1/**
2 * Copyright (C) 2004-2006 Brad Hards <bradh@frogmouth.net>
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 */
25
26#include <QtCrypto>
27#include <QtTest/QtTest>
28
29#ifdef QT_STATICPLUGIN
30#include "import_plugins.h"
31#endif
32
33class CertUnitTest : public QObject
34{
35 Q_OBJECT
36
37private Q_SLOTS:
38 void initTestCase();
39 void checkSystemStore();
40 void nullCert();
41 void noSuchFile();
42 void CAcertstest();
43 void derCAcertstest();
44 void qualitysslcatest();
45 void checkExpiredClientCerts();
46 void checkClientCerts();
47 void altName();
48 void extXMPP();
49 void checkExpiredServerCerts();
50 void checkServerCerts();
51 void altNames76();
52 void sha256cert();
53 void crl();
54 void crl2();
55 void csr();
56 void csr2();
57 void cleanupTestCase();
58
59private:
60 QCA::Initializer *m_init;
61};
62
63void CertUnitTest::initTestCase()
64{
65 m_init = new QCA::Initializer;
66}
67
68void CertUnitTest::cleanupTestCase()
69{
70 delete m_init;
71}
72
73void CertUnitTest::nullCert()
74{
75 QStringList providersToTest;
76 providersToTest.append(QStringLiteral("qca-ossl"));
77 // providersToTest.append("qca-botan");
78
79 foreach (const QString provider, providersToTest) {
80 if (!QCA::isSupported(features: "cert", provider))
81 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
82 else {
83 QCA::Certificate nullCert;
84 QVERIFY(nullCert.isNull());
85 // This is copied on purpose to check the assignment operator
86 QCA::Certificate anotherNullCert = nullCert; // NOLINT(performance-unnecessary-copy-initialization)
87 QVERIFY(anotherNullCert.isNull());
88 QCOMPARE(nullCert, anotherNullCert);
89 }
90 }
91}
92
93void CertUnitTest::noSuchFile()
94{
95 QStringList providersToTest;
96 providersToTest.append(QStringLiteral("qca-ossl"));
97 // providersToTest.append("qca-botan");
98
99 foreach (const QString provider, providersToTest) {
100 if (!QCA::isSupported(features: "cert", provider))
101 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
102 else {
103 QCA::ConvertResult resultNoFile;
104 QCA::Certificate cert = QCA::Certificate::fromPEMFile(
105 QStringLiteral("thisIsJustaFileNameThatWeDontHave"), result: &resultNoFile, provider);
106 QCOMPARE(resultNoFile, QCA::ErrorFile);
107 QVERIFY(cert.isNull());
108 }
109 }
110}
111
112void CertUnitTest::CAcertstest()
113{
114 QStringList providersToTest;
115 providersToTest.append(QStringLiteral("qca-ossl"));
116 // providersToTest.append("qca-botan");
117
118 foreach (const QString provider, providersToTest) {
119 if (!QCA::isSupported(features: "cert", provider))
120 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
121 else {
122 QCA::ConvertResult resultca1;
123 QCA::Certificate ca1 =
124 QCA::Certificate::fromPEMFile(QStringLiteral("certs/RootCAcert.pem"), result: &resultca1, provider);
125
126 QCOMPARE(resultca1, QCA::ConvertGood);
127 QCOMPARE(ca1.isNull(), false);
128 QCOMPARE(ca1.pathLimit(), 0);
129 QCOMPARE(ca1.isCA(), true);
130 QCOMPARE(ca1.isSelfSigned(), true);
131
132 QCOMPARE(ca1.serialNumber(), QCA::BigInteger(0));
133
134 QCOMPARE(ca1.commonName(), QStringLiteral("For Tests Only"));
135
136 QCOMPARE(ca1.notValidBefore().toString(),
137 QDateTime(QDate(2001, 8, 17), QTime(8, 30, 39), Qt::UTC).toString());
138 QCOMPARE(ca1.notValidAfter().toString(),
139 QDateTime(QDate(2011, 8, 15), QTime(8, 30, 39), Qt::UTC).toString());
140
141 QCOMPARE(ca1.constraints().contains(QCA::DigitalSignature) == true, true);
142 QCOMPARE(ca1.constraints().contains(QCA::NonRepudiation) == true, true);
143 QCOMPARE(ca1.constraints().contains(QCA::KeyEncipherment) == true, true);
144 QCOMPARE(ca1.constraints().contains(QCA::DataEncipherment) == true, false);
145 QCOMPARE(ca1.constraints().contains(QCA::KeyAgreement) == true, false);
146 QCOMPARE(ca1.constraints().contains(QCA::KeyCertificateSign) == true, true);
147 QCOMPARE(ca1.constraints().contains(QCA::CRLSign) == true, true);
148 QCOMPARE(ca1.constraints().contains(QCA::EncipherOnly) == true, false);
149 QCOMPARE(ca1.constraints().contains(QCA::DecipherOnly) == true, false);
150 QCOMPARE(ca1.constraints().contains(QCA::ServerAuth) == true, false);
151 QCOMPARE(ca1.constraints().contains(QCA::ClientAuth) == true, false);
152 QCOMPARE(ca1.constraints().contains(QCA::CodeSigning) == true, false);
153 QCOMPARE(ca1.constraints().contains(QCA::EmailProtection) == true, false);
154 QCOMPARE(ca1.constraints().contains(QCA::IPSecEndSystem) == true, false);
155 QCOMPARE(ca1.constraints().contains(QCA::IPSecTunnel) == true, false);
156 QCOMPARE(ca1.constraints().contains(QCA::IPSecUser) == true, false);
157 QCOMPARE(ca1.constraints().contains(QCA::TimeStamping) == true, false);
158 QCOMPARE(ca1.constraints().contains(QCA::OCSPSigning) == true, false);
159
160 // no policies on this cert
161 QCOMPARE(ca1.policies().count(), 0);
162 }
163 }
164}
165
166void CertUnitTest::qualitysslcatest()
167{
168 QStringList providersToTest;
169 providersToTest.append(QStringLiteral("qca-ossl"));
170 // providersToTest.append("qca-botan");
171
172 foreach (const QString provider, providersToTest) {
173 if (!QCA::isSupported(features: "cert", provider))
174 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
175 else {
176 QCA::ConvertResult resultca1;
177 QCA::Certificate ca1 = QCA::Certificate::fromPEMFile(
178 QStringLiteral("certs/QualitySSLIntermediateCA.crt"), result: &resultca1, provider);
179
180 QCOMPARE(resultca1, QCA::ConvertGood);
181 QCOMPARE(ca1.isNull(), false);
182 QCOMPARE(ca1.isCA(), true);
183 QCOMPARE(ca1.isSelfSigned(), false);
184
185 QCOMPARE(ca1.signatureAlgorithm(), QCA::EMSA3_SHA1);
186
187 QCOMPARE(ca1.serialNumber(), QCA::BigInteger("33555098"));
188
189 QCOMPARE(ca1.commonName(), QStringLiteral("Comodo Class 3 Security Services CA"));
190
191 QCOMPARE(ca1.notValidBefore().toString(),
192 QDateTime(QDate(2002, 8, 27), QTime(19, 02, 00), Qt::UTC).toString());
193 QCOMPARE(ca1.notValidAfter().toString(),
194 QDateTime(QDate(2012, 8, 27), QTime(23, 59, 00), Qt::UTC).toString());
195
196 QCOMPARE(ca1.pathLimit(), 0);
197
198 QCOMPARE(ca1.constraints().contains(QCA::DigitalSignature) == true, true);
199 QCOMPARE(ca1.constraints().contains(QCA::NonRepudiation) == true, true);
200 QCOMPARE(ca1.constraints().contains(QCA::KeyEncipherment) == true, true);
201 QCOMPARE(ca1.constraints().contains(QCA::DataEncipherment) == true, false);
202 QCOMPARE(ca1.constraints().contains(QCA::KeyAgreement) == true, false);
203 QCOMPARE(ca1.constraints().contains(QCA::KeyCertificateSign) == true, true);
204 QCOMPARE(ca1.constraints().contains(QCA::CRLSign) == true, true);
205 QCOMPARE(ca1.constraints().contains(QCA::EncipherOnly) == true, false);
206 QCOMPARE(ca1.constraints().contains(QCA::DecipherOnly) == true, false);
207 QCOMPARE(ca1.constraints().contains(QCA::ServerAuth) == true, false);
208 QCOMPARE(ca1.constraints().contains(QCA::ClientAuth) == true, false);
209 QCOMPARE(ca1.constraints().contains(QCA::CodeSigning) == true, false);
210 QCOMPARE(ca1.constraints().contains(QCA::EmailProtection) == true, false);
211 QCOMPARE(ca1.constraints().contains(QCA::IPSecEndSystem) == true, false);
212 QCOMPARE(ca1.constraints().contains(QCA::IPSecTunnel) == true, false);
213 QCOMPARE(ca1.constraints().contains(QCA::IPSecUser) == true, false);
214 QCOMPARE(ca1.constraints().contains(QCA::TimeStamping) == true, false);
