diff options
Diffstat (limited to 'tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp')
-rw-r--r-- | tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp | 133 |
1 files changed, 77 insertions, 56 deletions
diff --git a/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp b/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp index 20a84b3077..b51053effd 100644 --- a/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp +++ b/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp @@ -1,17 +1,19 @@ // Copyright (C) 2016 The Qt Company Ltd. -// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only WITH Qt-GPL-exception-1.0 - +// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only #include <QTest> #include <QtNetwork/qtnetworkglobal.h> + +#include <QtCore/qdatetime.h> +#include <QtCore/qtimezone.h> +#include <QtCore/qscopeguard.h> #include <QtCore/qset.h> #include <qsslcertificate.h> #include <qsslkey.h> #include <qsslsocket.h> #include <qsslcertificateextension.h> -#include <qscopeguard.h> #ifndef QT_NO_OPENSSL #include <openssl/opensslv.h> @@ -100,7 +102,31 @@ private slots: #endif // QT_CONFIG(ssl) private: QString testDataDir; - bool isNonOpenSslTls = false; + + enum class TLSBackend { + OpenSSL, + Schannel, + SecureTransport, + CertOnly, + Unknown, + }; + static TLSBackend currentBackend() + { + static TLSBackend activeBackend = []() { + using namespace Qt::StringLiterals; + const QString active = QSslSocket::activeBackend(); + if (active == "openssl"_L1) + return TLSBackend::OpenSSL; + if (active == "schannel") + return TLSBackend::Schannel; + if (active == "securetransport") + return TLSBackend::SecureTransport; + if (active == "cert-only") + return TLSBackend::CertOnly; + return TLSBackend::Unknown; + }(); + return activeBackend; + } }; void tst_QSslCertificate::initTestCase() @@ -110,22 +136,15 @@ void tst_QSslCertificate::initTestCase() testDataDir = QCoreApplication::applicationDirPath(); if (!testDataDir.endsWith(QLatin1String("/"))) testDataDir += QLatin1String("/"); -#if QT_CONFIG(opensslv11) - // In the presence of 'openssl' backend, QSslSocket will - // select 'openssl' as the default one. - isNonOpenSslTls = QSslSocket::activeBackend() != QStringLiteral("openssl"); -#else - isNonOpenSslTls = true; -#endif // QT_CONFIG(ssl) QDir dir(testDataDir + "certificates"); - QFileInfoList fileInfoList = dir.entryInfoList(QDir::Files | QDir::Readable); + const QFileInfoList fileInfoList = dir.entryInfoList(QDir::Files | QDir::Readable); QRegularExpression rxCert(QLatin1String("^.+\\.(pem|der)$")); QRegularExpression rxSan(QLatin1String("^(.+\\.(?:pem|der))\\.san$")); QRegularExpression rxPubKey(QLatin1String("^(.+\\.(?:pem|der))\\.pubkey$")); QRegularExpression rxDigest(QLatin1String("^(.+\\.