2006-01-29 11:24:50 +00:00
|
|
|
/**
|
|
|
|
|
* Copyright (C) 2004-2006 Brad Hards <bradh@frogmouth.net>
|
|
|
|
|
*
|
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
|
* are met:
|
|
|
|
|
*
|
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
|
|
|
|
*
|
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
|
|
|
|
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
|
|
|
|
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
|
|
|
|
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
|
|
|
|
|
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
|
|
|
|
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
|
|
|
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
|
|
|
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
|
|
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
|
|
|
|
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
|
*/
|
2006-10-12 00:05:20 +00:00
|
|
|
|
|
|
|
|
#include <QtCrypto>
|
|
|
|
|
#include <QtTest/QtTest>
|
|
|
|
|
|
2014-01-02 03:50:18 +06:00
|
|
|
#ifdef QT_STATICPLUGIN
|
|
|
|
|
#include "import_plugins.h"
|
|
|
|
|
#endif
|
|
|
|
|
|
2006-10-12 00:05:20 +00:00
|
|
|
class CertUnitTest : public QObject
|
|
|
|
|
{
|
|
|
|
|
Q_OBJECT
|
|
|
|
|
|
2020-01-22 19:31:28 +01:00
|
|
|
private Q_SLOTS:
|
2006-10-12 00:05:20 +00:00
|
|
|
void initTestCase();
|
2006-10-12 00:53:26 +00:00
|
|
|
void checkSystemStore();
|
2006-10-12 00:05:20 +00:00
|
|
|
void nullCert();
|
2006-10-12 00:53:26 +00:00
|
|
|
void noSuchFile();
|
2006-10-12 00:05:20 +00:00
|
|
|
void CAcertstest();
|
|
|
|
|
void derCAcertstest();
|
|
|
|
|
void qualitysslcatest();
|
|
|
|
|
void checkExpiredClientCerts();
|
|
|
|
|
void checkClientCerts();
|
|
|
|
|
void altName();
|
|
|
|
|
void extXMPP();
|
|
|
|
|
void checkExpiredServerCerts();
|
|
|
|
|
void checkServerCerts();
|
|
|
|
|
void altNames76();
|
2009-07-07 12:24:51 +00:00
|
|
|
void sha256cert();
|
2006-10-12 00:05:20 +00:00
|
|
|
void crl();
|
|
|
|
|
void crl2();
|
|
|
|
|
void csr();
|
|
|
|
|
void csr2();
|
|
|
|
|
void cleanupTestCase();
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2006-10-12 00:05:20 +00:00
|
|
|
private:
|
|
|
|
|
QCA::Initializer *m_init;
|
|
|
|
|
};
|
2006-01-29 11:24:50 +00:00
|
|
|
|
|
|
|
|
void CertUnitTest::initTestCase()
|
|
|
|
|
{
|
|
|
|
|
m_init = new QCA::Initializer;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void CertUnitTest::cleanupTestCase()
|
|
|
|
|
{
|
|
|
|
|
delete m_init;
|
|
|
|
|
}
|
|
|
|
|
|
2006-02-03 09:22:55 +00:00
|
|
|
void CertUnitTest::nullCert()
|
|
|
|
|
{
|
|
|
|
|
QStringList providersToTest;
|
2020-02-10 00:29:23 +01:00
|
|
|
providersToTest.append(QStringLiteral("qca-ossl"));
|
2006-02-23 09:49:56 +00:00
|
|
|
// providersToTest.append("qca-botan");
|
2006-02-03 09:22:55 +00:00
|
|
|
|
|
|
|
|
foreach (const QString provider, providersToTest) {
|
|
|
|
|
if (!QCA::isSupported("cert", provider))
|
2020-02-13 00:59:09 +01:00
|
|
|
QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
|
2006-02-03 09:22:55 +00:00
|
|
|
else {
|
|
|
|
|
QCA::Certificate nullCert;
|
2006-04-03 11:43:37 +00:00
|
|
|
QVERIFY(nullCert.isNull());
|
2020-09-06 20:45:09 +02:00
|
|
|
// This is copied on purpose to check the assignment operator
|
|
|
|
|
QCA::Certificate anotherNullCert = nullCert; // NOLINT(performance-unnecessary-copy-initialization)
|
2006-04-03 11:43:37 +00:00
|
|
|
QVERIFY(anotherNullCert.isNull());
|
|
|
|
|
QCOMPARE(nullCert, anotherNullCert);
|
2006-02-03 09:22:55 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2006-10-12 00:53:26 +00:00
|
|
|
void CertUnitTest::noSuchFile()
|
|
|
|
|
{
|
|
|
|
|
QStringList providersToTest;
|
2020-02-10 00:29:23 +01:00