215 QCOMPARE(ca1.constraints().contains(QCA::OCSPSigning) == true, false);
216 }
217 }
218}
219
220void CertUnitTest::checkExpiredClientCerts()
221{
222 QStringList providersToTest;
223 providersToTest.append(QStringLiteral("qca-ossl"));
224 // providersToTest.append("qca-botan");
225
226 foreach (const QString provider, providersToTest) {
227 if (!QCA::isSupported(features: "cert", provider))
228 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
229 else {
230 QCA::ConvertResult resultClient1;
231 QCA::Certificate client1 =
232 QCA::Certificate::fromPEMFile(QStringLiteral("certs/User.pem"), result: &resultClient1, provider);
233 QCOMPARE(resultClient1, QCA::ConvertGood);
234 QCOMPARE(client1.isNull(), false);
235 QCOMPARE(client1.isCA(), false);
236 QCOMPARE(client1.isSelfSigned(), false);
237
238 QCOMPARE(client1.serialNumber(), QCA::BigInteger(2));
239
240 QCOMPARE(client1.commonName(), QStringLiteral("Insecure User Test Cert"));
241
242 QCOMPARE(client1.notValidBefore().toString(),
243 QDateTime(QDate(2001, 8, 17), QTime(8, 32, 38), Qt::UTC).toString());
244 QCOMPARE(client1.notValidAfter().toString(),
245 QDateTime(QDate(2006, 8, 16), QTime(8, 32, 38), Qt::UTC).toString());
246
247 QCOMPARE(client1.constraints().contains(QCA::DigitalSignature) == true, true);
248 QCOMPARE(client1.constraints().contains(QCA::NonRepudiation) == true, true);
249 QCOMPARE(client1.constraints().contains(QCA::KeyEncipherment) == true, true);
250 QCOMPARE(client1.constraints().contains(QCA::DataEncipherment) == true, true);
251 QCOMPARE(client1.constraints().contains(QCA::KeyAgreement) == true, false);
252 QCOMPARE(client1.constraints().contains(QCA::KeyCertificateSign) == true, false);
253 QCOMPARE(client1.constraints().contains(QCA::CRLSign) == true, false);
254 QCOMPARE(client1.constraints().contains(QCA::EncipherOnly) == true, false);
255 QCOMPARE(client1.constraints().contains(QCA::DecipherOnly) == true, false);
256 QCOMPARE(client1.constraints().contains(QCA::ServerAuth) == true, false);
257 QCOMPARE(client1.constraints().contains(QCA::ClientAuth) == true, true);
258 QCOMPARE(client1.constraints().contains(QCA::CodeSigning) == true, false);
259 QCOMPARE(client1.constraints().contains(QCA::EmailProtection) == true, true);
260 QCOMPARE(client1.constraints().contains(QCA::IPSecEndSystem) == true, false);
261 QCOMPARE(client1.constraints().contains(QCA::IPSecTunnel) == true, false);
262 QCOMPARE(client1.constraints().contains(QCA::IPSecUser) == true, false);
263 QCOMPARE(client1.constraints().contains(QCA::TimeStamping) == true, false);
264 QCOMPARE(client1.constraints().contains(QCA::OCSPSigning) == true, false);
265
266 // no policies on this cert
267 QCOMPARE(client1.policies().count(), 0);
268
269 QCA::CertificateInfo subject1 = client1.subjectInfo();
270 QCOMPARE(subject1.isEmpty(), false);
271 QCOMPARE(subject1.contains(QCA::Country, QStringLiteral("de")) == true, true);
272 QCOMPARE(subject1.contains(QCA::Organization, QStringLiteral("InsecureTestCertificate")) == true, true);
273 QCOMPARE(subject1.contains(QCA::CommonName, QStringLiteral("Insecure User Test Cert")) == true, true);
274
275 QCA::CertificateInfo issuer1 = client1.issuerInfo();
276 QCOMPARE(issuer1.isEmpty(), false);
277 QCOMPARE(issuer1.contains(QCA::Country, QStringLiteral("de")) == true, true);
278 QCOMPARE(issuer1.contains(QCA::Organization, QStringLiteral("InsecureTestCertificate")) == true, true);
279 QCOMPARE(issuer1.contains(QCA::CommonName, QStringLiteral("For Tests Only")) == true, true);
280
281 QByteArray subjectKeyID =
282 QCA::Hex().stringToArray(QStringLiteral("889E7EF729719D7B280F361AAE6D00D39DE1AADB")).toByteArray();
283 QCOMPARE(client1.subjectKeyId(), subjectKeyID);
284 QCOMPARE(QCA::Hex().arrayToString(client1.issuerKeyId()),
285 QStringLiteral("bf53438278d09ec380e51b67ca0500dfb94883a5"));
286
287 QCA::PublicKey pubkey1 = client1.subjectPublicKey();
288 QCOMPARE(pubkey1.isNull(), false);
289 QCOMPARE(pubkey1.isRSA(), true);
290 QCOMPARE(pubkey1.isDSA(), false);
291 QCOMPARE(pubkey1.isDH(), false);
292 QCOMPARE(pubkey1.isPublic(), true);
293 QCOMPARE(pubkey1.isPrivate(), false);
294 QCOMPARE(pubkey1.bitSize(), 1024);
295
296 QCOMPARE(client1.pathLimit(), 0);
297
298 QCOMPARE(client1.signatureAlgorithm(), QCA::EMSA3_MD5);
299
300 QCA::CertificateCollection trusted;
301 QCA::CertificateCollection untrusted;
302 QCOMPARE(client1.validate(trusted, untrusted), QCA::ErrorInvalidCA);
303
304 QCA::ConvertResult resultca1;
305 QCA::Certificate ca1 =
306 QCA::Certificate::fromPEMFile(QStringLiteral("certs/RootCAcert.pem"), result: &resultca1, provider);
307 QCOMPARE(resultca1, QCA::ConvertGood);
308 trusted.addCertificate(cert: ca1);
309
310 QCOMPARE(client1.validate(trusted, untrusted), QCA::ErrorExpired);
311 QCOMPARE(client1.validate(trusted, untrusted, QCA::UsageAny), QCA::ErrorExpired);
312 QCOMPARE(client1.validate(trusted, untrusted, QCA::UsageTLSServer), QCA::ErrorExpired);
313 QCOMPARE(client1.validate(trusted, untrusted, QCA::UsageTLSClient), QCA::ErrorExpired);
314 QCOMPARE(client1.validate(trusted, untrusted, QCA::UsageCodeSigning), QCA::ErrorExpired);
315 QCOMPARE(client1.validate(trusted, untrusted, QCA::UsageTimeStamping), QCA::ErrorExpired);
316 QCOMPARE(client1.validate(trusted, untrusted, QCA::UsageEmailProtection), QCA::ErrorExpired);
317 QCOMPARE(client1.validate(trusted, untrusted, QCA::UsageCRLSigning), QCA::ErrorExpired);
318 QByteArray derClient1 = client1.toDER();
319 QCOMPARE(derClient1.isEmpty(), false);
320 QCA::Certificate fromDer1 = QCA::Certificate::fromDER(a: derClient1, result: &resultClient1, provider);
321 QCOMPARE(resultClient1, QCA::ConvertGood);
322 QVERIFY(fromDer1 == client1);
323
324 QString pemClient1 = client1.toPEM();
325 QCOMPARE(pemClient1.isEmpty(), false);
326 QCA::Certificate fromPem1 = QCA::Certificate::fromPEM(s: pemClient1, result: &resultClient1, provider);
327 QCOMPARE(resultClient1, QCA::ConvertGood);
328 QVERIFY(fromPem1 == client1);
329 QCOMPARE(fromPem1 != fromDer1, false);
330 }
331 }
332}
333
334void CertUnitTest::checkClientCerts()
335{
336 QStringList providersToTest;
337 providersToTest.append(QStringLiteral("qca-ossl"));
338 // providersToTest.append("qca-botan");
339
340 foreach (const QString provider, providersToTest) {
341 if (!QCA::isSupported(features: "cert", provider))
342 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
343 else {
344 QCA::ConvertResult resultClient2;
345 QCA::Certificate client2 =
346 QCA::Certificate::fromPEMFile(QStringLiteral("certs/QcaTestClientCert.pem"), result: &resultClient2, provider);
347 QCOMPARE(resultClient2, QCA::ConvertGood);
348 QCOMPARE(client2.isNull(), false);
349 QCOMPARE(client2.isCA(), false);
350 QCOMPARE(client2.isSelfSigned(), false);
351
352 QCOMPARE(client2.serialNumber(), QCA::BigInteger("13149359243510447488"));
353
354 QCOMPARE(client2.commonName(), QStringLiteral("Qca Test Client Certificate"));
355
356 QCOMPARE(client2.notValidBefore().toString(),
357 QDateTime(QDate(2013, 7, 31), QTime(15, 14, 28), Qt::UTC).toString());
358 QCOMPARE(client2.notValidAfter().toString(),
359 QDateTime(QDate(2033, 7, 26), QTime(15, 14, 28), Qt::UTC).toString());
360
361 QCOMPARE(client2.constraints().contains(QCA::DigitalSignature) == true, true);
362 QCOMPARE(client2.constraints().contains(QCA::NonRepudiation) == true, true);
