summaryrefslogtreecommitdiffstats
path: root/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp')
-rw-r--r--tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp96
1 files changed, 61 insertions, 35 deletions
diff --git a/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp b/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp
index 9e2b8b272d..b51053effd 100644
--- a/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp
+++ b/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp
@@ -1,17 +1,19 @@
// Copyright (C) 2016 The Qt Company Ltd.
-// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only WITH Qt-GPL-exception-1.0
-
+// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only
#include <QTest>
#include <QtNetwork/qtnetworkglobal.h>
+
+#include <QtCore/qdatetime.h>
+#include <QtCore/qtimezone.h>
+#include <QtCore/qscopeguard.h>
#include <QtCore/qset.h>
#include <qsslcertificate.h>
#include <qsslkey.h>
#include <qsslsocket.h>
#include <qsslcertificateextension.h>
-#include <qscopeguard.h>
#ifndef QT_NO_OPENSSL
#include <openssl/opensslv.h>
@@ -100,7 +102,31 @@ private slots:
#endif // QT_CONFIG(ssl)
private:
QString testDataDir;
- bool isNonOpenSslTls = false;
+
+ enum class TLSBackend {
+ OpenSSL,
+ Schannel,
+ SecureTransport,
+ CertOnly,
+ Unknown,
+ };
+ static TLSBackend currentBackend()
+ {
+ static TLSBackend activeBackend = []() {
+ using namespace Qt::StringLiterals;
+ const QString active = QSslSocket::activeBackend();
+ if (active == "openssl"_L1)
+ return TLSBackend::OpenSSL;
+ if (active == "schannel")
+ return TLSBackend::Schannel;
+ if (active == "securetransport")
+ return TLSBackend::SecureTransport;
+ if (active == "cert-only")
+ return TLSBackend::CertOnly;
+ return TLSBackend::Unknown;
+ }();
+ return activeBackend;
+ }
};
void tst_QSslCertificate::initTestCase()
@@ -111,16 +137,14 @@ void tst_QSslCertificate::initTestCase()
if (!testDataDir.endsWith(QLatin1String("/")))
testDataDir += QLatin1String("/");
- isNonOpenSslTls = QSslSocket::activeBackend() != QStringLiteral("openssl");
-
QDir dir(testDataDir + "certificates");
- QFileInfoList fileInfoList = dir.entryInfoList(QDir::Files | QDir::Readable);
+ const QFileInfoList fileInfoList = dir.entryInfoList(QDir::Files | QDir::Readable);
QRegularExpression rxCert(QLatin1String("^.+\\.(pem|der)$"));
QRegularExpression rxSan(QLatin1String("^(.+\\.(?:pem|der))\\.san$"));
QRegularExpression rxPubKey(QLatin1String("^(.+\\.(?:pem|der))\\.pubkey$"));
QRegularExpression rxDigest(QLatin1String("^(.+\\.(?:pem|der))\\.digest-(md5|sha1)$"));
QRegularExpressionMatch match;
- foreach (QFileInfo fileInfo, fileInfoList) {
+ for (const QFileInfo &fileInfo : fileInfoList) {
if ((match = rxCert.match(fileInfo.fileName())).hasMatch())
certInfoList <<
CertInfo(fileInfo,
@@ -183,7 +207,7 @@ void tst_QSslCertificate::createTestRows()
{
QTest::addColumn<QString>("absFilePath");
QTest::addColumn<QSsl::EncodingFormat>("format");
- foreach (CertInfo certInfo, certInfoList) {
+ for (const CertInfo &certInfo : std::as_const(certInfoList)) {
QTest::newRow(certInfo.fileInfo.fileName().toLatin1())
<< certInfo.fileInfo.absoluteFilePath() << certInfo.format;
}
@@ -314,7 +338,7 @@ void tst_QSslCertificate::digest_data()
QTest::addColumn<QSsl::EncodingFormat>("format");
QTest::addColumn<QString>("absFilePath_digest_md5");
QTest::addColumn<QString>("absFilePath_digest_sha1");
- foreach (CertInfo certInfo, certInfoList) {
+ for (const CertInfo &certInfo : std::as_const(certInfoList)) {
QString certName = certInfo.fileInfo.fileName();
QTest::newRow(certName.toLatin1())
<< certInfo.fileInfo.absoluteFilePath()
@@ -367,7 +391,7 @@ void tst_QSslCertificate::subjectAlternativeNames_data()
QTest::addColumn<QSsl::EncodingFormat>("format");
QTest::addColumn<QString>("subjAltNameFilePath");
- foreach (CertInfo certInfo, certInfoList) {
+ for (const CertInfo &certInfo : std::as_const(certInfoList)) {
QString certName = certInfo.fileInfo.fileName();
if (subjAltNameMap.contains(certName))
QTest::newRow(certName.toLatin1())
@@ -449,7 +473,7 @@ void tst_QSslCertificate::subjectInfoToString()
QVERIFY(testInfo(QSslCertificate::DistinguishedNameQualifier, QString()));
QVERIFY(testInfo(QSslCertificate::SerialNumber, QString()));
// TODO: check why generic code does not handle this!