|
|
|
providersToTest.append(QStringLiteral("qca-ossl"));
|
2006-10-12 00:53:26 +00:00
|
|
|
// providersToTest.append("qca-botan");
|
|
|
|
|
|
|
|
|
|
foreach (const QString provider, providersToTest) {
|
|
|
|
|
if (!QCA::isSupported("cert", provider))
|
2020-02-13 00:59:09 +01:00
|
|
|
QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
|
2006-10-12 00:53:26 +00:00
|
|
|
else {
|
|
|
|
|
QCA::ConvertResult resultNoFile;
|
2020-02-10 00:29:23 +01:00
|
|
|
QCA::Certificate cert = QCA::Certificate::fromPEMFile(
|
|
|
|
|
QStringLiteral("thisIsJustaFileNameThatWeDontHave"), &resultNoFile, provider);
|
2006-10-12 00:53:26 +00:00
|
|
|
QCOMPARE(resultNoFile, QCA::ErrorFile);
|
|
|
|
|
QVERIFY(cert.isNull());
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2006-01-29 11:24:50 +00:00
|
|
|
void CertUnitTest::CAcertstest()
|
|
|
|
|
{
|
|
|
|
|
QStringList providersToTest;
|
2020-02-10 00:29:23 +01:00
|
|
|
providersToTest.append(QStringLiteral("qca-ossl"));
|
2006-02-23 09:49:56 +00:00
|
|
|
// providersToTest.append("qca-botan");
|
2006-01-29 11:24:50 +00:00
|
|
|
|
|
|
|
|
foreach (const QString provider, providersToTest) {
|
|
|
|
|
if (!QCA::isSupported("cert", provider))
|
2020-02-13 00:59:09 +01:00
|
|
|
QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
|
2006-01-29 11:24:50 +00:00
|
|
|
else {
|
|
|
|
|
QCA::ConvertResult resultca1;
|
2020-02-10 00:29:23 +01:00
|
|
|
QCA::Certificate ca1 =
|
|
|
|
|
QCA::Certificate::fromPEMFile(QStringLiteral("certs/RootCAcert.pem"), &resultca1, provider);
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2006-01-29 11:24:50 +00:00
|
|
|
QCOMPARE(resultca1, QCA::ConvertGood);
|
|
|
|
|
QCOMPARE(ca1.isNull(), false);
|
2007-06-12 02:30:58 +00:00
|
|
|
QCOMPARE(ca1.pathLimit(), 0);
|
2006-01-29 11:24:50 +00:00
|
|
|
QCOMPARE(ca1.isCA(), true);
|
|
|
|
|
QCOMPARE(ca1.isSelfSigned(), true);
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2007-04-13 19:19:18 +00:00
|
|
|
QCOMPARE(ca1.serialNumber(), QCA::BigInteger(0));
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2020-02-10 00:29:23 +01:00
|
|
|
QCOMPARE(ca1.commonName(), QStringLiteral("For Tests Only"));
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2006-01-29 11:24:50 +00:00
|
|
|
QCOMPARE(ca1.notValidBefore().toString(),
|
|
|
|
|
QDateTime(QDate(2001, 8, 17), QTime(8, 30, 39), Qt::UTC).toString());
|
|
|
|
|
QCOMPARE(ca1.notValidAfter().toString(),
|
|
|
|
|
QDateTime(QDate(2011, 8, 15), QTime(8, 30, 39), Qt::UTC).toString());
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2013-04-02 11:00:43 +00:00
|
|
|
QCOMPARE(ca1.constraints().contains(QCA::DigitalSignature) == true, true);
|
|
|
|
|
QCOMPARE(ca1.constraints().contains(QCA::NonRepudiation) == true, true);
|
|
|
|
|
QCOMPARE(ca1.constraints().contains(QCA::KeyEncipherment) == true, true);
|
|
|
|
|
QCOMPARE(ca1.constraints().contains(QCA::DataEncipherment) == true, false);
|
|
|
|
|
QCOMPARE(ca1.constraints().contains(QCA::KeyAgreement) == true, false);
|
|
|
|
|
QCOMPARE(ca1.constraints().contains(QCA::KeyCertificateSign) == true, true);
|
|
|
|
|
QCOMPARE(ca1.constraints().contains(QCA::CRLSign) == true, true);
|
|
|
|
|
QCOMPARE(ca1.constraints().contains(QCA::EncipherOnly) == true, false);
|
|
|
|
|
QCOMPARE(ca1.constraints().contains(QCA::DecipherOnly) == true, false);
|
|
|
|
|
QCOMPARE(ca1.constraints().contains(QCA::ServerAuth) == true, false);
|
|
|
|
|
QCOMPARE(ca1.constraints().contains(QCA::ClientAuth) == true, false);
|
|
|
|
|
QCOMPARE(ca1.constraints().contains(QCA::CodeSigning) == true, false);
|
|
|
|
|
QCOMPARE(ca1.constraints().contains(QCA::EmailProtection) == true, false);
|
|
|
|
|
