diff options
author | Jeremy Lainé <jeremy.laine@m4x.org> | 2015-07-29 14:22:12 +0200 |
---|---|---|
committer | Jeremy Lainé <jeremy.laine@m4x.org> | 2015-07-30 11:31:40 +0000 |
commit | d11307320393540a60a81cdd216b99352bbcd2a8 (patch) | |
tree | 7844760eab66df2f53f7fd488ff6676f32590cf4 | |
parent | 0617834e0cfa00c8dadbac17877659196107be76 (diff) |
ssl: add test certificates with DSA and EC keys
The QSslCertificate tests only covered certificates with RSA keys, this
extends the test coverage to DSA and EC keys.
Change-Id: Ibee26f449cf6c1d97cbac6b511972eb44d6f0bd2
Reviewed-by: Richard J. Moore <rich@kde.org>
12 files changed, 103 insertions, 5 deletions
diff --git a/tests/auto/network/ssl/qsslcertificate/certificates/dsa-cert-ss.der.pubkey b/tests/auto/network/ssl/qsslcertificate/certificates/dsa-cert-ss.der.pubkey Binary files differnew file mode 100644 index 0000000000..4e46848106 --- /dev/null +++ b/tests/auto/network/ssl/qsslcertificate/certificates/dsa-cert-ss.der.pubkey diff --git a/tests/auto/network/ssl/qsslcertificate/certificates/dsa-cert-ss.pem b/tests/auto/network/ssl/qsslcertificate/certificates/dsa-cert-ss.pem new file mode 100644 index 0000000000..d81f8f1def --- /dev/null +++ b/tests/auto/network/ssl/qsslcertificate/certificates/dsa-cert-ss.pem @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE----- +MIICijCCAkgCCQC7PDslmXiXHzALBglghkgBZQMEAwIwKTEaMBgGA1UEAwwRbmFt +ZS93aXRoL3NsYXNoZXMxCzAJBgNVBAYTAk5PMB4XDTE1MDcyOTEyMTAyNloXDTE1 +MDgyODEyMTAyNlowKTEaMBgGA1UEAwwRbmFtZS93aXRoL3NsYXNoZXMxCzAJBgNV +BAYTAk5PMIIBtjCCASsGByqGSM44BAEwggEeAoGBAMJjrSlWu595Nf9UAAeggH6k +US30P+pigB5WEgeToqTkpIwHO24GdEL+dGtFVWwT+r+rSuI+SZPMMSQWpVcgjeCq +oaPpn+9P5gCof1jmn4oegis4K8hJANnsDDdE1HRkeVDSzFlkmvk+FnVfB0wI0T8F +k7BV4wZDyvgTKko6t7YZAhUAoXZvBxhaUam1WnS18Yrk+1IT3u8CgYAx22xg8DQG +4HE2vGH0p3Ug2FziCtjpDaN1ryomPbroQSK7/x9dhuy/4b1H2KdJufawWTVPdBI5 +TfXXvCcJEmQKKegarq3DFPGkpH+rp72GejEgmBMUU22+1NHga3VzSspLjAK2e/+r ++foHHzJnGQs6JrvMNaXK+UVJxXRp878CGgOBhAACgYAKoweyuHdke1ngEmgXMPrC +NBJiPPHPcEX9CSZasSka7gI6OWZDk6H80W1KRPxHMeKb4V06wa02IbZvWA5zeStC +OtmMCylk5Tzav8/UqYeDAqjddbSm7i423/pjmUh+eD/wLHvJxYanRm8nqBQLe1jL +2NmVkb1OpCyMK+sRF+K+sjALBglghkgBZQMEAwIDLwAwLAIUHVt2TWRAe/JSEHY1 +x6+igQb3AFQCFHYwbrScyMUwuVkNft2ttDN1I7ak +-----END CERTIFICATE----- diff --git a/tests/auto/network/ssl/qsslcertificate/certificates/dsa-cert-ss.pem.digest-md5 b/tests/auto/network/ssl/qsslcertificate/certificates/dsa-cert-ss.pem.digest-md5 new file mode 100644 index 0000000000..dba3fdff03 --- /dev/null +++ b/tests/auto/network/ssl/qsslcertificate/certificates/dsa-cert-ss.pem.digest-md5 @@ -0,0 +1 @@ +MD5 Fingerprint=35:B0:60:B2:37:14:43:31:01:71:C0:D9:CE:AF:20:CB diff --git a/tests/auto/network/ssl/qsslcertificate/certificates/dsa-cert-ss.pem.digest-sha1 