1/**
2 * Copyright (C) 2006 Brad Hards <bradh@frogmouth.net>
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 */
25
26#include <QtCrypto>
27#include <QtTest/QtTest>
28
29#ifdef QT_STATICPLUGIN
30#include "import_plugins.h"
31#endif
32
33class Pkits : public QObject
34{
35 Q_OBJECT
36
37private Q_SLOTS:
38 void initTestCase();
39
40 void pkits4_1_1();
41 void pkits4_1_2();
42 void pkits4_1_3();
43 void pkits4_1_4();
44 void pkits4_1_5();
45 void pkits4_1_6();
46
47 void pkits4_2_1();
48 void pkits4_2_2();
49 void pkits4_2_3();
50 void pkits4_2_4();
51 void pkits4_2_5();
52 void pkits4_2_6();
53 void pkits4_2_7();
54 void pkits4_2_8();
55
56 void pkits4_3_1();
57 void pkits4_3_2();
58 void pkits4_3_3();
59 void pkits4_3_4();
60 void pkits4_3_5();
61 void pkits4_3_6();
62 void pkits4_3_9();
63#ifdef ALL_PKITS_TESTS
64 void pkits4_3_7();
65 void pkits4_3_8();
66 void pkits4_3_10();
67 void pkits4_3_11();
68#endif
69 void pkits4_4_1();
70 void pkits4_4_2();
71 void pkits4_4_3();
72
73 void cleanupTestCase();
74
75private:
76 QCA::Initializer *m_init;
77};
78
79void Pkits::initTestCase()
80{
81 m_init = new QCA::Initializer;
82}
83
84void Pkits::cleanupTestCase()
85{
86 delete m_init;
87}
88
89static QCA::Certificate certFromDERFile(const QString &fileName, const QString &provider)
90{
91 QFile certFile(fileName);
92 certFile.open(flags: QFile::ReadOnly);
93 QByteArray certArray = certFile.readAll();
94 QCA::ConvertResult resultCert;
95 QCA::Certificate cert = QCA::Certificate::fromDER(a: certArray, result: &resultCert, provider);
96 return cert;
97}
98
99static QCA::CRL crlFromDERFile(const QString &fileName, const QString &provider)
100{
101 QFile crlFile(fileName);
102 crlFile.open(flags: QFile::ReadOnly);
103 QByteArray crlArray = crlFile.readAll();
104 QCA::ConvertResult crlResult;
105 QCA::CRL crl = QCA::CRL::fromDER(a: crlArray, result: &crlResult, provider);
106 return crl;
107}
108
109void Pkits::pkits4_1_1()
110{
111 QStringList providersToTest;
112 providersToTest.append(QStringLiteral("qca-ossl"));
113
114 foreach (const QString provider, providersToTest) {
115 if (!QCA::isSupported(features: "cert", provider))
116 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
117 else {
118 QCA::Certificate cert = certFromDERFile(QStringLiteral("certs/ValidCertificatePathTest1EE.crt"), provider);
119 QCOMPARE(cert.isNull(), false);
120
121 QCOMPARE(cert.policies().count(), 1);
122
123 QCA::CertificateCollection trusted;
124 QCA::CertificateCollection untrusted;
125 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA);
126
127 QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider);
128 QCOMPARE(root.isNull(), false);
129 trusted.addCertificate(cert: root);
130 QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider);
131 QCOMPARE(rootCRL.isNull(), false);
132 trusted.addCRL(crl: rootCRL);
133
134 QCA::Certificate ca = certFromDERFile(QStringLiteral("certs/GoodCACert.crt"), provider);
135 QCOMPARE(ca.isNull(), false);
136 untrusted.addCertificate(cert: ca);
137 QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/GoodCACRL.crl"), provider);
138 QCOMPARE(caCRL.isNull(), false);
139 untrusted.addCRL(crl: caCRL);
140
141 QCOMPARE(cert.validate(trusted, untrusted), QCA::ValidityGood);
142 }
143 }
144}
145
146void Pkits::pkits4_1_2()
147{
148 QStringList providersToTest;
149 providersToTest.append(QStringLiteral("qca-ossl"));
150
151 foreach (const QString provider, providersToTest) {
152 if (!QCA::isSupported(features: "cert", provider))
153 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
154 else {
155 QCA::Certificate cert = certFromDERFile(QStringLiteral("certs/InvalidCASignatureTest2EE.crt"), provider);
156 QCOMPARE(cert.isNull(), false);
157
158 QCOMPARE(cert.policies().count(), 1);
159
160 QCA::CertificateCollection trusted;
161 QCA::CertificateCollection untrusted;
162 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA);
163
164 QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider);
165 QCOMPARE(root.isNull(), false);
166 trusted.addCertificate(cert: root);
167 QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider);
168 QCOMPARE(rootCRL.isNull(), false);
169 trusted.addCRL(crl: rootCRL);
170
171 QCA::Certificate ca = certFromDERFile(QStringLiteral("certs/BadSignedCACert.crt"), provider);
172 QCOMPARE(ca.isNull(), false);
173 untrusted.addCertificate(cert: ca);
174 QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/BadSignedCACRL.crl"), provider);
175 QCOMPARE(caCRL.isNull(), false);
176 untrusted.addCRL(crl: caCRL);
177
178 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorSignatureFailed);
179 }
180 }
181}
182
183void Pkits::pkits4_1_3()
184{
185 QStringList providersToTest;
186 providersToTest.append(QStringLiteral("qca-ossl"));
187
188 foreach (const QString provider, providersToTest) {
189 if (!QCA::isSupported(features: "cert", provider))
190 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
191 else {
192 QCA::Certificate cert = certFromDERFile(QStringLiteral("certs/InvalidEESignatureTest3EE.crt"), provider);
193 QCOMPARE(cert.isNull(), false);
194
