summaryrefslogtreecommitdiffstats
path: root/tests/auto/network/ssl/qsslcertificate
diff options
context:
space:
mode:
Diffstat (limited to 'tests/auto/network/ssl/qsslcertificate')
-rw-r--r--tests/auto/network/ssl/qsslcertificate/pkcs12/README8
-rw-r--r--tests/auto/network/ssl/qsslcertificate/pkcs12/inter.crt22
-rw-r--r--tests/auto/network/ssl/qsslcertificate/pkcs12/leaf.crt23
-rw-r--r--tests/auto/network/ssl/qsslcertificate/pkcs12/leaf.key32
-rw-r--r--tests/auto/network/ssl/qsslcertificate/pkcs12/leaf.p12bin0 -> 3821 bytes
-rw-r--r--tests/auto/network/ssl/qsslcertificate/qsslcertificate.pro3
-rw-r--r--tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp117
7 files changed, 204 insertions, 1 deletions
diff --git a/tests/auto/network/ssl/qsslcertificate/pkcs12/README b/tests/auto/network/ssl/qsslcertificate/pkcs12/README
new file mode 100644
index 0000000000..1828d089c1
--- /dev/null
+++ b/tests/auto/network/ssl/qsslcertificate/pkcs12/README
@@ -0,0 +1,8 @@
+The PKCS#12 bundle was created by running the following on
+in the qsslsocket/certs directory:
+
+openssl pkcs12 -export -in leaf.crt -inkey leaf.key \
+ -out leaf.p12 \
+ -certfile inter.crt -CAfile ca.crt
+
+No password was provided.
diff --git a/tests/auto/network/ssl/qsslcertificate/pkcs12/inter.crt b/tests/auto/network/ssl/qsslcertificate/pkcs12/inter.crt
new file mode 100644
index 0000000000..4e1d67c3e0
--- /dev/null
+++ b/tests/auto/network/ssl/qsslcertificate/pkcs12/inter.crt
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDvDCCAnSgAwIBAgIQO+uZxerYC10Ll11PBnVL4TANBgkqhkiG9w0BAQUFADA8
+MQswCQYDVQQGEwJHQjEZMBcGA1UEChMQV2VzdHBvaW50IENBIEtleTESMBAGA1UE
+ChMJV2VzdHBvaW50MB4XDTEzMDIxNjE2NTMwOFoXDTIzMDIxNjE2NTMwOFowMjEL
+MAkGA1UEBhMCR0IxIzAhBgNVBAoTGldlc3Rwb2ludCBJbnRlcm1lZGlhdGUgS2V5
+MIIBUjANBgkqhkiG9w0BAQEFAAOCAT8AMIIBOgKCATEAsR4tRskg2IFfQFMfGBJ1
+eqlrNejANw0oM6k5HlEB8uFA9qeyAzmflwQUPoJ55KRQ/gVHTOBdWrtgGgPMiekF
+1Q36Ry1elwbAl4a+LZ6qsc9ASipvk8HirKpt1v5L9hG+aI4yDxyvjNztFtg5R4P5
+zqsh/WwhCgsYmEVfcSDbhUjqoqxGRLaZxPKO+IMCNFrjZqi0yxc8f6Un4G5SQzHA
+4szi/ezcITnAFYWxHG2yaed4hawpxNS1WXabk2rzCi0pWeIcHuIczaCfZ7ElRcqV
+VNNXbGTtUDlfIsh6FAVI5kTUDcPV27uf6BmHuFOu/R9Tjni25+vBFvohwQh7ZwCX
+5COXnfkJLPkJQQEFVQv8nS27ht/vmyoKjERUeiuMd+hFcN5zl7bS5A2JCgi7erlP
+ZQIDAQABo2QwYjAPBgNVHRMBAf8EBTADAQH/MA8GA1UdDwEB/wQFAwMHBgAwHQYD
+VR0OBBYEFGn5shQ0SeTcc3x/cNu6TkoV0bPmMB8GA1UdIwQYMBaAFJQnOLW5hBTG
+pvc2vfcs4sJpRRPJMA0GCSqGSIb3DQEBBQUAA4IBMQAVDS0enQQ1FL0d92xOFfwx
+mjcNPz9oO7jMyEVxAs2eR2QD+xZ3Xj4gAiUEp40aGieDcLv+dg+cmuBFWF61IYSR
