pkits.cpp source code [qca/unittest/pkits/pkits.cpp]

1	/**
2	* Copyright (C) 2006 Brad Hards <bradh@frogmouth.net>
3	*
4	* Redistribution and use in source and binary forms, with or without
5	* modification, are permitted provided that the following conditions
6	* are met:
7	*
8	* 1. Redistributions of source code must retain the above copyright
9	* notice, this list of conditions and the following disclaimer.
10	* 2. Redistributions in binary form must reproduce the above copyright
11	* notice, this list of conditions and the following disclaimer in the
12	* documentation and/or other materials provided with the distribution.
13	*
14	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24	*/
25
26	#include <QtCrypto>
27	#include <QtTest/QtTest>
28
29	#ifdef QT_STATICPLUGIN
30	#include "import_plugins.h"
31	#endif
32
33	class Pkits : public QObject
34	{
35	Q_OBJECT
36
37	private Q_SLOTS:
38	void initTestCase();
39
40	void pkits4_1_1();
41	void pkits4_1_2();
42	void pkits4_1_3();
43	void pkits4_1_4();
44	void pkits4_1_5();
45	void pkits4_1_6();
46
47	void pkits4_2_1();
48	void pkits4_2_2();
49	void pkits4_2_3();
50	void pkits4_2_4();
51	void pkits4_2_5();
52	void pkits4_2_6();
53	void pkits4_2_7();
54	void pkits4_2_8();
55
56	void pkits4_3_1();
57	void pkits4_3_2();
58	void pkits4_3_3();
59	void pkits4_3_4();
60	void pkits4_3_5();
61	void pkits4_3_6();
62	void pkits4_3_9();
63	#ifdef ALL_PKITS_TESTS
64	void pkits4_3_7();
65	void pkits4_3_8();
66	void pkits4_3_10();
67	void pkits4_3_11();
68	#endif
69	void pkits4_4_1();
70	void pkits4_4_2();
71	void pkits4_4_3();
72
73	void cleanupTestCase();
74
75	private:
76	QCA::Initializer *m_init;
77	};
78
79	void Pkits::initTestCase()
80	{
81	m_init = new QCA::Initializer;
82	}
83
84	void Pkits::cleanupTestCase()
85	{
86	delete m_init;
87	}
88
89	static QCA::Certificate certFromDERFile(const QString &fileName, const QString &provider)
90	{
91	QFile certFile(fileName);
92	certFile.open(flags: QFile::ReadOnly);
93	QByteArray certArray = certFile.readAll();
94	QCA::ConvertResult resultCert;
95	QCA::Certificate cert = QCA::Certificate::fromDER(a: certArray, result: &resultCert, provider);
96	return cert;
97	}
98
99	static QCA::CRL crlFromDERFile(const QString &fileName, const QString &provider)
100	{
101	QFile crlFile(fileName);
102	crlFile.open(flags: QFile::ReadOnly);
103	QByteArray crlArray = crlFile.readAll();
104	QCA::ConvertResult crlResult;
105	QCA::CRL crl = QCA::CRL::fromDER(a: crlArray, result: &crlResult, provider);
106	return crl;
107	}
108
109	void Pkits::pkits4_1_1()
110	{
111	QStringList providersToTest;
112	providersToTest.append(QStringLiteral("qca-ossl"));
113
114	foreach (const QString provider, providersToTest) {
115	if (!QCA::isSupported(features: "cert", provider))
116	QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
117	else {
118	QCA::Certificate cert = certFromDERFile(QStringLiteral("certs/ValidCertificatePathTest1EE.crt"), provider);
119	QCOMPARE(cert.isNull(), false);
120
121	QCOMPARE(cert.policies().count(), `1`);
122
123	QCA::CertificateCollection trusted;
124	QCA::CertificateCollection untrusted;
125	QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA);
126
127	QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider);
128	QCOMPARE(root.isNull(), false);
129	trusted.addCertificate(cert: root);
130	QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider);
131	QCOMPARE(rootCRL.isNull(), false);
132	trusted.addCRL(crl: rootCRL);
133
134	QCA::Certificate ca = certFromDERFile(QStringLiteral("certs/GoodCACert.crt"), provider);
135	QCOMPARE(ca.isNull(), false);
136	untrusted.addCertificate(cert: ca);
137	QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/GoodCACRL.crl"), provider);
138	QCOMPARE(caCRL.isNull(), false);
139	untrusted.addCRL(crl: caCRL);
140
141	QCOMPARE(cert.validate(trusted, untrusted), QCA::ValidityGood);
142	}
143	}
144	}
145
146	void Pkits::pkits4_1_2()
147	{
148	QStringList providersToTest;
149	providersToTest.append(QStringLiteral("qca-ossl"));
150
151	foreach (const QString provider, providersToTest) {
152	if (!QCA::isSupported(features: "cert", provider))
153	QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
154	else {
155	QCA::Certificate cert = certFromDERFile(QStringLiteral("certs/InvalidCASignatureTest2EE.crt"), provider);
156	QCOMPARE(cert.isNull(), false);
157
158	QCOMPARE(cert.policies().count(), `1`);
159
160	QCA::CertificateCollection trusted;
161	QCA::CertificateCollection untrusted;
162	QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA);
163
164	QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider);
165	QCOMPARE(root.isNull(), false);
166	trusted.addCertificate(cert: root);
167	QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider);
168	QCOMPARE(rootCRL.isNull(), false);
169	trusted.addCRL(crl: rootCRL);
170
171	QCA::Certificate ca = certFromDERFile(QStringLiteral("certs/BadSignedCACert.crt"), provider);
172	QCOMPARE(ca.isNull(), false);
173	untrusted.addCertificate(cert: ca);
174	QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/BadSignedCACRL.crl"), provider);
175	QCOMPARE(caCRL.isNull(), false);
176	untrusted.addCRL(crl: caCRL);
177
