diff options
Diffstat (limited to 'tests/auto/network/ssl')
5 files changed, 189 insertions, 62 deletions
diff --git a/tests/auto/network/ssl/qsslellipticcurve/.gitignore b/tests/auto/network/ssl/qsslellipticcurve/.gitignore new file mode 100644 index 0000000000..27f97e770a --- /dev/null +++ b/tests/auto/network/ssl/qsslellipticcurve/.gitignore @@ -0,0 +1 @@ +tst_qsslellipticcurves diff --git a/tests/auto/network/ssl/qsslellipticcurve/qsslellipticcurve.pro b/tests/auto/network/ssl/qsslellipticcurve/qsslellipticcurve.pro new file mode 100644 index 0000000000..d9a771a080 --- /dev/null +++ b/tests/auto/network/ssl/qsslellipticcurve/qsslellipticcurve.pro @@ -0,0 +1,8 @@ +CONFIG += testcase +CONFIG += parallel_test + +SOURCES += tst_qsslellipticcurve.cpp +!wince*:win32:LIBS += -lws2_32 +QT = core network testlib + +TARGET = tst_qsslellipticcurve diff --git a/tests/auto/network/ssl/qsslellipticcurve/tst_qsslellipticcurve.cpp b/tests/auto/network/ssl/qsslellipticcurve/tst_qsslellipticcurve.cpp new file mode 100644 index 0000000000..a5b1d14a92 --- /dev/null +++ b/tests/auto/network/ssl/qsslellipticcurve/tst_qsslellipticcurve.cpp @@ -0,0 +1,120 @@ +/**************************************************************************** +** +** Copyright (C) 2014 Governikus GmbH & Co. KG. +** Contact: http://www.qt-project.org/legal +** +** This file is part of the test suite of the Qt Toolkit. +** +** $QT_BEGIN_LICENSE:LGPL$ +** Commercial License Usage +** Licensees holding valid commercial Qt licenses may use this file in +** accordance with the commercial license agreement provided with the +** Software or, alternatively, in accordance with the terms contained in +** a written agreement between you and Digia. For licensing terms and +** conditions see http://qt.digia.com/licensing. For further information +** use the contact form at http://qt.digia.com/contact-us. +** +** GNU Lesser General Public License Usage +** Alternatively, this file may be used under the terms of the GNU Lesser +** General Public License version 2.1 as published by the Free Software +** Foundation and appearing in the file LICENSE.LGPL included in the +** packaging of this file. Please review the following information to +** ensure the GNU Lesser General Public License version 2.1 requirements +** will be met: http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html. +** +** In addition, as a special exception, Digia gives you certain additional +** rights. These rights are described in the Digia Qt LGPL Exception +** version 1.1, included in the file LGPL_EXCEPTION.txt in this package. +** +** GNU General Public License Usage +** Alternatively, this file may be used under the terms of the GNU +** General Public License version 3.0 as published by the Free Software +** Foundation and appearing in the file LICENSE.GPL included in the +** packaging of this file. Please review the following information to +** ensure the GNU General Public License version 3.0 requirements will be +** met: http://www.gnu.org/copyleft/gpl.html. +** +** +** $QT_END_LICENSE$ +** +****************************************************************************/ + + +#include <QtTest/QtTest> +#include <QSslEllipticCurve> +#include <QSslSocket> + +class tst_QSslEllipticCurve : public QObject +{ + Q_OBJECT + +#ifndef QT_NO_SSL +private Q_SLOTS: + void constExpr(); + void construction(); + void fromShortName_data(); + void fromShortName(); +#endif +}; + +#ifndef QT_NO_SSL + +void tst_QSslEllipticCurve::constExpr() +{ +#ifdef Q_COMPILER_CONSTEXPR + // check that default ctor and op ==/!