(?:pem|der))\\.digest-(md5|sha1)$")); QRegularExpressionMatch match; - foreach (QFileInfo fileInfo, fileInfoList) { + for (const QFileInfo &fileInfo : fileInfoList) { if ((match = rxCert.match(fileInfo.fileName())).hasMatch()) certInfoList << CertInfo(fileInfo, @@ -188,7 +207,7 @@ void tst_QSslCertificate::createTestRows() { QTest::addColumn<QString>("absFilePath"); QTest::addColumn<QSsl::EncodingFormat>("format"); - foreach (CertInfo certInfo, certInfoList) { + for (const CertInfo &certInfo : std::as_const(certInfoList)) { QTest::newRow(certInfo.fileInfo.fileName().toLatin1()) << certInfo.fileInfo.absoluteFilePath() << certInfo.format; } @@ -319,7 +338,7 @@ void tst_QSslCertificate::digest_data() QTest::addColumn<QSsl::EncodingFormat>("format"); QTest::addColumn<QString>("absFilePath_digest_md5"); QTest::addColumn<QString>("absFilePath_digest_sha1"); - foreach (CertInfo certInfo, certInfoList) { + for (const CertInfo &certInfo : std::as_const(certInfoList)) { QString certName = certInfo.fileInfo.fileName(); QTest::newRow(certName.toLatin1()) << certInfo.fileInfo.absoluteFilePath() @@ -372,7 +391,7 @@ void tst_QSslCertificate::subjectAlternativeNames_data() QTest::addColumn<QSsl::EncodingFormat>("format"); QTest::addColumn<QString>("subjAltNameFilePath"); - foreach (CertInfo certInfo, certInfoList) { + for (const CertInfo &certInfo : std::as_const(certInfoList)) { QString certName = certInfo.fileInfo.fileName(); if (subjAltNameMap.contains(certName)) QTest::newRow(certName.toLatin1()) @@ -454,7 +473,7 @@ void tst_QSslCertificate::subjectInfoToString() QVERIFY(testInfo(QSslCertificate::DistinguishedNameQualifier, QString())); QVERIFY(testInfo(QSslCertificate::SerialNumber, QString())); // TODO: check why generic code does not handle this! - if (!isNonOpenSslTls) + if (currentBackend() == TLSBackend::OpenSSL) QVERIFY(testInfo(QSslCertificate::EmailAddress, QStringLiteral("ababic@trolltech.com"))); } @@ -466,9 +485,8 @@ void tst_QSslCertificate::subjectIssuerDisplayName_data() QTest::addRow("CommonName") << QStringLiteral("more-certificates/cert-cn.pem") << QStringLiteral("YOUR name"); QTest::addRow("OrganizationName") << QStringLiteral("more-certificates/cert-on.pem") << QStringLiteral("R&D"); QTest::addRow("OrganizationUnitName") << QStringLiteral("more-certificates/cert-oun.pem") << QStringLiteral("Foundations"); -#ifndef QT_NO_OPENSSL - QTest::addRow("NoSubjectName") << QStringLiteral("more-certificates/cert-noname.pem") << QString(); -#endif + if (currentBackend() == TLSBackend::OpenSSL) + QTest::addRow("NoSubjectName") << QStringLiteral("more-certificates/cert-noname.pem") << QString(); } void tst_QSslCertificate::subjectIssuerDisplayName() @@ -498,7 +516,7 @@ void tst_QSslCertificate::utf8SubjectNames() static const char *ou = "\xe3\x88\xa7" "A" "\xe3\x89\x81\xef\xbd\xab" "BC"; // the following two tests should help find "\x"-literal encoding bugs in the test itself - QCOMPARE(cert.subjectInfo("O")[0].length(), QString::fromUtf8(o).length()); + QCOMPARE(cert.subjectInfo("O")[0].size(), QString::fromUtf8(o).size()); QCOMPARE (cert.subjectInfo("O")[0].toUtf8().toHex(), QByteArray(o).toHex()); QCOMPARE(cert.subjectInfo("O")[0], QString::fromUtf8(o)); @@ -511,7 +529,7 @@ void tst_QSslCertificate::publicKey_data() QTest::addColumn<QSsl::EncodingFormat>("format"); QTest::addColumn<QString>("pubkeyFilePath"); - foreach (CertInfo certInfo, certInfoList) { + for (const CertInfo &certInfo : std::as_const(certInfoList)) { QString certName = certInfo.fileInfo.fileName(); if (pubkeyMap.contains(certName)) QTest::newRow(certName.toLatin1()) @@ -813,8 +831,10 @@ void