- if (!isNonOpenSslTls)
+ if (currentBackend() == TLSBackend::OpenSSL)
QVERIFY(testInfo(QSslCertificate::EmailAddress, QStringLiteral("ababic@trolltech.com")));
}
@@ -461,9 +485,8 @@ void tst_QSslCertificate::subjectIssuerDisplayName_data()
QTest::addRow("CommonName") << QStringLiteral("more-certificates/cert-cn.pem") << QStringLiteral("YOUR name");
QTest::addRow("OrganizationName") << QStringLiteral("more-certificates/cert-on.pem") << QStringLiteral("R&D");
QTest::addRow("OrganizationUnitName") << QStringLiteral("more-certificates/cert-oun.pem") << QStringLiteral("Foundations");
-#ifndef QT_NO_OPENSSL
- QTest::addRow("NoSubjectName") << QStringLiteral("more-certificates/cert-noname.pem") << QString();
-#endif
+ if (currentBackend() == TLSBackend::OpenSSL)
+ QTest::addRow("NoSubjectName") << QStringLiteral("more-certificates/cert-noname.pem") << QString();
}
void tst_QSslCertificate::subjectIssuerDisplayName()
@@ -506,7 +529,7 @@ void tst_QSslCertificate::publicKey_data()
QTest::addColumn<QSsl::EncodingFormat>("format");
QTest::addColumn<QString>("pubkeyFilePath");
- foreach (CertInfo certInfo, certInfoList) {
+ for (const CertInfo &certInfo : std::as_const(certInfoList)) {
QString certName = certInfo.fileInfo.fileName();
if (pubkeyMap.contains(certName))
QTest::newRow(certName.toLatin1())
@@ -808,8 +831,10 @@ void tst_QSslCertificate::certInfo()
QCOMPARE(cert.digest(QCryptographicHash::Sha1),
QByteArray::fromHex("B6:D1:51:82:E0:29:CA:59:96:38:BD:B6:F9:40:05:91:6D:49:09:60"));
- QCOMPARE(cert.effectiveDate().toUTC(), QDateTime(QDate(2007, 4, 17), QTime(7,40,26), Qt::UTC));
- QCOMPARE(cert.expiryDate().toUTC(), QDateTime(QDate(2007, 5, 17), QTime(7,40,26), Qt::UTC));
+ QCOMPARE(cert.effectiveDate().toUTC(),
+ QDateTime(QDate(2007, 4, 17), QTime(7,40,26), QTimeZone::UTC));
+ QCOMPARE(cert.expiryDate().toUTC(),
+ QDateTime(QDate(2007, 5, 17), QTime(7,40,26), QTimeZone::UTC));
QVERIFY(cert.expiryDate() < QDateTime::currentDateTime()); // cert has expired
QSslCertificate copy = cert;
@@ -871,7 +896,7 @@ void tst_QSslCertificate::task256066toPem()
void tst_QSslCertificate::nulInCN()
{
- if (isNonOpenSslTls)
+ if (currentBackend() != TLSBackend::OpenSSL)
QSKIP("Generic QSslCertificatePrivate fails this test");
QList<QSslCertificate> certList =
@@ -891,7 +916,7 @@ void tst_QSslCertificate::nulInCN()
void tst_QSslCertificate::nulInSan()
{
- if (isNonOpenSslTls)
+ if (currentBackend() != TLSBackend::OpenSSL)
QSKIP("Generic QSslCertificatePrivate fails this test");
QList<QSslCertificate> certList =
@@ -933,9 +958,11 @@ void tst_QSslCertificate::largeExpirationDate() // QTBUG-12489
const QSslCertificate &cert = certList.at(0);
QVERIFY(!cert.isNull());
- QCOMPARE(cert.effectiveDate().toUTC(), QDateTime(QDate(2010, 8, 4), QTime(9, 53, 41), Qt::UTC));
+ QCOMPARE(cert.effectiveDate().toUTC(),
+ QDateTime(QDate(2010, 8, 4), QTime(9, 53, 41), QTimeZone::UTC));
// if the date is larger than 2049, then the generalized time format is used
- QCOMPARE(cert.expiryDate().toUTC(), QDateTime(QDate(2051, 8, 29), QTime(9, 53, 41), Qt::UTC));
+ QCOMPARE(cert.expiryDate().toUTC(),
+ QDateTime(QDate(2051, 8, 29), QTime(9, 53, 41), QTimeZone::UTC));
}
void tst_QSslCertificate::blacklistedCertificates()
@@ -956,7 +983,7 @@ void tst_QSslCertificate::selfsignedCertificates()
