diff options
Diffstat (limited to 'tests/auto/network/ssl/qsslcertificate')
-rw-r--r-- | tests/auto/network/ssl/qsslcertificate/CMakeLists.txt | 13 | ||||
-rw-r--r-- | tests/auto/network/ssl/qsslcertificate/more-certificates/cert-large-expiration-date.txt.0.9.8 | 42 | ||||
-rw-r--r-- | tests/auto/network/ssl/qsslcertificate/more-certificates/cert-large-expiration-date.txt.1.0.1 | 42 | ||||
-rw-r--r-- | tests/auto/network/ssl/qsslcertificate/more-certificates/cert-large-expiration-date.txt.1.0.1c | 41 | ||||
-rw-r--r-- | tests/auto/network/ssl/qsslcertificate/more-certificates/cert-large-expiration-date.txt.3.0.5 (renamed from tests/auto/network/ssl/qsslcertificate/more-certificates/cert-large-expiration-date.txt.1.0.0) | 4 | ||||
-rw-r--r-- | tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp | 162 |
6 files changed, 96 insertions, 208 deletions
diff --git a/tests/auto/network/ssl/qsslcertificate/CMakeLists.txt b/tests/auto/network/ssl/qsslcertificate/CMakeLists.txt index 455cec2bdd..6f81a5e030 100644 --- a/tests/auto/network/ssl/qsslcertificate/CMakeLists.txt +++ b/tests/auto/network/ssl/qsslcertificate/CMakeLists.txt @@ -1,18 +1,20 @@ # Copyright (C) 2022 The Qt Company Ltd. -# SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only WITH Qt-GPL-exception-1.0 - -# Generated from qsslcertificate.pro. +# SPDX-License-Identifier: BSD-3-Clause ##################################################################### ## tst_qsslcertificate Test: ##################################################################### -# special case begin +if(NOT QT_BUILD_STANDALONE_TESTS AND NOT QT_BUILDING_QT) + cmake_minimum_required(VERSION 3.16) + project(tst_qsslcertificate LANGUAGES CXX) + find_package(Qt6BuildInternals REQUIRED COMPONENTS STANDALONE_TEST) +endif() + # This test requires private tests to properly build if (NOT QT_FEATURE_private_tests) return() endif() -# special case end # Collect test data file(GLOB_RECURSE test_data_glob @@ -38,4 +40,5 @@ qt_internal_add_test(tst_qsslcertificate LIBRARIES Qt::Network TESTDATA ${test_data} + BUNDLE_ANDROID_OPENSSL_LIBS ) diff --git a/tests/auto/network/ssl/qsslcertificate/more-certificates/cert-large-expiration-date.txt.0.9.8 b/tests/auto/network/ssl/qsslcertificate/more-certificates/cert-large-expiration-date.txt.0.9.8 deleted file mode 100644 index 20500b221f..0000000000 --- a/tests/auto/network/ssl/qsslcertificate/more-certificates/cert-large-expiration-date.txt.0.9.8 +++ /dev/null @@ -1,42 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - ce:db:31:28:45:c4:05:40 - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd - Validity - Not Before: Aug 4 09:53:41 2010 GMT - Not After : Aug 29 09:53:41 2051 GMT - Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:cd:aa:db:6f:d6:34:c9:a7:f1:c0:be:e4:41:18: - 19:e2:02:c9:22:e6:a7:d5:ba:03:2e:9e:28:7a:f4: - 5f:1a:77:5f:77:a9:11:3b:8f:7e:f0:2e:c6:9e:eb: - 3a:d9:12:d7:c1:0c:51:e8:24:52:3f:23:c3:42:0c: - 11:c6:f2:1c:a1:42:fe:b4:c2:69:83:ad:f7:70:b1: - 18:15:cc:20:28:62:30:f0:2c:15:e6:33:19:af:c3: - eb:1c:c0:91:f7:11:68:94:50:f8:49:37:08:32:d7: - 3e:75:df:a3:bc:69:00:15:de:cd:87:0f:5c:02:6b: - 82:c8:01:7d:6a:f0:1d:dc:73 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Subject Key Identifier: - 