Add support for loading PKCS#12 bundles.

Add support for loading certificates and keys from PKCS#12 bundles
(also known as pfx files).

Task-number: QTBUG-1565

[ChangeLog][QtNetwork][QSslSocket] Support for loading PKCS#12
bundles was added. These are often used to transport keys and
certificates conveniently, particularly when making use of
client certificates.

Change-Id: Idaeb2cb4dac4b19881a5c99c7c0a7eea00c2b207
Reviewed-by: Daniel Molkentin <daniel@molkentin.de>

4 files changed, 54 insertions, 0 deletions

diff --git a/tests/auto/network/ssl/qsslsocket/certs/README b/tests/auto/network/ssl/qsslsocket/certs/README
new file mode 100644
index 0000000000..704646c212
--- /dev/null
+++ b/tests/auto/network/ssl/qsslsocket/certs/README
@@ -0,0 +1,7 @@
+The PKCS#12 bundle was created by running:
+
+openssl pkcs12 -export -in leaf.crt -inkey leaf.key \
+               -out leaf.p12 \
+               -certfile inter.crt -CAfile ca.crt
+
+No password was provided.
diff --git a/tests/auto/network/ssl/qsslsocket/certs/fluke.p12 b/tests/auto/network/ssl/qsslsocket/certs/fluke.p12
new file mode 100644
index 0000000000..f11e550e88
--- /dev/null
+++ b/tests/auto/network/ssl/qsslsocket/certs/fluke.p12
diff --git a/tests/auto/network/ssl/qsslsocket/certs/leaf.p12 b/tests/auto/network/ssl/qsslsocket/certs/leaf.p12
new file mode 100644
index 0000000000..cb89aadb73
--- /dev/null
+++ b/tests/auto/network/ssl/qsslsocket/certs/leaf.p12
diff --git a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
index 30a9e19138..1ed2a98ed7 100644
--- a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
+++ b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
@@ -194,6 +194,7 @@ private slots:
     void qtbug18498_peek2();
     void dhServer();
     void ecdhServer();
+    void pkcs12();
     void setEmptyDefaultConfiguration(); // this test should be last
 
     static void exitLoop()
@@ -2734,6 +2735,52 @@ void tst_QSslSocket::ecdhServer()
     QVERIFY(client->state() == QAbstractSocket::ConnectedState);
 }
 
+void tst_QSslSocket::pkcs12()
+{
+    if (!QSslSocket::supportsSsl()) {
+        qWarning("SSL not supported, skipping test");
+        return;
+    }
+
+    QFETCH_GLOBAL(bool, setProxy);
+    if (setProxy)
+        return;
+
+    QFile f(QLatin1String(SRCDIR "certs/leaf.p12"));
+    bool ok = f.open(QIODevice::ReadOnly);
+    QVERIFY(ok);
+
+    QSslKey key;
+    QSslCertificate cert;
+    QList<QSslCertificate> caCerts;
+
+    ok = QSslSocket::importPKCS12(&f, &key, &cert, &caCerts);
+    QVERIFY(ok);
+    f.close();
+
+    QList<QSslCertificate> leafCert = QSslCertificate::fromPath(SRCDIR "certs/leaf.crt");
+    QVERIFY(!leafCert.isEmpty());
+
+    QCOMPARE(cert, leafCert.first());
+
+    QFile f2(QLatin1String(SRCDIR "certs/leaf.key"));
+    ok = f2.open(QIODevice::ReadOnly);
+    QVERIFY(ok);
+
+    QSslKey leafKey(&f2, QSsl::Rsa);
+    f2.close();
+
+    QVERIFY(!leafKey.isNull());
+    QCOMPARE(key, leafKey);
+
+    QList<QSslCertificate> caCert = QSslCertificate::fromPath(SRCDIR "certs/inter.crt");
+    QVERIFY(!caCert.isEmpty());
+
+    QVERIFY(!caCerts.isEmpty());
+    QCOMPARE(caCerts.first(), caCert.first());
+    QCOMPARE(caCerts, caCert);
+}
+
 void tst_QSslSocket::setEmptyDefaultConfiguration() // this test should be last, as it has some side effects
 {
     // used to produce a crash in QSslConfigurationPrivate::deepCopyDefaultConfiguration, QTBUG-13265