178	QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorSignatureFailed);
179	}
180	}
181	}
182
183	void Pkits::pkits4_1_3()
184	{
185	QStringList providersToTest;
186	providersToTest.append(QStringLiteral("qca-ossl"));
187
188	foreach (const QString provider, providersToTest) {
189	if (!QCA::isSupported(features: "cert", provider))
190	QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
191	else {
192	QCA::Certificate cert = certFromDERFile(QStringLiteral("certs/InvalidEESignatureTest3EE.crt"), provider);
193	QCOMPARE(cert.isNull(), false);
194
195	QCOMPARE(cert.policies().count(), `1`);
196
197	QCA::CertificateCollection trusted;
198	QCA::CertificateCollection untrusted;
199	QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA);
200
201	QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider);
202	QCOMPARE(root.isNull(), false);
203	trusted.addCertificate(cert: root);
204	QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider);
205	QCOMPARE(rootCRL.isNull(), false);
206	trusted.addCRL(crl: rootCRL);
207
208	QCA::Certificate ca = certFromDERFile(QStringLiteral("certs/GoodCACert.crt"), provider);
209	QCOMPARE(ca.isNull(), false);
210	untrusted.addCertificate(cert: ca);
211	QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/GoodCACRL.crl"), provider);
212	QCOMPARE(caCRL.isNull(), false);
213	untrusted.addCRL(crl: caCRL);
214
215	QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorSignatureFailed);
216	}
217	}
218	}
219
220	void Pkits::pkits4_1_4()
221	{
222	QStringList providersToTest;
223	providersToTest.append(QStringLiteral("qca-ossl"));
224
225	foreach (const QString provider, providersToTest) {
226	if (!QCA::isSupported(features: "cert", provider))
227	QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
228	else {
229	QCA::Certificate cert = certFromDERFile(QStringLiteral("certs/ValidDSASignaturesTest4EE.crt"), provider);
230	QCOMPARE(cert.isNull(), false);
231
232	QCOMPARE(cert.policies().count(), `1`);
233
234	QCA::CertificateCollection trusted;
235	QCA::CertificateCollection untrusted;
236	QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA);
237
238	QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider);
239	QCOMPARE(root.isNull(), false);
240	trusted.addCertificate(cert: root);
241	QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider);
242	QCOMPARE(rootCRL.isNull(), false);
243	trusted.addCRL(crl: rootCRL);
244
245	QCA::Certificate ca = certFromDERFile(QStringLiteral("certs/DSACACert.crt"), provider);
246	QCOMPARE(ca.isNull(), false);
247	untrusted.addCertificate(cert: ca);
248	QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/DSACACRL.crl"), provider);
249	QCOMPARE(caCRL.isNull(), false);
250	untrusted.addCRL(crl: caCRL);
251
252	QCOMPARE(cert.validate(trusted, untrusted), QCA::ValidityGood);
253	}
254	}
255	}
256
257	void Pkits::pkits4_1_5()
258	{
259	// openssl has decided that they don't want to support this ¯\_(ツ)_/¯
260	// https://github.com/openssl/openssl/issues/20233
261	#if 0
262	QStringList providersToTest;
263	providersToTest.append(QStringLiteral("qca-ossl"));
264
265	foreach (const QString provider, providersToTest) {
266	if (!QCA::isSupported("cert", provider))
267	QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
268	else {
269	QCA::Certificate cert =
270	certFromDERFile(QStringLiteral("certs/ValidDSAParameterInheritanceTest5EE.crt"), provider);
271	QCOMPARE(cert.isNull(), false);
272
273	// QCOMPARE( cert.policies().count(), 1 );
274
275	QCA::CertificateCollection trusted;
276	QCA::CertificateCollection untrusted;
277	QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA);
278
279	QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider);
280	QCOMPARE(root.isNull(), false);
281	trusted.addCertificate(root);
282	QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider);
283	QCOMPARE(rootCRL.isNull(), false);
284	trusted.addCRL(rootCRL);
285
286	QCA::Certificate ca = certFromDERFile(QStringLiteral("certs/DSACACert.crt"), provider);
287	QCOMPARE(ca.isNull(), false);
288	untrusted.addCertificate(ca);
289	QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/DSACACRL.crl"), provider);
290	QCOMPARE(caCRL.isNull(), false);
291	untrusted.addCRL(caCRL);
292
293	QCA::Certificate params =
294	certFromDERFile(QStringLiteral("certs/DSAParametersInheritedCACert.crt"), provider);
295	QCOMPARE(params.isNull(), false);
296	untrusted.addCertificate(params);
297	QCA::CRL paramsCRL = crlFromDERFile(QStringLiteral("certs/DSAParametersInheritedCACRL.crl"), provider);
298	QCOMPARE(paramsCRL.isNull(), false);
299	untrusted.addCRL(paramsCRL);
300
301	QCOMPARE(cert.validate(trusted, untrusted), QCA::ValidityGood);
302	}
303	}
304	#endif
305	}
306
307	void Pkits::pkits4_1_6()
308	{
309	QStringList providersToTest;
310	providersToTest.append(QStringLiteral("qca-ossl"));
311
312	foreach (const QString provider, providersToTest) {
313	if (!QCA::isSupported(features: "cert", provider))
314	QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
315	else {
316	QCA::Certificate cert = certFromDERFile(QStringLiteral("certs/InvalidDSASignatureTest6EE.crt"), provider);
317	QCOMPARE(cert.isNull(), false);
318
319	QCA::CertificateCollection trusted;
320	QCA::CertificateCollection untrusted;
