diff options
Diffstat (limited to 'tests/auto/qsslcertificate')
23 files changed, 888 insertions, 0 deletions
diff --git a/tests/auto/qsslcertificate/.gitignore b/tests/auto/qsslcertificate/.gitignore new file mode 100644 index 0000000..25b3475 --- /dev/null +++ b/tests/auto/qsslcertificate/.gitignore @@ -0,0 +1 @@ +tst_qsslcertificate diff --git a/tests/auto/qsslcertificate/certificates/ca-cert.pem b/tests/auto/qsslcertificate/certificates/ca-cert.pem new file mode 100644 index 0000000..bcba68a --- /dev/null +++ b/tests/auto/qsslcertificate/certificates/ca-cert.pem @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE----- +MIIC5TCCAk6gAwIBAgIBATANBgkqhkiG9w0BAQQFADBcMQswCQYDVQQGEwJBVTET +MBEGA1UECBMKUXVlZW5zbGFuZDEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQx +HDAaBgNVBAMTE1Rlc3QgUENBICgxMDI0IGJpdCkwHhcNOTkxMjAyMjEzODUxWhcN +MDUwNzEwMjEzODUxWjBbMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFu +ZDEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxGzAZBgNVBAMTElRlc3QgQ0Eg +KDEwMjQgYml0KTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAo7ujy3XXpU/p +yDJtOxkMJmGv3mdiVm7JrdoKLUgqjO2rBaeNuYMUiuI6oYU+tlD6agwRML0Pn2JF +b90VdK/UXrmRr9djaEuH17EIKjte5RwOzndCndsjcCYyoeODMTyg7dqPIkDMmRNM +5R5xBTabD+Aji0wzQupYxBLuW5PLj7ECAwEAAaOBtzCBtDAdBgNVHQ4EFgQU1WWA +U42mkhi3ecgey1dsJjU61+UwgYQGA1UdIwR9MHuAFE0RaEcrj18q1dw+G6nJbsTW +R213oWCkXjBcMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG +A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxHDAaBgNVBAMTE1Rlc3QgUENBICgxMDI0 +IGJpdCmCAQAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBb39BRphHL +6aRAQyymsvBvPSCiG9+kR0R1L23aTpNbhXp2BebyFjbEQYZc2kWGiKKcHkNECA35 +3d4LoqUlVey8DFyafOIJd9hxdZfg+rxlHMxnL7uCJRmx9+xB411Jtsol9/wg1uCK +sleGpgB4j8cG2SVCz7V2MNZNK+d5QCnR7A== +-----END CERTIFICATE----- +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQCju6PLddelT+nIMm07GQwmYa/eZ2JWbsmt2gotSCqM7asFp425 +gxSK4jqhhT62UPpqDBEwvQ+fYkVv3RV0r9ReuZGv12NoS4fXsQgqO17lHA7Od0Kd +2yNwJjKh44MxPKDt2o8iQMyZE0zlHnEFNpsP4COLTDNC6ljEEu5bk8uPsQIDAQAB +AoGAVZmpFZsDZfr0l2S9tLLwpjRWNOlKATQkno6q2WesT0eGLQufTciY+c8ypfU6 +hyio8r5iUl/VhhdjhAtKx1mRpiotftHo/eYf8rtsrnprOnWG0bWjLjtIoMbcxGn2 +J3bN6LJmbJMjDs0eJ3KnTu646F3nDUw2oGAwmpzKXA1KAP0CQQDRvQhxk2D3Pehs +HvG665u2pB5ipYQngEFlZO7RHJZzJOZEWSLuuMqaF/7pTfA5jiBvWqCgJeCRRInL +21ru4dlPAkEAx9jj7BgKn5TYnMoBSSe0afjsV9oApVpN1Nacb1YDtCwy+scp3++s +nFxlv98wxIlSdpwMUn+AUWfjiWR7Tu/G/wJBAJ/KjwZIrFVxewP0x2ILYsTRYLzz +MS4PDsO7FB+I0i7DbBOifXS2oNSpd3I0CNMwrxFnUHzynpbOStVfN3ZL5w0CQQCa +pwFahxBRhkJKsxhjoFJBX9yl75JoY4Wvm5Tbo9ih6UJaRx3kqfkN14L2BKYcsZgb +KY9vmDOYy6iNfjDeWTfJAkBkfPUb8oTJ/nSP5zN6sqGxSY4krc4xLxpRmxoJ8HL2 +XfhqXkTzbU13RX9JJ/NZ8vQN9Vm2NhxRGJocQkmcdVtJ +-----END RSA PRIVATE KEY----- diff --git a/tests/auto/qsslcertificate/certificates/ca-cert.pem.digest-md5 b/tests/auto/qsslcertificate/certificates/ca-cert.pem.digest-md5 new file mode 100644 index 0000000..800a05b --- /dev/null +++ b/tests/auto/qsslcertificate/certificates/ca-cert.pem.digest-md5 @@ -0,0 +1 @@ +MD5 Fingerprint=EF:02:83:EA:AC:AF:6A:D0:8D:4F:56:A8:2B:A1:C5:D3 diff --git a/tests/auto/qsslcertificate/certificates/ca-cert.pem.digest-sha1 b/tests/auto/qsslcertificate/certificates/ca-cert.pem.digest-sha1 new file mode 100644 index 0000000..df311a8 --- /dev/null +++ b/tests/auto/qsslcertificate/certificates/ca-cert.pem.digest-sha1 @@ -0,0 +1 @@ +SHA1 Fingerprint=A6:CC:2A:D7:E3:8F:49:E7:8B:4F:76:E8:E0:FA:37:5E:62:2F:66:23 diff --git a/tests/auto/qsslcertificate/certificates/cert-ss-san.pem b/tests/auto/qsslcertificate/certificates/cert-ss-san.pem new file mode 100644 index 0000000..3d0bdfc --- /dev/null +++ b/tests/auto/qsslcertificate/certificates/cert-ss-san.pem @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB9zCCAWCgAwIBAgIJAIyyZjJFdeyIMA0GCSqGSIb3DQEBBQUAMBwxGjAYBgNV +BAMTEUpvaG5ueSBHdWl0YXJDPU5PMB4XDTA3MDQyMDEwMzIzOVoXDTA3MDUyMDEw +MzIzOVowHDEaMBgGA1UEAxMRSm9obm55IEd1aXRhckM9Tk8wgZ8wDQYJKoZIhvcN +AQEBBQADgY0AMIGJAoGBANPgV/8gMg5Gh4vhfcoUTHXTqhcEuCh5VE/h57Ea7uj4 +1/bQtUNUvRZO21KtAmLHkFLoNQqeYbFJ4ZP7u/R/WDNk76EQtYNcMmJgSu/QRlxj +bEFFBOPPflQH7nYdneMegszzijRQ25oZhnjbyI0xZgqpNZwipBkC5lPgsrmlOckd +AgMBAAGjQTA/MD0GA1UdEQQ2MDSBD2FybmVAZm9vYmFyLm9yZ4IOd3d3LmZvb2Jh +ci5vcmeBEWJqYXJuZUBmb29iYXIub3JnMA0GCSqGSIb3DQEBBQUAA4GBAFVqCnFr +5EevQiVtAbDlTSbTJ3XWJSzjU0yf+tNYvPEIEqoDVh25YhSNWqRCMYFiUomj55WY +Rf7C4JM/eRlo99xnR4OtJzfLi+q1eKhl53cuwooajRjVOxQsdHpke51L9UzibKGw +0o8D/FNBw+D4GwIC1sdKw2UWAeaMhNzSEWKA +-----END CERTIFICATE----- diff --git a/tests/auto/qsslcertificate/certificates/cert-ss-san.pem.san b/tests/auto/qsslcertificate/certificates/cert-ss-san.pem.san new file mode 100644 index 0000000..f46a637 --- /dev/null +++ b/tests/auto/qsslcertificate/certificates/cert-ss-san.pem.san @@ -0,0 +1,5 @@ +[subj_alt_name] +subjectAltName=\ + email:arne@foobar.org,\ + DNS:www.foobar.org,\ + email:bjarne@foobar.org diff --git a/tests/auto/qsslcertificate/certificates/cert-ss.der b/tests/auto/qsslcertificate/certificates/cert-ss.der Binary files differnew file mode 100644 index 0000000..ea9eedc --- /dev/null +++ b/tests/auto/qsslcertificate/certificates/cert-ss.der diff --git a/tests/auto/qsslcertificate/certificates/cert-ss.der.pubkey b/tests/auto/qsslcertificate/certificates/cert-ss.der.pubkey Binary files differnew file mode 100644 index 0000000..48d2b99 --- /dev/null +++ b/tests/auto/qsslcertificate/certificates/cert-ss.der.pubkey diff --git a/tests/auto/qsslcertificate/certificates/cert-ss.pem b/tests/auto/qsslcertificate/certificates/cert-ss.pem new file mode 100644 index 