diff options
Diffstat (limited to 'tests/auto/network/ssl/qsslcertificate')
-rw-r--r-- | tests/auto/network/ssl/qsslcertificate/pkcs12/README | 8 | ||||
-rw-r--r-- | tests/auto/network/ssl/qsslcertificate/pkcs12/inter.crt | 22 | ||||
-rw-r--r-- | tests/auto/network/ssl/qsslcertificate/pkcs12/leaf.crt | 23 | ||||
-rw-r--r-- | tests/auto/network/ssl/qsslcertificate/pkcs12/leaf.key | 32 | ||||
-rw-r--r-- | tests/auto/network/ssl/qsslcertificate/pkcs12/leaf.p12 | bin | 0 -> 3821 bytes | |||
-rw-r--r-- | tests/auto/network/ssl/qsslcertificate/qsslcertificate.pro | 3 | ||||
-rw-r--r-- | tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp | 117 |
7 files changed, 204 insertions, 1 deletions
diff --git a/tests/auto/network/ssl/qsslcertificate/pkcs12/README b/tests/auto/network/ssl/qsslcertificate/pkcs12/README new file mode 100644 index 0000000000..1828d089c1 --- /dev/null +++ b/tests/auto/network/ssl/qsslcertificate/pkcs12/README @@ -0,0 +1,8 @@ +The PKCS#12 bundle was created by running the following on +in the qsslsocket/certs directory: + +openssl pkcs12 -export -in leaf.crt -inkey leaf.key \ + -out leaf.p12 \ + -certfile inter.crt -CAfile ca.crt + +No password was provided. diff --git a/tests/auto/network/ssl/qsslcertificate/pkcs12/inter.crt b/tests/auto/network/ssl/qsslcertificate/pkcs12/inter.crt new file mode 100644 index 0000000000..4e1d67c3e0 --- /dev/null +++ b/tests/auto/network/ssl/qsslcertificate/pkcs12/inter.crt @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDvDCCAnSgAwIBAgIQO+uZxerYC10Ll11PBnVL4TANBgkqhkiG9w0BAQUFADA8 +MQswCQYDVQQGEwJHQjEZMBcGA1UEChMQV2VzdHBvaW50IENBIEtleTESMBAGA1UE +ChMJV2VzdHBvaW50MB4XDTEzMDIxNjE2NTMwOFoXDTIzMDIxNjE2NTMwOFowMjEL +MAkGA1UEBhMCR0IxIzAhBgNVBAoTGldlc3Rwb2ludCBJbnRlcm1lZGlhdGUgS2V5 +MIIBUjANBgkqhkiG9w0BAQEFAAOCAT8AMIIBOgKCATEAsR4tRskg2IFfQFMfGBJ1 +eqlrNejANw0oM6k5HlEB8uFA9qeyAzmflwQUPoJ55KRQ/gVHTOBdWrtgGgPMiekF +1Q36Ry1elwbAl4a+LZ6qsc9ASipvk8HirKpt1v5L9hG+aI4yDxyvjNztFtg5R4P5 +zqsh/WwhCgsYmEVfcSDbhUjqoqxGRLaZxPKO+IMCNFrjZqi0yxc8f6Un4G5SQzHA +4szi/ezcITnAFYWxHG2yaed4hawpxNS1WXabk2rzCi0pWeIcHuIczaCfZ7ElRcqV +VNNXbGTtUDlfIsh6FAVI5kTUDcPV27uf6BmHuFOu/R9Tjni25+vBFvohwQh7ZwCX +5COXnfkJLPkJQQEFVQv8nS27ht/vmyoKjERUeiuMd+hFcN5zl7bS5A2JCgi7erlP +ZQIDAQABo2QwYjAPBgNVHRMBAf8EBTADAQH/MA8GA1UdDwEB/wQFAwMHBgAwHQYD +VR0OBBYEFGn5shQ0SeTcc3x/cNu6TkoV0bPmMB8GA1UdIwQYMBaAFJQnOLW5hBTG +pvc2vfcs4sJpRRPJMA0GCSqGSIb3DQEBBQUAA4IBMQAVDS0enQQ1FL0d92xOFfwx +mjcNPz9oO7jMyEVxAs2eR2QD+xZ3Xj4gAiUEp40aGieDcLv+dg+cmuBFWF61IYSR +UyuoakVm08VDcLAwUzU+xtSvJiSSROb0GsAnVsYZj4TYlvKDplqfapOYaiIkwF+c +iE4n7G0hQW9fzqO+n3FGtBD8YUjghRqLggeRVJ2+8S3Bm8cfx8xPpRIO3ksA6opn +CORRGuzetDHihbks59mkoY3GqKFgBOyrC3kG07nv5wtKjdKDtmD/kS/SAc4fIXKy +Uruq2uXNf/1BUgF5gFGRyj22yB2D0763fJJpl5nqcLrL5RmnVObQKZGhE2VsRTV0 +untj+AmiJivhiAjjkHfw3XDf8tuL7D4pTmEkGgl5xl23fyeTIuygDCLT8fRD3ZqQ +-----END CERTIFICATE----- diff --git a/tests/auto/network/ssl/qsslcertificate/pkcs12/leaf.crt b/tests/auto/network/ssl/qsslcertificate/pkcs12/leaf.crt new file mode 100644 index 0000000000..4a7dc40540 --- /dev/null +++ b/tests/auto/network/ssl/qsslcertificate/pkcs12/leaf.crt @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID3zCCApegAwIBAgIQEKCtd1j2bq5Gk6ND+VmKnjANBgkqhkiG9w0BAQUFADAy +MQswCQYDVQQGEwJHQjEjMCEGA1UEChMaV2VzdHBvaW50IEludGVybWVkaWF0ZSBL +ZXkwHhcNMTMwMjE2MTY1MzA4WhcNMjMwMjE2MTY1MzA4WjA1MQswCQYDVQQGEwJH +QjESMBAGA1UEChMJV2VzdHBvaW50MRIwEAYDVQQDEwkxMjcuMC4wLjEwggFSMA0G +CSqGSIb3DQEBAQUAA4IBPwAwggE6AoIBMQC7EIWIzb7XCfmQQ1KFdZ5E9f49eNK/ +KvsXYfq/iV29K1cz2hUyvfdKgyU5F/+BOPQKQ5zdWn1CraZosFv/ibuO3mhRpMfB +SfNn3rfdrE7WtA0wgT2YNIN0L4aCe+C15j2ESdmyMaFLUaUIS47JS66UtaYxp5ia +mJFO1hSNaoI0pGHyPFTTtfOza9z/01qkBbHB4htzauqs/fX5ZrnyCDSrfpVipXke +zkPKg4MkkytEkjRKw6tSXLpWIgF3ee2N/jBdefqlw8YPW08K0wmwF5qGuX6PZ8vB +sOZeWeCfVr136BopkbfP3TkGWw2BrD8xSzOUez9HVc0v4SZ/7pe5w3L4V/mzYQLt +O+1AHevCjX8+M58HYGBaWCAjxYUPGcGKcj0LLtgZgL6wY88N7RtfeOY3AgMBAAGj +gY0wgYowFAYDVR0RBA0wC4IJMTI3LjAuMC4xMAwGA1UdEwEB/wQCMAAwEwYDVR0l +BAwwCgYIKwYBBQUHAwEwDwYDVR0PAQH/BAUDAwcoADAdBgNVHQ4EFgQUKKuyJSrT +Y+dnm1do7l0sVMX96SYwHwYDVR0jBBgwFoAUafmyFDRJ5NxzfH9w27pOShXRs+Yw +DQYJKoZIhvcNAQEFBQADggExAHELijlIFdcncP3B+vxEp0SGKl0arIaCXahivb2F +VxeM3WajN6O+oDRLFltzMeDKA9RVkao7fgITzXQgCGzeNhKv0vc9iDyvR9/67vuS +W8xEEJrYowtw3VK5H1y0ewqZaxJhvKUjm4TBRWe8FGKD3s64lEsfbjOaI5VPidVc +DXmdAlXsj0Hk+v4Ej8mshPQAnVSyJ3D0ZMgTjk8Di28N0qROFIYJaTObK1rCb1nQ +GaCcmbZU6JnkYvVZ+iUe5U0GXFbb+LRNTUT8/fw1zADeHnv/G+WWVrfND+sov5Oc +33fkNE6z+n6ayABVnGLuCYhbzD38sv0dnxeh8vbykNBPzYdzPg6nw3Czv2vlhKpJ +8Yj/maoXuAyTXVf30K1/fAWyU45noq57MjQpU6UxIX1D7qw= +-----END CERTIFICATE----- diff --git a/tests/auto/network/ssl/qsslcertificate/pkcs12/leaf.key b/tests/auto/network/ssl/qsslcertificate/pkcs12/leaf.key new file mode 100644 index 0000000000..54327925d8 --- /dev/null +++ b/tests/auto/network/ssl/qsslcertificate/pkcs12/leaf.key @@ -0,0 +1,32 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIFfAIBAAKCATEAuxCFiM2+1wn5kENShXWeRPX+PXjSvyr7F2H6v4ldvStXM9oV +Mr33SoMlORf/gTj0CkOc3Vp9Qq2maLBb/4m7jt5oUaTHwUnzZ9633axO1rQNMIE9 +mDSDdC+GgnvgteY9hEnZsjGhS1GlCEuOyUuulLWmMaeYmpiRTtYUjWqCNKRh8jxU +07Xzs2vc/9NapAWxweIbc2rqrP31+Wa58gg0q36VYqV5Hs5DyoODJJMrRJI0SsOr +Uly6ViIBd3ntjf4wXXn6pcPGD1tPCtMJsBeahrl+j2fLwbDmXlngn1a9d+gaKZG3 +z905BlsNgaw/MUszlHs/R1XNL+Emf+6XucNy+Ff5s2EC7TvtQB3rwo1/PjOfB2Bg +WlggI8WFDxnBinI9Cy7YGYC+sGPPDe0bX3jmNwIDAQABAoIBMQCczBNyAStGqjjC +oHuKHHWmTh9mPWFBFfDTv6/jXmvxRWPZtaHxH2Qp09Wejqv/D9MWy2ev7spx2oZS +2Ai1ICjTbz83uAwryyW4Wen6aBTJSLCJiLstWk8ZU0DHHLjVH4FO4mwUPh95t5zC +YDr2JXbXdY8xrc5vPxUFZNJjWvR61ZK37bQYpTn5mZ7r3KfsNk2yOylRTDwa9XFo +ZZ+B82NKdrrz0UvGOnXZa5qd1ap7V+67FIAS2Mt8AMzSCG8TW0JXRUk89ISgAd8r +NQTPtX9XCnMZSbBzDKdznXfHS9ZlJcSrpsbQCPcvMVNrdBfCF0eNnsRJffJGdaXI +MsN6PvbcXWD08lXNGyeLjon03RdJnTAamNM3YQEIcjFmu5Y0o0CCJkZSCJPKJGMG +0d/1tN/5AoGZANOcOgQZ9Wiu0ej3YoQ3aSHu3y8ZBJH4B3ViX8i+2x/6UnG7KNaa +4Ygid1upnX6hk4CW5WZcoxGFacrFRpInKh5Ng8lEIHGp0VSzOBVDR0L5sAxutFuX +6N9C0CuH80vD101mOloNnfT5KHZMI5RXqP6sDGUFlwak2XybDL1qOAza3gZAy25H +vS/ll1BneBavikR5j+zxoTztAoGZAOJOJ5RyOrqpNuhiWZylah5LIFT9N1lCF4Hl +ZbFIjUZ4jcApJ7JxkMXNQ4RU/3AiKCC1xr5ib7dd/qyjKXhdMo4SnLoKhapx5R9G +3XOsQMahiCD/Zcymv9tmk8MxxzbLxhZYhEPzIP/NFkua3CHiX+d1e6fkzFLF/EiX +ZGQOgRcFKrlzUeBputRQRXAkKJH+kMClgAWvy28zAoGYKyaMXhG9DV+4xjzMBhIW +iijfsgbz+6AMRU+OIK1qmZa+ARsdNMXYf54noLVxvETOg0ZB+SGizwvZitO3lE4Q +NKWx3fTaeNMcMJ1rLkrN2UZ5M8/PT24muoAxWu8aGbURzmKuO3bTYwT7z0OvbayC +dYw36tG8/knXX6Vub6GdVGG9LKFB2nceiQnUVT0EK/wXwebYBoUvT/ECgZgF9qdG +Wyg/CPyAbS8NWLKOL86fTrjpqjsyWhgu7smCROT/XlZEdoepHrqbvx2oF85U5lVh +aPimrVxrsjUCjfoqEkV9BY/2KOAvzc9CIBTo5xLOQ8yr8uz1XCOiriogwIfsyNJb +dAm3k/D1dxQ79FowoEDs8LONrtfyFcM4e8VdFO7GSkqrDj41IBRkWx+SkVHBMdtI +yxQiTwKBmQCWym2iDCJg1ZZq4/lVwRudMhVmHoD0yoCAwADYHjjAi8QBplM0vfdd +CESKsnBhlcrPGB279BKVJyZHehKZG+/dfnFs+to14l6A3IqU2d6+pu3EyFNX34HS +xo+64QxMeF0akWnSaIPfUJfk36phjCvLBr4eLXN1i4jW3RdGFwF1THXt29VSSGmU +q/hM51H0bsQ13AIVUSdNHA== +-----END RSA PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qsslcertificate/pkcs12/leaf.p12 b/tests/auto/network/ssl/qsslcertificate/pkcs12/leaf.p12 Binary files differnew file mode 100644 index 0000000000..cb89aadb73 --- /dev/null +++ b/tests/auto/network/ssl/qsslcertificate/pkcs12/leaf.p12 diff --git a/tests/auto/network/ssl/qsslcertificate/qsslcertificate.pro b/tests/auto/network/ssl/qsslcertificate/qsslcertificate.pro index 09cb22defe..69cd241f84 100644 --- a/tests/auto/network/ssl/qsslcertificate/qsslcertificate.pro +++ b/tests/auto/network/ssl/qsslcertificate/qsslcertificate.pro @@ -6,5 +6,6 @@ SOURCES += tst_qsslcertificate.cpp QT = core network testlib