363 QCOMPARE(client2.constraints().contains(QCA::KeyEncipherment) == true, true);
364 QCOMPARE(client2.constraints().contains(QCA::DataEncipherment) == true, true);
365 QCOMPARE(client2.constraints().contains(QCA::KeyAgreement) == true, false);
366 QCOMPARE(client2.constraints().contains(QCA::KeyCertificateSign) == true, false);
367 QCOMPARE(client2.constraints().contains(QCA::CRLSign) == true, false);
368 QCOMPARE(client2.constraints().contains(QCA::EncipherOnly) == true, false);
369 QCOMPARE(client2.constraints().contains(QCA::DecipherOnly) == true, false);
370 QCOMPARE(client2.constraints().contains(QCA::ServerAuth) == true, false);
371 QCOMPARE(client2.constraints().contains(QCA::ClientAuth) == true, true);
372 QCOMPARE(client2.constraints().contains(QCA::CodeSigning) == true, false);
373 QCOMPARE(client2.constraints().contains(QCA::EmailProtection) == true, true);
374 QCOMPARE(client2.constraints().contains(QCA::IPSecEndSystem) == true, false);
375 QCOMPARE(client2.constraints().contains(QCA::IPSecTunnel) == true, false);
376 QCOMPARE(client2.constraints().contains(QCA::IPSecUser) == true, false);
377 QCOMPARE(client2.constraints().contains(QCA::TimeStamping) == true, false);
378 QCOMPARE(client2.constraints().contains(QCA::OCSPSigning) == true, false);
379
380 // no policies on this cert
381 QCOMPARE(client2.policies().count(), 0);
382
383 QCA::CertificateInfo subject2 = client2.subjectInfo();
384 QCOMPARE(subject2.isEmpty(), false);
385 QVERIFY(subject2.contains(QCA::Country, QStringLiteral("US")));
386 QVERIFY(subject2.contains(QCA::Organization, QStringLiteral("Qca Development and Test")));
387 QVERIFY(subject2.contains(QCA::OrganizationalUnit, QStringLiteral("Certificate Generation Section")));
388 QVERIFY(subject2.contains(QCA::CommonName, QStringLiteral("Qca Test Client Certificate")));
389
390 QCA::CertificateInfo issuer2 = client2.issuerInfo();
391 QCOMPARE(issuer2.isEmpty(), false);
392 QVERIFY(issuer2.contains(QCA::Country, QStringLiteral("AU")));
393 QVERIFY(issuer2.contains(QCA::Organization, QStringLiteral("Qca Development and Test")));
394 QVERIFY(issuer2.contains(QCA::CommonName, QStringLiteral("Qca Test Root Certificate")));
395
396 QByteArray subjectKeyID =
397 QCA::Hex().stringToArray(QStringLiteral("1e604e03127d287ba40427a961b428a2d09b50d1")).toByteArray();
398 QCOMPARE(client2.subjectKeyId(), subjectKeyID);
399 QCOMPARE(QCA::Hex().arrayToString(client2.issuerKeyId()),
400 QStringLiteral("f61c451de1b0458138c60568c1a7cb0f7ade0363"));
401
402 QCA::PublicKey pubkey2 = client2.subjectPublicKey();
403 QCOMPARE(pubkey2.isNull(), false);
404 QCOMPARE(pubkey2.isRSA(), true);
405 QCOMPARE(pubkey2.isDSA(), false);
406 QCOMPARE(pubkey2.isDH(), false);
407 QCOMPARE(pubkey2.isPublic(), true);
408 QCOMPARE(pubkey2.isPrivate(), false);
409 QCOMPARE(pubkey2.bitSize(), 1024);
410
411 QCOMPARE(client2.pathLimit(), 0);
412
413 QCOMPARE(client2.signatureAlgorithm(), QCA::EMSA3_SHA1);
414
415 QCA::CertificateCollection trusted;
416 QCA::CertificateCollection untrusted;
417 QCOMPARE(client2.validate(trusted, untrusted), QCA::ErrorInvalidCA);
418
419 QCA::ConvertResult resultca2;
420 QCA::Certificate ca2 =
421 QCA::Certificate::fromPEMFile(QStringLiteral("certs/QcaTestRootCert.pem"), result: &resultca2, provider);
422 QCOMPARE(resultca2, QCA::ConvertGood);
423 trusted.addCertificate(cert: ca2);
424
425 QCOMPARE(client2.validate(trusted, untrusted), QCA::ValidityGood);
426 QCOMPARE(client2.validate(trusted, untrusted, QCA::UsageAny), QCA::ValidityGood);
427 QCOMPARE(client2.validate(trusted, untrusted, QCA::UsageTLSServer), QCA::ErrorInvalidPurpose);
428 QCOMPARE(client2.validate(trusted, untrusted, QCA::UsageTLSClient), QCA::ValidityGood);
429 QCOMPARE(client2.validate(trusted, untrusted, QCA::UsageCodeSigning), QCA::ErrorInvalidPurpose);
430 QCOMPARE(client2.validate(trusted, untrusted, QCA::UsageTimeStamping), QCA::ErrorInvalidPurpose);
431 QCOMPARE(client2.validate(trusted, untrusted, QCA::UsageEmailProtection), QCA::ValidityGood);
432 QCOMPARE(client2.validate(trusted, untrusted, QCA::UsageCRLSigning), QCA::ErrorInvalidPurpose);
433 QByteArray derClient2 = client2.toDER();
434 QCOMPARE(derClient2.isEmpty(), false);
435 QCA::Certificate fromDer2 = QCA::Certificate::fromDER(a: derClient2, result: &resultClient2, provider);
436 QCOMPARE(resultClient2, QCA::ConvertGood);
437 QVERIFY(fromDer2 == client2);
438
439 QString pemClient2 = client2.toPEM();
440 QCOMPARE(pemClient2.isEmpty(), false);
441 QCA::Certificate fromPem2 = QCA::Certificate::fromPEM(s: pemClient2, result: &resultClient2, provider);
442 QCOMPARE(resultClient2, QCA::ConvertGood);
443 QVERIFY(fromPem2 == client2);
444 QCOMPARE(fromPem2 != fromDer2, false);
445 }
446 }
447}
448
449void CertUnitTest::derCAcertstest()
450{
451 QStringList providersToTest;
452 providersToTest.append(QStringLiteral("qca-ossl"));
453
454 foreach (const QString provider, providersToTest) {
455 if (!QCA::isSupported(features: "cert", provider))
456 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
457 else {
458 QFile f(QStringLiteral("certs/ov-root-ca-cert.crt"));
459 QVERIFY(f.open(QFile::ReadOnly));
460 QByteArray der = f.readAll();
461 QCA::ConvertResult resultca1;
462 QCA::Certificate ca1 = QCA::Certificate::fromDER(a: der, result: &resultca1, provider);
463
464 QCOMPARE(resultca1, QCA::ConvertGood);
465
466 QCOMPARE(ca1.pathLimit(), 0);
467
468 QCOMPARE(ca1.isNull(), false);
469 QCOMPARE(ca1.isCA(), true);
470
471 QCOMPARE(ca1.isSelfSigned(), true);
472
473 QCOMPARE(ca1.serialNumber(), QCA::BigInteger(0));
474
475 QCOMPARE(ca1.commonName(), QStringLiteral("For Tests Only"));
476
477 QCA::CertificateInfo si = ca1.subjectInfo();
478 QCOMPARE(si.isEmpty(), false);
479 QCOMPARE(si.value(QCA::CommonName), QStringLiteral("For Tests Only"));
480 QCOMPARE(si.value(QCA::Organization), QStringLiteral("InsecureTestCertificate"));
481 QCOMPARE(si.value(QCA::Country), QStringLiteral("de"));
482
483 QCA::CertificateInfo ii = ca1.issuerInfo();
484 QCOMPARE(ii.isEmpty(), false);
485 QCOMPARE(ii.value(QCA::CommonName), QStringLiteral("For Tests Only"));
486 QCOMPARE(ii.value(QCA::Organization), QStringLiteral("InsecureTestCertificate"));
487 QCOMPARE(ii.value(QCA::Country), QStringLiteral("de"));
488
489 QCOMPARE(ca1.notValidBefore().toString(),
490 QDateTime(QDate(2001, 8, 17), QTime(8, 30, 39), Qt::UTC).toString());
491 QCOMPARE(ca1.notValidAfter().toString(),
492 QDateTime(QDate(2011, 8, 15), QTime(8, 30, 39), Qt::UTC).toString());
493
494 QCOMPARE(ca1.constraints().contains(QCA::DigitalSignature) == true, true);
495 QCOMPARE(ca1.constraints().contains(QCA::NonRepudiation) == true, true);
496 QCOMPARE(ca1.constraints().contains(QCA::KeyEncipherment) == true, true);
497 QCOMPARE(ca1.constraints().contains(QCA::DataEncipherment) == true, false);
498 QCOMPARE(ca1.constraints().contains(QCA::KeyAgreement) == true, false);
499 QCOMPARE(ca1.constraints().contains(QCA::KeyCertificateSign) == true, true);
500 QCOMPARE(ca1.constraints().contains(QCA::CRLSign) == true, true);
501 QCOMPARE(ca1.constraints().contains(QCA::EncipherOnly) == true, false);
502 QCOMPARE(ca1.constraints().contains(QCA::DecipherOnly) == true, false);
503 QCOMPARE(ca1.constraints().contains(QCA::ServerAuth) == true, false);
504 QCOMPARE(ca1.constraints().contains(QCA::ClientAuth) == true, false);