321	QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA);
322
323	QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider);
324	QCOMPARE(root.isNull(), false);
325	trusted.addCertificate(cert: root);
326	QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider);
327	QCOMPARE(rootCRL.isNull(), false);
328	trusted.addCRL(crl: rootCRL);
329
330	QCA::Certificate ca = certFromDERFile(QStringLiteral("certs/DSACACert.crt"), provider);
331	QCOMPARE(ca.isNull(), false);
332	untrusted.addCertificate(cert: ca);
333	QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/DSACACRL.crl"), provider);
334	QCOMPARE(caCRL.isNull(), false);
335	untrusted.addCRL(crl: caCRL);
336
337	QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorSignatureFailed);
338	}
339	}
340	}
341
342	void Pkits::pkits4_2_1()
343	{
344	QStringList providersToTest;
345	providersToTest.append(QStringLiteral("qca-ossl"));
346
347	foreach (const QString provider, providersToTest) {
348	if (!QCA::isSupported(features: "cert", provider))
349	QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
350	else {
351	QCA::Certificate cert =
352	certFromDERFile(QStringLiteral("certs/InvalidCAnotBeforeDateTest1EE.crt"), provider);
353	QCOMPARE(cert.isNull(), false);
354
355	QCA::CertificateCollection trusted;
356	QCA::CertificateCollection untrusted;
357	QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA);
358
359	QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider);
360	QCOMPARE(root.isNull(), false);
361	trusted.addCertificate(cert: root);
362	QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider);
363	QCOMPARE(rootCRL.isNull(), false);
364	trusted.addCRL(crl: rootCRL);
365
366	QCA::Certificate ca = certFromDERFile(QStringLiteral("certs/BadnotBeforeDateCACert.crt"), provider);
367	QCOMPARE(ca.isNull(), false);
368	untrusted.addCertificate(cert: ca);
369	QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/BadnotBeforeDateCACRL.crl"), provider);
370	QCOMPARE(caCRL.isNull(), false);
371	untrusted.addCRL(crl: caCRL);
372
373	QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorExpired);
374	}
375	}
376	}
377
378	void Pkits::pkits4_2_2()
379	{
380	QStringList providersToTest;
381	providersToTest.append(QStringLiteral("qca-ossl"));
382
383	foreach (const QString provider, providersToTest) {
384	if (!QCA::isSupported(features: "cert", provider))
385	QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
386	else {
387	QCA::Certificate cert =
388	certFromDERFile(QStringLiteral("certs/InvalidEEnotBeforeDateTest2EE.crt"), provider);
389	QCOMPARE(cert.isNull(), false);
390
391	QCA::CertificateCollection trusted;
392	QCA::CertificateCollection untrusted;
393	QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA);
394
395	QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider);
396	QCOMPARE(root.isNull(), false);
397	trusted.addCertificate(cert: root);
398	QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider);
399	QCOMPARE(rootCRL.isNull(), false);
400	trusted.addCRL(crl: rootCRL);
401
402	QCA::Certificate ca = certFromDERFile(QStringLiteral("certs/GoodCACert.crt"), provider);
403	QCOMPARE(ca.isNull(), false);
404	untrusted.addCertificate(cert: ca);
405	QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/GoodCACRL.crl"), provider);
406	QCOMPARE(caCRL.isNull(), false);
407	untrusted.addCRL(crl: caCRL);
408
409	QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorExpired);
410	}
411	}
412	}
413
414	void Pkits::pkits4_2_3()
415	{
416	QStringList providersToTest;
417	providersToTest.append(QStringLiteral("qca-ossl"));
418
419	foreach (const QString provider, providersToTest) {
420	if (!QCA::isSupported(features: "cert", provider))
421	QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
422	else {
423	QCA::Certificate cert =
424	certFromDERFile(QStringLiteral("certs/Validpre2000UTCnotBeforeDateTest3EE.crt"), provider);
425	QCOMPARE(cert.isNull(), false);
426
427	QCA::CertificateCollection trusted;
428	QCA::CertificateCollection untrusted;
429	QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA);
430
431	QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider);
432	QCOMPARE(root.isNull(), false);
433	trusted.addCertificate(cert: root);
434	QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider);
435	QCOMPARE(rootCRL.isNull(), false);
436	trusted.addCRL(crl: rootCRL);
437
438	QCA::Certificate ca = certFromDERFile(QStringLiteral("certs/GoodCACert.crt"), provider);
439	QCOMPARE(ca.isNull(), false);
440	untrusted.addCertificate(cert: ca);
441	QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/GoodCACRL.crl"), provider);
442	QCOMPARE(caCRL.isNull(), false);
443	untrusted.addCRL(crl: caCRL);
444
445	QCOMPARE(cert.validate(trusted, untrusted), QCA::ValidityGood);
446	}
447	}
448	}
449
450	void Pkits::pkits4_2_4()
451	{
452	QStringList providersToTest;
453	providersToTest.append(QStringLiteral("qca-ossl"));
454
455	foreach (const QString provider, providersToTest) {
456	if (!QCA::isSupported(features: "cert", provider))
457	QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
458	else {
459	QCA::Certificate cert =
460	certFromDERFile(QStringLiteral("certs/ValidGeneralizedTimenotBeforeDateTest4EE.crt"), provider);
