certunittest.cpp source code [qca/unittest/certunittest/certunittest.cpp]

1	/**
2	* Copyright (C) 2004-2006 Brad Hards <bradh@frogmouth.net>
3	*
4	* Redistribution and use in source and binary forms, with or without
5	* modification, are permitted provided that the following conditions
6	* are met:
7	*
8	* 1. Redistributions of source code must retain the above copyright
9	* notice, this list of conditions and the following disclaimer.
10	* 2. Redistributions in binary form must reproduce the above copyright
11	* notice, this list of conditions and the following disclaimer in the
12	* documentation and/or other materials provided with the distribution.
13	*
14	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24	*/
25
26	#include <QtCrypto>
27	#include <QtTest/QtTest>
28
29	#ifdef QT_STATICPLUGIN
30	#include "import_plugins.h"
31	#endif
32
33	class CertUnitTest : public QObject
34	{
35	Q_OBJECT
36
37	private Q_SLOTS:
38	void initTestCase();
39	void checkSystemStore();
40	void nullCert();
41	void noSuchFile();
42	void CAcertstest();
43	void derCAcertstest();
44	void qualitysslcatest();
45	void checkExpiredClientCerts();
46	void checkClientCerts();
47	void altName();
48	void extXMPP();
49	void checkExpiredServerCerts();
50	void checkServerCerts();
51	void altNames76();
52	void sha256cert();
53	void crl();
54	void crl2();
55	void csr();
56	void csr2();
57	void cleanupTestCase();
58
59	private:
60	QCA::Initializer *m_init;
61	};
62
63	void CertUnitTest::initTestCase()
64	{
65	m_init = new QCA::Initializer;
66	}
67
68	void CertUnitTest::cleanupTestCase()
69	{
70	delete m_init;
71	}
72
73	void CertUnitTest::nullCert()
74	{
75	QStringList providersToTest;
76	providersToTest.append(QStringLiteral("qca-ossl"));
77	// providersToTest.append("qca-botan");
78
79	foreach (const QString provider, providersToTest) {
80	if (!QCA::isSupported(features: "cert", provider))
81	QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
82	else {
83	QCA::Certificate nullCert;
84	QVERIFY(nullCert.isNull());
85	// This is copied on purpose to check the assignment operator
86	QCA::Certificate anotherNullCert = nullCert; // NOLINT(performance-unnecessary-copy-initialization)
87	QVERIFY(anotherNullCert.isNull());
88	QCOMPARE(nullCert, anotherNullCert);
89	}
90	}
91	}
92
93	void CertUnitTest::noSuchFile()
94	{
95	QStringList providersToTest;
96	providersToTest.append(QStringLiteral("qca-ossl"));
97	// providersToTest.append("qca-botan");
98
99	foreach (const QString provider, providersToTest) {
100	if (!QCA::isSupported(features: "cert", provider))
101	QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
102	else {
103	QCA::ConvertResult resultNoFile;
104	QCA::Certificate cert = QCA::Certificate::fromPEMFile(
105	QStringLiteral("thisIsJustaFileNameThatWeDontHave"), result: &resultNoFile, provider);
106	QCOMPARE(resultNoFile, QCA::ErrorFile);
107	QVERIFY(cert.isNull());
108	}
109	}
110	}
111
112	void CertUnitTest::CAcertstest()
113	{
114	QStringList providersToTest;
115	providersToTest.append(QStringLiteral("qca-ossl"));
116	// providersToTest.append("qca-botan");
117
118	foreach (const QString provider, providersToTest) {
119	if (!QCA::isSupported(features: "cert", provider))
120	QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
121	else {
122	QCA::ConvertResult resultca1;
123	QCA::Certificate ca1 =
124	QCA::Certificate::fromPEMFile(QStringLiteral("certs/RootCAcert.pem"), result: &resultca1, provider);
125
126	QCOMPARE(resultca1, QCA::ConvertGood);
127	QCOMPARE(ca1.isNull(), false);
128	QCOMPARE(ca1.pathLimit(), `0`);
129	QCOMPARE(ca1.isCA(), true);
130	QCOMPARE(ca1.isSelfSigned(), true);
131
132	QCOMPARE(ca1.serialNumber(), QCA::BigInteger (`0`));
133
134	QCOMPARE(ca1.commonName(), QStringLiteral("For Tests Only"));
135
136	QCOMPARE(ca1.notValidBefore().toString(),
137	QDateTime(QDate(`2001`, `8`, `17`), QTime(`8`, `30`, `39`), Qt::UTC).toString());
138	QCOMPARE(ca1.notValidAfter().toString(),
139	QDateTime(QDate(`2011`, `8`, `15`), QTime(`8`, `30`, `39`), Qt::UTC).toString());
140
141	QCOMPARE(ca1.constraints().contains(QCA::DigitalSignature) == true, true);
142	QCOMPARE(ca1.constraints().contains(QCA::NonRepudiation) == true, true);
143	QCOMPARE(ca1.constraints().contains(QCA::KeyEncipherment) == true, true);
144	QCOMPARE(ca1.constraints().contains(QCA::DataEncipherment) == true, false);
145	QCOMPARE(ca1.constraints().contains(QCA::KeyAgreement) == true, false);
146	QCOMPARE(ca1.constraints().contains(QCA::KeyCertificateSign) == true, true);
147	QCOMPARE(ca1.constraints().contains(QCA::CRLSign) == true, true);
148	QCOMPARE(ca1.constraints().contains(QCA::EncipherOnly) == true, false);
149	QCOMPARE(ca1.constraints().contains(QCA::DecipherOnly) == true, false);
150	QCOMPARE(ca1.constraints().contains(QCA::ServerAuth) == true, false);
151	QCOMPARE(ca1.constraints().contains(QCA::ClientAuth) == true, false);
152	QCOMPARE(ca1.constraints().contains(QCA::CodeSigning) == true, false);
153	QCOMPARE(ca1.constraints().contains(QCA::EmailProtection) == true, false);
154	QCOMPARE(ca1.constraints().contains(QCA::IPSecEndSystem) == true, false);
155	QCOMPARE(ca1.constraints().contains(QCA::IPSecTunnel) == true, false);
156	QCOMPARE(ca1.constraints().contains(QCA::IPSecUser) == true, false);
157	QCOMPARE(ca1.constraints().contains(QCA::TimeStamping) == true, false);
158	QCOMPARE(ca1.constraints().contains(QCA::OCSPSigning) == true, false);
159
160	// no policies on this cert
161	QCOMPARE(ca1.policies().count(), `0`);
162	}
163	}
164	}
165
166	void CertUnitTest::qualitysslcatest()
167	{
168	QStringList providersToTest;
169	providersToTest.append(QStringLiteral("qca-ossl"));
170	// providersToTest.append("qca-botan");
171
172	foreach (const QString provider, providersToTest) {
173	if (!QCA::isSupported(features: "cert", provider))
174	QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
175	else {
176	QCA::ConvertResult resultca1;
177	QCA::Certificate ca1 = QCA::Certificate::fromPEMFile(
178	QStringLiteral("certs/QualitySSLIntermediateCA.crt"), result: &resultca1, provider);
179
180	QCOMPARE(resultca1, QCA::ConvertGood);
181	QCOMPARE(ca1.isNull(), false);
182	QCOMPARE(ca1.isCA(), true);
183	QCOMPARE(ca1.isSelfSigned(), false);
184
185	QCOMPARE(ca1.signatureAlgorithm(), QCA::EMSA3_SHA1);
186
187	QCOMPARE(ca1.serialNumber(), QCA::BigInteger ("33555098"));
188
189	QCOMPARE(ca1.commonName(), QStringLiteral("Comodo Class 3 Security Services CA"));
190
191	QCOMPARE(ca1.notValidBefore().toString(),
192	QDateTime(QDate(`2002`, `8`, `27`), QTime(`19`, `02`, `00`), Qt::UTC).toString());
193	QCOMPARE(ca1.notValidAfter().toString(),
194	QDateTime(QDate(`2012`, `8`, `27`), QTime(`23`, `59`, `00`), Qt::UTC).toString());
195
196	QCOMPARE(ca1.pathLimit(), `0`);
197
198	QCOMPARE(ca1.constraints().contains(QCA::DigitalSignature) == true, true);
199	QCOMPARE(ca1.constraints().contains(QCA::NonRepudiation) == true, true);
200	QCOMPARE(ca1.constraints().contains(QCA::KeyEncipherment) == true, true);
201	QCOMPARE(ca1.constraints().contains(QCA::DataEncipherment) == true, false);
202	QCOMPARE(ca1.constraints().contains(QCA::KeyAgreement) == true, false);
203	QCOMPARE(ca1.constraints().contains(QCA::KeyCertificateSign) == true, true);
204	QCOMPARE(ca1.constraints().contains(QCA::CRLSign) == true, true);
205	QCOMPARE(ca1.constraints().contains(QCA::EncipherOnly) == true, false);
206	QCOMPARE(ca1.constraints().contains(QCA::DecipherOnly) == true, false);
207	QCOMPARE(ca1.constraints().contains(QCA::ServerAuth) == true, false);