TARGET = tst_qsslcertificate +DEFINES += SRCDIR=\\\"$$PWD/\\\" -TESTDATA += certificates/* more-certificates/* verify-certs/* +TESTDATA += certificates/* more-certificates/* verify-certs/* pkcs12/* diff --git a/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp b/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp index 4f62076870..229ce4abb5 100644 --- a/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp +++ b/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp @@ -105,14 +105,17 @@ private slots: void largeSerialNumber(); void largeExpirationDate(); void blacklistedCertificates(); + void selfsignedCertificates(); void toText(); void multipleCommonNames(); void subjectAndIssuerAttributes(); void verify(); void extensions(); + void extensionsCritical(); void threadSafeConstMethods(); void version_data(); void version(); + void pkcs12(); // helper for verbose test failure messages QString toString(const QList<QSslError>&); @@ -890,6 +893,13 @@ void tst_QSslCertificate::blacklistedCertificates() } } +void tst_QSslCertificate::selfsignedCertificates() +{ + QVERIFY(QSslCertificate::fromPath(testDataDir + "/certificates/cert-ss.pem").first().isSelfSigned()); + QVERIFY(!QSslCertificate::fromPath(testDataDir + "/certificates/cert.pem").first().isSelfSigned()); + QVERIFY(!QSslCertificate().isSelfSigned()); +} + void tst_QSslCertificate::toText() { QList<QSslCertificate> certList = @@ -918,6 +928,9 @@ void tst_QSslCertificate::toText() QString txtcert = cert.toText(); +#ifdef QT_NO_OPENSSL + QEXPECT_FAIL("", "QTBUG-40884: QSslCertificate::toText is not implemented on WinRT", Continue); +#endif QVERIFY(QString::fromLatin1(txt098) == txtcert || QString::fromLatin1(txt100) == txtcert || QString::fromLatin1(txt101) == txtcert || @@ -963,6 +976,9 @@ void tst_QSslCertificate::verify() qPrintable(QString("errors: %1").arg(toString(errors))) \ ) +#ifdef QT_NO_OPENSSL + QEXPECT_FAIL("", "QTBUG-40884: WinRT API does not yet support verifying a chain", Abort); +#endif // Empty chain is unspecified error errors = QSslCertificate::verify(toVerify); VERIFY_VERBOSE(errors.count() == 1); @@ -1078,6 +1094,8 @@ void tst_QSslCertificate::extensions() QSslCertificateExtension unknown = extensions[unknown_idx]; QVERIFY(unknown.oid() == QStringLiteral("1.3.6.1.5.5.7.1.12")); QVERIFY(unknown.name() == QStringLiteral("1.3.6.1.5.5.7.1.12")); + QVERIFY(!unknown.isCritical()); + QVERIFY(!unknown.isSupported()); QByteArray unknownValue = QByteArray::fromHex( "3060A15EA05C305A305830561609696D6167652F6769663021301F300706052B0E03021A0414" \ @@ -1089,8 +1107,11 @@ void tst_QSslCertificate::extensions() QSslCertificateExtension aia = extensions[authority_info_idx]; QVERIFY(aia.oid() == QStringLiteral("1.3.6.1.5.5.7.1.1")); QVERIFY(aia.name() == QStringLiteral("authorityInfoAccess")); + QVERIFY(!aia.isCritical()); + QVERIFY(aia.isSupported()); QVariantMap aiaValue = aia.value().toMap(); + QCOMPARE(aiaValue.keys(), QList<QString>() << QStringLiteral("OCSP") << QStringLiteral("caIssuers")); QString ocsp = aiaValue[QStringLiteral("OCSP")].toString(); QString caIssuers = aiaValue[QStringLiteral("caIssuers")].toString(); @@ -1101,25 +1122,76 @@ void tst_QSslCertificate::extensions() QSslCertificateExtension basic = extensions[basic_constraints_idx]; QVERIFY(basic.oid() == QStringLiteral("2.5.29.19")); QVERIFY(basic.name() == QStringLiteral("basicConstraints")); + QVERIFY(!basic.isCritical()); + QVERIFY(basic.isSupported()); QVariantMap basicValue = basic.value().toMap(); + QCOMPARE(basicValue.keys(), QList<QString>() << QStringLiteral("ca")); QVERIFY(basicValue[QStringLiteral("ca")].toBool() == false); // Subject key identifier QSslCertificateExtension subjectKey = extensions[subject_key_idx]; QVERIFY(subjectKey.oid() == QStringLiteral("2.5.29.14")); QVERIFY(subjectKey.name() == QStringLiteral("subjectKeyIdentifier")); + QVERIFY(!subjectKey.isCritical()); + QVERIFY(subjectKey.isSupported()); QVERIFY(subjectKey.value().toString() == QStringLiteral("5F:90:23:CD:24:CA:52:C9:36:29:F0:7E:9D:B1:FE:08:E0:EE:69:F0")); // Authority key identifier QSslCertificateExtension authKey = extensions[auth_key_idx]; QVERIFY(authKey.oid() == QStringLiteral("2.5.29.35")); QVERIFY(authKey.name() == QStringLiteral("authorityKeyIdentifier")); + QVERIFY(!authKey.isCritical()); + QVERIFY(authKey.isSupported()); QVariantMap authValue = authKey.value().toMap(); + QCOMPARE(authValue.keys(), QList<QString>() << QStringLiteral("keyid")); QVERIFY(authValue[QStringLiteral("keyid")].toByteArray() == QByteArray("4e43c81d76ef37537a4ff2586f94f338e2d5bddf")); +} +void tst_QSslCertificate::extensionsCritical() +{ + QList<QSslCertificate> certList = + QSslCertificate::fromPath(testDataDir + "/verify-certs/test-addons-mozilla-org-cert.pem"); + QVERIFY2(certList.count() > 0, "Please run this test from the source directory"); + + QSslCertificate cert = certList[0]; + QList<QSslCertificateExtension> extensions = cert.extensions(); + QVERIFY(extensions.count() == 