461	QCOMPARE(cert.isNull(), false);
462
463	QCA::CertificateCollection trusted;
464	QCA::CertificateCollection untrusted;
465	QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA);
466
467	QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider);
468	QCOMPARE(root.isNull(), false);
469	trusted.addCertificate(cert: root);
470	QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider);
471	QCOMPARE(rootCRL.isNull(), false);
472	trusted.addCRL(crl: rootCRL);
473
474	QCA::Certificate ca = certFromDERFile(QStringLiteral("certs/GoodCACert.crt"), provider);
475	QCOMPARE(ca.isNull(), false);
476	untrusted.addCertificate(cert: ca);
477	QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/GoodCACRL.crl"), provider);
478	QCOMPARE(caCRL.isNull(), false);
479	untrusted.addCRL(crl: caCRL);
480
481	QCOMPARE(cert.validate(trusted, untrusted), QCA::ValidityGood);
482	}
483	}
484	}
485
486	void Pkits::pkits4_2_5()
487	{
488	QStringList providersToTest;
489	providersToTest.append(QStringLiteral("qca-ossl"));
490
491	foreach (const QString provider, providersToTest) {
492	if (!QCA::isSupported(features: "cert", provider))
493	QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
494	else {
495	QCA::Certificate cert = certFromDERFile(QStringLiteral("certs/InvalidCAnotAfterDateTest5EE.crt"), provider);
496	QCOMPARE(cert.isNull(), false);
497
498	QCA::CertificateCollection trusted;
499	QCA::CertificateCollection untrusted;
500	QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA);
501
502	QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider);
503	QCOMPARE(root.isNull(), false);
504	trusted.addCertificate(cert: root);
505	QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider);
506	QCOMPARE(rootCRL.isNull(), false);
507	trusted.addCRL(crl: rootCRL);
508
509	QCA::Certificate ca = certFromDERFile(QStringLiteral("certs/BadnotAfterDateCACert.crt"), provider);
510	QCOMPARE(ca.isNull(), false);
511	untrusted.addCertificate(cert: ca);
512	QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/BadnotAfterDateCACRL.crl"), provider);
513	QCOMPARE(caCRL.isNull(), false);
514	untrusted.addCRL(crl: caCRL);
515
516	QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorExpired);
517	}
518	}
519	}
520
521	void Pkits::pkits4_2_6()
522	{
523	QStringList providersToTest;
524	providersToTest.append(QStringLiteral("qca-ossl"));
525
526	foreach (const QString provider, providersToTest) {
527	if (!QCA::isSupported(features: "cert", provider))
528	QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
529	else {
530	QCA::Certificate cert = certFromDERFile(QStringLiteral("certs/InvalidEEnotAfterDateTest6EE.crt"), provider);
531	QCOMPARE(cert.isNull(), false);
532
533	QCA::CertificateCollection trusted;
534	QCA::CertificateCollection untrusted;
535	QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA);
536
537	QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider);
538	QCOMPARE(root.isNull(), false);
539	trusted.addCertificate(cert: root);
540	QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider);
541	QCOMPARE(rootCRL.isNull(), false);
542	trusted.addCRL(crl: rootCRL);
543
544	QCA::Certificate ca = certFromDERFile(QStringLiteral("certs/GoodCACert.crt"), provider);
545	QCOMPARE(ca.isNull(), false);
546	untrusted.addCertificate(cert: ca);
547	QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/GoodCACRL.crl"), provider);
548	QCOMPARE(caCRL.isNull(), false);
549	untrusted.addCRL(crl: caCRL);
550
551	QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorExpired);
552	}
553	}
554	}
555
556	void Pkits::pkits4_2_7()
557	{
558	QStringList providersToTest;
559	providersToTest.append(QStringLiteral("qca-ossl"));
560
561	foreach (const QString provider, providersToTest) {
562	if (!QCA::isSupported(features: "cert", provider))
563	QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
564	else {
565	QCA::Certificate cert =
566	certFromDERFile(QStringLiteral("certs/Invalidpre2000UTCEEnotAfterDateTest7EE.crt"), provider);
567	QCOMPARE(cert.isNull(), false);
568
569	QCA::CertificateCollection trusted;
570	QCA::CertificateCollection untrusted;
571	QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA);
572
573	QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider);
574	QCOMPARE(root.isNull(), false);
575	trusted.addCertificate(cert: root);
576	QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider);
577	QCOMPARE(rootCRL.isNull(), false);
578	trusted.addCRL(crl: rootCRL);
579
580	QCA::Certificate ca = certFromDERFile(QStringLiteral("certs/GoodCACert.crt"), provider);
581	QCOMPARE(ca.isNull(), false);
582	untrusted.addCertificate(cert: ca);
583	QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/GoodCACRL.crl"), provider);
584	QCOMPARE(caCRL.isNull(), false);
585	untrusted.addCRL(crl: caCRL);
586
587	QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorExpired);
588	}
589	}
590	}
591
592	void Pkits::pkits4_2_8()
593	{
594	QStringList providersToTest;
595	providersToTest.append(QStringLiteral("qca-ossl"));
596
597	foreach (const QString provider, providersToTest) {
598	if (!QCA::isSupported(features: "cert", provider))
599	QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
600	else {
601	QCA::Certificate cert =
