AuroraMiddleware/qt5base-lts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ssl: add test certificates with DSA and EC keys

Browse Source 
The QSslCertificate tests only covered certificates with RSA keys, this
extends the test coverage to DSA and EC keys.

Change-Id: Ibee26f449cf6c1d97cbac6b511972eb44d6f0bd2
Reviewed-by: Richard J. Moore <rich@kde.org>
This commit is contained in:
Jeremy Lainé 2015-07-29 14:22:12 +02:00
parent 0617834e0c
commit d113073203
12 changed files with 103 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
tests/auto/network/ssl/qsslcertificate/certificates/dsa-cert-ss.der.pubkey Normal file
View File

Binary file not shown.

16
tests/auto/network/ssl/qsslcertificate/certificates/dsa-cert-ss.pem Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN CERTIFICATE-----
MIICijCCAkgCCQC7PDslmXiXHzALBglghkgBZQMEAwIwKTEaMBgGA1UEAwwRbmFt
ZS93aXRoL3NsYXNoZXMxCzAJBgNVBAYTAk5PMB4XDTE1MDcyOTEyMTAyNloXDTE1
MDgyODEyMTAyNlowKTEaMBgGA1UEAwwRbmFtZS93aXRoL3NsYXNoZXMxCzAJBgNV
BAYTAk5PMIIBtjCCASsGByqGSM44BAEwggEeAoGBAMJjrSlWu595Nf9UAAeggH6k
US30P+pigB5WEgeToqTkpIwHO24GdEL+dGtFVWwT+r+rSuI+SZPMMSQWpVcgjeCq
oaPpn+9P5gCof1jmn4oegis4K8hJANnsDDdE1HRkeVDSzFlkmvk+FnVfB0wI0T8F
k7BV4wZDyvgTKko6t7YZAhUAoXZvBxhaUam1WnS18Yrk+1IT3u8CgYAx22xg8DQG
4HE2vGH0p3Ug2FziCtjpDaN1ryomPbroQSK7/x9dhuy/4b1H2KdJufawWTVPdBI5
TfXXvCcJEmQKKegarq3DFPGkpH+rp72GejEgmBMUU22+1NHga3VzSspLjAK2e/+r
+foHHzJnGQs6JrvMNaXK+UVJxXRp878CGgOBhAACgYAKoweyuHdke1ngEmgXMPrC
NBJiPPHPcEX9CSZasSka7gI6OWZDk6H80W1KRPxHMeKb4V06wa02IbZvWA5zeStC
OtmMCylk5Tzav8/UqYeDAqjddbSm7i423/pjmUh+eD/wLHvJxYanRm8nqBQLe1jL
2NmVkb1OpCyMK+sRF+K+sjALBglghkgBZQMEAwIDLwAwLAIUHVt2TWRAe/JSEHY1
x6+igQb3AFQCFHYwbrScyMUwuVkNft2ttDN1I7ak
-----END CERTIFICATE-----

1
tests/auto/network/ssl/qsslcertificate/certificates/dsa-cert-ss.pem.digest-md5 Normal file
View File

@ -0,0 +1 @@
MD5 Fingerprint=35:B0:60:B2:37:14:43:31:01:71:C0:D9:CE:AF:20:CB

1
tests/auto/network/ssl/qsslcertificate/certificates/dsa-cert-ss.pem.digest-sha1 Normal file
View File

@ -0,0 +1 @@
SHA1 Fingerprint=BD:46:36:00:D7:31:3F:95:46:55:62:1A:FB:CA:36:A3:3D:27:15:92

12
tests/auto/network/ssl/qsslcertificate/certificates/dsa-cert-ss.pem.pubkey Normal file
View File