QCOMPARE(ca1.constraints().contains(QCA::IPSecEndSystem) == true, false);
|
|
|
|
|
QCOMPARE(ca1.constraints().contains(QCA::IPSecTunnel) == true, false);
|
|
|
|
|
QCOMPARE(ca1.constraints().contains(QCA::IPSecUser) == true, false);
|
|
|
|
|
QCOMPARE(ca1.constraints().contains(QCA::TimeStamping) == true, false);
|
|
|
|
|
QCOMPARE(ca1.constraints().contains(QCA::OCSPSigning) == true, false);
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2006-01-29 11:24:50 +00:00
|
|
|
// no policies on this cert
|
2006-02-01 10:58:56 +00:00
|
|
|
QCOMPARE(ca1.policies().count(), 0);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void CertUnitTest::qualitysslcatest()
|
|
|
|
|
{
|
|
|
|
|
QStringList providersToTest;
|
2020-02-10 00:29:23 +01:00
|
|
|
providersToTest.append(QStringLiteral("qca-ossl"));
|
2006-02-23 09:49:56 +00:00
|
|
|
// providersToTest.append("qca-botan");
|
2006-02-01 10:58:56 +00:00
|
|
|
|
|
|
|
|
foreach (const QString provider, providersToTest) {
|
|
|
|
|
if (!QCA::isSupported("cert", provider))
|
2020-02-13 00:59:09 +01:00
|
|
|
QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
|
2006-02-01 10:58:56 +00:00
|
|
|
else {
|
|
|
|
|
QCA::ConvertResult resultca1;
|
2020-02-10 00:29:23 +01:00
|
|
|
QCA::Certificate ca1 = QCA::Certificate::fromPEMFile(
|
|
|
|
|
QStringLiteral("certs/QualitySSLIntermediateCA.crt"), &resultca1, provider);
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2006-02-01 10:58:56 +00:00
|
|
|
QCOMPARE(resultca1, QCA::ConvertGood);
|
|
|
|
|
QCOMPARE(ca1.isNull(), false);
|
|
|
|
|
QCOMPARE(ca1.isCA(), true);
|
|
|
|
|
QCOMPARE(ca1.isSelfSigned(), false);
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2006-02-03 09:22:55 +00:00
|
|
|
QCOMPARE(ca1.signatureAlgorithm(), QCA::EMSA3_SHA1);
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2007-04-13 19:19:18 +00:00
|
|
|
QCOMPARE(ca1.serialNumber(), QCA::BigInteger("33555098"));
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2020-02-10 00:29:23 +01:00
|
|
|
QCOMPARE(ca1.commonName(), QStringLiteral("Comodo Class 3 Security Services CA"));
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2006-02-01 10:58:56 +00:00
|
|
|
QCOMPARE(ca1.notValidBefore().toString(),
|
|
|
|
|
QDateTime(QDate(2002, 8, 27), QTime(19, 02, 00), Qt::UTC).toString());
|
|
|
|
|
QCOMPARE(ca1.notValidAfter().toString(),
|
|
|
|
|
QDateTime(QDate(2012, 8, 27), QTime(23, 59, 00), Qt::UTC).toString());
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2006-02-03 09:22:55 +00:00
|
|
|
QCOMPARE(ca1.pathLimit(), 0);
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2013-04-02 11:00:43 +00:00
|
|
|
QCOMPARE(ca1.constraints().contains(QCA::DigitalSignature) == true, true);
|
|
|
|
|
QCOMPARE(ca1.constraints().contains(QCA::NonRepudiation) == true, true);
|
|
|
|
|
QCOMPARE(ca1.constraints().contains(QCA::KeyEncipherment) == true, true);
|
|
|
|
|
QCOMPARE(ca1.constraints().contains(QCA::DataEncipherment) == true, false);
|
|
|
|
|
QCOMPARE(ca1.constraints().contains(QCA::KeyAgreement) == true, false);
|
|
|
|
|
QCOMPARE(ca1.constraints().contains(QCA::KeyCertificateSign) == true, true);
|
|
|
|
|
QCOMPARE(ca1.constraints().contains(QCA::CRLSign) == true, true);
|
|
|
|
|
QCOMPARE(ca1.constraints().contains(QCA::EncipherOnly) == true, false);
|
|
|
|
|
QCOMPARE(ca1.constraints().contains(QCA::DecipherOnly) == true, false);
|
|
|
|
|
QCOMPARE(ca1.constraints().contains(QCA::ServerAuth) == true, false);
|
|
|
|
|
QCOMPARE(ca1.constraints().contains(QCA::ClientAuth) == true, false);
|
|
|
|
|
QCOMPARE(ca1.constraints().contains(QCA::CodeSigning) == true, false);
|
|
|
|
|
QCOMPARE(ca1.constraints().contains(QCA::EmailProtection) == true, false);
