1 | /** |
2 | * Copyright (C) 2004-2006 Brad Hards <bradh@frogmouth.net> |
3 | * |
4 | * Redistribution and use in source and binary forms, with or without |
5 | * modification, are permitted provided that the following conditions |
6 | * are met: |
7 | * |
8 | * 1. Redistributions of source code must retain the above copyright |
9 | * notice, this list of conditions and the following disclaimer. |
10 | * 2. Redistributions in binary form must reproduce the above copyright |
11 | * notice, this list of conditions and the following disclaimer in the |
12 | * documentation and/or other materials provided with the distribution. |
13 | * |
14 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR |
15 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
16 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
17 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, |
18 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
19 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
20 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
21 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
22 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
23 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
24 | */ |
25 | |
26 | #include <QtCrypto> |
27 | #include <QtTest/QtTest> |
28 | |
29 | #ifdef QT_STATICPLUGIN |
30 | #include "import_plugins.h" |
31 | #endif |
32 | |
33 | class CertUnitTest : public QObject |
34 | { |
35 | Q_OBJECT |
36 | |
37 | private Q_SLOTS: |
38 | void initTestCase(); |
39 | void checkSystemStore(); |
40 | void nullCert(); |
41 | void noSuchFile(); |
42 | void CAcertstest(); |
43 | void derCAcertstest(); |
44 | void qualitysslcatest(); |
45 | void checkExpiredClientCerts(); |
46 | void checkClientCerts(); |
47 | void altName(); |
48 | void extXMPP(); |
49 | void checkExpiredServerCerts(); |
50 | void checkServerCerts(); |
51 | void altNames76(); |
52 | void sha256cert(); |
53 | void crl(); |
54 | void crl2(); |
55 | void csr(); |
56 | void csr2(); |
57 | void cleanupTestCase(); |
58 | |
59 | private: |
60 | QCA::Initializer *m_init; |
61 | }; |
62 | |
63 | void CertUnitTest::initTestCase() |
64 | { |
65 | m_init = new QCA::Initializer; |
66 | } |
67 | |
68 | void CertUnitTest::cleanupTestCase() |
69 | { |
70 | delete m_init; |
71 | } |
72 | |
73 | void CertUnitTest::nullCert() |
74 | { |
75 | QStringList providersToTest; |
76 | providersToTest.append(QStringLiteral("qca-ossl" )); |
77 | // providersToTest.append("qca-botan"); |
78 | |
79 | foreach (const QString provider, providersToTest) { |
80 | if (!QCA::isSupported(features: "cert" , provider)) |
81 | QWARN((QStringLiteral("Certificate handling not supported for " ) + provider).toLocal8Bit().constData()); |
82 | else { |
83 | QCA::Certificate nullCert; |
84 | QVERIFY(nullCert.isNull()); |
85 | // This is copied on purpose to check the assignment operator |
86 | QCA::Certificate anotherNullCert = nullCert; // NOLINT(performance-unnecessary-copy-initialization) |
87 | QVERIFY(anotherNullCert.isNull()); |
88 | QCOMPARE(nullCert, anotherNullCert); |
89 | } |
90 | } |
91 | } |
92 | |
93 | void CertUnitTest::noSuchFile() |
94 | { |
95 | QStringList providersToTest; |
96 | providersToTest.append(QStringLiteral("qca-ossl" )); |
97 | // providersToTest.append("qca-botan"); |
98 | |
99 | foreach (const QString provider, providersToTest) { |
100 | if (!QCA::isSupported(features: "cert" , provider)) |
101 | QWARN((QStringLiteral("Certificate handling not supported for " ) + provider).toLocal8Bit().constData()); |
102 | else { |
103 | QCA::ConvertResult resultNoFile; |
104 | QCA::Certificate cert = QCA::Certificate::fromPEMFile( |
105 | QStringLiteral("thisIsJustaFileNameThatWeDontHave" ), result: &resultNoFile, provider); |
106 | QCOMPARE(resultNoFile, QCA::ErrorFile); |
107 | QVERIFY(cert.isNull()); |
108 | } |
109 | } |
110 | } |
111 | |
112 | void CertUnitTest::CAcertstest() |
113 | { |
114 | QStringList providersToTest; |
115 | providersToTest.append(QStringLiteral("qca-ossl" )); |
116 | // providersToTest.append("qca-botan"); |
117 | |
118 | foreach (const QString provider, providersToTest) { |
119 | if (!QCA::isSupported(features: "cert" , provider)) |
120 | QWARN((QStringLiteral("Certificate handling not supported for " ) + provider).toLocal8Bit().constData()); |
121 | else { |
122 | QCA::ConvertResult resultca1; |
123 | QCA::Certificate ca1 = |
124 | QCA::Certificate::fromPEMFile(QStringLiteral("certs/RootCAcert.pem" ), result: &resultca1, provider); |
125 | |
126 | QCOMPARE(resultca1, QCA::ConvertGood); |
127 | QCOMPARE(ca1.isNull(), false); |
128 | QCOMPARE(ca1.pathLimit(), 0); |
129 | QCOMPARE(ca1.isCA(), true); |
130 | QCOMPARE(ca1.isSelfSigned(), true); |
131 | |
132 | QCOMPARE(ca1.serialNumber(), QCA::BigInteger(0)); |
133 | |
134 | QCOMPARE(ca1.commonName(), QStringLiteral("For Tests Only" )); |
135 | |
136 | QCOMPARE(ca1.notValidBefore().toString(), |
137 | QDateTime(QDate(2001, 8, 17), QTime(8, 30, 39), Qt::UTC).toString()); |
138 | QCOMPARE(ca1.notValidAfter().toString(), |
139 | QDateTime(QDate(2011, 8, 15), QTime(8, 30, 39), Qt::UTC).toString()); |
140 | |
141 | QCOMPARE(ca1.constraints().contains(QCA::DigitalSignature) == true, true); |
142 | QCOMPARE(ca1.constraints().contains(QCA::NonRepudiation) == true, true); |
143 | QCOMPARE(ca1.constraints().contains(QCA::KeyEncipherment) == true, true); |
144 | QCOMPARE(ca1.constraints().contains(QCA::DataEncipherment) == true, false); |
145 | QCOMPARE(ca1.constraints().contains(QCA::KeyAgreement) == true, false); |
146 | QCOMPARE(ca1.constraints().contains(QCA::KeyCertificateSign) == true, true); |
147 | QCOMPARE(ca1.constraints().contains(QCA::CRLSign) == true, true); |
148 | QCOMPARE(ca1.constraints().contains(QCA::EncipherOnly) == true, false); |
149 | QCOMPARE(ca1.constraints().contains(QCA::DecipherOnly) == true, false); |
150 | QCOMPARE(ca1.constraints().contains(QCA::ServerAuth) == true, false); |
151 | QCOMPARE(ca1.constraints().contains(QCA::ClientAuth) == true, false); |
152 | QCOMPARE(ca1.constraints().contains(QCA::CodeSigning) == true, false); |
153 | QCOMPARE(ca1.constraints().contains(QCA::EmailProtection) == true, false); |
154 | QCOMPARE(ca1.constraints().contains(QCA::IPSecEndSystem) == true, false); |
155 | QCOMPARE(ca1.constraints().contains(QCA::IPSecTunnel) == true, false); |
156 | QCOMPARE(ca1.constraints().contains(QCA::IPSecUser) == true, false); |
157 | QCOMPARE(ca1.constraints().contains(QCA::TimeStamping) == true, false); |
158 | QCOMPARE(ca1.constraints().contains(QCA::OCSPSigning) == true, false); |
159 | |
160 | // no policies on this cert |
161 | QCOMPARE(ca1.policies().count(), 0); |
162 | } |
163 | } |
164 | } |
165 | |
166 | void CertUnitTest::qualitysslcatest() |
167 | { |
168 | QStringList providersToTest; |
169 | providersToTest.append(QStringLiteral("qca-ossl" )); |
170 | // providersToTest.append("qca-botan"); |
171 | |
172 | foreach (const QString provider, providersToTest) { |
173 | if (!QCA::isSupported(features: "cert" , provider)) |
174 | QWARN((QStringLiteral("Certificate handling not supported for " ) + provider).toLocal8Bit().constData()); |
175 | else { |
176 | QCA::ConvertResult resultca1; |
177 | QCA::Certificate ca1 = QCA::Certificate::fromPEMFile( |
178 | QStringLiteral("certs/QualitySSLIntermediateCA.crt" ), result: &resultca1, provider); |
179 | |
180 | QCOMPARE(resultca1, QCA::ConvertGood); |
181 | QCOMPARE(ca1.isNull(), false); |
182 | QCOMPARE(ca1.isCA(), true); |
183 | QCOMPARE(ca1.isSelfSigned(), false); |
184 | |
185 | QCOMPARE(ca1.signatureAlgorithm(), QCA::EMSA3_SHA1); |
186 | |
187 | QCOMPARE(ca1.serialNumber(), QCA::BigInteger("33555098" )); |
188 | |
189 | QCOMPARE(ca1.commonName(), QStringLiteral("Comodo Class 3 Security Services CA" )); |
190 | |
191 | QCOMPARE(ca1.notValidBefore().toString(), |
192 | QDateTime(QDate(2002, 8, 27), QTime(19, 02, 00), Qt::UTC).toString()); |
193 | QCOMPARE(ca1.notValidAfter().toString(), |
194 | QDateTime(QDate(2012, 8, 27), QTime(23, 59, 00), Qt::UTC).toString()); |
195 | |
196 | QCOMPARE(ca1.pathLimit(), 0); |
197 | |
198 | QCOMPARE(ca1.constraints().contains(QCA::DigitalSignature) == true, true); |