208	QCOMPARE(ca1.constraints().contains(QCA::ClientAuth) == true, false);
209	QCOMPARE(ca1.constraints().contains(QCA::CodeSigning) == true, false);
210	QCOMPARE(ca1.constraints().contains(QCA::EmailProtection) == true, false);
211	QCOMPARE(ca1.constraints().contains(QCA::IPSecEndSystem) == true, false);
212	QCOMPARE(ca1.constraints().contains(QCA::IPSecTunnel) == true, false);
213	QCOMPARE(ca1.constraints().contains(QCA::IPSecUser) == true, false);
214	QCOMPARE(ca1.constraints().contains(QCA::TimeStamping) == true, false);
215	QCOMPARE(ca1.constraints().contains(QCA::OCSPSigning) == true, false);
216	}
217	}
218	}
219
220	void CertUnitTest::checkExpiredClientCerts()
221	{
222	QStringList providersToTest;
223	providersToTest.append(QStringLiteral("qca-ossl"));
224	// providersToTest.append("qca-botan");
225
226	foreach (const QString provider, providersToTest) {
227	if (!QCA::isSupported(features: "cert", provider))
228	QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
229	else {
230	QCA::ConvertResult resultClient1;
231	QCA::Certificate client1 =
232	QCA::Certificate::fromPEMFile(QStringLiteral("certs/User.pem"), result: &resultClient1, provider);
233	QCOMPARE(resultClient1, QCA::ConvertGood);
234	QCOMPARE(client1.isNull(), false);
235	QCOMPARE(client1.isCA(), false);
236	QCOMPARE(client1.isSelfSigned(), false);
237
238	QCOMPARE(client1.serialNumber(), QCA::BigInteger (`2`));
239
240	QCOMPARE(client1.commonName(), QStringLiteral("Insecure User Test Cert"));
241
242	QCOMPARE(client1.notValidBefore().toString(),
243	QDateTime(QDate(`2001`, `8`, `17`), QTime(`8`, `32`, `38`), Qt::UTC).toString());
244	QCOMPARE(client1.notValidAfter().toString(),
245	QDateTime(QDate(`2006`, `8`, `16`), QTime(`8`, `32`, `38`), Qt::UTC).toString());
246
247	QCOMPARE(client1.constraints().contains(QCA::DigitalSignature) == true, true);
248	QCOMPARE(client1.constraints().contains(QCA::NonRepudiation) == true, true);
249	QCOMPARE(client1.constraints().contains(QCA::KeyEncipherment) == true, true);
250	QCOMPARE(client1.constraints().contains(QCA::DataEncipherment) == true, true);
251	QCOMPARE(client1.constraints().contains(QCA::KeyAgreement) == true, false);
252	QCOMPARE(client1.constraints().contains(QCA::KeyCertificateSign) == true, false);
253	QCOMPARE(client1.constraints().contains(QCA::CRLSign) == true, false);
254	QCOMPARE(client1.constraints().contains(QCA::EncipherOnly) == true, false);
255	QCOMPARE(client1.constraints().contains(QCA::DecipherOnly) == true, false);
256	QCOMPARE(client1.constraints().contains(QCA::ServerAuth) == true, false);
257	QCOMPARE(client1.constraints().contains(QCA::ClientAuth) == true, true);
258	QCOMPARE(client1.constraints().contains(QCA::CodeSigning) == true, false);
259	QCOMPARE(client1.constraints().contains(QCA::EmailProtection) == true, true);
260	QCOMPARE(client1.constraints().contains(QCA::IPSecEndSystem) == true, false);
261	QCOMPARE(client1.constraints().contains(QCA::IPSecTunnel) == true, false);
262	QCOMPARE(client1.constraints().contains(QCA::IPSecUser) == true, false);
263	QCOMPARE(client1.constraints().contains(QCA::TimeStamping) == true, false);
264	QCOMPARE(client1.constraints().contains(QCA::OCSPSigning) == true, false);
265
266	// no policies on this cert
267	QCOMPARE(client1.policies().count(), `0`);
268
269	QCA::CertificateInfo subject1 = client1.subjectInfo();
270	QCOMPARE(subject1.isEmpty(), false);
271	QCOMPARE(subject1.contains(QCA::Country, QStringLiteral("de")) == true, true);
272	QCOMPARE(subject1.contains(QCA::Organization, QStringLiteral("InsecureTestCertificate")) == true, true);
273	QCOMPARE(subject1.contains(QCA::CommonName, QStringLiteral("Insecure User Test Cert")) == true, true);
274
275	QCA::CertificateInfo issuer1 = client1.issuerInfo();
276	QCOMPARE(issuer1.isEmpty(), false);
277	QCOMPARE(issuer1.contains(QCA::Country, QStringLiteral("de")) == true, true);
278	QCOMPARE(issuer1.contains(QCA::Organization, QStringLiteral("InsecureTestCertificate")) == true, true);
279	QCOMPARE(issuer1.contains(QCA::CommonName, QStringLiteral("For Tests Only")) == true, true);
280
281	QByteArray subjectKeyID =
282	QCA::Hex ().stringToArray(QStringLiteral("889E7EF729719D7B280F361AAE6D00D39DE1AADB")).toByteArray();
283	QCOMPARE(client1.subjectKeyId(), subjectKeyID);
284	QCOMPARE(QCA::Hex ().arrayToString(client1.issuerKeyId()),
285	QStringLiteral("bf53438278d09ec380e51b67ca0500dfb94883a5"));
286
287	QCA::PublicKey pubkey1 = client1.subjectPublicKey();
288	QCOMPARE(pubkey1.isNull(), false);
289	QCOMPARE(pubkey1.isRSA(), true);
290	QCOMPARE(pubkey1.isDSA(), false);
291	QCOMPARE(pubkey1.isDH(), false);
292	QCOMPARE(pubkey1.isPublic(), true);
293	QCOMPARE(pubkey1.isPrivate(), false);
294	QCOMPARE(pubkey1.bitSize(), `1024`);
295
296	QCOMPARE(client1.pathLimit(), `0`);
297
298	QCOMPARE(client1.signatureAlgorithm(), QCA::EMSA3_MD5);
299
300	QCA::CertificateCollection trusted;
301	QCA::CertificateCollection untrusted;
302	QCOMPARE(client1.validate(trusted, untrusted), QCA::ErrorInvalidCA);
303
304	QCA::ConvertResult resultca1;
305	QCA::Certificate ca1 =
306	QCA::Certificate::fromPEMFile(QStringLiteral("certs/RootCAcert.pem"), result: &resultca1, provider);
307	QCOMPARE(resultca1, QCA::ConvertGood);
308	trusted.addCertificate(cert: ca1);
309
310	QCOMPARE(client1.validate(trusted, untrusted), QCA::ErrorExpired);
311	QCOMPARE(client1.validate(trusted, untrusted, QCA::UsageAny), QCA::ErrorExpired);
312	QCOMPARE(client1.validate(trusted, untrusted, QCA::UsageTLSServer), QCA::ErrorExpired);
313	QCOMPARE(client1.validate(trusted, untrusted, QCA::UsageTLSClient), QCA::ErrorExpired);
314	QCOMPARE(client1.validate(trusted, untrusted, QCA::UsageCodeSigning), QCA::ErrorExpired);
315	QCOMPARE(client1.validate(trusted, untrusted, QCA::UsageTimeStamping), QCA::ErrorExpired);
316	QCOMPARE(client1.validate(trusted, untrusted, QCA::UsageEmailProtection), QCA::ErrorExpired);
317	QCOMPARE(client1.validate(trusted, untrusted, QCA::UsageCRLSigning), QCA::ErrorExpired);
318	QByteArray derClient1 = client1.toDER();
319	QCOMPARE(derClient1.isEmpty(), false);
320	QCA::Certificate fromDer1 = QCA::Certificate::fromDER(a: derClient1, result: &resultClient1, provider);
321	QCOMPARE(resultClient1, QCA::ConvertGood);
322	QVERIFY(fromDer1 == client1);
323
324	QString pemClient1 = client1.toPEM();
325	QCOMPARE(pemClient1.isEmpty(), false);
326	QCA::Certificate fromPem1 = QCA::Certificate::fromPEM(s: pemClient1, result: &resultClient1, provider);
327	QCOMPARE(resultClient1, QCA::ConvertGood);
328	QVERIFY(fromPem1 == client1);
329	QCOMPARE(fromPem1 != fromDer1, false);
330	}
331	}
332	}
333
334	void CertUnitTest::checkClientCerts()
335	{
336	QStringList providersToTest;
337	providersToTest.append(QStringLiteral("qca-ossl"));
338	// providersToTest.append("qca-botan");
339
340	foreach (const QString provider, providersToTest) {
341	if (!QCA::isSupported(features: "cert", provider))
342	QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
343	else {
344	QCA::ConvertResult resultClient2;
345	QCA::Certificate client2 =
346	QCA::Certificate::fromPEMFile(QStringLiteral("certs/QcaTestClientCert.pem"), result: &resultClient2, provider);
347	QCOMPARE(resultClient2, QCA::ConvertGood);
348	QCOMPARE(client2.isNull(), false);
349	QCOMPARE(client2.isCA(), false);
350	QCOMPARE(client2.isSelfSigned(), false);
351
352	QCOMPARE(client2.serialNumber(), QCA::BigInteger ("13149359243510447488"));
353
