ssl: add test certificates with DSA and EC keys

The QSslCertificate tests only covered certificates with RSA keys, this extends the test coverage to DSA and EC keys. Change-Id: Ibee26f449cf6c1d97cbac6b511972eb44d6f0bd2 Reviewed-by: Richard J. Moore <rich@kde.org>
author: Jeremy Lainé <jeremy.laine@m4x.org> 2015-07-29 14:22:12 +0200
committer: Jeremy Lainé <jeremy.laine@m4x.org> 2015-07-30 11:31:40 +0000
commit: d11307320393540a60a81cdd216b99352bbcd2a8 (patch)
tree: 7844760eab66df2f53f7fd488ff6676f32590cf4 /tests
parent: 0617834e0cfa00c8dadbac17877659196107be76 (diff)
12 files changed, 103 insertions, 5 deletions
diff --git a/tests/auto/network/ssl/qsslcertificate/certificates/dsa-cert-ss.der.pubkey b/tests/auto/network/ssl/qsslcertificate/certificates/dsa-cert-ss.der.pubkey
new file mode 100644
index 0000000000..4e46848106
--- /dev/null
+++ b/tests/auto/network/ssl/qsslcertificate/certificates/dsa-cert-ss.der.pubkey
diff --git a/tests/auto/network/ssl/qsslcertificate/certificates/dsa-cert-ss.pem b/tests/auto/network/ssl/qsslcertificate/certificates/dsa-cert-ss.pem
new file mode 100644
index 0000000000..d81f8f1def
--- /dev/null
+++ b/tests/auto/network/ssl/qsslcertificate/certificates/dsa-cert-ss.pem
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICijCCAkgCCQC7PDslmXiXHzALBglghkgBZQMEAwIwKTEaMBgGA1UEAwwRbmFt
+ZS93aXRoL3NsYXNoZXMxCzAJBgNVBAYTAk5PMB4XDTE1MDcyOTEyMTAyNloXDTE1
+MDgyODEyMTAyNlowKTEaMBgGA1UEAwwRbmFtZS93aXRoL3NsYXNoZXMxCzAJBgNV
+BAYTAk5PMIIBtjCCASsGByqGSM44BAEwggEeAoGBAMJjrSlWu595Nf9UAAeggH6k
+US30P+pigB5WEgeToqTkpIwHO24GdEL+dGtFVWwT+r+rSuI+SZPMMSQWpVcgjeCq
+oaPpn+9P5gCof1jmn4oegis4K8hJANnsDDdE1HRkeVDSzFlkmvk+FnVfB0wI0T8F
+k7BV4wZDyvgTKko6t7YZAhUAoXZvBxhaUam1WnS18Yrk+1IT3u8CgYAx22xg8DQG
+4HE2vGH0p3Ug2FziCtjpDaN1ryomPbroQSK7/x9dhuy/4b1H2KdJufawWTVPdBI5
+TfXXvCcJEmQKKegarq3DFPGkpH+rp72GejEgmBMUU22+1NHga3VzSspLjAK2e/+r
++foHHzJnGQs6JrvMNaXK+UVJxXRp878CGgOBhAACgYAKoweyuHdke1ngEmgXMPrC
+NBJiPPHPcEX9CSZasSka7gI6OWZDk6H80W1KRPxHMeKb4V06wa02IbZvWA5zeStC
+OtmMCylk5Tzav8/UqYeDAqjddbSm7i423/pjmUh+eD/wLHvJxYanRm8nqBQLe1jL
+2NmVkb1OpCyMK+sRF+K+sjALBglghkgBZQMEAwIDLwAwLAIUHVt2TWRAe/JSEHY1
+x6+igQb3AFQCFHYwbrScyMUwuVkNft2ttDN1I7ak
+-----END CERTIFICATE-----
diff --git a/tests/auto/network/ssl/qsslcertificate/certificates/dsa-cert-ss.pem.digest-md5 b/tests/auto/network/ssl/qsslcertificate/certificates/dsa-cert-ss.pem.digest-md5
