QSslKey: Do not make OpenSSL prompt for a password on stdin

Task-number: QTBUG-2515
Reviewed-by: Andreas Aardal Hanssen

3 files changed, 105 insertions, 0 deletions

diff --git a/tests/auto/qsslkey/rsa-with-passphrase.pem b/tests/auto/qsslkey/rsa-with-passphrase.pem
new file mode 100644
index 0000000000..cb29becc31
--- /dev/null
+++ b/tests/auto/qsslkey/rsa-with-passphrase.pem
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-CBC,36BD1242254C5E1E
+
+sqt8qlQfkjJiz0djd0WYjhN/IGxA/nU/wVKuf5RWDAghDBrABzJ3dU4Jh1WIsS4+
+f22TBr6fwgjpPxGkt361Z9oxon/QeyBZLFtyUxnFSqZcVMMR3vndtMyYJbVKjRm1
+lvF3BjFWNh6+SZe20cut2GiUJDqhw7RbjaAN6LaCpFqwusY6vbjW6vzB8ezDvLou
+5jQAkwArGoI0KqUMwBOYukiWdBA0iERavspKGRnB3mGtgv5ziTEFzx58mn1Lv3Qs
+LYQqTYgzpFyAMP9SZaRv4m/y5O9foAXnlh0GhmDWBQ2D5flwZqrIAzoJ5BcZKU6/
+HJCh4snw3kheeE8NhrlzypEONedvu4ifUbqN5idMU7S4t40NAmQ/dF0Z4wDen/M/
+iFbt5tTWh6sXK82XzJtAfprH07odtJHK7CMeurCi5BupmnLtPbUrl6hpKItBzu+g
+7MB5AyNk548V9Y8+kKBtEG5EgYZrMYX4yqQ+Z8F1hy0UUMXu9cAnO06OTavxLtWJ
+ikmwYJNy421Hj+oZVSagCUILQyUfgx6fXWwDRqy/stlX+hpPPjVmd/A2WBm5x/Sf
+5CGfUtddZRuAZpChBXV6a/R+nMzDXhkKl4XTkN8hg3yXLY6xy3CR3RIYDlKkn85y
+VziP32V6Bc8ucGifsZLNnvj8CFXTZP+8CWun9yLSkcq+wm4cQOLswztEMA8bbPJQ
+g7Gp59BC4ofN5bMZ1R1z+l96x+YMY9btkyjE1uEyRT88dHwxnkhC5AKBx2P6sg0C
+doe5Dh8Ny5Ic24ibwyvZbAS46tSVdha7ACGnGXV4Z3iqBfN0b0UNmw==
+-----END RSA PRIVATE KEY-----
diff --git a/tests/auto/qsslkey/rsa-without-passphrase.pem b/tests/auto/qsslkey/rsa-without-passphrase.pem
new file mode 100644
index 0000000000..f7c834b116
--- /dev/null
+++ b/tests/auto/qsslkey/rsa-without-passphrase.pem
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQC1mZlLC6g8/vaw8XEOQ59gwQ5WxIvcKCSx7B5SHaeN8zzbENpl
+32BtyfrCccHF7j6qwfMZ2RwM5RTlFw/eBF4SSXAgp/P5CgcugSs1dOJUfPveos/5
+h3fmnUcKeQIU4m5EGcQicmR8//WUUfdtHDp/fJ0dRXcY2tTOx89vNPEtgwIDAQAB
+AoGBAKqE2f4vqf/sYPPxInmEYclWPgKXd8R4JUy0LBxrIAQYXBJPluOFhmRQ/hdK
+/eq/NTTd/UlOJhqtmJsstoeAjlsELl2AejX2n1B9aSffQ0WzdB5gVMNotPGRKRIG
+eOq2pp2JOFkGps11LUAqDEMNUb3EV6HiBucoGEOUpdITLrRxAkEA4Ul3o44wMvIb
+muwp7/erSvDMWRZ1GjksEmBMAHL6y8avZd9UgrjHeCy8uHXrT0id4Cig8FA+nQA5
+UwTr9y5e9wJBAM5bc8xuAuCg4Si3exssFfxQIxFTmPzhkVubglO9IcLqfXLl3k5S
+CxgRb/4pBMKVRCMRXAkaZpjJqTIofjp4ptUCQQC4hySnot932zchPi9bjtGPII1A
+q1RfllSy+I1IEOW745HnL3ZZXGCF3p71uCB1YFVwNdcc/51Jm9VYWr+sRx8hAkBL
+KoTDsk7aA8AAVNVC0Iwxm/8qEIlpk8Ce3cZbOklR9pg7gf+4B6qC2dcxfT9+oWBw
+ZaJgrn0wqkQ3QQi5w7kBAkBAR2tKc2OqnljMPnXYEreRyHHjhqCsJYFAE7u16cY/
+NQGJq9jBAD5WANclrYRxKtD6yohi+Y7Vi7+SXve3pGdF
+-----END RSA PRIVATE KEY-----
diff --git a/tests/auto/qsslkey/tst_qsslkey.cpp b/tests/auto/qsslkey/tst_qsslkey.cpp
index d15634425e..3c8ae11b2c 100644
--- a/tests/auto/qsslkey/tst_qsslkey.cpp
+++ b/tests/auto/qsslkey/tst_qsslkey.cpp
@@ -99,6 +99,7 @@ private slots:
     void toEncryptedPemOrDer_data();
     void toEncryptedPemOrDer();
 