199 | QCOMPARE(ca1.constraints().contains(QCA::NonRepudiation) == true, true); |
200 | QCOMPARE(ca1.constraints().contains(QCA::KeyEncipherment) == true, true); |
201 | QCOMPARE(ca1.constraints().contains(QCA::DataEncipherment) == true, false); |
202 | QCOMPARE(ca1.constraints().contains(QCA::KeyAgreement) == true, false); |
203 | QCOMPARE(ca1.constraints().contains(QCA::KeyCertificateSign) == true, true); |
204 | QCOMPARE(ca1.constraints().contains(QCA::CRLSign) == true, true); |
205 | QCOMPARE(ca1.constraints().contains(QCA::EncipherOnly) == true, false); |
206 | QCOMPARE(ca1.constraints().contains(QCA::DecipherOnly) == true, false); |
207 | QCOMPARE(ca1.constraints().contains(QCA::ServerAuth) == true, false); |
208 | QCOMPARE(ca1.constraints().contains(QCA::ClientAuth) == true, false); |
209 | QCOMPARE(ca1.constraints().contains(QCA::CodeSigning) == true, false); |
210 | QCOMPARE(ca1.constraints().contains(QCA::EmailProtection) == true, false); |
211 | QCOMPARE(ca1.constraints().contains(QCA::IPSecEndSystem) == true, false); |
212 | QCOMPARE(ca1.constraints().contains(QCA::IPSecTunnel) == true, false); |
213 | QCOMPARE(ca1.constraints().contains(QCA::IPSecUser) == true, false); |
214 | QCOMPARE(ca1.constraints().contains(QCA::TimeStamping) == true, false); |
215 | QCOMPARE(ca1.constraints().contains(QCA::OCSPSigning) == true, false); |
216 | } |
217 | } |
218 | } |
219 | |
220 | void CertUnitTest::checkExpiredClientCerts() |
221 | { |
222 | QStringList providersToTest; |
223 | providersToTest.append(QStringLiteral("qca-ossl" )); |
224 | // providersToTest.append("qca-botan"); |
225 | |
226 | foreach (const QString provider, providersToTest) { |
227 | if (!QCA::isSupported(features: "cert" , provider)) |
228 | QWARN((QStringLiteral("Certificate handling not supported for " ) + provider).toLocal8Bit().constData()); |
229 | else { |
230 | QCA::ConvertResult resultClient1; |
231 | QCA::Certificate client1 = |
232 | QCA::Certificate::fromPEMFile(QStringLiteral("certs/User.pem" ), result: &resultClient1, provider); |
233 | QCOMPARE(resultClient1, QCA::ConvertGood); |
234 | QCOMPARE(client1.isNull(), false); |
235 | QCOMPARE(client1.isCA(), false); |
236 | QCOMPARE(client1.isSelfSigned(), false); |
237 | |
238 | QCOMPARE(client1.serialNumber(), QCA::BigInteger(2)); |
239 | |
240 | QCOMPARE(client1.commonName(), QStringLiteral("Insecure User Test Cert" )); |
241 | |
242 | QCOMPARE(client1.notValidBefore().toString(), |
243 | QDateTime(QDate(2001, 8, 17), QTime(8, 32, 38), Qt::UTC).toString()); |
244 | QCOMPARE(client1.notValidAfter().toString(), |
245 | QDateTime(QDate(2006, 8, 16), QTime(8, 32, 38), Qt::UTC).toString()); |
246 | |
247 | QCOMPARE(client1.constraints().contains(QCA::DigitalSignature) == true, true); |
248 | QCOMPARE(client1.constraints().contains(QCA::NonRepudiation) == true, true); |
249 | QCOMPARE(client1.constraints().contains(QCA::KeyEncipherment) == true, true); |
250 | QCOMPARE(client1.constraints().contains(QCA::DataEncipherment) == true, true); |
251 | QCOMPARE(client1.constraints().contains(QCA::KeyAgreement) == true, false); |
252 | QCOMPARE(client1.constraints().contains(QCA::KeyCertificateSign) == true, false); |
253 | QCOMPARE(client1.constraints().contains(QCA::CRLSign) == true, false); |
254 | QCOMPARE(client1.constraints().contains(QCA::EncipherOnly) == true, false); |
255 | QCOMPARE(client1.constraints().contains(QCA::DecipherOnly) == true, false); |
256 | QCOMPARE(client1.constraints().contains(QCA::ServerAuth) == true, false); |
257 | QCOMPARE(client1.constraints().contains(QCA::ClientAuth) == true, true); |
258 | QCOMPARE(client1.constraints().contains(QCA::CodeSigning) == true, false); |
259 | QCOMPARE(client1.constraints().contains(QCA::EmailProtection) == true, true); |
260 | QCOMPARE(client1.constraints().contains(QCA::IPSecEndSystem) == true, false); |
261 | QCOMPARE(client1.constraints().contains(QCA::IPSecTunnel) == true, false); |
262 | QCOMPARE(client1.constraints().contains(QCA::IPSecUser) == true, false); |
263 | QCOMPARE(client1.constraints().contains(QCA::TimeStamping) == true, false); |
264 | QCOMPARE(client1.constraints().contains(QCA::OCSPSigning) == true, false); |
265 | |
266 | // no policies on this cert |
267 | QCOMPARE(client1.policies().count(), 0); |
268 | |
269 | QCA::CertificateInfo subject1 = client1.subjectInfo(); |
270 | QCOMPARE(subject1.isEmpty(), false); |
271 | QCOMPARE(subject1.contains(QCA::Country, QStringLiteral("de" )) == true, true); |
272 | QCOMPARE(subject1.contains(QCA::Organization, QStringLiteral("InsecureTestCertificate" )) == true, true); |
273 | QCOMPARE(subject1.contains(QCA::CommonName, QStringLiteral("Insecure User Test Cert" )) == true, true); |
274 | |
275 | QCA::CertificateInfo issuer1 = client1.issuerInfo(); |
276 | QCOMPARE(issuer1.isEmpty(), false); |
277 | QCOMPARE(issuer1.contains(QCA::Country, QStringLiteral("de" )) == true, true); |
278 | QCOMPARE(issuer1.contains(QCA::Organization, QStringLiteral("InsecureTestCertificate" )) == true, true); |
279 | QCOMPARE(issuer1.contains(QCA::CommonName, QStringLiteral("For Tests Only" )) == true, true); |
280 | |
281 | QByteArray subjectKeyID = |
282 | QCA::Hex().stringToArray(QStringLiteral("889E7EF729719D7B280F361AAE6D00D39DE1AADB" )).toByteArray(); |
283 | QCOMPARE(client1.subjectKeyId(), subjectKeyID); |
284 | QCOMPARE(QCA::Hex().arrayToString(client1.issuerKeyId()), |
285 | QStringLiteral("bf53438278d09ec380e51b67ca0500dfb94883a5" )); |
286 | |
287 | QCA::PublicKey pubkey1 = client1.subjectPublicKey(); |
288 | QCOMPARE(pubkey1.isNull(), false); |
289 | QCOMPARE(pubkey1.isRSA(), true); |
290 | QCOMPARE(pubkey1.isDSA(), false); |
291 | QCOMPARE(pubkey1.isDH(), false); |
292 | QCOMPARE(pubkey1.isPublic(), true); |
293 | QCOMPARE(pubkey1.isPrivate(), false); |
294 | QCOMPARE(pubkey1.bitSize(), 1024); |
295 | |
296 | QCOMPARE(client1.pathLimit(), 0); |
297 | |
298 | QCOMPARE(client1.signatureAlgorithm(), QCA::EMSA3_MD5); |
299 | |
300 | QCA::CertificateCollection trusted; |
301 | QCA::CertificateCollection untrusted; |
302 | QCOMPARE(client1.validate(trusted, untrusted), QCA::ErrorInvalidCA); |
303 | |
304 | QCA::ConvertResult resultca1; |
305 | QCA::Certificate ca1 = |
306 | QCA::Certificate::fromPEMFile(QStringLiteral("certs/RootCAcert.pem" ), result: &resultca1, provider); |
307 | QCOMPARE(resultca1, QCA::ConvertGood); |
308 | trusted.addCertificate(cert: ca1); |
309 | |
310 | QCOMPARE(client1.validate(trusted, untrusted), QCA::ErrorExpired); |
311 | QCOMPARE(client1.validate(trusted, untrusted, QCA::UsageAny), QCA::ErrorExpired); |
312 | QCOMPARE(client1.validate(trusted, untrusted, QCA::UsageTLSServer), QCA::ErrorExpired); |
313 | QCOMPARE(client1.validate(trusted, untrusted, QCA::UsageTLSClient), QCA::ErrorExpired); |
314 | QCOMPARE(client1.validate(trusted, untrusted, QCA::UsageCodeSigning), QCA::ErrorExpired); |
315 | QCOMPARE(client1.validate(trusted, untrusted, QCA::UsageTimeStamping), QCA::ErrorExpired); |
316 | QCOMPARE(client1.validate(trusted, untrusted, QCA::UsageEmailProtection), QCA::ErrorExpired); |
317 | QCOMPARE(client1.validate(trusted, untrusted, QCA::UsageCRLSigning), QCA::ErrorExpired); |
318 | QByteArray derClient1 = client1.toDER(); |
319 | QCOMPARE(derClient1.isEmpty(), false); |
320 | QCA::Certificate fromDer1 = QCA::Certificate::fromDER(a: derClient1, result: &resultClient1, provider); |
321 | QCOMPARE(resultClient1, QCA::ConvertGood); |
322 | QVERIFY(fromDer1 == client1); |
323 | |
324 | QString pemClient1 = client1.toPEM(); |
325 | QCOMPARE(pemClient1.isEmpty(), false); |
326 | QCA::Certificate fromPem1 = QCA::Certificate::fromPEM(s: pemClient1, result: &resultClient1, provider); |
327 | QCOMPARE(resultClient1, QCA::ConvertGood); |
328 | QVERIFY(fromPem1 == client1); |
329 | QCOMPARE(fromPem1 != fromDer1, false); |
330 | } |
331 | } |
332 | } |
333 | |
334 | void CertUnitTest::checkClientCerts() |
335 | { |
336 | QStringList providersToTest; |
337 | providersToTest.append(QStringLiteral("qca-ossl" )); |
338 | // providersToTest.append("qca-botan"); |
339 | |
340 | foreach (const QString provider, providersToTest) { |
341 | if (!QCA::isSupported(features: "cert" , provider)) |