505 QCOMPARE(ca1.constraints().contains(QCA::CodeSigning) == true, false);
506 QCOMPARE(ca1.constraints().contains(QCA::EmailProtection) == true, false);
507 QCOMPARE(ca1.constraints().contains(QCA::IPSecEndSystem) == true, false);
508 QCOMPARE(ca1.constraints().contains(QCA::IPSecTunnel) == true, false);
509 QCOMPARE(ca1.constraints().contains(QCA::IPSecUser) == true, false);
510 QCOMPARE(ca1.constraints().contains(QCA::TimeStamping) == true, false);
511 QCOMPARE(ca1.constraints().contains(QCA::OCSPSigning) == true, false);
512
513 // no policies on this cert
514 QCOMPARE(ca1.policies().count(), 0);
515
516 QCOMPARE(ca1.signatureAlgorithm(), QCA::EMSA3_MD5);
517 }
518 }
519}
520
521void CertUnitTest::altName()
522{
523 QStringList providersToTest;
524 providersToTest.append(QStringLiteral("qca-ossl"));
525 // providersToTest.append("qca-botan");
526
527 foreach (const QString provider, providersToTest) {
528 if (!QCA::isSupported(features: "cert", provider))
529 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
530 else {
531 QCA::ConvertResult resultClient1;
532 QCA::Certificate client1 =
533 QCA::Certificate::fromPEMFile(QStringLiteral("certs/altname.pem"), result: &resultClient1, provider);
534 QCOMPARE(resultClient1, QCA::ConvertGood);
535 QCOMPARE(client1.isNull(), false);
536 QCOMPARE(client1.isCA(), false);
537 QCOMPARE(client1.isSelfSigned(), false);
538
539 QCOMPARE(client1.serialNumber(), QCA::BigInteger(1));
540
541 QCOMPARE(client1.commonName(), QStringLiteral("Valid RFC822 nameConstraints EE Certificate Test21"));
542
543 QCOMPARE(client1.constraints().contains(QCA::DigitalSignature) == true, true);
544 QCOMPARE(client1.constraints().contains(QCA::NonRepudiation) == true, true);
545 QCOMPARE(client1.constraints().contains(QCA::KeyEncipherment) == true, true);
546 QCOMPARE(client1.constraints().contains(QCA::DataEncipherment) == true, true);
547 QCOMPARE(client1.constraints().contains(QCA::KeyAgreement) == true, false);
548 QCOMPARE(client1.constraints().contains(QCA::KeyCertificateSign) == true, false);
549 QCOMPARE(client1.constraints().contains(QCA::CRLSign) == true, false);
550 QCOMPARE(client1.constraints().contains(QCA::EncipherOnly) == true, false);
551 QCOMPARE(client1.constraints().contains(QCA::DecipherOnly) == true, false);
552 QCOMPARE(client1.constraints().contains(QCA::ServerAuth) == true, false);
553 QCOMPARE(client1.constraints().contains(QCA::ClientAuth) == true, false);
554 QCOMPARE(client1.constraints().contains(QCA::CodeSigning) == true, false);
555 QCOMPARE(client1.constraints().contains(QCA::EmailProtection) == true, false);
556 QCOMPARE(client1.constraints().contains(QCA::IPSecEndSystem) == true, false);
557 QCOMPARE(client1.constraints().contains(QCA::IPSecTunnel) == true, false);
558 QCOMPARE(client1.constraints().contains(QCA::IPSecUser) == true, false);
559 QCOMPARE(client1.constraints().contains(QCA::TimeStamping) == true, false);
560 QCOMPARE(client1.constraints().contains(QCA::OCSPSigning) == true, false);
561
562 QCOMPARE(client1.policies().count(), 1);
563 QCOMPARE(client1.policies().at(0), QStringLiteral("2.16.840.1.101.3.2.1.48.1"));
564
565 QCA::CertificateInfo subject1 = client1.subjectInfo();
566 QCOMPARE(subject1.isEmpty(), false);
567 QVERIFY(subject1.contains(QCA::Country, QStringLiteral("US")));
568 QVERIFY(subject1.contains(QCA::Organization, QStringLiteral("Test Certificates")));
569 QVERIFY(subject1.contains(QCA::CommonName,
570 QStringLiteral("Valid RFC822 nameConstraints EE Certificate Test21")));
571 QVERIFY(subject1.contains(QCA::Email, QStringLiteral("Test21EE@mailserver.testcertificates.gov")));
572
573 QCA::CertificateInfo issuer1 = client1.issuerInfo();
574 QCOMPARE(issuer1.isEmpty(), false);
575 QVERIFY(issuer1.contains(QCA::Country, QStringLiteral("US")));
576 QVERIFY(issuer1.contains(QCA::Organization, QStringLiteral("Test Certificates")));
577 QVERIFY(issuer1.contains(QCA::CommonName, QStringLiteral("nameConstraints RFC822 CA1")));
578
579 QByteArray subjectKeyID =
580 QCA::Hex().stringToArray(QStringLiteral("b4200d42cd95ea87d463d54f0ed6d10fe5b73bfb")).toByteArray();
581 QCOMPARE(client1.subjectKeyId(), subjectKeyID);
582 QCOMPARE(QCA::Hex().arrayToString(client1.issuerKeyId()),
583 QStringLiteral("e37f857a8ea23b9eeeb8121d7913aac4bd2e59ad"));
584
585 QCA::PublicKey pubkey1 = client1.subjectPublicKey();
586 QCOMPARE(pubkey1.isNull(), false);
587 QCOMPARE(pubkey1.isRSA(), true);
588 QCOMPARE(pubkey1.isDSA(), false);
589 QCOMPARE(pubkey1.isDH(), false);
590 QCOMPARE(pubkey1.isPublic(), true);
591 QCOMPARE(pubkey1.isPrivate(), false);
592 QCOMPARE(pubkey1.bitSize(), 1024);
593
594 QCOMPARE(client1.pathLimit(), 0);
595
596 QCOMPARE(client1.signatureAlgorithm(), QCA::EMSA3_SHA1);
597 }
598 }
599}
600
601void CertUnitTest::extXMPP()
602{
603 QStringList providersToTest;
604 providersToTest.append(QStringLiteral("qca-ossl"));
605 // providersToTest.append("qca-botan");
606
607 foreach (const QString provider, providersToTest) {
608 if (!QCA::isSupported(features: "cert", provider))
609 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
610 else {
611 QCA::ConvertResult resultClient1;
612 QCA::Certificate client1 =
613 QCA::Certificate::fromPEMFile(QStringLiteral("certs/xmppcert.pem"), result: &resultClient1, provider);
614 QCOMPARE(resultClient1, QCA::ConvertGood);
615 QCOMPARE(client1.isNull(), false);
616 QCOMPARE(client1.isCA(), false);
617 QCOMPARE(client1.isSelfSigned(), true);
618
619 QCOMPARE(client1.serialNumber(), QCA::BigInteger("9635301556349760241"));
620
621 QCOMPARE(client1.commonName(), QStringLiteral("demo.jabber.com"));
622
623 QCA::CertificateInfo subject1 = client1.subjectInfo();
624 QCOMPARE(subject1.isEmpty(), false);
625 QVERIFY(subject1.contains(QCA::Country, QStringLiteral("US")));
626 QVERIFY(subject1.contains(QCA::Organization, QStringLiteral("Jabber, Inc.")));
627 QVERIFY(subject1.contains(QCA::Locality, QStringLiteral("Denver")));
628 QVERIFY(subject1.contains(QCA::State, QStringLiteral("Colorado")));
629 QVERIFY(subject1.contains(QCA::CommonName, QStringLiteral("demo.jabber.com")));
630 QVERIFY(subject1.contains(QCA::DNS, QStringLiteral("demo.jabber.com")));
631 QVERIFY(subject1.contains(QCA::XMPP, QStringLiteral("demo.jabber.com")));
632
633 QCA::CertificateInfo issuer1 = client1.issuerInfo();
634 QCOMPARE(issuer1.isEmpty(), false);
635 QVERIFY(issuer1.contains(QCA::Country, QStringLiteral("US")));
636 QVERIFY(issuer1.contains(QCA::Organization, QStringLiteral("Jabber, Inc.")));
637 QVERIFY(issuer1.contains(QCA::Locality, QStringLiteral("Denver")));
638 QVERIFY(issuer1.contains(QCA::State, QStringLiteral("Colorado")));
639 QVERIFY(issuer1.contains(QCA::CommonName, QStringLiteral("demo.jabber.com")));
640 }
641 }
642}
643
644void CertUnitTest::altNames76()
645{
646 QStringList providersToTest;
647 providersToTest.append(QStringLiteral("qca-ossl"));
648 // providersToTest.append("qca-botan");
649
650 foreach (const QString provider, providersToTest) {
651 if (!QCA::isSupported(features: "cert", provider))
652 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
653 else {
654 QCA::ConvertResult resultClient1;
655 QCA::Certificate client1 =
656 QCA::Certificate::fromPEMFile(QStringLiteral("certs/76.pem"), result: &resultClient1, provider);
657 QCOMPARE(resultClient1, QCA::ConvertGood);
658 QCOMPARE(client1.isNull(), false);