8A:6E:19:E7:97:9B:8F:D9:7F:B3:BB:01:4F:E8:6A:2F:52:95:0D:D9 - X509v3 Authority Key Identifier: - keyid:8A:6E:19:E7:97:9B:8F:D9:7F:B3:BB:01:4F:E8:6A:2F:52:95:0D:D9 - - X509v3 Basic Constraints: - CA:TRUE - Signature Algorithm: sha1WithRSAEncryption - a1:74:8e:5d:36:96:2c:05:7e:ea:66:cc:2e:68:c7:3d:93:dc: - 8c:a3:11:ad:b5:7e:6e:d0:04:c4:09:bd:0a:f9:39:3b:97:d7: - f0:bb:0c:09:7b:83:fe:bf:87:b0:47:e8:94:b7:aa:9c:79:ad: - 71:9e:b7:c4:99:98:6f:1d:38:32:f8:a3:75:38:c4:e5:e7:37: - 37:21:ec:7b:50:8b:15:b0:97:1e:17:9c:50:17:3c:c1:df:94: - 55:fb:60:2e:50:40:d1:ea:23:c6:3c:21:6f:97:8c:06:16:a5: - 82:72:c1:63:14:64:86:eb:d7:ff:72:f6:09:f5:6d:e6:04:13: - 7a:6a diff --git a/tests/auto/network/ssl/qsslcertificate/more-certificates/cert-large-expiration-date.txt.1.0.1 b/tests/auto/network/ssl/qsslcertificate/more-certificates/cert-large-expiration-date.txt.1.0.1 deleted file mode 100644 index 1a7d945b76..0000000000 --- a/tests/auto/network/ssl/qsslcertificate/more-certificates/cert-large-expiration-date.txt.1.0.1 +++ /dev/null @@ -1,42 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - ce:db:31:28:45:c4:05:40 - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd - Validity - Not Before: Aug 4 09:53:41 2010 GMT - Not After : Aug 29 09:53:41 2051 GMT - Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (1024 bit) - Modulus: - 00:cd:aa:db:6f:d6:34:c9:a7:f1:c0:be:e4:41:18: - 19:e2:02:c9:22:e6:a7:d5:ba:03:2e:9e:28:7a:f4: - 5f:1a:77:5f:77:a9:11:3b:8f:7e:f0:2e:c6:9e:eb: - 3a:d9:12:d7:c1:0c:51:e8:24:52:3f:23:c3:42:0c: - 11:c6:f2:1c:a1:42:fe:b4:c2:69:83:ad:f7:70:b1: - 18:15:cc:20:28:62:30:f0:2c:15:e6:33:19:af:c3: - eb:1c:c0:91:f7:11:68:94:50:f8:49:37:08:32:d7: - 3e:75:df:a3:bc:69:00:15:de:cd:87:0f:5c:02:6b: - 82:c8:01:7d:6a:f0:1d:dc:73 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Subject Key Identifier: - 8A:6E:19:E7:97:9B:8F:D9:7F:B3:BB:01:4F:E8:6A:2F:52:95:0D:D9 - X509v3 Authority Key Identifier: - keyid:8A:6E:19:E7:97:9B:8F:D9:7F:B3:BB:01:4F:E8:6A:2F:52:95:0D:D9 - - X509v3 Basic Constraints: - CA:TRUE - Signature Algorithm: sha1WithRSAEncryption - a1:74:8e:5d:36:96:2c:05:7e:ea:66:cc:2e:68:c7:3d:93:dc: - 8c:a3:11:ad:b5:7e:6e:d0:04:c4:09:bd:0a:f9:39:3b:97:d7: - f0:bb:0c:09:7b:83:fe:bf:87:b0:47:e8:94:b7:aa:9c:79:ad: - 71:9e:b7:c4:99:98:6f:1d:38:32:f8:a3:75:38:c4:e5:e7:37: - 37:21:ec:7b:50:8b:15:b0:97:1e:17:9c:50:17:3c:c1:df:94: - 55:fb:60:2e:50:40:d1:ea:23:c6:3c:21:6f:97:8c:06:16:a5: - 82:72:c1:63:14:64:86:eb:d7:ff:72:f6:09:f5:6d:e6:04:13: - 7a:6a diff --git a/tests/auto/network/ssl/qsslcertificate/more-certificates/cert-large-expiration-date.txt.1.0.1c b/tests/auto/network/ssl/qsslcertificate/more-certificates/cert-large-expiration-date.txt.1.0.1c deleted file mode 100644 index a45ed864f4..0000000000 --- a/tests/auto/network/ssl/qsslcertificate/more-certificates/cert-large-expiration-date.txt.1.0.1c +++ /dev/null @@ -1,41 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 14905561440751715648 (0xcedb312845c40540) - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd - Validity - Not Before: Aug 4 09:53:41 2010 GMT - Not After : Aug 29 09:53:41 2051 GMT - Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (1024 bit) - Modulus: - 00:cd:aa:db:6f:d6:34:c9:a7:f1:c0:be:e4:41:18: - 19:e2:02:c9:22:e6:a7:d5:ba:03:2e:9e:28:7a:f4: - 