tst_QSslCertificate::certInfo() QCOMPARE(cert.digest(QCryptographicHash::Sha1), QByteArray::fromHex("B6:D1:51:82:E0:29:CA:59:96:38:BD:B6:F9:40:05:91:6D:49:09:60")); - QCOMPARE(cert.effectiveDate().toUTC(), QDateTime(QDate(2007, 4, 17), QTime(7,40,26), Qt::UTC)); - QCOMPARE(cert.expiryDate().toUTC(), QDateTime(QDate(2007, 5, 17), QTime(7,40,26), Qt::UTC)); + QCOMPARE(cert.effectiveDate().toUTC(), + QDateTime(QDate(2007, 4, 17), QTime(7,40,26), QTimeZone::UTC)); + QCOMPARE(cert.expiryDate().toUTC(), + QDateTime(QDate(2007, 5, 17), QTime(7,40,26), QTimeZone::UTC)); QVERIFY(cert.expiryDate() < QDateTime::currentDateTime()); // cert has expired QSslCertificate copy = cert; @@ -876,7 +896,7 @@ void tst_QSslCertificate::task256066toPem() void tst_QSslCertificate::nulInCN() { - if (isNonOpenSslTls) + if (currentBackend() != TLSBackend::OpenSSL) QSKIP("Generic QSslCertificatePrivate fails this test"); QList<QSslCertificate> certList = @@ -896,7 +916,7 @@ void tst_QSslCertificate::nulInCN() void tst_QSslCertificate::nulInSan() { - if (isNonOpenSslTls) + if (currentBackend() != TLSBackend::OpenSSL) QSKIP("Generic QSslCertificatePrivate fails this test"); QList<QSslCertificate> certList = @@ -938,16 +958,18 @@ void tst_QSslCertificate::largeExpirationDate() // QTBUG-12489 const QSslCertificate &cert = certList.at(0); QVERIFY(!cert.isNull()); - QCOMPARE(cert.effectiveDate().toUTC(), QDateTime(QDate(2010, 8, 4), QTime(9, 53, 41), Qt::UTC)); + QCOMPARE(cert.effectiveDate().toUTC(), + QDateTime(QDate(2010, 8, 4), QTime(9, 53, 41), QTimeZone::UTC)); // if the date is larger than 2049, then the generalized time format is used - QCOMPARE(cert.expiryDate().toUTC(), QDateTime(QDate(2051, 8, 29), QTime(9, 53, 41), Qt::UTC)); + QCOMPARE(cert.expiryDate().toUTC(), + QDateTime(QDate(2051, 8, 29), QTime(9, 53, 41), QTimeZone::UTC)); } void tst_QSslCertificate::blacklistedCertificates() { QList<QSslCertificate> blacklistedCerts = QSslCertificate::fromPath(testDataDir + "more-certificates/blacklisted*.pem", QSsl::Pem, QSslCertificate::PatternSyntax::Wildcard); - QVERIFY(blacklistedCerts.count() > 0); - for (int a = 0; a < blacklistedCerts.count(); a++) { + QVERIFY(blacklistedCerts.size() > 0); + for (int a = 0; a < blacklistedCerts.size(); a++) { QVERIFY(blacklistedCerts.at(a).isBlacklisted()); } } @@ -961,7 +983,7 @@ void tst_QSslCertificate::selfsignedCertificates() void tst_QSslCertificate::toText() { - if (isNonOpenSslTls) + if (currentBackend() != TLSBackend::OpenSSL) QSKIP("QSslCertificate::toText is not implemented on platforms which do not use openssl"); QList<QSslCertificate> certList = @@ -989,7 +1011,7 @@ void tst_QSslCertificate::multipleCommonNames() { QList<QSslCertificate> certList = QSslCertificate::fromPath(testDataDir + "more-certificates/test-cn-two-cns-cert.pem", QSsl::Pem, QSslCertificate::PatternSyntax::FixedString); - QVERIFY(certList.count() > 0); + QVERIFY(certList.size() > 0); QStringList commonNames = certList[0].subjectInfo(QSslCertificate::CommonName); QVERIFY(commonNames.contains(QString("www.example.com"))); @@ -1000,18 +1022,18 @@ void tst_QSslCertificate::subjectAndIssuerAttributes() { QList<QSslCertificate> certList = QSslCertificate::fromPath(testDataDir + "more-certificates/test-cn-with-drink-cert.pem", QSsl::Pem, QSslCertificate::PatternSyntax::FixedString); - QVERIFY(certList.count() > 0); + QVERIFY(certList.size() > 0); QList<QByteArray> attributes = certList[0].subjectInfoAttributes(); QVERIFY(attributes.contains(QByteArray("favouriteDrink"))); attributes.clear(); certList = QSslCertificate::fromPath(testDataDir + "more-certificates/natwest-banking.pem", QSsl::Pem, QSslCertificate::PatternSyntax::FixedString); - QVERIFY(certList.count() > 0); + QVERIFY(certList.size() > 0); QByteArray shortName("1.3.6.1.4.1.311.60.2.1.3"); #if !defined(QT_NO_OPENSSL) && defined(SN_jurisdictionCountryName) - if (!isNonOpenSslTls) + if (currentBackend() == TLSBackend::OpenSSL) shortName = SN_jurisdictionCountryName; #endif attributes = certList[0].subjectInfoAttributes(); @@ -1020,8 +1042,8 @@ void tst_QSslCertificate::subjectAndIssuerAttributes() void tst_QSslCertificate::verify() { - if (isNonOpenSslTls) - QSKIP("Not implemented in SecureTransport or Schannel"); + if (currentBackend() != TLSBackend::OpenSSL) + QSKIP("Only implemented for OpenSSL"); QList<QSslError> errors; QList<QSslCertificate> toVerify; @@ -1034,7 +1056,7 @@ void tst_QSslCertificate::verify() // Empty chain is unspecified error errors = QSslCertificate::verify(toVerify); - VERIFY_VERBOSE(errors.count() == 1); + VERIFY_VERBOSE(errors.size() == 1); VERIFY_VERBOSE(errors[0] == QSslError(QSslError::UnspecifiedError)); errors.clear(); @@ -1053,14 +1075,14 @@ void tst_QSslCertificate::verify() toVerify = QSslCertificate::fromPath(testDataDir + "verify-certs/test-ocsp-good-cert.pem", QSsl::Pem, QSslCertificate::PatternSyntax::FixedString); errors = QSslCertificate::verify(toVerify); - VERIFY_VERBOSE(errors.count() == 0); + VERIFY_VERBOSE(errors.size() == 0); errors.clear(); // Test a blacklisted certificate toVerify = QSslCertificate::fromPath(testDataDir + "verify-certs/test-addons-mozilla-org-cert.pem", QSsl::Pem, QSslCertificate::PatternSyntax::FixedString); errors = QSslCertificate::verify(toVerify); bool foundBlack = false; - foreach (const QSslError &error, errors) { + for (const QSslError &error : std::as_const(errors)) { if (error.error() == QSslError::CertificateBlacklisted) { foundBlack = true; break; @@ -1088,11 +1110,11 @@ void tst_QSslCertificate::verify() toVerify << QSslCertificate::fromPath(testDataDir + "verify-certs/test-intermediate-is-ca-cert.pem", QSsl::Pem, QSslCertificate::PatternSyntax::FixedString).first(); toVerify << QSslCertificate::fromPath(testDataDir + "verify-certs/test-intermediate-ca-cert.pem", QSsl::Pem, QSslCertificate::PatternSyntax::FixedString).first(); errors = QSslCertificate::verify(toVerify); - VERIFY_VERBOSE(errors.count() == 0); + VERIFY_VERBOSE(errors.size() == 0); // Recheck the above with hostname validation errors = QSslCertificate::verify(toVerify, QLatin1String("example.com")); - VERIFY_VERBOSE(errors.count() == 0); + VERIFY_VERBOSE(errors.size() == 0); // Recheck the above with a bad hostname errors = QSslCertificate::verify(toVerify, QLatin1String("fail.example.com")); @@ -1106,9 +1128,8 @@ QString tst_QSslCertificate::toString(const QList<QSslError>& errors) { QStringList errorStrings; - foreach (const