void tst_QSslCertificate::toText()
{
- if (isNonOpenSslTls)
+ if (currentBackend() != TLSBackend::OpenSSL)
QSKIP("QSslCertificate::toText is not implemented on platforms which do not use openssl");
QList<QSslCertificate> certList =
@@ -1006,7 +1033,7 @@ void tst_QSslCertificate::subjectAndIssuerAttributes()
QByteArray shortName("1.3.6.1.4.1.311.60.2.1.3");
#if !defined(QT_NO_OPENSSL) && defined(SN_jurisdictionCountryName)
- if (!isNonOpenSslTls)
+ if (currentBackend() == TLSBackend::OpenSSL)
shortName = SN_jurisdictionCountryName;
#endif
attributes = certList[0].subjectInfoAttributes();
@@ -1015,8 +1042,8 @@ void tst_QSslCertificate::subjectAndIssuerAttributes()
void tst_QSslCertificate::verify()
{
- if (isNonOpenSslTls)
- QSKIP("Not implemented in SecureTransport or Schannel");
+ if (currentBackend() != TLSBackend::OpenSSL)
+ QSKIP("Only implemented for OpenSSL");
QList<QSslError> errors;
QList<QSslCertificate> toVerify;
@@ -1055,7 +1082,7 @@ void tst_QSslCertificate::verify()
toVerify = QSslCertificate::fromPath(testDataDir + "verify-certs/test-addons-mozilla-org-cert.pem", QSsl::Pem, QSslCertificate::PatternSyntax::FixedString);
errors = QSslCertificate::verify(toVerify);
bool foundBlack = false;
- foreach (const QSslError &error, errors) {
+ for (const QSslError &error : std::as_const(errors)) {
if (error.error() == QSslError::CertificateBlacklisted) {
foundBlack = true;
break;
@@ -1101,9 +1128,8 @@ QString tst_QSslCertificate::toString(const QList<QSslError>& errors)
{
QStringList errorStrings;
- foreach (const QSslError& error, errors) {
+ for (const QSslError &error : errors)
errorStrings.append(QLatin1Char('"') + error.errorString() + QLatin1Char('"'));
- }
return QLatin1String("[ ") + errorStrings.join(QLatin1String(", ")) + QLatin1String(" ]");
}
@@ -1357,9 +1383,8 @@ void tst_QSslCertificate::pkcs12()
return;
}
-#if !defined(QT_NO_OPENSSL) && OPENSSL_VERSION_MAJOR >= 3
- QSKIP("leaf.p12 is using RC2, which is disabled by default in OpenSSL v >= 3");
-#endif
+ if (currentBackend() == TLSBackend::OpenSSL && QSslSocket::sslLibraryVersionNumber() >= 0x30000000L)
+ QSKIP("leaf.p12 is using RC2, which is disabled by default in OpenSSL v >= 3");
QFile f(testDataDir + QLatin1String("pkcs12/leaf.p12"));
bool ok = f.open(QIODevice::ReadOnly);
@@ -1369,8 +1394,8 @@ void tst_QSslCertificate::pkcs12()
QSslCertificate cert;
QList<QSslCertificate> caCerts;
- if (isNonOpenSslTls)
- QEXPECT_FAIL("", "pkcs12 imports are only supported when openssl is used", Abort); // TODO?
+ if (currentBackend() != TLSBackend::OpenSSL)
+ QEXPECT_FAIL("", "pkcs12 imports are not available with the current TLS backend", Abort); // TODO?
ok = QSslCertificate::importPkcs12(&f, &key, &cert, &caCerts);
QVERIFY(ok);
@@ -1402,7 +1427,8 @@ void tst_QSslCertificate::pkcs12()
QFile nocert(testDataDir + QLatin1String("pkcs12/leaf-nokey.p12"));
ok = nocert.open(QIODevice::ReadOnly);
QVERIFY(ok);
- QTest::ignoreMessage(QtWarningMsg, "Unable to convert private key");
+ if (currentBackend() == TLSBackend::OpenSSL)
+ QTest::ignoreMessage(QtWarningMsg, "Unable to convert private key");
ok = QSslCertificate::importPkcs12(&nocert, &key, &cert, &caCerts);
QVERIFY(!ok);
nocert.close();
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-30 22:04:00 +0000