new file mode 100644
index 0000000000..dba3fdff03
--- /dev/null
+++ b/tests/auto/network/ssl/qsslcertificate/certificates/dsa-cert-ss.pem.digest-md5
@@ -0,0 +1 @@
+MD5 Fingerprint=35:B0:60:B2:37:14:43:31:01:71:C0:D9:CE:AF:20:CB
diff --git a/tests/auto/network/ssl/qsslcertificate/certificates/dsa-cert-ss.pem.digest-sha1 b/tests/auto/network/ssl/qsslcertificate/certificates/dsa-cert-ss.pem.digest-sha1
new file mode 100644
index 0000000000..3879ef954f
--- /dev/null
+++ b/tests/auto/network/ssl/qsslcertificate/certificates/dsa-cert-ss.pem.digest-sha1
@@ -0,0 +1 @@
+SHA1 Fingerprint=BD:46:36:00:D7:31:3F:95:46:55:62:1A:FB:CA:36:A3:3D:27:15:92
diff --git a/tests/auto/network/ssl/qsslcertificate/certificates/dsa-cert-ss.pem.pubkey b/tests/auto/network/ssl/qsslcertificate/certificates/dsa-cert-ss.pem.pubkey
new file mode 100644
index 0000000000..c44fd6f4a9
--- /dev/null
+++ b/tests/auto/network/ssl/qsslcertificate/certificates/dsa-cert-ss.pem.pubkey
@@ -0,0 +1,12 @@
+-----BEGIN PUBLIC KEY-----
+MIIBtjCCASsGByqGSM44BAEwggEeAoGBAMJjrSlWu595Nf9UAAeggH6kUS30P+pi
+gB5WEgeToqTkpIwHO24GdEL+dGtFVWwT+r+rSuI+SZPMMSQWpVcgjeCqoaPpn+9P
+5gCof1jmn4oegis4K8hJANnsDDdE1HRkeVDSzFlkmvk+FnVfB0wI0T8Fk7BV4wZD
+yvgTKko6t7YZAhUAoXZvBxhaUam1WnS18Yrk+1IT3u8CgYAx22xg8DQG4HE2vGH0
+p3Ug2FziCtjpDaN1ryomPbroQSK7/x9dhuy/4b1H2KdJufawWTVPdBI5TfXXvCcJ
+EmQKKegarq3DFPGkpH+rp72GejEgmBMUU22+1NHga3VzSspLjAK2e/+r+foHHzJn
+GQs6JrvMNaXK+UVJxXRp878CGgOBhAACgYAKoweyuHdke1ngEmgXMPrCNBJiPPHP
+cEX9CSZasSka7gI6OWZDk6H80W1KRPxHMeKb4V06wa02IbZvWA5zeStCOtmMCylk
+5Tzav8/UqYeDAqjddbSm7i423/pjmUh+eD/wLHvJxYanRm8nqBQLe1jL2NmVkb1O
+pCyMK+sRF+K+sg==
+-----END PUBLIC KEY-----
diff --git a/tests/auto/network/ssl/qsslcertificate/certificates/ec-cert-ss.der.pubkey b/tests/auto/network/ssl/qsslcertificate/certificates/ec-cert-ss.der.pubkey
new file mode 100644
index 0000000000..05e3f82ebd
--- /dev/null
+++ b/tests/auto/network/ssl/qsslcertificate/certificates/ec-cert-ss.der.pubkey
diff --git a/tests/auto/network/ssl/qsslcertificate/certificates/ec-cert-ss.pem b/tests/auto/network/ssl/qsslcertificate/certificates/ec-cert-ss.pem
new file mode 100644
index 0000000000..c4843c4420
--- /dev/null
+++ b/tests/auto/network/ssl/qsslcertificate/certificates/ec-cert-ss.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBfjCCAQUCCQC0FR+dPQNT7TAKBggqhkjOPQQDAjApMRowGAYDVQQDDBFuYW1l