195 QCOMPARE(cert.policies().count(), 1);
196
197 QCA::CertificateCollection trusted;
198 QCA::CertificateCollection untrusted;
199 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA);
200
201 QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider);
202 QCOMPARE(root.isNull(), false);
203 trusted.addCertificate(cert: root);
204 QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider);
205 QCOMPARE(rootCRL.isNull(), false);
206 trusted.addCRL(crl: rootCRL);
207
208 QCA::Certificate ca = certFromDERFile(QStringLiteral("certs/GoodCACert.crt"), provider);
209 QCOMPARE(ca.isNull(), false);
210 untrusted.addCertificate(cert: ca);
211 QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/GoodCACRL.crl"), provider);
212 QCOMPARE(caCRL.isNull(), false);
213 untrusted.addCRL(crl: caCRL);
214
215 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorSignatureFailed);
216 }
217 }
218}
219
220void Pkits::pkits4_1_4()
221{
222 QStringList providersToTest;
223 providersToTest.append(QStringLiteral("qca-ossl"));
224
225 foreach (const QString provider, providersToTest) {
226 if (!QCA::isSupported(features: "cert", provider))
227 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
228 else {
229 QCA::Certificate cert = certFromDERFile(QStringLiteral("certs/ValidDSASignaturesTest4EE.crt"), provider);
230 QCOMPARE(cert.isNull(), false);
231
232 QCOMPARE(cert.policies().count(), 1);
233
234 QCA::CertificateCollection trusted;
235 QCA::CertificateCollection untrusted;
236 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA);
237
238 QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider);
239 QCOMPARE(root.isNull(), false);
240 trusted.addCertificate(cert: root);
241 QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider);
242 QCOMPARE(rootCRL.isNull(), false);
243 trusted.addCRL(crl: rootCRL);
244
245 QCA::Certificate ca = certFromDERFile(QStringLiteral("certs/DSACACert.crt"), provider);
246 QCOMPARE(ca.isNull(), false);
247 untrusted.addCertificate(cert: ca);
248 QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/DSACACRL.crl"), provider);
249 QCOMPARE(caCRL.isNull(), false);
250 untrusted.addCRL(crl: caCRL);
251
252 QCOMPARE(cert.validate(trusted, untrusted), QCA::ValidityGood);
253 }
254 }
255}
256
257void Pkits::pkits4_1_5()
258{
259 // openssl has decided that they don't want to support this ¯\_(ツ)_/¯
260 // https://github.com/openssl/openssl/issues/20233
261#if 0
262 QStringList providersToTest;
263 providersToTest.append(QStringLiteral("qca-ossl"));
264
265 foreach (const QString provider, providersToTest) {
266 if (!QCA::isSupported("cert", provider))
267 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
268 else {
269 QCA::Certificate cert =
270 certFromDERFile(QStringLiteral("certs/ValidDSAParameterInheritanceTest5EE.crt"), provider);
271 QCOMPARE(cert.isNull(), false);
272
273 // QCOMPARE( cert.policies().count(), 1 );
274
275 QCA::CertificateCollection trusted;
276 QCA::CertificateCollection untrusted;
277 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA);
278
279 QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider);
280 QCOMPARE(root.isNull(), false);
281 trusted.addCertificate(root);
282 QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider);
283 QCOMPARE(rootCRL.isNull(), false);
284 trusted.addCRL(rootCRL);
285
286 QCA::Certificate ca = certFromDERFile(QStringLiteral("certs/DSACACert.crt"), provider);
287 QCOMPARE(ca.isNull(), false);
288 untrusted.addCertificate(ca);
289 QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/DSACACRL.crl"), provider);
290 QCOMPARE(caCRL.isNull(), false);
291 untrusted.addCRL(caCRL);
292
293 QCA::Certificate params =
294 certFromDERFile(QStringLiteral("certs/DSAParametersInheritedCACert.crt"), provider);
295 QCOMPARE(params.isNull(), false);
296 untrusted.addCertificate(params);
297 QCA::CRL paramsCRL = crlFromDERFile(QStringLiteral("certs/DSAParametersInheritedCACRL.crl"), provider);
298 QCOMPARE(paramsCRL.isNull(), false);
299 untrusted.addCRL(paramsCRL);
300
301 QCOMPARE(cert.validate(trusted, untrusted), QCA::ValidityGood);
302 }
303 }
304#endif
305}
306
307void Pkits::pkits4_1_6()
308{
309 QStringList providersToTest;
310 providersToTest.append(QStringLiteral("qca-ossl"));
311
312 foreach (const QString provider, providersToTest) {
313 if (!QCA::isSupported(features: "cert", provider))
314 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
315 else {
316 QCA::Certificate cert = certFromDERFile(QStringLiteral("certs/InvalidDSASignatureTest6EE.crt"), provider);
317 QCOMPARE(cert.isNull(), false);
318
319 QCA::CertificateCollection trusted;
320 QCA::CertificateCollection untrusted;
321 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA);
322
323 QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider);
324 QCOMPARE(root.isNull(), false);
325 trusted.addCertificate(cert: root);
326 QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider);
327 QCOMPARE(rootCRL.isNull(), false);
328 trusted.addCRL(crl: rootCRL);
329
330 QCA::Certificate ca = certFromDERFile(QStringLiteral("certs/DSACACert.crt"), provider);