+UyuoakVm08VDcLAwUzU+xtSvJiSSROb0GsAnVsYZj4TYlvKDplqfapOYaiIkwF+c
+iE4n7G0hQW9fzqO+n3FGtBD8YUjghRqLggeRVJ2+8S3Bm8cfx8xPpRIO3ksA6opn
+CORRGuzetDHihbks59mkoY3GqKFgBOyrC3kG07nv5wtKjdKDtmD/kS/SAc4fIXKy
+Uruq2uXNf/1BUgF5gFGRyj22yB2D0763fJJpl5nqcLrL5RmnVObQKZGhE2VsRTV0
+untj+AmiJivhiAjjkHfw3XDf8tuL7D4pTmEkGgl5xl23fyeTIuygDCLT8fRD3ZqQ
+-----END CERTIFICATE-----
diff --git a/tests/auto/network/ssl/qsslcertificate/pkcs12/leaf.crt b/tests/auto/network/ssl/qsslcertificate/pkcs12/leaf.crt
new file mode 100644
index 0000000000..4a7dc40540
--- /dev/null
+++ b/tests/auto/network/ssl/qsslcertificate/pkcs12/leaf.crt
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID3zCCApegAwIBAgIQEKCtd1j2bq5Gk6ND+VmKnjANBgkqhkiG9w0BAQUFADAy
+MQswCQYDVQQGEwJHQjEjMCEGA1UEChMaV2VzdHBvaW50IEludGVybWVkaWF0ZSBL
+ZXkwHhcNMTMwMjE2MTY1MzA4WhcNMjMwMjE2MTY1MzA4WjA1MQswCQYDVQQGEwJH
+QjESMBAGA1UEChMJV2VzdHBvaW50MRIwEAYDVQQDEwkxMjcuMC4wLjEwggFSMA0G
+CSqGSIb3DQEBAQUAA4IBPwAwggE6AoIBMQC7EIWIzb7XCfmQQ1KFdZ5E9f49eNK/
+KvsXYfq/iV29K1cz2hUyvfdKgyU5F/+BOPQKQ5zdWn1CraZosFv/ibuO3mhRpMfB
+SfNn3rfdrE7WtA0wgT2YNIN0L4aCe+C15j2ESdmyMaFLUaUIS47JS66UtaYxp5ia
+mJFO1hSNaoI0pGHyPFTTtfOza9z/01qkBbHB4htzauqs/fX5ZrnyCDSrfpVipXke
+zkPKg4MkkytEkjRKw6tSXLpWIgF3ee2N/jBdefqlw8YPW08K0wmwF5qGuX6PZ8vB
+sOZeWeCfVr136BopkbfP3TkGWw2BrD8xSzOUez9HVc0v4SZ/7pe5w3L4V/mzYQLt
+O+1AHevCjX8+M58HYGBaWCAjxYUPGcGKcj0LLtgZgL6wY88N7RtfeOY3AgMBAAGj
+gY0wgYowFAYDVR0RBA0wC4IJMTI3LjAuMC4xMAwGA1UdEwEB/wQCMAAwEwYDVR0l
+BAwwCgYIKwYBBQUHAwEwDwYDVR0PAQH/BAUDAwcoADAdBgNVHQ4EFgQUKKuyJSrT
+Y+dnm1do7l0sVMX96SYwHwYDVR0jBBgwFoAUafmyFDRJ5NxzfH9w27pOShXRs+Yw
+DQYJKoZIhvcNAQEFBQADggExAHELijlIFdcncP3B+vxEp0SGKl0arIaCXahivb2F
+VxeM3WajN6O+oDRLFltzMeDKA9RVkao7fgITzXQgCGzeNhKv0vc9iDyvR9/67vuS
+W8xEEJrYowtw3VK5H1y0ewqZaxJhvKUjm4TBRWe8FGKD3s64lEsfbjOaI5VPidVc
+DXmdAlXsj0Hk+v4Ej8mshPQAnVSyJ3D0ZMgTjk8Di28N0qROFIYJaTObK1rCb1nQ
+GaCcmbZU6JnkYvVZ+iUe5U0GXFbb+LRNTUT8/fw1zADeHnv/G+WWVrfND+sov5Oc
+33fkNE6z+n6ayABVnGLuCYhbzD38sv0dnxeh8vbykNBPzYdzPg6nw3Czv2vlhKpJ
+8Yj/maoXuAyTXVf30K1/fAWyU45noq57MjQpU6UxIX1D7qw=
+-----END CERTIFICATE-----
diff --git a/tests/auto/network/ssl/qsslcertificate/pkcs12/leaf.key b/tests/auto/network/ssl/qsslcertificate/pkcs12/leaf.key
new file mode 100644
index 0000000000..54327925d8
--- /dev/null
+++ b/tests/auto/network/ssl/qsslcertificate/pkcs12/leaf.key
@@ -0,0 +1,32 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIFfAIBAAKCATEAuxCFiM2+1wn5kENShXWeRPX+PXjSvyr7F2H6v4ldvStXM9oV
+Mr33SoMlORf/gTj0CkOc3Vp9Qq2maLBb/4m7jt5oUaTHwUnzZ9633axO1rQNMIE9
