp der") << (testDataDir + "certificates/cert.pem") << int(QSslCertificate::PatternSyntax::RegularExpression) << false << 0;
|
|
|
|
|
QTest::newRow("\"certificates/cert.pem\" wildcard pem") << (testDataDir + "certificates/cert.pem") << int(QSslCertificate::PatternSyntax::Wildcard) << true << 1;
|
|
|
|
|
QTest::newRow("\"certificates/cert.pem\" wildcard der") << (testDataDir + "certificates/cert.pem") << int(QSslCertificate::PatternSyntax::Wildcard) << false << 0;
|
|
|
|
|
QTest::newRow("\"certificates/*\" fixed pem") << (testDataDir + "certificates/*") << int(QSslCertificate::PatternSyntax::FixedString) << true << 0;
|
|
|
|
|
QTest::newRow("\"certificates/*\" fixed der") << (testDataDir + "certificates/*") << int(QSslCertificate::PatternSyntax::FixedString) << false << 0;
|
|
|
|
|
QTest::newRow("\"certificates/*\" regexp pem") << (testDataDir + "certificates/*") << int(QSslCertificate::PatternSyntax::RegularExpression) << true << 0;
|
|
|
|
|
QTest::newRow("\"certificates/*\" regexp der") << (testDataDir + "certificates/*") << int(QSslCertificate::PatternSyntax::RegularExpression) << false << 0;
|
|
|
|
|
QTest::newRow("\"certificates/*\" wildcard pem") << (testDataDir + "certificates/*") << int(QSslCertificate::PatternSyntax::Wildcard) << true << 7;
|
|
|
|
|
QTest::newRow("\"certificates/ca*\" wildcard pem") << (testDataDir + "certificates/ca*") << int(QSslCertificate::PatternSyntax::Wildcard) << true << 1;
|
|
|
|
|
QTest::newRow("\"certificates/cert*\" wildcard pem") << (testDataDir + "certificates/cert*") << int(QSslCertificate::PatternSyntax::Wildcard) << true << 4;
|
|
|
|
|
QTest::newRow("\"certificates/cert-[sure]*\" wildcard pem") << (testDataDir + "certificates/cert-[sure]*") << int(QSslCertificate::PatternSyntax::Wildcard) << true << 3;
|
|
|
|
|
QTest::newRow("\"certificates/cert-[not]*\" wildcard pem") << (testDataDir + "certificates/cert-[not]*") << int(QSslCertificate::PatternSyntax::Wildcard) << true << 0;
|
|
|
|
|
QTest::newRow("\"certificates/*\" wildcard der") << (testDataDir + "certificates/*") << int(QSslCertificate::PatternSyntax::Wildcard) << false << 2;
|
|
|
|
|
QTest::newRow("\"c*/c*.pem\" fixed pem") << (testDataDir + "c*/c*.pem") << int(QSslCertificate::PatternSyntax::FixedString) << true << 0;
|
|
|
|
|
QTest::newRow("\"c*/c*.pem\" fixed der") << (testDataDir + "c*/c*.pem") << int(QSslCertificate::PatternSyntax::FixedString) << false << 0;
|
|
|
|
|
QTest::newRow("\"c*/c*.pem\" regexp pem") << (testDataDir + "c*/c*.pem") << int(QSslCertificate::PatternSyntax::RegularExpression) << true << 0;
|
|
|
|
|
QTest::newRow("\"c*/c*.pem\" regexp der") << (testDataDir + "c*/c*.pem") << int(QSslCertificate::PatternSyntax::RegularExpression) << false << 0;
|
|
|
|
|
QTest::newRow("\"c*/c*.pem\" wildcard pem") << (testDataDir + "c*/c*.pem") << int(QSslCertificate::PatternSyntax::Wildcard) << true << 5;
|
|
|
|
|
QTest::newRow("\"c*/c*.pem\" wildcard der") << (testDataDir + "c*/c*.pem") << int(QSslCertificate::PatternSyntax::Wildcard) << false << 0;
|
|
|
|
|
QTest::newRow("\"d*/c*.pem\" fixed pem") << (testDataDir + "d*/c*.pem") << int(QSslCertificate::PatternSyntax::FixedString) << true << 0;
|
|
|
|
|
QTest::newRow("\"d*/c*.pem\" fixed der") << (testDataDir + "d*/c*.pem") << int(QSslCertificate::PatternSyntax::FixedString) << false << 0;
|
|
|
|
|
QTest::newRow("\"d*/c*.pem\" regexp pem") << (testDataDir + "d*/c*.pem") << int(QSslCertificate::PatternSyntax::RegularExpression) << true << 0;
|
|
|
|
|
QTest::newRow("\"d*/c*.pem\" regexp der") << (testDataDir + "d*/c*.pem") << int(QSslCertificate::PatternSyntax::RegularExpression) << false << 0;
|
|
|
|
|
QTest::newRow("\"d*/c*.pem\" wildcard pem") << (testDataDir + "d*/c*.pem") << int(QSslCertificate::PatternSyntax::Wildcard) << true << 0;
|
|
|
|
|
QTest::newRow("\"d*/c*.pem\" wildcard der") << (testDataDir + "d*/c*.pem") << int(QSslCertificate::PatternSyntax::Wildcard) << false << 0;
|
|
|
|
|
QTest::newRow("\"c.*/c.*.pem\" fixed pem") << (testDataDir + "c.*/c.*.pem") << int(QSslCertificate::PatternSyntax::FixedString) << true << 0;
|
|
|
|
|
QTest::newRow("\"c.*/c.*.pem\" fixed der") << (testDataDir + "c.*/c.*.pem") << int(QSslCertificate::PatternSyntax::FixedString) << false << 0;
|
|
|
|
|
QTest::newRow("\"c.*/c.*.pem\" regexp pem") << (testDataDir + "c.*/c.*.pem") << int(QSslCertificate::PatternSyntax::RegularExpression) << true << 5;
|
|
|
|
|
QTest::newRow("\"c.*/c.*.pem\" regexp der") << (testDataDir + "c.*/c.*.pem") << int(QSslCertificate::PatternSyntax::RegularExpression) << false << 0;
|
|
|
|
|
QTest::newRow("\"c.*/c.*.pem\" wildcard pem") << (testDataDir + "c.*/c.*.pem") << int(QSslCertificate::PatternSyntax::Wildcard) << true << 0;
|
|
|
|
|
QTest::newRow("\"c.*/c.*.pem\" wildcard der") << (testDataDir + "c.*/c.*.pem") << int(QSslCertificate::PatternSyntax::Wildcard) << false << 0;
|
|
|
|
|
QTest::newRow("\"d.*/c.*.pem\" fixed pem") << (testDataDir + "d.*/c.*.pem") << int(QSslCertificate::PatternSyntax::FixedString) << true << 0;
|
|
|
|
|
QTest::newRow("\"d.*/c.*.pem\" fixed der") << (testDataDir + "d.*/c.*.pem") << int(QSslCertificate::PatternSyntax::FixedString) << false << 0;
|
|
|
|
|
QTest::newRow("\"d.*/c.*.pem\" regexp pem") << (testDataDir + "d.*/c.*.pem") << int(QSslCertificate::PatternSyntax::RegularExpression) << true << 0;
|
|
|
|
|
QTest::newRow("\"d.*/c.*.pem\" regexp der") << (testDataDir + "d.*/c.*.pem") << int(QSslCertificate::PatternSyntax::RegularExpression) << false << 0;
|
|
|
|
|
QTest::newRow("\"d.*/c.*.pem\" wildcard pem") << (testDataDir + "d.*/c.*.pem") << int(QSslCertificate::PatternSyntax::Wildcard) << true << 0;
|
|
|
|
|
QTest::newRow("\"d.*/c.*.pem\" wildcard der") << (testDataDir + "d.*/c.*.pem") << int(QSslCertificate::PatternSyntax::Wildcard) << false << 0;
|
2019-11-26 22:55:01 +00:00
|
|
|
#ifdef Q_OS_LINUX
|
2020-02-25 10:55:30 +00:00
|
|
|
QTest::newRow("absolute path wildcard pem") << (testDataDir + "certificates/*.pem") << int(QSslCertificate::PatternSyntax::Wildcard) << true << 7;
|
2019-11-26 22:55:01 +00:00
|
|
|
#endif
|
|
|
|
|
|
2020-02-25 10:55:30 +00:00
|
|
|
QTest::newRow("trailing-whitespace") << (testDataDir + "more-certificates/trailing-whitespace.pem") << int(QSslCertificate::PatternSyntax::FixedString) << true << 1;
|
|
|
|
|
QTest::newRow("no-ending-newline") << (testDataDir + "more-certificates/no-ending-newline.pem") << int(QSslCertificate::PatternSyntax::FixedString) << true << 1;
|
|
|
|
|