342 | QWARN((QStringLiteral("Certificate handling not supported for " ) + provider).toLocal8Bit().constData()); |
343 | else { |
344 | QCA::ConvertResult resultClient2; |
345 | QCA::Certificate client2 = |
346 | QCA::Certificate::fromPEMFile(QStringLiteral("certs/QcaTestClientCert.pem" ), result: &resultClient2, provider); |
347 | QCOMPARE(resultClient2, QCA::ConvertGood); |
348 | QCOMPARE(client2.isNull(), false); |
349 | QCOMPARE(client2.isCA(), false); |
350 | QCOMPARE(client2.isSelfSigned(), false); |
351 | |
352 | QCOMPARE(client2.serialNumber(), QCA::BigInteger("13149359243510447488" )); |
353 | |
354 | QCOMPARE(client2.commonName(), QStringLiteral("Qca Test Client Certificate" )); |
355 | |
356 | QCOMPARE(client2.notValidBefore().toString(), |
357 | QDateTime(QDate(2013, 7, 31), QTime(15, 14, 28), Qt::UTC).toString()); |
358 | QCOMPARE(client2.notValidAfter().toString(), |
359 | QDateTime(QDate(2033, 7, 26), QTime(15, 14, 28), Qt::UTC).toString()); |
360 | |
361 | QCOMPARE(client2.constraints().contains(QCA::DigitalSignature) == true, true); |
362 | QCOMPARE(client2.constraints().contains(QCA::NonRepudiation) == true, true); |
363 | QCOMPARE(client2.constraints().contains(QCA::KeyEncipherment) == true, true); |
364 | QCOMPARE(client2.constraints().contains(QCA::DataEncipherment) == true, true); |
365 | QCOMPARE(client2.constraints().contains(QCA::KeyAgreement) == true, false); |
366 | QCOMPARE(client2.constraints().contains(QCA::KeyCertificateSign) == true, false); |
367 | QCOMPARE(client2.constraints().contains(QCA::CRLSign) == true, false); |
368 | QCOMPARE(client2.constraints().contains(QCA::EncipherOnly) == true, false); |
369 | QCOMPARE(client2.constraints().contains(QCA::DecipherOnly) == true, false); |
370 | QCOMPARE(client2.constraints().contains(QCA::ServerAuth) == true, false); |
371 | QCOMPARE(client2.constraints().contains(QCA::ClientAuth) == true, true); |
372 | QCOMPARE(client2.constraints().contains(QCA::CodeSigning) == true, false); |
373 | QCOMPARE(client2.constraints().contains(QCA::EmailProtection) == true, true); |
374 | QCOMPARE(client2.constraints().contains(QCA::IPSecEndSystem) == true, false); |
375 | QCOMPARE(client2.constraints().contains(QCA::IPSecTunnel) == true, false); |
376 | QCOMPARE(client2.constraints().contains(QCA::IPSecUser) == true, false); |
377 | QCOMPARE(client2.constraints().contains(QCA::TimeStamping) == true, false); |
378 | QCOMPARE(client2.constraints().contains(QCA::OCSPSigning) == true, false); |
379 | |
380 | // no policies on this cert |
381 | QCOMPARE(client2.policies().count(), 0); |
382 | |
383 | QCA::CertificateInfo subject2 = client2.subjectInfo(); |
384 | QCOMPARE(subject2.isEmpty(), false); |
385 | QVERIFY(subject2.contains(QCA::Country, QStringLiteral("US" ))); |
386 | QVERIFY(subject2.contains(QCA::Organization, QStringLiteral("Qca Development and Test" ))); |
387 | QVERIFY(subject2.contains(QCA::OrganizationalUnit, QStringLiteral("Certificate Generation Section" ))); |
388 | QVERIFY(subject2.contains(QCA::CommonName, QStringLiteral("Qca Test Client Certificate" ))); |
389 | |
390 | QCA::CertificateInfo issuer2 = client2.issuerInfo(); |
391 | QCOMPARE(issuer2.isEmpty(), false); |
392 | QVERIFY(issuer2.contains(QCA::Country, QStringLiteral("AU" ))); |
393 | QVERIFY(issuer2.contains(QCA::Organization, QStringLiteral("Qca Development and Test" ))); |
394 | QVERIFY(issuer2.contains(QCA::CommonName, QStringLiteral("Qca Test Root Certificate" ))); |
395 | |
396 | QByteArray subjectKeyID = |
397 | QCA::Hex().stringToArray(QStringLiteral("1e604e03127d287ba40427a961b428a2d09b50d1" )).toByteArray(); |
398 | QCOMPARE(client2.subjectKeyId(), subjectKeyID); |
399 | QCOMPARE(QCA::Hex().arrayToString(client2.issuerKeyId()), |
400 | QStringLiteral("f61c451de1b0458138c60568c1a7cb0f7ade0363" )); |
401 | |
402 | QCA::PublicKey pubkey2 = client2.subjectPublicKey(); |
403 | QCOMPARE(pubkey2.isNull(), false); |
404 | QCOMPARE(pubkey2.isRSA(), true); |
405 | QCOMPARE(pubkey2.isDSA(), false); |
406 | QCOMPARE(pubkey2.isDH(), false); |
407 | QCOMPARE(pubkey2.isPublic(), true); |
408 | QCOMPARE(pubkey2.isPrivate(), false); |
409 | QCOMPARE(pubkey2.bitSize(), 1024); |
410 | |
411 | QCOMPARE(client2.pathLimit(), 0); |
412 | |
413 | QCOMPARE(client2.signatureAlgorithm(), QCA::EMSA3_SHA1); |
414 | |
415 | QCA::CertificateCollection trusted; |
416 | QCA::CertificateCollection untrusted; |
417 | QCOMPARE(client2.validate(trusted, untrusted), QCA::ErrorInvalidCA); |
418 | |
419 | QCA::ConvertResult resultca2; |
420 | QCA::Certificate ca2 = |
421 | QCA::Certificate::fromPEMFile(QStringLiteral("certs/QcaTestRootCert.pem" ), result: &resultca2, provider); |
422 | QCOMPARE(resultca2, QCA::ConvertGood); |
423 | trusted.addCertificate(cert: ca2); |
424 | |
425 | QCOMPARE(client2.validate(trusted, untrusted), QCA::ValidityGood); |
426 | QCOMPARE(client2.validate(trusted, untrusted, QCA::UsageAny), QCA::ValidityGood); |
427 | QCOMPARE(client2.validate(trusted, untrusted, QCA::UsageTLSServer), QCA::ErrorInvalidPurpose); |
428 | QCOMPARE(client2.validate(trusted, untrusted, QCA::UsageTLSClient), QCA::ValidityGood); |
429 | QCOMPARE(client2.validate(trusted, untrusted, QCA::UsageCodeSigning), QCA::ErrorInvalidPurpose); |
430 | QCOMPARE(client2.validate(trusted, untrusted, QCA::UsageTimeStamping), QCA::ErrorInvalidPurpose); |
431 | QCOMPARE(client2.validate(trusted, untrusted, QCA::UsageEmailProtection), QCA::ValidityGood); |
432 | QCOMPARE(client2.validate(trusted, untrusted, QCA::UsageCRLSigning), QCA::ErrorInvalidPurpose); |
433 | QByteArray derClient2 = client2.toDER(); |
434 | QCOMPARE(derClient2.isEmpty(), false); |
435 | QCA::Certificate fromDer2 = QCA::Certificate::fromDER(a: derClient2, result: &resultClient2, provider); |
436 | QCOMPARE(resultClient2, QCA::ConvertGood); |
437 | QVERIFY(fromDer2 == client2); |
438 | |
439 | QString pemClient2 = client2.toPEM(); |
440 | QCOMPARE(pemClient2.isEmpty(), false); |
441 | QCA::Certificate fromPem2 = QCA::Certificate::fromPEM(s: pemClient2, result: &resultClient2, provider); |
442 | QCOMPARE(resultClient2, QCA::ConvertGood); |
443 | QVERIFY(fromPem2 == client2); |
444 | QCOMPARE(fromPem2 != fromDer2, false); |
445 | } |
446 | } |
447 | } |
448 | |
449 | void CertUnitTest::derCAcertstest() |
450 | { |
451 | QStringList providersToTest; |
452 | providersToTest.append(QStringLiteral("qca-ossl" )); |
453 | |
454 | foreach (const QString provider, providersToTest) { |
455 | if (!QCA::isSupported(features: "cert" , provider)) |
456 | QWARN((QStringLiteral("Certificate handling not supported for " ) + provider).toLocal8Bit().constData()); |
457 | else { |
458 | QFile f(QStringLiteral("certs/ov-root-ca-cert.crt" )); |
459 | QVERIFY(f.open(QFile::ReadOnly)); |
460 | QByteArray der = f.readAll(); |
461 | QCA::ConvertResult resultca1; |
462 | QCA::Certificate ca1 = QCA::Certificate::fromDER(a: der, result: &resultca1, provider); |
463 | |
464 | QCOMPARE(resultca1, QCA::ConvertGood); |
465 | |
466 | QCOMPARE(ca1.pathLimit(), 0); |
467 | |
468 | QCOMPARE(ca1.isNull(), false); |
469 | QCOMPARE(ca1.isCA(), true); |
470 | |
471 | QCOMPARE(ca1.isSelfSigned(), true); |
472 | |
473 | QCOMPARE(ca1.serialNumber(), QCA::BigInteger(0)); |
474 | |
475 | QCOMPARE(ca1.commonName(), QStringLiteral("For Tests Only" )); |
476 | |
477 | QCA::CertificateInfo si = ca1.subjectInfo(); |
478 | QCOMPARE(si.isEmpty(), false); |
479 | QCOMPARE(si.value(QCA::CommonName), QStringLiteral("For Tests Only" )); |
480 | QCOMPARE(si.value(QCA::Organization), QStringLiteral("InsecureTestCertificate" )); |
481 | QCOMPARE(si.value(QCA::Country), QStringLiteral("de" )); |
482 | |
483 | QCA::CertificateInfo ii = ca1.issuerInfo(); |
484 | QCOMPARE(ii.isEmpty(), false); |
485 | QCOMPARE(ii.value(QCA::CommonName), QStringLiteral("For Tests Only" )); |
486 | QCOMPARE(ii.value(QCA::Organization), QStringLiteral("InsecureTestCertificate" )); |
487 | QCOMPARE(ii.value(QCA::Country), QStringLiteral("de" )); |
488 | |
489 | QCOMPARE(ca1.notValidBefore().toString(), |
490 | QDateTime(QDate(2001, 8, 17), QTime(8, 30, 39), Qt::UTC).toString()); |
491 | QCOMPARE(ca1.notValidAfter().toString(), |
492 | QDateTime(QDate(2011, 8, 15), QTime(8, 30, 39), Qt::UTC).toString()); |
493 | |