0000000..b2626f3 --- /dev/null +++ b/tests/auto/qsslcertificate/certificates/cert-ss.pem @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIByTCCATICCQDiwxj6Xps7zDANBgkqhkiG9w0BAQUFADApMRowGAYDVQQDExFu +YW1lL3dpdGgvc2xhc2hlczELMAkGA1UEBhMCTk8wHhcNMDcwNDE3MDc0MDI2WhcN +MDcwNTE3MDc0MDI2WjApMRowGAYDVQQDExFuYW1lL3dpdGgvc2xhc2hlczELMAkG +A1UEBhMCTk8wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOud6QOsME+pWANE +xxgmL0iT1ayg++hTxHsqAYnm/FoMxfUh+NdKkgJn2/GfNppinfPOSI667VqonU+7 +JBZDTLV5CPbZIo9fFQpDJQN6naev4yaxU1VeYFfI7S8c8zYKeGSR+RenNNeLvfH8 +0YxPpZZ1snv8IfDH2V8MVxiyr7lLAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAT9Kz +0kg75nMzcg23J0q6OGvkj0VO6QOaAwqt6v+Kp5kgOzUEisbVt9oxZrWwkEw6dFNN +cl7Blq6HQm6beezJobhEsi3G8OjVBrTDFb+jqPi/kwXuKL3QyfY2r/LRuINGrBDi +Ewg7KuI0qZPe0bQ9NCM5TCD6qCj4vx3HdIHU4Ew= +-----END CERTIFICATE----- diff --git a/tests/auto/qsslcertificate/certificates/cert-ss.pem.digest-md5 b/tests/auto/qsslcertificate/certificates/cert-ss.pem.digest-md5 new file mode 100644 index 0000000..62f4d76 --- /dev/null +++ b/tests/auto/qsslcertificate/certificates/cert-ss.pem.digest-md5 @@ -0,0 +1 @@ +MD5 Fingerprint=F4:2B:9D:73:2B:C8:26:56:60:9C:7F:58:66:07:4A:46 diff --git a/tests/auto/qsslcertificate/certificates/cert-ss.pem.digest-sha1 b/tests/auto/qsslcertificate/certificates/cert-ss.pem.digest-sha1 new file mode 100644 index 0000000..02430ed --- /dev/null +++ b/tests/auto/qsslcertificate/certificates/cert-ss.pem.digest-sha1 @@ -0,0 +1 @@ +SHA1 Fingerprint=B5:CF:31:AE:89:FB:BA:20:31:89:BA:71:06:7C:D7:84:9D:39:9E:46 diff --git a/tests/auto/qsslcertificate/certificates/cert-ss.pem.pubkey b/tests/auto/qsslcertificate/certificates/cert-ss.pem.pubkey new file mode 100644 index 0000000..5344d11 --- /dev/null +++ b/tests/auto/qsslcertificate/certificates/cert-ss.pem.pubkey @@ -0,0 +1,6 @@ +-----BEGIN PUBLIC KEY----- +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDrnekDrDBPqVgDRMcYJi9Ik9Ws +oPvoU8R7KgGJ5vxaDMX1IfjXSpICZ9vxnzaaYp3zzkiOuu1aqJ1PuyQWQ0y1eQj2 +2SKPXxUKQyUDep2nr+MmsVNVXmBXyO0vHPM2CnhkkfkXpzTXi73x/NGMT6WWdbJ7 +/CHwx9lfDFcYsq+5SwIDAQAB +-----END PUBLIC KEY----- diff --git a/tests/auto/qsslcertificate/certificates/cert.der b/tests/auto/qsslcertificate/certificates/cert.der Binary files differnew file mode 100644 index 0000000..aeb8571 --- /dev/null +++ b/tests/auto/qsslcertificate/certificates/cert.der diff --git a/tests/auto/qsslcertificate/certificates/cert.der.pubkey b/tests/auto/qsslcertificate/certificates/cert.der.pubkey Binary files differnew file mode 100644 index 0000000..48d2b99 --- /dev/null +++ b/tests/auto/qsslcertificate/certificates/cert.der.pubkey diff --git a/tests/auto/qsslcertificate/certificates/cert.pem b/tests/auto/qsslcertificate/certificates/cert.pem new file mode 100644 index 0000000..295010c --- /dev/null +++ b/tests/auto/qsslcertificate/certificates/cert.pem @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB8zCCAVwCAREwDQYJKoZIhvcNAQEFBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV +BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD +VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNMDcwNDE3MDc0MDI2WhcNMDcwNTE3 +MDc0MDI2WjApMRowGAYDVQQDExFuYW1lL3dpdGgvc2xhc2hlczELMAkGA1UEBhMC +Tk8wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOud6QOsME+pWANExxgmL0iT +1ayg++hTxHsqAYnm/FoMxfUh+NdKkgJn2/GfNppinfPOSI667VqonU+7JBZDTLV5 +CPbZIo9fFQpDJQN6naev4yaxU1VeYFfI7S8c8zYKeGSR+RenNNeLvfH80YxPpZZ1 +snv8IfDH2V8MVxiyr7lLAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAleaU4pgzV6KY ++q9QuXapUYMsC2GiNtDmkG3k+MTHUO8XlE4hqPrIM6rRf7zKQdZ950R2wL9FSnYl +Qm1Tdv38dCka6ivMBqvRuOt9axH3m0G7nzHL7U3zaCbtEx3yVln+b3yYtiVpTuq0 +3MLrt7tQGAW6ra8ISf6YY1W65/uVXZE= +-----END CERTIFICATE----- diff --git a/tests/auto/qsslcertificate/certificates/cert.pem.digest-md5 b/tests/auto/qsslcertificate/certificates/cert.pem.digest-md5 new file mode 100644 index 0000000..5333f63 --- /dev/null +++ b/tests/auto/qsslcertificate/certificates/cert.pem.digest-md5 @@ -0,0 +1 @@ +MD5 Fingerprint=B6:CF:57:34:DA:A9:73:21:82:F7:CF:4D:3D:85:31:88 diff --git a/tests/auto/qsslcertificate/certificates/cert.pem.digest-sha1 b/tests/auto/qsslcertificate/certificates/cert.pem.digest-sha1 new file mode 100644 index 0000000..62f84de --- /dev/null +++ b/tests/auto/qsslcertificate/certificates/cert.pem.digest-sha1 @@ -0,0 +1 @@ +SHA1 Fingerprint=B6:D1:51:82:E0:29:CA:59:96:38:BD:B6:F9:40:05:91:6D:49:09:60 diff --git a/tests/auto/qsslcertificate/certificates/cert.pem.pubkey b/tests/auto/qsslcertificate/certificates/cert.pem.pubkey new file mode 100644 index 0000000..5344d11 --- /dev/null +++ b/tests/auto/qsslcertificate/certificates/cert.pem.pubkey @@ -0,0 +1,6 @@ +-----BEGIN PUBLIC KEY----- +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDrnekDrDBPqVgDRMcYJi9Ik9Ws +oPvoU8R7KgGJ5vxaDMX1IfjXSpICZ9vxnzaaYp3zzkiOuu1aqJ1PuyQWQ0y1eQj2 +2SKPXxUKQyUDep2nr+MmsVNVXmBXyO0vHPM2CnhkkfkXpzTXi73x/NGMT6WWdbJ7 +/CHwx9lfDFcYsq+5SwIDAQAB +-----END PUBLIC KEY----- diff --git a/tests/auto/qsslcertificate/certificates/gencertificates.sh b/tests/auto/qsslcertificate/certificates/gencertificates.sh new file mode 100755 index 0000000..2c0bdea --- /dev/null +++ b/tests/auto/qsslcertificate/certificates/gencertificates.sh @@ -0,0 +1,54 @@ +#!