b/tests/auto/network/ssl/qsslcertificate/certificates/dsa-cert-ss.pem.digest-sha1 new file mode 100644 index 0000000000..3879ef954f --- /dev/null +++ b/tests/auto/network/ssl/qsslcertificate/certificates/dsa-cert-ss.pem.digest-sha1 @@ -0,0 +1 @@ +SHA1 Fingerprint=BD:46:36:00:D7:31:3F:95:46:55:62:1A:FB:CA:36:A3:3D:27:15:92 diff --git a/tests/auto/network/ssl/qsslcertificate/certificates/dsa-cert-ss.pem.pubkey b/tests/auto/network/ssl/qsslcertificate/certificates/dsa-cert-ss.pem.pubkey new file mode 100644 index 0000000000..c44fd6f4a9 --- /dev/null +++ b/tests/auto/network/ssl/qsslcertificate/certificates/dsa-cert-ss.pem.pubkey @@ -0,0 +1,12 @@ +-----BEGIN PUBLIC KEY----- +MIIBtjCCASsGByqGSM44BAEwggEeAoGBAMJjrSlWu595Nf9UAAeggH6kUS30P+pi +gB5WEgeToqTkpIwHO24GdEL+dGtFVWwT+r+rSuI+SZPMMSQWpVcgjeCqoaPpn+9P +5gCof1jmn4oegis4K8hJANnsDDdE1HRkeVDSzFlkmvk+FnVfB0wI0T8Fk7BV4wZD +yvgTKko6t7YZAhUAoXZvBxhaUam1WnS18Yrk+1IT3u8CgYAx22xg8DQG4HE2vGH0 +p3Ug2FziCtjpDaN1ryomPbroQSK7/x9dhuy/4b1H2KdJufawWTVPdBI5TfXXvCcJ +EmQKKegarq3DFPGkpH+rp72GejEgmBMUU22+1NHga3VzSspLjAK2e/+r+foHHzJn +GQs6JrvMNaXK+UVJxXRp878CGgOBhAACgYAKoweyuHdke1ngEmgXMPrCNBJiPPHP +cEX9CSZasSka7gI6OWZDk6H80W1KRPxHMeKb4V06wa02IbZvWA5zeStCOtmMCylk +5Tzav8/UqYeDAqjddbSm7i423/pjmUh+eD/wLHvJxYanRm8nqBQLe1jL2NmVkb1O +pCyMK+sRF+K+sg== +-----END PUBLIC KEY----- diff --git a/tests/auto/network/ssl/qsslcertificate/certificates/ec-cert-ss.der.pubkey b/tests/auto/network/ssl/qsslcertificate/certificates/ec-cert-ss.der.pubkey Binary files differnew file mode 100644 index 0000000000..05e3f82ebd --- /dev/null +++ b/tests/auto/network/ssl/qsslcertificate/certificates/ec-cert-ss.der.pubkey diff --git a/tests/auto/network/ssl/qsslcertificate/certificates/ec-cert-ss.pem b/tests/auto/network/ssl/qsslcertificate/certificates/ec-cert-ss.pem new file mode 100644 index 0000000000..c4843c4420 --- /dev/null +++ b/tests/auto/network/ssl/qsslcertificate/certificates/ec-cert-ss.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBfjCCAQUCCQC0FR+dPQNT7TAKBggqhkjOPQQDAjApMRowGAYDVQQDDBFuYW1l +L3dpdGgvc2xhc2hlczELMAkGA1UEBhMCTk8wHhcNMTUwNzI5MTIyNDA2WhcNMTUw +ODI4MTIyNDA2WjApMRowGAYDVQQDDBFuYW1lL3dpdGgvc2xhc2hlczELMAkGA1UE +BhMCTk8wdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQk+TMJ/Zu30xojWhWSFnllEgEF ++jBRIxSoJ8T7vaPy3dV0Dxomv5NxOi0kn1kzYUzMoMReK/IAJ3bfRGyFbV4i/KDJ +VAvyEevvMnp2ewKxmwlg9E9n+d4Tm7tf5+3Tz+EwCgYIKoZIzj0EAwIDZwAwZAIw +cM1DRkrcg4IPUZZaP96rI70H7OT3VDg5zSNMkEE/QBPGtE7T1Lzkxk96e/BkiQoV +AjB/t955UraOxLtnqjSHvVmiczWK+2b4QV+wiQBV6XTLI6FUeKLa70I0ruLdIgJ4 +zKU= +-----END CERTIFICATE----- diff --git a/tests/auto/network/ssl/qsslcertificate/certificates/ec-cert-ss.pem.digest-md5 b/tests/auto/network/ssl/qsslcertificate/certificates/ec-cert-ss.pem.digest-md5 new file mode 100644 