354	QCOMPARE(client2.commonName(), QStringLiteral("Qca Test Client Certificate"));
355
356	QCOMPARE(client2.notValidBefore().toString(),
357	QDateTime(QDate(`2013`, `7`, `31`), QTime(`15`, `14`, `28`), Qt::UTC).toString());
358	QCOMPARE(client2.notValidAfter().toString(),
359	QDateTime(QDate(`2033`, `7`, `26`), QTime(`15`, `14`, `28`), Qt::UTC).toString());
360
361	QCOMPARE(client2.constraints().contains(QCA::DigitalSignature) == true, true);
362	QCOMPARE(client2.constraints().contains(QCA::NonRepudiation) == true, true);
363	QCOMPARE(client2.constraints().contains(QCA::KeyEncipherment) == true, true);
364	QCOMPARE(client2.constraints().contains(QCA::DataEncipherment) == true, true);
365	QCOMPARE(client2.constraints().contains(QCA::KeyAgreement) == true, false);
366	QCOMPARE(client2.constraints().contains(QCA::KeyCertificateSign) == true, false);
367	QCOMPARE(client2.constraints().contains(QCA::CRLSign) == true, false);
368	QCOMPARE(client2.constraints().contains(QCA::EncipherOnly) == true, false);
369	QCOMPARE(client2.constraints().contains(QCA::DecipherOnly) == true, false);
370	QCOMPARE(client2.constraints().contains(QCA::ServerAuth) == true, false);
371	QCOMPARE(client2.constraints().contains(QCA::ClientAuth) == true, true);
372	QCOMPARE(client2.constraints().contains(QCA::CodeSigning) == true, false);
373	QCOMPARE(client2.constraints().contains(QCA::EmailProtection) == true, true);
374	QCOMPARE(client2.constraints().contains(QCA::IPSecEndSystem) == true, false);
375	QCOMPARE(client2.constraints().contains(QCA::IPSecTunnel) == true, false);
376	QCOMPARE(client2.constraints().contains(QCA::IPSecUser) == true, false);
377	QCOMPARE(client2.constraints().contains(QCA::TimeStamping) == true, false);
378	QCOMPARE(client2.constraints().contains(QCA::OCSPSigning) == true, false);
379
380	// no policies on this cert
381	QCOMPARE(client2.policies().count(), `0`);
382
383	QCA::CertificateInfo subject2 = client2.subjectInfo();
384	QCOMPARE(subject2.isEmpty(), false);
385	QVERIFY(subject2.contains(QCA::Country, QStringLiteral("US")));
386	QVERIFY(subject2.contains(QCA::Organization, QStringLiteral("Qca Development and Test")));
387	QVERIFY(subject2.contains(QCA::OrganizationalUnit, QStringLiteral("Certificate Generation Section")));
388	QVERIFY(subject2.contains(QCA::CommonName, QStringLiteral("Qca Test Client Certificate")));
389
390	QCA::CertificateInfo issuer2 = client2.issuerInfo();
391	QCOMPARE(issuer2.isEmpty(), false);
392	QVERIFY(issuer2.contains(QCA::Country, QStringLiteral("AU")));
393	QVERIFY(issuer2.contains(QCA::Organization, QStringLiteral("Qca Development and Test")));
394	QVERIFY(issuer2.contains(QCA::CommonName, QStringLiteral("Qca Test Root Certificate")));
395
396	QByteArray subjectKeyID =
397	QCA::Hex ().stringToArray(QStringLiteral("1e604e03127d287ba40427a961b428a2d09b50d1")).toByteArray();
398	QCOMPARE(client2.subjectKeyId(), subjectKeyID);
399	QCOMPARE(QCA::Hex ().arrayToString(client2.issuerKeyId()),
400	QStringLiteral("f61c451de1b0458138c60568c1a7cb0f7ade0363"));
401
402	QCA::PublicKey pubkey2 = client2.subjectPublicKey();
403	QCOMPARE(pubkey2.isNull(), false);
404	QCOMPARE(pubkey2.isRSA(), true);
405	QCOMPARE(pubkey2.isDSA(), false);
406	QCOMPARE(pubkey2.isDH(), false);
407	QCOMPARE(pubkey2.isPublic(), true);
408	QCOMPARE(pubkey2.isPrivate(), false);
409	QCOMPARE(pubkey2.bitSize(), `1024`);
410
411	QCOMPARE(client2.pathLimit(), `0`);
412
413	QCOMPARE(client2.signatureAlgorithm(), QCA::EMSA3_SHA1);
414
415	QCA::CertificateCollection trusted;
416	QCA::CertificateCollection untrusted;
417	QCOMPARE(client2.validate(trusted, untrusted), QCA::ErrorInvalidCA);
418
419	QCA::ConvertResult resultca2;
420	QCA::Certificate ca2 =
421	QCA::Certificate::fromPEMFile(QStringLiteral("certs/QcaTestRootCert.pem"), result: &resultca2, provider);
422	QCOMPARE(resultca2, QCA::ConvertGood);
423	trusted.addCertificate(cert: ca2);
424
425	QCOMPARE(client2.validate(trusted, untrusted), QCA::ValidityGood);
426	QCOMPARE(client2.validate(trusted, untrusted, QCA::UsageAny), QCA::ValidityGood);
427	QCOMPARE(client2.validate(trusted, untrusted, QCA::UsageTLSServer), QCA::ErrorInvalidPurpose);
428	QCOMPARE(client2.validate(trusted, untrusted, QCA::UsageTLSClient), QCA::ValidityGood);
429	QCOMPARE(client2.validate(trusted, untrusted, QCA::UsageCodeSigning), QCA::ErrorInvalidPurpose);
430	QCOMPARE(client2.validate(trusted, untrusted, QCA::UsageTimeStamping), QCA::ErrorInvalidPurpose);
431	QCOMPARE(client2.validate(trusted, untrusted, QCA::UsageEmailProtection), QCA::ValidityGood);
432	QCOMPARE(client2.validate(trusted, untrusted, QCA::UsageCRLSigning), QCA::ErrorInvalidPurpose);
433	QByteArray derClient2 = client2.toDER();
434	QCOMPARE(derClient2.isEmpty(), false);
435	QCA::Certificate fromDer2 = QCA::Certificate::fromDER(a: derClient2, result: &resultClient2, provider);
436	QCOMPARE(resultClient2, QCA::ConvertGood);
437	QVERIFY(fromDer2 == client2);
438
439	QString pemClient2 = client2.toPEM();
440	QCOMPARE(pemClient2.isEmpty(), false);
441	QCA::Certificate fromPem2 = QCA::Certificate::fromPEM(s: pemClient2, result: &resultClient2, provider);
442	QCOMPARE(resultClient2, QCA::ConvertGood);
443	QVERIFY(fromPem2 == client2);
444	QCOMPARE(fromPem2 != fromDer2, false);
445	}
446	}
447	}
448
449	void CertUnitTest::derCAcertstest()
450	{
451	QStringList providersToTest;
452	providersToTest.append(QStringLiteral("qca-ossl"));
453
454	foreach (const QString provider, providersToTest) {
455	if (!QCA::isSupported(features: "cert", provider))
456	QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
457	else {
458	QFile f(QStringLiteral("certs/ov-root-ca-cert.crt"));
459	QVERIFY(f.open(QFile::ReadOnly));
460	QByteArray der = f.readAll();
461	QCA::ConvertResult resultca1;
462	QCA::Certificate ca1 = QCA::Certificate::fromDER(a: der, result: &resultca1, provider);
463
464	QCOMPARE(resultca1, QCA::ConvertGood);
465
466	QCOMPARE(ca1.pathLimit(), `0`);
467
468	QCOMPARE(ca1.isNull(), false);
469	QCOMPARE(ca1.isCA(), true);
470
471	QCOMPARE(ca1.isSelfSigned(), true);
472
473	QCOMPARE(ca1.serialNumber(), QCA::BigInteger (`0`));
474
475	QCOMPARE(ca1.commonName(), QStringLiteral("For Tests Only"));
476
477	QCA::CertificateInfo si = ca1.subjectInfo();
478	QCOMPARE(si.isEmpty(), false);
479	QCOMPARE(si.value(QCA::CommonName), QStringLiteral("For Tests Only"));
480	QCOMPARE(si.value(QCA::Organization), QStringLiteral("InsecureTestCertificate"));
481	QCOMPARE(si.value(QCA::Country), QStringLiteral("de"));
482
483	QCA::CertificateInfo ii = ca1.issuerInfo();
484	QCOMPARE(ii.isEmpty(), false);
485	QCOMPARE(ii.value(QCA::CommonName), QStringLiteral("For Tests Only"));
486	QCOMPARE(ii.value(QCA::Organization), QStringLiteral("InsecureTestCertificate"));
487	QCOMPARE(ii.value(QCA::Country), QStringLiteral("de"));
488
489	QCOMPARE(ca1.notValidBefore().toString(),
490	QDateTime(QDate(`2001`, `8`, `17`), QTime(`8`, `30`, `39`), Qt::UTC).toString());
491	QCOMPARE(ca1.notValidAfter().toString(),
492	QDateTime(QDate(`2011`, `8`, `15`), QTime(`8`, `30`, `39`), Qt::UTC).toString());
493
494	QCOMPARE(ca1.constraints().contains(QCA::DigitalSignature) == true, true);
495	QCOMPARE(ca1.constraints().contains(QCA::NonRepudiation) == true, true);
496	QCOMPARE(ca1.constraints().contains(QCA::KeyEncipherment) == true, true);
497	QCOMPARE(ca1.constraints().contains(QCA::DataEncipherment) == true, false);
498	QCOMPARE(ca1.constraints().contains(QCA::KeyAgreement) == true, false);
499	QCOMPARE(ca1.constraints().contains(QCA::KeyCertificateSign) == true, true);