QTest::newRow("malformed-just-begin") << (testDataDir + "more-certificates/malformed-just-begin.pem") << int(QSslCertificate::PatternSyntax::FixedString) << true << 0;
|
|
|
|
|
QTest::newRow("malformed-just-begin-no-newline") << (testDataDir + "more-certificates/malformed-just-begin-no-newline.pem") << int(QSslCertificate::PatternSyntax::FixedString) << true << 0;
|
2019-11-26 22:55:01 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void tst_QSslCertificate::fromPath_qregularexpression()
|
|
|
|
|
{
|
|
|
|
|
QFETCH(QString, path);
|
|
|
|
|
QFETCH(int, syntax);
|
|
|
|
|
QFETCH(bool, pemencoding);
|
|
|
|
|
QFETCH(int, numCerts);
|
|
|
|
|
|
|
|
|
|
QCOMPARE(QSslCertificate::fromPath(path,
|
|
|
|
|
pemencoding ? QSsl::Pem : QSsl::Der,
|
|
|
|
|
QSslCertificate::PatternSyntax(syntax)).size(),
|
|
|
|
|
numCerts);
|
|
|
|
|
}
|
|
|
|
|
|
2011-04-27 10:05:43 +00:00
|
|
|
void tst_QSslCertificate::certInfo()
|
|
|
|
|
{
|
|
|
|
|
// MD5 Fingerprint=B6:CF:57:34:DA:A9:73:21:82:F7:CF:4D:3D:85:31:88
|
|
|
|
|
// SHA1 Fingerprint=B6:D1:51:82:E0:29:CA:59:96:38:BD:B6:F9:40:05:91:6D:49:09:60
|
|
|
|
|
// Certificate:
|
|
|
|
|
// Data:
|
|
|
|
|
// Version: 1 (0x0)
|
|
|
|
|
// Serial Number: 17 (0x11)
|
|
|
|
|
// Signature Algorithm: sha1WithRSAEncryption
|
|
|
|
|
// Issuer: C=AU, ST=Queensland, O=CryptSoft Pty Ltd, CN=Test CA (1024 bit)
|
|
|
|
|
// Validity
|
|
|
|
|
// Not Before: Apr 17 07:40:26 2007 GMT
|
|
|
|
|
// Not After : May 17 07:40:26 2007 GMT
|
|
|
|
|
// Subject: CN=name/with/slashes, C=NO
|
|
|
|
|
// Subject Public Key Info:
|
|
|
|
|
// Public Key Algorithm: rsaEncryption
|
|
|
|
|
// RSA Public Key: (1024 bit)
|
|
|
|
|
// Modulus (1024 bit):
|
|
|
|
|
// 00:eb:9d:e9:03:ac:30:4f:a9:58:03:44:c7:18:26:
|
|
|
|
|
// 2f:48:93:d5:ac:a0:fb:e8:53:c4:7b:2a:01:89:e6:
|
|
|
|
|
// fc:5a:0c:c5:f5:21:f8:d7:4a:92:02:67:db:f1:9f:
|
|
|
|
|
// 36:9a:62:9d:f3:ce:48:8e:ba:ed:5a:a8:9d:4f:bb:
|
|
|
|
|
// 24:16:43:4c:b5:79:08:f6:d9:22:8f:5f:15:0a:43:
|
|
|
|
|
// 25:03:7a:9d:a7:af:e3:26:b1:53:55:5e:60:57:c8:
|
|
|
|
|
// ed:2f:1c:f3:36:0a:78:64:91:f9:17:a7:34:d7:8b:
|
|
|
|
|
// bd:f1:fc:d1:8c:4f:a5:96:75:b2:7b:fc:21:f0:c7:
|
|
|
|
|
// d9:5f:0c:57:18:b2:af:b9:4b
|
|
|
|
|
// Exponent: 65537 (0x10001)
|
|
|
|
|
// Signature Algorithm: sha1WithRSAEncryption
|
|
|
|
|
// 95:e6:94:e2:98:33:57:a2:98:fa:af:50:b9:76:a9:51:83:2c:
|
|
|
|
|
// 0b:61:a2:36:d0:e6:90:6d:e4:f8:c4:c7:50:ef:17:94:4e:21:
|
|
|
|
|
// a8:fa:c8:33:aa:d1:7f:bc:ca:41:d6:7d:e7:44:76:c0:bf:45:
|
|
|
|
|
// 4a:76:25:42:6d:53:76:fd:fc:74:29:1a:ea:2b:cc:06:ab:d1:
|
|
|
|
|
// b8:eb:7d:6b:11:f7:9b:41:bb:9f:31:cb:ed:4d:f3:68:26:ed:
|
|
|
|
|
// 13:1d:f2:56:59:fe:6f:7c:98:b6:25:69:4e:ea:b4:dc:c2:eb:
|
|
|
|
|
// b7:bb:50:18:05:ba:ad:af:08:49:fe:98:63:55:ba:e7:fb:95:
|
|
|
|
|
// 5d:91
|
|
|
|
|
static const char pem[] =
|
|
|
|
|
"-----BEGIN CERTIFICATE-----\n"
|
|
|
|
|
"MIIB8zCCAVwCAREwDQYJKoZIhvcNAQEFBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV\n"
|
|
|
|
|
"BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD\n"
|
|
|
|
|
"VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNMDcwNDE3MDc0MDI2WhcNMDcwNTE3\n"
|
|
|
|
|
"MDc0MDI2WjApMRowGAYDVQQDExFuYW1lL3dpdGgvc2xhc2hlczELMAkGA1UEBhMC\n"
|
|
|
|
|
"Tk8wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOud6QOsME+pWANExxgmL0iT\n"
|
|
|
|
|
"1ayg++hTxHsqAYnm/FoMxfUh+NdKkgJn2/GfNppinfPOSI667VqonU+7JBZDTLV5\n"
|
|
|
|
|
"CPbZIo9fFQpDJQN6naev4yaxU1VeYFfI7S8c8zYKeGSR+RenNNeLvfH80YxPpZZ1\n"
|
|
|
|
|
"snv8IfDH2V8MVxiyr7lLAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAleaU4pgzV6KY\n"
|
|
|
|
|
"+q9QuXapUYMsC2GiNtDmkG3k+MTHUO8XlE4hqPrIM6rRf7zKQdZ950R2wL9FSnYl\n"
|
|
|
|
|
"Qm1Tdv38dCka6ivMBqvRuOt9axH3m0G7nzHL7U3zaCbtEx3yVln+b3yYtiVpTuq0\n"
|
|
|
|
|
"3MLrt7tQGAW6ra8ISf6YY1W65/uVXZE=\n"
|
|
|
|
|
"-----END CERTIFICATE-----\n";
|
|
|
|
|
static const char der[] = // hex encoded
|
|
|
|
|
"30:82:01:f3:30:82:01:5c:02:01:11:30:0d:06:09:2a"
|
|
|
|
|
"86:48:86:f7:0d:01:01:05:05:00:30:5b:31:0b:30:09"
|
|
|
|
|
"06:03:55:04:06:13:02:41:55:31:13:30:11:06:03:55"
|
|
|
|
|
"04:08:13:0a:51:75:65:65:6e:73:6c:61:6e:64:31:1a"
|
|
|
|
|
"30:18:06:03:55:04:0a:13:11:43:72:79:70:74:53:6f"
|
|
|
|
|
"66:74:20:50:74:79:20:4c:74:64:31:1b:30:19:06:03"
|
|
|
|
|
"55:04:03:13:12:54:65:73:74:20:43:41:20:28:31:30"
|
|
|
|
|
"32:34:20:62:69:74:29:30:1e:17:0d:30:37:30:34:31"
|
|
|
|
|
"37:30:37:34:30:32:36:5a:17:0d:30:37:30:35:31:37"
|
|
|
|
|
"30:37:34:30:32:36:5a:30:29:31:1a:30:18:06:03:55"
|
|
|
|
|
"04:03:13:11:6e:61:6d:65:2f:77:69:74:68:2f:73:6c"
|
|
|
|
|
"61:73:68:65:73:31:0b:30:09:06:03:55:04:06:13:02"
|
|
|
|
|
"4e:4f:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01"
|
|
|
|
|
"01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:eb"
|
|
|
|
|
"9d:e9:03:ac:30:4f:a9:58:03:44:c7:18:26:2f:48:93"
|
|
|
|
|
"d5:ac:a0:fb:e8:53:c4:7b:2a:01:89:e6:fc:5a:0c:c5"
|
|
|
|
|
"f5:21:f8:d7:4a:92:02:67:db:f1:9f:36:9a:62:9d:f3"
|
|
|
|
|
"ce:48:8e:ba:ed:5a:a8:9d:4f:bb:24:16:43:4c:b5:79"
|
|
|
|
|
"08:f6:d9:22:8f:5f:15:0a:43:25:03:7a:9d:a7:af:e3"
|
|
|
|
|
"26:b1:53:55:5e:60:57:c8:ed:2f:1c:f3:36:0a:78:64"
|
|
|
|
|
"91:f9:17:a7:34:d7:8b:bd:f1:fc:d1:8c:4f:a5:96:75"
|
|
|
|
|
"b2:7b:fc:21:f0:c7:d9:5f:0c:57:18:b2:af:b9:4b:02"
|
|
|
|
|
"03:01:00:01:30:0d:06:09:2a:86:48:86:f7:0d:01:01"
|
|
|
|
|
"05:05:00:03:81:81:00:95:e6:94:e2:98:33:57:a2:98"
|
|
|
|
|
"fa:af:50:b9:76:a9:51:83:2c:0b:61:a2:36:d0:e6:90"
|
|
|
|
|
"6d:e4:f8:c4:c7:50:ef:17:94:4e:21:a8:fa:c8:33:aa"
|
|
|
|
|
"d1:7f:bc:ca:41:d6:7d:e7:44:76:c0:bf:45:4a:76:25"
|
|
|
|
|
"42:6d:53:76:fd:fc:74:29:1a:ea:2b:cc:06:ab:d1:b8"
|
|
|
|
|
"eb:7d:6b:11:f7:9b:41:bb:9f:31:cb:ed:4d:f3:68:26"
|
|
|
|
|
"ed:13:1d:f2:56:59:fe:6f:7c:98:b6:25:69:4e:ea:b4"
|
|
|
|
|
"dc:c2:eb:b7:bb:50:18:05:ba:ad:af:08:49:fe:98:63"
|
|
|
|
|
"55:ba:e7:fb:95:5d:91";
|
|
|
|
|
|
2017-12-27 14:39:10 +00:00
|
|
|
QSslCertificate cert = QSslCertificate::fromPath(testDataDir + "certificates/cert.pem", QSsl::Pem,
|
2020-02-25 10:55:30 +00:00
|
|
|
QSslCertificate::PatternSyntax::FixedString).first();
|
2011-04-27 10:05:43 +00:00
|
|
|
QVERIFY(!cert.isNull());
|
|
|
|
|
|
2011-06-24 20:23:45 +00:00
|
|
|
QCOMPARE(cert.issuerInfo(QSslCertificate::Organization)[0], QString("CryptSoft Pty Ltd"));
|
|
|
|
|
QCOMPARE(cert.issuerInfo(QSslCertificate::CommonName)[0], QString("Test CA (1024 bit)"));
|
2011-06-24 20:40:52 +00:00
|
|
|
QCOMPARE(cert.issuerInfo(QSslCertificate::LocalityName), QStringList());
|
|
|
|
|
QCOMPARE(cert.issuerInfo(QSslCertificate::OrganizationalUnitName), QStringList());
|
2011-06-24 20:23:45 +00:00
|
|
|
QCOMPARE(cert.issuerInfo(QSslCertificate::CountryName)[0], QString("AU"));