494 | QCOMPARE(ca1.constraints().contains(QCA::DigitalSignature) == true, true); |
495 | QCOMPARE(ca1.constraints().contains(QCA::NonRepudiation) == true, true); |
496 | QCOMPARE(ca1.constraints().contains(QCA::KeyEncipherment) == true, true); |
497 | QCOMPARE(ca1.constraints().contains(QCA::DataEncipherment) == true, false); |
498 | QCOMPARE(ca1.constraints().contains(QCA::KeyAgreement) == true, false); |
499 | QCOMPARE(ca1.constraints().contains(QCA::KeyCertificateSign) == true, true); |
500 | QCOMPARE(ca1.constraints().contains(QCA::CRLSign) == true, true); |
501 | QCOMPARE(ca1.constraints().contains(QCA::EncipherOnly) == true, false); |
502 | QCOMPARE(ca1.constraints().contains(QCA::DecipherOnly) == true, false); |
503 | QCOMPARE(ca1.constraints().contains(QCA::ServerAuth) == true, false); |
504 | QCOMPARE(ca1.constraints().contains(QCA::ClientAuth) == true, false); |
505 | QCOMPARE(ca1.constraints().contains(QCA::CodeSigning) == true, false); |
506 | QCOMPARE(ca1.constraints().contains(QCA::EmailProtection) == true, false); |
507 | QCOMPARE(ca1.constraints().contains(QCA::IPSecEndSystem) == true, false); |
508 | QCOMPARE(ca1.constraints().contains(QCA::IPSecTunnel) == true, false); |
509 | QCOMPARE(ca1.constraints().contains(QCA::IPSecUser) == true, false); |
510 | QCOMPARE(ca1.constraints().contains(QCA::TimeStamping) == true, false); |
511 | QCOMPARE(ca1.constraints().contains(QCA::OCSPSigning) == true, false); |
512 | |
513 | // no policies on this cert |
514 | QCOMPARE(ca1.policies().count(), 0); |
515 | |
516 | QCOMPARE(ca1.signatureAlgorithm(), QCA::EMSA3_MD5); |
517 | } |
518 | } |
519 | } |
520 | |
521 | void CertUnitTest::altName() |
522 | { |
523 | QStringList providersToTest; |
524 | providersToTest.append(QStringLiteral("qca-ossl" )); |
525 | // providersToTest.append("qca-botan"); |
526 | |
527 | foreach (const QString provider, providersToTest) { |
528 | if (!QCA::isSupported(features: "cert" , provider)) |
529 | QWARN((QStringLiteral("Certificate handling not supported for " ) + provider).toLocal8Bit().constData()); |
530 | else { |
531 | QCA::ConvertResult resultClient1; |
532 | QCA::Certificate client1 = |
533 | QCA::Certificate::fromPEMFile(QStringLiteral("certs/altname.pem" ), result: &resultClient1, provider); |
534 | QCOMPARE(resultClient1, QCA::ConvertGood); |
535 | QCOMPARE(client1.isNull(), false); |
536 | QCOMPARE(client1.isCA(), false); |
537 | QCOMPARE(client1.isSelfSigned(), false); |
538 | |
539 | QCOMPARE(client1.serialNumber(), QCA::BigInteger(1)); |
540 | |
541 | QCOMPARE(client1.commonName(), QStringLiteral("Valid RFC822 nameConstraints EE Certificate Test21" )); |
542 | |
543 | QCOMPARE(client1.constraints().contains(QCA::DigitalSignature) == true, true); |
544 | QCOMPARE(client1.constraints().contains(QCA::NonRepudiation) == true, true); |
545 | QCOMPARE(client1.constraints().contains(QCA::KeyEncipherment) == true, true); |
546 | QCOMPARE(client1.constraints().contains(QCA::DataEncipherment) == true, true); |
547 | QCOMPARE(client1.constraints().contains(QCA::KeyAgreement) == true, false); |
548 | QCOMPARE(client1.constraints().contains(QCA::KeyCertificateSign) == true, false); |
549 | QCOMPARE(client1.constraints().contains(QCA::CRLSign) == true, false); |
550 | QCOMPARE(client1.constraints().contains(QCA::EncipherOnly) == true, false); |
551 | QCOMPARE(client1.constraints().contains(QCA::DecipherOnly) == true, false); |
552 | QCOMPARE(client1.constraints().contains(QCA::ServerAuth) == true, false); |
553 | QCOMPARE(client1.constraints().contains(QCA::ClientAuth) == true, false); |
554 | QCOMPARE(client1.constraints().contains(QCA::CodeSigning) == true, false); |
555 | QCOMPARE(client1.constraints().contains(QCA::EmailProtection) == true, false); |
556 | QCOMPARE(client1.constraints().contains(QCA::IPSecEndSystem) == true, false); |
557 | QCOMPARE(client1.constraints().contains(QCA::IPSecTunnel) == true, false); |
558 | QCOMPARE(client1.constraints().contains(QCA::IPSecUser) == true, false); |
559 | QCOMPARE(client1.constraints().contains(QCA::TimeStamping) == true, false); |
560 | QCOMPARE(client1.constraints().contains(QCA::OCSPSigning) == true, false); |
561 | |
562 | QCOMPARE(client1.policies().count(), 1); |
563 | QCOMPARE(client1.policies().at(0), QStringLiteral("2.16.840.1.101.3.2.1.48.1" )); |
564 | |
565 | QCA::CertificateInfo subject1 = client1.subjectInfo(); |
566 | QCOMPARE(subject1.isEmpty(), false); |
567 | QVERIFY(subject1.contains(QCA::Country, QStringLiteral("US" ))); |
568 | QVERIFY(subject1.contains(QCA::Organization, QStringLiteral("Test Certificates" ))); |
569 | QVERIFY(subject1.contains(QCA::CommonName, |
570 | QStringLiteral("Valid RFC822 nameConstraints EE Certificate Test21" ))); |
571 | QVERIFY(subject1.contains(QCA::Email, QStringLiteral("Test21EE@mailserver.testcertificates.gov" ))); |
572 | |
573 | QCA::CertificateInfo issuer1 = client1.issuerInfo(); |
574 | QCOMPARE(issuer1.isEmpty(), false); |
575 | QVERIFY(issuer1.contains(QCA::Country, QStringLiteral("US" ))); |
576 | QVERIFY(issuer1.contains(QCA::Organization, QStringLiteral("Test Certificates" ))); |
577 | QVERIFY(issuer1.contains(QCA::CommonName, QStringLiteral("nameConstraints RFC822 CA1" ))); |
578 | |
579 | QByteArray subjectKeyID = |
580 | QCA::Hex().stringToArray(QStringLiteral("b4200d42cd95ea87d463d54f0ed6d10fe5b73bfb" )).toByteArray(); |
581 | QCOMPARE(client1.subjectKeyId(), subjectKeyID); |
582 | QCOMPARE(QCA::Hex().arrayToString(client1.issuerKeyId()), |
583 | QStringLiteral("e37f857a8ea23b9eeeb8121d7913aac4bd2e59ad" )); |
584 | |
585 | QCA::PublicKey pubkey1 = client1.subjectPublicKey(); |
586 | QCOMPARE(pubkey1.isNull(), false); |
587 | QCOMPARE(pubkey1.isRSA(), true); |
588 | QCOMPARE(pubkey1.isDSA(), false); |
589 | QCOMPARE(pubkey1.isDH(), false); |
590 | QCOMPARE(pubkey1.isPublic(), true); |
591 | QCOMPARE(pubkey1.isPrivate(), false); |
592 | QCOMPARE(pubkey1.bitSize(), 1024); |
593 | |
594 | QCOMPARE(client1.pathLimit(), 0); |
595 | |
596 | QCOMPARE(client1.signatureAlgorithm(), QCA::EMSA3_SHA1); |
597 | } |
598 | } |
599 | } |
600 | |
601 | void CertUnitTest::extXMPP() |
602 | { |
603 | QStringList providersToTest; |
604 | providersToTest.append(QStringLiteral("qca-ossl" )); |
605 | // providersToTest.append("qca-botan"); |
606 | |
607 | foreach (const QString provider, providersToTest) { |
608 | if (!QCA::isSupported(features: "cert" , provider)) |
609 | QWARN((QStringLiteral("Certificate handling not supported for " ) + provider).toLocal8Bit().constData()); |
610 | else { |
611 | QCA::ConvertResult resultClient1; |
612 | QCA::Certificate client1 = |
613 | QCA::Certificate::fromPEMFile(QStringLiteral("certs/xmppcert.pem" ), result: &resultClient1, provider); |
614 | QCOMPARE(resultClient1, QCA::ConvertGood); |
615 | QCOMPARE(client1.isNull(), false); |
616 | QCOMPARE(client1.isCA(), false); |
617 | QCOMPARE(client1.isSelfSigned(), true); |
618 | |
619 | QCOMPARE(client1.serialNumber(), QCA::BigInteger("9635301556349760241" )); |
620 | |
621 | QCOMPARE(client1.commonName(), QStringLiteral("demo.jabber.com" )); |
622 | |
623 | QCA::CertificateInfo subject1 = client1.subjectInfo(); |
624 | QCOMPARE(subject1.isEmpty(), false); |
625 | QVERIFY(subject1.contains(QCA::Country, QStringLiteral("US" ))); |
626 | QVERIFY(subject1.contains(QCA::Organization, QStringLiteral("Jabber, Inc." ))); |
627 | QVERIFY(subject1.contains(QCA::Locality, QStringLiteral("Denver" ))); |
628 | QVERIFY(subject1.contains(QCA::State, QStringLiteral("Colorado" ))); |
629 | QVERIFY(subject1.contains(QCA::CommonName, QStringLiteral("demo.jabber.com" ))); |
630 | QVERIFY(subject1.contains(QCA::DNS, QStringLiteral("demo.jabber.com" ))); |
631 | QVERIFY(subject1.contains(QCA::XMPP, QStringLiteral("demo.jabber.com" ))); |
632 | |
633 | QCA::CertificateInfo issuer1 = client1.issuerInfo(); |
634 | QCOMPARE(issuer1.isEmpty(), false); |
635 | QVERIFY(issuer1.contains(QCA::Country, QStringLiteral("US" ))); |
636 | QVERIFY(issuer1.contains(QCA::Organization, QStringLiteral("Jabber, Inc." ))); |
637 | QVERIFY(issuer1.contains(QCA::Locality, QStringLiteral("Denver" ))); |
638 | QVERIFY(issuer1.contains(QCA::State, QStringLiteral("Colorado" ))); |