+L3dpdGgvc2xhc2hlczELMAkGA1UEBhMCTk8wHhcNMTUwNzI5MTIyNDA2WhcNMTUw
+ODI4MTIyNDA2WjApMRowGAYDVQQDDBFuYW1lL3dpdGgvc2xhc2hlczELMAkGA1UE
+BhMCTk8wdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQk+TMJ/Zu30xojWhWSFnllEgEF
++jBRIxSoJ8T7vaPy3dV0Dxomv5NxOi0kn1kzYUzMoMReK/IAJ3bfRGyFbV4i/KDJ
+VAvyEevvMnp2ewKxmwlg9E9n+d4Tm7tf5+3Tz+EwCgYIKoZIzj0EAwIDZwAwZAIw
+cM1DRkrcg4IPUZZaP96rI70H7OT3VDg5zSNMkEE/QBPGtE7T1Lzkxk96e/BkiQoV
+AjB/t955UraOxLtnqjSHvVmiczWK+2b4QV+wiQBV6XTLI6FUeKLa70I0ruLdIgJ4
+zKU=
+-----END CERTIFICATE-----
diff --git a/tests/auto/network/ssl/qsslcertificate/certificates/ec-cert-ss.pem.digest-md5 b/tests/auto/network/ssl/qsslcertificate/certificates/ec-cert-ss.pem.digest-md5
new file mode 100644
index 0000000000..69ad0aa247
--- /dev/null
+++ b/tests/auto/network/ssl/qsslcertificate/certificates/ec-cert-ss.pem.digest-md5
@@ -0,0 +1 @@
+MD5 Fingerprint=83:EF:5F:FF:C1:DB:E0:AC:4A:FA:E1:1C:9F:07:9B:1E
diff --git a/tests/auto/network/ssl/qsslcertificate/certificates/ec-cert-ss.pem.digest-sha1 b/tests/auto/network/ssl/qsslcertificate/certificates/ec-cert-ss.pem.digest-sha1
new file mode 100644
index 0000000000..7547b5ce3f
--- /dev/null
+++ b/tests/auto/network/ssl/qsslcertificate/certificates/ec-cert-ss.pem.digest-sha1
@@ -0,0 +1 @@
+SHA1 Fingerprint=06:07:56:98:99:A1:45:D7:94:14:5A:B9:92:97:35:35:C8:EA:7C:3E
diff --git a/tests/auto/network/ssl/qsslcertificate/certificates/ec-cert-ss.pem.pubkey b/tests/auto/network/ssl/qsslcertificate/certificates/ec-cert-ss.pem.pubkey
new file mode 100644
index 0000000000..1ced61d62c
--- /dev/null
+++ b/tests/auto/network/ssl/qsslcertificate/certificates/ec-cert-ss.pem.pubkey
@@ -0,0 +1,5 @@
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEJPkzCf2bt9MaI1oVkhZ5ZRIBBfowUSMU
+qCfE+72j8t3VdA8aJr+TcTotJJ9ZM2FMzKDEXivyACd230RshW1eIvygyVQL8hHr
+7zJ6dnsCsZsJYPRPZ/neE5u7X+ft08/h
+-----END PUBLIC KEY-----
diff --git a/tests/auto/network/ssl/qsslcertificate/certificates/gencertificates.sh b/tests/auto/network/ssl/qsslcertificate/certificates/gencertificates.sh
index b21776536b..50d17b9453 100755
--- a/tests/auto/network/ssl/qsslcertificate/certificates/gencertificates.sh
+++ b/tests/auto/network/ssl/qsslcertificate/certificates/gencertificates.sh
@@ -34,7 +34,8 @@
 