QSslError& error, errors) { + for (const QSslError &error : errors) errorStrings.append(QLatin1Char('"') + error.errorString() + QLatin1Char('"')); - } return QLatin1String("[ ") + errorStrings.join(QLatin1String(", ")) + QLatin1String(" ]"); } @@ -1117,11 +1138,11 @@ void tst_QSslCertificate::extensions() { QList<QSslCertificate> certList = QSslCertificate::fromPath(testDataDir + "more-certificates/natwest-banking.pem", QSsl::Pem, QSslCertificate::PatternSyntax::FixedString); - QVERIFY(certList.count() > 0); + QVERIFY(certList.size() > 0); QSslCertificate cert = certList[0]; QList<QSslCertificateExtension> extensions = cert.extensions(); - QCOMPARE(extensions.count(), 9); + QCOMPARE(extensions.size(), 9); int unknown_idx = -1; int authority_info_idx = -1; @@ -1129,7 +1150,7 @@ void tst_QSslCertificate::extensions() int subject_key_idx = -1; int auth_key_idx = -1; - for (int i=0; i < extensions.length(); ++i) { + for (int i=0; i < extensions.size(); ++i) { QSslCertificateExtension ext = extensions[i]; //qDebug() << i << ":" << ext.name() << ext.oid(); @@ -1215,16 +1236,16 @@ void tst_QSslCertificate::extensionsCritical() { QList<QSslCertificate> certList = QSslCertificate::fromPath(testDataDir + "verify-certs/test-addons-mozilla-org-cert.pem", QSsl::Pem, QSslCertificate::PatternSyntax::FixedString); - QVERIFY(certList.count() > 0); + QVERIFY(certList.size() > 0); QSslCertificate cert = certList[0]; QList<QSslCertificateExtension> extensions = cert.extensions(); - QCOMPARE(extensions.count(), 9); + QCOMPARE(extensions.size(), 9); int basic_constraints_idx = -1; int key_usage_idx = -1; - for (int i=0; i < extensions.length(); ++i) { + for (int i=0; i < extensions.size(); ++i) { QSslCertificateExtension ext = extensions[i]; if (ext.name() == QStringLiteral("basicConstraints")) @@ -1362,9 +1383,8 @@ void tst_QSslCertificate::pkcs12() return; } -#if !defined(QT_NO_OPENSSL) && OPENSSL_VERSION_MAJOR >= 3 - QSKIP("leaf.p12 is using RC2, which is disabled by default in OpenSSL v >= 3"); -#endif + if (currentBackend() == TLSBackend::OpenSSL && QSslSocket::sslLibraryVersionNumber() >= 0x30000000L) + QSKIP("leaf.p12 is using RC2, which is disabled by default in OpenSSL v >= 3"); QFile f(testDataDir + QLatin1String("pkcs12/leaf.p12")); bool ok = f.open(QIODevice::ReadOnly); @@ -1374,8 +1394,8 @@ void tst_QSslCertificate::pkcs12() QSslCertificate cert; QList<QSslCertificate> caCerts; - if (isNonOpenSslTls) - QEXPECT_FAIL("", "pkcs12 imports are only supported when openssl is used", Abort); // TODO? + if (currentBackend() != TLSBackend::OpenSSL) + QEXPECT_FAIL("", "pkcs12 imports are not available with the current TLS backend", Abort); // TODO? ok = QSslCertificate::importPkcs12(&f, &key, &cert, &caCerts); QVERIFY(ok); @@ -1407,7 +1427,8 @@ void tst_QSslCertificate::pkcs12() QFile nocert(testDataDir + QLatin1String("pkcs12/leaf-nokey.p12")); ok = nocert.open(QIODevice::ReadOnly); QVERIFY(ok); - QTest::ignoreMessage(QtWarningMsg, "Unable to convert private key"); + if (currentBackend() == TLSBackend::OpenSSL) + QTest::ignoreMessage(QtWarningMsg, "Unable to convert private key"); ok = QSslCertificate::importPkcs12(&nocert, &key, &cert, &caCerts); QVERIFY(!ok); nocert.close(); |