diff options
author | Richard Moore <rich@kde.org> | 2011-11-02 14:25:03 +0000 |
---|---|---|
committer | Qt by Nokia <qt-info@nokia.com> | 2011-11-06 21:01:03 +0100 |
commit | 9602887db1008d85887a9a96a8b5e0487a0542bc (patch) | |
tree | 30daa5d80de104688ae67cde10795b5c36521aa6 | |
parent | 6248b869d0e8ae7e0fe566c09f2393278142b547 (diff) |
SSL certificate extensions: add unit tests
Added tests for each of the supported extensions, and also for the
handling of unknown ones.
Change-Id: I29e0a5c1a411f41c2a554293662a33b56f205c00
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
-rw-r--r-- | tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp | 89 |
1 files changed, 89 insertions, 0 deletions
diff --git a/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp b/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp index 0f033fc726..10bb9dccb9 100644 --- a/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp +++ b/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp @@ -44,6 +44,7 @@ #include <qsslcertificate.h> #include <qsslkey.h> #include <qsslsocket.h> +#include <qsslcertificateextension.h> class tst_QSslCertificate : public QObject { @@ -111,6 +112,7 @@ private slots: void multipleCommonNames(); void subjectAndIssuerAttributes(); void verify(); + void extensions(); // helper for verbose test failure messages QString toString(const QList<QSslError>&); @@ -983,6 +985,93 @@ QString tst_QSslCertificate::toString(const QList<QSslError>& errors) return QLatin1String("[ ") + errorStrings.join(QLatin1String(", ")) + QLatin1String(" ]"); } +void tst_QSslCertificate::extensions() +{ + QList<QSslCertificate> certList = + QSslCertificate::fromPath(SRCDIR "more-certificates/natwest-banking.pem"); + QVERIFY2(certList.count() > 0, "Please run this test from the source directory"); + + QSslCertificate cert = certList[0]; + QList<QSslCertificateExtension> extensions = cert.extensions(); + QVERIFY(extensions.count() == 9); + + int unknown_idx = -1; + int authority_info_idx = -1; + int basic_constraints_idx = -1; + int subject_key_idx = -1; + int auth_key_idx = -1; + + for (int i=0; i < extensions.length(); ++i) { + QSslCertificateExtension ext = extensions[i]; + + //qDebug() << i << ":" << ext.name() << ext.oid(); + if (ext.oid() == QStringLiteral("1.3.6.1.5.5.7.1.12")) + unknown_idx = i; + if (ext.name() == QStringLiteral("authorityInfoAccess")) + authority_info_idx = i; + if (ext.name() == QStringLiteral("basicConstraints")) + basic_constraints_idx = i; + if (ext.name() == QStringLiteral("subjectKeyIdentifier")) + subject_key_idx = i; + if (ext.name() == QStringLiteral("authorityKeyIdentifier")) + auth_key_idx = i; + } + + QVERIFY(unknown_idx != -1); + QVERIFY(authority_info_idx != -1); + QVERIFY(basic_constraints_idx != -1); + QVERIFY(subject_key_idx != -1); + QVERIFY(auth_key_idx != -1); + + // Unknown + QSslCertificateExtension unknown = extensions[unknown_idx]; + QVERIFY(unknown.oid() == QStringLiteral("1.3.6.1.5.5.7.1.12")); + QVERIFY(unknown.name() == QStringLiteral("1.3.6.1.5.5.7.1.12")); + + QByteArray unknownValue = QByteArray::fromHex( + "3060A15EA05C305A305830561609696D6167652F6769663021301F300706052B0E03021A0414" \ + "4B6BB92896060CBBD052389B29AC4B078B21051830261624687474703A2F2F6C6F676F2E7665" \ + "72697369676E2E636F6D2F76736C6F676F312E676966"); + QCOMPARE(unknown.value().toByteArray(), unknownValue); + + // Authority Info Access + QSslCertificateExtension aia = extensions[authority_info_idx]; + QVERIFY(aia.oid() == QStringLiteral("1.3.6.1.5.5.7.1.1")); + QVERIFY(aia.name() == QStringLiteral("authorityInfoAccess")); + + QVariantMap aiaValue = aia.value().toMap(); + QString ocsp = aiaValue[QStringLiteral("OCSP")].toString(); + QString caIssuers = aiaValue[QStringLiteral("caIssuers")].toString(); + + QVERIFY(ocsp == QStringLiteral("http://EVIntl-ocsp.verisign.com")); + QVERIFY(caIssuers == QStringLiteral("http://EVIntl-aia.verisign.com/EVIntl2006.cer")); + + // Basic constraints + QSslCertificateExtension basic = extensions[basic_constraints_idx]; + QVERIFY(basic.oid() == QStringLiteral("2.5.29.19")); + QVERIFY(basic.name() == QStringLiteral("basicConstraints")); + + QVariantMap basicValue = basic.value().toMap(); + QVERIFY(basicValue[QStringLiteral("ca")].toBool() == false); + + // Subject key identifier + QSslCertificateExtension subjectKey = extensions[subject_key_idx]; + QVERIFY(subjectKey.oid() == QStringLiteral("2.5.29.14")); + QVERIFY(subjectKey.name() == QStringLiteral("subjectKeyIdentifier")); + QVERIFY(subjectKey.value().toString() == QStringLiteral("5F:90:23:CD:24:CA:52:C9:36:29:F0:7E:9D:B1:FE:08:E0:EE:69:F0")); + + // Authority key identifier + QSslCertificateExtension authKey = extensions[auth_key_idx]; + QVERIFY(authKey.oid() == QStringLiteral("2.5.29.35")); + QVERIFY(authKey.name() == QStringLiteral("authorityKeyIdentifier")); + + QVariantMap authValue = authKey.value().toMap(); + QVERIFY(authValue[QStringLiteral("keyid")].toByteArray() == + QByteArray("4e43c81d76ef37537a4ff2586f94f338e2d5bddf")); + +} + + #endif // QT_NO_OPENSSL QTEST_MAIN(tst_QSslCertificate) |