602	certFromDERFile(QStringLiteral("certs/ValidGeneralizedTimenotAfterDateTest8EE.crt"), provider);
603	QCOMPARE(cert.isNull(), false);
604
605	QCA::CertificateCollection trusted;
606	QCA::CertificateCollection untrusted;
607	QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA);
608
609	QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider);
610	QCOMPARE(root.isNull(), false);
611	trusted.addCertificate(cert: root);
612	QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider);
613	QCOMPARE(rootCRL.isNull(), false);
614	trusted.addCRL(crl: rootCRL);
615
616	QCA::Certificate ca = certFromDERFile(QStringLiteral("certs/GoodCACert.crt"), provider);
617	QCOMPARE(ca.isNull(), false);
618	untrusted.addCertificate(cert: ca);
619	QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/GoodCACRL.crl"), provider);
620	QCOMPARE(caCRL.isNull(), false);
621	untrusted.addCRL(crl: caCRL);
622
623	QCOMPARE(cert.validate(trusted, untrusted), QCA::ValidityGood);
624	}
625	}
626	}
627
628	void Pkits::pkits4_3_1()
629	{
630	QStringList providersToTest;
631	providersToTest.append(QStringLiteral("qca-ossl"));
632
633	foreach (const QString provider, providersToTest) {
634	if (!QCA::isSupported(features: "cert", provider))
635	QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
636	else {
637	QCA::Certificate cert = certFromDERFile(QStringLiteral("certs/InvalidNameChainingTest1EE.crt"), provider);
638	QCOMPARE(cert.isNull(), false);
639
640	QCA::CertificateCollection trusted;
641	QCA::CertificateCollection untrusted;
642	QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA);
643
644	QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider);
645	QCOMPARE(root.isNull(), false);
646	trusted.addCertificate(cert: root);
647	QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider);
648	QCOMPARE(rootCRL.isNull(), false);
649	trusted.addCRL(crl: rootCRL);
650
651	QCA::Certificate ca = certFromDERFile(QStringLiteral("certs/GoodCACert.crt"), provider);
652	QCOMPARE(ca.isNull(), false);
653	untrusted.addCertificate(cert: ca);
654	QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/GoodCACRL.crl"), provider);
655	QCOMPARE(caCRL.isNull(), false);
656	untrusted.addCRL(crl: caCRL);
657
658	QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA);
659	}
660	}
661	}
662
663	void Pkits::pkits4_3_2()
664	{
665	QStringList providersToTest;
666	providersToTest.append(QStringLiteral("qca-ossl"));
667
668	foreach (const QString provider, providersToTest) {
669	if (!QCA::isSupported(features: "cert", provider))
670	QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
671	else {
672	QCA::Certificate cert =
673	certFromDERFile(QStringLiteral("certs/InvalidNameChainingOrderTest2EE.crt"), provider);
674	QCOMPARE(cert.isNull(), false);
675
676	QCA::CertificateCollection trusted;
677	QCA::CertificateCollection untrusted;
678	QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA);
679
680	QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider);
681	QCOMPARE(root.isNull(), false);
682	trusted.addCertificate(cert: root);
683	QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider);
684	QCOMPARE(rootCRL.isNull(), false);
685	trusted.addCRL(crl: rootCRL);
686
687	QCA::Certificate ca = certFromDERFile(QStringLiteral("certs/GoodCACert.crt"), provider);
688	QCOMPARE(ca.isNull(), false);
689	untrusted.addCertificate(cert: ca);
690	QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/GoodCACRL.crl"), provider);
691	QCOMPARE(caCRL.isNull(), false);
692	untrusted.addCRL(crl: caCRL);
693
694	QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA);
695	}
696	}
697	}
698
699	void Pkits::pkits4_3_3()
700	{
701	QStringList providersToTest;
702	providersToTest.append(QStringLiteral("qca-ossl"));
703
704	foreach (const QString provider, providersToTest) {
705	if (!QCA::isSupported(features: "cert", provider))
706	QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
707	else {
708	QCA::Certificate cert =
709	certFromDERFile(QStringLiteral("certs/ValidNameChainingWhitespaceTest3EE.crt"), provider);
710	QCOMPARE(cert.isNull(), false);
711
712	QCA::CertificateCollection trusted;
713	QCA::CertificateCollection untrusted;
714	QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA);
715
716	QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider);
717	QCOMPARE(root.isNull(), false);
718	trusted.addCertificate(cert: root);
719	QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider);
720	QCOMPARE(rootCRL.isNull(), false);
721	trusted.addCRL(crl: rootCRL);
722
723	QCA::Certificate ca = certFromDERFile(QStringLiteral("certs/GoodCACert.crt"), provider);
724	QCOMPARE(ca.isNull(), false);
725	untrusted.addCertificate(cert: ca);
726	QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/GoodCACRL.crl"), provider);
727	QCOMPARE(caCRL.isNull(), false);
728	untrusted.addCRL(crl: caCRL);
729
730	QCOMPARE(cert.validate(trusted, untrusted), QCA::ValidityGood);
731	}
732	}
733	}
734
735	void Pkits::pkits4_3_4()
736	{
737	QStringList providersToTest;
738	providersToTest.append(QStringLiteral("qca-ossl"));
739
740	foreach (const QString provider, providersToTest) {
741	if (!QCA::isSupported(features: "cert", provider))
742	QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