659 QCOMPARE(client1.isCA(), false);
660 QCOMPARE(client1.isSelfSigned(), false);
661
662 QCOMPARE(client1.serialNumber(), QCA::BigInteger(118));
663
664 QCOMPARE(client1.commonName(), QStringLiteral("sip1.su.se"));
665
666 QCOMPARE(client1.constraints().contains(QCA::DigitalSignature) == true, true);
667 QCOMPARE(client1.constraints().contains(QCA::NonRepudiation) == true, true);
668 QCOMPARE(client1.constraints().contains(QCA::KeyEncipherment) == true, true);
669 QCOMPARE(client1.constraints().contains(QCA::DataEncipherment) == true, false);
670 QCOMPARE(client1.constraints().contains(QCA::KeyAgreement) == true, false);
671 QCOMPARE(client1.constraints().contains(QCA::KeyCertificateSign) == true, false);
672 QCOMPARE(client1.constraints().contains(QCA::CRLSign) == true, false);
673 QCOMPARE(client1.constraints().contains(QCA::EncipherOnly) == true, false);
674 QCOMPARE(client1.constraints().contains(QCA::DecipherOnly) == true, false);
675 QCOMPARE(client1.constraints().contains(QCA::ServerAuth) == true, true);
676 QCOMPARE(client1.constraints().contains(QCA::ClientAuth) == true, true);
677 QCOMPARE(client1.constraints().contains(QCA::CodeSigning) == true, false);
678 QCOMPARE(client1.constraints().contains(QCA::EmailProtection) == true, false);
679 QCOMPARE(client1.constraints().contains(QCA::IPSecEndSystem) == true, false);
680 QCOMPARE(client1.constraints().contains(QCA::IPSecTunnel) == true, false);
681 QCOMPARE(client1.constraints().contains(QCA::IPSecUser) == true, false);
682 QCOMPARE(client1.constraints().contains(QCA::TimeStamping) == true, false);
683 QCOMPARE(client1.constraints().contains(QCA::OCSPSigning) == true, false);
684
685 QCOMPARE(client1.policies().count(), 1);
686
687 QCA::CertificateInfo subject1 = client1.subjectInfo();
688 QCOMPARE(subject1.isEmpty(), false);
689 QVERIFY(subject1.contains(QCA::Country, QStringLiteral("SE")));
690 QVERIFY(subject1.contains(QCA::Organization, QStringLiteral("Stockholms universitet")));
691 QVERIFY(subject1.contains(QCA::CommonName, QStringLiteral("sip1.su.se")));
692 QCOMPARE(subject1.values(QCA::Email).count(), 0); // clazy:exclude=container-anti-pattern
693 QCOMPARE(subject1.values(QCA::DNS).count(), 8); // clazy:exclude=container-anti-pattern
694 QVERIFY(subject1.contains(QCA::DNS, QStringLiteral("incomingproxy.sip.su.se")));
695 QVERIFY(subject1.contains(QCA::DNS, QStringLiteral("incomingproxy1.sip.su.se")));
696 QVERIFY(subject1.contains(QCA::DNS, QStringLiteral("outgoingproxy.sip.su.se")));
697 QVERIFY(subject1.contains(QCA::DNS, QStringLiteral("outgoingproxy1.sip.su.se")));
698 QVERIFY(subject1.contains(QCA::DNS, QStringLiteral("out.sip.su.se")));
699 QVERIFY(subject1.contains(QCA::DNS, QStringLiteral("appserver.sip.su.se")));
700 QVERIFY(subject1.contains(QCA::DNS, QStringLiteral("appserver1.sip.su.se")));
701 QVERIFY(subject1.contains(QCA::DNS, QStringLiteral("sip1.su.se")));
702
703 QVERIFY(client1.matchesHostName(QStringLiteral("incomingproxy.sip.su.se")));
704 QVERIFY(client1.matchesHostName(QStringLiteral("incomingproxy1.sip.su.se")));
705 QVERIFY(client1.matchesHostName(QStringLiteral("outgoingproxy.sip.su.se")));
706 QVERIFY(client1.matchesHostName(QStringLiteral("outgoingproxy1.sip.su.se")));
707 QVERIFY(client1.matchesHostName(QStringLiteral("out.sip.su.se")));
708 QVERIFY(client1.matchesHostName(QStringLiteral("appserver.sip.su.se")));
709 QVERIFY(client1.matchesHostName(QStringLiteral("appserver1.sip.su.se")));
710 QVERIFY(client1.matchesHostName(QStringLiteral("sip1.su.se")));
711
712 QCA::CertificateInfo issuer1 = client1.issuerInfo();
713 QCOMPARE(issuer1.isEmpty(), false);
714 QVERIFY(issuer1.contains(QCA::Country, QStringLiteral("SE")));
715 QVERIFY(issuer1.contains(QCA::Organization, QStringLiteral("Stockholms universitet")));
716 QVERIFY(issuer1.contains(QCA::CommonName, QStringLiteral("Stockholm University CA")));
717 QVERIFY(issuer1.contains(QCA::URI, QStringLiteral("http://ca.su.se")));
718 QVERIFY(issuer1.contains(QCA::Email, QStringLiteral("ca@su.se")));
719
720 QByteArray subjectKeyID =
721 QCA::Hex().stringToArray(QStringLiteral("3a5c5cd1cc2c9edf73f73bd81b59b1eab83035c5")).toByteArray();
722 QCOMPARE(client1.subjectKeyId(), subjectKeyID);
723 QCOMPARE(QCA::Hex().arrayToString(client1.issuerKeyId()),
724 QStringLiteral("9e2e30ba37d95144c99dbf1821f1bd7eeeb58648"));
725
726 QCA::PublicKey pubkey1 = client1.subjectPublicKey();
727 QCOMPARE(pubkey1.isNull(), false);
728 QCOMPARE(pubkey1.isRSA(), true);
729 QCOMPARE(pubkey1.isDSA(), false);
730 QCOMPARE(pubkey1.isDH(), false);
731 QCOMPARE(pubkey1.isPublic(), true);
732 QCOMPARE(pubkey1.isPrivate(), false);
733 QCOMPARE(pubkey1.bitSize(), 1024);
734
735 QCOMPARE(client1.pathLimit(), 0);
736
737 QCOMPARE(client1.signatureAlgorithm(), QCA::EMSA3_SHA1);
738 }
739 }
740}
741
742void CertUnitTest::sha256cert()
743{
744 QStringList providersToTest;
745 providersToTest.append(QStringLiteral("qca-ossl"));
746 // providersToTest.append("qca-botan");
747
748 foreach (const QString provider, providersToTest) {
749 if (!QCA::isSupported(features: "cert", provider))
750 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
751 else {
752 QFile f(QStringLiteral("certs/RAIZ2007_CERTIFICATE_AND_CRL_SIGNING_SHA256.crt"));
753 QVERIFY(f.open(QFile::ReadOnly));
754 QByteArray der = f.readAll();
755 QCA::ConvertResult resultcert;
756 QCA::Certificate cert = QCA::Certificate::fromDER(a: der, result: &resultcert, provider);
757
758 QCOMPARE(resultcert, QCA::ConvertGood);
759 QCOMPARE(cert.isNull(), false);
760 QCOMPARE(cert.isCA(), true);
761 QCOMPARE(cert.isSelfSigned(), true);
762
763 QCA::PublicKey pubkey = cert.subjectPublicKey();
764 QCOMPARE(pubkey.isNull(), false);
765 QCOMPARE(pubkey.isRSA(), true);
766 QCOMPARE(pubkey.isDSA(), false);
767 QCOMPARE(pubkey.isDH(), false);
768 QCOMPARE(pubkey.isPublic(), true);
769 QCOMPARE(pubkey.isPrivate(), false);
770 QCOMPARE(pubkey.bitSize(), 4096);
771
772 QCOMPARE(cert.pathLimit(), 0);
773
774 QCOMPARE(cert.signatureAlgorithm(), QCA::EMSA3_SHA256);
775 }
776 }
777}
778
779void CertUnitTest::checkExpiredServerCerts()
780{
781 QStringList providersToTest;
782 providersToTest.append(QStringLiteral("qca-ossl"));
783 // providersToTest.append("qca-botan");
784
785 foreach (const QString provider, providersToTest) {
786 if (!QCA::isSupported(features: "cert", provider))
787 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
788 else {
789 QCA::ConvertResult resultServer1;
790 QCA::Certificate server1 =
791 QCA::Certificate::fromPEMFile(QStringLiteral("certs/Server.pem"), result: &resultServer1, provider);
792 QCOMPARE(resultServer1, QCA::ConvertGood);
793 QCOMPARE(server1.isNull(), false);
794 QCOMPARE(server1.isCA(), false);
795 QCOMPARE(server1.isSelfSigned(), false);
796
797 QCOMPARE(server1.serialNumber(), QCA::BigInteger(4));
798
799 QCOMPARE(server1.commonName(), QStringLiteral("Insecure Server Cert"));
800
801 QCOMPARE(server1.notValidBefore().toString(),
802 QDateTime(QDate(2001, 8, 17), QTime(8, 46, 24), Qt::UTC).toString());
803 QCOMPARE(server1.notValidAfter().toString(),
804 QDateTime(QDate(2006, 8, 16), QTime(8, 46, 24), Qt::UTC).toString());
805
806 QCOMPARE(server1.constraints().contains(QCA::DigitalSignature) == true, true);
807 QCOMPARE(server1.constraints().contains(QCA::NonRepudiation) == true, false);