331 QCOMPARE(ca.isNull(), false);
332 untrusted.addCertificate(cert: ca);
333 QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/DSACACRL.crl"), provider);
334 QCOMPARE(caCRL.isNull(), false);
335 untrusted.addCRL(crl: caCRL);
336
337 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorSignatureFailed);
338 }
339 }
340}
341
342void Pkits::pkits4_2_1()
343{
344 QStringList providersToTest;
345 providersToTest.append(QStringLiteral("qca-ossl"));
346
347 foreach (const QString provider, providersToTest) {
348 if (!QCA::isSupported(features: "cert", provider))
349 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
350 else {
351 QCA::Certificate cert =
352 certFromDERFile(QStringLiteral("certs/InvalidCAnotBeforeDateTest1EE.crt"), provider);
353 QCOMPARE(cert.isNull(), false);
354
355 QCA::CertificateCollection trusted;
356 QCA::CertificateCollection untrusted;
357 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA);
358
359 QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider);
360 QCOMPARE(root.isNull(), false);
361 trusted.addCertificate(cert: root);
362 QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider);
363 QCOMPARE(rootCRL.isNull(), false);
364 trusted.addCRL(crl: rootCRL);
365
366 QCA::Certificate ca = certFromDERFile(QStringLiteral("certs/BadnotBeforeDateCACert.crt"), provider);
367 QCOMPARE(ca.isNull(), false);
368 untrusted.addCertificate(cert: ca);
369 QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/BadnotBeforeDateCACRL.crl"), provider);
370 QCOMPARE(caCRL.isNull(), false);
371 untrusted.addCRL(crl: caCRL);
372
373 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorExpired);
374 }
375 }
376}
377
378void Pkits::pkits4_2_2()
379{
380 QStringList providersToTest;
381 providersToTest.append(QStringLiteral("qca-ossl"));
382
383 foreach (const QString provider, providersToTest) {
384 if (!QCA::isSupported(features: "cert", provider))
385 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
386 else {
387 QCA::Certificate cert =
388 certFromDERFile(QStringLiteral("certs/InvalidEEnotBeforeDateTest2EE.crt"), provider);
389 QCOMPARE(cert.isNull(), false);
390
391 QCA::CertificateCollection trusted;
392 QCA::CertificateCollection untrusted;
393 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA);
394
395 QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider);
396 QCOMPARE(root.isNull(), false);
397 trusted.addCertificate(cert: root);
398 QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider);
399 QCOMPARE(rootCRL.isNull(), false);
400 trusted.addCRL(crl: rootCRL);
401
402 QCA::Certificate ca = certFromDERFile(QStringLiteral("certs/GoodCACert.crt"), provider);
403 QCOMPARE(ca.isNull(), false);
404 untrusted.addCertificate(cert: ca);
405 QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/GoodCACRL.crl"), provider);
406 QCOMPARE(caCRL.isNull(), false);
407 untrusted.addCRL(crl: caCRL);
408
409 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorExpired);
410 }
411 }
412}
413
414void Pkits::pkits4_2_3()
415{
416 QStringList providersToTest;
417 providersToTest.append(QStringLiteral("qca-ossl"));
418
419 foreach (const QString provider, providersToTest) {
420 if (!QCA::isSupported(features: "cert", provider))
421 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
422 else {
423 QCA::Certificate cert =
424 certFromDERFile(QStringLiteral("certs/Validpre2000UTCnotBeforeDateTest3EE.crt"), provider);
425 QCOMPARE(cert.isNull(), false);
426
427 QCA::CertificateCollection trusted;
428 QCA::CertificateCollection untrusted;
429 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA);
430
431 QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider);
432 QCOMPARE(root.isNull(), false);
433 trusted.addCertificate(cert: root);
434 QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider);
435 QCOMPARE(rootCRL.isNull(), false);
436 trusted.addCRL(crl: rootCRL);
437
438 QCA::Certificate ca = certFromDERFile(QStringLiteral("certs/GoodCACert.crt"), provider);
439 QCOMPARE(ca.isNull(), false);
440 untrusted.addCertificate(cert: ca);
441 QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/GoodCACRL.crl"), provider);
442 QCOMPARE(caCRL.isNull(), false);
443 untrusted.addCRL(crl: caCRL);
444
445 QCOMPARE(cert.validate(trusted, untrusted), QCA::ValidityGood);
446 }
447 }
448}
449
450void Pkits::pkits4_2_4()
451{
452 QStringList providersToTest;
453 providersToTest.append(QStringLiteral("qca-ossl"));
454
455 foreach (const QString provider, providersToTest) {
456 if (!QCA::isSupported(features: "cert", provider))
457 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
458 else {
459 QCA::Certificate cert =
460 certFromDERFile(QStringLiteral("certs/ValidGeneralizedTimenotBeforeDateTest4EE.crt"), provider);
461 QCOMPARE(cert.isNull(), false);
462
463 QCA::CertificateCollection trusted;
464 QCA::CertificateCollection untrusted;
465 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA);
466
467 QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider);
468 QCOMPARE(root.isNull(), false);
469 trusted.addCertificate(cert: root);
470 QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider);