743	else {
744	QCA::Certificate cert =
745	certFromDERFile(QStringLiteral("certs/ValidNameChainingWhitespaceTest4EE.crt"), provider);
746	QCOMPARE(cert.isNull(), false);
747
748	QCA::CertificateCollection trusted;
749	QCA::CertificateCollection untrusted;
750	QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA);
751
752	QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider);
753	QCOMPARE(root.isNull(), false);
754	trusted.addCertificate(cert: root);
755	QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider);
756	QCOMPARE(rootCRL.isNull(), false);
757	trusted.addCRL(crl: rootCRL);
758
759	QCA::Certificate ca = certFromDERFile(QStringLiteral("certs/GoodCACert.crt"), provider);
760	QCOMPARE(ca.isNull(), false);
761	untrusted.addCertificate(cert: ca);
762	QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/GoodCACRL.crl"), provider);
763	QCOMPARE(caCRL.isNull(), false);
764	untrusted.addCRL(crl: caCRL);
765
766	QCOMPARE(cert.validate(trusted, untrusted), QCA::ValidityGood);
767	}
768	}
769	}
770
771	void Pkits::pkits4_3_5()
772	{
773	QStringList providersToTest;
774	providersToTest.append(QStringLiteral("qca-ossl"));
775
776	foreach (const QString provider, providersToTest) {
777	if (!QCA::isSupported(features: "cert", provider))
778	QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
779	else {
780	QCA::Certificate cert =
781	certFromDERFile(QStringLiteral("certs/ValidNameChainingCapitalizationTest5EE.crt"), provider);
782	QCOMPARE(cert.isNull(), false);
783
784	QCA::CertificateCollection trusted;
785	QCA::CertificateCollection untrusted;
786	QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA);
787
788	QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider);
789	QCOMPARE(root.isNull(), false);
790	trusted.addCertificate(cert: root);
791	QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider);
792	QCOMPARE(rootCRL.isNull(), false);
793	trusted.addCRL(crl: rootCRL);
794
795	QCA::Certificate ca = certFromDERFile(QStringLiteral("certs/GoodCACert.crt"), provider);
796	QCOMPARE(ca.isNull(), false);
797	untrusted.addCertificate(cert: ca);
798	QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/GoodCACRL.crl"), provider);
799	QCOMPARE(caCRL.isNull(), false);
800	untrusted.addCRL(crl: caCRL);
801
802	QCOMPARE(cert.validate(trusted, untrusted), QCA::ValidityGood);
803	}
804	}
805	}
806
807	void Pkits::pkits4_3_6()
808	{
809	QStringList providersToTest;
810	providersToTest.append(QStringLiteral("qca-ossl"));
811
812	foreach (const QString provider, providersToTest) {
813	if (!QCA::isSupported(features: "cert", provider))
814	QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
815	else {
816	QCA::Certificate cert = certFromDERFile(QStringLiteral("certs/ValidNameUIDsTest6EE.crt"), provider);
817	QCOMPARE(cert.isNull(), false);
818
819	QCA::CertificateCollection trusted;
820	QCA::CertificateCollection untrusted;
821	QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA);
822
823	QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider);
824	QCOMPARE(root.isNull(), false);
825	trusted.addCertificate(cert: root);
826	QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider);
827	QCOMPARE(rootCRL.isNull(), false);
828	trusted.addCRL(crl: rootCRL);
829
830	QCA::Certificate ca = certFromDERFile(QStringLiteral("certs/UIDCACert.crt"), provider);
831	QCOMPARE(ca.isNull(), false);
832	untrusted.addCertificate(cert: ca);
833	QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/UIDCACRL.crl"), provider);
834	QCOMPARE(caCRL.isNull(), false);
835	untrusted.addCRL(crl: caCRL);
836
837	QCOMPARE(cert.validate(trusted, untrusted), QCA::ValidityGood);
838	}
839	}
840	}
841
842	#ifdef ALL_PKITS_TESTS
843	void Pkits::pkits4_3_7()
844	{
845	QStringList providersToTest;
846	providersToTest.append(QStringLiteral("qca-ossl"));
847
848	foreach (const QString provider, providersToTest) {
849	if (!QCA::isSupported("cert", provider))
850	QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
851	else {
852	QCA::Certificate cert =
853	certFromDERFile(QStringLiteral("certs/ValidRFC3280MandatoryAttributeTypesTest7EE.crt"), provider);
854	QCOMPARE(cert.isNull(), false);
855
856	QCA::CertificateCollection trusted;
857	QCA::CertificateCollection untrusted;
858	QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA);
859
860	QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider);
861	QCOMPARE(root.isNull(), false);
862	trusted.addCertificate(root);
863	QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider);
864	QCOMPARE(rootCRL.isNull(), false);
865	trusted.addCRL(rootCRL);
866
867	QCA::Certificate ca =
868	certFromDERFile(QStringLiteral("certs/RFC3280MandatoryAttributeTypesCACert.crt"), provider);
869	QCOMPARE(ca.isNull(), false);
870	untrusted.addCertificate(ca);
871	QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/RFC3280MandatoryAttributeTypesCACRL.crl"), provider);
872	QCOMPARE(caCRL.isNull(), false);
873	untrusted.addCRL(caCRL);
874
875	QCOMPARE(cert.validate(trusted, untrusted), QCA::ValidityGood);
876	}
877	}
878	}
879	#endif
880
881	#ifdef ALL_PKITS_TESTS
882	void Pkits::pkits4_3_8()
883	{
884	QStringList providersToTest;
885	providersToTest.append(QStringLiteral("qca-ossl"));