808 QCOMPARE(server1.constraints().contains(QCA::KeyEncipherment) == true, true);
809 QCOMPARE(server1.constraints().contains(QCA::DataEncipherment) == true, false);
810 QCOMPARE(server1.constraints().contains(QCA::KeyAgreement) == true, true);
811 QCOMPARE(server1.constraints().contains(QCA::KeyCertificateSign) == true, false);
812 QCOMPARE(server1.constraints().contains(QCA::CRLSign) == true, false);
813 QCOMPARE(server1.constraints().contains(QCA::EncipherOnly) == true, false);
814 QCOMPARE(server1.constraints().contains(QCA::DecipherOnly) == true, false);
815 QCOMPARE(server1.constraints().contains(QCA::ServerAuth) == true, true);
816 QCOMPARE(server1.constraints().contains(QCA::ClientAuth) == true, false);
817 QCOMPARE(server1.constraints().contains(QCA::CodeSigning) == true, false);
818 QCOMPARE(server1.constraints().contains(QCA::EmailProtection) == true, false);
819 QCOMPARE(server1.constraints().contains(QCA::IPSecEndSystem) == true, false);
820 QCOMPARE(server1.constraints().contains(QCA::IPSecTunnel) == true, false);
821 QCOMPARE(server1.constraints().contains(QCA::IPSecUser) == true, false);
822 QCOMPARE(server1.constraints().contains(QCA::TimeStamping) == true, false);
823 QCOMPARE(server1.constraints().contains(QCA::OCSPSigning) == true, false);
824
825 // no policies on this cert
826 QCOMPARE(server1.policies().count(), 0);
827
828 QCA::CertificateInfo subject1 = server1.subjectInfo();
829 QCOMPARE(subject1.isEmpty(), false);
830 QCOMPARE(subject1.contains(QCA::Country, QStringLiteral("de")) == true, true);
831 QCOMPARE(subject1.contains(QCA::Organization, QStringLiteral("InsecureTestCertificate")) == true, true);
832 QCOMPARE(subject1.contains(QCA::CommonName, QStringLiteral("Insecure Server Cert")) == true, true);
833
834 QCA::CertificateInfo issuer1 = server1.issuerInfo();
835 QCOMPARE(issuer1.isEmpty(), false);
836 QCOMPARE(issuer1.contains(QCA::Country, QStringLiteral("de")) == true, true);
837 QCOMPARE(issuer1.contains(QCA::Organization, QStringLiteral("InsecureTestCertificate")) == true, true);
838 QCOMPARE(issuer1.contains(QCA::CommonName, QStringLiteral("For Tests Only")) == true, true);
839
840 QByteArray subjectKeyID =
841 QCA::Hex().stringToArray(QStringLiteral("0234E2C906F6E0B44253BE04C0CBA7823A6DB509")).toByteArray();
842 QCOMPARE(server1.subjectKeyId(), subjectKeyID);
843 QByteArray authorityKeyID =
844 QCA::Hex().stringToArray(QStringLiteral("BF53438278D09EC380E51B67CA0500DFB94883A5")).toByteArray();
845 QCOMPARE(server1.issuerKeyId(), authorityKeyID);
846
847 QCA::PublicKey pubkey1 = server1.subjectPublicKey();
848 QCOMPARE(pubkey1.isNull(), false);
849 QCOMPARE(pubkey1.isRSA(), true);
850 QCOMPARE(pubkey1.isDSA(), false);
851 QCOMPARE(pubkey1.isDH(), false);
852 QCOMPARE(pubkey1.isPublic(), true);
853 QCOMPARE(pubkey1.isPrivate(), false);
854 QCOMPARE(pubkey1.bitSize(), 1024);
855
856 QCOMPARE(server1.pathLimit(), 0);
857
858 QCOMPARE(server1.signatureAlgorithm(), QCA::EMSA3_MD5);
859
860 QCA::CertificateCollection trusted;
861 QCA::CertificateCollection untrusted;
862 QCOMPARE(server1.validate(trusted, untrusted), QCA::ErrorInvalidCA);
863
864 QCA::ConvertResult resultca1;
865 QCA::Certificate ca1 =
866 QCA::Certificate::fromPEMFile(QStringLiteral("certs/RootCAcert.pem"), result: &resultca1, provider);
867 QCOMPARE(resultca1, QCA::ConvertGood);
868 trusted.addCertificate(cert: ca1);
869 QCOMPARE(server1.validate(trusted, untrusted), QCA::ErrorExpired);
870 QCOMPARE(server1.validate(trusted, untrusted, QCA::UsageAny), QCA::ErrorExpired);
871 QCOMPARE(server1.validate(trusted, untrusted, QCA::UsageTLSServer), QCA::ErrorExpired);
872 QCOMPARE(server1.validate(trusted, untrusted, QCA::UsageTLSClient), QCA::ErrorExpired);
873 QCOMPARE(server1.validate(trusted, untrusted, QCA::UsageCodeSigning), QCA::ErrorExpired);
874 QCOMPARE(server1.validate(trusted, untrusted, QCA::UsageTimeStamping), QCA::ErrorExpired);
875 QCOMPARE(server1.validate(trusted, untrusted, QCA::UsageEmailProtection), QCA::ErrorExpired);
876 QCOMPARE(server1.validate(trusted, untrusted, QCA::UsageCRLSigning), QCA::ErrorExpired);
877
878 QByteArray derServer1 = server1.toDER();
879 QCOMPARE(derServer1.isEmpty(), false);
880 QCA::Certificate fromDer1 = QCA::Certificate::fromDER(a: derServer1, result: &resultServer1, provider);
881 QCOMPARE(resultServer1, QCA::ConvertGood);
882 QCOMPARE(fromDer1 == server1, true);
883 }
884 }
885}
886
887void CertUnitTest::checkServerCerts()
888{
889 QStringList providersToTest;
890 providersToTest.append(QStringLiteral("qca-ossl"));
891 // providersToTest.append("qca-botan");
892
893 foreach (const QString provider, providersToTest) {
894 if (!QCA::isSupported(features: "cert", provider))
895 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
896 else {
897 QCA::ConvertResult resultServer1;
898 QCA::Certificate server1 =
899 QCA::Certificate::fromPEMFile(QStringLiteral("certs/QcaTestServerCert.pem"), result: &resultServer1, provider);
900 QCOMPARE(resultServer1, QCA::ConvertGood);
901 QCOMPARE(server1.isNull(), false);
902 QCOMPARE(server1.isCA(), false);
903 QCOMPARE(server1.isSelfSigned(), false);
904
905 QCOMPARE(server1.serialNumber(), QCA::BigInteger("13149359243510447489"));
906
907 QCOMPARE(server1.commonName(), QStringLiteral("Qca Server Test certificate"));
908
909 QCOMPARE(server1.notValidBefore().toString(),
910 QDateTime(QDate(2013, 7, 31), QTime(15, 23, 25), Qt::UTC).toString());
911 QCOMPARE(server1.notValidAfter().toString(),
912 QDateTime(QDate(2033, 7, 26), QTime(15, 23, 25), Qt::UTC).toString());
913
914 QCOMPARE(server1.constraints().contains(QCA::DigitalSignature) == true, true);
915 QCOMPARE(server1.constraints().contains(QCA::NonRepudiation) == true, true);
916 QCOMPARE(server1.constraints().contains(QCA::KeyEncipherment) == true, true);
917 QCOMPARE(server1.constraints().contains(QCA::DataEncipherment) == true, false);
918 QCOMPARE(server1.constraints().contains(QCA::KeyAgreement) == true, false);
919 QCOMPARE(server1.constraints().contains(QCA::KeyCertificateSign) == true, false);
920 QCOMPARE(server1.constraints().contains(QCA::CRLSign) == true, false);
921 QCOMPARE(server1.constraints().contains(QCA::EncipherOnly) == true, false);
922 QCOMPARE(server1.constraints().contains(QCA::DecipherOnly) == true, false);
923 QCOMPARE(server1.constraints().contains(QCA::ServerAuth) == true, true);
924 QCOMPARE(server1.constraints().contains(QCA::ClientAuth) == true, false);
925 QCOMPARE(server1.constraints().contains(QCA::CodeSigning) == true, false);
926 QCOMPARE(server1.constraints().contains(QCA::EmailProtection) == true, false);
927 QCOMPARE(server1.constraints().contains(QCA::IPSecEndSystem) == true, false);
928 QCOMPARE(server1.constraints().contains(QCA::IPSecTunnel) == true, false);
929 QCOMPARE(server1.constraints().contains(QCA::IPSecUser) == true, false);
930 QCOMPARE(server1.constraints().contains(QCA::TimeStamping) == true, false);
931 QCOMPARE(server1.constraints().contains(QCA::OCSPSigning) == true, false);
932
933 // no policies on this cert
934 QCOMPARE(server1.policies().count(), 0);
935
936 QCA::CertificateInfo subject1 = server1.subjectInfo();
937 QCOMPARE(subject1.isEmpty(), false);
938 QVERIFY(subject1.contains(QCA::Country, QStringLiteral("IL")));
939 QVERIFY(subject1.contains(QCA::Organization, QStringLiteral("Qca Development and Test")));