500	QCOMPARE(ca1.constraints().contains(QCA::CRLSign) == true, true);
501	QCOMPARE(ca1.constraints().contains(QCA::EncipherOnly) == true, false);
502	QCOMPARE(ca1.constraints().contains(QCA::DecipherOnly) == true, false);
503	QCOMPARE(ca1.constraints().contains(QCA::ServerAuth) == true, false);
504	QCOMPARE(ca1.constraints().contains(QCA::ClientAuth) == true, false);
505	QCOMPARE(ca1.constraints().contains(QCA::CodeSigning) == true, false);
506	QCOMPARE(ca1.constraints().contains(QCA::EmailProtection) == true, false);
507	QCOMPARE(ca1.constraints().contains(QCA::IPSecEndSystem) == true, false);
508	QCOMPARE(ca1.constraints().contains(QCA::IPSecTunnel) == true, false);
509	QCOMPARE(ca1.constraints().contains(QCA::IPSecUser) == true, false);
510	QCOMPARE(ca1.constraints().contains(QCA::TimeStamping) == true, false);
511	QCOMPARE(ca1.constraints().contains(QCA::OCSPSigning) == true, false);
512
513	// no policies on this cert
514	QCOMPARE(ca1.policies().count(), `0`);
515
516	QCOMPARE(ca1.signatureAlgorithm(), QCA::EMSA3_MD5);
517	}
518	}
519	}
520
521	void CertUnitTest::altName()
522	{
523	QStringList providersToTest;
524	providersToTest.append(QStringLiteral("qca-ossl"));
525	// providersToTest.append("qca-botan");
526
527	foreach (const QString provider, providersToTest) {
528	if (!QCA::isSupported(features: "cert", provider))
529	QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
530	else {
531	QCA::ConvertResult resultClient1;
532	QCA::Certificate client1 =
533	QCA::Certificate::fromPEMFile(QStringLiteral("certs/altname.pem"), result: &resultClient1, provider);
534	QCOMPARE(resultClient1, QCA::ConvertGood);
535	QCOMPARE(client1.isNull(), false);
536	QCOMPARE(client1.isCA(), false);
537	QCOMPARE(client1.isSelfSigned(), false);
538
539	QCOMPARE(client1.serialNumber(), QCA::BigInteger (`1`));
540
541	QCOMPARE(client1.commonName(), QStringLiteral("Valid RFC822 nameConstraints EE Certificate Test21"));
542
543	QCOMPARE(client1.constraints().contains(QCA::DigitalSignature) == true, true);
544	QCOMPARE(client1.constraints().contains(QCA::NonRepudiation) == true, true);
545	QCOMPARE(client1.constraints().contains(QCA::KeyEncipherment) == true, true);
546	QCOMPARE(client1.constraints().contains(QCA::DataEncipherment) == true, true);
547	QCOMPARE(client1.constraints().contains(QCA::KeyAgreement) == true, false);
548	QCOMPARE(client1.constraints().contains(QCA::KeyCertificateSign) == true, false);
549	QCOMPARE(client1.constraints().contains(QCA::CRLSign) == true, false);
550	QCOMPARE(client1.constraints().contains(QCA::EncipherOnly) == true, false);
551	QCOMPARE(client1.constraints().contains(QCA::DecipherOnly) == true, false);
552	QCOMPARE(client1.constraints().contains(QCA::ServerAuth) == true, false);
553	QCOMPARE(client1.constraints().contains(QCA::ClientAuth) == true, false);
554	QCOMPARE(client1.constraints().contains(QCA::CodeSigning) == true, false);
555	QCOMPARE(client1.constraints().contains(QCA::EmailProtection) == true, false);
556	QCOMPARE(client1.constraints().contains(QCA::IPSecEndSystem) == true, false);
557	QCOMPARE(client1.constraints().contains(QCA::IPSecTunnel) == true, false);
558	QCOMPARE(client1.constraints().contains(QCA::IPSecUser) == true, false);
559	QCOMPARE(client1.constraints().contains(QCA::TimeStamping) == true, false);
560	QCOMPARE(client1.constraints().contains(QCA::OCSPSigning) == true, false);
561
562	QCOMPARE(client1.policies().count(), `1`);
563	QCOMPARE(client1.policies().at(`0`), QStringLiteral("2.16.840.1.101.3.2.1.48.1"));
564
565	QCA::CertificateInfo subject1 = client1.subjectInfo();
566	QCOMPARE(subject1.isEmpty(), false);
567	QVERIFY(subject1.contains(QCA::Country, QStringLiteral("US")));
568	QVERIFY(subject1.contains(QCA::Organization, QStringLiteral("Test Certificates")));
569	QVERIFY(subject1.contains(QCA::CommonName,
570	QStringLiteral("Valid RFC822 nameConstraints EE Certificate Test21")));
571	QVERIFY(subject1.contains(QCA::Email, QStringLiteral("Test21EE@mailserver.testcertificates.gov")));
572
573	QCA::CertificateInfo issuer1 = client1.issuerInfo();
574	QCOMPARE(issuer1.isEmpty(), false);
575	QVERIFY(issuer1.contains(QCA::Country, QStringLiteral("US")));
576	QVERIFY(issuer1.contains(QCA::Organization, QStringLiteral("Test Certificates")));
577	QVERIFY(issuer1.contains(QCA::CommonName, QStringLiteral("nameConstraints RFC822 CA1")));
578
579	QByteArray subjectKeyID =
580	QCA::Hex ().stringToArray(QStringLiteral("b4200d42cd95ea87d463d54f0ed6d10fe5b73bfb")).toByteArray();
581	QCOMPARE(client1.subjectKeyId(), subjectKeyID);
582	QCOMPARE(QCA::Hex ().arrayToString(client1.issuerKeyId()),
583	QStringLiteral("e37f857a8ea23b9eeeb8121d7913aac4bd2e59ad"));
584
585	QCA::PublicKey pubkey1 = client1.subjectPublicKey();
586	QCOMPARE(pubkey1.isNull(), false);
587	QCOMPARE(pubkey1.isRSA(), true);
588	QCOMPARE(pubkey1.isDSA(), false);
589	QCOMPARE(pubkey1.isDH(), false);
590	QCOMPARE(pubkey1.isPublic(), true);
591	QCOMPARE(pubkey1.isPrivate(), false);
592	QCOMPARE(pubkey1.bitSize(), `1024`);
593
594	QCOMPARE(client1.pathLimit(), `0`);
595
596	QCOMPARE(client1.signatureAlgorithm(), QCA::EMSA3_SHA1);
597	}
598	}
599	}
600
601	void CertUnitTest::extXMPP()
602	{
603	QStringList providersToTest;
604	providersToTest.append(QStringLiteral("qca-ossl"));
605	// providersToTest.append("qca-botan");
606
607	foreach (const QString provider, providersToTest) {
608	if (!QCA::isSupported(features: "cert", provider))
609	QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
610	else {
611	QCA::ConvertResult resultClient1;
612	QCA::Certificate client1 =
613	QCA::Certificate::fromPEMFile(QStringLiteral("certs/xmppcert.pem"), result: &resultClient1, provider);
614	QCOMPARE(resultClient1, QCA::ConvertGood);
615	QCOMPARE(client1.isNull(), false);
616	QCOMPARE(client1.isCA(), false);
617	QCOMPARE(client1.isSelfSigned(), true);
618
619	QCOMPARE(client1.serialNumber(), QCA::BigInteger ("9635301556349760241"));
620
621	QCOMPARE(client1.commonName(), QStringLiteral("demo.jabber.com"));
622
623	QCA::CertificateInfo subject1 = client1.subjectInfo();
624	QCOMPARE(subject1.isEmpty(), false);
625	QVERIFY(subject1.contains(QCA::Country, QStringLiteral("US")));
626	QVERIFY(subject1.contains(QCA::Organization, QStringLiteral("Jabber, Inc.")));
627	QVERIFY(subject1.contains(QCA::Locality, QStringLiteral("Denver")));
628	QVERIFY(subject1.contains(QCA::State, QStringLiteral("Colorado")));
629	QVERIFY(subject1.contains(QCA::CommonName, QStringLiteral("demo.jabber.com")));
630	QVERIFY(subject1.contains(QCA::DNS, QStringLiteral("demo.jabber.com")));
631	QVERIFY(subject1.contains(QCA::XMPP, QStringLiteral("demo.jabber.com")));
632
633	QCA::CertificateInfo issuer1 = client1.issuerInfo();
634	QCOMPARE(issuer1.isEmpty(), false);
635	QVERIFY(issuer1.contains(QCA::Country, QStringLiteral("US")));
636	QVERIFY(issuer1.contains(QCA::Organization, QStringLiteral("Jabber, Inc.")));
637	QVERIFY(issuer1.contains(QCA::Locality, QStringLiteral("Denver")));
638	QVERIFY(issuer1.contains(QCA::State, QStringLiteral("Colorado")));
639	QVERIFY(issuer1.contains(QCA::CommonName, QStringLiteral("demo.jabber.com")));
640	}
641	}
642	}
643
644	void CertUnitTest::altNames76()
645	{
646	QStringList providersToTest;
647	providersToTest.append(QStringLiteral("qca-ossl"));
648	// providersToTest.append("qca-botan");
649
650	foreach (const QString provider, providersToTest) {
651	if (!QCA::isSupported(features: "cert", provider))
652	QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