471 QCOMPARE(rootCRL.isNull(), false);
472 trusted.addCRL(crl: rootCRL);
473
474 QCA::Certificate ca = certFromDERFile(QStringLiteral("certs/GoodCACert.crt"), provider);
475 QCOMPARE(ca.isNull(), false);
476 untrusted.addCertificate(cert: ca);
477 QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/GoodCACRL.crl"), provider);
478 QCOMPARE(caCRL.isNull(), false);
479 untrusted.addCRL(crl: caCRL);
480
481 QCOMPARE(cert.validate(trusted, untrusted), QCA::ValidityGood);
482 }
483 }
484}
485
486void Pkits::pkits4_2_5()
487{
488 QStringList providersToTest;
489 providersToTest.append(QStringLiteral("qca-ossl"));
490
491 foreach (const QString provider, providersToTest) {
492 if (!QCA::isSupported(features: "cert", provider))
493 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
494 else {
495 QCA::Certificate cert = certFromDERFile(QStringLiteral("certs/InvalidCAnotAfterDateTest5EE.crt"), provider);
496 QCOMPARE(cert.isNull(), false);
497
498 QCA::CertificateCollection trusted;
499 QCA::CertificateCollection untrusted;
500 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA);
501
502 QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider);
503 QCOMPARE(root.isNull(), false);
504 trusted.addCertificate(cert: root);
505 QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider);
506 QCOMPARE(rootCRL.isNull(), false);
507 trusted.addCRL(crl: rootCRL);
508
509 QCA::Certificate ca = certFromDERFile(QStringLiteral("certs/BadnotAfterDateCACert.crt"), provider);
510 QCOMPARE(ca.isNull(), false);
511 untrusted.addCertificate(cert: ca);
512 QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/BadnotAfterDateCACRL.crl"), provider);
513 QCOMPARE(caCRL.isNull(), false);
514 untrusted.addCRL(crl: caCRL);
515
516 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorExpired);
517 }
518 }
519}
520
521void Pkits::pkits4_2_6()
522{
523 QStringList providersToTest;
524 providersToTest.append(QStringLiteral("qca-ossl"));
525
526 foreach (const QString provider, providersToTest) {
527 if (!QCA::isSupported(features: "cert", provider))
528 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
529 else {
530 QCA::Certificate cert = certFromDERFile(QStringLiteral("certs/InvalidEEnotAfterDateTest6EE.crt"), provider);
531 QCOMPARE(cert.isNull(), false);
532
533 QCA::CertificateCollection trusted;
534 QCA::CertificateCollection untrusted;
535 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA);
536
537 QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider);
538 QCOMPARE(root.isNull(), false);
539 trusted.addCertificate(cert: root);
540 QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider);
541 QCOMPARE(rootCRL.isNull(), false);
542 trusted.addCRL(crl: rootCRL);
543
544 QCA::Certificate ca = certFromDERFile(QStringLiteral("certs/GoodCACert.crt"), provider);
545 QCOMPARE(ca.isNull(), false);
546 untrusted.addCertificate(cert: ca);
547 QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/GoodCACRL.crl"), provider);
548 QCOMPARE(caCRL.isNull(), false);
549 untrusted.addCRL(crl: caCRL);
550
551 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorExpired);
552 }
553 }
554}
555
556void Pkits::pkits4_2_7()
557{
558 QStringList providersToTest;
559 providersToTest.append(QStringLiteral("qca-ossl"));
560
561 foreach (const QString provider, providersToTest) {
562 if (!QCA::isSupported(features: "cert", provider))
563 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
564 else {
565 QCA::Certificate cert =
566 certFromDERFile(QStringLiteral("certs/Invalidpre2000UTCEEnotAfterDateTest7EE.crt"), provider);
567 QCOMPARE(cert.isNull(), false);
568
569 QCA::CertificateCollection trusted;
570 QCA::CertificateCollection untrusted;
571 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA);
572
573 QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider);
574 QCOMPARE(root.isNull(), false);
575 trusted.addCertificate(cert: root);
576 QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider);
577 QCOMPARE(rootCRL.isNull(), false);
578 trusted.addCRL(crl: rootCRL);
579
580 QCA::Certificate ca = certFromDERFile(QStringLiteral("certs/GoodCACert.crt"), provider);
581 QCOMPARE(ca.isNull(), false);
582 untrusted.addCertificate(cert: ca);
583 QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/GoodCACRL.crl"), provider);
584 QCOMPARE(caCRL.isNull(), false);
585 untrusted.addCRL(crl: caCRL);
586
587 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorExpired);
588 }
589 }
590}
591
592void Pkits::pkits4_2_8()
593{
594 QStringList providersToTest;
595 providersToTest.append(QStringLiteral("qca-ossl"));
596
597 foreach (const QString provider, providersToTest) {
598 if (!QCA::isSupported(features: "cert", provider))
599 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
600 else {
601 QCA::Certificate cert =
602 certFromDERFile(QStringLiteral("certs/ValidGeneralizedTimenotAfterDateTest8EE.crt"), provider);
603 QCOMPARE(cert.isNull(), false);
604
605 QCA::CertificateCollection trusted;
606 QCA::CertificateCollection untrusted;
607 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA);
608