5f:1a:77:5f:77:a9:11:3b:8f:7e:f0:2e:c6:9e:eb: - 3a:d9:12:d7:c1:0c:51:e8:24:52:3f:23:c3:42:0c: - 11:c6:f2:1c:a1:42:fe:b4:c2:69:83:ad:f7:70:b1: - 18:15:cc:20:28:62:30:f0:2c:15:e6:33:19:af:c3: - eb:1c:c0:91:f7:11:68:94:50:f8:49:37:08:32:d7: - 3e:75:df:a3:bc:69:00:15:de:cd:87:0f:5c:02:6b: - 82:c8:01:7d:6a:f0:1d:dc:73 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Subject Key Identifier: - 8A:6E:19:E7:97:9B:8F:D9:7F:B3:BB:01:4F:E8:6A:2F:52:95:0D:D9 - X509v3 Authority Key Identifier: - keyid:8A:6E:19:E7:97:9B:8F:D9:7F:B3:BB:01:4F:E8:6A:2F:52:95:0D:D9 - - X509v3 Basic Constraints: - CA:TRUE - Signature Algorithm: sha1WithRSAEncryption - a1:74:8e:5d:36:96:2c:05:7e:ea:66:cc:2e:68:c7:3d:93:dc: - 8c:a3:11:ad:b5:7e:6e:d0:04:c4:09:bd:0a:f9:39:3b:97:d7: - f0:bb:0c:09:7b:83:fe:bf:87:b0:47:e8:94:b7:aa:9c:79:ad: - 71:9e:b7:c4:99:98:6f:1d:38:32:f8:a3:75:38:c4:e5:e7:37: - 37:21:ec:7b:50:8b:15:b0:97:1e:17:9c:50:17:3c:c1:df:94: - 55:fb:60:2e:50:40:d1:ea:23:c6:3c:21:6f:97:8c:06:16:a5: - 82:72:c1:63:14:64:86:eb:d7:ff:72:f6:09:f5:6d:e6:04:13: - 7a:6a diff --git a/tests/auto/network/ssl/qsslcertificate/more-certificates/cert-large-expiration-date.txt.1.0.0 b/tests/auto/network/ssl/qsslcertificate/more-certificates/cert-large-expiration-date.txt.3.0.5 index b2ccb2751e..a2cf759c10 100644 --- a/tests/auto/network/ssl/qsslcertificate/more-certificates/cert-large-expiration-date.txt.1.0.0 +++ b/tests/auto/network/ssl/qsslcertificate/more-certificates/cert-large-expiration-date.txt.3.0.5 @@ -27,11 +27,11 @@ Certificate: X509v3 Subject Key Identifier: 8A:6E:19:E7:97:9B:8F:D9:7F:B3:BB:01:4F:E8:6A:2F:52:95:0D:D9 X509v3 Authority Key Identifier: - keyid:8A:6E:19:E7:97:9B:8F:D9:7F:B3:BB:01:4F:E8:6A:2F:52:95:0D:D9 - + 8A:6E:19:E7:97:9B:8F:D9:7F:B3:BB:01:4F:E8:6A:2F:52:95:0D:D9 X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha1WithRSAEncryption + Signature Value: a1:74:8e:5d:36:96:2c:05:7e:ea:66:cc:2e:68:c7:3d:93:dc: 8c:a3:11:ad:b5:7e:6e:d0:04:c4:09:bd:0a:f9:39:3b:97:d7: f0:bb:0c:09:7b:83:fe:bf:87:b0:47:e8:94:b7:aa:9c:79:ad: diff --git a/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp b/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp index 6799ed7ca3..b51053effd 100644 --- a/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp +++ b/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp @@ -1,19 +1,22 @@ // Copyright (C) 2016 The Qt Company Ltd. -// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only WITH Qt-GPL-exception-1.0 - +// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only #include <QTest> #include <QtNetwork/qtnetworkglobal.h> + +#include <QtCore/qdatetime.h> +#include <QtCore/qtimezone.h> +#include <QtCore/qscopeguard.h> #include <QtCore/qset.h> #include <qsslcertificate.h> #include <qsslkey.h> #include <qsslsocket.h> #include <qsslcertificateextension.h> -#include <qscopeguard.h> #ifndef QT_NO_OPENSSL +#include <openssl/opensslv.h> #include <openssl/obj_mac.h> #endif @@ -99,7 +102,31 @@ private slots: #endif // QT_CONFIG(ssl) private: QString testDataDir; - bool isNonOpenSslTls = false; + + enum class TLSBackend { + OpenSSL, + Schannel, + SecureTransport, + CertOnly, + Unknown, + }; + static TLSBackend currentBackend() + { + static TLSBackend activeBackend = []() { + using namespace