|
|
|
|
|
QCOMPARE(ca1.constraints().contains(QCA::IPSecEndSystem) == true, false);
|
|
|
|
|
QCOMPARE(ca1.constraints().contains(QCA::IPSecTunnel) == true, false);
|
|
|
|
|
QCOMPARE(ca1.constraints().contains(QCA::IPSecUser) == true, false);
|
|
|
|
|
QCOMPARE(ca1.constraints().contains(QCA::TimeStamping) == true, false);
|
|
|
|
|
QCOMPARE(ca1.constraints().contains(QCA::OCSPSigning) == true, false);
|
2006-01-29 11:24:50 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2006-10-12 00:05:20 +00:00
|
|
|
void CertUnitTest::checkExpiredClientCerts()
|
2006-01-29 11:24:50 +00:00
|
|
|
{
|
|
|
|
|
QStringList providersToTest;
|
2020-02-10 00:29:23 +01:00
|
|
|
providersToTest.append(QStringLiteral("qca-ossl"));
|
2006-02-23 09:49:56 +00:00
|
|
|
// providersToTest.append("qca-botan");
|
2006-01-29 11:24:50 +00:00
|
|
|
|
|
|
|
|
foreach (const QString provider, providersToTest) {
|
|
|
|
|
if (!QCA::isSupported("cert", provider))
|
2020-02-13 00:59:09 +01:00
|
|
|
QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
|
2006-01-29 11:24:50 +00:00
|
|
|
else {
|
|
|
|
|
QCA::ConvertResult resultClient1;
|
2020-02-10 00:29:23 +01:00
|
|
|
QCA::Certificate client1 =
|
|
|
|
|
QCA::Certificate::fromPEMFile(QStringLiteral("certs/User.pem"), &resultClient1, provider);
|
2006-01-29 11:24:50 +00:00
|
|
|
QCOMPARE(resultClient1, QCA::ConvertGood);
|
|
|
|
|
QCOMPARE(client1.isNull(), false);
|
|
|
|
|
QCOMPARE(client1.isCA(), false);
|
|
|
|
|
QCOMPARE(client1.isSelfSigned(), false);
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2007-04-13 19:19:18 +00:00
|
|
|
QCOMPARE(client1.serialNumber(), QCA::BigInteger(2));
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2020-02-10 00:29:23 +01:00
|
|
|
QCOMPARE(client1.commonName(), QStringLiteral("Insecure User Test Cert"));
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2006-01-29 11:24:50 +00:00
|
|
|
QCOMPARE(client1.notValidBefore().toString(),
|
|
|
|
|
QDateTime(QDate(2001, 8, 17), QTime(8, 32, 38), Qt::UTC).toString());
|
|
|
|
|
QCOMPARE(client1.notValidAfter().toString(),
|
|
|
|
|
QDateTime(QDate(2006, 8, 16), QTime(8, 32, 38), Qt::UTC).toString());
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2013-04-02 11:00:43 +00:00
|
|
|
QCOMPARE(client1.constraints().contains(QCA::DigitalSignature) == true, true);
|
|
|
|
|
QCOMPARE(client1.constraints().contains(QCA::NonRepudiation) == true, true);
|
|
|
|
|
QCOMPARE(client1.constraints().contains(QCA::KeyEncipherment) == true, true);
|
|
|
|
|
QCOMPARE(client1.constraints().contains(QCA::DataEncipherment) == true, true);
|
|
|
|
|
QCOMPARE(client1.constraints().contains(QCA::KeyAgreement) == true, false);
|
|
|
|
|
QCOMPARE(client1.constraints().contains(QCA::KeyCertificateSign) == true, false);
|
|
|
|
|
QCOMPARE(client1.constraints().contains(QCA::CRLSign) == true, false);
|
|
|
|
|
QCOMPARE(client1.constraints().contains(QCA::EncipherOnly) == true, false);
|
|
|
|
|
QCOMPARE(client1.constraints().contains(QCA::DecipherOnly) == true, false);
|
|
|
|
|
QCOMPARE(client1.constraints().contains(QCA::ServerAuth) == true, false);
|
|
|
|
|
QCOMPARE(client1.constraints().contains(QCA::ClientAuth) == true, true);
|
|
|
|
|
QCOMPARE(client1.constraints().contains(QCA::CodeSigning) == true, false);
|
|
|
|
|
QCOMPARE(client1.constraints().contains(QCA::EmailProtection) == true, true);
|
|
|
|
|
QCOMPARE(client1.constraints().contains(QCA::IPSecEndSystem) == true, false);
|
|
|
|
|
QCOMPARE(client1.constraints().contains(QCA::IPSecTunnel) == true, false);
|
|
|
|
|
QCOMPARE(client1.constraints().contains(QCA::IPSecUser) == true, false);
|
|
|
|
|
QCOMPARE(client1.constraints().contains(QCA::TimeStamping) == true, false);