|
|
|
|
|
QCOMPARE(cert.issuerInfo(QSslCertificate::StateOrProvinceName)[0], QString("Queensland"));
|
|
|
|
|
|
|
|
|
|
QCOMPARE(cert.issuerInfo("O")[0], QString("CryptSoft Pty Ltd"));
|
|
|
|
|
QCOMPARE(cert.issuerInfo("CN")[0], QString("Test CA (1024 bit)"));
|
2011-06-24 20:40:52 +00:00
|
|
|
QCOMPARE(cert.issuerInfo("L"), QStringList());
|
|
|
|
|
QCOMPARE(cert.issuerInfo("OU"), QStringList());
|
2011-06-24 20:23:45 +00:00
|
|
|
QCOMPARE(cert.issuerInfo("C")[0], QString("AU"));
|
|
|
|
|
QCOMPARE(cert.issuerInfo("ST")[0], QString("Queensland"));
|
|
|
|
|
|
2011-06-24 20:40:52 +00:00
|
|
|
QCOMPARE(cert.subjectInfo(QSslCertificate::Organization), QStringList());
|
2011-06-24 20:23:45 +00:00
|
|
|
QCOMPARE(cert.subjectInfo(QSslCertificate::CommonName)[0], QString("name/with/slashes"));
|
2011-06-24 20:40:52 +00:00
|
|
|
QCOMPARE(cert.subjectInfo(QSslCertificate::LocalityName), QStringList());
|
|
|
|
|
QCOMPARE(cert.subjectInfo(QSslCertificate::OrganizationalUnitName), QStringList());
|
2011-06-24 20:23:45 +00:00
|
|
|
QCOMPARE(cert.subjectInfo(QSslCertificate::CountryName)[0], QString("NO"));
|
2011-06-24 20:40:52 +00:00
|
|
|
QCOMPARE(cert.subjectInfo(QSslCertificate::StateOrProvinceName), QStringList());
|
2011-06-24 20:23:45 +00:00
|
|
|
|
2011-06-24 20:40:52 +00:00
|
|
|
QCOMPARE(cert.subjectInfo("O"), QStringList());
|
2011-06-24 20:23:45 +00:00
|
|
|
QCOMPARE(cert.subjectInfo("CN")[0], QString("name/with/slashes"));
|
2011-06-24 20:40:52 +00:00
|
|
|
QCOMPARE(cert.subjectInfo("L"), QStringList());
|
|
|
|
|
QCOMPARE(cert.subjectInfo("OU"), QStringList());
|
2011-06-24 20:23:45 +00:00
|
|
|
QCOMPARE(cert.subjectInfo("C")[0], QString("NO"));
|
2011-06-24 20:40:52 +00:00
|
|
|
QCOMPARE(cert.subjectInfo("ST"), QStringList());
|
2011-04-27 10:05:43 +00:00
|
|
|
|
|
|
|
|
QCOMPARE(cert.version(), QByteArray::number(1));
|
2011-11-10 22:37:16 +00:00
|
|
|
QCOMPARE(cert.serialNumber(), QByteArray("11"));
|
2011-04-27 10:05:43 +00:00
|
|
|
|
|
|
|
|
QCOMPARE(cert.toPem().constData(), (const char*)pem);
|
|
|
|
|
QCOMPARE(cert.toDer(), QByteArray::fromHex(der));
|
|
|
|
|
|
|
|
|
|
QCOMPARE(cert.digest(QCryptographicHash::Md5),
|
|
|
|
|
QByteArray::fromHex("B6:CF:57:34:DA:A9:73:21:82:F7:CF:4D:3D:85:31:88"));
|
|
|
|
|
QCOMPARE(cert.digest(QCryptographicHash::Sha1),
|
|
|
|
|
QByteArray::fromHex("B6:D1:51:82:E0:29:CA:59:96:38:BD:B6:F9:40:05:91:6D:49:09:60"));
|
|
|
|
|
|
|
|
|
|
QCOMPARE(cert.effectiveDate().toUTC(), QDateTime(QDate(2007, 4, 17), QTime(7,40,26), Qt::UTC));
|
|
|
|
|
QCOMPARE(cert.expiryDate().toUTC(), QDateTime(QDate(2007, 5, 17), QTime(7,40,26), Qt::UTC));
|
2011-11-11 23:08:42 +00:00
|
|
|
QVERIFY(cert.expiryDate() < QDateTime::currentDateTime()); // cert has expired
|
2011-04-27 10:05:43 +00:00
|
|
|
|
|
|
|
|
QSslCertificate copy = cert;
|
2015-07-24 13:47:02 +00:00
|
|
|
QCOMPARE(cert, copy);
|
2011-04-27 10:05:43 +00:00
|
|
|
QVERIFY(!(cert != copy));
|
|
|
|
|
|
|
|
|
|
QCOMPARE(cert, QSslCertificate(pem, QSsl::Pem));
|
|
|
|
|
QCOMPARE(cert, QSslCertificate(QByteArray::fromHex(der), QSsl::Der));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void tst_QSslCertificate::certInfoQByteArray()
|
|
|
|
|
{
|
2017-12-27 14:39:10 +00:00
|
|
|
QSslCertificate cert = QSslCertificate::fromPath(testDataDir + "certificates/cert.pem", QSsl::Pem,
|
2020-02-25 10:55:30 +00:00
|
|
|
QSslCertificate::PatternSyntax::FixedString).first();
|
2011-04-27 10:05:43 +00:00
|
|
|
QVERIFY(!cert.isNull());
|
|
|
|
|
|
|
|
|
|
// in this test, check the bytearray variants before the enum variants to see if
|
|
|
|
|
// we fixed a bug we had with lazy initialization of the values.
|
2011-06-24 20:23:45 +00:00
|
|
|
QCOMPARE(cert.issuerInfo("CN")[0], QString("Test CA (1024 bit)"));
|
|
|
|
|
QCOMPARE(cert.subjectInfo("CN")[0], QString("name/with/slashes"));
|
2011-04-27 10:05:43 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void tst_QSslCertificate::task256066toPem()
|
|
|
|
|
{
|
|
|
|
|
// a certificate whose PEM encoding's length is a multiple of 64
|
|
|
|
|
const char *mycert = "-----BEGIN CERTIFICATE-----\n" \
|
|
|
|
|
"MIIEGjCCAwKgAwIBAgIESikYSjANBgkqhkiG9w0BAQUFADBbMQswCQYDVQQGEwJF\n" \
|
|
|
|
|
"RTEiMCAGA1UEChMZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEPMA0GA1UECxMG\n" \
|
|
|
|
|
"RVNURUlEMRcwFQYDVQQDEw5FU1RFSUQtU0sgMjAwNzAeFw0wOTA2MDUxMzA2MTha\n" \
|
|
|
|
|
"Fw0xNDA2MDkyMTAwMDBaMIGRMQswCQYDVQQGEwJFRTEPMA0GA1UEChMGRVNURUlE\n" \
|
|
|
|
|
"MRcwFQYDVQQLEw5hdXRoZW50aWNhdGlvbjEhMB8GA1UEAxMYSEVJQkVSRyxTVkVO\n" \
|
|
|
|
|
"LDM3NzA5MjcwMjg1MRAwDgYDVQQEEwdIRUlCRVJHMQ0wCwYDVQQqEwRTVkVOMRQw\n" \
|
|
|
|
|
"EgYDVQQFEwszNzcwOTI3MDI4NTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA\n" \
|
|
|
|
|
"k2Euwhm34vu1jOFp02J5fQRx9LW2C7x78CbJ7yInoAKn7QR8UdxTU7mJk90Opejo\n" \
|
|
|
|
|
"71RUi2/aYl4jCr9gr99v2YoLufMRwAuqdmwmwqH1WAHRUtIcD0oPdKyelmmn9ig0\n" \
|
|
|
|
|
"RV+yJLNT3dnyrwPw+uuzDe3DeKepGKE4lxexliCaAx0CAyCMW6OCATEwggEtMA4G\n" \
|
|
|
|
|
"A1UdDwEB/wQEAwIEsDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwPAYD\n" \
|
|
|
|
|
"VR0fBDUwMzAxoC+gLYYraHR0cDovL3d3dy5zay5lZS9jcmxzL2VzdGVpZC9lc3Rl\n" \
|
|
|
|
|
"aWQyMDA3LmNybDAgBgNVHREEGTAXgRVzdmVuLmhlaWJlcmdAZWVzdGkuZWUwUQYD\n" \
|
|
|
|
|
"VR0gBEowSDBGBgsrBgEEAc4fAQEBATA3MBIGCCsGAQUFBwICMAYaBG5vbmUwIQYI\n" \
|
|
|
|
|
"KwYBBQUHAgEWFWh0dHA6Ly93d3cuc2suZWUvY3BzLzAfBgNVHSMEGDAWgBRIBt6+\n" \
|
|
|
|
|
"jIdXlYB4Y/qcIysroDoYdTAdBgNVHQ4EFgQUKCjpDf+LcvL6AH0QOiW6rMTtB/0w\n" \
|
|
|
|
|
"CQYDVR0TBAIwADANBgkqhkiG9w0BAQUFAAOCAQEABRyRuUm9zt8V27WuNeXtCDmU\n" \
|
|
|
|
|
"MGzA6g4QXNAd2nxFzT3k+kNzzQTOcgRdmjiEPuK49On+GWnBr/5MSBNhbCJVPWr/\n" \
|
|
|
|
|
"yym1UYTBisaqhRt/N/kwZqd0bHeLJk+ZxSePXRyqkp9H8KPWqz7H+O/FxRS4ffxo\n" \
|
|
|
|
|
"Q9Clem+e0bcjNlL5xXiRGycBeZq8cKj+0+A/UuattznQlvHdlCEsSeu1fPOORqFV\n" \
|
|
|
|
|
"fZur4HC31lQD7xVvETLiL83CtOQC78+29XPD6Zlrrc5OF2yibSVParY19b8Zh6yu\n" \
|
|
|
|
|
"p1dNvN8pBgXGrsyxRonwHooV2ghGNmGILkpdvlQfnxeCUg4erfHjDdSY9vmT7w==\n" \
|
|
|
|
|
"-----END CERTIFICATE-----\n";
|
|
|
|
|
|
|
|
|
|
QByteArray pem1(mycert);
|
|
|
|
|
QSslCertificate cert1(pem1);
|
|
|
|
|
QVERIFY(!cert1.isNull());
|
|
|
|
|
QByteArray pem2(cert1.toPem());
|
|
|
|
|
QSslCertificate cert2(pem2);
|
|
|
|
|
QVERIFY(!cert2.isNull());
|
|
|
|
|
QCOMPARE(pem1, pem2);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void tst_QSslCertificate::nulInCN()
|
|
|
|
|
{
|
Move plugin code from QtNetwork to qtbase/plugins
All TLS (and non-TLS) backends that QSsl classes rely
on are now in plugins/tls (as openssl, securetransport,
schannel and certonly plugins).