886
887	foreach (const QString provider, providersToTest) {
888	if (!QCA::isSupported("cert", provider))
889	QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
890	else {
891	QCA::Certificate cert =
892	certFromDERFile(QStringLiteral("certs/ValidRFC3280OptionalAttributeTypesTest8EE.crt"), provider);
893	QCOMPARE(cert.isNull(), false);
894
895	QCA::CertificateCollection trusted;
896	QCA::CertificateCollection untrusted;
897	QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA);
898
899	QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider);
900	QCOMPARE(root.isNull(), false);
901	trusted.addCertificate(root);
902	QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider);
903	QCOMPARE(rootCRL.isNull(), false);
904	trusted.addCRL(rootCRL);
905
906	QCA::Certificate ca =
907	certFromDERFile(QStringLiteral("certs/RFC3280OptionalAttributeTypesCACert.crt"), provider);
908	QCOMPARE(ca.isNull(), false);
909	untrusted.addCertificate(ca);
910	QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/RFC3280OptionalAttributeTypesCACRL.crl"), provider);
911	QCOMPARE(caCRL.isNull(), false);
912	untrusted.addCRL(caCRL);
913
914	QCOMPARE(cert.validate(trusted, untrusted), QCA::ValidityGood);
915	}
916	}
917	}
918	#endif
919
920	void Pkits::pkits4_3_9()
921	{
922	QStringList providersToTest;
923	providersToTest.append(QStringLiteral("qca-ossl"));
924
925	foreach (const QString provider, providersToTest) {
926	if (!QCA::isSupported(features: "cert", provider))
927	QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
928	else {
929	QCA::Certificate cert =
930	certFromDERFile(QStringLiteral("certs/ValidUTF8StringEncodedNamesTest9EE.crt"), provider);
931	QCOMPARE(cert.isNull(), false);
932
933	QCA::CertificateCollection trusted;
934	QCA::CertificateCollection untrusted;
935	QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA);
936
937	QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider);
938	QCOMPARE(root.isNull(), false);
939	trusted.addCertificate(cert: root);
940	QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider);
941	QCOMPARE(rootCRL.isNull(), false);
942	trusted.addCRL(crl: rootCRL);
943
944	QCA::Certificate ca = certFromDERFile(QStringLiteral("certs/UTF8StringEncodedNamesCACert.crt"), provider);
945	QCOMPARE(ca.isNull(), false);
946	untrusted.addCertificate(cert: ca);
947	QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/UTF8StringEncodedNamesCACRL.crl"), provider);
948	QCOMPARE(caCRL.isNull(), false);
949	untrusted.addCRL(crl: caCRL);
950
951	QCOMPARE(cert.validate(trusted, untrusted), QCA::ValidityGood);
952	}
953	}
954	}
955
956	#ifdef ALL_PKITS_TESTS
957	void Pkits::pkits4_3_10()
958	{
959	QStringList providersToTest;
960	providersToTest.append(QStringLiteral("qca-ossl"));
961
962	foreach (const QString provider, providersToTest) {
963	if (!QCA::isSupported("cert", provider))
964	QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
965	else {
966	QCA::Certificate cert = certFromDERFile(
967	QStringLiteral("certs/ValidRolloverfromPrintableStringtoUTF8StringTest10EE.crt"), provider);
968	QCOMPARE(cert.isNull(), false);
969
970	QCA::CertificateCollection trusted;
971	QCA::CertificateCollection untrusted;
972	QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA);
973
974	QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider);
975	QCOMPARE(root.isNull(), false);
976	trusted.addCertificate(root);
977	QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider);
978	QCOMPARE(rootCRL.isNull(), false);
979	trusted.addCRL(rootCRL);
980
981	QCA::Certificate ca =
982	certFromDERFile(QStringLiteral("certs/RolloverfromPrintableStringtoUTF8StringCACert.crt"), provider);
983	QCOMPARE(ca.isNull(), false);
984	untrusted.addCertificate(ca);
985	QCA::CRL caCRL =
986	crlFromDERFile(QStringLiteral("certs/RolloverfromPrintableStringtoUTF8StringCACRL.crl"), provider);
987	QCOMPARE(caCRL.isNull(), false);
988	untrusted.addCRL(caCRL);
989
990	QCOMPARE(cert.validate(trusted, untrusted), QCA::ValidityGood);
991	}
992	}
993	}
994	#endif
995
996	#ifdef ALL_PKITS_TESTS
997	void Pkits::pkits4_3_11()
998	{
999	QStringList providersToTest;
1000	providersToTest.append(QStringLiteral("qca-ossl"));
1001
1002	foreach (const QString provider, providersToTest) {
1003	if (!QCA::isSupported("cert", provider))
1004	QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
1005	else {
1006	QCA::Certificate cert =
1007	certFromDERFile(QStringLiteral("certs/ValidUTF8StringCaseInsensitiveMatchTest11EE.crt"), provider);
1008	QCOMPARE(cert.isNull(), false);
1009
1010	QCA::CertificateCollection trusted;
1011	QCA::CertificateCollection untrusted;
1012	QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA);
1013
1014	QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider);
1015	QCOMPARE(root.isNull(), false);
1016	trusted.addCertificate(root);
1017	QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider);
1018	QCOMPARE(rootCRL.isNull(), false);
1019	trusted.addCRL(rootCRL);
1020
1021	QCA::Certificate ca =
1022	certFromDERFile(QStringLiteral("certs/UTF8StringCaseInsensitiveMatchCACert.crt"), provider);
1023	QCOMPARE(ca.isNull(), false);
1024	untrusted.addCertificate(ca);