653	else {
654	QCA::ConvertResult resultClient1;
655	QCA::Certificate client1 =
656	QCA::Certificate::fromPEMFile(QStringLiteral("certs/76.pem"), result: &resultClient1, provider);
657	QCOMPARE(resultClient1, QCA::ConvertGood);
658	QCOMPARE(client1.isNull(), false);
659	QCOMPARE(client1.isCA(), false);
660	QCOMPARE(client1.isSelfSigned(), false);
661
662	QCOMPARE(client1.serialNumber(), QCA::BigInteger (`118`));
663
664	QCOMPARE(client1.commonName(), QStringLiteral("sip1.su.se"));
665
666	QCOMPARE(client1.constraints().contains(QCA::DigitalSignature) == true, true);
667	QCOMPARE(client1.constraints().contains(QCA::NonRepudiation) == true, true);
668	QCOMPARE(client1.constraints().contains(QCA::KeyEncipherment) == true, true);
669	QCOMPARE(client1.constraints().contains(QCA::DataEncipherment) == true, false);
670	QCOMPARE(client1.constraints().contains(QCA::KeyAgreement) == true, false);
671	QCOMPARE(client1.constraints().contains(QCA::KeyCertificateSign) == true, false);
672	QCOMPARE(client1.constraints().contains(QCA::CRLSign) == true, false);
673	QCOMPARE(client1.constraints().contains(QCA::EncipherOnly) == true, false);
674	QCOMPARE(client1.constraints().contains(QCA::DecipherOnly) == true, false);
675	QCOMPARE(client1.constraints().contains(QCA::ServerAuth) == true, true);
676	QCOMPARE(client1.constraints().contains(QCA::ClientAuth) == true, true);
677	QCOMPARE(client1.constraints().contains(QCA::CodeSigning) == true, false);
678	QCOMPARE(client1.constraints().contains(QCA::EmailProtection) == true, false);
679	QCOMPARE(client1.constraints().contains(QCA::IPSecEndSystem) == true, false);
680	QCOMPARE(client1.constraints().contains(QCA::IPSecTunnel) == true, false);
681	QCOMPARE(client1.constraints().contains(QCA::IPSecUser) == true, false);
682	QCOMPARE(client1.constraints().contains(QCA::TimeStamping) == true, false);
683	QCOMPARE(client1.constraints().contains(QCA::OCSPSigning) == true, false);
684
685	QCOMPARE(client1.policies().count(), `1`);
686
687	QCA::CertificateInfo subject1 = client1.subjectInfo();
688	QCOMPARE(subject1.isEmpty(), false);
689	QVERIFY(subject1.contains(QCA::Country, QStringLiteral("SE")));
690	QVERIFY(subject1.contains(QCA::Organization, QStringLiteral("Stockholms universitet")));
691	QVERIFY(subject1.contains(QCA::CommonName, QStringLiteral("sip1.su.se")));
692	QCOMPARE(subject1.values(QCA::Email).count(), `0`); // clazy:exclude=container-anti-pattern
693	QCOMPARE(subject1.values(QCA::DNS).count(), `8`); // clazy:exclude=container-anti-pattern
694	QVERIFY(subject1.contains(QCA::DNS, QStringLiteral("incomingproxy.sip.su.se")));
695	QVERIFY(subject1.contains(QCA::DNS, QStringLiteral("incomingproxy1.sip.su.se")));
696	QVERIFY(subject1.contains(QCA::DNS, QStringLiteral("outgoingproxy.sip.su.se")));
697	QVERIFY(subject1.contains(QCA::DNS, QStringLiteral("outgoingproxy1.sip.su.se")));
698	QVERIFY(subject1.contains(QCA::DNS, QStringLiteral("out.sip.su.se")));
699	QVERIFY(subject1.contains(QCA::DNS, QStringLiteral("appserver.sip.su.se")));
700	QVERIFY(subject1.contains(QCA::DNS, QStringLiteral("appserver1.sip.su.se")));
701	QVERIFY(subject1.contains(QCA::DNS, QStringLiteral("sip1.su.se")));
702
703	QVERIFY(client1.matchesHostName(QStringLiteral("incomingproxy.sip.su.se")));
704	QVERIFY(client1.matchesHostName(QStringLiteral("incomingproxy1.sip.su.se")));
705	QVERIFY(client1.matchesHostName(QStringLiteral("outgoingproxy.sip.su.se")));
706	QVERIFY(client1.matchesHostName(QStringLiteral("outgoingproxy1.sip.su.se")));
707	QVERIFY(client1.matchesHostName(QStringLiteral("out.sip.su.se")));
708	QVERIFY(client1.matchesHostName(QStringLiteral("appserver.sip.su.se")));
709	QVERIFY(client1.matchesHostName(QStringLiteral("appserver1.sip.su.se")));
710	QVERIFY(client1.matchesHostName(QStringLiteral("sip1.su.se")));
711
712	QCA::CertificateInfo issuer1 = client1.issuerInfo();
713	QCOMPARE(issuer1.isEmpty(), false);
714	QVERIFY(issuer1.contains(QCA::Country, QStringLiteral("SE")));
715	QVERIFY(issuer1.contains(QCA::Organization, QStringLiteral("Stockholms universitet")));
716	QVERIFY(issuer1.contains(QCA::CommonName, QStringLiteral("Stockholm University CA")));
717	QVERIFY(issuer1.contains(QCA::URI, QStringLiteral("http://ca.su.se")));
718	QVERIFY(issuer1.contains(QCA::Email, QStringLiteral("ca@su.se")));
719
720	QByteArray subjectKeyID =
721	QCA::Hex ().stringToArray(QStringLiteral("3a5c5cd1cc2c9edf73f73bd81b59b1eab83035c5")).toByteArray();
722	QCOMPARE(client1.subjectKeyId(), subjectKeyID);
723	QCOMPARE(QCA::Hex ().arrayToString(client1.issuerKeyId()),
724	QStringLiteral("9e2e30ba37d95144c99dbf1821f1bd7eeeb58648"));
725
726	QCA::PublicKey pubkey1 = client1.subjectPublicKey();
727	QCOMPARE(pubkey1.isNull(), false);
728	QCOMPARE(pubkey1.isRSA(), true);
729	QCOMPARE(pubkey1.isDSA(), false);
730	QCOMPARE(pubkey1.isDH(), false);
731	QCOMPARE(pubkey1.isPublic(), true);
732	QCOMPARE(pubkey1.isPrivate(), false);
733	QCOMPARE(pubkey1.bitSize(), `1024`);
734
735	QCOMPARE(client1.pathLimit(), `0`);
736
737	QCOMPARE(client1.signatureAlgorithm(), QCA::EMSA3_SHA1);
738	}
739	}
740	}
741
742	void CertUnitTest::sha256cert()
743	{
744	QStringList providersToTest;
745	providersToTest.append(QStringLiteral("qca-ossl"));
746	// providersToTest.append("qca-botan");
747
748	foreach (const QString provider, providersToTest) {
749	if (!QCA::isSupported(features: "cert", provider))
750	QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
751	else {
752	QFile f(QStringLiteral("certs/RAIZ2007_CERTIFICATE_AND_CRL_SIGNING_SHA256.crt"));
753	QVERIFY(f.open(QFile::ReadOnly));
754	QByteArray der = f.readAll();
755	QCA::ConvertResult resultcert;
756	QCA::Certificate cert = QCA::Certificate::fromDER(a: der, result: &resultcert, provider);
757
758	QCOMPARE(resultcert, QCA::ConvertGood);
759	QCOMPARE(cert.isNull(), false);
760	QCOMPARE(cert.isCA(), true);
761	QCOMPARE(cert.isSelfSigned(), true);
762
763	QCA::PublicKey pubkey = cert.subjectPublicKey();
764	QCOMPARE(pubkey.isNull(), false);
765	QCOMPARE(pubkey.isRSA(), true);
766	QCOMPARE(pubkey.isDSA(), false);
767	QCOMPARE(pubkey.isDH(), false);
768	QCOMPARE(pubkey.isPublic(), true);
769	QCOMPARE(pubkey.isPrivate(), false);
770	QCOMPARE(pubkey.bitSize(), `4096`);
771
772	QCOMPARE(cert.pathLimit(), `0`);
773
774	QCOMPARE(cert.signatureAlgorithm(), QCA::EMSA3_SHA256);
775	}
776	}
777	}
778
779	void CertUnitTest::checkExpiredServerCerts()
780	{
781	QStringList providersToTest;
782	providersToTest.append(QStringLiteral("qca-ossl"));
783	// providersToTest.append("qca-botan");
784
785	foreach (const QString provider, providersToTest) {
786	if (!QCA::isSupported(features: "cert", provider))
787	QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
788	else {
789	QCA::ConvertResult resultServer1;
790	QCA::Certificate server1 =
791	QCA::Certificate::fromPEMFile(QStringLiteral("certs/Server.pem"), result: &resultServer1, provider);
792	QCOMPARE(resultServer1, QCA::ConvertGood);
793	QCOMPARE(server1.isNull(), false);
794	QCOMPARE(server1.isCA(), false);
795	QCOMPARE(server1.isSelfSigned(), false);
796
797	QCOMPARE(server1.serialNumber(), QCA::BigInteger (`4`));
798
799	QCOMPARE(server1.commonName(), QStringLiteral("Insecure Server Cert"));
800
801	QCOMPARE(server1.notValidBefore().toString(),
802	QDateTime(QDate(`2001`, `8`, `17`), QTime(`8`, `46`, `24`), Qt::UTC).toString());
803	QCOMPARE(server1.notValidAfter().toString(),
804	QDateTime(QDate(`2006`, `8`, `16`), QTime(`8`, `46`, `24`), Qt::UTC).toString());