609 QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider);
610 QCOMPARE(root.isNull(), false);
611 trusted.addCertificate(cert: root);
612 QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider);
613 QCOMPARE(rootCRL.isNull(), false);
614 trusted.addCRL(crl: rootCRL);
615
616 QCA::Certificate ca = certFromDERFile(QStringLiteral("certs/GoodCACert.crt"), provider);
617 QCOMPARE(ca.isNull(), false);
618 untrusted.addCertificate(cert: ca);
619 QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/GoodCACRL.crl"), provider);
620 QCOMPARE(caCRL.isNull(), false);
621 untrusted.addCRL(crl: caCRL);
622
623 QCOMPARE(cert.validate(trusted, untrusted), QCA::ValidityGood);
624 }
625 }
626}
627
628void Pkits::pkits4_3_1()
629{
630 QStringList providersToTest;
631 providersToTest.append(QStringLiteral("qca-ossl"));
632
633 foreach (const QString provider, providersToTest) {
634 if (!QCA::isSupported(features: "cert", provider))
635 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
636 else {
637 QCA::Certificate cert = certFromDERFile(QStringLiteral("certs/InvalidNameChainingTest1EE.crt"), provider);
638 QCOMPARE(cert.isNull(), false);
639
640 QCA::CertificateCollection trusted;
641 QCA::CertificateCollection untrusted;
642 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA);
643
644 QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider);
645 QCOMPARE(root.isNull(), false);
646 trusted.addCertificate(cert: root);
647 QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider);
648 QCOMPARE(rootCRL.isNull(), false);
649 trusted.addCRL(crl: rootCRL);
650
651 QCA::Certificate ca = certFromDERFile(QStringLiteral("certs/GoodCACert.crt"), provider);
652 QCOMPARE(ca.isNull(), false);
653 untrusted.addCertificate(cert: ca);
654 QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/GoodCACRL.crl"), provider);
655 QCOMPARE(caCRL.isNull(), false);
656 untrusted.addCRL(crl: caCRL);
657
658 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA);
659 }
660 }
661}
662
663void Pkits::pkits4_3_2()
664{
665 QStringList providersToTest;
666 providersToTest.append(QStringLiteral("qca-ossl"));
667
668 foreach (const QString provider, providersToTest) {
669 if (!QCA::isSupported(features: "cert", provider))
670 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
671 else {
672 QCA::Certificate cert =
673 certFromDERFile(QStringLiteral("certs/InvalidNameChainingOrderTest2EE.crt"), provider);
674 QCOMPARE(cert.isNull(), false);
675
676 QCA::CertificateCollection trusted;
677 QCA::CertificateCollection untrusted;
678 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA);
679
680 QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider);
681 QCOMPARE(root.isNull(), false);
682 trusted.addCertificate(cert: root);
683 QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider);
684 QCOMPARE(rootCRL.isNull(), false);
685 trusted.addCRL(crl: rootCRL);
686
687 QCA::Certificate ca = certFromDERFile(QStringLiteral("certs/GoodCACert.crt"), provider);
688 QCOMPARE(ca.isNull(), false);
689 untrusted.addCertificate(cert: ca);
690 QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/GoodCACRL.crl"), provider);
691 QCOMPARE(caCRL.isNull(), false);
692 untrusted.addCRL(crl: caCRL);
693
694 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA);
695 }
696 }
697}
698
699void Pkits::pkits4_3_3()
700{
701 QStringList providersToTest;
702 providersToTest.append(QStringLiteral("qca-ossl"));
703
704 foreach (const QString provider, providersToTest) {
705 if (!QCA::isSupported(features: "cert", provider))
706 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
707 else {
708 QCA::Certificate cert =
709 certFromDERFile(QStringLiteral("certs/ValidNameChainingWhitespaceTest3EE.crt"), provider);
710 QCOMPARE(cert.isNull(), false);
711
712 QCA::CertificateCollection trusted;
713 QCA::CertificateCollection untrusted;
714 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA);
715
716 QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider);
717 QCOMPARE(root.isNull(), false);
718 trusted.addCertificate(cert: root);
719 QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider);
720 QCOMPARE(rootCRL.isNull(), false);
721 trusted.addCRL(crl: rootCRL);
722
723 QCA::Certificate ca = certFromDERFile(QStringLiteral("certs/GoodCACert.crt"), provider);
724 QCOMPARE(ca.isNull(), false);
725 untrusted.addCertificate(cert: ca);
726 QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/GoodCACRL.crl"), provider);
727 QCOMPARE(caCRL.isNull(), false);
728 untrusted.addCRL(crl: caCRL);
729
730 QCOMPARE(cert.validate(trusted, untrusted), QCA::ValidityGood);
731 }
732 }
733}
734
735void Pkits::pkits4_3_4()
736{
737 QStringList providersToTest;
738 providersToTest.append(QStringLiteral("qca-ossl"));
739
740 foreach (const QString provider, providersToTest) {
741 if (!QCA::isSupported(features: "cert", provider))
742 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
743 else {
744 QCA::Certificate cert =
745 certFromDERFile(QStringLiteral("certs/ValidNameChainingWhitespaceTest4EE.crt"), provider);
746 QCOMPARE(cert.isNull(), false);
747
748 QCA::CertificateCollection trusted;