= are constexpr: + char array1[QSslEllipticCurve() == QSslEllipticCurve() ? 1 : -1]; + char array2[QSslEllipticCurve() != QSslEllipticCurve() ? -1 : 1]; + Q_UNUSED(array1); + Q_UNUSED(array2); +#else + QSKIP("This test requires C++11 generalized constant expression support enabled in the compiler."); +#endif +} + +void tst_QSslEllipticCurve::construction() +{ + QSslEllipticCurve curve; + QCOMPARE(curve.isValid(), false); + QCOMPARE(curve.shortName(), QString()); + QCOMPARE(curve.longName(), QString()); + QCOMPARE(curve.isTlsNamedCurve(), false); +} + +void tst_QSslEllipticCurve::fromShortName_data() +{ + QTest::addColumn<QString>("shortName"); + QTest::addColumn<QSslEllipticCurve>("curve"); + QTest::addColumn<bool>("valid"); + + QTest::newRow("QString()") << QString() << QSslEllipticCurve() << false; + QTest::newRow("\"\"") << QString("") << QSslEllipticCurve() << false; + QTest::newRow("does-not-exist") << QStringLiteral("does-not-exist") << QSslEllipticCurve() << false; + Q_FOREACH (QSslEllipticCurve ec, QSslSocket::supportedEllipticCurves()) { + const QString sN = ec.shortName(); + QTest::newRow(qPrintable("supported EC \"" + sN + '"')) << sN << ec << true; + // At least in the OpenSSL impl, the short name is case-sensitive. That feels odd. + //const QString SN = sN.toUpper(); + //QTest::newRow(qPrintable("supported EC \"" + SN + '"')) << SN << ec << true; + //const QString sn = sN.toLower(); + //QTest::newRow(qPrintable("supported EC \"" + sn + '"')) << sn << ec << true; + } +} + +void tst_QSslEllipticCurve::fromShortName() +{ + QFETCH(QString, shortName); + QFETCH(QSslEllipticCurve, curve); + QFETCH(bool, valid); + + const QSslEllipticCurve result = QSslEllipticCurve::fromShortName(shortName); + QCOMPARE(result, curve); + QCOMPARE(result.isValid(), valid); + QCOMPARE(result.shortName(), curve.shortName()); + QCOMPARE(result.shortName(), valid ? shortName : QString()); +} + +#endif // QT_NO_SSL + +QTEST_MAIN(tst_QSslEllipticCurve) +#include "tst_qsslellipticcurve.moc" diff --git a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp index aa954429de..868a6119a8 100644 --- a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp +++ b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp @@ -47,21 +47,33 @@ #include <QAuthenticator> #include "private/qhostinfo_p.h" +#include "private/qiodevice_p.h" // for QIODEVICE_BUFFERSIZE + +#include "../../../network-settings.h" + #ifndef QT_NO_SSL +#ifndef QT_NO_OPENSSL #include "private/qsslsocket_openssl_p.h" #include "private/qsslsocket_openssl_symbols_p.h" -#include "private/qsslconfiguration_p.h" #endif +#include "private/qsslsocket_p.h" +#include "private/qsslconfiguration_p.h" -#include "../../../network-settings.h" - -#ifndef QT_NO_SSL Q_DECLARE_METATYPE(QSslSocket::SslMode) typedef QList<QSslError::SslError> SslErrorList; Q_DECLARE_METATYPE(SslErrorList) Q_DECLARE_METATYPE(QSslError) Q_DECLARE_METATYPE(QSsl::SslProtocol) +typedef QSharedPointer<QSslSocket> QSslSocketPtr; + +// Non-OpenSSL backends are not able to report a specific error code +// for self-signed certificate for certificates. +#ifndef QT_NO_OPENSSL +#define FLUKE_CERTIFICATE_ERROR QSslError::SelfSignedCertificate +#else +#define FLUKE_CERTIFICATE_ERROR QSslError::CertificateUntrusted #endif +#endif // QT_NO_SSL #if defined Q_OS_HPUX && defined Q_CC_GNU // This error is delivered every time we try