For now, I have to disable some tests that were using OpenSSL
calls - this to be refactored/re-thought. These include:
qsslsocket auto-test (test-case where we work with private keys),
qsslkey auto-test (similar to qsslsocket - test-case working with
keys using OpenSSL calls).
qasn1element moved to plugins too, so its auto-test have to
be re-thought.
Since now we can have more than one working TLS-backend on a given
platform, the presence of OpenSSL also means I force this backend
as active before running tests, to make sure features implemented
only in OpenSSL-backend are tested.
OCSP auto test is disabled for now, since it heavily relies on
OpenSSL symbols (to be refactored).
[ChangeLog][QtNetwork][QSslSocket] QSslSocket by default prefers 'openssl' backend
if it is available.
[ChangeLog][QtNetwork][QSslSocket] TLS-backends are not mutually exclusive anymore,
depending on a platform, more than one TLS backend can be built. E.g., configuring
Qt with -openssl does not prevent SecureTransport or Schannel plugin from being
built.
Fixes: QTBUG-91928
Change-Id: I4c05e32f10179066bee3a518bdfdd6c4b15320c3
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
2021-03-25 11:41:08 +00:00
|
|
|
if (isNonOpenSslTls)
|
|
|
|
|
QSKIP("Generic QSslCertificatePrivate fails this test");
|
|
|
|
|
|
2011-04-27 10:05:43 +00:00
|
|
|
QList<QSslCertificate> certList =
|
2020-02-25 10:55:30 +00:00
|
|
|
QSslCertificate::fromPath(testDataDir + "more-certificates/badguy-nul-cn.crt", QSsl::Pem, QSslCertificate::PatternSyntax::FixedString);
|
2011-04-27 10:05:43 +00:00
|
|
|
QCOMPARE(certList.size(), 1);
|
|
|
|
|
|
|
|
|
|
const QSslCertificate &cert = certList.at(0);
|
|
|
|
|
QVERIFY(!cert.isNull());
|
|
|
|
|
|
2011-06-24 20:23:45 +00:00
|
|
|
QString cn = cert.subjectInfo(QSslCertificate::CommonName)[0];
|
2015-10-13 14:38:01 +00:00
|
|
|
QVERIFY(cn != QLatin1String("www.bank.com"));
|
2011-04-27 10:05:43 +00:00
|
|
|
|
2011-03-21 17:15:01 +00:00
|
|
|
static const char realCN[] = "www.bank.com\0.badguy.com";
|
2011-04-27 10:05:43 +00:00
|
|
|
QCOMPARE(cn, QString::fromLatin1(realCN, sizeof realCN - 1));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void tst_QSslCertificate::nulInSan()
|
|
|
|
|
{
|
Move plugin code from QtNetwork to qtbase/plugins
All TLS (and non-TLS) backends that QSsl classes rely
on are now in plugins/tls (as openssl, securetransport,
schannel and certonly plugins).
For now, I have to disable some tests that were using OpenSSL
calls - this to be refactored/re-thought. These include:
qsslsocket auto-test (test-case where we work with private keys),
qsslkey auto-test (similar to qsslsocket - test-case working with
keys using OpenSSL calls).
qasn1element moved to plugins too, so its auto-test have to
be re-thought.
Since now we can have more than one working TLS-backend on a given
platform, the presence of OpenSSL also means I force this backend
as active before running tests, to make sure features implemented
only in OpenSSL-backend are tested.
OCSP auto test is disabled for now, since it heavily relies on
OpenSSL symbols (to be refactored).
[ChangeLog][QtNetwork][QSslSocket] QSslSocket by default prefers 'openssl' backend
if it is available.
[ChangeLog][QtNetwork][QSslSocket] TLS-backends are not mutually exclusive anymore,
depending on a platform, more than one TLS backend can be built. E.g., configuring
Qt with -openssl does not prevent SecureTransport or Schannel plugin from being
built.
Fixes: QTBUG-91928
Change-Id: I4c05e32f10179066bee3a518bdfdd6c4b15320c3
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
2021-03-25 11:41:08 +00:00
|
|
|
|
|
|
|
|
if (isNonOpenSslTls)
|
|
|
|
|
QSKIP("Generic QSslCertificatePrivate fails this test");
|
|
|
|
|
|
2011-04-27 10:05:43 +00:00
|
|
|
QList<QSslCertificate> certList =
|
2020-02-25 10:55:30 +00:00
|
|
|
QSslCertificate::fromPath(testDataDir + "more-certificates/badguy-nul-san.crt", QSsl::Pem, QSslCertificate::PatternSyntax::FixedString);
|
2011-04-27 10:05:43 +00:00
|
|
|
QCOMPARE(certList.size(), 1);
|
|
|
|
|
|
|
|
|
|
const QSslCertificate &cert = certList.at(0);
|
|
|
|
|
QVERIFY(!cert.isNull());
|
|
|
|
|
|
2011-08-03 16:36:55 +00:00
|
|
|
QMultiMap<QSsl::AlternativeNameEntryType, QString> san = cert.subjectAlternativeNames();
|
2011-04-27 10:05:43 +00:00
|
|
|
QVERIFY(!san.isEmpty());
|
|
|
|
|
|
|
|
|
|
QString dnssan = san.value(QSsl::DnsEntry);
|
|
|
|
|
QVERIFY(!dnssan.isEmpty());
|
|
|
|
|
QVERIFY(dnssan != "www.bank.com");
|
|
|
|
|
|
|
|
|
|
static const char realSAN[] = "www.bank.com\0www.badguy.com";
|
|
|
|
|
QCOMPARE(dnssan, QString::fromLatin1(realSAN, sizeof realSAN - 1));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void tst_QSslCertificate::largeSerialNumber()
|
|
|
|
|
{
|
|
|
|
|
QList<QSslCertificate> certList =
|
2020-02-25 10:55:30 +00:00
|
|
|
QSslCertificate::fromPath(testDataDir + "more-certificates/cert-large-serial-number.pem", QSsl::Pem, QSslCertificate::PatternSyntax::FixedString);
|
2011-04-27 10:05:43 +00:00
|
|
|
|
|
|
|
|
QCOMPARE(certList.size(), 1);
|
|
|
|
|
|
|
|
|
|
const QSslCertificate &cert = certList.at(0);
|
|
|
|
|
QVERIFY(!cert.isNull());
|
|
|
|
|
QCOMPARE(cert.serialNumber(), QByteArray("01:02:03:04:05:06:07:08:09:10:aa:bb:cc:dd:ee:ff:17:18:19:20"));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void tst_QSslCertificate::largeExpirationDate() // QTBUG-12489
|
|
|
|
|
{
|
|
|
|
|
QList<QSslCertificate> certList =
|
2020-02-25 10:55:30 +00:00
|
|
|
QSslCertificate::fromPath(testDataDir + "more-certificates/cert-large-expiration-date.pem", QSsl::Pem, QSslCertificate::PatternSyntax::FixedString);
|
2011-04-27 10:05:43 +00:00
|
|
|
|
|
|
|
|
QCOMPARE(certList.size(), 1);
|
|
|
|
|
|
|
|
|
|
const QSslCertificate &cert = certList.at(0);
|
|
|
|
|
QVERIFY(!cert.isNull());
|
|
|
|
|
QCOMPARE(cert.effectiveDate().toUTC(), QDateTime(QDate(2010, 8, 4), QTime(9, 53, 41), Qt::UTC));
|
|
|
|
|
// if the date is larger than 2049, then the generalized time format is used
|
|
|
|
|
QCOMPARE(cert.expiryDate().toUTC(), QDateTime(QDate(2051, 8, 29), QTime(9, 53, 41), Qt::UTC));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void tst_QSslCertificate::blacklistedCertificates()
|
|
|
|
|
{
|
2020-02-25 10:55:30 +00:00
|
|
|
QList<QSslCertificate> blacklistedCerts = QSslCertificate::fromPath(testDataDir + "more-certificates/blacklisted*.pem", QSsl::Pem, QSslCertificate::PatternSyntax::Wildcard);
|
2017-12-27 14:39:10 +00:00
|
|
|
QVERIFY(blacklistedCerts.count() > 0);
|
2011-04-27 10:05:43 +00:00
|
|
|
for (int a = 0; a < blacklistedCerts.count(); a++) {
|
2011-11-11 23:08:42 +00:00
|
|
|
QVERIFY(blacklistedCerts.at(a).isBlacklisted());
|
2011-04-27 10:05:43 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2014-04-13 10:11:16 +00:00
|
|
|
void tst_QSslCertificate::selfsignedCertificates()
|
|
|
|
|
{
|
2020-02-25 10:55:30 +00:00
|
|
|
QVERIFY(QSslCertificate::fromPath(testDataDir + "certificates/cert-ss.pem", QSsl::Pem, QSslCertificate::PatternSyntax::FixedString).first().isSelfSigned());
|
|
|
|
|
QVERIFY(!QSslCertificate::fromPath(testDataDir + "certificates/cert.pem", QSsl::Pem, QSslCertificate::PatternSyntax::FixedString).first().isSelfSigned());
|
2014-04-13 10:11:16 +00:00
|
|
|
QVERIFY(!QSslCertificate().isSelfSigned());
|
|
|
|
|
}
|
|
|
|
|
|
2011-06-20 16:11:34 +00:00
|
|
|
void tst_QSslCertificate::toText()
|
|