639 | QVERIFY(issuer1.contains(QCA::CommonName, QStringLiteral("demo.jabber.com" ))); |
640 | } |
641 | } |
642 | } |
643 | |
644 | void CertUnitTest::altNames76() |
645 | { |
646 | QStringList providersToTest; |
647 | providersToTest.append(QStringLiteral("qca-ossl" )); |
648 | // providersToTest.append("qca-botan"); |
649 | |
650 | foreach (const QString provider, providersToTest) { |
651 | if (!QCA::isSupported(features: "cert" , provider)) |
652 | QWARN((QStringLiteral("Certificate handling not supported for " ) + provider).toLocal8Bit().constData()); |
653 | else { |
654 | QCA::ConvertResult resultClient1; |
655 | QCA::Certificate client1 = |
656 | QCA::Certificate::fromPEMFile(QStringLiteral("certs/76.pem" ), result: &resultClient1, provider); |
657 | QCOMPARE(resultClient1, QCA::ConvertGood); |
658 | QCOMPARE(client1.isNull(), false); |
659 | QCOMPARE(client1.isCA(), false); |
660 | QCOMPARE(client1.isSelfSigned(), false); |
661 | |
662 | QCOMPARE(client1.serialNumber(), QCA::BigInteger(118)); |
663 | |
664 | QCOMPARE(client1.commonName(), QStringLiteral("sip1.su.se" )); |
665 | |
666 | QCOMPARE(client1.constraints().contains(QCA::DigitalSignature) == true, true); |
667 | QCOMPARE(client1.constraints().contains(QCA::NonRepudiation) == true, true); |
668 | QCOMPARE(client1.constraints().contains(QCA::KeyEncipherment) == true, true); |
669 | QCOMPARE(client1.constraints().contains(QCA::DataEncipherment) == true, false); |
670 | QCOMPARE(client1.constraints().contains(QCA::KeyAgreement) == true, false); |
671 | QCOMPARE(client1.constraints().contains(QCA::KeyCertificateSign) == true, false); |
672 | QCOMPARE(client1.constraints().contains(QCA::CRLSign) == true, false); |
673 | QCOMPARE(client1.constraints().contains(QCA::EncipherOnly) == true, false); |
674 | QCOMPARE(client1.constraints().contains(QCA::DecipherOnly) == true, false); |
675 | QCOMPARE(client1.constraints().contains(QCA::ServerAuth) == true, true); |
676 | QCOMPARE(client1.constraints().contains(QCA::ClientAuth) == true, true); |
677 | QCOMPARE(client1.constraints().contains(QCA::CodeSigning) == true, false); |
678 | QCOMPARE(client1.constraints().contains(QCA::EmailProtection) == true, false); |
679 | QCOMPARE(client1.constraints().contains(QCA::IPSecEndSystem) == true, false); |
680 | QCOMPARE(client1.constraints().contains(QCA::IPSecTunnel) == true, false); |
681 | QCOMPARE(client1.constraints().contains(QCA::IPSecUser) == true, false); |
682 | QCOMPARE(client1.constraints().contains(QCA::TimeStamping) == true, false); |
683 | QCOMPARE(client1.constraints().contains(QCA::OCSPSigning) == true, false); |
684 | |
685 | QCOMPARE(client1.policies().count(), 1); |
686 | |
687 | QCA::CertificateInfo subject1 = client1.subjectInfo(); |
688 | QCOMPARE(subject1.isEmpty(), false); |
689 | QVERIFY(subject1.contains(QCA::Country, QStringLiteral("SE" ))); |
690 | QVERIFY(subject1.contains(QCA::Organization, QStringLiteral("Stockholms universitet" ))); |
691 | QVERIFY(subject1.contains(QCA::CommonName, QStringLiteral("sip1.su.se" ))); |
692 | QCOMPARE(subject1.values(QCA::Email).count(), 0); // clazy:exclude=container-anti-pattern |
693 | QCOMPARE(subject1.values(QCA::DNS).count(), 8); // clazy:exclude=container-anti-pattern |
694 | QVERIFY(subject1.contains(QCA::DNS, QStringLiteral("incomingproxy.sip.su.se" ))); |
695 | QVERIFY(subject1.contains(QCA::DNS, QStringLiteral("incomingproxy1.sip.su.se" ))); |
696 | QVERIFY(subject1.contains(QCA::DNS, QStringLiteral("outgoingproxy.sip.su.se" ))); |
697 | QVERIFY(subject1.contains(QCA::DNS, QStringLiteral("outgoingproxy1.sip.su.se" ))); |
698 | QVERIFY(subject1.contains(QCA::DNS, QStringLiteral("out.sip.su.se" ))); |
699 | QVERIFY(subject1.contains(QCA::DNS, QStringLiteral("appserver.sip.su.se" ))); |
700 | QVERIFY(subject1.contains(QCA::DNS, QStringLiteral("appserver1.sip.su.se" ))); |
701 | QVERIFY(subject1.contains(QCA::DNS, QStringLiteral("sip1.su.se" ))); |
702 | |
703 | QVERIFY(client1.matchesHostName(QStringLiteral("incomingproxy.sip.su.se" ))); |
704 | QVERIFY(client1.matchesHostName(QStringLiteral("incomingproxy1.sip.su.se" ))); |
705 | QVERIFY(client1.matchesHostName(QStringLiteral("outgoingproxy.sip.su.se" ))); |
706 | QVERIFY(client1.matchesHostName(QStringLiteral("outgoingproxy1.sip.su.se" ))); |
707 | QVERIFY(client1.matchesHostName(QStringLiteral("out.sip.su.se" ))); |
708 | QVERIFY(client1.matchesHostName(QStringLiteral("appserver.sip.su.se" ))); |
709 | QVERIFY(client1.matchesHostName(QStringLiteral("appserver1.sip.su.se" ))); |
710 | QVERIFY(client1.matchesHostName(QStringLiteral("sip1.su.se" ))); |
711 | |
712 | QCA::CertificateInfo issuer1 = client1.issuerInfo(); |
713 | QCOMPARE(issuer1.isEmpty(), false); |
714 | QVERIFY(issuer1.contains(QCA::Country, QStringLiteral("SE" ))); |
715 | QVERIFY(issuer1.contains(QCA::Organization, QStringLiteral("Stockholms universitet" ))); |
716 | QVERIFY(issuer1.contains(QCA::CommonName, QStringLiteral("Stockholm University CA" ))); |
717 | QVERIFY(issuer1.contains(QCA::URI, QStringLiteral("http://ca.su.se" ))); |
718 | QVERIFY(issuer1.contains(QCA::Email, QStringLiteral("ca@su.se" ))); |
719 | |
720 | QByteArray subjectKeyID = |
721 | QCA::Hex().stringToArray(QStringLiteral("3a5c5cd1cc2c9edf73f73bd81b59b1eab83035c5" )).toByteArray(); |
722 | QCOMPARE(client1.subjectKeyId(), subjectKeyID); |
723 | QCOMPARE(QCA::Hex().arrayToString(client1.issuerKeyId()), |
724 | QStringLiteral("9e2e30ba37d95144c99dbf1821f1bd7eeeb58648" )); |
725 | |
726 | QCA::PublicKey pubkey1 = client1.subjectPublicKey(); |
727 | QCOMPARE(pubkey1.isNull(), false); |
728 | QCOMPARE(pubkey1.isRSA(), true); |
729 | QCOMPARE(pubkey1.isDSA(), false); |
730 | QCOMPARE(pubkey1.isDH(), false); |
731 | QCOMPARE(pubkey1.isPublic(), true); |
732 | QCOMPARE(pubkey1.isPrivate(), false); |
733 | QCOMPARE(pubkey1.bitSize(), 1024); |
734 | |
735 | QCOMPARE(client1.pathLimit(), 0); |
736 | |
737 | QCOMPARE(client1.signatureAlgorithm(), QCA::EMSA3_SHA1); |
738 | } |
739 | } |
740 | } |
741 | |
742 | void CertUnitTest::sha256cert() |
743 | { |
744 | QStringList providersToTest; |
745 | providersToTest.append(QStringLiteral("qca-ossl" )); |
746 | // providersToTest.append("qca-botan"); |
747 | |
748 | foreach (const QString provider, providersToTest) { |
749 | if (!QCA::isSupported(features: "cert" , provider)) |
750 | QWARN((QStringLiteral("Certificate handling not supported for " ) + provider).toLocal8Bit().constData()); |
751 | else { |
752 | QFile f(QStringLiteral("certs/RAIZ2007_CERTIFICATE_AND_CRL_SIGNING_SHA256.crt" )); |
753 | QVERIFY(f.open(QFile::ReadOnly)); |
754 | QByteArray der = f.readAll(); |
755 | QCA::ConvertResult resultcert; |
756 | QCA::Certificate cert = QCA::Certificate::fromDER(a: der, result: &resultcert, provider); |
757 | |
758 | QCOMPARE(resultcert, QCA::ConvertGood); |
759 | QCOMPARE(cert.isNull(), false); |
760 | QCOMPARE(cert.isCA(), true); |
761 | QCOMPARE(cert.isSelfSigned(), true); |
762 | |
763 | QCA::PublicKey pubkey = cert.subjectPublicKey(); |
764 | QCOMPARE(pubkey.isNull(), false); |
765 | QCOMPARE(pubkey.isRSA(), true); |
766 | QCOMPARE(pubkey.isDSA(), false); |
767 | QCOMPARE(pubkey.isDH(), false); |
768 | QCOMPARE(pubkey.isPublic(), true); |
769 | QCOMPARE(pubkey.isPrivate(), false); |
770 | QCOMPARE(pubkey.bitSize(), 4096); |
771 | |
772 | QCOMPARE(cert.pathLimit(), 0); |
773 | |
774 | QCOMPARE(cert.signatureAlgorithm(), QCA::EMSA3_SHA256); |
775 | } |
776 | } |
777 | } |
778 | |
779 | void CertUnitTest::checkExpiredServerCerts() |
780 | { |
781 | QStringList providersToTest; |
782 | providersToTest.append(QStringLiteral("qca-ossl" )); |
783 | // providersToTest.append("qca-botan"); |
784 | |
785 | foreach (const QString provider, providersToTest) { |
786 | if (!QCA::isSupported(features: "cert" , provider)) |
787 | QWARN((QStringLiteral("Certificate handling not supported for " ) + provider).toLocal8Bit().constData()); |
788 | else { |
789 | QCA::ConvertResult resultServer1; |
790 | QCA::Certificate server1 = |
791 | QCA::Certificate::fromPEMFile(QStringLiteral("certs/Server.pem" ), result: &resultServer1, provider); |
792 | QCOMPARE(resultServer1, QCA::ConvertGood); |
793 | QCOMPARE(server1.isNull(), false); |
794 | QCOMPARE(server1.isCA(), false); |