/bin/sh + +# This script generates digital certificates of different types. + +#--- Certificates --------------------------------------------------------------------------- +echo -e "\ngenerating 1024-bit RSA private key to PEM file ..." +openssl genrsa -out rsa-pri-1024.pem 1024 + +echo -e "\ngenerating the corresponding public key to PEM and DER file ..." +openssl rsa -in rsa-pri-1024.pem -pubout -out rsa-pub-1024.pem +openssl rsa -in rsa-pri-1024.pem -pubout -out rsa-pub-1024.der -outform der + +echo -e "\ngenerating certificate signing request (CSR) ..." +openssl req -out req.pem -new -key rsa-pri-1024.pem -subj "/CN=name\/with\/slashes/C=NO" + +echo -e "\n generating a self-signed certifificate to PEM file ..." +openssl x509 -req -in req.pem -out cert-ss.pem -signkey rsa-pri-1024.pem + +echo -e "\n generating a self-signed certifificate to DER file ..." +openssl x509 -req -in req.pem -out cert-ss.der -signkey rsa-pri-1024.pem -outform der + +echo -e "\n generating a certifificate signed by a dummy CA to PEM file ..." +openssl x509 -req -in req.pem -out cert.pem -CA ca-cert.pem -set_serial 17 + +echo -e "\n generating a certifificate signed by a dummy CA to DER file ..." +openssl x509 -req -in req.pem -out cert.der -CA ca-cert.pem -set_serial 17 -outform der + +#--- Public keys -------------------------------------------------------------------------------- +echo -e "\n associate public keys with all certificates ..." +# Note: For now, there is only one public key (encoded in both PEM and DER), but that could change. +/bin/cp rsa-pub-1024.pem cert-ss.pem.pubkey +/bin/cp rsa-pub-1024.der cert-ss.der.pubkey +/bin/cp rsa-pub-1024.pem cert.pem.pubkey +/bin/cp rsa-pub-1024.der cert.der.pubkey + +#--- Digests -------------------------------------------------------------------------------- +echo -e "\n generating md5 and sha1 digests of all certificates ..." +for digest in md5 sha1 +do + openssl x509 -in ca-cert.pem -noout -fingerprint -$digest > ca-cert.pem.digest-$digest + openssl x509 -in cert-ss.pem -noout -fingerprint -$digest > cert-ss.pem.digest-$digest + openssl x509 -in cert.pem -noout -fingerprint -$digest > cert.pem.digest-$digest +done + +#--- Subjet Alternative Name extension ---------------------------------------------------- +echo -e "\n generating self signed root cert. with Subject Alternative Name extension (X509v3) ..." +outname=cert-ss-san.pem +openssl req -out req-san.pem -new -key rsa-pri-1024.pem -subj "/CN=Johnny GuitarC=NO" +openssl req -x509 -in req-san.pem -out $outname -key rsa-pri-1024.pem \ + -config san.cnf -extensions subj_alt_name +/bin/cp san.cnf $outname.san + +echo -e "\n cleaning up ..." +/bin/rm rsa-pri-1024.pem rsa-pub-1024.* req*.pem diff --git a/tests/auto/qsslcertificate/certificates/san.cnf b/tests/auto/qsslcertificate/certificates/san.cnf new file mode 100644 index 0000000..f46a637 --- /dev/null +++ b/tests/auto/qsslcertificate/certificates/san.cnf @@ -0,0 +1,5 @@ +[subj_alt_name] +subjectAltName=\ + email:arne@foobar.org,\ + DNS:www.foobar.org,\ + email:bjarne@foobar.org diff --git a/tests/auto/qsslcertificate/more-certificates/trailing-whitespace.pem b/tests/auto/qsslcertificate/more-certificates/trailing-whitespace.pem new file mode 100644 index 0000000..e48195d --- /dev/null +++ b/tests/auto/qsslcertificate/more-certificates/trailing-whitespace.pem @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB8zCCAVwCAREwDQYJKoZIhvcNAQEFBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV +BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD +VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNMDcwNDE3MDc0MDI2WhcNMDcwNTE3 +MDc0MDI2WjApMRowGAYDVQQDExFuYW1lL3dpdGgvc2xhc2hlczELMAkGA1UEBhMC +Tk8wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOud6QOsME+pWANExxgmL0iT +1ayg++hTxHsqAYnm/FoMxfUh+NdKkgJn2/GfNppinfPOSI667VqonU+7JBZDTLV5 +CPbZIo9fFQpDJQN6naev4yaxU1VeYFfI7S8c8zYKeGSR+RenNNeLvfH80YxPpZZ1 +snv8IfDH2V8MVxiyr7lLAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAleaU4pgzV6KY ++q9QuXapUYMsC2GiNtDmkG3k+MTHUO8XlE4hqPrIM6rRf7zKQdZ950R2wL9FSnYl +Qm1Tdv38dCka6ivMBqvRuOt9axH3m0G7nzHL7U3zaCbtEx3yVln+b3yYtiVpTuq0 +3MLrt7tQGAW6ra8ISf6YY1W65/uVXZE= +-----END CERTIFICATE----- diff --git a/tests/auto/qsslcertificate/qsslcertificate.pro b/tests/auto/qsslcertificate/qsslcertificate.pro new file mode 100644 index 0000000..f3f7adb --- /dev/null +++ b/tests/auto/qsslcertificate/qsslcertificate.pro @@ -0,0 +1,26 @@ +load(qttest_p4) + +SOURCES += tst_qsslcertificate.cpp +!wince*:win32:LIBS += -lws2_32 +QT += network + +TARGET = tst_qsslcertificate + +win32 { + CONFIG(debug, debug|release) { + DESTDIR = debug +} else { + DESTDIR = release + } +} + +wince*: { + certFiles.sources = certificates more-certificates + certFiles.path = . + DEPLOYMENT += certFiles + DEFINES += SRCDIR=\\\".\\\" +} else { + DEFINES += SRCDIR=\\\"$$PWD/\\\" +} + + diff --git a/tests/auto/qsslcertificate/tst_qsslcertificate.cpp b/tests/auto/qsslcertificate/tst_qsslcertificate.cpp new file mode 100644 index 0000000..6f50fc4 --- /dev/null +++ b/tests/auto/qsslcertificate/tst_qsslcertificate.cpp @@ -0,0 +1,695 @@ +/**************************************************************************** +** +** Copyright (C) 2009 Nokia Corporation and/or its subsidiary(-ies). +** Contact: Qt Software Information (qt-info@nokia.com) +** +** This file is part of the test suite of the Qt Toolkit. +** +** $QT_BEGIN_LICENSE:LGPL$ +** No Commercial Usage +** This file contains pre-release code and may not be distributed. +** You may use this file in accordance with the terms and conditions +** contained in the either Technology Preview License Agreement or the +** Beta Release License Agreement. +** +** GNU Lesser General Public License Usage +** Alternatively, this file may be