|
|
|
{
|
2021-05-13 05:32:10 +00:00
|
|
|
if (isNonOpenSslTls)
|
|
|
|
|
QSKIP("QSslCertificate::toText is not implemented on platforms which do not use openssl");
|
|
|
|
|
|
2011-06-20 16:11:34 +00:00
|
|
|
QList<QSslCertificate> certList =
|
2020-02-25 10:55:30 +00:00
|
|
|
QSslCertificate::fromPath(testDataDir + "more-certificates/cert-large-expiration-date.pem", QSsl::Pem, QSslCertificate::PatternSyntax::FixedString);
|
2011-06-20 16:11:34 +00:00
|
|
|
|
|
|
|
|
QCOMPARE(certList.size(), 1);
|
|
|
|
|
const QSslCertificate &cert = certList.at(0);
|
|
|
|
|
|
2012-10-30 13:28:17 +00:00
|
|
|
// Openssl's cert dump method changed slightly between 0.9.8, 1.0.0 and 1.01 versions, so we want it to match any output
|
2011-06-21 12:09:09 +00:00
|
|
|
|
2018-01-05 12:58:51 +00:00
|
|
|
QFile f098(testDataDir + "more-certificates/cert-large-expiration-date.txt.0.9.8");
|
2012-10-30 13:28:17 +00:00
|
|
|
QVERIFY(f098.open(QIODevice::ReadOnly | QFile::Text));
|
|
|
|
|
QByteArray txt098 = f098.readAll();
|
2011-06-21 12:09:09 +00:00
|
|
|
|
2018-01-05 12:58:51 +00:00
|
|
|
QFile f100(testDataDir + "more-certificates/cert-large-expiration-date.txt.1.0.0");
|
2012-10-30 13:28:17 +00:00
|
|
|
QVERIFY(f100.open(QIODevice::ReadOnly | QFile::Text));
|
|
|
|
|
QByteArray txt100 = f100.readAll();
|
|
|
|
|
|
2018-01-05 12:58:51 +00:00
|
|
|
QFile f101(testDataDir + "more-certificates/cert-large-expiration-date.txt.1.0.1");
|
2012-10-30 13:28:17 +00:00
|
|
|
QVERIFY(f101.open(QIODevice::ReadOnly | QFile::Text));
|
|
|
|
|
QByteArray txt101 = f101.readAll();
|
|
|
|
|
|
2018-01-05 12:58:51 +00:00
|
|
|
QFile f101c(testDataDir + "more-certificates/cert-large-expiration-date.txt.1.0.1c");
|
2013-02-08 08:09:09 +00:00
|
|
|
QVERIFY(f101c.open(QIODevice::ReadOnly | QFile::Text));
|
|
|
|
|
QByteArray txt101c = f101c.readAll();
|
|
|
|
|
|
2018-05-02 13:44:40 +00:00
|
|
|
QFile f111(testDataDir + "more-certificates/cert-large-expiration-date.txt.1.1.1");
|
|
|
|
|
QVERIFY(f111.open(QIODevice::ReadOnly | QFile::Text));
|
|
|
|
|
QByteArray txt111 = f111.readAll();
|
|
|
|
|
|
2012-10-30 13:28:17 +00:00
|
|
|
QString txtcert = cert.toText();
|
|
|
|
|
|
|
|
|
|
QVERIFY(QString::fromLatin1(txt098) == txtcert ||
|
|
|
|
|
QString::fromLatin1(txt100) == txtcert ||
|
2013-02-08 08:09:09 +00:00
|
|
|
QString::fromLatin1(txt101) == txtcert ||
|
2018-05-02 13:44:40 +00:00
|
|
|
QString::fromLatin1(txt101c) == txtcert ||
|
|
|
|
|
QString::fromLatin1(txt111) == txtcert );
|
2011-06-20 16:11:34 +00:00
|
|
|
}
|
|
|
|
|
|
2011-06-24 20:40:52 +00:00
|
|
|
void tst_QSslCertificate::multipleCommonNames()
|
|
|
|
|
{
|
|
|
|
|
QList<QSslCertificate> certList =
|
2020-02-25 10:55:30 +00:00
|
|
|
QSslCertificate::fromPath(testDataDir + "more-certificates/test-cn-two-cns-cert.pem", QSsl::Pem, QSslCertificate::PatternSyntax::FixedString);
|
2017-12-27 14:39:10 +00:00
|
|
|
QVERIFY(certList.count() > 0);
|
2011-06-24 20:40:52 +00:00
|
|
|
|
|
|
|
|
QStringList commonNames = certList[0].subjectInfo(QSslCertificate::CommonName);
|
|
|
|
|
QVERIFY(commonNames.contains(QString("www.example.com")));
|
|
|
|
|
QVERIFY(commonNames.contains(QString("www2.example.com")));
|
|
|
|
|
}
|
|
|
|
|
|
2011-07-11 14:39:14 +00:00
|
|
|
void tst_QSslCertificate::subjectAndIssuerAttributes()
|
2011-07-11 14:15:14 +00:00
|
|
|
{
|
|
|
|
|
QList<QSslCertificate> certList =
|
2020-02-25 10:55:30 +00:00
|
|
|
QSslCertificate::fromPath(testDataDir + "more-certificates/test-cn-with-drink-cert.pem", QSsl::Pem, QSslCertificate::PatternSyntax::FixedString);
|
2017-12-27 14:39:10 +00:00
|
|
|
QVERIFY(certList.count() > 0);
|
2011-07-11 14:15:14 +00:00
|
|
|
|
2011-07-11 14:39:14 +00:00
|
|
|
QList<QByteArray> attributes = certList[0].subjectInfoAttributes();
|
|
|
|
|
QVERIFY(attributes.contains(QByteArray("favouriteDrink")));
|
|
|
|
|
attributes.clear();
|
2011-07-11 14:15:14 +00:00
|
|
|
|
2020-02-25 10:55:30 +00:00
|
|
|
certList = QSslCertificate::fromPath(testDataDir + "more-certificates/natwest-banking.pem", QSsl::Pem, QSslCertificate::PatternSyntax::FixedString);
|
2017-12-27 14:39:10 +00:00
|
|
|
QVERIFY(certList.count() > 0);
|
2011-07-11 14:15:14 +00:00
|
|
|
|
2019-11-28 12:14:03 +00:00
|
|
|
QByteArray shortName("1.3.6.1.4.1.311.60.2.1.3");
|
|
|
|
|
#if !defined(QT_NO_OPENSSL) && defined(SN_jurisdictionCountryName)
|
2021-05-13 05:32:10 +00:00
|
|
|
if (!isNonOpenSslTls)
|
|
|
|
|
shortName = SN_jurisdictionCountryName;
|
2019-11-28 12:14:03 +00:00
|
|
|
#endif
|
2011-07-11 14:39:14 +00:00
|
|
|
attributes = certList[0].subjectInfoAttributes();
|
2019-11-28 12:14:03 +00:00
|
|
|
QVERIFY(attributes.contains(shortName));
|
2011-07-11 14:15:14 +00:00
|
|
|
}
|
|
|
|
|
|
2011-06-18 14:53:53 +00:00
|
|
|
void tst_QSslCertificate::verify()
|
|
|
|
|
{
|
Move plugin code from QtNetwork to qtbase/plugins
All TLS (and non-TLS) backends that QSsl classes rely
on are now in plugins/tls (as openssl, securetransport,
schannel and certonly plugins).
For now, I have to disable some tests that were using OpenSSL
calls - this to be refactored/re-thought. These include:
qsslsocket auto-test (test-case where we work with private keys),
qsslkey auto-test (similar to qsslsocket - test-case working with
keys using OpenSSL calls).
qasn1element moved to plugins too, so its auto-test have to
be re-thought.
Since now we can have more than one working TLS-backend on a given
platform, the presence of OpenSSL also means I force this backend
as active before running tests, to make sure features implemented
only in OpenSSL-backend are tested.
OCSP auto test is disabled for now, since it heavily relies on
OpenSSL symbols (to be refactored).
[ChangeLog][QtNetwork][QSslSocket] QSslSocket by default prefers 'openssl' backend
if it is available.
[ChangeLog][QtNetwork][QSslSocket] TLS-backends are not mutually exclusive anymore,
depending on a platform, more than one TLS backend can be built. E.g., configuring
Qt with -openssl does not prevent SecureTransport or Schannel plugin from being
built.
Fixes: QTBUG-91928
Change-Id: I4c05e32f10179066bee3a518bdfdd6c4b15320c3
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
2021-03-25 11:41:08 +00:00
|
|
|
if (isNonOpenSslTls)
|
|
|
|
|
QSKIP("Not implemented in SecureTransport or Schannel");
|
|
|
|
|
|
2011-06-18 14:53:53 +00:00
|
|
|
QList<QSslError> errors;
|
|
|
|
|
QList<QSslCertificate> toVerify;
|
|
|
|
|
|
2011-08-02 07:06:34 +00:00
|
|
|
// Like QVERIFY, but be verbose about the content of `errors' when failing
|
|
|
|
|
#define VERIFY_VERBOSE(A) \
|
|
|
|
|
QVERIFY2((A), \
|
|
|
|
|
qPrintable(QString("errors: %1").arg(toString(errors))) \
|
|
|
|
|
)
|
|
|
|
|
|
2011-06-18 14:53:53 +00:00
|
|
|
// Empty chain is unspecified error
|
|
|
|
|
errors = QSslCertificate::verify(toVerify);
|
2011-08-02 07:06:34 +00:00
|
|
|
VERIFY_VERBOSE(errors.count() == 1);
|
|
|
|
|
VERIFY_VERBOSE(errors[0] == QSslError(QSslError::UnspecifiedError));
|
2011-06-18 14:53:53 +00:00
|
|
|
errors.clear();
|
|
|
|
|
|
|
|
|
|
// Verify a valid cert signed by a CA
|
2020-02-25 10:55:30 +00:00
|
|
|
QList<QSslCertificate> caCerts = QSslCertificate::fromPath(testDataDir + "verify-certs/cacert.pem", QSsl::Pem, QSslCertificate::PatternSyntax::FixedString);
|
2020-06-15 14:23:28 +00:00
|
|
|
// For the purpose of this test only, add (and then remove) the
|
|
|
|
|
// specific CA certificate.