@ -0,0 +1,12 @@
-----BEGIN PUBLIC KEY-----
MIIBtjCCASsGByqGSM44BAEwggEeAoGBAMJjrSlWu595Nf9UAAeggH6kUS30P+pi
gB5WEgeToqTkpIwHO24GdEL+dGtFVWwT+r+rSuI+SZPMMSQWpVcgjeCqoaPpn+9P
5gCof1jmn4oegis4K8hJANnsDDdE1HRkeVDSzFlkmvk+FnVfB0wI0T8Fk7BV4wZD
yvgTKko6t7YZAhUAoXZvBxhaUam1WnS18Yrk+1IT3u8CgYAx22xg8DQG4HE2vGH0
p3Ug2FziCtjpDaN1ryomPbroQSK7/x9dhuy/4b1H2KdJufawWTVPdBI5TfXXvCcJ
EmQKKegarq3DFPGkpH+rp72GejEgmBMUU22+1NHga3VzSspLjAK2e/+r+foHHzJn
GQs6JrvMNaXK+UVJxXRp878CGgOBhAACgYAKoweyuHdke1ngEmgXMPrCNBJiPPHP
cEX9CSZasSka7gI6OWZDk6H80W1KRPxHMeKb4V06wa02IbZvWA5zeStCOtmMCylk
5Tzav8/UqYeDAqjddbSm7i423/pjmUh+eD/wLHvJxYanRm8nqBQLe1jL2NmVkb1O
pCyMK+sRF+K+sg==
-----END PUBLIC KEY-----

BIN
tests/auto/network/ssl/qsslcertificate/certificates/ec-cert-ss.der.pubkey Normal file
View File

Binary file not shown.

11
tests/auto/network/ssl/qsslcertificate/certificates/ec-cert-ss.pem Normal file
View File

@ -0,0 +1,11 @@
-----BEGIN CERTIFICATE-----
MIIBfjCCAQUCCQC0FR+dPQNT7TAKBggqhkjOPQQDAjApMRowGAYDVQQDDBFuYW1l
L3dpdGgvc2xhc2hlczELMAkGA1UEBhMCTk8wHhcNMTUwNzI5MTIyNDA2WhcNMTUw
ODI4MTIyNDA2WjApMRowGAYDVQQDDBFuYW1lL3dpdGgvc2xhc2hlczELMAkGA1UE
BhMCTk8wdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQk+TMJ/Zu30xojWhWSFnllEgEF
+jBRIxSoJ8T7vaPy3dV0Dxomv5NxOi0kn1kzYUzMoMReK/IAJ3bfRGyFbV4i/KDJ
VAvyEevvMnp2ewKxmwlg9E9n+d4Tm7tf5+3Tz+EwCgYIKoZIzj0EAwIDZwAwZAIw
cM1DRkrcg4IPUZZaP96rI70H7OT3VDg5zSNMkEE/QBPGtE7T1Lzkxk96e/BkiQoV
AjB/t955UraOxLtnqjSHvVmiczWK+2b4QV+wiQBV6XTLI6FUeKLa70I0ruLdIgJ4
zKU=
-----END CERTIFICATE-----

1
tests/auto/network/ssl/qsslcertificate/certificates/ec-cert-ss.pem.digest-md5 Normal file
View File

@ -0,0 +1 @@
MD5 Fingerprint=83:EF:5F:FF:C1:DB:E0:AC:4A:FA:E1:1C:9F:07:9B:1E

1
tests/auto/network/ssl/qsslcertificate/certificates/ec-cert-ss.pem.digest-sha1 Normal file
View File

@ -0,0 +1 @@
SHA1 Fingerprint=06:07:56:98:99:A1:45:D7:94:14:5A:B9:92:97:35:35:C8:EA:7C:3E

5
tests/auto/network/ssl/qsslcertificate/certificates/ec-cert-ss.pem.pubkey Normal file
View File

@ -0,0 +1,5 @@
-----BEGIN PUBLIC KEY-----
MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEJPkzCf2bt9MaI1oVkhZ5ZRIBBfowUSMU
qCfE+72j8t3VdA8aJr+TcTotJJ9ZM2FMzKDEXivyACd230RshW1eIvygyVQL8hHr
7zJ6dnsCsZsJYPRPZ/neE5u7X+ft08/h
-----END PUBLIC KEY-----