 # This script generates digital certificates of different types.
 
-#--- Certificates ---------------------------------------------------------------------------
+#--- RSA Certificates -----------------------------------------------------------------------
+
 echo -e "\ngenerating 1024-bit RSA private key to PEM file ..."
 openssl genrsa -out rsa-pri-1024.pem 1024
 
@@ -57,6 +58,38 @@ openssl x509 -req -in req.pem -out cert.pem -CA ca-cert.pem -set_serial 17
 echo -e "\n generating a certifificate signed by a dummy CA to DER file ..."
 openssl x509 -req -in req.pem -out cert.der -CA ca-cert.pem -set_serial 17 -outform der
 
+#--- DSA Certificates -----------------------------------------------------------------------
+echo -e "\ngenerating DSA parameters to PEM file ..."
+openssl dsaparam -out dsapar-1024.pem 1024
+
+echo -e "\ngenerating DSA private key to PEM file ..."
+openssl gendsa dsapar-1024.pem -out dsa-pri-1024.pem
+/bin/rm dsapar-1024.pem
+
+echo -e "\ngenerating DSA public key to PEM and DER file ..."
+openssl dsa -in dsa-pri-1024.pem -pubout -out dsa-pub-1024.pem
+openssl dsa -in dsa-pri-1024.pem -pubout -out dsa-pub-1024.der -outform der
+
+echo -e "\ngenerating certificate signing request (CSR) ..."
+openssl req -out req.pem -new -key dsa-pri-1024.pem -subj "/CN=name\/with\/slashes/C=NO"
+
+echo -e "\n generating a self-signed certifificate to PEM file ..."
+openssl x509 -req -in req.pem -out dsa-cert-ss.pem -signkey dsa-pri-1024.pem
+
+#--- EC Certificates ------------------------------------------------------------------------
+echo -e "\ngenerating EC private key to PEM file ..."
+openssl ecparam -name secp384r1 -genkey -noout -out ec-pri-384.pem
+
+echo -e "\ngenerating EC public key to PEM and DER file ..."
+openssl ec -in ec-pri-384.pem -pubout -out ec-pub-384.pem
+openssl ec -in ec-pri-384.pem -pubout -out ec-pub-384.der -outform DER
+
+echo -e "\ngenerating certificate signing request (CSR) ..."
+openssl req -out req.pem -new -key ec-pri-384.pem -subj "/CN=name\/with\/slashes/C=NO"
+
+echo -e "\n generating a self-signed certifificate to PEM file ..."
+openssl x509 -req -in req.pem -out ec-cert-ss.pem -signkey ec-pri-384.pem
+
 #--- Public keys --------------------------------------------------------------------------------
 echo -e "\n associate public keys with all certificates ..."
 # Note: For now, there is only one public key (encoded in both PEM and DER), but that could change.
@@ -64,6 +97,10 @@ echo -e "\n associate public keys with all certificates ..."
 /bin/cp rsa-pub-1024.der cert-ss.der.pubkey
 /bin/cp rsa-pub-1024.pem cert.pem.pubkey
 /bin/cp rsa-pub-1024.der cert.der.pubkey
+/bin/cp dsa-pub-1024.pem dsa-cert-ss.pem.pubkey
+/bin/cp dsa-pub-1024.der dsa-cert-ss.der.pubkey
+/bin/cp ec-pub-384.pem ec-cert-ss.pem.pubkey
+/bin/cp ec-pub-384.der ec-cert-ss.der.pubkey
 
 #--- Digests --------------------------------------------------------------------------------
 echo -e "\n generating md5 and sha1 digests of all certificates ..."
@@ -72,6 +109,8 @@ do
   openssl x509 -in ca-cert.pem -noout -fingerprint -$digest > ca-cert.pem.digest-$digest
   openssl x509 -in cert-ss.pem -noout -fingerprint -$digest > cert-ss.pem.digest-$digest
   openssl x509 -in cert.pem -noout -fingerprint -$digest > cert.pem.digest-$digest
+  openssl x509 -in dsa-cert-ss.pem -noout -fingerprint -$digest > dsa-cert-ss.pem.digest-$digest
+  openssl x509 -in ec-cert-ss.pem -noout -fingerprint -$digest > ec-cert-ss.pem.digest-$digest
 done
 
 #--- Subjet Alternative Name extension ----------------------------------------------------
@@ -93,4 +132,7 @@ openssl req -x509 -in req-san.pem -out $outname -key rsa-pri-1024.pem \
 /bin/cp san.cnf $outname.san
 
 echo -e "\n cleaning up ..."
-/bin/rm rsa-pri-1024.pem rsa-pub-1024.* req*.pem
+/bin/rm rsa-pri-1024.pem rsa-pub-1024.*
+/bin/rm dsa-pri-1024.pem dsa-pub-1024.*
+/bin/rm ec-pri-384.pem ec-pub-384.*
+/bin/rm req*.pem
diff --git a/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp b/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp
index 604c0ef782..748c240f3d 100644
--- a/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp
+++ b/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp
@@ -494,12 +494,20 @@ void tst_QSslCertificate::publicKey()
     QFETCH(QSsl::EncodingFormat, format);
     QFETCH(QString, pubkeyFilePath);
 