to use the fluke CA @@ -69,10 +81,6 @@ Q_DECLARE_METATYPE(QSsl::SslProtocol) #define QSSLSOCKET_CERTUNTRUSTED_WORKAROUND #endif -#ifndef QT_NO_SSL -typedef QSharedPointer<QSslSocket> QSslSocketPtr; -#endif - class tst_QSslSocket : public QObject { Q_OBJECT @@ -168,7 +176,6 @@ private slots: void waitForMinusOne(); void verifyMode(); void verifyDepth(); - void peerVerifyError(); void disconnectFromHostWhenConnecting(); void disconnectFromHostWhenConnected(); void resetProxy(); @@ -546,37 +553,53 @@ void tst_QSslSocket::sslErrors_data() { QTest::addColumn<QString>("host"); QTest::addColumn<int>("port"); - QTest::addColumn<SslErrorList>("expected"); - QTest::newRow(qPrintable(QtNetworkSettings::serverLocalName())) - << QtNetworkSettings::serverLocalName() - << 993 - << (SslErrorList() << QSslError::HostNameMismatch - << QSslError::SelfSignedCertificate); + QString name = QtNetworkSettings::serverLocalName(); + QTest::newRow(qPrintable(name)) << name << 993; + + name = QHostInfo::fromName(QtNetworkSettings::serverName()).addresses().first().toString(); + QTest::newRow(qPrintable(name)) << name << 443; } void tst_QSslSocket::sslErrors() { QFETCH(QString, host); QFETCH(int, port); - QFETCH(SslErrorList, expected); QSslSocketPtr socket = newSocket(); + QSignalSpy sslErrorsSpy(socket.data(), SIGNAL(sslErrors(QList<QSslError>))); + QSignalSpy peerVerifyErrorSpy(socket.data(), SIGNAL(peerVerifyError(QSslError))); + socket->connectToHostEncrypted(host, port); if (!socket->waitForConnected()) - QEXPECT_FAIL("imap.trolltech.com", "server not open to internet", Continue); - socket->waitForEncrypted(5000); + QSKIP("Skipping flaky test - See QTBUG-29941"); + socket->waitForEncrypted(10000); - SslErrorList output; - foreach (QSslError error, socket->sslErrors()) { - output << error.error(); - } + // check the SSL errors contain HostNameMismatch and an error due to + // the certificate being self-signed + SslErrorList sslErrors; + foreach (const QSslError &err, socket->sslErrors()) + sslErrors << err.error(); + qSort(sslErrors); + QVERIFY(sslErrors.contains(QSslError::HostNameMismatch)); + QVERIFY(sslErrors.contains(FLUKE_CERTIFICATE_ERROR)); -#ifdef QSSLSOCKET_CERTUNTRUSTED_WORKAROUND - if (output.count() && output.last() == QSslError::CertificateUntrusted) - output.takeLast(); -#endif - QCOMPARE(output, expected); + // check the same errors were emitted by sslErrors + QVERIFY(!sslErrorsSpy.isEmpty()); + SslErrorList emittedErrors; + foreach (const QSslError &err, qvariant_cast<QList<QSslError> >(sslErrorsSpy.first().first())) + emittedErrors << err.error(); + qSort(emittedErrors); + QCOMPARE(sslErrors, emittedErrors); + + // check the same errors were emitted by peerVerifyError + QVERIFY(!peerVerifyErrorSpy.isEmpty()); + SslErrorList peerErrors; + const QList<QVariantList> &peerVerifyList = peerVerifyErrorSpy; + foreach (const QVariantList &args, peerVerifyList) + peerErrors << qvariant_cast<QSslError>(args.first()).error(); + qSort(peerErrors); + QCOMPARE(sslErrors, peerErrors); } void tst_QSslSocket::addCaCertificate() @@ -1950,7 +1973,7 @@ void tst_QSslSocket::verifyMode() QSKIP("Skipping flaky test - See QTBUG-29941"); QList<QSslError> expectedErrors = QList<QSslError>() - << QSslError(QSslError::SelfSignedCertificate, socket.peerCertificate()); + << QSslError(FLUKE_CERTIFICATE_ERROR, socket.peerCertificate()); QCOMPARE(socket.sslErrors(), expectedErrors); socket.abort(); @@ -1981,34 +2004,6 @@ void