used under the terms of the GNU Lesser +** General Public License version 2.1 as published by the Free Software +** Foundation and appearing in the file LICENSE.LGPL included in the +** packaging of this file. Please review the following information to +** ensure the GNU Lesser General Public License version 2.1 requirements +** will be met: http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html. +** +** In addition, as a special exception, Nokia gives you certain +** additional rights. These rights are described in the Nokia Qt LGPL +** Exception version 1.0, included in the file LGPL_EXCEPTION.txt in this +** package. +** +** GNU General Public License Usage +** Alternatively, this file may be used under the terms of the GNU +** General Public License version 3.0 as published by the Free Software +** Foundation and appearing in the file LICENSE.GPL included in the +** packaging of this file. Please review the following information to +** ensure the GNU General Public License version 3.0 requirements will be +** met: http://www.gnu.org/copyleft/gpl.html. +** +** If you are unsure which license is appropriate for your use, please +** contact the sales department at qt-sales@nokia.com. +** $QT_END_LICENSE$ +** +****************************************************************************/ + + +#include <QtTest/QtTest> +#include <qsslcertificate.h> +#include <qsslkey.h> +#include <qsslsocket.h> + +class tst_QSslCertificate : public QObject +{ + Q_OBJECT + + struct CertInfo { + QFileInfo fileInfo; + QFileInfo fileInfo_digest_md5; + QFileInfo fileInfo_digest_sha1; + QSsl::EncodingFormat format; + CertInfo(const QFileInfo &fileInfo, QSsl::EncodingFormat format) + : fileInfo(fileInfo), format(format) {} + }; + + QList<CertInfo> certInfoList; + QMap<QString, QString> subjAltNameMap; + QMap<QString, QString> pubkeyMap; + QMap<QString, QString> md5Map; + QMap<QString, QString> sha1Map; + + void createTestRows(); +#ifndef QT_NO_OPENSSL + void compareCertificates(const QSslCertificate & cert1, const QSslCertificate & cert2); +#endif + + QString oldCurrentDir; +public: + tst_QSslCertificate(); + virtual ~tst_QSslCertificate(); + +public slots: + void initTestCase_data(); + void init(); + void cleanup(); + +#ifndef QT_NO_OPENSSL +private slots: + void emptyConstructor(); + void constructor_data(); + void constructor(); + void constructingGarbage(); + void copyAndAssign_data(); + void copyAndAssign(); + void digest_data(); + void digest(); + void alternateSubjectNames_data(); + void alternateSubjectNames(); + void publicKey_data(); + void publicKey(); + void toPemOrDer_data(); + void toPemOrDer(); + void fromDevice(); + void fromPath_data(); + void fromPath(); + void certInfo(); +// ### add tests for certificate bundles (multiple certificates concatenated into a single +// structure); both PEM and DER formatted +#endif +}; + +tst_QSslCertificate::tst_QSslCertificate() +{ +#ifdef Q_WS_MAC + // applicationDirPath() points to a path inside the app bundle on Mac. + QDir dir(qApp->applicationDirPath() + QLatin1String("/../../../certificates")); +#else + QDir dir(SRCDIR + QLatin1String("/certificates")); +#endif + QFileInfoList fileInfoList = dir.entryInfoList(QDir::Files | QDir::Readable); + QRegExp rxCert(QLatin1String("^.+\\.(pem|der)$")); + QRegExp rxSan(QLatin1String("^(.+\\.(?:pem|der))\\.san$")); + QRegExp rxPubKey(QLatin1String("^(.+\\.(?:pem|der))\\.pubkey$")); + QRegExp rxDigest(QLatin1String("^(.+\\.(?:pem|der))\\.digest-(md5|sha1)$")); + foreach (QFileInfo fileInfo, fileInfoList) { + if (rxCert.indexIn(fileInfo.fileName()) >= 0) + certInfoList << + CertInfo(fileInfo, + rxCert.cap(1) == QLatin1String("pem") ? QSsl::Pem : QSsl::Der); + if (rxSan.indexIn(fileInfo.fileName()) >= 0) + subjAltNameMap.insert(rxSan.cap(1), fileInfo.absoluteFilePath()); + if (rxPubKey.indexIn(fileInfo.fileName()) >= 0) + pubkeyMap.insert(rxPubKey.cap(1), fileInfo.absoluteFilePath()); + if (rxDigest.indexIn(fileInfo.fileName()) >= 0) { + if (rxDigest.cap(2) == QLatin1String("md5")) + md5Map.insert(rxDigest.cap(1), fileInfo.absoluteFilePath()); + else + sha1Map.insert(rxDigest.cap(1), fileInfo.absoluteFilePath()); + } + } +} + +tst_QSslCertificate::~tst_QSslCertificate() +{ +} + +void tst_QSslCertificate::initTestCase_data() +{ +} + +void tst_QSslCertificate::init() +{ + QString srcdir(QLatin1String(SRCDIR)); + if (!srcdir.isEmpty()) { + oldCurrentDir = QDir::current().absolutePath(); + QDir::setCurrent(srcdir); + } +} + +void tst_QSslCertificate::cleanup() +{ + if (!oldCurrentDir.isEmpty()) { + QDir::setCurrent(oldCurrentDir); + } + +} + +static QByteArray readFile(const QString &absFilePath) +{ + QFile file(absFilePath); + if (!file.open(QIODevice::ReadOnly)) { + QWARN("failed to open file"); + return QByteArray(); + } + return file.readAll(); +} + +#ifndef QT_NO_OPENSSL + +void tst_QSslCertificate::emptyConstructor() +{ + if (!QSslSocket::supportsSsl()) + return; + + QSslCertificate certificate; + QVERIFY(certificate.isNull()); + //make sure none of the functions crash (task 203035) + QVERIFY(!certificate.isValid()); + QCOMPARE(certificate.version() , QByteArray()); + QCOMPARE(certificate.serialNumber(), QByteArray()); + QCOMPARE(certificate.digest(), QCryptographicHash::hash(QByteArray(), QCryptographicHash::Md5)); + QCOMPARE(certificate.issuerInfo(QSslCertificate::Organization), QString()); + QCOMPARE(certificate.subjectInfo(QSslCertificate::Organization), QString()); + QCOMPARE(certificate.alternateSubjectNames(),(QMultiMap<QSsl::AlternateNameEntryType, QString>())); +#ifndef