+mDSDdC+GgnvgteY9hEnZsjGhS1GlCEuOyUuulLWmMaeYmpiRTtYUjWqCNKRh8jxU
+07Xzs2vc/9NapAWxweIbc2rqrP31+Wa58gg0q36VYqV5Hs5DyoODJJMrRJI0SsOr
+Uly6ViIBd3ntjf4wXXn6pcPGD1tPCtMJsBeahrl+j2fLwbDmXlngn1a9d+gaKZG3
+z905BlsNgaw/MUszlHs/R1XNL+Emf+6XucNy+Ff5s2EC7TvtQB3rwo1/PjOfB2Bg
+WlggI8WFDxnBinI9Cy7YGYC+sGPPDe0bX3jmNwIDAQABAoIBMQCczBNyAStGqjjC
+oHuKHHWmTh9mPWFBFfDTv6/jXmvxRWPZtaHxH2Qp09Wejqv/D9MWy2ev7spx2oZS
+2Ai1ICjTbz83uAwryyW4Wen6aBTJSLCJiLstWk8ZU0DHHLjVH4FO4mwUPh95t5zC
+YDr2JXbXdY8xrc5vPxUFZNJjWvR61ZK37bQYpTn5mZ7r3KfsNk2yOylRTDwa9XFo
+ZZ+B82NKdrrz0UvGOnXZa5qd1ap7V+67FIAS2Mt8AMzSCG8TW0JXRUk89ISgAd8r
+NQTPtX9XCnMZSbBzDKdznXfHS9ZlJcSrpsbQCPcvMVNrdBfCF0eNnsRJffJGdaXI
+MsN6PvbcXWD08lXNGyeLjon03RdJnTAamNM3YQEIcjFmu5Y0o0CCJkZSCJPKJGMG
+0d/1tN/5AoGZANOcOgQZ9Wiu0ej3YoQ3aSHu3y8ZBJH4B3ViX8i+2x/6UnG7KNaa
+4Ygid1upnX6hk4CW5WZcoxGFacrFRpInKh5Ng8lEIHGp0VSzOBVDR0L5sAxutFuX
+6N9C0CuH80vD101mOloNnfT5KHZMI5RXqP6sDGUFlwak2XybDL1qOAza3gZAy25H
+vS/ll1BneBavikR5j+zxoTztAoGZAOJOJ5RyOrqpNuhiWZylah5LIFT9N1lCF4Hl
+ZbFIjUZ4jcApJ7JxkMXNQ4RU/3AiKCC1xr5ib7dd/qyjKXhdMo4SnLoKhapx5R9G
+3XOsQMahiCD/Zcymv9tmk8MxxzbLxhZYhEPzIP/NFkua3CHiX+d1e6fkzFLF/EiX
+ZGQOgRcFKrlzUeBputRQRXAkKJH+kMClgAWvy28zAoGYKyaMXhG9DV+4xjzMBhIW
+iijfsgbz+6AMRU+OIK1qmZa+ARsdNMXYf54noLVxvETOg0ZB+SGizwvZitO3lE4Q
+NKWx3fTaeNMcMJ1rLkrN2UZ5M8/PT24muoAxWu8aGbURzmKuO3bTYwT7z0OvbayC
+dYw36tG8/knXX6Vub6GdVGG9LKFB2nceiQnUVT0EK/wXwebYBoUvT/ECgZgF9qdG
+Wyg/CPyAbS8NWLKOL86fTrjpqjsyWhgu7smCROT/XlZEdoepHrqbvx2oF85U5lVh
+aPimrVxrsjUCjfoqEkV9BY/2KOAvzc9CIBTo5xLOQ8yr8uz1XCOiriogwIfsyNJb
+dAm3k/D1dxQ79FowoEDs8LONrtfyFcM4e8VdFO7GSkqrDj41IBRkWx+SkVHBMdtI
+yxQiTwKBmQCWym2iDCJg1ZZq4/lVwRudMhVmHoD0yoCAwADYHjjAi8QBplM0vfdd
+CESKsnBhlcrPGB279BKVJyZHehKZG+/dfnFs+to14l6A3IqU2d6+pu3EyFNX34HS
+xo+64QxMeF0akWnSaIPfUJfk36phjCvLBr4eLXN1i4jW3RdGFwF1THXt29VSSGmU
+q/hM51H0bsQ13AIVUSdNHA==
+-----END RSA PRIVATE KEY-----
diff --git a/tests/auto/network/ssl/qsslcertificate/pkcs12/leaf.p12 b/tests/auto/network/ssl/qsslcertificate/pkcs12/leaf.p12
new file mode 100644
index 0000000000..cb89aadb73
--- /dev/null
+++ b/tests/auto/network/ssl/qsslcertificate/pkcs12/leaf.p12
Binary files differ
diff --git a/tests/auto/network/ssl/qsslcertificate/qsslcertificate.pro b/tests/auto/network/ssl/qsslcertificate/qsslcertificate.pro
index 09cb22defe..69cd241f84 100644
--- a/tests/auto/network/ssl/qsslcertificate/qsslcertificate.pro
+++ b/tests/auto/network/ssl/qsslcertificate/qsslcertificate.pro
@@ -6,5 +6,6 @@ SOURCES += tst_qsslcertificate.cpp
QT = core network testlib
TARGET = tst_qsslcertificate