795 | QCOMPARE(server1.isSelfSigned(), false); |
796 | |
797 | QCOMPARE(server1.serialNumber(), QCA::BigInteger(4)); |
798 | |
799 | QCOMPARE(server1.commonName(), QStringLiteral("Insecure Server Cert" )); |
800 | |
801 | QCOMPARE(server1.notValidBefore().toString(), |
802 | QDateTime(QDate(2001, 8, 17), QTime(8, 46, 24), Qt::UTC).toString()); |
803 | QCOMPARE(server1.notValidAfter().toString(), |
804 | QDateTime(QDate(2006, 8, 16), QTime(8, 46, 24), Qt::UTC).toString()); |
805 | |
806 | QCOMPARE(server1.constraints().contains(QCA::DigitalSignature) == true, true); |
807 | QCOMPARE(server1.constraints().contains(QCA::NonRepudiation) == true, false); |
808 | QCOMPARE(server1.constraints().contains(QCA::KeyEncipherment) == true, true); |
809 | QCOMPARE(server1.constraints().contains(QCA::DataEncipherment) == true, false); |
810 | QCOMPARE(server1.constraints().contains(QCA::KeyAgreement) == true, true); |
811 | QCOMPARE(server1.constraints().contains(QCA::KeyCertificateSign) == true, false); |
812 | QCOMPARE(server1.constraints().contains(QCA::CRLSign) == true, false); |
813 | QCOMPARE(server1.constraints().contains(QCA::EncipherOnly) == true, false); |
814 | QCOMPARE(server1.constraints().contains(QCA::DecipherOnly) == true, false); |
815 | QCOMPARE(server1.constraints().contains(QCA::ServerAuth) == true, true); |
816 | QCOMPARE(server1.constraints().contains(QCA::ClientAuth) == true, false); |
817 | QCOMPARE(server1.constraints().contains(QCA::CodeSigning) == true, false); |
818 | QCOMPARE(server1.constraints().contains(QCA::EmailProtection) == true, false); |
819 | QCOMPARE(server1.constraints().contains(QCA::IPSecEndSystem) == true, false); |
820 | QCOMPARE(server1.constraints().contains(QCA::IPSecTunnel) == true, false); |
821 | QCOMPARE(server1.constraints().contains(QCA::IPSecUser) == true, false); |
822 | QCOMPARE(server1.constraints().contains(QCA::TimeStamping) == true, false); |
823 | QCOMPARE(server1.constraints().contains(QCA::OCSPSigning) == true, false); |
824 | |
825 | // no policies on this cert |
826 | QCOMPARE(server1.policies().count(), 0); |
827 | |
828 | QCA::CertificateInfo subject1 = server1.subjectInfo(); |
829 | QCOMPARE(subject1.isEmpty(), false); |
830 | QCOMPARE(subject1.contains(QCA::Country, QStringLiteral("de" )) == true, true); |
831 | QCOMPARE(subject1.contains(QCA::Organization, QStringLiteral("InsecureTestCertificate" )) == true, true); |
832 | QCOMPARE(subject1.contains(QCA::CommonName, QStringLiteral("Insecure Server Cert" )) == true, true); |
833 | |
834 | QCA::CertificateInfo issuer1 = server1.issuerInfo(); |
835 | QCOMPARE(issuer1.isEmpty(), false); |
836 | QCOMPARE(issuer1.contains(QCA::Country, QStringLiteral("de" )) == true, true); |
837 | QCOMPARE(issuer1.contains(QCA::Organization, QStringLiteral("InsecureTestCertificate" )) == true, true); |
838 | QCOMPARE(issuer1.contains(QCA::CommonName, QStringLiteral("For Tests Only" )) == true, true); |
839 | |
840 | QByteArray subjectKeyID = |
841 | QCA::Hex().stringToArray(QStringLiteral("0234E2C906F6E0B44253BE04C0CBA7823A6DB509" )).toByteArray(); |
842 | QCOMPARE(server1.subjectKeyId(), subjectKeyID); |
843 | QByteArray authorityKeyID = |
844 | QCA::Hex().stringToArray(QStringLiteral("BF53438278D09EC380E51B67CA0500DFB94883A5" )).toByteArray(); |
845 | QCOMPARE(server1.issuerKeyId(), authorityKeyID); |
846 | |
847 | QCA::PublicKey pubkey1 = server1.subjectPublicKey(); |
848 | QCOMPARE(pubkey1.isNull(), false); |
849 | QCOMPARE(pubkey1.isRSA(), true); |
850 | QCOMPARE(pubkey1.isDSA(), false); |
851 | QCOMPARE(pubkey1.isDH(), false); |
852 | QCOMPARE(pubkey1.isPublic(), true); |
853 | QCOMPARE(pubkey1.isPrivate(), false); |
854 | QCOMPARE(pubkey1.bitSize(), 1024); |
855 | |
856 | QCOMPARE(server1.pathLimit(), 0); |
857 | |
858 | QCOMPARE(server1.signatureAlgorithm(), QCA::EMSA3_MD5); |
859 | |
860 | QCA::CertificateCollection trusted; |
861 | QCA::CertificateCollection untrusted; |
862 | QCOMPARE(server1.validate(trusted, untrusted), QCA::ErrorInvalidCA); |
863 | |
864 | QCA::ConvertResult resultca1; |
865 | QCA::Certificate ca1 = |
866 | QCA::Certificate::fromPEMFile(QStringLiteral("certs/RootCAcert.pem" ), result: &resultca1, provider); |
867 | QCOMPARE(resultca1, QCA::ConvertGood); |
868 | trusted.addCertificate(cert: ca1); |
869 | QCOMPARE(server1.validate(trusted, untrusted), QCA::ErrorExpired); |
870 | QCOMPARE(server1.validate(trusted, untrusted, QCA::UsageAny), QCA::ErrorExpired); |
871 | QCOMPARE(server1.validate(trusted, untrusted, QCA::UsageTLSServer), QCA::ErrorExpired); |
872 | QCOMPARE(server1.validate(trusted, untrusted, QCA::UsageTLSClient), QCA::ErrorExpired); |
873 | QCOMPARE(server1.validate(trusted, untrusted, QCA::UsageCodeSigning), QCA::ErrorExpired); |
874 | QCOMPARE(server1.validate(trusted, untrusted, QCA::UsageTimeStamping), QCA::ErrorExpired); |
875 | QCOMPARE(server1.validate(trusted, untrusted, QCA::UsageEmailProtection), QCA::ErrorExpired); |
876 | QCOMPARE(server1.validate(trusted, untrusted, QCA::UsageCRLSigning), QCA::ErrorExpired); |
877 | |
878 | QByteArray derServer1 = server1.toDER(); |
879 | QCOMPARE(derServer1.isEmpty(), false); |
880 | QCA::Certificate fromDer1 = QCA::Certificate::fromDER(a: derServer1, result: &resultServer1, provider); |
881 | QCOMPARE(resultServer1, QCA::ConvertGood); |
882 | QCOMPARE(fromDer1 == server1, true); |
883 | } |
884 | } |
885 | } |
886 | |
887 | void CertUnitTest::checkServerCerts() |
888 | { |
889 | QStringList providersToTest; |
890 | providersToTest.append(QStringLiteral("qca-ossl" )); |
891 | // providersToTest.append("qca-botan"); |
892 | |
893 | foreach (const QString provider, providersToTest) { |
894 | if (!QCA::isSupported(features: "cert" , provider)) |
895 | QWARN((QStringLiteral("Certificate handling not supported for " ) + provider).toLocal8Bit().constData()); |
896 | else { |
897 | QCA::ConvertResult resultServer1; |
898 | QCA::Certificate server1 = |
899 | QCA::Certificate::fromPEMFile(QStringLiteral("certs/QcaTestServerCert.pem" ), result: &resultServer1, provider); |
900 | QCOMPARE(resultServer1, QCA::ConvertGood); |
901 | QCOMPARE(server1.isNull(), false); |
902 | QCOMPARE(server1.isCA(), false); |
903 | QCOMPARE(server1.isSelfSigned(), false); |
904 | |
905 | QCOMPARE(server1.serialNumber(), QCA::BigInteger("13149359243510447489" )); |
906 | |
907 | QCOMPARE(server1.commonName(), QStringLiteral("Qca Server Test certificate" )); |
908 | |
909 | QCOMPARE(server1.notValidBefore().toString(), |
910 | QDateTime(QDate(2013, 7, 31), QTime(15, 23, 25), Qt::UTC).toString()); |
911 | QCOMPARE(server1.notValidAfter().toString(), |
912 | QDateTime(QDate(2033, 7, 26), QTime(15, 23, 25), Qt::UTC).toString()); |
913 | |
914 | QCOMPARE(server1.constraints().contains(QCA::DigitalSignature) == true, true); |
915 | QCOMPARE(server1.constraints().contains(QCA::NonRepudiation) == true, true); |
916 | QCOMPARE(server1.constraints().contains(QCA::KeyEncipherment) == true, true); |
917 | QCOMPARE(server1.constraints().contains(QCA::DataEncipherment) == true, false); |
918 | QCOMPARE(server1.constraints().contains(QCA::KeyAgreement) == true, false); |
919 | QCOMPARE(server1.constraints().contains(QCA::KeyCertificateSign) == true, false); |
920 | QCOMPARE(server1.constraints().contains(QCA::CRLSign) == true, false); |
921 | QCOMPARE(server1.constraints().contains(QCA::EncipherOnly) == true, false); |
922 | QCOMPARE(server1.constraints().contains(QCA::DecipherOnly) == true, false); |
923 | QCOMPARE(server1.constraints().contains(QCA::ServerAuth) == true, true); |
924 | QCOMPARE(server1.constraints().contains(QCA::ClientAuth) == true, false); |
925 | QCOMPARE(server1.constraints().contains(QCA::CodeSigning) == true, false); |
926 | QCOMPARE(server1.constraints().contains(QCA::EmailProtection) == true, false); |
927 | QCOMPARE(server1.constraints().contains(QCA::IPSecEndSystem) == true, false); |
928 | QCOMPARE(server1.constraints().contains(QCA::IPSecTunnel) == true, false); |
929 | QCOMPARE(server1.constraints().contains(QCA::IPSecUser) == true, false); |
930 | QCOMPARE(server1.constraints().contains(QCA::TimeStamping) == true, false); |
931 | QCOMPARE(server1.constraints().contains(QCA::OCSPSigning) == true, false); |