QT_NO_TEXTSTREAM + QCOMPARE(certificate.effectiveDate(), QDateTime()); + QCOMPARE(certificate.expiryDate(), QDateTime()); +#endif +} + +Q_DECLARE_METATYPE(QSsl::EncodingFormat); + +void tst_QSslCertificate::createTestRows() +{ + QTest::addColumn<QString>("absFilePath"); + QTest::addColumn<QSsl::EncodingFormat>("format"); + foreach (CertInfo certInfo, certInfoList) { + QTest::newRow(certInfo.fileInfo.fileName().toLatin1()) + << certInfo.fileInfo.absoluteFilePath() << certInfo.format; + } +} + +void tst_QSslCertificate::constructor_data() +{ + createTestRows(); +} + +void tst_QSslCertificate::constructor() +{ + if (!QSslSocket::supportsSsl()) + return; + + QFETCH(QString, absFilePath); + QFETCH(QSsl::EncodingFormat, format); + + QByteArray encoded = readFile(absFilePath); + QSslCertificate certificate(encoded, format); + QVERIFY(!certificate.isNull()); +} + +void tst_QSslCertificate::constructingGarbage() +{ + if (!QSslSocket::supportsSsl()) + return; + + QByteArray garbage("garbage"); + QSslCertificate certificate(garbage); + QVERIFY(certificate.isNull()); +} + +void tst_QSslCertificate::copyAndAssign_data() +{ + createTestRows(); +} + +void tst_QSslCertificate::compareCertificates( + const QSslCertificate & cert1, const QSslCertificate & cert2) +{ + QCOMPARE(cert1.isNull(), cert2.isNull()); + // Note: in theory, the next line could fail even if the certificates are identical! + QCOMPARE(cert1.isValid(), cert2.isValid()); + QCOMPARE(cert1.version(), cert2.version()); + QCOMPARE(cert1.serialNumber(), cert2.serialNumber()); + QCOMPARE(cert1.digest(), cert2.digest()); + QCOMPARE(cert1.toPem(), cert2.toPem()); + QCOMPARE(cert1.toDer(), cert2.toDer()); + for (int info = QSslCertificate::Organization; + info <= QSslCertificate::StateOrProvinceName; info++) { + const QSslCertificate::SubjectInfo subjectInfo = (QSslCertificate::SubjectInfo)info; + QCOMPARE(cert1.issuerInfo(subjectInfo), cert2.issuerInfo(subjectInfo)); + QCOMPARE(cert1.subjectInfo(subjectInfo), cert2.subjectInfo(subjectInfo)); + } + QCOMPARE(cert1.alternateSubjectNames(), cert2.alternateSubjectNames()); + QCOMPARE(cert1.effectiveDate(), cert2.effectiveDate()); + QCOMPARE(cert1.expiryDate(), cert2.expiryDate()); + // ### add more functions here ... +} + +void tst_QSslCertificate::copyAndAssign() +{ + if (!QSslSocket::supportsSsl()) + return; + + QFETCH(QString, absFilePath); + QFETCH(QSsl::EncodingFormat, format); + + QByteArray encoded = readFile(absFilePath); + QSslCertificate certificate(encoded, format); + + QVERIFY(!certificate.isNull()); + + QSslCertificate copied(certificate); + compareCertificates(certificate, copied); + + QSslCertificate assigned = certificate; + compareCertificates(certificate, assigned); +} + +void tst_QSslCertificate::digest_data() +{ + QTest::addColumn<QString>("absFilePath"); + QTest::addColumn<QSsl::EncodingFormat>("format"); + QTest::addColumn<QString>("absFilePath_digest_md5"); + QTest::addColumn<QString>("absFilePath_digest_sha1"); + foreach (CertInfo certInfo, certInfoList) { + QString certName = certInfo.fileInfo.fileName(); + QTest::newRow(certName.toLatin1()) + << certInfo.fileInfo.absoluteFilePath() + << certInfo.format + << md5Map.value(certName) + << sha1Map.value(certName); + } +} + +// Converts a digest of the form '{MD5|SHA1} Fingerprint=AB:B8:32...' to binary format. +static QByteArray convertDigest(const QByteArray &input) +{ + QByteArray result; + QRegExp rx(QLatin1String("(?:=|:)([0-9A-Fa-f]{2})")); + int pos = 0; + while ((pos = rx.indexIn(input, pos)) != -1) { + result.append(rx.cap(1).toLatin1()); + pos += rx.matchedLength(); + } + return QByteArray::fromHex(result); +} + +void tst_QSslCertificate::digest() +{ + if (!QSslSocket::supportsSsl()) + return; + + QFETCH(QString, absFilePath); + QFETCH(QSsl::EncodingFormat, format); + QFETCH(QString, absFilePath_digest_md5); + QFETCH(QString, absFilePath_digest_sha1); + + QByteArray encoded = readFile(absFilePath); + QSslCertificate certificate(encoded, format); + QVERIFY(!certificate.isNull()); + + if (!absFilePath_digest_md5.isEmpty()) + QCOMPARE(convertDigest(readFile(absFilePath_digest_md5)), + certificate.digest(QCryptographicHash::Md5)); + + if (!absFilePath_digest_sha1.isEmpty()) + QCOMPARE(convertDigest(readFile(absFilePath_digest_sha1)), + certificate.digest(QCryptographicHash::Sha1)); +} + +void tst_QSslCertificate::alternateSubjectNames_data() +{ + QTest::addColumn<QString>("certFilePath"); + QTest::addColumn<QSsl::EncodingFormat>("format"); + QTest::addColumn<QString>("subjAltNameFilePath"); + + foreach (CertInfo certInfo, certInfoList) { + QString certName = certInfo.fileInfo.fileName(); + if (subjAltNameMap.contains(certName)) + QTest::newRow(certName.toLatin1()) + << certInfo.fileInfo.absoluteFilePath() + << certInfo.format + << subjAltNameMap.value(certName); + } +} + +void tst_QSslCertificate::alternateSubjectNames() +{ + if (!QSslSocket::supportsSsl()) + return; + + QFETCH(QString, certFilePath); + QFETCH(QSsl::EncodingFormat, format); + QFETCH(QString, subjAltNameFilePath); + + QByteArray encodedCert = readFile(certFilePath); + QSslCertificate certificate(encodedCert, format); + QVERIFY(!certificate.isNull()); + + QByteArray fileContents = readFile(subjAltNameFilePath); + + const QMultiMap<QSsl::AlternateNameEntryType, QString> altSubjectNames = + certificate.alternateSubjectNames(); + + // verify that each entry in subjAltNames is present in fileContents + QMapIterator<QSsl::AlternateNameEntryType, QString> it(altSubjectNames); + while (it.hasNext()) { + it.next(); + QString type; + if (it.key() == QSsl::EmailEntry) + type = QLatin1String("email"); + else if (it.key() == QSsl::DnsEntry) + type = QLatin1String("DNS"); + else + QFAIL("unsupported alternative name type"); + QString entry = QString("%1:%2").arg(type).arg(it.value()); + QVERIFY(fileContents.contains(entry.toAscii())); + } + + // verify that each entry in fileContents is present in subjAltNames + QRegExp rx(QLatin1String("(email|DNS):([^,\\r\\n]+)")); + for (int pos = 0; (pos = rx.indexIn(fileContents, pos)) != -1; pos += rx.matchedLength()) { + QSsl::AlternateNameEntryType key; + if (rx.cap(1) == QLatin1String("email")) + key = QSsl::EmailEntry; + else if (rx.cap(1) == QLatin1String("DNS")) + key = QSsl::DnsEntry; + else + QFAIL("unsupported alternative name type"); + QVERIFY(altSubjectNames.contains(key, rx.cap(2))); + } +} + +void tst_QSslCertificate::publicKey_data() +{ + QTest::addColumn<QString>("certFilePath"); + QTest::addColumn<QSsl::EncodingFormat>("format"); + QTest::addColumn<QString>("pubkeyFilePath"); + + foreach (CertInfo certInfo, certInfoList) { + QString certName = certInfo.fileInfo.fileName(); + if (pubkeyMap.contains(certName)) + QTest::newRow(certName.toLatin1()) + << certInfo.fileInfo.absoluteFilePath() + << certInfo.format + << pubkeyMap.value(certName); + } +} + +void tst_QSslCertificate::publicKey() +{ + if (!QSslSocket::supportsSsl()) + return; + + QFETCH(QString, certFilePath); + QFETCH(QSsl::EncodingFormat, format); + QFETCH(QString, pubkeyFilePath); + + QByteArray encodedCert = readFile(certFilePath); + QSslCertificate certificate(encodedCert, format); + QVERIFY(!certificate.isNull()); + + QByteArray encodedPubkey = readFile(pubkeyFilePath); + QSslKey pubkey(encodedPubkey, QSsl::Rsa, format, QSsl::PublicKey); // ### support DSA as well! + QVERIFY(!pubkey.isNull()); + + QCOMPARE(certificate.publicKey(), pubkey); +} + +void tst_QSslCertificate::toPemOrDer_data() +{ + createTestRows(); +} + +static const char BeginCertString[] = "-----BEGIN CERTIFICATE-----"; +static const char EndCertString[] = "-----END CERTIFICATE-----"; + +// Returns, in Pem-format, the first certificate found in a Pem-formatted block +// (Note that such a block may contain e.g. a private key at the end). +static QByteArray firstPemCertificateFromPem(const QByteArray &pem) +{ + int startPos = pem.indexOf(BeginCertString); + int endPos = pem.indexOf(EndCertString); + if (startPos == -1 || endPos == -1) + return QByteArray(); + return pem.mid(startPos, endPos + sizeof(EndCertString) - startPos); +} + +void tst_QSslCertificate::toPemOrDer() +{ + if (!QSslSocket::supportsSsl()) + return; + + QFETCH(QString, absFilePath); + QFETCH(QSsl::EncodingFormat, format); + + QByteArray encoded = readFile(absFilePath); + QSslCertificate certificate(encoded, format); + QVERIFY(!certificate.isNull()); + if (format == QSsl::Pem) { + encoded.replace('\r',""); + QByteArray firstPem = firstPemCertificateFromPem(encoded); + QCOMPARE(certificate.toPem(), firstPem); + } else { + // ### for now, we assume that DER-encoded certificates don't contain bundled stuff + QCOMPARE(certificate.toDer(), encoded); + } +} + +void tst_QSslCertificate::fromDevice() +{ + QTest::ignoreMessage(QtWarningMsg, "QSslCertificate::fromDevice: cannot read from a null device"); + QList<QSslCertificate> certs = QSslCertificate::fromDevice(0); // don't crash + QVERIFY(certs.isEmpty()); +} + +void tst_QSslCertificate::fromPath_data() +{ + QTest::addColumn<QString>("path"); + QTest::addColumn<int>("syntax"); + QTest::addColumn<bool>("pemencoding"); + QTest::addColumn<int>("numCerts"); + + QTest::newRow("empty fixed pem") << QString() << int(QRegExp::FixedString) << true << 0; + QTest::newRow("empty fixed der") << QString() << int(QRegExp::FixedString) << false << 0; + QTest::newRow("empty regexp pem") << QString() << int(QRegExp::RegExp) << true << 0; + QTest::newRow("empty regexp der") << QString() << int(QRegExp::RegExp) << false << 0; + QTest::newRow("empty wildcard pem") << QString() << int(QRegExp::Wildcard) << true << 0; + QTest::newRow("empty wildcard der") << QString() << int(QRegExp::Wildcard) << false << 0; + QTest::newRow("\"certificates\" fixed pem") << QString("certificates") << int(QRegExp::FixedString) << true << 0; + QTest::newRow("\"certificates\" fixed der") << QString("certificates") << int(QRegExp::FixedString) << false << 0; + QTest::newRow("\"certificates\" regexp pem") << QString("certificates") << int(QRegExp::RegExp) << true << 0; + QTest::newRow("\"certificates\" regexp der") << QString("certificates") << int(QRegExp::RegExp) << false << 0; + QTest::newRow("\"certificates\" wildcard pem") << QString("certificates") << int(QRegExp::Wildcard) << true << 0; + QTest::newRow("\"certificates\" wildcard der") << QString("certificates") << int(QRegExp::Wildcard) << false << 0; + QTest::newRow("\"certificates/cert.pem\" fixed pem") << QString("certificates/cert.pem") << int(QRegExp::FixedString) << true << 1; + QTest::newRow("\"certificates/cert.pem\" fixed der") << QString("certificates/cert.pem") << int(QRegExp::FixedString) << false << 0; + QTest::newRow("\"certificates/cert.pem\" regexp pem") << QString("certificates/cert.pem") << int(QRegExp::RegExp) << true << 1; + QTest::newRow("\"certificates/cert.pem\" regexp der") << QString("certificates/cert.pem") << int(QRegExp::RegExp) << false << 0; + QTest::newRow("\"certificates/cert.pem\" wildcard