+DEFINES += SRCDIR=\\\"$$PWD/\\\"
-TESTDATA += certificates/* more-certificates/* verify-certs/*
+TESTDATA += certificates/* more-certificates/* verify-certs/* pkcs12/*
diff --git a/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp b/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp
index 4f62076870..229ce4abb5 100644
--- a/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp
+++ b/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp
@@ -105,14 +105,17 @@ private slots:
void largeSerialNumber();
void largeExpirationDate();
void blacklistedCertificates();
+ void selfsignedCertificates();
void toText();
void multipleCommonNames();
void subjectAndIssuerAttributes();
void verify();
void extensions();
+ void extensionsCritical();
void threadSafeConstMethods();
void version_data();
void version();
+ void pkcs12();
// helper for verbose test failure messages
QString toString(const QList<QSslError>&);
@@ -890,6 +893,13 @@ void tst_QSslCertificate::blacklistedCertificates()
}
}
+void tst_QSslCertificate::selfsignedCertificates()
+{
+ QVERIFY(QSslCertificate::fromPath(testDataDir + "/certificates/cert-ss.pem").first().isSelfSigned());
+ QVERIFY(!QSslCertificate::fromPath(testDataDir + "/certificates/cert.pem").first().isSelfSigned());
+ QVERIFY(!QSslCertificate().isSelfSigned());
+}
+
void tst_QSslCertificate::toText()
{
QList<QSslCertificate> certList =
@@ -918,6 +928,9 @@ void tst_QSslCertificate::toText()
QString txtcert = cert.toText();
+#ifdef QT_NO_OPENSSL
+ QEXPECT_FAIL("", "QTBUG-40884: QSslCertificate::toText is not implemented on WinRT", Continue);
+#endif
QVERIFY(QString::fromLatin1(txt098) == txtcert ||
QString::fromLatin1(txt100) == txtcert ||
QString::fromLatin1(txt101) == txtcert ||
@@ -963,6 +976,9 @@ void tst_QSslCertificate::verify()
qPrintable(QString("errors: %1").arg(toString(errors))) \
)
+#ifdef QT_NO_OPENSSL
+ QEXPECT_FAIL("", "QTBUG-40884: WinRT API does not yet support verifying a chain", Abort);
+#endif
// Empty chain is unspecified error
errors = QSslCertificate::verify(toVerify);
VERIFY_VERBOSE(errors.count() == 1);
@@ -1078,6 +1094,8 @@ void tst_QSslCertificate::extensions()
QSslCertificateExtension unknown = extensions[unknown_idx];
QVERIFY(unknown.oid() == QStringLiteral("1.3.6.1.5.5.7.1.12"));
QVERIFY(unknown.name() == QStringLiteral("1.3.6.1.5.5.7.1.12"));
+ QVERIFY(!unknown.isCritical());
+ QVERIFY(!unknown.isSupported());
QByteArray unknownValue = QByteArray::fromHex(
"3060A15EA05C305A305830561609696D6167652F6769663021301F300706052B0E03021A0414" \
