From 0e9b8257e542bb3b6958e90917bad0d1691598e2 Mon Sep 17 00:00:00 2001
From: Peter Hartmann <peter.hartmann@nokia.com>
Date: Tue, 1 Jun 2010 16:50:55 +0200
Subject: QSslCertificate: support large serial numbers

We were calling an OpenSSL function that returned a long for the serial
number; sometimes serial numbers are too big to fit into a long (up to
20 octets). In that case, do not convert the serial number to decimal,
but just output the hexadecimal value.

Reviewed-by: Zeno Albisser
Task-number: QTBUG-9973
(cherry picked from commit 0f16c7ce8dcd6f4905d14875088c55148e41366a)
---
 src/network/ssl/qsslcertificate.cpp                | 23 ++++++++++++++++++----
 .../more-certificates/cert-large-serial-number.pem | 14 +++++++++++++
 tests/auto/qsslcertificate/tst_qsslcertificate.cpp | 13 ++++++++++++
 3 files changed, 46 insertions(+), 4 deletions(-)
 create mode 100644 tests/auto/qsslcertificate/more-certificates/cert-large-serial-number.pem

diff --git a/src/network/ssl/qsslcertificate.cpp b/src/network/ssl/qsslcertificate.cpp
index c811eae..9e321c9 100644
--- a/src/network/ssl/qsslcertificate.cpp
+++ b/src/network/ssl/qsslcertificate.cpp
@@ -259,13 +259,28 @@ QByteArray QSslCertificate::version() const
 
 /*!
     Returns the certificate's serial number string in decimal format.
+    In case the serial number cannot be converted to decimal format
+    (i.e. if it is bigger than 4294967295, which means it does not fit into 4 bytes),
+    its hexadecimal version is returned.
 */
 QByteArray QSslCertificate::serialNumber() const
 {
-    if (d->serialNumberString.isEmpty() && d->x509)
-        d->serialNumberString =
-            QByteArray::number(qlonglong(q_ASN1_INTEGER_get(d->x509->cert_info->serialNumber)));
-
+    if (d->serialNumberString.isEmpty() && d->x509) {
+        ASN1_INTEGER *serialNumber = d->x509->cert_info->serialNumber;
+        // if we cannot convert to a long, just output the hexadecimal number
+        if (serialNumber->length > 4) {
+            QByteArray hexString;
+            hexString.reserve(serialNumber->length * 3);
+            for (int a = 0; a < serialNumber->length; ++a) {
+                hexString += QByteArray::number(serialNumber->data[a], 16).rightJustified(2, '0');
+                hexString += ':';
+            }
+            hexString.chop(1);
+            d->serialNumberString = hexString;
+        } else {
+            d->serialNumberString = QByteArray::number(qlonglong(q_ASN1_INTEGER_get(serialNumber)));
+        }
+    }
     return d->serialNumberString;
 }
 
diff --git a/tests/auto/qsslcertificate/more-certificates/cert-large-serial-number.pem b/tests/auto/qsslcertificate/more-certificates/cert-large-serial-number.pem
new file mode 100644
index 0000000..ecb6c35
--- /dev/null
+++ b/tests/auto/qsslcertificate/more-certificates/cert-large-serial-number.pem
@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICGjCCAYMCFAECAwQFBgcICRCqu8zd7v8XGBkgMA0GCSqGSIb3DQEBBQUAMEwx
+CzAJBgNVBAYTAkdCMRIwEAYDVQQIEwlCZXJrc2hpcmUxEDAOBgNVBAcTB05ld2J1
+cnkxFzAVBgNVBAoTDk15IENvbXBhbnkgTHRkMB4XDTEwMDYwMTE1MDI0MVoXDTEx
+MDYwMTE1MDI0MVowTDELMAkGA1UEBhMCR0IxEjAQBgNVBAgTCUJlcmtzaGlyZTEQ
+MA4GA1UEBxMHTmV3YnVyeTEXMBUGA1UEChMOTXkgQ29tcGFueSBMdGQwgZ8wDQYJ
+KoZIhvcNAQEBBQADgY0AMIGJAoGBAM2q22/WNMmn8cC+5EEYGeICySLmp9W6Ay6e
+KHr0Xxp3X3epETuPfvAuxp7rOtkS18EMUegkUj8jw0IMEcbyHKFC/rTCaYOt93Cx
+GBXMIChiMPAsFeYzGa/D6xzAkfcRaJRQ+Ek3CDLXPnXfo7xpABXezYcPXAJrgsgB
+fWrwHdxzAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAtlScqSn4IHFLRiQYQdfOgsPi
+wdqD1MPZEniQE0Xp8McZ7kuYbGgdEqzeVgMHqitlzkNNtTz+2u37CbFNXDGCTy5D
+2JCgZxaAWNkh1w+4VB91HfMwEU0MqvAO7SB31FwbKNaB3gVnua++NL1cAkujyRny
+yR3PatYZCfESQ7oZgds=
+-----END CERTIFICATE-----
diff --git a/tests/auto/qsslcertificate/tst_qsslcertificate.cpp b/tests/auto/qsslcertificate/tst_qsslcertificate.cpp
index aaffff3..d25bb0b 100644
--- a/tests/auto/qsslcertificate/tst_qsslcertificate.cpp
+++ b/tests/auto/qsslcertificate/tst_qsslcertificate.cpp
@@ -109,6 +109,7 @@ private slots:
     void task256066toPem();
     void nulInCN();
     void nulInSan();
+    void largeSerialNumber();
 // ### add tests for certificate bundles (multiple certificates concatenated into a single
 //     structure); both PEM and DER formatted
 #endif
@@ -786,6 +787,18 @@ void tst_QSslCertificate::nulInSan()
     QCOMPARE(dnssan, QString::fromLatin1(realSAN, sizeof realSAN - 1));
 }
 
+void tst_QSslCertificate::largeSerialNumber()
+{
+    QList<QSslCertificate> certList =
+        QSslCertificate::fromPath(SRCDIR "more-certificates/cert-large-serial-number.pem");
+
+    QCOMPARE(certList.size(), 1);
+
+    const QSslCertificate &cert = certList.at(0);
+    QVERIFY(!cert.isNull());
+    QCOMPARE(cert.serialNumber(), QByteArray("01:02:03:04:05:06:07:08:09:10:aa:bb:cc:dd:ee:ff:17:18:19:20"));
+}
+
 #endif // QT_NO_OPENSSL
 
 QTEST_MAIN(tst_QSslCertificate)
-- 
cgit v0.12