805
806	QCOMPARE(server1.constraints().contains(QCA::DigitalSignature) == true, true);
807	QCOMPARE(server1.constraints().contains(QCA::NonRepudiation) == true, false);
808	QCOMPARE(server1.constraints().contains(QCA::KeyEncipherment) == true, true);
809	QCOMPARE(server1.constraints().contains(QCA::DataEncipherment) == true, false);
810	QCOMPARE(server1.constraints().contains(QCA::KeyAgreement) == true, true);
811	QCOMPARE(server1.constraints().contains(QCA::KeyCertificateSign) == true, false);
812	QCOMPARE(server1.constraints().contains(QCA::CRLSign) == true, false);
813	QCOMPARE(server1.constraints().contains(QCA::EncipherOnly) == true, false);
814	QCOMPARE(server1.constraints().contains(QCA::DecipherOnly) == true, false);
815	QCOMPARE(server1.constraints().contains(QCA::ServerAuth) == true, true);
816	QCOMPARE(server1.constraints().contains(QCA::ClientAuth) == true, false);
817	QCOMPARE(server1.constraints().contains(QCA::CodeSigning) == true, false);
818	QCOMPARE(server1.constraints().contains(QCA::EmailProtection) == true, false);
819	QCOMPARE(server1.constraints().contains(QCA::IPSecEndSystem) == true, false);
820	QCOMPARE(server1.constraints().contains(QCA::IPSecTunnel) == true, false);
821	QCOMPARE(server1.constraints().contains(QCA::IPSecUser) == true, false);
822	QCOMPARE(server1.constraints().contains(QCA::TimeStamping) == true, false);
823	QCOMPARE(server1.constraints().contains(QCA::OCSPSigning) == true, false);
824
825	// no policies on this cert
826	QCOMPARE(server1.policies().count(), `0`);
827
828	QCA::CertificateInfo subject1 = server1.subjectInfo();
829	QCOMPARE(subject1.isEmpty(), false);
830	QCOMPARE(subject1.contains(QCA::Country, QStringLiteral("de")) == true, true);
831	QCOMPARE(subject1.contains(QCA::Organization, QStringLiteral("InsecureTestCertificate")) == true, true);
832	QCOMPARE(subject1.contains(QCA::CommonName, QStringLiteral("Insecure Server Cert")) == true, true);
833
834	QCA::CertificateInfo issuer1 = server1.issuerInfo();
835	QCOMPARE(issuer1.isEmpty(), false);
836	QCOMPARE(issuer1.contains(QCA::Country, QStringLiteral("de")) == true, true);
837	QCOMPARE(issuer1.contains(QCA::Organization, QStringLiteral("InsecureTestCertificate")) == true, true);
838	QCOMPARE(issuer1.contains(QCA::CommonName, QStringLiteral("For Tests Only")) == true, true);
839
840	QByteArray subjectKeyID =
841	QCA::Hex ().stringToArray(QStringLiteral("0234E2C906F6E0B44253BE04C0CBA7823A6DB509")).toByteArray();
842	QCOMPARE(server1.subjectKeyId(), subjectKeyID);
843	QByteArray authorityKeyID =
844	QCA::Hex ().stringToArray(QStringLiteral("BF53438278D09EC380E51B67CA0500DFB94883A5")).toByteArray();
845	QCOMPARE(server1.issuerKeyId(), authorityKeyID);
846
847	QCA::PublicKey pubkey1 = server1.subjectPublicKey();
848	QCOMPARE(pubkey1.isNull(), false);
849	QCOMPARE(pubkey1.isRSA(), true);
850	QCOMPARE(pubkey1.isDSA(), false);
851	QCOMPARE(pubkey1.isDH(), false);
852	QCOMPARE(pubkey1.isPublic(), true);
853	QCOMPARE(pubkey1.isPrivate(), false);
854	QCOMPARE(pubkey1.bitSize(), `1024`);
855
856	QCOMPARE(server1.pathLimit(), `0`);
857
858	QCOMPARE(server1.signatureAlgorithm(), QCA::EMSA3_MD5);
859
860	QCA::CertificateCollection trusted;
861	QCA::CertificateCollection untrusted;
862	QCOMPARE(server1.validate(trusted, untrusted), QCA::ErrorInvalidCA);
863
864	QCA::ConvertResult resultca1;
865	QCA::Certificate ca1 =
866	QCA::Certificate::fromPEMFile(QStringLiteral("certs/RootCAcert.pem"), result: &resultca1, provider);
867	QCOMPARE(resultca1, QCA::ConvertGood);
868	trusted.addCertificate(cert: ca1);
869	QCOMPARE(server1.validate(trusted, untrusted), QCA::ErrorExpired);
870	QCOMPARE(server1.validate(trusted, untrusted, QCA::UsageAny), QCA::ErrorExpired);
871	QCOMPARE(server1.validate(trusted, untrusted, QCA::UsageTLSServer), QCA::ErrorExpired);
872	QCOMPARE(server1.validate(trusted, untrusted, QCA::UsageTLSClient), QCA::ErrorExpired);
873	QCOMPARE(server1.validate(trusted, untrusted, QCA::UsageCodeSigning), QCA::ErrorExpired);
874	QCOMPARE(server1.validate(trusted, untrusted, QCA::UsageTimeStamping), QCA::ErrorExpired);
875	QCOMPARE(server1.validate(trusted, untrusted, QCA::UsageEmailProtection), QCA::ErrorExpired);
876	QCOMPARE(server1.validate(trusted, untrusted, QCA::UsageCRLSigning), QCA::ErrorExpired);
877
878	QByteArray derServer1 = server1.toDER();
879	QCOMPARE(derServer1.isEmpty(), false);
880	QCA::Certificate fromDer1 = QCA::Certificate::fromDER(a: derServer1, result: &resultServer1, provider);
881	QCOMPARE(resultServer1, QCA::ConvertGood);
882	QCOMPARE(fromDer1 == server1, true);
883	}
884	}
885	}
886
887	void CertUnitTest::checkServerCerts()
888	{
889	QStringList providersToTest;
890	providersToTest.append(QStringLiteral("qca-ossl"));
891	// providersToTest.append("qca-botan");
892
893	foreach (const QString provider, providersToTest) {
894	if (!QCA::isSupported(features: "cert", provider))
895	QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
896	else {
897	QCA::ConvertResult resultServer1;
898	QCA::Certificate server1 =
899	QCA::Certificate::fromPEMFile(QStringLiteral("certs/QcaTestServerCert.pem"), result: &resultServer1, provider);
900	QCOMPARE(resultServer1, QCA::ConvertGood);
901	QCOMPARE(server1.isNull(), false);
902	QCOMPARE(server1.isCA(), false);
903	QCOMPARE(server1.isSelfSigned(), false);
904
905	QCOMPARE(server1.serialNumber(), QCA::BigInteger ("13149359243510447489"));
906
907	QCOMPARE(server1.commonName(), QStringLiteral("Qca Server Test certificate"));
908
909	QCOMPARE(server1.notValidBefore().toString(),
910	QDateTime(QDate(`2013`, `7`, `31`), QTime(`15`, `23`, `25`), Qt::UTC).toString());
911	QCOMPARE(server1.notValidAfter().toString(),
912	QDateTime(QDate(`2033`, `7`, `26`), QTime(`15`, `23`, `25`), Qt::UTC).toString());
913
914	QCOMPARE(server1.constraints().contains(QCA::DigitalSignature) == true, true);
915	QCOMPARE(server1.constraints().contains(QCA::NonRepudiation) == true, true);
916	QCOMPARE(server1.constraints().contains(QCA::KeyEncipherment) == true, true);
917	QCOMPARE(server1.constraints().contains(QCA::DataEncipherment) == true, false);
918	QCOMPARE(server1.constraints().contains(QCA::KeyAgreement) == true, false);
919	QCOMPARE(server1.constraints().contains(QCA::KeyCertificateSign) == true, false);
920	QCOMPARE(server1.constraints().contains(QCA::CRLSign) == true, false);
921	QCOMPARE(server1.constraints().contains(QCA::EncipherOnly) == true, false);
922	QCOMPARE(server1.constraints().contains(QCA::DecipherOnly) == true, false);
923	QCOMPARE(server1.constraints().contains(QCA::ServerAuth) == true, true);
924	QCOMPARE(server1.constraints().contains(QCA::ClientAuth) == true, false);
925	QCOMPARE(server1.constraints().contains(QCA::CodeSigning) == true, false);
926	QCOMPARE(server1.constraints().contains(QCA::EmailProtection) == true, false);
927	QCOMPARE(server1.constraints().contains(QCA::IPSecEndSystem) == true, false);
928	QCOMPARE(server1.constraints().contains(QCA::IPSecTunnel) == true, false);
929	QCOMPARE(server1.constraints().contains(QCA::IPSecUser) == true, false);
930	QCOMPARE(server1.constraints().contains(QCA::TimeStamping) == true, false);
931	QCOMPARE(server1.constraints().contains(QCA::OCSPSigning) == true, false);
932
933	// no policies on this cert
934	QCOMPARE(server1.policies().count(), `0`);
935
936	QCA::CertificateInfo subject1 = server1.subjectInfo();
937	QCOMPARE(subject1.isEmpty(), false);
938	QVERIFY(subject1.contains(QCA::Country, QStringLiteral("IL")));