932 | |
933 | // no policies on this cert |
934 | QCOMPARE(server1.policies().count(), 0); |
935 | |
936 | QCA::CertificateInfo subject1 = server1.subjectInfo(); |
937 | QCOMPARE(subject1.isEmpty(), false); |
938 | QVERIFY(subject1.contains(QCA::Country, QStringLiteral("IL" ))); |
939 | QVERIFY(subject1.contains(QCA::Organization, QStringLiteral("Qca Development and Test" ))); |
940 | QVERIFY(subject1.contains(QCA::OrganizationalUnit, QStringLiteral("Server Management Section" ))); |
941 | QVERIFY(subject1.contains(QCA::CommonName, QStringLiteral("Qca Server Test certificate" ))); |
942 | |
943 | QCA::CertificateInfo issuer1 = server1.issuerInfo(); |
944 | QCOMPARE(issuer1.isEmpty(), false); |
945 | QVERIFY(issuer1.contains(QCA::Country, QStringLiteral("AU" ))); |
946 | QVERIFY(issuer1.contains(QCA::Organization, QStringLiteral("Qca Development and Test" ))); |
947 | QVERIFY(issuer1.contains(QCA::OrganizationalUnit, QStringLiteral("Certificate Generation Section" ))); |
948 | QVERIFY(issuer1.contains(QCA::CommonName, QStringLiteral("Qca Test Root Certificate" ))); |
949 | |
950 | QByteArray subjectKeyID = |
951 | QCA::Hex().stringToArray(QStringLiteral("819870c8b81eab53e72d0446b65790aa0d3eab1a" )).toByteArray(); |
952 | QCOMPARE(server1.subjectKeyId(), subjectKeyID); |
953 | QByteArray authorityKeyID = |
954 | QCA::Hex().stringToArray(QStringLiteral("f61c451de1b0458138c60568c1a7cb0f7ade0363" )).toByteArray(); |
955 | QCOMPARE(server1.issuerKeyId(), authorityKeyID); |
956 | |
957 | QCA::PublicKey pubkey1 = server1.subjectPublicKey(); |
958 | QCOMPARE(pubkey1.isNull(), false); |
959 | QCOMPARE(pubkey1.isRSA(), true); |
960 | QCOMPARE(pubkey1.isDSA(), false); |
961 | QCOMPARE(pubkey1.isDH(), false); |
962 | QCOMPARE(pubkey1.isPublic(), true); |
963 | QCOMPARE(pubkey1.isPrivate(), false); |
964 | QCOMPARE(pubkey1.bitSize(), 1024); |
965 | |
966 | QCOMPARE(server1.pathLimit(), 0); |
967 | |
968 | QCOMPARE(server1.signatureAlgorithm(), QCA::EMSA3_SHA1); |
969 | |
970 | QCA::CertificateCollection trusted; |
971 | QCA::CertificateCollection untrusted; |
972 | QCOMPARE(server1.validate(trusted, untrusted), QCA::ErrorInvalidCA); |
973 | |
974 | QCA::ConvertResult resultca1; |
975 | QCA::Certificate ca1 = |
976 | QCA::Certificate::fromPEMFile(QStringLiteral("certs/QcaTestRootCert.pem" ), result: &resultca1, provider); |
977 | QCOMPARE(resultca1, QCA::ConvertGood); |
978 | trusted.addCertificate(cert: ca1); |
979 | QCOMPARE(server1.validate(trusted, untrusted), QCA::ValidityGood); |
980 | QCOMPARE(server1.validate(trusted, untrusted, QCA::UsageAny), QCA::ValidityGood); |
981 | QCOMPARE(server1.validate(trusted, untrusted, QCA::UsageTLSServer), QCA::ValidityGood); |
982 | QCOMPARE(server1.validate(trusted, untrusted, QCA::UsageTLSClient), QCA::ErrorInvalidPurpose); |
983 | QCOMPARE(server1.validate(trusted, untrusted, QCA::UsageCodeSigning), QCA::ErrorInvalidPurpose); |
984 | QCOMPARE(server1.validate(trusted, untrusted, QCA::UsageTimeStamping), QCA::ErrorInvalidPurpose); |
985 | QCOMPARE(server1.validate(trusted, untrusted, QCA::UsageEmailProtection), QCA::ErrorInvalidPurpose); |
986 | QCOMPARE(server1.validate(trusted, untrusted, QCA::UsageCRLSigning), QCA::ErrorInvalidPurpose); |
987 | |
988 | QByteArray derServer1 = server1.toDER(); |
989 | QCOMPARE(derServer1.isEmpty(), false); |
990 | QCA::Certificate fromDer1 = QCA::Certificate::fromDER(a: derServer1, result: &resultServer1, provider); |
991 | QCOMPARE(resultServer1, QCA::ConvertGood); |
992 | QCOMPARE(fromDer1 == server1, true); |
993 | } |
994 | } |
995 | } |
996 | |
997 | void CertUnitTest::checkSystemStore() |
998 | { |
999 | if (QCA::isSupported(features: "cert" ) && QCA::isSupported(features: "crl" )) { |
1000 | QCOMPARE(QCA::haveSystemStore(), true); |
1001 | |
1002 | QCA::CertificateCollection collection1; |
1003 | collection1 = QCA::systemStore(); |
1004 | // Do we have any certs? |
1005 | QVERIFY(collection1.certificates().count() > 0); |
1006 | } else { |
1007 | QCOMPARE(QCA::haveSystemStore(), false); |
1008 | } |
1009 | } |
1010 | |
1011 | void CertUnitTest::crl() |
1012 | { |
1013 | QStringList providersToTest; |
1014 | providersToTest.append(QStringLiteral("qca-ossl" )); |
1015 | // providersToTest.append("qca-botan"); |
1016 | |
1017 | foreach (const QString provider, providersToTest) { |
1018 | if (!QCA::isSupported(features: "crl" , provider)) |
1019 | QWARN((QStringLiteral("Certificate revocation not supported for " ) + provider).toLocal8Bit().constData()); |
1020 | else { |
1021 | QCA::CRL emptyCRL; |
1022 | QVERIFY(emptyCRL.isNull()); |
1023 | |
1024 | QCA::ConvertResult resultCrl; |
1025 | QCA::CRL crl1 = QCA::CRL::fromPEMFile(QStringLiteral("certs/Test_CRL.crl" ), result: &resultCrl, provider); |
1026 | QCOMPARE(resultCrl, QCA::ConvertGood); |
1027 | QCOMPARE(crl1.isNull(), false); |
1028 | |
1029 | QCA::CertificateInfo issuer = crl1.issuerInfo(); |
1030 | QCOMPARE(issuer.isEmpty(), false); |
1031 | QVERIFY(issuer.contains(QCA::Country, QStringLiteral("de" ))); |
1032 | QVERIFY(issuer.contains(QCA::Organization, QStringLiteral("InsecureTestCertificate" ))); |
1033 | QVERIFY(issuer.contains(QCA::CommonName, QStringLiteral("For Tests Only" ))); |
1034 | |
1035 | // No keyid extension on this crl |
1036 | QCOMPARE(QCA::arrayToHex(crl1.issuerKeyId()), QLatin1String("" )); |
1037 | |
1038 | QCOMPARE(crl1.thisUpdate(), QDateTime(QDate(2001, 8, 17), QTime(11, 12, 03), Qt::UTC)); |
1039 | QCOMPARE(crl1.nextUpdate(), QDateTime(QDate(2006, 8, 16), QTime(11, 12, 03), Qt::UTC)); |
1040 | |
1041 | QCOMPARE(crl1.signatureAlgorithm(), QCA::EMSA3_MD5); |
1042 | |
1043 | QCOMPARE(crl1.issuerKeyId(), QByteArray("" )); |
1044 | QCOMPARE(crl1, QCA::CRL(crl1)); |
1045 | QCOMPARE(crl1 == QCA::CRL(), false); |
1046 | QCOMPARE(crl1.number(), -1); |
1047 | |
1048 | QList<QCA::CRLEntry> revokedList = crl1.revoked(); |
1049 | QCOMPARE(revokedList.size(), 2); |
1050 | std::sort(first: revokedList.begin(), last: revokedList.end()); |
1051 | QCOMPARE(revokedList[0].serialNumber(), QCA::BigInteger("3" )); |
1052 | QCOMPARE(revokedList[1].serialNumber(), QCA::BigInteger("5" )); |
1053 | QCOMPARE(revokedList[0].reason(), QCA::CRLEntry::Unspecified); |
1054 | QCOMPARE(revokedList[1].reason(), QCA::CRLEntry::Unspecified); |
1055 | QCOMPARE(revokedList[0].time(), QDateTime(QDate(2001, 8, 17), QTime(11, 10, 39), Qt::UTC)); |
1056 | QCOMPARE(revokedList[1].time(), QDateTime(QDate(2001, 8, 17), QTime(11, 11, 59), Qt::UTC)); |
1057 | |
1058 | // convert to DER |
1059 | QByteArray derCRL1 = crl1.toDER(); |
1060 | // check we got something, at least |
1061 | QCOMPARE(derCRL1.isEmpty(), false); |
1062 | // convert back from DER |
1063 | QCA::CRL fromDer1 = QCA::CRL::fromDER(a: derCRL1, result: &resultCrl, provider); |
1064 | // check the conversion at least appeared to work |
1065 | QCOMPARE(resultCrl, QCA::ConvertGood); |
1066 | // check the result is the same as what we started with |
1067 | QCOMPARE(fromDer1, crl1); |
1068 | } |
1069 | } |
1070 | } |
1071 | |
1072 | void CertUnitTest::crl2() |
1073 | { |
1074 | QStringList providersToTest; |
1075 | providersToTest.append(QStringLiteral("qca-ossl" )); |
1076 | // providersToTest.append("qca-botan"); |
1077 | |
1078 | foreach (const QString provider, providersToTest) { |
1079 | if (!QCA::isSupported(features: "crl" , provider)) |
1080 | QWARN((QStringLiteral("Certificate revocation not supported for " ) + provider).toLocal8Bit().constData()); |
1081 | else { |
1082 | QCA::ConvertResult resultCrl; |
1083 | QCA::CRL crl1 = QCA::CRL::fromPEMFile(QStringLiteral("certs/GoodCACRL.pem" ), result: &resultCrl, provider); |
1084 | QCOMPARE(resultCrl, QCA::ConvertGood); |
1085 | QCOMPARE(crl1.isNull(), false); |
1086 | QCOMPARE(crl1.provider()->name(), provider); |
1087 | |
1088 | QCA::CertificateInfo issuer = crl1.issuerInfo(); |
1089 | QCOMPARE(issuer.isEmpty(), false); |
1090 | QVERIFY(issuer.contains(QCA::Country, QStringLiteral("US" ))); |
1091 | QVERIFY(issuer.contains(QCA::Organization, QStringLiteral("Test Certificates" ))); |
1092 | QVERIFY(issuer.contains(QCA::CommonName, QStringLiteral("Good CA" ))); |
1093 | |