940 QVERIFY(subject1.contains(QCA::OrganizationalUnit, QStringLiteral("Server Management Section")));
941 QVERIFY(subject1.contains(QCA::CommonName, QStringLiteral("Qca Server Test certificate")));
942
943 QCA::CertificateInfo issuer1 = server1.issuerInfo();
944 QCOMPARE(issuer1.isEmpty(), false);
945 QVERIFY(issuer1.contains(QCA::Country, QStringLiteral("AU")));
946 QVERIFY(issuer1.contains(QCA::Organization, QStringLiteral("Qca Development and Test")));
947 QVERIFY(issuer1.contains(QCA::OrganizationalUnit, QStringLiteral("Certificate Generation Section")));
948 QVERIFY(issuer1.contains(QCA::CommonName, QStringLiteral("Qca Test Root Certificate")));
949
950 QByteArray subjectKeyID =
951 QCA::Hex().stringToArray(QStringLiteral("819870c8b81eab53e72d0446b65790aa0d3eab1a")).toByteArray();
952 QCOMPARE(server1.subjectKeyId(), subjectKeyID);
953 QByteArray authorityKeyID =
954 QCA::Hex().stringToArray(QStringLiteral("f61c451de1b0458138c60568c1a7cb0f7ade0363")).toByteArray();
955 QCOMPARE(server1.issuerKeyId(), authorityKeyID);
956
957 QCA::PublicKey pubkey1 = server1.subjectPublicKey();
958 QCOMPARE(pubkey1.isNull(), false);
959 QCOMPARE(pubkey1.isRSA(), true);
960 QCOMPARE(pubkey1.isDSA(), false);
961 QCOMPARE(pubkey1.isDH(), false);
962 QCOMPARE(pubkey1.isPublic(), true);
963 QCOMPARE(pubkey1.isPrivate(), false);
964 QCOMPARE(pubkey1.bitSize(), 1024);
965
966 QCOMPARE(server1.pathLimit(), 0);
967
968 QCOMPARE(server1.signatureAlgorithm(), QCA::EMSA3_SHA1);
969
970 QCA::CertificateCollection trusted;
971 QCA::CertificateCollection untrusted;
972 QCOMPARE(server1.validate(trusted, untrusted), QCA::ErrorInvalidCA);
973
974 QCA::ConvertResult resultca1;
975 QCA::Certificate ca1 =
976 QCA::Certificate::fromPEMFile(QStringLiteral("certs/QcaTestRootCert.pem"), result: &resultca1, provider);
977 QCOMPARE(resultca1, QCA::ConvertGood);
978 trusted.addCertificate(cert: ca1);
979 QCOMPARE(server1.validate(trusted, untrusted), QCA::ValidityGood);
980 QCOMPARE(server1.validate(trusted, untrusted, QCA::UsageAny), QCA::ValidityGood);
981 QCOMPARE(server1.validate(trusted, untrusted, QCA::UsageTLSServer), QCA::ValidityGood);
982 QCOMPARE(server1.validate(trusted, untrusted, QCA::UsageTLSClient), QCA::ErrorInvalidPurpose);
983 QCOMPARE(server1.validate(trusted, untrusted, QCA::UsageCodeSigning), QCA::ErrorInvalidPurpose);
984 QCOMPARE(server1.validate(trusted, untrusted, QCA::UsageTimeStamping), QCA::ErrorInvalidPurpose);
985 QCOMPARE(server1.validate(trusted, untrusted, QCA::UsageEmailProtection), QCA::ErrorInvalidPurpose);
986 QCOMPARE(server1.validate(trusted, untrusted, QCA::UsageCRLSigning), QCA::ErrorInvalidPurpose);
987
988 QByteArray derServer1 = server1.toDER();
989 QCOMPARE(derServer1.isEmpty(), false);
990 QCA::Certificate fromDer1 = QCA::Certificate::fromDER(a: derServer1, result: &resultServer1, provider);
991 QCOMPARE(resultServer1, QCA::ConvertGood);
992 QCOMPARE(fromDer1 == server1, true);
993 }
994 }
995}
996
997void CertUnitTest::checkSystemStore()
998{
999 if (QCA::isSupported(features: "cert") && QCA::isSupported(features: "crl")) {
1000 QCOMPARE(QCA::haveSystemStore(), true);
1001
1002 QCA::CertificateCollection collection1;
1003 collection1 = QCA::systemStore();
1004 // Do we have any certs?
1005 QVERIFY(collection1.certificates().count() > 0);
1006 } else {
1007 QCOMPARE(QCA::haveSystemStore(), false);
1008 }
1009}
1010
1011void CertUnitTest::crl()
1012{
1013 QStringList providersToTest;
1014 providersToTest.append(QStringLiteral("qca-ossl"));
1015 // providersToTest.append("qca-botan");
1016
1017 foreach (const QString provider, providersToTest) {
1018 if (!QCA::isSupported(features: "crl", provider))
1019 QWARN((QStringLiteral("Certificate revocation not supported for ") + provider).toLocal8Bit().constData());
1020 else {
1021 QCA::CRL emptyCRL;
1022 QVERIFY(emptyCRL.isNull());
1023
1024 QCA::ConvertResult resultCrl;
1025 QCA::CRL crl1 = QCA::CRL::fromPEMFile(QStringLiteral("certs/Test_CRL.crl"), result: &resultCrl, provider);
1026 QCOMPARE(resultCrl, QCA::ConvertGood);
1027 QCOMPARE(crl1.isNull(), false);
1028
1029 QCA::CertificateInfo issuer = crl1.issuerInfo();
1030 QCOMPARE(issuer.isEmpty(), false);
1031 QVERIFY(issuer.contains(QCA::Country, QStringLiteral("de")));
1032 QVERIFY(issuer.contains(QCA::Organization, QStringLiteral("InsecureTestCertificate")));
1033 QVERIFY(issuer.contains(QCA::CommonName, QStringLiteral("For Tests Only")));
1034
1035 // No keyid extension on this crl
1036 QCOMPARE(QCA::arrayToHex(crl1.issuerKeyId()), QLatin1String(""));
1037
1038 QCOMPARE(crl1.thisUpdate(), QDateTime(QDate(2001, 8, 17), QTime(11, 12, 03), Qt::UTC));
1039 QCOMPARE(crl1.nextUpdate(), QDateTime(QDate(2006, 8, 16), QTime(11, 12, 03), Qt::UTC));
1040
1041 QCOMPARE(crl1.signatureAlgorithm(), QCA::EMSA3_MD5);
1042
1043 QCOMPARE(crl1.issuerKeyId(), QByteArray(""));
1044 QCOMPARE(crl1, QCA::CRL(crl1));
1045 QCOMPARE(crl1 == QCA::CRL(), false);
1046 QCOMPARE(crl1.number(), -1);
1047
1048 QList<QCA::CRLEntry> revokedList = crl1.revoked();
1049 QCOMPARE(revokedList.size(), 2);
1050 std::sort(first: revokedList.begin(), last: revokedList.end());
1051 QCOMPARE(revokedList[0].serialNumber(), QCA::BigInteger("3"));
1052 QCOMPARE(revokedList[1].serialNumber(), QCA::BigInteger("5"));
1053 QCOMPARE(revokedList[0].reason(), QCA::CRLEntry::Unspecified);
1054 QCOMPARE(revokedList[1].reason(), QCA::CRLEntry::Unspecified);
1055 QCOMPARE(revokedList[0].time(), QDateTime(QDate(2001, 8, 17), QTime(11, 10, 39), Qt::UTC));
1056 QCOMPARE(revokedList[1].time(), QDateTime(QDate(2001, 8, 17), QTime(11, 11, 59), Qt::UTC));
1057
1058 // convert to DER
1059 QByteArray derCRL1 = crl1.toDER();
1060 // check we got something, at least
1061 QCOMPARE(derCRL1.isEmpty(), false);
1062 // convert back from DER
1063 QCA::CRL fromDer1 = QCA::CRL::fromDER(a: derCRL1, result: &resultCrl, provider);
1064 // check the conversion at least appeared to work
1065 QCOMPARE(resultCrl, QCA::ConvertGood);
1066 // check the result is the same as what we started with
1067 QCOMPARE(fromDer1, crl1);
1068 }
1069 }
1070}
1071
1072void CertUnitTest::crl2()
1073{
1074 QStringList providersToTest;
1075 providersToTest.append(QStringLiteral("qca-ossl"));
1076 // providersToTest.append("qca-botan");
1077
1078 foreach (const QString provider, providersToTest) {
1079 if (!QCA::isSupported(features: "crl", provider))
1080 QWARN((QStringLiteral("Certificate revocation not supported for ") + provider).toLocal8Bit().constData());
1081 else {
1082 QCA::ConvertResult resultCrl;
1083 QCA::CRL crl1 = QCA::CRL::fromPEMFile(QStringLiteral("certs/GoodCACRL.pem"), result: &resultCrl, provider);
1084 QCOMPARE(resultCrl, QCA::ConvertGood);
1085 QCOMPARE(crl1.isNull(), false);
1086 QCOMPARE(crl1.provider()->name(), provider);
1087
1088 QCA::CertificateInfo issuer = crl1.issuerInfo();
1089 QCOMPARE(issuer.isEmpty(), false);
1090 QVERIFY(issuer.contains(QCA::Country, QStringLiteral("US")));
1091 QVERIFY(issuer.contains(QCA::Organization, QStringLiteral("Test Certificates")));
1092 QVERIFY(issuer.contains(QCA::CommonName, QStringLiteral("Good CA")));
1093
1094 QCOMPARE(crl1.thisUpdate(), QDateTime(QDate(2001, 4, 19), QTime(14, 57, 20), Qt::UTC));
1095 QCOMPARE(crl1.nextUpdate(), QDateTime(QDate(2011, 4, 19), QTime(14, 57, 20), Qt::UTC));
1096
1097 QCOMPARE(crl1.signatureAlgorithm(), QCA::EMSA3_SHA1);
1098