749 QCA::CertificateCollection untrusted;
750 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA);
751
752 QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider);
753 QCOMPARE(root.isNull(), false);
754 trusted.addCertificate(cert: root);
755 QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider);
756 QCOMPARE(rootCRL.isNull(), false);
757 trusted.addCRL(crl: rootCRL);
758
759 QCA::Certificate ca = certFromDERFile(QStringLiteral("certs/GoodCACert.crt"), provider);
760 QCOMPARE(ca.isNull(), false);
761 untrusted.addCertificate(cert: ca);
762 QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/GoodCACRL.crl"), provider);
763 QCOMPARE(caCRL.isNull(), false);
764 untrusted.addCRL(crl: caCRL);
765
766 QCOMPARE(cert.validate(trusted, untrusted), QCA::ValidityGood);
767 }
768 }
769}
770
771void Pkits::pkits4_3_5()
772{
773 QStringList providersToTest;
774 providersToTest.append(QStringLiteral("qca-ossl"));
775
776 foreach (const QString provider, providersToTest) {
777 if (!QCA::isSupported(features: "cert", provider))
778 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
779 else {
780 QCA::Certificate cert =
781 certFromDERFile(QStringLiteral("certs/ValidNameChainingCapitalizationTest5EE.crt"), provider);
782 QCOMPARE(cert.isNull(), false);
783
784 QCA::CertificateCollection trusted;
785 QCA::CertificateCollection untrusted;
786 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA);
787
788 QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider);
789 QCOMPARE(root.isNull(), false);
790 trusted.addCertificate(cert: root);
791 QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider);
792 QCOMPARE(rootCRL.isNull(), false);
793 trusted.addCRL(crl: rootCRL);
794
795 QCA::Certificate ca = certFromDERFile(QStringLiteral("certs/GoodCACert.crt"), provider);
796 QCOMPARE(ca.isNull(), false);
797 untrusted.addCertificate(cert: ca);
798 QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/GoodCACRL.crl"), provider);
799 QCOMPARE(caCRL.isNull(), false);
800 untrusted.addCRL(crl: caCRL);
801
802 QCOMPARE(cert.validate(trusted, untrusted), QCA::ValidityGood);
803 }
804 }
805}
806
807void Pkits::pkits4_3_6()
808{
809 QStringList providersToTest;
810 providersToTest.append(QStringLiteral("qca-ossl"));
811
812 foreach (const QString provider, providersToTest) {
813 if (!QCA::isSupported(features: "cert", provider))
814 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
815 else {
816 QCA::Certificate cert = certFromDERFile(QStringLiteral("certs/ValidNameUIDsTest6EE.crt"), provider);
817 QCOMPARE(cert.isNull(), false);
818
819 QCA::CertificateCollection trusted;
820 QCA::CertificateCollection untrusted;
821 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA);
822
823 QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider);
824 QCOMPARE(root.isNull(), false);
825 trusted.addCertificate(cert: root);
826 QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider);
827 QCOMPARE(rootCRL.isNull(), false);
828 trusted.addCRL(crl: rootCRL);
829
830 QCA::Certificate ca = certFromDERFile(QStringLiteral("certs/UIDCACert.crt"), provider);
831 QCOMPARE(ca.isNull(), false);
832 untrusted.addCertificate(cert: ca);
833 QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/UIDCACRL.crl"), provider);
834 QCOMPARE(caCRL.isNull(), false);
835 untrusted.addCRL(crl: caCRL);
836
837 QCOMPARE(cert.validate(trusted, untrusted), QCA::ValidityGood);
838 }
839 }
840}
841
842#ifdef ALL_PKITS_TESTS
843void Pkits::pkits4_3_7()
844{
845 QStringList providersToTest;
846 providersToTest.append(QStringLiteral("qca-ossl"));
847
848 foreach (const QString provider, providersToTest) {
849 if (!QCA::isSupported("cert", provider))
850 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
851 else {
852 QCA::Certificate cert =
853 certFromDERFile(QStringLiteral("certs/ValidRFC3280MandatoryAttributeTypesTest7EE.crt"), provider);
854 QCOMPARE(cert.isNull(), false);
855
856 QCA::CertificateCollection trusted;
857 QCA::CertificateCollection untrusted;
858 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA);
859
860 QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider);
861 QCOMPARE(root.isNull(), false);
862 trusted.addCertificate(root);
863 QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider);
864 QCOMPARE(rootCRL.isNull(), false);
865 trusted.addCRL(rootCRL);
866
867 QCA::Certificate ca =
868 certFromDERFile(QStringLiteral("certs/RFC3280MandatoryAttributeTypesCACert.crt"), provider);
869 QCOMPARE(ca.isNull(), false);
870 untrusted.addCertificate(ca);
871 QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/RFC3280MandatoryAttributeTypesCACRL.crl"), provider);
872 QCOMPARE(caCRL.isNull(), false);
873 untrusted.addCRL(caCRL);
874
875 QCOMPARE(cert.validate(trusted, untrusted), QCA::ValidityGood);
876 }
877 }
878}
879#endif
880
881#ifdef ALL_PKITS_TESTS
882void Pkits::pkits4_3_8()
883{
884 QStringList providersToTest;
885 providersToTest.append(QStringLiteral("qca-ossl"));
886
887 foreach (const QString provider, providersToTest) {
888 if (!QCA::isSupported("cert", provider))
889 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