Qt::StringLiterals; + const QString active = QSslSocket::activeBackend(); + if (active == "openssl"_L1) + return TLSBackend::OpenSSL; + if (active == "schannel") + return TLSBackend::Schannel; + if (active == "securetransport") + return TLSBackend::SecureTransport; + if (active == "cert-only") + return TLSBackend::CertOnly; + return TLSBackend::Unknown; + }(); + return activeBackend; + } }; void tst_QSslCertificate::initTestCase() @@ -109,22 +136,15 @@ void tst_QSslCertificate::initTestCase() testDataDir = QCoreApplication::applicationDirPath(); if (!testDataDir.endsWith(QLatin1String("/"))) testDataDir += QLatin1String("/"); -#if QT_CONFIG(opensslv11) - // In the presence of 'openssl' backend, QSslSocket will - // select 'openssl' as the default one. - isNonOpenSslTls = QSslSocket::activeBackend() != QStringLiteral("openssl"); -#else - isNonOpenSslTls = true; -#endif // QT_CONFIG(ssl) QDir dir(testDataDir + "certificates"); - QFileInfoList fileInfoList = dir.entryInfoList(QDir::Files | QDir::Readable); + const QFileInfoList fileInfoList = dir.entryInfoList(QDir::Files | QDir::Readable); QRegularExpression rxCert(QLatin1String("^.+\\.(pem|der)$")); QRegularExpression rxSan(QLatin1String("^(.+\\.(?:pem|der))\\.san$")); QRegularExpression rxPubKey(QLatin1String("^(.+\\.(?:pem|der))\\.pubkey$")); QRegularExpression rxDigest(QLatin1String("^(.+\\.(?:pem|der))\\.digest-(md5|sha1)$")); QRegularExpressionMatch match; - foreach (QFileInfo fileInfo, fileInfoList) { + for (const QFileInfo &fileInfo : fileInfoList) { if ((match = rxCert.match(fileInfo.fileName())).hasMatch()) certInfoList << CertInfo(fileInfo, @@ -187,7 +207,7 @@ void tst_QSslCertificate::createTestRows() { QTest::addColumn<QString>("absFilePath"); QTest::addColumn<QSsl::EncodingFormat>("format"); - foreach (CertInfo certInfo, certInfoList) { + for (const CertInfo &certInfo : std::as_const(certInfoList)) { QTest::newRow(certInfo.fileInfo.fileName().toLatin1()) << certInfo.fileInfo.absoluteFilePath() << certInfo.format; } @@ -318,7 +338,7 @@ void tst_QSslCertificate::digest_data() QTest::addColumn<QSsl::EncodingFormat>("format"); QTest::addColumn<QString>("absFilePath_digest_md5"); QTest::addColumn<QString>("absFilePath_digest_sha1"); - foreach (CertInfo certInfo, certInfoList) { + for (const CertInfo &certInfo : std::as_const(certInfoList)) { QString certName = certInfo.fileInfo.fileName(); QTest::newRow(certName.toLatin1()) << certInfo.fileInfo.absoluteFilePath() @@ -371,7 +391,7 @@ void tst_QSslCertificate::subjectAlternativeNames_data() QTest::addColumn<QSsl::EncodingFormat>("format"); QTest::addColumn<QString>("subjAltNameFilePath"); - foreach (CertInfo certInfo, certInfoList) { + for (const CertInfo &certInfo : std::as_const(certInfoList)) { QString certName = certInfo.fileInfo.fileName(); if (subjAltNameMap.contains(certName)) QTest::newRow(certName.toLatin1()) @@ -453,7 +473,7 @@ void tst_QSslCertificate::subjectInfoToString() QVERIFY(testInfo(QSslCertificate::DistinguishedNameQualifier, QString())); QVERIFY(testInfo(QSslCertificate::SerialNumber, QString())); // TODO: check why generic code does not handle this! - if (!isNonOpenSslTls) + if (currentBackend() == TLSBackend::OpenSSL) QVERIFY(testInfo(QSslCertificate::EmailAddress, QStringLiteral("ababic@trolltech.com"))); } @@ -465,9 +485,8 @@ void tst_QSslCertificate::subjectIssuerDisplayName_data() QTest::addRow("CommonName") << QStringLiteral("more-certificates/cert-cn.pem") << QStringLiteral("YOUR name"); QTest::addRow("OrganizationName") << QStringLiteral("more-certificates/cert-on.pem") << QStringLiteral("R&D"); QTest::addRow("OrganizationUnitName") << QStringLiteral("more-certificates/cert-oun.pem") << QStringLiteral("Foundations"); -#ifndef QT_NO_OPENSSL - QTest::addRow("NoSubjectName") << QStringLiteral("more-certificates/cert-noname.pem") << QString(); -#endif + if (currentBackend() == TLSBackend::OpenSSL) + QTest::addRow("NoSubjectName") << QStringLiteral("more-certificates/cert-noname.pem") << QString(); } void tst_QSslCertificate::subjectIssuerDisplayName() @@ -497,7 +516,7 @@ void tst_QSslCertificate::utf8SubjectNames() static const char *ou = "\xe3\x88\xa7" "A" "\xe3\x89\x81\xef\xbd\xab" "BC"; // the following two tests should help find "\x"-literal encoding bugs in the test itself - QCOMPARE(cert.subjectInfo("O")[0].length(), QString::fromUtf8(o).length()); + QCOMPARE(cert.subjectInfo("O")[0].size(), QString::fromUtf8(o).size()); QCOMPARE (cert.subjectInfo("O")[0].toUtf8().toHex(), QByteArray(o).toHex()); QCOMPARE(cert.subjectInfo("O")[0], QString::fromUtf8(o)); @@ -510,7 +529,7 @@ void tst_QSslCertificate::publicKey_data() QTest::addColumn<QSsl::EncodingFormat>("format"); QTest::addColumn<QString>("pubkeyFilePath"); - foreach (CertInfo certInfo, certInfoList) { + for (const CertInfo &certInfo : std::as_const(certInfoList)) { QString certName = certInfo.fileInfo.fileName(); if (pubkeyMap.contains(certName)) QTest::newRow(certName.toLatin1()) @@ -812,8 +831,10 @@ void tst_QSslCertificate::certInfo() QCOMPARE(cert.digest(QCryptographicHash::Sha1), QByteArray::fromHex("B6:D1:51:82:E0:29:CA:59:96:38:BD:B6:F9:40:05:91:6D:49:09:60")); - QCOMPARE(cert.effectiveDate().toUTC(), QDateTime(QDate(2007, 4, 17), QTime(7,40,26), Qt::UTC)); - QCOMPARE(cert.expiryDate().toUTC(), QDateTime(QDate(2007, 5, 17), QTime(7,40,26), Qt::UTC)); + QCOMPARE(cert.effectiveDate().toUTC(), + QDateTime(QDate(2007, 4, 17), QTime(7,40,26), QTimeZone::UTC)); + QCOMPARE(cert.expiryDate().toUTC(), + QDateTime(QDate(2007, 5, 17), QTime(7,40,26), QTimeZone::UTC)); QVERIFY(cert.expiryDate() < QDateTime::currentDateTime()); // cert has expired QSslCertificate copy = cert; @@ -875,7 +896,7 @@ void tst_QSslCertificate::task256066toPem() void tst_QSslCertificate::nulInCN() { - if (isNonOpenSslTls) + if (currentBackend() != TLSBackend::OpenSSL) QSKIP("Generic QSslCertificatePrivate fails this test"); QList<QSslCertificate> certList = @@ -895,7 +916,7 @@ void tst_QSslCertificate::nulInCN() void tst_QSslCertificate::nulInSan() { - if (isNonOpenSslTls) + if (currentBackend() != TLSBackend::OpenSSL) QSKIP("Generic QSslCertificatePrivate fails this test"); QList<QSslCertificate> certList = @@ -937,16 +958,18 @@ void tst_QSslCertificate::largeExpirationDate() // QTBUG-12489 const QSslCertificate &cert = certList.at(0); QVERIFY(!cert.isNull()); - QCOMPARE(cert.effectiveDate().toUTC(), QDateTime(QDate(2010, 8, 4), QTime(9, 53, 41), Qt::UTC)); + QCOMPARE(cert.effectiveDate().toUTC(), + QDateTime(QDate(2010, 8, 4), QTime(9, 53, 