From c45802e33a564bfca4745e31193bc1c2fb3520fa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?M=C3=A5rten=20Nordheim?= Date: Tue, 19 Dec 2017 16:47:44 +0100 Subject: QSslKey: Implement PKCS#8 support for the generic backend This patch adds the ability to decode keys which are encoded with PKCS#8 using the generic back-end (used in winrt and secure transport). It works on both WinRT and macOS; however QSslKey seems unused in the WinRT backend and it seems only RSA keys can be used for certificates on macOS. Meaning that DSA and Ec, which in theory* should represent their unencrypted versions, can't currently be tested properly. * Can also be confirmed by loading the key using the ST or WinRT backend, calling toPem(), writing the output to a file and then loading the unencrypted key using openssl. [ChangeLog][QtNetwork][QSslKey] Added support for PKCS#8-encoded keys in the generic SSL back-end (used for SecureTransport on macOS and for WinRT). Note that it does not support keys encrypted with a PKCS#12 algorithm. Task-number: QTBUG-59068 Change-Id: Ib27338edc7dbcb5c5e4b02addfdb4b62ac93a4c3 Reviewed-by: Timur Pocheptsov Reviewed-by: Edward Welbourne --- tests/auto/network/ssl/qsslkey/tst_qsslkey.cpp | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) (limited to 'tests/auto/network') diff --git a/tests/auto/network/ssl/qsslkey/tst_qsslkey.cpp b/tests/auto/network/ssl/qsslkey/tst_qsslkey.cpp index e39bcd30e5..ddfe52c5e4 100644 --- a/tests/auto/network/ssl/qsslkey/tst_qsslkey.cpp +++ b/tests/auto/network/ssl/qsslkey/tst_qsslkey.cpp @@ -164,10 +164,15 @@ void tst_QSslKey::createPlainTestRows(bool filter, QSsl::EncodingFormat format) foreach (KeyInfo keyInfo, keyInfoList) { if (filter && keyInfo.format != format) continue; - +#ifdef Q_OS_WINRT + if (keyInfo.fileInfo.fileName().contains("RC2-64")) + continue; // WinRT treats RC2 as 128 bit +#endif #if !defined(QT_NO_SSL) && defined(QT_NO_OPENSSL) // generic backend - if (keyInfo.fileInfo.fileName().contains("pkcs8")) - continue; // The generic backend does not support pkcs8 (yet) + if (keyInfo.fileInfo.fileName().contains(QRegularExpression("-aes\\d\\d\\d-"))) + continue; // No AES support in the generic back-end + if (keyInfo.fileInfo.fileName().contains("pkcs8-pkcs12")) + continue; // The generic back-end doesn't support PKCS#12 algorithms #endif QTest::newRow(keyInfo.fileInfo.fileName().toLatin1()) @@ -324,11 +329,15 @@ void tst_QSslKey::toPemOrDer() QFETCH(QSsl::KeyType, type); QFETCH(QSsl::EncodingFormat, format); - if (QByteArray(QTest::currentDataTag()).contains("-pkcs8-")) // these are encrypted + QByteArray dataTag = QByteArray(QTest::currentDataTag()); + if (dataTag.contains("-pkcs8-")) // these are encrypted QSKIP("Encrypted PKCS#8 keys gets decrypted when loaded. So we can't compare it to the encrypted version."); #ifndef QT_NO_OPENSSL - if (QByteArray(QTest::currentDataTag()).contains("pkcs8")) + if (dataTag.contains("pkcs8")) QSKIP("OpenSSL converts PKCS#8 keys to other formats, invalidating comparisons."); +#else // !openssl + if (dataTag.contains("pkcs8") && dataTag.contains("rsa")) + QSKIP("PKCS#8 RSA keys are changed into a different format in the generic back-end, meaning the comparison fails."); #endif // openssl QByteArray encoded = readFile(absFilePath); -- cgit v1.2.3