@@ -1089,8 +1107,11 @@ void tst_QSslCertificate::extensions()
QSslCertificateExtension aia = extensions[authority_info_idx];
QVERIFY(aia.oid() == QStringLiteral("1.3.6.1.5.5.7.1.1"));
QVERIFY(aia.name() == QStringLiteral("authorityInfoAccess"));
+ QVERIFY(!aia.isCritical());
+ QVERIFY(aia.isSupported());
QVariantMap aiaValue = aia.value().toMap();
+ QCOMPARE(aiaValue.keys(), QList<QString>() << QStringLiteral("OCSP") << QStringLiteral("caIssuers"));
QString ocsp = aiaValue[QStringLiteral("OCSP")].toString();
QString caIssuers = aiaValue[QStringLiteral("caIssuers")].toString();
@@ -1101,25 +1122,76 @@ void tst_QSslCertificate::extensions()
QSslCertificateExtension basic = extensions[basic_constraints_idx];
QVERIFY(basic.oid() == QStringLiteral("2.5.29.19"));
QVERIFY(basic.name() == QStringLiteral("basicConstraints"));
+ QVERIFY(!basic.isCritical());
+ QVERIFY(basic.isSupported());
QVariantMap basicValue = basic.value().toMap();
+ QCOMPARE(basicValue.keys(), QList<QString>() << QStringLiteral("ca"));
QVERIFY(basicValue[QStringLiteral("ca")].toBool() == false);
// Subject key identifier
QSslCertificateExtension subjectKey = extensions[subject_key_idx];
QVERIFY(subjectKey.oid() == QStringLiteral("2.5.29.14"));
QVERIFY(subjectKey.name() == QStringLiteral("subjectKeyIdentifier"));
+ QVERIFY(!subjectKey.isCritical());
+ QVERIFY(subjectKey.isSupported());
QVERIFY(subjectKey.value().toString() == QStringLiteral("5F:90:23:CD:24:CA:52:C9:36:29:F0:7E:9D:B1:FE:08:E0:EE:69:F0"));
// Authority key identifier
QSslCertificateExtension authKey = extensions[auth_key_idx];
QVERIFY(authKey.oid() == QStringLiteral("2.5.29.35"));
QVERIFY(authKey.name() == QStringLiteral("authorityKeyIdentifier"));
+ QVERIFY(!authKey.isCritical());
+ QVERIFY(authKey.isSupported());
QVariantMap authValue = authKey.value().toMap();
+ QCOMPARE(authValue.keys(), QList<QString>() << QStringLiteral("keyid"));
QVERIFY(authValue[QStringLiteral("keyid")].toByteArray() ==
QByteArray("4e43c81d76ef37537a4ff2586f94f338e2d5bddf"));
+}
+void tst_QSslCertificate::extensionsCritical()
+{
+ QList<QSslCertificate> certList =
+ QSslCertificate::fromPath(testDataDir + "/verify-certs/test-addons-mozilla-org-cert.pem");
+ QVERIFY2(certList.count() > 0, "Please run this test from the source directory");
+
+ QSslCertificate cert = certList[0];
+ QList<QSslCertificateExtension> extensions = cert.extensions();
+ QVERIFY(extensions.count() == 9);
+
+ int basic_constraints_idx = -1;
+ int key_usage_idx = -1;