|
|
|
|
|
const auto defaultConfig = QSslConfiguration::defaultConfiguration();
|
|
|
|
|
auto temporaryDefault = defaultConfig;
|
|
|
|
|
temporaryDefault.addCaCertificate(caCerts.first());
|
|
|
|
|
QSslConfiguration::setDefaultConfiguration(temporaryDefault);
|
|
|
|
|
const auto confGuard = qScopeGuard([&defaultConfig](){
|
|
|
|
|
QSslConfiguration::setDefaultConfiguration(defaultConfig);
|
|
|
|
|
});
|
2011-06-18 14:53:53 +00:00
|
|
|
|
2020-02-25 10:55:30 +00:00
|
|
|
toVerify = QSslCertificate::fromPath(testDataDir + "verify-certs/test-ocsp-good-cert.pem", QSsl::Pem, QSslCertificate::PatternSyntax::FixedString);
|
2011-06-18 14:53:53 +00:00
|
|
|
|
|
|
|
|
errors = QSslCertificate::verify(toVerify);
|
2011-08-02 07:06:34 +00:00
|
|
|
VERIFY_VERBOSE(errors.count() == 0);
|
2011-06-18 14:53:53 +00:00
|
|
|
errors.clear();
|
|
|
|
|
|
|
|
|
|
// Test a blacklisted certificate
|
2020-02-25 10:55:30 +00:00
|
|
|
toVerify = QSslCertificate::fromPath(testDataDir + "verify-certs/test-addons-mozilla-org-cert.pem", QSsl::Pem, QSslCertificate::PatternSyntax::FixedString);
|
2011-06-18 14:53:53 +00:00
|
|
|
errors = QSslCertificate::verify(toVerify);
|
|
|
|
|
bool foundBlack = false;
|
|
|
|
|
foreach (const QSslError &error, errors) {
|
|
|
|
|
if (error.error() == QSslError::CertificateBlacklisted) {
|
|
|
|
|
foundBlack = true;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
QVERIFY(foundBlack);
|
|
|
|
|
errors.clear();
|
|
|
|
|
|
|
|
|
|
// This one is expired and untrusted
|
2020-02-25 10:55:30 +00:00
|
|
|
toVerify = QSslCertificate::fromPath(testDataDir + "more-certificates/cert-large-serial-number.pem", QSsl::Pem, QSslCertificate::PatternSyntax::FixedString);
|
2011-06-18 14:53:53 +00:00
|
|
|
errors = QSslCertificate::verify(toVerify);
|
2011-08-02 07:06:34 +00:00
|
|
|
VERIFY_VERBOSE(errors.contains(QSslError(QSslError::SelfSignedCertificate, toVerify[0])));
|
|
|
|
|
VERIFY_VERBOSE(errors.contains(QSslError(QSslError::CertificateExpired, toVerify[0])));
|
2011-06-18 14:53:53 +00:00
|
|
|
errors.clear();
|
|
|
|
|
toVerify.clear();
|
|
|
|
|
|
|
|
|
|
// This one is signed by a valid cert, but the signer is not a valid CA
|
2020-02-25 10:55:30 +00:00
|
|
|
toVerify << QSslCertificate::fromPath(testDataDir + "verify-certs/test-intermediate-not-ca-cert.pem", QSsl::Pem, QSslCertificate::PatternSyntax::FixedString).first();
|
|
|
|
|
toVerify << QSslCertificate::fromPath(testDataDir + "verify-certs/test-ocsp-good-cert.pem", QSsl::Pem, QSslCertificate::PatternSyntax::FixedString).first();
|
2011-06-18 14:53:53 +00:00
|
|
|
errors = QSslCertificate::verify(toVerify);
|
2011-08-02 07:06:34 +00:00
|
|
|
VERIFY_VERBOSE(errors.contains(QSslError(QSslError::InvalidCaCertificate, toVerify[1])));
|
2011-06-18 14:53:53 +00:00
|
|
|
toVerify.clear();
|
|
|
|
|
|
|
|
|
|
// This one is signed by a valid cert, and the signer is a valid CA
|
2020-02-25 10:55:30 +00:00
|
|
|
toVerify << QSslCertificate::fromPath(testDataDir + "verify-certs/test-intermediate-is-ca-cert.pem", QSsl::Pem, QSslCertificate::PatternSyntax::FixedString).first();
|
|
|
|
|
toVerify << QSslCertificate::fromPath(testDataDir + "verify-certs/test-intermediate-ca-cert.pem", QSsl::Pem, QSslCertificate::PatternSyntax::FixedString).first();
|
2011-06-18 14:53:53 +00:00
|
|
|
errors = QSslCertificate::verify(toVerify);
|
2011-08-02 07:06:34 +00:00
|
|
|
VERIFY_VERBOSE(errors.count() == 0);
|
2011-06-18 14:53:53 +00:00
|
|
|
|
|
|
|
|
// Recheck the above with hostname validation
|
|
|
|
|
errors = QSslCertificate::verify(toVerify, QLatin1String("example.com"));
|
2011-08-02 07:06:34 +00:00
|
|
|
VERIFY_VERBOSE(errors.count() == 0);
|
2011-06-18 14:53:53 +00:00
|
|
|
|
|
|
|
|
// Recheck the above with a bad hostname
|
|
|
|
|
errors = QSslCertificate::verify(toVerify, QLatin1String("fail.example.com"));
|
2011-08-02 07:06:34 +00:00
|
|
|
VERIFY_VERBOSE(errors.contains(QSslError(QSslError::HostNameMismatch, toVerify[0])));
|
2011-06-18 14:53:53 +00:00
|
|
|
toVerify.clear();
|
2011-08-02 07:06:34 +00:00
|
|
|
|
|
|
|
|
#undef VERIFY_VERBOSE
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
QString tst_QSslCertificate::toString(const QList<QSslError>& errors)
|
|
|
|
|
{
|
|
|
|
|
QStringList errorStrings;
|
|
|
|
|
|
|
|
|
|
foreach (const QSslError& error, errors) {
|
2015-10-13 07:46:56 +00:00
|
|
|
errorStrings.append(QLatin1Char('"') + error.errorString() + QLatin1Char('"'));
|
2011-08-02 07:06:34 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return QLatin1String("[ ") + errorStrings.join(QLatin1String(", ")) + QLatin1String(" ]");
|
2011-06-18 14:53:53 +00:00
|
|
|
}
|
|
|
|
|
|
2011-11-02 14:25:03 +00:00
|
|
|
void tst_QSslCertificate::extensions()
|
|
|
|
|
{
|
|
|
|
|
QList<QSslCertificate> certList =
|
2020-02-25 10:55:30 +00:00
|
|
|
QSslCertificate::fromPath(testDataDir + "more-certificates/natwest-banking.pem", QSsl::Pem, QSslCertificate::PatternSyntax::FixedString);
|
2017-12-27 14:39:10 +00:00
|
|
|
QVERIFY(certList.count() > 0);
|
2011-11-02 14:25:03 +00:00
|
|
|
|
|
|
|
|
QSslCertificate cert = certList[0];
|
|
|
|
|
QList<QSslCertificateExtension> extensions = cert.extensions();
|
2015-07-24 13:47:02 +00:00
|
|
|
QCOMPARE(extensions.count(), 9);
|
2011-11-02 14:25:03 +00:00
|
|
|
|
|
|
|
|
int unknown_idx = -1;
|
|
|
|
|
int authority_info_idx = -1;
|
|
|
|
|
int basic_constraints_idx = -1;
|
|
|
|
|
int subject_key_idx = -1;
|
|
|
|
|
int auth_key_idx = -1;
|
|
|
|
|
|
|
|
|
|
for (int i=0; i < extensions.length(); ++i) {
|
|
|
|
|
QSslCertificateExtension ext = extensions[i];
|
|
|
|
|
|
|
|
|
|
//qDebug() << i << ":" << ext.name() << ext.oid();
|
|
|
|
|
if (ext.oid() == QStringLiteral("1.3.6.1.5.5.7.1.12"))
|
|
|
|
|
unknown_idx = i;
|
|
|
|
|
if (ext.name() == QStringLiteral("authorityInfoAccess"))
|
|
|
|
|
authority_info_idx = i;
|
|
|
|
|
if (ext.name() == QStringLiteral("basicConstraints"))
|
|
|
|
|
basic_constraints_idx = i;
|
|
|
|
|
if (ext.name() == QStringLiteral("subjectKeyIdentifier"))
|
|
|
|
|
subject_key_idx = i;
|
|
|
|
|
if (ext.name() == QStringLiteral("authorityKeyIdentifier"))
|
|
|
|
|
auth_key_idx = i;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
QVERIFY(unknown_idx != -1);
|
|
|
|
|
QVERIFY(authority_info_idx != -1);
|
|
|
|
|
QVERIFY(basic_constraints_idx != -1);
|
|
|
|
|
QVERIFY(subject_key_idx != -1);
|
|
|
|
|
QVERIFY(auth_key_idx != -1);
|
|
|
|
|
|
|
|
|
|
// Unknown
|
|
|
|
|
QSslCertificateExtension unknown = extensions[unknown_idx];
|
2015-07-24 13:47:02 +00:00
|
|
|
QCOMPARE(unknown.oid(), QStringLiteral("1.3.6.1.5.5.7.1.12"));
|
|
|
|
|
QCOMPARE(unknown.name(), QStringLiteral("1.3.6.1.5.5.7.1.12"));
|
2014-09-03 12:53:14 +00:00
|
|
|
QVERIFY(!unknown.isCritical());
|
|
|
|
|
QVERIFY(!unknown.isSupported());
|
2011-11-02 14:25:03 +00:00
|
|
|
|
|
|
|
|
QByteArray unknownValue = QByteArray::fromHex(
|
|
|
|
|
"3060A15EA05C305A305830561609696D6167652F6769663021301F300706052B0E03021A0414" \
|
|
|
|
|
"4B6BB92896060CBBD052389B29AC4B078B21051830261624687474703A2F2F6C6F676F2E7665" \
|
|
|