index 0000000000..69ad0aa247 --- /dev/null +++ b/tests/auto/network/ssl/qsslcertificate/certificates/ec-cert-ss.pem.digest-md5 @@ -0,0 +1 @@ +MD5 Fingerprint=83:EF:5F:FF:C1:DB:E0:AC:4A:FA:E1:1C:9F:07:9B:1E diff --git a/tests/auto/network/ssl/qsslcertificate/certificates/ec-cert-ss.pem.digest-sha1 b/tests/auto/network/ssl/qsslcertificate/certificates/ec-cert-ss.pem.digest-sha1 new file mode 100644 index 0000000000..7547b5ce3f --- /dev/null +++ b/tests/auto/network/ssl/qsslcertificate/certificates/ec-cert-ss.pem.digest-sha1 @@ -0,0 +1 @@ +SHA1 Fingerprint=06:07:56:98:99:A1:45:D7:94:14:5A:B9:92:97:35:35:C8:EA:7C:3E diff --git a/tests/auto/network/ssl/qsslcertificate/certificates/ec-cert-ss.pem.pubkey b/tests/auto/network/ssl/qsslcertificate/certificates/ec-cert-ss.pem.pubkey new file mode 100644 index 0000000000..1ced61d62c --- /dev/null +++ b/tests/auto/network/ssl/qsslcertificate/certificates/ec-cert-ss.pem.pubkey @@ -0,0 +1,5 @@ +-----BEGIN PUBLIC KEY----- +MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEJPkzCf2bt9MaI1oVkhZ5ZRIBBfowUSMU +qCfE+72j8t3VdA8aJr+TcTotJJ9ZM2FMzKDEXivyACd230RshW1eIvygyVQL8hHr +7zJ6dnsCsZsJYPRPZ/neE5u7X+ft08/h +-----END PUBLIC KEY----- diff --git a/tests/auto/network/ssl/qsslcertificate/certificates/gencertificates.sh b/tests/auto/network/ssl/qsslcertificate/certificates/gencertificates.sh index b21776536b..50d17b9453 100755 --- a/tests/auto/network/ssl/qsslcertificate/certificates/gencertificates.sh +++ b/tests/auto/network/ssl/qsslcertificate/certificates/gencertificates.sh @@ -34,7 +34,8 @@ # This script generates digital certificates of different types. -#--- Certificates --------------------------------------------------------------------------- +#--- RSA Certificates ----------------------------------------------------------------------- + echo -e "\ngenerating 1024-bit RSA private key to PEM file ..." openssl genrsa -out rsa-pri-1024.pem 1024 @@ -57,6 +58,38 @@ openssl x509 -req -in req.pem -out cert.pem -CA ca-cert.pem -set_serial 17 echo -e "\n generating a certifificate signed by a dummy CA to DER file ..." openssl x509 -req -in req.pem -out cert.der -CA ca-cert.pem -set_serial 17 -outform der +#--- DSA Certificates ----------------------------------------------------------------------- +echo -e "\ngenerating DSA parameters to PEM file ..." +openssl dsaparam -out dsapar-1024.pem 1024 + +echo -e "\ngenerating DSA private key to PEM file ..." +openssl gendsa dsapar-1024.pem -out dsa-pri-1024.pem +/bin/rm dsapar-1024.pem + +echo -e "\ngenerating DSA public key to PEM and DER file ..." +openssl dsa -in dsa-pri-1024.pem -pubout -out dsa-pub-1024.pem +openssl dsa -in dsa-pri-1024.pem -pubout -out dsa-pub-1024.der -outform der + +echo -e "\ngenerating certificate signing