|
|
|
|
|
QCOMPARE(client1.constraints().contains(QCA::OCSPSigning) == true, false);
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2006-01-29 11:24:50 +00:00
|
|
|
// no policies on this cert
|
|
|
|
|
QCOMPARE(client1.policies().count(), 0);
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2006-01-29 11:24:50 +00:00
|
|
|
QCA::CertificateInfo subject1 = client1.subjectInfo();
|
|
|
|
|
QCOMPARE(subject1.isEmpty(), false);
|
2020-09-06 21:31:10 +02:00
|
|
|
QCOMPARE(subject1.contains(QCA::Country, QStringLiteral("de")) == true, true);
|
|
|
|
|
QCOMPARE(subject1.contains(QCA::Organization, QStringLiteral("InsecureTestCertificate")) == true, true);
|
|
|
|
|
QCOMPARE(subject1.contains(QCA::CommonName, QStringLiteral("Insecure User Test Cert")) == true, true);
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2006-01-29 11:24:50 +00:00
|
|
|
QCA::CertificateInfo issuer1 = client1.issuerInfo();
|
|
|
|
|
QCOMPARE(issuer1.isEmpty(), false);
|
2020-09-06 21:31:10 +02:00
|
|
|
QCOMPARE(issuer1.contains(QCA::Country, QStringLiteral("de")) == true, true);
|
|
|
|
|
QCOMPARE(issuer1.contains(QCA::Organization, QStringLiteral("InsecureTestCertificate")) == true, true);
|
|
|
|
|
QCOMPARE(issuer1.contains(QCA::CommonName, QStringLiteral("For Tests Only")) == true, true);
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2020-02-10 00:29:23 +01:00
|
|
|
QByteArray subjectKeyID =
|
|
|
|
|
QCA::Hex().stringToArray(QStringLiteral("889E7EF729719D7B280F361AAE6D00D39DE1AADB")).toByteArray();
|
2006-01-29 11:24:50 +00:00
|
|
|
QCOMPARE(client1.subjectKeyId(), subjectKeyID);
|
2020-02-10 00:29:23 +01:00
|
|
|
QCOMPARE(QCA::Hex().arrayToString(client1.issuerKeyId()),
|
|
|
|
|
QStringLiteral("bf53438278d09ec380e51b67ca0500dfb94883a5"));
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2006-01-29 11:24:50 +00:00
|
|
|
QCA::PublicKey pubkey1 = client1.subjectPublicKey();
|
|
|
|
|
QCOMPARE(pubkey1.isNull(), false);
|
|
|
|
|
QCOMPARE(pubkey1.isRSA(), true);
|
|
|
|
|
QCOMPARE(pubkey1.isDSA(), false);
|
|
|
|
|
QCOMPARE(pubkey1.isDH(), false);
|
|
|
|
|
QCOMPARE(pubkey1.isPublic(), true);
|
|
|
|
|
QCOMPARE(pubkey1.isPrivate(), false);
|
|
|
|
|
QCOMPARE(pubkey1.bitSize(), 1024);
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2006-01-29 11:24:50 +00:00
|
|
|
QCOMPARE(client1.pathLimit(), 0);
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2006-01-29 11:24:50 +00:00
|
|
|
QCOMPARE(client1.signatureAlgorithm(), QCA::EMSA3_MD5);
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2006-01-29 11:24:50 +00:00
|
|
|
QCA::CertificateCollection trusted;
|
|
|
|
|
QCA::CertificateCollection untrusted;
|
|
|
|
|
QCOMPARE(client1.validate(trusted, untrusted), QCA::ErrorInvalidCA);
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2006-01-29 11:24:50 +00:00
|
|
|
QCA::ConvertResult resultca1;
|
2020-02-10 00:29:23 +01:00
|
|
|
QCA::Certificate ca1 =
|
|
|
|
|
QCA::Certificate::fromPEMFile(QStringLiteral("certs/RootCAcert.pem"), &resultca1, provider);
|
2006-01-29 11:24:50 +00:00
|
|
|
QCOMPARE(resultca1, QCA::ConvertGood);
|
|
|
|
|
trusted.addCertificate(ca1);
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2006-10-12 00:05:20 +00:00
|
|
|
QCOMPARE(client1.validate(trusted, untrusted), QCA::ErrorExpired);
|
|
|
|
|
QCOMPARE(client1.validate(trusted, untrusted, QCA::UsageAny), QCA::ErrorExpired);
|
|
|
|
|
QCOMPARE(client1.validate(trusted, untrusted, QCA::UsageTLSServer), QCA::ErrorExpired);
|
|
|
|
|
QCOMPARE(client1.validate(trusted, untrusted, QCA::UsageTLSClient), QCA::ErrorExpired);
|
|
|
|
|
QCOMPARE(client1.validate(trusted, untrusted, QCA::UsageCodeSigning), QCA::ErrorExpired);