46
tests/auto/network/ssl/qsslcertificate/certificates/gencertificates.sh
View File

@ -34,7 +34,8 @@
# This script generates digital certificates of different types.
#--- Certificates ---------------------------------------------------------------------------
#--- RSA Certificates -----------------------------------------------------------------------
echo -e "\ngenerating 1024-bit RSA private key to PEM file ..."
openssl genrsa -out rsa-pri-1024.pem 1024
@ -57,6 +58,38 @@ openssl x509 -req -in req.pem -out cert.pem -CA ca-cert.pem -set_serial 17
echo -e "\n generating a certifificate signed by a dummy CA to DER file ..."
openssl x509 -req -in req.pem -out cert.der -CA ca-cert.pem -set_serial 17 -outform der
#--- DSA Certificates -----------------------------------------------------------------------
echo -e "\ngenerating DSA parameters to PEM file ..."
openssl dsaparam -out dsapar-1024.pem 1024
echo -e "\ngenerating DSA private key to PEM file ..."
openssl gendsa dsapar-1024.pem -out dsa-pri-1024.pem
/bin/rm dsapar-1024.pem
echo -e "\ngenerating DSA public key to PEM and DER file ..."
openssl dsa -in dsa-pri-1024.pem -pubout -out dsa-pub-1024.pem
openssl dsa -in dsa-pri-1024.pem -pubout -out dsa-pub-1024.der -outform der
echo -e "\ngenerating certificate signing request (CSR) ..."
openssl req -out req.pem -new -key dsa-pri-1024.pem -subj "/CN=name\/with\/slashes/C=NO"
echo -e "\n generating a self-signed certifificate to PEM file ..."
openssl x509 -req -in req.pem -out dsa-cert-ss.pem -signkey dsa-pri-1024.pem
#--- EC Certificates ------------------------------------------------------------------------
echo -e "\ngenerating EC private key to PEM file ..."
openssl ecparam -name secp384r1 -genkey -noout -out ec-pri-384.pem
echo -e "\ngenerating EC public key to PEM and DER file ..."
openssl ec -in ec-pri-384.pem -pubout -out ec-pub-384.pem
openssl ec -in ec-pri-384.pem -pubout -out ec-pub-384.der -outform DER
echo -e "\ngenerating certificate signing request (CSR) ..."
openssl req -out req.pem -new -key ec-pri-384.pem -subj "/CN=name\/with\/slashes/C=NO"
echo -e "\n generating a self-signed certifificate to PEM file ..."
openssl x509 -req -in req.pem -out ec-cert-ss.pem -signkey ec-pri-384.pem
#--- Public keys --------------------------------------------------------------------------------
echo -e "\n associate public keys with all certificates ..."
# Note: For now, there is only one public key (encoded in both PEM and DER), but that could change.
@ -64,6 +97,10 @@ echo -e "\n associate public keys with all certificates ..."
/bin/cp rsa-pub-1024.der cert-ss.der.pubkey
/bin/cp rsa-pub-1024.pem cert.pem.pubkey
/bin/cp rsa-pub-1024.der cert.der.pubkey
/bin/cp dsa-pub-1024.pem dsa-cert-ss.pem.pubkey
/bin/cp dsa-pub-1024.der dsa-cert-ss.der.pubkey
/bin/cp ec-pub-384.pem ec-cert-ss.pem.pubkey
/bin/cp ec-pub-384.der ec-cert-ss.der.pubkey
#--- Digests --------------------------------------------------------------------------------
echo -e "\n generating md5 and sha1 digests of all certificates ..."
@ -72,6 +109,8 @@ do
openssl x509 -in ca-cert.pem -noout -fingerprint -$digest > ca-cert.pem.digest-$digest
openssl x509 -in cert-ss.pem -noout -fingerprint -$digest > cert-ss.pem.digest-$digest
openssl x509 -in cert.pem -noout -fingerprint -$digest > cert.pem.digest-$digest
openssl x509 -in dsa-cert-ss.pem -noout -fingerprint -$digest > dsa-cert-ss.pem.digest-$digest
openssl x509 -in ec-cert-ss.pem -noout -fingerprint -$digest > ec-cert-ss.pem.digest-$digest
done
#--- Subjet Alternative Name extension ----------------------------------------------------
@ -93,4 +132,7 @@ openssl req -x509 -in req-san.pem -out $outname -key rsa-pri-1024.pem \
/bin/cp san.cnf $outname.san
echo -e "\n cleaning up ..."
/bin/rm rsa-pri-1024.pem rsa-pub-1024.* req*.pem
/bin/rm rsa-pri-1024.pem rsa-pub-1024.*
/bin/rm dsa-pri-1024.pem dsa-pub-1024.*
/bin/rm ec-pri-384.pem ec-pub-384.*
/bin/rm req*.pem