1094 | QCOMPARE(crl1.thisUpdate(), QDateTime(QDate(2001, 4, 19), QTime(14, 57, 20), Qt::UTC)); |
1095 | QCOMPARE(crl1.nextUpdate(), QDateTime(QDate(2011, 4, 19), QTime(14, 57, 20), Qt::UTC)); |
1096 | |
1097 | QCOMPARE(crl1.signatureAlgorithm(), QCA::EMSA3_SHA1); |
1098 | |
1099 | QCOMPARE(QCA::arrayToHex(crl1.issuerKeyId()), QStringLiteral("b72ea682cbc2c8bca87b2744d73533df9a1594c7" )); |
1100 | QCOMPARE(crl1.number(), 1); |
1101 | QCOMPARE(crl1, QCA::CRL(crl1)); |
1102 | QCOMPARE(crl1 == QCA::CRL(), false); |
1103 | |
1104 | QList<QCA::CRLEntry> revokedList = crl1.revoked(); |
1105 | QCOMPARE(revokedList.size(), 2); |
1106 | std::sort(first: revokedList.begin(), last: revokedList.end()); |
1107 | QCOMPARE(revokedList[0].serialNumber(), QCA::BigInteger("14" )); |
1108 | QCOMPARE(revokedList[1].serialNumber(), QCA::BigInteger("15" )); |
1109 | QCOMPARE(revokedList[0].reason(), QCA::CRLEntry::KeyCompromise); |
1110 | QCOMPARE(revokedList[1].reason(), QCA::CRLEntry::KeyCompromise); |
1111 | QCOMPARE(revokedList[0].time(), QDateTime(QDate(2001, 4, 19), QTime(14, 57, 20), Qt::UTC)); |
1112 | QCOMPARE(revokedList[1].time(), QDateTime(QDate(2001, 4, 19), QTime(14, 57, 20), Qt::UTC)); |
1113 | |
1114 | // convert to DER |
1115 | QByteArray derCRL1 = crl1.toDER(); |
1116 | // check we got something, at least |
1117 | QCOMPARE(derCRL1.isEmpty(), false); |
1118 | // convert back from DER |
1119 | QCA::CRL fromDer1 = QCA::CRL::fromDER(a: derCRL1, result: &resultCrl, provider); |
1120 | // check the conversion at least appeared to work |
1121 | QCOMPARE(resultCrl, QCA::ConvertGood); |
1122 | // check the result is the same as what we started with |
1123 | QCOMPARE(fromDer1, crl1); |
1124 | |
1125 | // convert to PEM |
1126 | QString pemCRL1 = crl1.toPEM(); |
1127 | // check we got something, at least |
1128 | QCOMPARE(pemCRL1.isEmpty(), false); |
1129 | // convert back from PEM |
1130 | QCA::CRL fromPEM1 = QCA::CRL::fromPEM(s: pemCRL1, result: &resultCrl, provider); |
1131 | // check the conversion at least appeared to work |
1132 | QCOMPARE(resultCrl, QCA::ConvertGood); |
1133 | // check the result is the same as what we started with |
1134 | QCOMPARE(fromPEM1, crl1); |
1135 | } |
1136 | } |
1137 | } |
1138 | |
1139 | void CertUnitTest::csr() |
1140 | { |
1141 | QStringList providersToTest; |
1142 | providersToTest.append(QStringLiteral("qca-ossl" )); |
1143 | // providersToTest.append("qca-botan"); |
1144 | |
1145 | foreach (const QString provider, providersToTest) { |
1146 | if (!QCA::isSupported(features: "csr" , provider)) |
1147 | QWARN((QStringLiteral("Certificate signing requests not supported for " ) + provider) |
1148 | .toLocal8Bit() |
1149 | .constData()); |
1150 | else { |
1151 | QCA::CertificateRequest nullCSR; |
1152 | QVERIFY(nullCSR.isNull()); |
1153 | // This is copied on purpose to check the assignment operator |
1154 | QCA::CertificateRequest anotherNullCSR = nullCSR; // NOLINT(performance-unnecessary-copy-initialization) |
1155 | QVERIFY(anotherNullCSR.isNull()); |
1156 | QCOMPARE(nullCSR, anotherNullCSR); |
1157 | |
1158 | QCA::ConvertResult resultCsr; |
1159 | QCA::CertificateRequest csr1 = |
1160 | QCA::CertificateRequest::fromPEMFile(QStringLiteral("certs/csr1.pem" ), result: &resultCsr, provider); |
1161 | QCOMPARE(resultCsr, QCA::ConvertGood); |
1162 | QCOMPARE(csr1.isNull(), false); |
1163 | QCOMPARE(csr1.provider()->name(), provider); |
1164 | QCA::CertificateInfo subject = csr1.subjectInfo(); |
1165 | QCOMPARE(subject.isEmpty(), false); |
1166 | QVERIFY(subject.contains(QCA::Country, QStringLiteral("AU" ))); |
1167 | QVERIFY(subject.contains(QCA::State, QStringLiteral("Victoria" ))); |
1168 | QVERIFY(subject.contains(QCA::Locality, QStringLiteral("Mitcham" ))); |
1169 | QVERIFY(subject.contains(QCA::Organization, QStringLiteral("GE Interlogix" ))); |
1170 | QVERIFY(subject.contains(QCA::OrganizationalUnit, QStringLiteral("Engineering" ))); |
1171 | QVERIFY(subject.contains(QCA::CommonName, QStringLiteral("coldfire" ))); |
1172 | |
1173 | QCA::PublicKey pkey = csr1.subjectPublicKey(); |
1174 | QCOMPARE(pkey.isNull(), false); |
1175 | QVERIFY(pkey.isRSA()); |
1176 | |
1177 | QCA::RSAPublicKey rsaPkey = pkey.toRSA(); |
1178 | QCOMPARE(rsaPkey.isNull(), false); |
1179 | QCOMPARE(rsaPkey.e(), QCA::BigInteger(65537)); |
1180 | QCOMPARE(rsaPkey.n(), |
1181 | QCA::BigInteger("104853561647822232509211983664549572246855698961210758585652966258891659217901732" |
1182 | "470712446421431206166165309547771124747713609923038218156616083520796442797276676" |
1183 | "074122658684367500665423564881889504308700315044585826841844654287577169905826705" |
1184 | "891670004942854611681809539126326134927995969418712881512819058439" )); |
1185 | |
1186 | QCOMPARE(csr1.signatureAlgorithm(), QCA::EMSA3_MD5); |
1187 | } |
1188 | } |
1189 | } |
1190 | |
1191 | void CertUnitTest::csr2() |
1192 | { |
1193 | QStringList providersToTest; |
1194 | providersToTest.append(QStringLiteral("qca-ossl" )); |
1195 | // providersToTest.append("qca-botan"); |
1196 | |
1197 | foreach (const QString provider, providersToTest) { |
1198 | if (!QCA::isSupported(features: "csr" , provider)) |
1199 | QWARN((QStringLiteral("Certificate signing requests not supported for " ) + provider) |
1200 | .toLocal8Bit() |
1201 | .constData()); |
1202 | else { |
1203 | QCA::ConvertResult resultCsr; |
1204 | QCA::CertificateRequest csr1 = |
1205 | QCA::CertificateRequest::fromPEMFile(QStringLiteral("certs/newreq.pem" ), result: &resultCsr, provider); |
1206 | QCOMPARE(resultCsr, QCA::ConvertGood); |
1207 | QCOMPARE(csr1.isNull(), false); |
1208 | QCOMPARE(csr1.provider()->name(), provider); |
1209 | QCA::CertificateInfo subject = csr1.subjectInfo(); |
1210 | QCOMPARE(subject.isEmpty(), false); |
1211 | QVERIFY(subject.contains(QCA::Country, QStringLiteral("AI" ))); |
1212 | QVERIFY(subject.contains(QCA::State, QStringLiteral("Hutt River Province" ))); |
1213 | QVERIFY(subject.contains(QCA::Locality, QStringLiteral("Lesser Internet" ))); |
1214 | QVERIFY(subject.contains(QCA::Organization, QStringLiteral("My Company Ltd" ))); |
1215 | QVERIFY(subject.contains(QCA::OrganizationalUnit, QStringLiteral("Backwater Branch Office" ))); |
1216 | QVERIFY(subject.contains(QCA::CommonName, QStringLiteral("FirstName Surname" ))); |
1217 | |
1218 | QCA::PublicKey pkey = csr1.subjectPublicKey(); |
1219 | QCOMPARE(pkey.isNull(), false); |
1220 | QVERIFY(pkey.isRSA()); |
1221 | |
1222 | QCA::RSAPublicKey rsaPkey = pkey.toRSA(); |
1223 | QCOMPARE(rsaPkey.isNull(), false); |
1224 | QCOMPARE(rsaPkey.e(), QCA::BigInteger(65537)); |
1225 | QCOMPARE(rsaPkey.n(), |
1226 | QCA::BigInteger("151872780463004414908584891835397365176526767139347372444365914360701714510188717" |
1227 | "169754430290680734981291754624394094502297070722505032645306680495915914243593438" |
1228 | "796635264236530526146243919417744996366836534380790370421346490191416041004278161" |
1229 | "146551997010463199760480957900518811859984176646089981367745961681" )); |
1230 | |
1231 | QCOMPARE(csr1.signatureAlgorithm(), QCA::EMSA3_MD5); |
1232 | |
1233 | // convert to DER |
1234 | QByteArray derCSR1 = csr1.toDER(); |
1235 | // check we got something, at least |
1236 | QCOMPARE(derCSR1.isEmpty(), false); |
1237 | // convert back from DER |
1238 | QCA::CertificateRequest fromDer1 = QCA::CertificateRequest::fromDER(a: derCSR1, result: &resultCsr, provider); |
1239 | // check the conversion at least appeared to work |
1240 | QCOMPARE(resultCsr, QCA::ConvertGood); |
1241 | // check the result is the same as what we started with |
1242 | QCOMPARE(fromDer1, csr1); |
1243 | |
1244 | // convert to PEM |
1245 | QString pemCSR1 = csr1.toPEM(); |
1246 | // check we got something, at least |
1247 | QCOMPARE(pemCSR1.isEmpty(), false); |
1248 | // convert back from PEM |
1249 | QCA::CertificateRequest fromPEM1 = QCA::CertificateRequest::fromPEM(s: pemCSR1, result: &resultCsr, provider); |
1250 | // check the conversion at least appeared to work |
1251 | QCOMPARE(resultCsr, QCA::ConvertGood); |
1252 | // check the result is the same as what we started with |
1253 | QCOMPARE(fromPEM1, csr1); |
1254 | } |
1255 | } |
1256 | } |
1257 | QTEST_MAIN(CertUnitTest) |
1258 | |
1259 | #include "certunittest.moc" |
1260 | |