|
|
|
|
|
QCOMPARE(client1.validate(trusted, untrusted, QCA::UsageTimeStamping), QCA::ErrorExpired);
|
|
|
|
|
QCOMPARE(client1.validate(trusted, untrusted, QCA::UsageEmailProtection), QCA::ErrorExpired);
|
|
|
|
|
QCOMPARE(client1.validate(trusted, untrusted, QCA::UsageCRLSigning), QCA::ErrorExpired);
|
2007-06-12 02:30:58 +00:00
|
|
|
QByteArray derClient1 = client1.toDER();
|
2006-01-29 11:24:50 +00:00
|
|
|
QCOMPARE(derClient1.isEmpty(), false);
|
|
|
|
|
QCA::Certificate fromDer1 = QCA::Certificate::fromDER(derClient1, &resultClient1, provider);
|
|
|
|
|
QCOMPARE(resultClient1, QCA::ConvertGood);
|
2006-02-03 09:22:55 +00:00
|
|
|
QVERIFY(fromDer1 == client1);
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2006-02-03 09:22:55 +00:00
|
|
|
QString pemClient1 = client1.toPEM();
|
|
|
|
|
QCOMPARE(pemClient1.isEmpty(), false);
|
|
|
|
|
QCA::Certificate fromPem1 = QCA::Certificate::fromPEM(pemClient1, &resultClient1, provider);
|
|
|
|
|
QCOMPARE(resultClient1, QCA::ConvertGood);
|
|
|
|
|
QVERIFY(fromPem1 == client1);
|
|
|
|
|
QCOMPARE(fromPem1 != fromDer1, false);
|
2006-01-29 11:24:50 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2006-10-12 00:05:20 +00:00
|
|
|
|
|
|
|
|
void CertUnitTest::checkClientCerts()
|
|
|
|
|
{
|
|
|
|
|
QStringList providersToTest;
|
2020-02-10 00:29:23 +01:00
|
|
|
providersToTest.append(QStringLiteral("qca-ossl"));
|
2006-10-12 00:05:20 +00:00
|
|
|
// providersToTest.append("qca-botan");
|
|
|
|
|
|
|
|
|
|
foreach (const QString provider, providersToTest) {
|
|
|
|
|
if (!QCA::isSupported("cert", provider))
|
2020-02-13 00:59:09 +01:00
|
|
|
QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
|
2006-10-12 00:05:20 +00:00
|
|
|
else {
|
|
|
|
|
QCA::ConvertResult resultClient2;
|
2020-02-10 00:29:23 +01:00
|
|
|
QCA::Certificate client2 =
|
|
|
|
|
QCA::Certificate::fromPEMFile(QStringLiteral("certs/QcaTestClientCert.pem"), &resultClient2, provider);
|
2006-10-12 00:05:20 +00:00
|
|
|
QCOMPARE(resultClient2, QCA::ConvertGood);
|
|
|
|
|
QCOMPARE(client2.isNull(), false);
|
|
|
|
|
QCOMPARE(client2.isCA(), false);
|
|
|
|
|
QCOMPARE(client2.isSelfSigned(), false);
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2007-07-22 04:22:00 +00:00
|
|
|
QCOMPARE(client2.serialNumber(), QCA::BigInteger("13149359243510447488"));
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2020-02-10 00:29:23 +01:00
|
|
|
QCOMPARE(client2.commonName(), QStringLiteral("Qca Test Client Certificate"));
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2013-07-31 21:29:33 +06:00
|
|
|
QCOMPARE(client2.notValidBefore().toString(),
|
|
|
|
|
QDateTime(QDate(2013, 7, 31), QTime(15, 14, 28), Qt::UTC).toString());
|
|
|
|
|
QCOMPARE(client2.notValidAfter().toString(),
|
|
|
|
|
QDateTime(QDate(2033, 7, 26), QTime(15, 14, 28), Qt::UTC).toString());
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2013-04-02 11:00:43 +00:00
|
|
|
QCOMPARE(client2.constraints().contains(QCA::DigitalSignature) == true, true);
|
|
|
|
|
QCOMPARE(client2.constraints().contains(QCA::NonRepudiation) == true, true);
|
|
|
|
|
QCOMPARE(client2.constraints().contains(QCA::KeyEncipherment) == true, true);
|
|
|
|
|
QCOMPARE(client2.constraints().contains(QCA::DataEncipherment) == true, true);
|
|
|
|
|
QCOMPARE(client2.constraints().contains(QCA::KeyAgreement) == true, false);
|
|
|
|
|
QCOMPARE(client2.constraints().contains(QCA::KeyCertificateSign) == true, false);
|
|
|
|
|
QCOMPARE(client2.constraints().contains(QCA::CRLSign) == true, false);
|
|
|
|
|
QCOMPARE(client2.constraints().contains(QCA::EncipherOnly) == true, false);
|
|
|
|
|
QCOMPARE(client2.constraints().contains(QCA::DecipherOnly) == true, false);