1025	QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/UTF8StringCaseInsensitiveMatchCACRL.crl"), provider);
1026	QCOMPARE(caCRL.isNull(), false);
1027	untrusted.addCRL(caCRL);
1028
1029	qDebug() << "validity: " << cert.validate(trusted, untrusted);
1030
1031	QEXPECT_FAIL("", "This should validate, but it doesn't (QCA::ErrorInvalidCA)", Continue);
1032	QCOMPARE(cert.validate(trusted, untrusted), QCA::ValidityGood);
1033	}
1034	}
1035	}
1036	#endif
1037
1038	void Pkits::pkits4_4_1()
1039	{
1040	QStringList providersToTest;
1041	providersToTest.append(QStringLiteral("qca-ossl"));
1042
1043	foreach (const QString provider, providersToTest) {
1044	if (!QCA::isSupported(features: "cert", provider))
1045	QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
1046	else {
1047	QCA::Certificate cert = certFromDERFile(QStringLiteral("certs/InvalidMissingCRLTest1EE.crt"), provider);
1048	QCOMPARE(cert.isNull(), false);
1049
1050	QCA::CertificateCollection trusted;
1051	QCA::CertificateCollection untrusted;
1052	QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA);
1053
1054	QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider);
1055	QCOMPARE(root.isNull(), false);
1056	trusted.addCertificate(cert: root);
1057	QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider);
1058	QCOMPARE(rootCRL.isNull(), false);
1059	trusted.addCRL(crl: rootCRL);
1060
1061	QCA::Certificate ca = certFromDERFile(QStringLiteral("certs/NoCRLCACert.crt"), provider);
1062	QCOMPARE(ca.isNull(), false);
1063	untrusted.addCertificate(cert: ca);
1064
1065	qDebug() << "validity: " << cert.validate(trusted, untrusted);
1066
1067	QEXPECT_FAIL("", "This should not validate, but it does", Continue);
1068	QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA);
1069	}
1070	}
1071	}
1072
1073	void Pkits::pkits4_4_2()
1074	{
1075	QStringList providersToTest;
1076	providersToTest.append(QStringLiteral("qca-ossl"));
1077
1078	foreach (const QString provider, providersToTest) {
1079	if (!QCA::isSupported(features: "cert", provider))
1080	QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
1081	else {
1082	QCA::Certificate cert = certFromDERFile(QStringLiteral("certs/InvalidRevokedCATest2EE.crt"), provider);
1083	QCOMPARE(cert.isNull(), false);
1084
1085	QCA::CertificateCollection trusted;
1086	QCA::CertificateCollection untrusted;
1087	QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA);
1088
1089	QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider);
1090	QCOMPARE(root.isNull(), false);
1091	trusted.addCertificate(cert: root);
1092	QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider);
1093	QCOMPARE(rootCRL.isNull(), false);
1094	trusted.addCRL(crl: rootCRL);
1095
1096	QCA::Certificate ca = certFromDERFile(QStringLiteral("certs/GoodCACert.crt"), provider);
1097	QCOMPARE(ca.isNull(), false);
1098	untrusted.addCertificate(cert: ca);
1099	QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/GoodCACRL.crl"), provider);
1100	QCOMPARE(caCRL.isNull(), false);
1101	untrusted.addCRL(crl: caCRL);
1102
1103	QCA::Certificate subca = certFromDERFile(QStringLiteral("certs/RevokedsubCACert.crt"), provider);
1104	QCOMPARE(subca.isNull(), false);
1105	untrusted.addCertificate(cert: subca);
1106	QCA::CRL subcaCRL = crlFromDERFile(QStringLiteral("certs/RevokedsubCACRL.crl"), provider);
1107	QCOMPARE(subcaCRL.isNull(), false);
1108	untrusted.addCRL(crl: subcaCRL);
1109
1110	qDebug() << "validity: " << cert.validate(trusted, untrusted);
1111
1112	QEXPECT_FAIL("", "This should not validate, but it does", Continue);
1113	QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA);
1114	}
1115	}
1116	}
1117
1118	void Pkits::pkits4_4_3()
1119	{
1120	QStringList providersToTest;
1121	providersToTest.append(QStringLiteral("qca-ossl"));
1122
1123	foreach (const QString provider, providersToTest) {
1124	if (!QCA::isSupported(features: "cert", provider))
1125	QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
1126	else {
1127	QCA::Certificate cert = certFromDERFile(QStringLiteral("certs/InvalidRevokedEETest3EE.crt"), provider);
1128	QCOMPARE(cert.isNull(), false);
1129
1130	QCA::CertificateCollection trusted;
1131	QCA::CertificateCollection untrusted;
1132	QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA);
1133
1134	QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider);
1135	QCOMPARE(root.isNull(), false);
1136	trusted.addCertificate(cert: root);
1137	QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider);
1138	QCOMPARE(rootCRL.isNull(), false);
1139	trusted.addCRL(crl: rootCRL);
1140
1141	QCA::Certificate ca = certFromDERFile(QStringLiteral("certs/GoodCACert.crt"), provider);
1142	QCOMPARE(ca.isNull(), false);
1143	untrusted.addCertificate(cert: ca);
1144	QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/GoodCACRL.crl"), provider);
1145	QCOMPARE(caCRL.isNull(), false);
1146	untrusted.addCRL(crl: caCRL);
1147
1148	qDebug() << "validity: " << cert.validate(trusted, untrusted);
1149
1150	QEXPECT_FAIL("", "This should not validate, but it does", Continue);
1151	QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorUntrusted);
1152	}
1153	}
1154	}
1155
1156	QTEST_MAIN(Pkits)
1157
1158	#include "pkits.moc"
1159

source code of qca/unittest/pkits/pkits.cpp