pem") << QString("certificates/cert.pem") << int(QRegExp::Wildcard) << true << 1; + QTest::newRow("\"certificates/cert.pem\" wildcard der") << QString("certificates/cert.pem") << int(QRegExp::Wildcard) << false << 0; + QTest::newRow("\"certificates/*\" fixed pem") << QString("certificates/*") << int(QRegExp::FixedString) << true << 0; + QTest::newRow("\"certificates/*\" fixed der") << QString("certificates/*") << int(QRegExp::FixedString) << false << 0; + QTest::newRow("\"certificates/*\" regexp pem") << QString("certificates/*") << int(QRegExp::RegExp) << true << 0; + QTest::newRow("\"certificates/*\" regexp der") << QString("certificates/*") << int(QRegExp::RegExp) << false << 0; + QTest::newRow("\"certificates/*\" wildcard pem") << QString("certificates/*") << int(QRegExp::Wildcard) << true << 4; + QTest::newRow("\"certificates/*\" wildcard der") << QString("certificates/*") << int(QRegExp::Wildcard) << false << 0; + QTest::newRow("\"c*/c*.pem\" fixed pem") << QString("c*/c*.pem") << int(QRegExp::FixedString) << true << 0; + QTest::newRow("\"c*/c*.pem\" fixed der") << QString("c*/c*.pem") << int(QRegExp::FixedString) << false << 0; + QTest::newRow("\"c*/c*.pem\" regexp pem") << QString("c*/c*.pem") << int(QRegExp::RegExp) << true << 0; + QTest::newRow("\"c*/c*.pem\" regexp der") << QString("c*/c*.pem") << int(QRegExp::RegExp) << false << 0; + QTest::newRow("\"c*/c*.pem\" wildcard pem") << QString("c*/c*.pem") << int(QRegExp::Wildcard) << true << 4; + QTest::newRow("\"c*/c*.pem\" wildcard der") << QString("c*/c*.pem") << int(QRegExp::Wildcard) << false << 0; + QTest::newRow("\"d*/c*.pem\" fixed pem") << QString("d*/c*.pem") << int(QRegExp::FixedString) << true << 0; + QTest::newRow("\"d*/c*.pem\" fixed der") << QString("d*/c*.pem") << int(QRegExp::FixedString) << false << 0; + QTest::newRow("\"d*/c*.pem\" regexp pem") << QString("d*/c*.pem") << int(QRegExp::RegExp) << true << 0; + QTest::newRow("\"d*/c*.pem\" regexp der") << QString("d*/c*.pem") << int(QRegExp::RegExp) << false << 0; + QTest::newRow("\"d*/c*.pem\" wildcard pem") << QString("d*/c*.pem") << int(QRegExp::Wildcard) << true << 0; + QTest::newRow("\"d*/c*.pem\" wildcard der") << QString("d*/c*.pem") << int(QRegExp::Wildcard) << false << 0; + QTest::newRow("\"c.*/c.*.pem\" fixed pem") << QString("c.*/c.*.pem") << int(QRegExp::FixedString) << true << 0; + QTest::newRow("\"c.*/c.*.pem\" fixed der") << QString("c.*/c.*.pem") << int(QRegExp::FixedString) << false << 0; + QTest::newRow("\"c.*/c.*.pem\" regexp pem") << QString("c.*/c.*.pem") << int(QRegExp::RegExp) << true << 4; + QTest::newRow("\"c.*/c.*.pem\" regexp der") << QString("c.*/c.*.pem") << int(QRegExp::RegExp) << false << 0; + QTest::newRow("\"c.*/c.*.pem\" wildcard pem") << QString("c.*/c.*.pem") << int(QRegExp::Wildcard) << true << 0; + QTest::newRow("\"c.*/c.*.pem\" wildcard der") << QString("c.*/c.*.pem") << int(QRegExp::Wildcard) << false << 0; + QTest::newRow("\"d.*/c.*.pem\" fixed pem") << QString("d.*/c.*.pem") << int(QRegExp::FixedString) << true << 0; + QTest::newRow("\"d.*/c.*.pem\" fixed der") << QString("d.*/c.*.pem") << int(QRegExp::FixedString) << false << 0; + QTest::newRow("\"d.*/c.*.pem\" regexp pem") << QString("d.*/c.*.pem") << int(QRegExp::RegExp) << true << 0; + QTest::newRow("\"d.*/c.*.pem\" regexp der") << QString("d.*/c.*.pem") << int(QRegExp::RegExp) << false << 0; + QTest::newRow("\"d.*/c.*.pem\" wildcard pem") << QString("d.*/c.*.pem") << int(QRegExp::Wildcard) << true << 0; + QTest::newRow("\"d.*/c.*.pem\" wildcard der") << QString("d.*/c.*.pem") << int(QRegExp::Wildcard) << false << 0; + + QTest::newRow("trailing-whitespace") << QString("more-certificates/trailing-whitespace.pem") << int(QRegExp::FixedString) << true << 1; +} + +void tst_QSslCertificate::fromPath() +{ + QFETCH(QString, path); + QFETCH(int, syntax); + QFETCH(bool, pemencoding); + QFETCH(int, numCerts); + + QCOMPARE(QSslCertificate::fromPath(path, + pemencoding ? QSsl::Pem : QSsl::Der, + QRegExp::PatternSyntax(syntax)).size(), + numCerts); +} + +void tst_QSslCertificate::certInfo() +{ +// MD5 Fingerprint=B6:CF:57:34:DA:A9:73:21:82:F7:CF:4D:3D:85:31:88 +// SHA1 Fingerprint=B6:D1:51:82:E0:29:CA:59:96:38:BD:B6:F9:40:05:91:6D:49:09:60 +// Certificate: +// Data: +// Version: 1 (0x0) +// Serial Number: 17 (0x11) +// Signature Algorithm: sha1WithRSAEncryption +// Issuer: C=AU, ST=Queensland, O=CryptSoft Pty Ltd, CN=Test CA (1024 bit) +// Validity +// Not Before: Apr 17 07:40:26 2007 GMT +// Not After : May 17 07:40:26 2007 GMT +// Subject: CN=name/with/slashes, C=NO +// Subject Public Key Info: +// Public Key Algorithm: rsaEncryption +// RSA Public Key: (1024 bit) +// Modulus (1024 bit): +// 00:eb:9d:e9:03:ac:30:4f:a9:58:03:44:c7:18:26: +// 2f:48:93:d5:ac:a0:fb:e8:53:c4:7b:2a:01:89:e6: +// fc:5a:0c:c5:f5:21:f8:d7:4a:92:02:67:db:f1:9f: +// 36:9a:62:9d:f3:ce:48:8e:ba:ed:5a:a8:9d:4f:bb: +// 24:16:43:4c:b5:79:08:f6:d9:22:8f:5f:15:0a:43: +// 25:03:7a:9d:a7:af:e3:26:b1:53:55:5e:60:57:c8: +// ed:2f:1c:f3:36:0a:78:64:91:f9:17:a7:34:d7:8b: +// bd:f1:fc:d1:8c:4f:a5:96:75:b2:7b:fc:21:f0:c7: +// d9:5f:0c:57:18:b2:af:b9:4b +// Exponent: 65537 (0x10001) +// Signature Algorithm: sha1WithRSAEncryption +// 95:e6:94:e2:98:33:57:a2:98:fa:af:50:b9:76:a9:51:83:2c: +// 0b:61:a2:36:d0:e6:90:6d:e4:f8:c4:c7:50:ef:17:94:4e:21: +// a8:fa:c8:33:aa:d1:7f:bc:ca:41:d6:7d:e7:44:76:c0:bf:45: +// 4a:76:25:42:6d:53:76:fd:fc:74:29:1a:ea:2b:cc:06:ab:d1: +// b8:eb:7d:6b:11:f7:9b:41:bb:9f:31:cb:ed:4d:f3:68:26:ed: +// 13:1d:f2:56:59:fe:6f:7c:98:b6:25:69:4e:ea:b4:dc:c2:eb: +// b7:bb:50:18:05:ba:ad:af:08:49:fe:98:63:55:ba:e7:fb:95: +// 5d:91 + static const char pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIB8zCCAVwCAREwDQYJKoZIhvcNAQEFBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV\n" + "BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD\n" + "VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNMDcwNDE3MDc0MDI2WhcNMDcwNTE3\n" + "MDc0MDI2WjApMRowGAYDVQQDExFuYW1lL3dpdGgvc2xhc2hlczELMAkGA1UEBhMC\n" + "Tk8wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOud6QOsME+pWANExxgmL0iT\n" + "1ayg++hTxHsqAYnm/FoMxfUh+NdKkgJn2/GfNppinfPOSI667VqonU+7JBZDTLV5\n" + "CPbZIo9fFQpDJQN6naev4yaxU1VeYFfI7S8c8zYKeGSR+RenNNeLvfH80YxPpZZ1\n" + "snv8IfDH2V8MVxiyr7lLAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAleaU4pgzV6KY\n" + "+q9QuXapUYMsC2GiNtDmkG3k+MTHUO8XlE4hqPrIM6rRf7zKQdZ950R2wL9FSnYl\n" + "Qm1Tdv38dCka6ivMBqvRuOt9axH3m0G7nzHL7U3zaCbtEx3yVln+b3yYtiVpTuq0\n" + "3MLrt7tQGAW6ra8ISf6YY1W65/uVXZE=\n" + "-----END CERTIFICATE-----\n"; + static const char der[] = // hex encoded + "30:82:01:f3:30:82:01:5c:02:01:11:30:0d:06:09:2a" + "86:48:86:f7:0d:01:01:05:05:00:30:5b:31:0b:30:09" + "06:03:55:04:06:13:02:41:55:31:13:30:11:06:03:55" + "04:08:13:0a:51:75:65:65:6e:73:6c:61:6e:64:31:1a" + "30:18:06:03:55:04:0a:13:11:43:72:79:70:74:53:6f" + "66:74:20:50:74:79:20:4c:74:64:31:1b:30:19:06:03" + "55:04:03:13:12:54:65:73:74:20:43:41:20:28:31:30" + "32:34:20:62:69:74:29:30:1e:17:0d:30:37:30:34:31" + "37:30:37:34:30:32:36:5a:17:0d:30:37:30:35:31:37" + "30:37:34:30:32:36:5a:30:29:31:1a:30:18:06:03:55" + "04:03:13:11:6e:61:6d:65:2f:77:69:74:68:2f:73:6c" + "61:73:68:65:73:31:0b:30:09:06:03:55:04:06:13:02" + "4e:4f:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01" + "01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:eb" + "9d:e9:03:ac:30:4f:a9:58:03:44:c7:18:26:2f:48:93" + "d5:ac:a0:fb:e8:53:c4:7b:2a:01:89:e6:fc:5a:0c:c5" + "f5:21:f8:d7:4a:92:02:67:db:f1:9f:36:9a:62:9d:f3" + "ce:48:8e:ba:ed:5a:a8:9d:4f:bb:24:16:43:4c:b5:79" + "08:f6:d9:22:8f:5f:15:0a:43:25:03:7a:9d:a7:af:e3" + "26:b1:53:55:5e:60:57:c8:ed:2f:1c:f3:36:0a:78:64" + "91:f9:17:a7:34:d7:8b:bd:f1:fc:d1:8c:4f:a5:96:75" + "b2:7b:fc:21:f0:c7:d9:5f:0c:57:18:b2:af:b9:4b:02" + "03:01:00:01:30:0d:06:09:2a:86:48:86:f7:0d:01:01" + "05:05:00:03:81:81:00:95:e6:94:e2:98:33:57:a2:98" + "fa:af:50:b9:76:a9:51:83:2c:0b:61:a2:36:d0:e6:90" + "6d:e4:f8:c4:c7:50:ef:17:94:4e:21:a8:fa:c8:33:aa" + "d1:7f:bc:ca:41:d6:7d:e7:44:76:c0:bf:45:4a:76:25" + "42:6d:53:76:fd:fc:74:29:1a:ea:2b:cc:06:ab:d1:b8" + "eb:7d:6b:11:f7:9b:41:bb:9f:31:cb:ed:4d:f3:68:26" + "ed:13:1d:f2:56:59:fe:6f:7c:98:b6:25:69:4e:ea:b4" + "dc:c2:eb:b7:bb:50:18:05:ba:ad:af:08:49:fe:98:63" + "55:ba:e7:fb:95:5d:91"; + + QSslCertificate cert = QSslCertificate::fromPath("certificates/cert.pem", QSsl::Pem, + QRegExp::FixedString).first(); + QVERIFY(!cert.isNull()); + + QCOMPARE(cert.issuerInfo(QSslCertificate::Organization), QString("CryptSoft Pty Ltd")); + QCOMPARE(cert.issuerInfo(QSslCertificate::CommonName), QString("Test CA (1024 bit)")); + QCOMPARE(cert.issuerInfo(QSslCertificate::LocalityName), QString()); + QCOMPARE(cert.issuerInfo(QSslCertificate::OrganizationalUnitName), QString()); + QCOMPARE(cert.issuerInfo(QSslCertificate::CountryName), QString("AU")); + QCOMPARE(cert.issuerInfo(QSslCertificate::StateOrProvinceName), QString("Queensland")); + + QCOMPARE(cert.issuerInfo("O"), QString("CryptSoft Pty Ltd")); + QCOMPARE(cert.issuerInfo("CN"), QString("Test CA (1024 bit)")); + QCOMPARE(cert.issuerInfo("L"), QString()); + QCOMPARE(cert.issuerInfo("OU"), QString()); + QCOMPARE(cert.issuerInfo("C"), QString("AU")); + QCOMPARE(cert.issuerInfo("ST"), QString("Queensland")); + + QCOMPARE(cert.subjectInfo(QSslCertificate::Organization), QString()); + QCOMPARE(cert.subjectInfo(QSslCertificate::CommonName), QString("name/with/slashes")); + QCOMPARE(cert.subjectInfo(QSslCertificate::LocalityName), QString()); + QCOMPARE(cert.subjectInfo(QSslCertificate::OrganizationalUnitName), QString()); + QCOMPARE(cert.subjectInfo(QSslCertificate::CountryName), QString("NO")); + QCOMPARE(cert.subjectInfo(QSslCertificate::StateOrProvinceName), QString()); + + QCOMPARE(cert.subjectInfo("O"), QString()); + QCOMPARE(cert.subjectInfo("CN"), QString("name/with/slashes")); + QCOMPARE(cert.subjectInfo("L"), QString()); + QCOMPARE(cert.subjectInfo("OU"), QString()); + QCOMPARE(cert.subjectInfo("C"), QString("NO")); + QCOMPARE(cert.subjectInfo("ST"), QString()); + + QCOMPARE(cert.version(), QByteArray()); + QCOMPARE(cert.toPem().constData(), (const char*)pem); + QCOMPARE(cert.toDer(), QByteArray::fromHex(der)); + + QCOMPARE(cert.digest(QCryptographicHash::Md5), + QByteArray::fromHex("B6:CF:57:34:DA:A9:73:21:82:F7:CF:4D:3D:85:31:88")); + QCOMPARE(cert.digest(QCryptographicHash::Sha1), + QByteArray::fromHex("B6:D1:51:82:E0:29:CA:59:96:38:BD:B6:F9:40:05:91:6D:49:09:60")); + + QCOMPARE(cert.effectiveDate().toUTC(), QDateTime(QDate(2007, 4, 17), QTime(7,40,26), Qt::UTC)); + QCOMPARE(cert.expiryDate().toUTC(), QDateTime(QDate(2007, 5, 17), QTime(7,40,26), Qt::UTC)); + QVERIFY(!cert.isValid()); // cert has expired + + QSslCertificate copy = cert; + QVERIFY(cert == copy); + QVERIFY(!(cert != copy)); + + QCOMPARE(cert, QSslCertificate(pem, QSsl::Pem)); + QCOMPARE(cert, QSslCertificate(QByteArray::fromHex(der), QSsl::Der)); +} + +#endif // QT_NO_OPENSSL + +QTEST_MAIN(tst_QSslCertificate) +#include "tst_qsslcertificate.moc" |