|
|
"72697369676E2E636F6D2F76736C6F676F312E676966");
|
|
|
|
|
QCOMPARE(unknown.value().toByteArray(), unknownValue);
|
|
|
|
|
|
|
|
|
|
// Authority Info Access
|
|
|
|
|
QSslCertificateExtension aia = extensions[authority_info_idx];
|
2015-07-24 13:47:02 +00:00
|
|
|
QCOMPARE(aia.oid(), QStringLiteral("1.3.6.1.5.5.7.1.1"));
|
|
|
|
|
QCOMPARE(aia.name(), QStringLiteral("authorityInfoAccess"));
|
2014-09-03 12:53:14 +00:00
|
|
|
QVERIFY(!aia.isCritical());
|
|
|
|
|
QVERIFY(aia.isSupported());
|
2011-11-02 14:25:03 +00:00
|
|
|
|
|
|
|
|
QVariantMap aiaValue = aia.value().toMap();
|
2014-09-03 12:53:14 +00:00
|
|
|
QCOMPARE(aiaValue.keys(), QList<QString>() << QStringLiteral("OCSP") << QStringLiteral("caIssuers"));
|
2011-11-02 14:25:03 +00:00
|
|
|
QString ocsp = aiaValue[QStringLiteral("OCSP")].toString();
|
|
|
|
|
QString caIssuers = aiaValue[QStringLiteral("caIssuers")].toString();
|
|
|
|
|
|
2015-07-24 13:47:02 +00:00
|
|
|
QCOMPARE(ocsp, QStringLiteral("http://EVIntl-ocsp.verisign.com"));
|
|
|
|
|
QCOMPARE(caIssuers, QStringLiteral("http://EVIntl-aia.verisign.com/EVIntl2006.cer"));
|
2011-11-02 14:25:03 +00:00
|
|
|
|
|
|
|
|
// Basic constraints
|
|
|
|
|
QSslCertificateExtension basic = extensions[basic_constraints_idx];
|
2015-07-24 13:47:02 +00:00
|
|
|
QCOMPARE(basic.oid(), QStringLiteral("2.5.29.19"));
|
|
|
|
|
QCOMPARE(basic.name(), QStringLiteral("basicConstraints"));
|
2014-09-03 12:53:14 +00:00
|
|
|
QVERIFY(!basic.isCritical());
|
|
|
|
|
QVERIFY(basic.isSupported());
|
2011-11-02 14:25:03 +00:00
|
|
|
|
|
|
|
|
QVariantMap basicValue = basic.value().toMap();
|
2014-09-03 12:53:14 +00:00
|
|
|
QCOMPARE(basicValue.keys(), QList<QString>() << QStringLiteral("ca"));
|
2015-07-23 11:26:28 +00:00
|
|
|
QVERIFY(!basicValue[QStringLiteral("ca")].toBool());
|
2011-11-02 14:25:03 +00:00
|
|
|
|
|
|
|
|
// Subject key identifier
|
|
|
|
|
QSslCertificateExtension subjectKey = extensions[subject_key_idx];
|
2015-07-24 13:47:02 +00:00
|
|
|
QCOMPARE(subjectKey.oid(), QStringLiteral("2.5.29.14"));
|
|
|
|
|
QCOMPARE(subjectKey.name(), QStringLiteral("subjectKeyIdentifier"));
|
2014-09-03 12:53:14 +00:00
|
|
|
QVERIFY(!subjectKey.isCritical());
|
|
|
|
|
QVERIFY(subjectKey.isSupported());
|
2015-07-24 13:47:02 +00:00
|
|
|
QCOMPARE(subjectKey.value().toString(), QStringLiteral("5F:90:23:CD:24:CA:52:C9:36:29:F0:7E:9D:B1:FE:08:E0:EE:69:F0"));
|
2011-11-02 14:25:03 +00:00
|
|
|
|
|
|
|
|
// Authority key identifier
|
|
|
|
|
QSslCertificateExtension authKey = extensions[auth_key_idx];
|
2015-07-24 13:47:02 +00:00
|
|
|
QCOMPARE(authKey.oid(), QStringLiteral("2.5.29.35"));
|
|
|
|
|
QCOMPARE(authKey.name(), QStringLiteral("authorityKeyIdentifier"));
|
2014-09-03 12:53:14 +00:00
|
|
|
QVERIFY(!authKey.isCritical());
|
|
|
|
|
QVERIFY(authKey.isSupported());
|
2011-11-02 14:25:03 +00:00
|
|
|
|
|
|
|
|
QVariantMap authValue = authKey.value().toMap();
|
2014-09-03 12:53:14 +00:00
|
|
|
QCOMPARE(authValue.keys(), QList<QString>() << QStringLiteral("keyid"));
|
2011-11-02 14:25:03 +00:00
|
|
|
QVERIFY(authValue[QStringLiteral("keyid")].toByteArray() ==
|
|
|
|
|
QByteArray("4e43c81d76ef37537a4ff2586f94f338e2d5bddf"));
|
2014-09-03 13:38:47 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void tst_QSslCertificate::extensionsCritical()
|
|
|
|
|
{
|
|
|
|
|
QList<QSslCertificate> certList =
|
2020-02-25 10:55:30 +00:00
|
|
|
QSslCertificate::fromPath(testDataDir + "verify-certs/test-addons-mozilla-org-cert.pem", QSsl::Pem, QSslCertificate::PatternSyntax::FixedString);
|
2017-12-27 14:39:10 +00:00
|
|
|
QVERIFY(certList.count() > 0);
|
2014-09-03 13:38:47 +00:00
|
|
|
|
|
|
|
|
QSslCertificate cert = certList[0];
|
|
|
|
|
QList<QSslCertificateExtension> extensions = cert.extensions();
|
2015-07-24 13:47:02 +00:00
|
|
|
QCOMPARE(extensions.count(), 9);
|
2014-09-03 13:38:47 +00:00
|
|
|
|
|
|
|
|
int basic_constraints_idx = -1;
|
|
|
|
|
int key_usage_idx = -1;
|
|
|
|
|
|
|
|
|
|
for (int i=0; i < extensions.length(); ++i) {
|
|
|
|
|
QSslCertificateExtension ext = extensions[i];
|
|
|
|
|
|
|
|
|
|
if (ext.name() == QStringLiteral("basicConstraints"))
|
|
|
|
|
basic_constraints_idx = i;
|
|
|
|
|
if (ext.name() == QStringLiteral("keyUsage"))
|
|
|
|
|
key_usage_idx = i;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
QVERIFY(basic_constraints_idx != -1);
|
|
|
|
|
QVERIFY(key_usage_idx != -1);
|
|
|
|
|
|
|
|
|
|
// Basic constraints
|
|
|
|
|
QSslCertificateExtension basic = extensions[basic_constraints_idx];
|
2015-07-24 13:47:02 +00:00
|
|
|
QCOMPARE(basic.oid(), QStringLiteral("2.5.29.19"));
|
|
|
|
|
QCOMPARE(basic.name(), QStringLiteral("basicConstraints"));
|
2014-09-03 13:38:47 +00:00
|
|
|
QVERIFY(basic.isCritical());
|
|
|
|
|
QVERIFY(basic.isSupported());
|
|
|
|
|
|
|
|
|
|
QVariantMap basicValue = basic.value().toMap();
|
|
|
|
|
QCOMPARE(basicValue.keys(), QList<QString>() << QStringLiteral("ca"));
|
2015-07-23 11:26:28 +00:00
|
|
|
QVERIFY(!basicValue[QStringLiteral("ca")].toBool());
|
2011-11-02 14:25:03 +00:00
|
|
|
|
2014-09-03 13:38:47 +00:00
|
|
|
// Key Usage
|
|
|
|
|
QSslCertificateExtension keyUsage = extensions[key_usage_idx];
|
2015-07-24 13:47:02 +00:00
|
|
|
QCOMPARE(keyUsage.oid(), QStringLiteral("2.5.29.15"));
|
|
|
|
|
QCOMPARE(keyUsage.name(), QStringLiteral("keyUsage"));
|
2014-09-03 13:38:47 +00:00
|
|
|
QVERIFY(keyUsage.isCritical());
|
|
|
|
|
QVERIFY(!keyUsage.isSupported());
|
2011-11-02 14:25:03 +00:00
|
|
|
}
|
|
|
|
|
|
2012-02-29 15:53:24 +00:00
|
|
|
class TestThread : public QThread
|
|
|
|
|
{
|
|
|
|
|
public:
|
2020-09-10 18:39:49 +00:00
|
|
|
void run() override
|
2012-02-29 15:53:24 +00:00
|
|
|
{
|
|
|
|
|
effectiveDate = cert.effectiveDate();
|
|
|
|
|
expiryDate = cert.expiryDate();
|
|
|
|
|
extensions = cert.extensions();
|
|
|
|
|
isBlacklisted = cert.isBlacklisted();
|
|
|
|
|
issuerInfo = cert.issuerInfo(QSslCertificate::CommonName);
|
|
|
|
|
issuerInfoAttributes = cert.issuerInfoAttributes();
|
|
|
|
|
publicKey = cert.publicKey();
|
|
|
|
|
serialNumber = cert.serialNumber();
|
|
|
|
|
subjectInfo = cert.subjectInfo(QSslCertificate::CommonName);
|
|
|
|
|
subjectInfoAttributes = cert.subjectInfoAttributes();
|
|
|
|
|
toDer = cert.toDer();
|
|
|
|
|
toPem = cert.toPem();
|
|
|
|
|
toText = cert.toText();
|
|
|
|
|
version = cert.version();
|
|
|
|
|
}
|
|
|
|
|
QSslCertificate cert;
|
|
|
|
|
QDateTime effectiveDate;
|
|
|
|
|
QDateTime expiryDate;
|
|
|
|
|
QList<QSslCertificateExtension> extensions;
|
|
|
|
|
bool isBlacklisted;
|
|
|
|
|
QStringList issuerInfo;
|
|
|
|
|
QList<QByteArray> issuerInfoAttributes;
|
|
|
|
|
QSslKey publicKey;
|
|
|
|
|
QByteArray serialNumber;
|
|
|
|
|
QStringList subjectInfo;
|
|
|
|
|
QList<QByteArray> subjectInfoAttributes;
|
|
|
|
|
QByteArray toDer;
|
|
|
|
|
QByteArray toPem;
|
2012-05-20 12:31:55 +00:00
|
|
|
QString toText;
|
2012-02-29 15:53:24 +00:00
|
|
|
QByteArray version;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
void tst_QSslCertificate::threadSafeConstMethods()
|
|
|
|
|
{
|
|
|
|
|
