AuroraMiddleware/qt5base-lts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ssl: check critical certificate extensions

Browse Source 
This adds a test for a QSslCertificate containing extensions which
are marked as critical.

Change-Id: I314e1f5c9943bcad5d43129a97f9f834882dc6fb
Reviewed-by: Richard J. Moore <rich@kde.org>
This commit is contained in:
Jeremy Lainé 2014-09-03 15:38:47 +02:00
parent 7e1e42cbf2
commit f750979b70
1 changed files with 47 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp
View File

@ -111,6 +111,7 @@ private slots:
void subjectAndIssuerAttributes();
void verify();
void extensions();
void extensionsCritical();
void threadSafeConstMethods();
void version_data();
void version();
@ -1150,7 +1151,53 @@ void tst_QSslCertificate::extensions()
QCOMPARE(authValue.keys(), QList<QString>() << QStringLiteral("keyid"));
QVERIFY(authValue[QStringLiteral("keyid")].toByteArray() ==
QByteArray("4e43c81d76ef37537a4ff2586f94f338e2d5bddf"));
}
void tst_QSslCertificate::extensionsCritical()
{
QList<QSslCertificate> certList =
QSslCertificate::fromPath(testDataDir + "/verify-certs/test-addons-mozilla-org-cert.pem");
QVERIFY2(certList.count() > 0, "Please run this test from the source directory");
QSslCertificate cert = certList[0];
QList<QSslCertificateExtension> extensions = cert.extensions();
#ifdef Q_OS_WINRT
QEXPECT_FAIL("", "QTBUG-40884: WinRT API does not support extensions information", Abort);
#endif
QVERIFY(extensions.count() == 9);
int basic_constraints_idx = -1;
int key_usage_idx = -1;
for (int i=0; i < extensions.length(); ++i) {
QSslCertificateExtension ext = extensions[i];
if (ext.name() == QStringLiteral("basicConstraints"))
basic_constraints_idx = i;
if (ext.name() == QStringLiteral("keyUsage"))
key_usage_idx = i;
}
QVERIFY(basic_constraints_idx != -1);
QVERIFY(key_usage_idx != -1);
// Basic constraints
QSslCertificateExtension basic = extensions[basic_constraints_idx];
QVERIFY(basic.oid() == QStringLiteral("2.5.29.19"));
QVERIFY(basic.name() == QStringLiteral("basicConstraints"));
QVERIFY(basic.isCritical());
QVERIFY(basic.isSupported());
QVariantMap basicValue = basic.value().toMap();
QCOMPARE(basicValue.keys(), QList<QString>() << QStringLiteral("ca"));
QVERIFY(basicValue[QStringLiteral("ca")].toBool() == false);
// Key Usage
QSslCertificateExtension keyUsage = extensions[key_usage_idx];
QVERIFY(keyUsage.oid() == QStringLiteral("2.5.29.15"));
QVERIFY(keyUsage.name() == QStringLiteral("keyUsage"));
QVERIFY(keyUsage.isCritical());
QVERIFY(!keyUsage.isSupported());
}
class TestThread : public QThread