890 else {
891 QCA::Certificate cert =
892 certFromDERFile(QStringLiteral("certs/ValidRFC3280OptionalAttributeTypesTest8EE.crt"), provider);
893 QCOMPARE(cert.isNull(), false);
894
895 QCA::CertificateCollection trusted;
896 QCA::CertificateCollection untrusted;
897 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA);
898
899 QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider);
900 QCOMPARE(root.isNull(), false);
901 trusted.addCertificate(root);
902 QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider);
903 QCOMPARE(rootCRL.isNull(), false);
904 trusted.addCRL(rootCRL);
905
906 QCA::Certificate ca =
907 certFromDERFile(QStringLiteral("certs/RFC3280OptionalAttributeTypesCACert.crt"), provider);
908 QCOMPARE(ca.isNull(), false);
909 untrusted.addCertificate(ca);
910 QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/RFC3280OptionalAttributeTypesCACRL.crl"), provider);
911 QCOMPARE(caCRL.isNull(), false);
912 untrusted.addCRL(caCRL);
913
914 QCOMPARE(cert.validate(trusted, untrusted), QCA::ValidityGood);
915 }
916 }
917}
918#endif
919
920void Pkits::pkits4_3_9()
921{
922 QStringList providersToTest;
923 providersToTest.append(QStringLiteral("qca-ossl"));
924
925 foreach (const QString provider, providersToTest) {
926 if (!QCA::isSupported(features: "cert", provider))
927 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
928 else {
929 QCA::Certificate cert =
930 certFromDERFile(QStringLiteral("certs/ValidUTF8StringEncodedNamesTest9EE.crt"), provider);
931 QCOMPARE(cert.isNull(), false);
932
933 QCA::CertificateCollection trusted;
934 QCA::CertificateCollection untrusted;
935 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA);
936
937 QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider);
938 QCOMPARE(root.isNull(), false);
939 trusted.addCertificate(cert: root);
940 QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider);
941 QCOMPARE(rootCRL.isNull(), false);
942 trusted.addCRL(crl: rootCRL);
943
944 QCA::Certificate ca = certFromDERFile(QStringLiteral("certs/UTF8StringEncodedNamesCACert.crt"), provider);
945 QCOMPARE(ca.isNull(), false);
946 untrusted.addCertificate(cert: ca);
947 QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/UTF8StringEncodedNamesCACRL.crl"), provider);
948 QCOMPARE(caCRL.isNull(), false);
949 untrusted.addCRL(crl: caCRL);
950
951 QCOMPARE(cert.validate(trusted, untrusted), QCA::ValidityGood);
952 }
953 }
954}
955
956#ifdef ALL_PKITS_TESTS
957void Pkits::pkits4_3_10()
958{
959 QStringList providersToTest;
960 providersToTest.append(QStringLiteral("qca-ossl"));
961
962 foreach (const QString provider, providersToTest) {
963 if (!QCA::isSupported("cert", provider))
964 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
965 else {
966 QCA::Certificate cert = certFromDERFile(
967 QStringLiteral("certs/ValidRolloverfromPrintableStringtoUTF8StringTest10EE.crt"), provider);
968 QCOMPARE(cert.isNull(), false);
969
970 QCA::CertificateCollection trusted;
971 QCA::CertificateCollection untrusted;
972 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA);
973
974 QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider);
975 QCOMPARE(root.isNull(), false);
976 trusted.addCertificate(root);
977 QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider);
978 QCOMPARE(rootCRL.isNull(), false);
979 trusted.addCRL(rootCRL);
980
981 QCA::Certificate ca =
982 certFromDERFile(QStringLiteral("certs/RolloverfromPrintableStringtoUTF8StringCACert.crt"), provider);
983 QCOMPARE(ca.isNull(), false);
984 untrusted.addCertificate(ca);
985 QCA::CRL caCRL =
986 crlFromDERFile(QStringLiteral("certs/RolloverfromPrintableStringtoUTF8StringCACRL.crl"), provider);
987 QCOMPARE(caCRL.isNull(), false);
988 untrusted.addCRL(caCRL);
989
990 QCOMPARE(cert.validate(trusted, untrusted), QCA::ValidityGood);
991 }
992 }
993}
994#endif
995
996#ifdef ALL_PKITS_TESTS
997void Pkits::pkits4_3_11()
998{
999 QStringList providersToTest;
1000 providersToTest.append(QStringLiteral("qca-ossl"));
1001
1002 foreach (const QString provider, providersToTest) {
1003 if (!QCA::isSupported("cert", provider))
1004 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
1005 else {
1006 QCA::Certificate cert =
1007 certFromDERFile(QStringLiteral("certs/ValidUTF8StringCaseInsensitiveMatchTest11EE.crt"), provider);
1008 QCOMPARE(cert.isNull(), false);
1009
1010 QCA::CertificateCollection trusted;
1011 QCA::CertificateCollection untrusted;
1012 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA);
1013
1014 QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider);
1015 QCOMPARE(root.isNull(), false);
1016 trusted.addCertificate(root);
1017 QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider);
1018 QCOMPARE(rootCRL.isNull(), false);
1019 trusted.addCRL(rootCRL);
1020
1021 QCA::Certificate ca =
1022 certFromDERFile(QStringLiteral("certs/UTF8StringCaseInsensitiveMatchCACert.crt"), provider);
1023 QCOMPARE(ca.isNull(), false);
1024 untrusted.addCertificate(ca);
1025 QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/UTF8StringCaseInsensitiveMatchCACRL.crl"), provider);