+    QSsl::KeyAlgorithm algorithm;
+    if (QFileInfo(pubkeyFilePath).fileName().startsWith("dsa-"))
+        algorithm = QSsl::Dsa;
+    else if (QFileInfo(pubkeyFilePath).fileName().startsWith("ec-"))
+        algorithm = QSsl::Ec;
+    else
+        algorithm = QSsl::Rsa;
+
     QByteArray encodedCert = readFile(certFilePath);
     QSslCertificate certificate(encodedCert, format);
     QVERIFY(!certificate.isNull());
 
     QByteArray encodedPubkey = readFile(pubkeyFilePath);
-    QSslKey pubkey(encodedPubkey, QSsl::Rsa, format, QSsl::PublicKey); // ### support DSA as well!
+    QSslKey pubkey(encodedPubkey, algorithm, format, QSsl::PublicKey);
     QVERIFY(!pubkey.isNull());
 
     QCOMPARE(certificate.publicKey(), pubkey);
@@ -581,7 +589,7 @@ void tst_QSslCertificate::fromPath_data()
     QTest::newRow("\"certificates/*\" fixed der") << QString("certificates/*") << int(QRegExp::FixedString) << false << 0;
     QTest::newRow("\"certificates/*\" regexp pem") << QString("certificates/*") << int(QRegExp::RegExp) << true << 0;
     QTest::newRow("\"certificates/*\" regexp der") << QString("certificates/*") << int(QRegExp::RegExp) << false << 0;
-    QTest::newRow("\"certificates/*\" wildcard pem") << QString("certificates/*") << int(QRegExp::Wildcard) << true << 5;
+    QTest::newRow("\"certificates/*\" wildcard pem") << QString("certificates/*") << int(QRegExp::Wildcard) << true << 7;
     QTest::newRow("\"certificates/ca*\" wildcard pem") << QString("certificates/ca*") << int(QRegExp::Wildcard) << true << 1;
     QTest::newRow("\"certificates/cert*\" wildcard pem") << QString("certificates/cert*") << int(QRegExp::Wildcard) << true << 4;
     QTest::newRow("\"certificates/cert-[sure]*\" wildcard pem") << QString("certificates/cert-[sure]*") << int(QRegExp::Wildcard) << true << 3;
@@ -612,7 +620,7 @@ void tst_QSslCertificate::fromPath_data()
     QTest::newRow("\"d.*/c.*.pem\" wildcard pem") << QString("d.*/c.*.pem") << int(QRegExp::Wildcard) << true << 0;
     QTest::newRow("\"d.*/c.*.pem\" wildcard der") << QString("d.*/c.*.pem") << int(QRegExp::Wildcard) << false << 0;
 #ifdef Q_OS_LINUX
-    QTest::newRow("absolute path wildcard pem") << (testDataDir + "/certificates/*.pem") << int(QRegExp::Wildcard) << true << 5;
+    QTest::newRow("absolute path wildcard pem") << (testDataDir + "/certificates/*.pem") << int(QRegExp::Wildcard) << true << 7;
 #endif
 
     QTest::newRow("trailing-whitespace") << QString("more-certificates/trailing-whitespace.pem") << int(QRegExp::FixedString) << true << 1;
author	Jeremy Lainé <jeremy.laine@m4x.org>	2015-07-29 14:22:12 +0200
committer	Jeremy Lainé <jeremy.laine@m4x.org>	2015-07-30 11:31:40 +0000
commit	d11307320393540a60a81cdd216b99352bbcd2a8 (patch)
tree	7844760eab66df2f53f7fd488ff6676f32590cf4 /tests
parent	0617834e0cfa00c8dadbac17877659196107be76 (diff)