if (!QSslSocket::supportsSsl())
|
|
|
|
|
return;
|
|
|
|
|
|
2018-01-05 12:58:51 +00:00
|
|
|
QByteArray encoded = readFile(testDataDir + "certificates/cert.pem");
|
2012-02-29 15:53:24 +00:00
|
|
|
QSslCertificate certificate(encoded);
|
|
|
|
|
QVERIFY(!certificate.isNull());
|
|
|
|
|
|
|
|
|
|
TestThread t1;
|
|
|
|
|
t1.cert = certificate; //shallow copy
|
|
|
|
|
TestThread t2;
|
|
|
|
|
t2.cert = certificate; //shallow copy
|
|
|
|
|
t1.start();
|
|
|
|
|
t2.start();
|
|
|
|
|
QVERIFY(t1.wait(5000));
|
|
|
|
|
QVERIFY(t2.wait(5000));
|
2015-07-24 13:47:02 +00:00
|
|
|
QCOMPARE(t1.cert, t2.cert);
|
|
|
|
|
QCOMPARE(t1.effectiveDate, t2.effectiveDate);
|
|
|
|
|
QCOMPARE(t1.expiryDate, t2.expiryDate);
|
2012-02-29 15:53:24 +00:00
|
|
|
//QVERIFY(t1.extensions == t2.extensions); // no equality operator, so not tested
|
2015-07-24 13:47:02 +00:00
|
|
|
QCOMPARE(t1.isBlacklisted, t2.isBlacklisted);
|
|
|
|
|
QCOMPARE(t1.issuerInfo, t2.issuerInfo);
|
|
|
|
|
QCOMPARE(t1.issuerInfoAttributes, t2.issuerInfoAttributes);
|
|
|
|
|
QCOMPARE(t1.publicKey, t2.publicKey);
|
|
|
|
|
QCOMPARE(t1.serialNumber, t2.serialNumber);
|
|
|
|
|
QCOMPARE(t1.subjectInfo, t2.subjectInfo);
|
|
|
|
|
QCOMPARE(t1.subjectInfoAttributes, t2.subjectInfoAttributes);
|
|
|
|
|
QCOMPARE(t1.toDer, t2.toDer);
|
|
|
|
|
QCOMPARE(t1.toPem, t2.toPem);
|
|
|
|
|
QCOMPARE(t1.toText, t2.toText);
|
|
|
|
|
QCOMPARE(t1.version, t2.version);
|
2012-02-29 15:53:24 +00:00
|
|
|
|
|
|
|
|
}
|
2011-11-02 14:25:03 +00:00
|
|
|
|
2014-05-05 15:32:10 +00:00
|
|
|
void tst_QSslCertificate::version_data()
|
|
|
|
|
{
|
|
|
|
|
QTest::addColumn<QSslCertificate>("certificate");
|
|
|
|
|
QTest::addColumn<QByteArray>("result");
|
|
|
|
|
|
|
|
|
|
QTest::newRow("null certificate") << QSslCertificate() << QByteArray();
|
|
|
|
|
|
|
|
|
|
QList<QSslCertificate> certs;
|
2020-02-25 10:55:30 +00:00
|
|
|
certs << QSslCertificate::fromPath(testDataDir + "verify-certs/test-ocsp-good-cert.pem", QSsl::Pem, QSslCertificate::PatternSyntax::FixedString);
|
2014-05-05 15:32:10 +00:00
|
|
|
|
|
|
|
|
QTest::newRow("v3 certificate") << certs.first() << QByteArrayLiteral("3");
|
|
|
|
|
|
|
|
|
|
certs.clear();
|
2020-02-25 10:55:30 +00:00
|
|
|
certs << QSslCertificate::fromPath(testDataDir + "certificates/cert.pem", QSsl::Pem, QSslCertificate::PatternSyntax::FixedString);
|
2014-05-05 15:32:10 +00:00
|
|
|
QTest::newRow("v1 certificate") << certs.first() << QByteArrayLiteral("1");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void tst_QSslCertificate::version()
|
|
|
|
|
{
|
|
|
|
|
if (!QSslSocket::supportsSsl())
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
QFETCH(QSslCertificate, certificate);
|
|
|
|
|
QFETCH(QByteArray, result);
|
|
|
|
|
QCOMPARE(certificate.version(), result);
|
|
|
|
|
}
|
|
|
|
|
|
2014-05-12 20:16:20 +00:00
|
|
|
void tst_QSslCertificate::pkcs12()
|
|
|
|
|
{
|
2017-08-07 10:49:59 +00:00
|
|
|
// See pkcs12/README for how to generate the PKCS12 files used here.
|
2014-05-12 20:16:20 +00:00
|
|
|
if (!QSslSocket::supportsSsl()) {
|
|
|
|
|
qWarning("SSL not supported, skipping test");
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2018-01-05 12:58:51 +00:00
|
|
|
QFile f(testDataDir + QLatin1String("pkcs12/leaf.p12"));
|
2014-05-12 20:16:20 +00:00
|
|
|
bool ok = f.open(QIODevice::ReadOnly);
|
|
|
|
|
QVERIFY(ok);
|
|
|
|
|
|
|
|
|
|
QSslKey key;
|
|
|
|
|
QSslCertificate cert;
|
|
|
|
|
QList<QSslCertificate> caCerts;
|
|
|
|
|
|
2021-05-13 05:32:10 +00:00
|
|
|
if (isNonOpenSslTls)
|
|
|
|
|
QEXPECT_FAIL("", "pkcs12 imports are only supported when openssl is used", Abort); // TODO?
|
|
|
|
|
|
2014-11-21 11:44:33 +00:00
|
|
|
ok = QSslCertificate::importPkcs12(&f, &key, &cert, &caCerts);
|
2014-05-12 20:16:20 +00:00
|
|
|
QVERIFY(ok);
|
|
|
|
|
f.close();
|
|
|
|
|
|
2020-02-25 10:55:30 +00:00
|
|
|
QList<QSslCertificate> leafCert = QSslCertificate::fromPath(testDataDir + QLatin1String("pkcs12/leaf.crt"), QSsl::Pem, QSslCertificate::PatternSyntax::FixedString);
|
2014-05-12 20:16:20 +00:00
|
|
|
QVERIFY(!leafCert.isEmpty());
|
|
|
|
|
|
|
|
|
|
QCOMPARE(cert, leafCert.first());
|
|
|
|
|
|
2018-01-05 12:58:51 +00:00
|
|
|
QFile f2(testDataDir + QLatin1String("pkcs12/leaf.key"));
|
2014-05-12 20:16:20 +00:00
|
|
|
ok = f2.open(QIODevice::ReadOnly);
|
|
|
|
|
QVERIFY(ok);
|
|
|
|
|
|
|
|
|
|
QSslKey leafKey(&f2, QSsl::Rsa);
|
|
|
|
|
f2.close();
|
|
|
|
|
|
|
|
|
|
QVERIFY(!leafKey.isNull());
|
|
|
|
|
QCOMPARE(key, leafKey);
|
|
|
|
|
|
2020-02-25 10:55:30 +00:00
|
|
|
QList<QSslCertificate> caCert = QSslCertificate::fromPath(testDataDir + QLatin1String("pkcs12/inter.crt"), QSsl::Pem, QSslCertificate::PatternSyntax::FixedString);
|
2014-05-12 20:16:20 +00:00
|
|
|
QVERIFY(!caCert.isEmpty());
|
|
|
|
|
|
|
|
|
|
QVERIFY(!caCerts.isEmpty());
|
|
|
|
|
QCOMPARE(caCerts.first(), caCert.first());
|
|
|
|
|
QCOMPARE(caCerts, caCert);
|
2017-08-07 10:49:59 +00:00
|
|
|
|
|
|
|
|
// QTBUG-62335 - Fail (found no private key) but don't crash:
|
2018-01-05 12:58:51 +00:00
|
|
|
QFile nocert(testDataDir + QLatin1String("pkcs12/leaf-nokey.p12"));
|
2017-08-07 10:49:59 +00:00
|
|
|
ok = nocert.open(QIODevice::ReadOnly);
|
|
|
|
|
QVERIFY(ok);
|
|
|
|
|
QTest::ignoreMessage(QtWarningMsg, "Unable to convert private key");
|
|
|
|
|
ok = QSslCertificate::importPkcs12(&nocert, &key, &cert, &caCerts);
|
|
|
|
|
QVERIFY(!ok);
|
|
|
|
|
nocert.close();
|
2014-05-12 20:16:20 +00:00
|
|
|
}
|
|
|
|
|
|
2020-06-10 16:41:36 +00:00
|
|
|
void tst_QSslCertificate::invalidDateTime_data()
|
|
|
|
|
{
|
|
|
|
|
QTest::addColumn<QString>("path");
|
|
|
|
|
QTest::addColumn<bool>("effectiveDateIsValid");
|
|
|
|
|
QTest::addColumn<bool>("expiryDateIsValid");
|
|
|
|
|
|
|
|
|
|
QTest::addRow("invalid-begin-end") << testDataDir + "more-certificates/malformed-begin-end-dates.pem"
|
|
|
|
|
<< false
|
|
|
|
|
<< false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void tst_QSslCertificate::invalidDateTime()
|
|
|
|
|
{
|
|
|
|
|
QFETCH(QString, path);
|
|
|
|
|
QFETCH(bool, effectiveDateIsValid);
|
|
|
|
|
QFETCH(bool, expiryDateIsValid);
|
|
|
|
|
|
|
|
|
|
QList<QSslCertificate> certList = QSslCertificate::fromPath(path);
|
|
|
|
|
|
|
|
|
|
// QTBUG-84676: on OpenSSL we get a valid certificate with null dates,
|
|
|
|
|
// on other backends we don't get a certificate at all.
|
|
|
|
|
switch (certList.size()) {
|
|
|
|
|
case 0:
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 1: {
|
|
|
|
|
const QSslCertificate &cert = certList.at(0);
|
|
|
|
|
QVERIFY(!cert.isNull());
|
|
|
|
|
QCOMPARE(cert.effectiveDate().isValid(), effectiveDateIsValid);
|
|
|
|
|
QCOMPARE(cert.expiryDate().isValid(), expiryDateIsValid);
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
default:
|
|
|
|
|
QFAIL("Only one certificate should have been loaded");
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-05-13 05:32:10 +00:00
|
|
|
#endif // QT_CONFIG(ssl)
|
2011-04-27 10:05:43 +00:00
|
|
|
|
|
|
|
|
QTEST_MAIN(tst_QSslCertificate)
|
|
|
|
|
#include "tst_qsslcertificate.moc"
|