+
+ for (int i=0; i < extensions.length(); ++i) {
+ QSslCertificateExtension ext = extensions[i];
+
+ if (ext.name() == QStringLiteral("basicConstraints"))
+ basic_constraints_idx = i;
+ if (ext.name() == QStringLiteral("keyUsage"))
+ key_usage_idx = i;
+ }
+
+ QVERIFY(basic_constraints_idx != -1);
+ QVERIFY(key_usage_idx != -1);
+
+ // Basic constraints
+ QSslCertificateExtension basic = extensions[basic_constraints_idx];
+ QVERIFY(basic.oid() == QStringLiteral("2.5.29.19"));
+ QVERIFY(basic.name() == QStringLiteral("basicConstraints"));
+ QVERIFY(basic.isCritical());
+ QVERIFY(basic.isSupported());
+
+ QVariantMap basicValue = basic.value().toMap();
+ QCOMPARE(basicValue.keys(), QList<QString>() << QStringLiteral("ca"));
+ QVERIFY(basicValue[QStringLiteral("ca")].toBool() == false);
+
+ // Key Usage
+ QSslCertificateExtension keyUsage = extensions[key_usage_idx];
+ QVERIFY(keyUsage.oid() == QStringLiteral("2.5.29.15"));
+ QVERIFY(keyUsage.name() == QStringLiteral("keyUsage"));
+ QVERIFY(keyUsage.isCritical());
+ QVERIFY(!keyUsage.isSupported());
}
class TestThread : public QThread
@@ -1221,6 +1293,51 @@ void tst_QSslCertificate::version()
QCOMPARE(certificate.version(), result);
}
+void tst_QSslCertificate::pkcs12()
+{
+ if (!QSslSocket::supportsSsl()) {
+ qWarning("SSL not supported, skipping test");
+ return;
+ }
+
+ QFile f(QLatin1String(SRCDIR "pkcs12/leaf.p12"));
+ bool ok = f.open(QIODevice::ReadOnly);
+ QVERIFY(ok);
+
+ QSslKey key;
+ QSslCertificate cert;
+ QList<QSslCertificate> caCerts;
+
+#ifdef QT_NO_OPENSSL
+ QEXPECT_FAIL("", "QTBUG-40884: WinRT API does not support pkcs12 imports", Abort);
+#endif
+ ok = QSslCertificate::importPKCS12(&f, &key, &cert, &caCerts);
+ QVERIFY(ok);
+ f.close();
+
+ QList<QSslCertificate> leafCert = QSslCertificate::fromPath(QLatin1String( SRCDIR "pkcs12/leaf.crt"));
+ QVERIFY(!leafCert.isEmpty());
+
+ QCOMPARE(cert, leafCert.first());
+
+ QFile f2(QLatin1String(SRCDIR "pkcs12/leaf.key"));
+ ok = f2.open(QIODevice::ReadOnly);
+ QVERIFY(ok);
+
+ QSslKey leafKey(&f2, QSsl::Rsa);
+ f2.close();
+
+ QVERIFY(!leafKey.isNull());
+ QCOMPARE(key, leafKey);
+
+ QList<QSslCertificate> caCert = QSslCertificate::fromPath(QLatin1String(SRCDIR "pkcs12/inter.crt"));
+ QVERIFY(!caCert.isEmpty());
+
+ QVERIFY(!caCerts.isEmpty());
+ QCOMPARE(caCerts.first(), caCert.first());
+ QCOMPARE(caCerts, caCert);
+}
+
#endif // QT_NO_SSL
QTEST_MAIN(tst_QSslCertificate)
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-09 07:13:08 +0000