request (CSR) ..." +openssl req -out req.pem -new -key dsa-pri-1024.pem -subj "/CN=name\/with\/slashes/C=NO" + +echo -e "\n generating a self-signed certifificate to PEM file ..." +openssl x509 -req -in req.pem -out dsa-cert-ss.pem -signkey dsa-pri-1024.pem + +#--- EC Certificates ------------------------------------------------------------------------ +echo -e "\ngenerating EC private key to PEM file ..." +openssl ecparam -name secp384r1 -genkey -noout -out ec-pri-384.pem + +echo -e "\ngenerating EC public key to PEM and DER file ..." +openssl ec -in ec-pri-384.pem -pubout -out ec-pub-384.pem +openssl ec -in ec-pri-384.pem -pubout -out ec-pub-384.der -outform DER + +echo -e "\ngenerating certificate signing request (CSR) ..." +openssl req -out req.pem -new -key ec-pri-384.pem -subj "/CN=name\/with\/slashes/C=NO" + +echo -e "\n generating a self-signed certifificate to PEM file ..." +openssl x509 -req -in req.pem -out ec-cert-ss.pem -signkey ec-pri-384.pem + #--- Public keys -------------------------------------------------------------------------------- echo -e "\n associate public keys with all certificates ..." # Note: For now, there is only one public key (encoded in both PEM and DER), but that could change. @@ -64,6 +97,10 @@ echo -e "\n associate public keys with all certificates ..." /bin/cp rsa-pub-1024.der cert-ss.der.pubkey /bin/cp rsa-pub-1024.pem cert.pem.pubkey /bin/cp rsa-pub-1024.der cert.der.pubkey +/bin/cp dsa-pub-1024.pem dsa-cert-ss.pem.pubkey +/bin/cp dsa-pub-1024.der dsa-cert-ss.der.pubkey +/bin/cp ec-pub-384.pem ec-cert-ss.pem.pubkey +/bin/cp ec-pub-384.der ec-cert-ss.der.pubkey #--- Digests -------------------------------------------------------------------------------- echo -e "\n generating md5 and sha1 digests of all certificates ..." @@ -72,6 +109,8 @@ do openssl x509 -in ca-cert.pem -noout -fingerprint -$digest > ca-cert.pem.digest-$digest openssl x509 -in cert-ss.pem -noout -fingerprint -$digest > cert-ss.pem.digest-$digest openssl x509 -in cert.pem -noout -fingerprint -$digest > cert.pem.digest-$digest + openssl x509 -in dsa-cert-ss.pem -noout -fingerprint -$digest > dsa-cert-ss.pem.digest-$digest + openssl x509 -in ec-cert-ss.pem -noout -fingerprint -$digest > ec-cert-ss.pem.digest-$digest done #--- Subjet Alternative Name extension ---------------------------------------------------- @@ -93,4 +132,7 @@ openssl req -x509 -in req-san.pem -out $outname -key rsa-pri-1024.pem \ /bin/cp san.cnf $outname.san echo -e "\n cleaning up ..." -/bin/rm rsa-pri-1024.pem rsa-pub-1024.* req*.pem +/bin/rm rsa-pri-1024.pem rsa-pub-1024.* +/bin/rm dsa-pri-1024.pem dsa-pub-1024.* +/bin/rm ec-pri-384.pem ec-pub-384.