939	QVERIFY(subject1.contains(QCA::Organization, QStringLiteral("Qca Development and Test")));
940	QVERIFY(subject1.contains(QCA::OrganizationalUnit, QStringLiteral("Server Management Section")));
941	QVERIFY(subject1.contains(QCA::CommonName, QStringLiteral("Qca Server Test certificate")));
942
943	QCA::CertificateInfo issuer1 = server1.issuerInfo();
944	QCOMPARE(issuer1.isEmpty(), false);
945	QVERIFY(issuer1.contains(QCA::Country, QStringLiteral("AU")));
946	QVERIFY(issuer1.contains(QCA::Organization, QStringLiteral("Qca Development and Test")));
947	QVERIFY(issuer1.contains(QCA::OrganizationalUnit, QStringLiteral("Certificate Generation Section")));
948	QVERIFY(issuer1.contains(QCA::CommonName, QStringLiteral("Qca Test Root Certificate")));
949
950	QByteArray subjectKeyID =
951	QCA::Hex ().stringToArray(QStringLiteral("819870c8b81eab53e72d0446b65790aa0d3eab1a")).toByteArray();
952	QCOMPARE(server1.subjectKeyId(), subjectKeyID);
953	QByteArray authorityKeyID =
954	QCA::Hex ().stringToArray(QStringLiteral("f61c451de1b0458138c60568c1a7cb0f7ade0363")).toByteArray();
955	QCOMPARE(server1.issuerKeyId(), authorityKeyID);
956
957	QCA::PublicKey pubkey1 = server1.subjectPublicKey();
958	QCOMPARE(pubkey1.isNull(), false);
959	QCOMPARE(pubkey1.isRSA(), true);
960	QCOMPARE(pubkey1.isDSA(), false);
961	QCOMPARE(pubkey1.isDH(), false);
962	QCOMPARE(pubkey1.isPublic(), true);
963	QCOMPARE(pubkey1.isPrivate(), false);
964	QCOMPARE(pubkey1.bitSize(), `1024`);
965
966	QCOMPARE(server1.pathLimit(), `0`);
967
968	QCOMPARE(server1.signatureAlgorithm(), QCA::EMSA3_SHA1);
969
970	QCA::CertificateCollection trusted;
971	QCA::CertificateCollection untrusted;
972	QCOMPARE(server1.validate(trusted, untrusted), QCA::ErrorInvalidCA);
973
974	QCA::ConvertResult resultca1;
975	QCA::Certificate ca1 =
976	QCA::Certificate::fromPEMFile(QStringLiteral("certs/QcaTestRootCert.pem"), result: &resultca1, provider);
977	QCOMPARE(resultca1, QCA::ConvertGood);
978	trusted.addCertificate(cert: ca1);
979	QCOMPARE(server1.validate(trusted, untrusted), QCA::ValidityGood);
980	QCOMPARE(server1.validate(trusted, untrusted, QCA::UsageAny), QCA::ValidityGood);
981	QCOMPARE(server1.validate(trusted, untrusted, QCA::UsageTLSServer), QCA::ValidityGood);
982	QCOMPARE(server1.validate(trusted, untrusted, QCA::UsageTLSClient), QCA::ErrorInvalidPurpose);
983	QCOMPARE(server1.validate(trusted, untrusted, QCA::UsageCodeSigning), QCA::ErrorInvalidPurpose);
984	QCOMPARE(server1.validate(trusted, untrusted, QCA::UsageTimeStamping), QCA::ErrorInvalidPurpose);
985	QCOMPARE(server1.validate(trusted, untrusted, QCA::UsageEmailProtection), QCA::ErrorInvalidPurpose);
986	QCOMPARE(server1.validate(trusted, untrusted, QCA::UsageCRLSigning), QCA::ErrorInvalidPurpose);
987
988	QByteArray derServer1 = server1.toDER();
989	QCOMPARE(derServer1.isEmpty(), false);
990	QCA::Certificate fromDer1 = QCA::Certificate::fromDER(a: derServer1, result: &resultServer1, provider);
991	QCOMPARE(resultServer1, QCA::ConvertGood);
992	QCOMPARE(fromDer1 == server1, true);
993	}
994	}
995	}
996
997	void CertUnitTest::checkSystemStore()
998	{
999	if (QCA::isSupported(features: "cert") && QCA::isSupported(features: "crl")) {
1000	QCOMPARE(QCA::haveSystemStore(), true);
1001
1002	QCA::CertificateCollection collection1;
1003	collection1 = QCA::systemStore();
1004	// Do we have any certs?
1005	QVERIFY(collection1.certificates().count() > `0`);
1006	} else {
1007	QCOMPARE(QCA::haveSystemStore(), false);
1008	}
1009	}
1010
1011	void CertUnitTest::crl()
1012	{
1013	QStringList providersToTest;
1014	providersToTest.append(QStringLiteral("qca-ossl"));
1015	// providersToTest.append("qca-botan");
1016
1017	foreach (const QString provider, providersToTest) {
1018	if (!QCA::isSupported(features: "crl", provider))
1019	QWARN((QStringLiteral("Certificate revocation not supported for ") + provider).toLocal8Bit().constData());
1020	else {
1021	QCA::CRL emptyCRL;
1022	QVERIFY(emptyCRL.isNull());
1023
1024	QCA::ConvertResult resultCrl;
1025	QCA::CRL crl1 = QCA::CRL::fromPEMFile(QStringLiteral("certs/Test_CRL.crl"), result: &resultCrl, provider);
1026	QCOMPARE(resultCrl, QCA::ConvertGood);
1027	QCOMPARE(crl1.isNull(), false);
1028
1029	QCA::CertificateInfo issuer = crl1.issuerInfo();
1030	QCOMPARE(issuer.isEmpty(), false);
1031	QVERIFY(issuer.contains(QCA::Country, QStringLiteral("de")));
1032	QVERIFY(issuer.contains(QCA::Organization, QStringLiteral("InsecureTestCertificate")));
1033	QVERIFY(issuer.contains(QCA::CommonName, QStringLiteral("For Tests Only")));
1034
1035	// No keyid extension on this crl
1036	QCOMPARE(QCA::arrayToHex(crl1.issuerKeyId()), QLatin1String(""));
1037
1038	QCOMPARE(crl1.thisUpdate(), QDateTime(QDate(`2001`, `8`, `17`), QTime(`11`, `12`, `03`), Qt::UTC));
1039	QCOMPARE(crl1.nextUpdate(), QDateTime(QDate(`2006`, `8`, `16`), QTime(`11`, `12`, `03`), Qt::UTC));
1040
1041	QCOMPARE(crl1.signatureAlgorithm(), QCA::EMSA3_MD5);
1042
1043	QCOMPARE(crl1.issuerKeyId(), QByteArray(""));
1044	QCOMPARE(crl1, QCA::CRL (crl1));
1045	QCOMPARE(crl1 == QCA::CRL (), false);
1046	QCOMPARE(crl1.number(), -`1`);
1047
1048	QList<QCA::CRLEntry> revokedList = crl1.revoked();
1049	QCOMPARE(revokedList.size(), `2`);
1050	std::sort(first: revokedList.begin(), last: revokedList.end());
1051	QCOMPARE(revokedList[`0`].serialNumber(), QCA::BigInteger ("3"));
1052	QCOMPARE(revokedList[`1`].serialNumber(), QCA::BigInteger ("5"));
1053	QCOMPARE(revokedList[`0`].reason(), QCA::CRLEntry::Unspecified);
1054	QCOMPARE(revokedList[`1`].reason(), QCA::CRLEntry::Unspecified);
1055	QCOMPARE(revokedList[`0`].time(), QDateTime(QDate(`2001`, `8`, `17`), QTime(`11`, `10`, `39`), Qt::UTC));
1056	QCOMPARE(revokedList[`1`].time(), QDateTime(QDate(`2001`, `8`, `17`), QTime(`11`, `11`, `59`), Qt::UTC));
1057
1058	// convert to DER
1059	QByteArray derCRL1 = crl1.toDER();
1060	// check we got something, at least
1061	QCOMPARE(derCRL1.isEmpty(), false);
1062	// convert back from DER
1063	QCA::CRL fromDer1 = QCA::CRL::fromDER(a: derCRL1, result: &resultCrl, provider);
1064	// check the conversion at least appeared to work
1065	QCOMPARE(resultCrl, QCA::ConvertGood);
1066	// check the result is the same as what we started with
1067	QCOMPARE(fromDer1, crl1);
1068	}
1069	}
1070	}
1071
1072	void CertUnitTest::crl2()
1073	{
1074	QStringList providersToTest;
1075	providersToTest.append(QStringLiteral("qca-ossl"));
1076	// providersToTest.append("qca-botan");
1077
1078	foreach (const QString provider, providersToTest) {
1079	if (!QCA::isSupported(features: "crl", provider))
1080	QWARN((QStringLiteral("Certificate revocation not supported for ") + provider).toLocal8Bit().constData());
1081	else {
1082	QCA::ConvertResult resultCrl;
1083	QCA::CRL crl1 = QCA::CRL::fromPEMFile(QStringLiteral("certs/GoodCACRL.pem"), result: &resultCrl, provider);
1084	QCOMPARE(resultCrl, QCA::ConvertGood);
1085	QCOMPARE(crl1.isNull(), false);
1086	QCOMPARE(crl1.provider()->name(), provider);
1087
1088	QCA::CertificateInfo issuer = crl1.issuerInfo();
1089	QCOMPARE(issuer.isEmpty(), false);
1090	QVERIFY(issuer.contains(QCA::Country, QStringLiteral("US")));
1091	QVERIFY(issuer.contains(QCA::Organization, QStringLiteral("Test Certificates")));
1092	QVERIFY(issuer.contains(QCA::CommonName, QStringLiteral("Good CA")));
1093
1094	QCOMPARE(crl1.thisUpdate(), QDateTime(QDate(`2001`, `4`, `19`), QTime(`14`, `57`, `20`), Qt::UTC));
1095	QCOMPARE(crl1.nextUpdate(), QDateTime(QDate(`2011`, `4`, `19`), QTime(`14`, `57`, `20`), Qt::UTC));