|
|
|
|
|
QCOMPARE(client2.constraints().contains(QCA::ServerAuth) == true, false);
|
|
|
|
|
QCOMPARE(client2.constraints().contains(QCA::ClientAuth) == true, true);
|
|
|
|
|
QCOMPARE(client2.constraints().contains(QCA::CodeSigning) == true, false);
|
|
|
|
|
QCOMPARE(client2.constraints().contains(QCA::EmailProtection) == true, true);
|
|
|
|
|
QCOMPARE(client2.constraints().contains(QCA::IPSecEndSystem) == true, false);
|
|
|
|
|
QCOMPARE(client2.constraints().contains(QCA::IPSecTunnel) == true, false);
|
|
|
|
|
QCOMPARE(client2.constraints().contains(QCA::IPSecUser) == true, false);
|
|
|
|
|
QCOMPARE(client2.constraints().contains(QCA::TimeStamping) == true, false);
|
|
|
|
|
QCOMPARE(client2.constraints().contains(QCA::OCSPSigning) == true, false);
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2006-10-12 00:05:20 +00:00
|
|
|
// no policies on this cert
|
|
|
|
|
QCOMPARE(client2.policies().count(), 0);
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2006-10-12 00:05:20 +00:00
|
|
|
QCA::CertificateInfo subject2 = client2.subjectInfo();
|
|
|
|
|
QCOMPARE(subject2.isEmpty(), false);
|
2020-09-06 21:31:10 +02:00
|
|
|
QVERIFY(subject2.contains(QCA::Country, QStringLiteral("US")));
|
|
|
|
|
QVERIFY(subject2.contains(QCA::Organization, QStringLiteral("Qca Development and Test")));
|
|
|
|
|
QVERIFY(subject2.contains(QCA::OrganizationalUnit, QStringLiteral("Certificate Generation Section")));
|
|
|
|
|
QVERIFY(subject2.contains(QCA::CommonName, QStringLiteral("Qca Test Client Certificate")));
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2006-10-12 00:05:20 +00:00
|
|
|
QCA::CertificateInfo issuer2 = client2.issuerInfo();
|
|
|
|
|
QCOMPARE(issuer2.isEmpty(), false);
|
2020-09-06 21:31:10 +02:00
|
|
|
QVERIFY(issuer2.contains(QCA::Country, QStringLiteral("AU")));
|
|
|
|
|
QVERIFY(issuer2.contains(QCA::Organization, QStringLiteral("Qca Development and Test")));
|
|
|
|
|
QVERIFY(issuer2.contains(QCA::CommonName, QStringLiteral("Qca Test Root Certificate")));
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2020-02-10 00:29:23 +01:00
|
|
|
QByteArray subjectKeyID =
|
|
|
|
|
QCA::Hex().stringToArray(QStringLiteral("1e604e03127d287ba40427a961b428a2d09b50d1")).toByteArray();
|
2006-10-12 00:05:20 +00:00
|
|
|
QCOMPARE(client2.subjectKeyId(), subjectKeyID);
|
2020-02-10 00:29:23 +01:00
|
|
|
QCOMPARE(QCA::Hex().arrayToString(client2.issuerKeyId()),
|
|
|
|
|
QStringLiteral("f61c451de1b0458138c60568c1a7cb0f7ade0363"));
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2006-10-12 00:05:20 +00:00
|
|
|
QCA::PublicKey pubkey2 = client2.subjectPublicKey();
|
|
|
|
|
QCOMPARE(pubkey2.isNull(), false);
|
|
|
|
|
QCOMPARE(pubkey2.isRSA(), true);
|
|
|
|
|
QCOMPARE(pubkey2.isDSA(), false);
|
|
|
|
|
QCOMPARE(pubkey2.isDH(), false);
|
|
|
|
|
QCOMPARE(pubkey2.isPublic(), true);
|
|
|
|
|
QCOMPARE(pubkey2.isPrivate(), false);
|
|
|
|
|
QCOMPARE(pubkey2.bitSize(), 1024);
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2006-10-12 00:05:20 +00:00
|
|
|
QCOMPARE(client2.pathLimit(), 0);
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2007-07-22 04:22:00 +00:00
|
|
|
QCOMPARE(client2.signatureAlgorithm(), QCA::EMSA3_SHA1);
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2006-10-12 00:05:20 +00:00
|
|
|
QCA::CertificateCollection trusted;
|
|
|
|
|
QCA::CertificateCollection untrusted;
|
|
|
|
|
QCOMPARE(client2.validate(trusted, untrusted), QCA::ErrorInvalidCA);
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2006-10-12 00:05:20 +00:00
|
|
|
QCA::ConvertResult resultca2;
|
2020-02-10 00:29:23 +01:00
|
|
|
QCA::Certificate ca2 =
|
|
|
|
|