41), QTimeZone::UTC)); // if the date is larger than 2049, then the generalized time format is used - QCOMPARE(cert.expiryDate().toUTC(), QDateTime(QDate(2051, 8, 29), QTime(9, 53, 41), Qt::UTC)); + QCOMPARE(cert.expiryDate().toUTC(), + QDateTime(QDate(2051, 8, 29), QTime(9, 53, 41), QTimeZone::UTC)); } void tst_QSslCertificate::blacklistedCertificates() { QList<QSslCertificate> blacklistedCerts = QSslCertificate::fromPath(testDataDir + "more-certificates/blacklisted*.pem", QSsl::Pem, QSslCertificate::PatternSyntax::Wildcard); - QVERIFY(blacklistedCerts.count() > 0); - for (int a = 0; a < blacklistedCerts.count(); a++) { + QVERIFY(blacklistedCerts.size() > 0); + for (int a = 0; a < blacklistedCerts.size(); a++) { QVERIFY(blacklistedCerts.at(a).isBlacklisted()); } } @@ -960,7 +983,7 @@ void tst_QSslCertificate::selfsignedCertificates() void tst_QSslCertificate::toText() { - if (isNonOpenSslTls) + if (currentBackend() != TLSBackend::OpenSSL) QSKIP("QSslCertificate::toText is not implemented on platforms which do not use openssl"); QList<QSslCertificate> certList = @@ -969,42 +992,26 @@ void tst_QSslCertificate::toText() QCOMPARE(certList.size(), 1); const QSslCertificate &cert = certList.at(0); - // Openssl's cert dump method changed slightly between 0.9.8, 1.0.0 and 1.01 versions, so we want it to match any output - - QFile f098(testDataDir + "more-certificates/cert-large-expiration-date.txt.0.9.8"); - QVERIFY(f098.open(QIODevice::ReadOnly | QFile::Text)); - QByteArray txt098 = f098.readAll(); - - QFile f100(testDataDir + "more-certificates/cert-large-expiration-date.txt.1.0.0"); - QVERIFY(f100.open(QIODevice::ReadOnly | QFile::Text)); - QByteArray txt100 = f100.readAll(); - - QFile f101(testDataDir + "more-certificates/cert-large-expiration-date.txt.1.0.1"); - QVERIFY(f101.open(QIODevice::ReadOnly | QFile::Text)); - QByteArray txt101 = f101.readAll(); - - QFile f101c(testDataDir + "more-certificates/cert-large-expiration-date.txt.1.0.1c"); - QVERIFY(f101c.open(QIODevice::ReadOnly | QFile::Text)); - QByteArray txt101c = f101c.readAll(); - + // Openssl's cert dump method changed slightly between 1.1.1 and 3.0.5 versions, so we want it to match any output QFile f111(testDataDir + "more-certificates/cert-large-expiration-date.txt.1.1.1"); QVERIFY(f111.open(QIODevice::ReadOnly | QFile::Text)); QByteArray txt111 = f111.readAll(); + QFile f305(testDataDir + "more-certificates/cert-large-expiration-date.txt.3.0.5"); + QVERIFY(f305.open(QIODevice::ReadOnly | QFile::Text)); + QByteArray txt305 = f305.readAll(); + QString txtcert = cert.toText(); - QVERIFY(QString::fromLatin1(txt098) == txtcert || - QString::fromLatin1(txt100) == txtcert || - QString::fromLatin1(txt101) == txtcert || - QString::fromLatin1(txt101c) == txtcert || - QString::fromLatin1(txt111) == txtcert ); + QVERIFY(QString::fromLatin1(txt111) == txtcert || + QString::fromLatin1(txt305) == txtcert); } void tst_QSslCertificate::multipleCommonNames() { QList<QSslCertificate> certList = QSslCertificate::fromPath(testDataDir + "more-certificates/test-cn-two-cns-cert.pem", QSsl::Pem, QSslCertificate::PatternSyntax::FixedString); - QVERIFY(certList.count() > 0); + QVERIFY(certList.size() > 0); QStringList commonNames = certList[0].subjectInfo(QSslCertificate::CommonName); QVERIFY(commonNames.contains(QString("www.example.com"))); @@ -1015,18 +1022,18 @@ void tst_QSslCertificate::subjectAndIssuerAttributes() { QList<QSslCertificate> certList = QSslCertificate::fromPath(testDataDir + "more-certificates/test-cn-with-drink-cert.pem", QSsl::Pem, QSslCertificate::PatternSyntax::FixedString); - QVERIFY(certList.count() > 0); + QVERIFY(certList.size() > 0); QList<QByteArray> attributes = certList[0].subjectInfoAttributes(); QVERIFY(attributes.contains(QByteArray("favouriteDrink"))); attributes.clear(); certList = QSslCertificate::fromPath(testDataDir + "more-certificates/natwest-banking.pem", QSsl::Pem, QSslCertificate::PatternSyntax::FixedString); - QVERIFY(certList.count() > 0); + QVERIFY(certList.size() > 0); QByteArray shortName("1.3.6.1.4.1.311.60.2.1.3"); #if !defined(QT_NO_OPENSSL) && defined(SN_jurisdictionCountryName) - if (!isNonOpenSslTls) + if (currentBackend() == TLSBackend::OpenSSL) shortName = SN_jurisdictionCountryName; #endif attributes = certList[0].subjectInfoAttributes(); @@ -1035,8 +1042,8 @@ void tst_QSslCertificate::subjectAndIssuerAttributes() void tst_QSslCertificate::verify() { - if (isNonOpenSslTls) - QSKIP("Not implemented in SecureTransport or Schannel"); + if (currentBackend() != TLSBackend::OpenSSL) + QSKIP("Only implemented for OpenSSL"); QList<QSslError> errors; QList<QSslCertificate> toVerify; @@ -1049,7 +1056,7 @@ void tst_QSslCertificate::verify() // Empty chain is unspecified error errors = QSslCertificate::verify(toVerify); - VERIFY_VERBOSE(errors.count() == 1); + VERIFY_VERBOSE(errors.size() == 1); VERIFY_VERBOSE(errors[0] == QSslError(QSslError::UnspecifiedError)); errors.clear(); @@ -1068,14 +1075,14 @@ void tst_QSslCertificate::verify() toVerify = QSslCertificate::fromPath(testDataDir + "verify-certs/test-ocsp-good-cert.pem", QSsl::Pem, QSslCertificate::PatternSyntax::FixedString); errors = QSslCertificate::verify(toVerify); - VERIFY_VERBOSE(errors.count() == 0); + VERIFY_VERBOSE(errors.size() == 0); errors.clear(); // Test a blacklisted certificate toVerify = QSslCertificate::fromPath(testDataDir + "verify-certs/test-addons-mozilla-org-cert.pem", QSsl::Pem, QSslCertificate::PatternSyntax::FixedString); errors = QSslCertificate::verify(toVerify); bool foundBlack = false; - foreach (const QSslError &error, errors) { + for (const QSslError &error : std::as_const(errors)) { if (error.error() == QSslError::CertificateBlacklisted) { foundBlack = true; break; @@ -1103,11 +1110,11 @@ void tst_QSslCertificate::verify() toVerify << QSslCertificate::fromPath(testDataDir + "verify-certs/test-intermediate-is-ca-cert.pem", QSsl::Pem, QSslCertificate::PatternSyntax::FixedString).first(); toVerify << QSslCertificate::fromPath(testDataDir + "verify-certs/test-intermediate-ca-cert.pem", QSsl::Pem, QSslCertificate::PatternSyntax::FixedString).first(); errors = QSslCertificate::verify(toVerify); - VERIFY_VERBOSE(errors.count() == 0); + VERIFY_VERBOSE(errors.size() == 0); // Recheck the above with hostname validation errors = QSslCertificate::verify(toVerify, QLatin1String("example.com")); - VERIFY_VERBOSE(errors.count() == 0); + VERIFY_VERBOSE(errors.size() == 0); // Recheck the above with a bad hostname errors = QSslCertificate::verify(toVerify, QLatin1String("fail.example.com")); @@ -1121,9 +1128,8 @@ QString tst_QSslCertificate::toString(const QList<QSslError>& errors) { QStringList errorStrings; - foreach (const QSslError& error, errors) { + for (const QSslError &error : errors) errorStrings.append(QLatin1Char('"') + error.errorString() + QLatin1Char('"')); - } return QLatin1String("[ ") + errorStrings.join(QLatin1String(", ")) + QLatin1String(" ]"); } @@ -1132,11 +1138,11 @@ void tst_QSslCertificate::extensions() { QList<QSslCertificate> certList = QSslCertificate::fromPath(testDataDir + "more-certificates/natwest-banking.pem", QSsl::Pem, QSslCertificate::PatternSyntax::FixedString); - QVERIFY(certList.count() > 0); + QVERIFY(certList.size() > 0); QSslCertificate cert = certList[0]; QList<QSslCertificateExtension> extensions = cert.extensions(); - QCOMPARE(extensions.count(), 9); + QCOMPARE(extensions.size(), 9); int unknown_idx = -1; int authority_info_idx = -1; @@ -1144,7 +1150,7 @@ void tst_QSslCertificate::extensions() int subject_key_idx = -1; int auth_key_idx = -1; - for (int i=0; i < extensions.length(); ++i) { + for (int i=0; i < extensions.size(); ++i) { QSslCertificateExtension ext = extensions[i]; //qDebug() << i << ":" << ext.name() << ext.oid(); @@ -1230,16 +1236,16 @@ void tst_QSslCertificate::extensionsCritical() { QList<QSslCertificate> certList = QSslCertificate::fromPath(testDataDir + "verify-certs/test-addons-mozilla-org-cert.pem", QSsl::Pem, QSslCertificate::PatternSyntax::FixedString); - QVERIFY(certList.count() > 0); + QVERIFY(certList.size() > 0); QSslCertificate cert = certList[0]; QList<QSslCertificateExtension> extensions = cert.extensions(); - QCOMPARE(extensions.count(), 9); + QCOMPARE(extensions.size(), 9); int basic_constraints_idx = -1; int key_usage_idx = -1; - for (int i=0; i < extensions.length(); ++i) { + for (int i=0; i < extensions.size(); ++i) { QSslCertificateExtension ext = extensions[i]; if (ext.name() == QStringLiteral("basicConstraints")) @@ -1377,6 +1383,9 @@ void tst_QSslCertificate::pkcs12() return; } + if (currentBackend() == TLSBackend::OpenSSL && QSslSocket::sslLibraryVersionNumber() >= 0x30000000L) + QSKIP("leaf.p12 is using RC2, which is disabled by default in OpenSSL v >= 3"); + QFile f(testDataDir + QLatin1String("pkcs12/leaf.p12")); bool ok = f.open(QIODevice::ReadOnly); QVERIFY(ok); @@ -1385,8 +1394,8 @@ void tst_QSslCertificate::pkcs12() QSslCertificate cert; QList<QSslCertificate> caCerts; - if (isNonOpenSslTls) - QEXPECT_FAIL("", "pkcs12 imports are only supported when openssl is used", Abort); // TODO? + if (currentBackend() != TLSBackend::OpenSSL) + QEXPECT_FAIL("", "pkcs12 imports are not available with the current TLS backend", Abort); // TODO? ok = QSslCertificate::importPkcs12(&f, &key, &cert, &caCerts); QVERIFY(ok); @@ -1418,7 +1427,8 @@ void tst_QSslCertificate::pkcs12() QFile nocert(testDataDir + QLatin1String("pkcs12/leaf-nokey.p12")); ok = nocert.open(QIODevice::ReadOnly); QVERIFY(ok); - QTest::ignoreMessage(QtWarningMsg, "Unable to convert private key"); + if (currentBackend() == TLSBackend::OpenSSL) + QTest::ignoreMessage(QtWarningMsg, "Unable to convert private key"); ok = QSslCertificate::importPkcs12(&nocert, &key, &cert, &caCerts); QVERIFY(!ok); nocert.close(); |