1096
1097	QCOMPARE(crl1.signatureAlgorithm(), QCA::EMSA3_SHA1);
1098
1099	QCOMPARE(QCA::arrayToHex(crl1.issuerKeyId()), QStringLiteral("b72ea682cbc2c8bca87b2744d73533df9a1594c7"));
1100	QCOMPARE(crl1.number(), `1`);
1101	QCOMPARE(crl1, QCA::CRL (crl1));
1102	QCOMPARE(crl1 == QCA::CRL (), false);
1103
1104	QList<QCA::CRLEntry> revokedList = crl1.revoked();
1105	QCOMPARE(revokedList.size(), `2`);
1106	std::sort(first: revokedList.begin(), last: revokedList.end());
1107	QCOMPARE(revokedList[`0`].serialNumber(), QCA::BigInteger ("14"));
1108	QCOMPARE(revokedList[`1`].serialNumber(), QCA::BigInteger ("15"));
1109	QCOMPARE(revokedList[`0`].reason(), QCA::CRLEntry::KeyCompromise);
1110	QCOMPARE(revokedList[`1`].reason(), QCA::CRLEntry::KeyCompromise);
1111	QCOMPARE(revokedList[`0`].time(), QDateTime(QDate(`2001`, `4`, `19`), QTime(`14`, `57`, `20`), Qt::UTC));
1112	QCOMPARE(revokedList[`1`].time(), QDateTime(QDate(`2001`, `4`, `19`), QTime(`14`, `57`, `20`), Qt::UTC));
1113
1114	// convert to DER
1115	QByteArray derCRL1 = crl1.toDER();
1116	// check we got something, at least
1117	QCOMPARE(derCRL1.isEmpty(), false);
1118	// convert back from DER
1119	QCA::CRL fromDer1 = QCA::CRL::fromDER(a: derCRL1, result: &resultCrl, provider);
1120	// check the conversion at least appeared to work
1121	QCOMPARE(resultCrl, QCA::ConvertGood);
1122	// check the result is the same as what we started with
1123	QCOMPARE(fromDer1, crl1);
1124
1125	// convert to PEM
1126	QString pemCRL1 = crl1.toPEM();
1127	// check we got something, at least
1128	QCOMPARE(pemCRL1.isEmpty(), false);
1129	// convert back from PEM
1130	QCA::CRL fromPEM1 = QCA::CRL::fromPEM(s: pemCRL1, result: &resultCrl, provider);
1131	// check the conversion at least appeared to work
1132	QCOMPARE(resultCrl, QCA::ConvertGood);
1133	// check the result is the same as what we started with
1134	QCOMPARE(fromPEM1, crl1);
1135	}
1136	}
1137	}
1138
1139	void CertUnitTest::csr()
1140	{
1141	QStringList providersToTest;
1142	providersToTest.append(QStringLiteral("qca-ossl"));
1143	// providersToTest.append("qca-botan");
1144
1145	foreach (const QString provider, providersToTest) {
1146	if (!QCA::isSupported(features: "csr", provider))
1147	QWARN((QStringLiteral("Certificate signing requests not supported for ") + provider)
1148	.toLocal8Bit()
1149	.constData());
1150	else {
1151	QCA::CertificateRequest nullCSR;
1152	QVERIFY(nullCSR.isNull());
1153	// This is copied on purpose to check the assignment operator
1154	QCA::CertificateRequest anotherNullCSR = nullCSR; // NOLINT(performance-unnecessary-copy-initialization)
1155	QVERIFY(anotherNullCSR.isNull());
1156	QCOMPARE(nullCSR, anotherNullCSR);
1157
1158	QCA::ConvertResult resultCsr;
1159	QCA::CertificateRequest csr1 =
1160	QCA::CertificateRequest::fromPEMFile(QStringLiteral("certs/csr1.pem"), result: &resultCsr, provider);
1161	QCOMPARE(resultCsr, QCA::ConvertGood);
1162	QCOMPARE(csr1.isNull(), false);
1163	QCOMPARE(csr1.provider()->name(), provider);
1164	QCA::CertificateInfo subject = csr1.subjectInfo();
1165	QCOMPARE(subject.isEmpty(), false);
1166	QVERIFY(subject.contains(QCA::Country, QStringLiteral("AU")));
1167	QVERIFY(subject.contains(QCA::State, QStringLiteral("Victoria")));
1168	QVERIFY(subject.contains(QCA::Locality, QStringLiteral("Mitcham")));
1169	QVERIFY(subject.contains(QCA::Organization, QStringLiteral("GE Interlogix")));
1170	QVERIFY(subject.contains(QCA::OrganizationalUnit, QStringLiteral("Engineering")));
1171	QVERIFY(subject.contains(QCA::CommonName, QStringLiteral("coldfire")));
1172
1173	QCA::PublicKey pkey = csr1.subjectPublicKey();
1174	QCOMPARE(pkey.isNull(), false);
1175	QVERIFY(pkey.isRSA());
1176
1177	QCA::RSAPublicKey rsaPkey = pkey.toRSA();
1178	QCOMPARE(rsaPkey.isNull(), false);
1179	QCOMPARE(rsaPkey.e(), QCA::BigInteger (`65537`));
1180	QCOMPARE(rsaPkey.n(),
1181	QCA::BigInteger ("104853561647822232509211983664549572246855698961210758585652966258891659217901732"
1182	"470712446421431206166165309547771124747713609923038218156616083520796442797276676"
1183	"074122658684367500665423564881889504308700315044585826841844654287577169905826705"
1184	"891670004942854611681809539126326134927995969418712881512819058439"));
1185
1186	QCOMPARE(csr1.signatureAlgorithm(), QCA::EMSA3_MD5);
1187	}
1188	}
1189	}
1190
1191	void CertUnitTest::csr2()
1192	{
1193	QStringList providersToTest;
1194	providersToTest.append(QStringLiteral("qca-ossl"));
1195	// providersToTest.append("qca-botan");
1196
1197	foreach (const QString provider, providersToTest) {
1198	if (!QCA::isSupported(features: "csr", provider))
1199	QWARN((QStringLiteral("Certificate signing requests not supported for ") + provider)
1200	.toLocal8Bit()
1201	.constData());
1202	else {
1203	QCA::ConvertResult resultCsr;
1204	QCA::CertificateRequest csr1 =
1205	QCA::CertificateRequest::fromPEMFile(QStringLiteral("certs/newreq.pem"), result: &resultCsr, provider);
1206	QCOMPARE(resultCsr, QCA::ConvertGood);
1207	QCOMPARE(csr1.isNull(), false);
1208	QCOMPARE(csr1.provider()->name(), provider);
1209	QCA::CertificateInfo subject = csr1.subjectInfo();
1210	QCOMPARE(subject.isEmpty(), false);
1211	QVERIFY(subject.contains(QCA::Country, QStringLiteral("AI")));
1212	QVERIFY(subject.contains(QCA::State, QStringLiteral("Hutt River Province")));
1213	QVERIFY(subject.contains(QCA::Locality, QStringLiteral("Lesser Internet")));
1214	QVERIFY(subject.contains(QCA::Organization, QStringLiteral("My Company Ltd")));
1215	QVERIFY(subject.contains(QCA::OrganizationalUnit, QStringLiteral("Backwater Branch Office")));
1216	QVERIFY(subject.contains(QCA::CommonName, QStringLiteral("FirstName Surname")));
1217
1218	QCA::PublicKey pkey = csr1.subjectPublicKey();
1219	QCOMPARE(pkey.isNull(), false);
1220	QVERIFY(pkey.isRSA());
1221
1222	QCA::RSAPublicKey rsaPkey = pkey.toRSA();
1223	QCOMPARE(rsaPkey.isNull(), false);
1224	QCOMPARE(rsaPkey.e(), QCA::BigInteger (`65537`));
1225	QCOMPARE(rsaPkey.n(),
1226	QCA::BigInteger ("151872780463004414908584891835397365176526767139347372444365914360701714510188717"
1227	"169754430290680734981291754624394094502297070722505032645306680495915914243593438"
1228	"796635264236530526146243919417744996366836534380790370421346490191416041004278161"
1229	"146551997010463199760480957900518811859984176646089981367745961681"));
1230
1231	QCOMPARE(csr1.signatureAlgorithm(), QCA::EMSA3_MD5);
1232
1233	// convert to DER
1234	QByteArray derCSR1 = csr1.toDER();
1235	// check we got something, at least
1236	QCOMPARE(derCSR1.isEmpty(), false);
1237	// convert back from DER
1238	QCA::CertificateRequest fromDer1 = QCA::CertificateRequest::fromDER(a: derCSR1, result: &resultCsr, provider);
1239	// check the conversion at least appeared to work
1240	QCOMPARE(resultCsr, QCA::ConvertGood);
1241	// check the result is the same as what we started with
1242	QCOMPARE(fromDer1, csr1);
1243
1244	// convert to PEM
1245	QString pemCSR1 = csr1.toPEM();
1246	// check we got something, at least
1247	QCOMPARE(pemCSR1.isEmpty(), false);
1248	// convert back from PEM
1249	QCA::CertificateRequest fromPEM1 = QCA::CertificateRequest::fromPEM(s: pemCSR1, result: &resultCsr, provider);
1250	// check the conversion at least appeared to work
1251	QCOMPARE(resultCsr, QCA::ConvertGood);
1252	// check the result is the same as what we started with
1253	QCOMPARE(fromPEM1, csr1);
1254	}
1255	}
1256	}
1257	QTEST_MAIN(CertUnitTest)
1258
1259	#include "certunittest.moc"
1260

source code of qca/unittest/certunittest/certunittest.cpp