+    void passphraseChecks();
 #endif
 };
 
@@ -371,6 +372,77 @@ void tst_QSslKey::toEncryptedPemOrDer()
     // ### add a test to verify that public keys are _decrypted_ correctly (by the ctor)
 }
 
+void tst_QSslKey::passphraseChecks()
+{
+    {
+        QString fileName(SRCDIR "/rsa-with-passphrase.pem");
+        QFile keyFile(fileName);
+        QVERIFY(keyFile.exists());
+        {
+            if (!keyFile.isOpen())
+                keyFile.open(QIODevice::ReadOnly);
+            else
+                keyFile.reset();
+            QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey);
+            QVERIFY(key.isNull()); // null passphrase => should not be able to decode key
+        }
+        {
+            if (!keyFile.isOpen())
+                keyFile.open(QIODevice::ReadOnly);
+            else
+                keyFile.reset();
+            QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey, "");
+            QVERIFY(key.isNull()); // empty passphrase => should not be able to decode key
+        }
+        {
+            if (!keyFile.isOpen())
+                keyFile.open(QIODevice::ReadOnly);
+            else
+                keyFile.reset();
+            QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey, "WRONG!");
+            QVERIFY(key.isNull()); // wrong passphrase => should not be able to decode key
+        }
+        {
+            if (!keyFile.isOpen())
+                keyFile.open(QIODevice::ReadOnly);
+            else
+                keyFile.reset();
+            QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey, "123");
+            QVERIFY(!key.isNull()); // correct passphrase
+        }
+    }
+
+    {
+        // be sure and check a key without passphrase too
+        QString fileName(SRCDIR "/rsa-without-passphrase.pem");
+        QFile keyFile(fileName);
+        {
+            if (!keyFile.isOpen())
+                keyFile.open(QIODevice::ReadOnly);
+            else
+                keyFile.reset();
+            QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey);
+            QVERIFY(!key.isNull()); // null passphrase => should be able to decode key
+        }
+        {
+            if (!keyFile.isOpen())
+                keyFile.open(QIODevice::ReadOnly);
+            else
+                keyFile.reset();
+            QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey, "");
+            QVERIFY(!key.isNull()); // empty passphrase => should be able to decode key
+        }
+        {
+            if (!keyFile.isOpen())
+                keyFile.open(QIODevice::ReadOnly);
+            else
+                keyFile.reset();
+            QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey, "xxx");
+            QVERIFY(!key.isNull()); // passphrase given but key is not encrypted anyway => should work
+        }
+    }
+}
+
 #endif
 
 QTEST_MAIN(tst_QSslKey)