9); + + int basic_constraints_idx = -1; + int key_usage_idx = -1; + + for (int i=0; i < extensions.length(); ++i) { + QSslCertificateExtension ext = extensions[i]; + + if (ext.name() == QStringLiteral("basicConstraints")) + basic_constraints_idx = i; + if (ext.name() == QStringLiteral("keyUsage")) + key_usage_idx = i; + } + + QVERIFY(basic_constraints_idx != -1); + QVERIFY(key_usage_idx != -1); + + // Basic constraints + QSslCertificateExtension basic = extensions[basic_constraints_idx]; + QVERIFY(basic.oid() == QStringLiteral("2.5.29.19")); + QVERIFY(basic.name() == QStringLiteral("basicConstraints")); + QVERIFY(basic.isCritical()); + QVERIFY(basic.isSupported()); + + QVariantMap basicValue = basic.value().toMap(); + QCOMPARE(basicValue.keys(), QList<QString>() << QStringLiteral("ca")); + QVERIFY(basicValue[QStringLiteral("ca")].toBool() == false); + + // Key Usage + QSslCertificateExtension keyUsage = extensions[key_usage_idx]; + QVERIFY(keyUsage.oid() == QStringLiteral("2.5.29.15")); + QVERIFY(keyUsage.name() == QStringLiteral("keyUsage")); + QVERIFY(keyUsage.isCritical()); + QVERIFY(!keyUsage.isSupported()); } class TestThread : public QThread @@ -1221,6 +1293,51 @@ void tst_QSslCertificate::version() QCOMPARE(certificate.version(), result); } +void tst_QSslCertificate::pkcs12() +{ + if (!QSslSocket::supportsSsl()) { + qWarning("SSL not supported, skipping test"); + return; + } + + QFile f(QLatin1String(SRCDIR "pkcs12/leaf.p12")); + bool ok = f.open(QIODevice::ReadOnly); + QVERIFY(ok); + + QSslKey key; + QSslCertificate cert; + QList<QSslCertificate> caCerts; + +#ifdef QT_NO_OPENSSL + QEXPECT_FAIL("", "QTBUG-40884: WinRT API does not support pkcs12 imports", Abort); +#endif + ok = QSslCertificate::importPKCS12(&f, &key, &cert, &caCerts); + QVERIFY(ok); + f.close(); + + QList<QSslCertificate> leafCert = QSslCertificate::fromPath(QLatin1String( SRCDIR "pkcs12/leaf.crt")); + QVERIFY(!leafCert.isEmpty()); + + QCOMPARE(cert, leafCert.first()); + + QFile f2(QLatin1String(SRCDIR "pkcs12/leaf.key")); + ok = f2.open(QIODevice::ReadOnly); + QVERIFY(ok); + + QSslKey leafKey(&f2, QSsl::Rsa); + f2.close(); + + QVERIFY(!leafKey.isNull()); + QCOMPARE(key, leafKey); + + QList<QSslCertificate> caCert = QSslCertificate::fromPath(QLatin1String(SRCDIR "pkcs12/inter.crt")); + QVERIFY(!caCert.isEmpty()); + + QVERIFY(!caCerts.isEmpty()); + QCOMPARE(caCerts.first(), caCert.first()); + QCOMPARE(caCerts, caCert); +} + #endif // QT_NO_SSL QTEST_MAIN(tst_QSslCertificate) |