* +/bin/rm req*.pem diff --git a/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp b/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp index 604c0ef782..748c240f3d 100644 --- a/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp +++ b/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp @@ -494,12 +494,20 @@ void tst_QSslCertificate::publicKey() QFETCH(QSsl::EncodingFormat, format); QFETCH(QString, pubkeyFilePath); + QSsl::KeyAlgorithm algorithm; + if (QFileInfo(pubkeyFilePath).fileName().startsWith("dsa-")) + algorithm = QSsl::Dsa; + else if (QFileInfo(pubkeyFilePath).fileName().startsWith("ec-")) + algorithm = QSsl::Ec; + else + algorithm = QSsl::Rsa; + QByteArray encodedCert = readFile(certFilePath); QSslCertificate certificate(encodedCert, format); QVERIFY(!certificate.isNull()); QByteArray encodedPubkey = readFile(pubkeyFilePath); - QSslKey pubkey(encodedPubkey, QSsl::Rsa, format, QSsl::PublicKey); // ### support DSA as well! + QSslKey pubkey(encodedPubkey, algorithm, format, QSsl::PublicKey); QVERIFY(!pubkey.isNull()); QCOMPARE(certificate.publicKey(), pubkey); @@ -581,7 +589,7 @@ void tst_QSslCertificate::fromPath_data() QTest::newRow("\"certificates/*\" fixed der") << QString("certificates/*") << int(QRegExp::FixedString) << false << 0; QTest::newRow("\"certificates/*\" regexp pem") << QString("certificates/*") << int(QRegExp::RegExp) << true << 0; QTest::newRow("\"certificates/*\" regexp der") << QString("certificates/*") << int(QRegExp::RegExp) << false << 0; - QTest::newRow("\"certificates/*\" wildcard pem") << QString("certificates/*") << int(QRegExp::Wildcard) << true << 5; + QTest::newRow("\"certificates/*\" wildcard pem") << QString("certificates/*") << int(QRegExp::Wildcard) << true << 7; QTest::newRow("\"certificates/ca*\" wildcard pem") << QString("certificates/ca*") << int(QRegExp::Wildcard) << true << 1; QTest::newRow("\"certificates/cert*\" wildcard pem") << QString("certificates/cert*") << int(QRegExp::Wildcard) << true << 4; QTest::newRow("\"certificates/cert-[sure]*\" wildcard pem") << QString("certificates/cert-[sure]*") << int(QRegExp::Wildcard) << true << 3; @@ -612,7 +620,7 @@ void tst_QSslCertificate::fromPath_data() QTest::newRow("\"d.*/c.*.pem\" wildcard pem") << QString("d.*/c.*.pem") << int(QRegExp::Wildcard) << true << 0; QTest::newRow("\"d.*/c.*.pem\" wildcard der") << QString("d.*/c.*.pem") << int(QRegExp::Wildcard) << false << 0; #ifdef Q_OS_LINUX - QTest::newRow("absolute path wildcard pem") << (testDataDir + "/certificates/*.pem") << int(QRegExp::Wildcard) << true << 5; + QTest::newRow("absolute path wildcard pem") << (testDataDir + "/certificates/*.pem") << int(QRegExp::Wildcard) << true << 7; #endif QTest::newRow("trailing-whitespace") << QString("more-certificates/trailing-whitespace.pem") << int(QRegExp::FixedString) << true << 1; |