1099 QCOMPARE(QCA::arrayToHex(crl1.issuerKeyId()), QStringLiteral("b72ea682cbc2c8bca87b2744d73533df9a1594c7"));
1100 QCOMPARE(crl1.number(), 1);
1101 QCOMPARE(crl1, QCA::CRL(crl1));
1102 QCOMPARE(crl1 == QCA::CRL(), false);
1103
1104 QList<QCA::CRLEntry> revokedList = crl1.revoked();
1105 QCOMPARE(revokedList.size(), 2);
1106 std::sort(first: revokedList.begin(), last: revokedList.end());
1107 QCOMPARE(revokedList[0].serialNumber(), QCA::BigInteger("14"));
1108 QCOMPARE(revokedList[1].serialNumber(), QCA::BigInteger("15"));
1109 QCOMPARE(revokedList[0].reason(), QCA::CRLEntry::KeyCompromise);
1110 QCOMPARE(revokedList[1].reason(), QCA::CRLEntry::KeyCompromise);
1111 QCOMPARE(revokedList[0].time(), QDateTime(QDate(2001, 4, 19), QTime(14, 57, 20), Qt::UTC));
1112 QCOMPARE(revokedList[1].time(), QDateTime(QDate(2001, 4, 19), QTime(14, 57, 20), Qt::UTC));
1113
1114 // convert to DER
1115 QByteArray derCRL1 = crl1.toDER();
1116 // check we got something, at least
1117 QCOMPARE(derCRL1.isEmpty(), false);
1118 // convert back from DER
1119 QCA::CRL fromDer1 = QCA::CRL::fromDER(a: derCRL1, result: &resultCrl, provider);
1120 // check the conversion at least appeared to work
1121 QCOMPARE(resultCrl, QCA::ConvertGood);
1122 // check the result is the same as what we started with
1123 QCOMPARE(fromDer1, crl1);
1124
1125 // convert to PEM
1126 QString pemCRL1 = crl1.toPEM();
1127 // check we got something, at least
1128 QCOMPARE(pemCRL1.isEmpty(), false);
1129 // convert back from PEM
1130 QCA::CRL fromPEM1 = QCA::CRL::fromPEM(s: pemCRL1, result: &resultCrl, provider);
1131 // check the conversion at least appeared to work
1132 QCOMPARE(resultCrl, QCA::ConvertGood);
1133 // check the result is the same as what we started with
1134 QCOMPARE(fromPEM1, crl1);
1135 }
1136 }
1137}
1138
1139void CertUnitTest::csr()
1140{
1141 QStringList providersToTest;
1142 providersToTest.append(QStringLiteral("qca-ossl"));
1143 // providersToTest.append("qca-botan");
1144
1145 foreach (const QString provider, providersToTest) {
1146 if (!QCA::isSupported(features: "csr", provider))
1147 QWARN((QStringLiteral("Certificate signing requests not supported for ") + provider)
1148 .toLocal8Bit()
1149 .constData());
1150 else {
1151 QCA::CertificateRequest nullCSR;
1152 QVERIFY(nullCSR.isNull());
1153 // This is copied on purpose to check the assignment operator
1154 QCA::CertificateRequest anotherNullCSR = nullCSR; // NOLINT(performance-unnecessary-copy-initialization)
1155 QVERIFY(anotherNullCSR.isNull());
1156 QCOMPARE(nullCSR, anotherNullCSR);
1157
1158 QCA::ConvertResult resultCsr;
1159 QCA::CertificateRequest csr1 =
1160 QCA::CertificateRequest::fromPEMFile(QStringLiteral("certs/csr1.pem"), result: &resultCsr, provider);
1161 QCOMPARE(resultCsr, QCA::ConvertGood);
1162 QCOMPARE(csr1.isNull(), false);
1163 QCOMPARE(csr1.provider()->name(), provider);
1164 QCA::CertificateInfo subject = csr1.subjectInfo();
1165 QCOMPARE(subject.isEmpty(), false);
1166 QVERIFY(subject.contains(QCA::Country, QStringLiteral("AU")));
1167 QVERIFY(subject.contains(QCA::State, QStringLiteral("Victoria")));
1168 QVERIFY(subject.contains(QCA::Locality, QStringLiteral("Mitcham")));
1169 QVERIFY(subject.contains(QCA::Organization, QStringLiteral("GE Interlogix")));
1170 QVERIFY(subject.contains(QCA::OrganizationalUnit, QStringLiteral("Engineering")));
1171 QVERIFY(subject.contains(QCA::CommonName, QStringLiteral("coldfire")));
1172
1173 QCA::PublicKey pkey = csr1.subjectPublicKey();
1174 QCOMPARE(pkey.isNull(), false);
1175 QVERIFY(pkey.isRSA());
1176
1177 QCA::RSAPublicKey rsaPkey = pkey.toRSA();
1178 QCOMPARE(rsaPkey.isNull(), false);
1179 QCOMPARE(rsaPkey.e(), QCA::BigInteger(65537));
1180 QCOMPARE(rsaPkey.n(),
1181 QCA::BigInteger("104853561647822232509211983664549572246855698961210758585652966258891659217901732"
1182 "470712446421431206166165309547771124747713609923038218156616083520796442797276676"
1183 "074122658684367500665423564881889504308700315044585826841844654287577169905826705"
1184 "891670004942854611681809539126326134927995969418712881512819058439"));
1185
1186 QCOMPARE(csr1.signatureAlgorithm(), QCA::EMSA3_MD5);
1187 }
1188 }
1189}
1190
1191void CertUnitTest::csr2()
1192{
1193 QStringList providersToTest;
1194 providersToTest.append(QStringLiteral("qca-ossl"));
1195 // providersToTest.append("qca-botan");
1196
1197 foreach (const QString provider, providersToTest) {
1198 if (!QCA::isSupported(features: "csr", provider))
1199 QWARN((QStringLiteral("Certificate signing requests not supported for ") + provider)
1200 .toLocal8Bit()
1201 .constData());
1202 else {
1203 QCA::ConvertResult resultCsr;
1204 QCA::CertificateRequest csr1 =
1205 QCA::CertificateRequest::fromPEMFile(QStringLiteral("certs/newreq.pem"), result: &resultCsr, provider);
1206 QCOMPARE(resultCsr, QCA::ConvertGood);
1207 QCOMPARE(csr1.isNull(), false);
1208 QCOMPARE(csr1.provider()->name(), provider);
1209 QCA::CertificateInfo subject = csr1.subjectInfo();
1210 QCOMPARE(subject.isEmpty(), false);
1211 QVERIFY(subject.contains(QCA::Country, QStringLiteral("AI")));
1212 QVERIFY(subject.contains(QCA::State, QStringLiteral("Hutt River Province")));
1213 QVERIFY(subject.contains(QCA::Locality, QStringLiteral("Lesser Internet")));
1214 QVERIFY(subject.contains(QCA::Organization, QStringLiteral("My Company Ltd")));
1215 QVERIFY(subject.contains(QCA::OrganizationalUnit, QStringLiteral("Backwater Branch Office")));
1216 QVERIFY(subject.contains(QCA::CommonName, QStringLiteral("FirstName Surname")));
1217
1218 QCA::PublicKey pkey = csr1.subjectPublicKey();
1219 QCOMPARE(pkey.isNull(), false);
1220 QVERIFY(pkey.isRSA());
1221
1222 QCA::RSAPublicKey rsaPkey = pkey.toRSA();
1223 QCOMPARE(rsaPkey.isNull(), false);
1224 QCOMPARE(rsaPkey.e(), QCA::BigInteger(65537));
1225 QCOMPARE(rsaPkey.n(),
1226 QCA::BigInteger("151872780463004414908584891835397365176526767139347372444365914360701714510188717"
1227 "169754430290680734981291754624394094502297070722505032645306680495915914243593438"
1228 "796635264236530526146243919417744996366836534380790370421346490191416041004278161"
1229 "146551997010463199760480957900518811859984176646089981367745961681"));
1230
1231 QCOMPARE(csr1.signatureAlgorithm(), QCA::EMSA3_MD5);
1232
1233 // convert to DER
1234 QByteArray derCSR1 = csr1.toDER();
1235 // check we got something, at least
1236 QCOMPARE(derCSR1.isEmpty(), false);
1237 // convert back from DER
1238 QCA::CertificateRequest fromDer1 = QCA::CertificateRequest::fromDER(a: derCSR1, result: &resultCsr, provider);
1239 // check the conversion at least appeared to work
1240 QCOMPARE(resultCsr, QCA::ConvertGood);
1241 // check the result is the same as what we started with
1242 QCOMPARE(fromDer1, csr1);
1243
1244 // convert to PEM
1245 QString pemCSR1 = csr1.toPEM();
1246 // check we got something, at least
1247 QCOMPARE(pemCSR1.isEmpty(), false);
1248 // convert back from PEM
1249 QCA::CertificateRequest fromPEM1 = QCA::CertificateRequest::fromPEM(s: pemCSR1, result: &resultCsr, provider);
1250 // check the conversion at least appeared to work
1251 QCOMPARE(resultCsr, QCA::ConvertGood);
1252 // check the result is the same as what we started with
1253 QCOMPARE(fromPEM1, csr1);
1254 }
1255 }
1256}
1257QTEST_MAIN(CertUnitTest)
1258
1259#include "certunittest.moc"
1260

source code of qca/unittest/certunittest/certunittest.cpp