14
tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp
View File

@ -494,12 +494,20 @@ void tst_QSslCertificate::publicKey()
QFETCH(QSsl::EncodingFormat, format);
QFETCH(QString, pubkeyFilePath);
QSsl::KeyAlgorithm algorithm;
if (QFileInfo(pubkeyFilePath).fileName().startsWith("dsa-"))
algorithm = QSsl::Dsa;
else if (QFileInfo(pubkeyFilePath).fileName().startsWith("ec-"))
algorithm = QSsl::Ec;
else
algorithm = QSsl::Rsa;
QByteArray encodedCert = readFile(certFilePath);
QSslCertificate certificate(encodedCert, format);
QVERIFY(!certificate.isNull());
QByteArray encodedPubkey = readFile(pubkeyFilePath);
QSslKey pubkey(encodedPubkey, QSsl::Rsa, format, QSsl::PublicKey); // ### support DSA as well!
QSslKey pubkey(encodedPubkey, algorithm, format, QSsl::PublicKey);
QVERIFY(!pubkey.isNull());
QCOMPARE(certificate.publicKey(), pubkey);
@ -581,7 +589,7 @@ void tst_QSslCertificate::fromPath_data()
QTest::newRow("\"certificates/*\" fixed der") << QString("certificates/*") << int(QRegExp::FixedString) << false << 0;
QTest::newRow("\"certificates/*\" regexp pem") << QString("certificates/*") << int(QRegExp::RegExp) << true << 0;
QTest::newRow("\"certificates/*\" regexp der") << QString("certificates/*") << int(QRegExp::RegExp) << false << 0;
QTest::newRow("\"certificates/*\" wildcard pem") << QString("certificates/*") << int(QRegExp::Wildcard) << true << 5;
QTest::newRow("\"certificates/*\" wildcard pem") << QString("certificates/*") << int(QRegExp::Wildcard) << true << 7;
QTest::newRow("\"certificates/ca*\" wildcard pem") << QString("certificates/ca*") << int(QRegExp::Wildcard) << true << 1;
QTest::newRow("\"certificates/cert*\" wildcard pem") << QString("certificates/cert*") << int(QRegExp::Wildcard) << true << 4;
QTest::newRow("\"certificates/cert-[sure]*\" wildcard pem") << QString("certificates/cert-[sure]*") << int(QRegExp::Wildcard) << true << 3;
@ -612,7 +620,7 @@ void tst_QSslCertificate::fromPath_data()
QTest::newRow("\"d.*/c.*.pem\" wildcard pem") << QString("d.*/c.*.pem") << int(QRegExp::Wildcard) << true << 0;
QTest::newRow("\"d.*/c.*.pem\" wildcard der") << QString("d.*/c.*.pem") << int(QRegExp::Wildcard) << false << 0;
#ifdef Q_OS_LINUX
QTest::newRow("absolute path wildcard pem") << (testDataDir + "/certificates/*.pem") << int(QRegExp::Wildcard) << true << 5;
QTest::newRow("absolute path wildcard pem") << (testDataDir + "/certificates/*.pem") << int(QRegExp::Wildcard) << true << 7;
#endif
QTest::newRow("trailing-whitespace") << QString("more-certificates/trailing-whitespace.pem") << int(QRegExp::FixedString) << true << 1;