1026 QCOMPARE(caCRL.isNull(), false);
1027 untrusted.addCRL(caCRL);
1028
1029 qDebug() << "validity: " << cert.validate(trusted, untrusted);
1030
1031 QEXPECT_FAIL("", "This should validate, but it doesn't (QCA::ErrorInvalidCA)", Continue);
1032 QCOMPARE(cert.validate(trusted, untrusted), QCA::ValidityGood);
1033 }
1034 }
1035}
1036#endif
1037
1038void Pkits::pkits4_4_1()
1039{
1040 QStringList providersToTest;
1041 providersToTest.append(QStringLiteral("qca-ossl"));
1042
1043 foreach (const QString provider, providersToTest) {
1044 if (!QCA::isSupported(features: "cert", provider))
1045 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
1046 else {
1047 QCA::Certificate cert = certFromDERFile(QStringLiteral("certs/InvalidMissingCRLTest1EE.crt"), provider);
1048 QCOMPARE(cert.isNull(), false);
1049
1050 QCA::CertificateCollection trusted;
1051 QCA::CertificateCollection untrusted;
1052 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA);
1053
1054 QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider);
1055 QCOMPARE(root.isNull(), false);
1056 trusted.addCertificate(cert: root);
1057 QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider);
1058 QCOMPARE(rootCRL.isNull(), false);
1059 trusted.addCRL(crl: rootCRL);
1060
1061 QCA::Certificate ca = certFromDERFile(QStringLiteral("certs/NoCRLCACert.crt"), provider);
1062 QCOMPARE(ca.isNull(), false);
1063 untrusted.addCertificate(cert: ca);
1064
1065 qDebug() << "validity: " << cert.validate(trusted, untrusted);
1066
1067 QEXPECT_FAIL("", "This should not validate, but it does", Continue);
1068 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA);
1069 }
1070 }
1071}
1072
1073void Pkits::pkits4_4_2()
1074{
1075 QStringList providersToTest;
1076 providersToTest.append(QStringLiteral("qca-ossl"));
1077
1078 foreach (const QString provider, providersToTest) {
1079 if (!QCA::isSupported(features: "cert", provider))
1080 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
1081 else {
1082 QCA::Certificate cert = certFromDERFile(QStringLiteral("certs/InvalidRevokedCATest2EE.crt"), provider);
1083 QCOMPARE(cert.isNull(), false);
1084
1085 QCA::CertificateCollection trusted;
1086 QCA::CertificateCollection untrusted;
1087 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA);
1088
1089 QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider);
1090 QCOMPARE(root.isNull(), false);
1091 trusted.addCertificate(cert: root);
1092 QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider);
1093 QCOMPARE(rootCRL.isNull(), false);
1094 trusted.addCRL(crl: rootCRL);
1095
1096 QCA::Certificate ca = certFromDERFile(QStringLiteral("certs/GoodCACert.crt"), provider);
1097 QCOMPARE(ca.isNull(), false);
1098 untrusted.addCertificate(cert: ca);
1099 QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/GoodCACRL.crl"), provider);
1100 QCOMPARE(caCRL.isNull(), false);
1101 untrusted.addCRL(crl: caCRL);
1102
1103 QCA::Certificate subca = certFromDERFile(QStringLiteral("certs/RevokedsubCACert.crt"), provider);
1104 QCOMPARE(subca.isNull(), false);
1105 untrusted.addCertificate(cert: subca);
1106 QCA::CRL subcaCRL = crlFromDERFile(QStringLiteral("certs/RevokedsubCACRL.crl"), provider);
1107 QCOMPARE(subcaCRL.isNull(), false);
1108 untrusted.addCRL(crl: subcaCRL);
1109
1110 qDebug() << "validity: " << cert.validate(trusted, untrusted);
1111
1112 QEXPECT_FAIL("", "This should not validate, but it does", Continue);
1113 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA);
1114 }
1115 }
1116}
1117
1118void Pkits::pkits4_4_3()
1119{
1120 QStringList providersToTest;
1121 providersToTest.append(QStringLiteral("qca-ossl"));
1122
1123 foreach (const QString provider, providersToTest) {
1124 if (!QCA::isSupported(features: "cert", provider))
1125 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
1126 else {
1127 QCA::Certificate cert = certFromDERFile(QStringLiteral("certs/InvalidRevokedEETest3EE.crt"), provider);
1128 QCOMPARE(cert.isNull(), false);
1129
1130 QCA::CertificateCollection trusted;
1131 QCA::CertificateCollection untrusted;
1132 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA);
1133
1134 QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider);
1135 QCOMPARE(root.isNull(), false);
1136 trusted.addCertificate(cert: root);
1137 QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider);
1138 QCOMPARE(rootCRL.isNull(), false);
1139 trusted.addCRL(crl: rootCRL);
1140
1141 QCA::Certificate ca = certFromDERFile(QStringLiteral("certs/GoodCACert.crt"), provider);
1142 QCOMPARE(ca.isNull(), false);
1143 untrusted.addCertificate(cert: ca);
1144 QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/GoodCACRL.crl"), provider);
1145 QCOMPARE(caCRL.isNull(), false);
1146 untrusted.addCRL(crl: caCRL);
1147
1148 qDebug() << "validity: " << cert.validate(trusted, untrusted);
1149
1150 QEXPECT_FAIL("", "This should not validate, but it does", Continue);
1151 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorUntrusted);
1152 }
1153 }
1154}
1155
1156QTEST_MAIN(Pkits)
1157
1158#include "pkits.moc"
1159

source code of qca/unittest/pkits/pkits.cpp