From f750979b70400e8681204b30282473aa6353ea06 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jeremy=20Lain=C3=A9?= <jeremy.laine@m4x.org>
Date: Wed, 3 Sep 2014 15:38:47 +0200
Subject: ssl: check critical certificate extensions

This adds a test for a QSslCertificate containing extensions which
are marked as critical.

Change-Id: I314e1f5c9943bcad5d43129a97f9f834882dc6fb
Reviewed-by: Richard J. Moore <rich@kde.org>
---
 .../ssl/qsslcertificate/tst_qsslcertificate.cpp    | 47 ++++++++++++++++++++++
 1 file changed, 47 insertions(+)

(limited to 'tests')

diff --git a/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp b/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp
index 138b1b5f15..56530acb14 100644
--- a/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp
+++ b/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp
@@ -111,6 +111,7 @@ private slots:
     void subjectAndIssuerAttributes();
     void verify();
     void extensions();
+    void extensionsCritical();
     void threadSafeConstMethods();
     void version_data();
     void version();
@@ -1150,7 +1151,53 @@ void tst_QSslCertificate::extensions()
     QCOMPARE(authValue.keys(), QList<QString>() << QStringLiteral("keyid"));
     QVERIFY(authValue[QStringLiteral("keyid")].toByteArray() ==
             QByteArray("4e43c81d76ef37537a4ff2586f94f338e2d5bddf"));
+}
+
+void tst_QSslCertificate::extensionsCritical()
+{
+    QList<QSslCertificate> certList =
+        QSslCertificate::fromPath(testDataDir + "/verify-certs/test-addons-mozilla-org-cert.pem");
+    QVERIFY2(certList.count() > 0, "Please run this test from the source directory");
+
+    QSslCertificate cert = certList[0];
+    QList<QSslCertificateExtension> extensions = cert.extensions();
+#ifdef Q_OS_WINRT
+    QEXPECT_FAIL("", "QTBUG-40884: WinRT API does not support extensions information", Abort);
+#endif
+    QVERIFY(extensions.count() == 9);
+
+    int basic_constraints_idx = -1;
+    int key_usage_idx = -1;
+
+    for (int i=0; i < extensions.length(); ++i) {
+        QSslCertificateExtension ext = extensions[i];
+
+        if (ext.name() == QStringLiteral("basicConstraints"))
+            basic_constraints_idx = i;
+        if (ext.name() == QStringLiteral("keyUsage"))
+            key_usage_idx = i;
+    }
+
+    QVERIFY(basic_constraints_idx != -1);
+    QVERIFY(key_usage_idx != -1);
+
+    // Basic constraints
+    QSslCertificateExtension basic = extensions[basic_constraints_idx];
+    QVERIFY(basic.oid() == QStringLiteral("2.5.29.19"));
+    QVERIFY(basic.name() == QStringLiteral("basicConstraints"));
+    QVERIFY(basic.isCritical());
+    QVERIFY(basic.isSupported());
+
+    QVariantMap basicValue = basic.value().toMap();
+    QCOMPARE(basicValue.keys(), QList<QString>() << QStringLiteral("ca"));
+    QVERIFY(basicValue[QStringLiteral("ca")].toBool() == false);
 
+    // Key Usage
+    QSslCertificateExtension keyUsage = extensions[key_usage_idx];
+    QVERIFY(keyUsage.oid() == QStringLiteral("2.5.29.15"));
+    QVERIFY(keyUsage.name() == QStringLiteral("keyUsage"));
+    QVERIFY(keyUsage.isCritical());
+    QVERIFY(!keyUsage.isSupported());
 }
 
 class TestThread : public QThread
-- 
cgit v1.2.3