tst_QSslSocket::verifyDepth() QCOMPARE(socket.peerVerifyDepth(), 1); } -void tst_QSslSocket::peerVerifyError() -{ - QSslSocketPtr socket = newSocket(); - QSignalSpy sslErrorsSpy(socket.data(), SIGNAL(sslErrors(QList<QSslError>))); - QSignalSpy peerVerifyErrorSpy(socket.data(), SIGNAL(peerVerifyError(QSslError))); - - socket->connectToHostEncrypted(QHostInfo::fromName(QtNetworkSettings::serverName()).addresses().first().toString(), 443); - if (socket->waitForEncrypted(10000)) - QSKIP("Skipping flaky test - See QTBUG-29941"); - - // check HostNameMismatch was emitted by peerVerifyError - QVERIFY(!peerVerifyErrorSpy.isEmpty()); - SslErrorList peerErrors; - const QList<QVariantList> &peerVerifyList = peerVerifyErrorSpy; - foreach (const QVariantList &args, peerVerifyList) - peerErrors << qvariant_cast<QSslError>(args.first()).error(); - QVERIFY(peerErrors.contains(QSslError::HostNameMismatch)); - - // check HostNameMismatch was emitted by sslErrors - QVERIFY(!sslErrorsSpy.isEmpty()); - SslErrorList sslErrors; - foreach (const QSslError &err, qvariant_cast<QList<QSslError> >(sslErrorsSpy.first().first())) - sslErrors << err.error(); - QVERIFY(peerErrors.contains(QSslError::HostNameMismatch)); - - QCOMPARE(sslErrors.size(), peerErrors.size()); -} - void tst_QSslSocket::disconnectFromHostWhenConnecting() { QSslSocketPtr socket = newSocket(); @@ -2105,8 +2100,8 @@ void tst_QSslSocket::ignoreSslErrorsList_data() QList<QSslError> expectedSslErrors; // fromPath gives us a list of certs, but it actually only contains one QList<QSslCertificate> certs = QSslCertificate::fromPath(QLatin1String(SRCDIR "certs/qt-test-server-cacert.pem")); - QSslError rightError(QSslError::SelfSignedCertificate, certs.at(0)); - QSslError wrongError(QSslError::SelfSignedCertificate); + QSslError rightError(FLUKE_CERTIFICATE_ERROR, certs.at(0)); + QSslError wrongError(FLUKE_CERTIFICATE_ERROR); QTest::newRow("SSL-failure-empty-list") << expectedSslErrors << 1; @@ -2368,8 +2363,8 @@ void tst_QSslSocket::resume_data() QTest::newRow("ignoreAllErrors") << true << QList<QSslError>() << true; QList<QSslCertificate> certs = QSslCertificate::fromPath(QLatin1String(SRCDIR "certs/qt-test-server-cacert.pem")); - QSslError rightError(QSslError::SelfSignedCertificate, certs.at(0)); - QSslError wrongError(QSslError::SelfSignedCertificate); + QSslError rightError(FLUKE_CERTIFICATE_ERROR, certs.at(0)); + QSslError wrongError(FLUKE_CERTIFICATE_ERROR); errorsList.append(wrongError); QTest::newRow("ignoreSpecificErrors-Wrong") << true << errorsList << false; errorsList.clear(); @@ -2757,8 +2752,10 @@ void tst_QSslSocket::setEmptyDefaultConfiguration() // this test should be last, QSslConfiguration emptyConf; QSslConfiguration::setDefaultConfiguration(emptyConf); - QSslSocketPtr socket = newSocket(); - connect(socket.data(), SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(ignoreErrorSlot())); + QSslSocketPtr client = newSocket(); + socket = client.data(); + + connect(socket, SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(ignoreErrorSlot())); socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 443); QFETCH_GLOBAL(bool, setProxy); if (setProxy && socket->waitForEncrypted(4000)) diff --git a/tests/auto/network/ssl/ssl.pro b/tests/auto/network/ssl/ssl.pro index 4e30a9cded..3418a3ae65 100644 --- a/tests/auto/network/ssl/ssl.pro +++ b/tests/auto/network/ssl/ssl.pro @@ -2,6 +2,7 @@ TEMPLATE=subdirs SUBDIRS=\ qsslcertificate \ qsslcipher \ + qsslellipticcurve \ qsslerror \ qsslkey \ |