QCA::Certificate::fromPEMFile(QStringLiteral("certs/QcaTestRootCert.pem"), &resultca2, provider);
|
2006-10-12 00:05:20 +00:00
|
|
|
QCOMPARE(resultca2, QCA::ConvertGood);
|
|
|
|
|
trusted.addCertificate(ca2);
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2006-10-12 00:05:20 +00:00
|
|
|
QCOMPARE(client2.validate(trusted, untrusted), QCA::ValidityGood);
|
|
|
|
|
QCOMPARE(client2.validate(trusted, untrusted, QCA::UsageAny), QCA::ValidityGood);
|
2006-10-12 00:53:26 +00:00
|
|
|
QCOMPARE(client2.validate(trusted, untrusted, QCA::UsageTLSServer), QCA::ErrorInvalidPurpose);
|
2006-10-12 00:05:20 +00:00
|
|
|
QCOMPARE(client2.validate(trusted, untrusted, QCA::UsageTLSClient), QCA::ValidityGood);
|
2006-10-12 00:53:26 +00:00
|
|
|
QCOMPARE(client2.validate(trusted, untrusted, QCA::UsageCodeSigning), QCA::ErrorInvalidPurpose);
|
|
|
|
|
QCOMPARE(client2.validate(trusted, untrusted, QCA::UsageTimeStamping), QCA::ErrorInvalidPurpose);
|
|
|
|
|
QCOMPARE(client2.validate(trusted, untrusted, QCA::UsageEmailProtection), QCA::ValidityGood);
|
|
|
|
|
QCOMPARE(client2.validate(trusted, untrusted, QCA::UsageCRLSigning), QCA::ErrorInvalidPurpose);
|
2007-06-12 02:30:58 +00:00
|
|
|
QByteArray derClient2 = client2.toDER();
|
2006-10-12 00:05:20 +00:00
|
|
|
QCOMPARE(derClient2.isEmpty(), false);
|
|
|
|
|
QCA::Certificate fromDer2 = QCA::Certificate::fromDER(derClient2, &resultClient2, provider);
|
|
|
|
|
QCOMPARE(resultClient2, QCA::ConvertGood);
|
|
|
|
|
QVERIFY(fromDer2 == client2);
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2006-10-12 00:05:20 +00:00
|
|
|
QString pemClient2 = client2.toPEM();
|
|
|
|
|
QCOMPARE(pemClient2.isEmpty(), false);
|
|
|
|
|
QCA::Certificate fromPem2 = QCA::Certificate::fromPEM(pemClient2, &resultClient2, provider);
|
|
|
|
|
QCOMPARE(resultClient2, QCA::ConvertGood);
|
|
|
|
|
QVERIFY(fromPem2 == client2);
|
|
|
|
|
QCOMPARE(fromPem2 != fromDer2, false);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2006-05-13 11:07:11 +00:00
|
|
|
void CertUnitTest::derCAcertstest()
|
|
|
|
|
{
|
|
|
|
|
QStringList providersToTest;
|
2020-02-10 00:29:23 +01:00
|
|
|
providersToTest.append(QStringLiteral("qca-ossl"));
|
2006-05-13 11:07:11 +00:00
|
|
|
|
|
|
|
|
foreach (const QString provider, providersToTest) {
|
|
|
|
|
if (!QCA::isSupported("cert", provider))
|
2020-02-13 00:59:09 +01:00
|
|
|
QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
|
2006-05-13 11:07:11 +00:00
|
|
|
else {
|
2020-02-10 00:29:23 +01:00
|
|
|
QFile f(QStringLiteral("certs/ov-root-ca-cert.crt"));
|
2006-05-13 11:07:11 +00:00
|
|
|
QVERIFY(f.open(QFile::ReadOnly));
|
|
|
|
|
QByteArray der = f.readAll();
|
|
|
|
|
QCA::ConvertResult resultca1;
|
2007-06-12 02:30:58 +00:00
|
|
|
QCA::Certificate ca1 = QCA::Certificate::fromDER(der, &resultca1, provider);
|
2006-05-13 11:07:11 +00:00
|
|
|
|
|
|
|
|
QCOMPARE(resultca1, QCA::ConvertGood);
|
|
|
|
|
|
|
|
|
|
QCOMPARE(ca1.pathLimit(), 0);
|
|
|
|
|
|
|
|
|
|
QCOMPARE(ca1.isNull(), false);
|
|
|
|
|
QCOMPARE(ca1.isCA(), true);
|
|
|
|
|
|
|
|
|
|
QCOMPARE(ca1.isSelfSigned(), true);
|
|
|
|
|
|
2007-04-13 19:19:18 +00:00
|
|
|
QCOMPARE(ca1.serialNumber(), QCA::BigInteger(0));
|
2006-05-13 11:07:11 +00:00
|
|
|
|
2020-02-10 00:29:23 +01:00
|
|
|
QCOMPARE(ca1.commonName(), QStringLiteral("For Tests Only"));
|
2006-05-13 11:07:11 +00:00
|
|
|
|
|
|
|
|
QCA::CertificateInfo si = ca1.subjectInfo();
|
|
|
|
|
QCOMPARE(si.isEmpty(), false);
|
2020-02-10 00:29:23 +01:00
|
|
|
QCOMPARE(si.value(QCA::CommonName), QStringLiteral("For Tests Only"));
|
|
|
|
|
QCOMPARE(si.value(QCA::Organization), QStringLiteral("InsecureTestCertificate"));
|
|
|
|
|
QCOMPARE(si.value(QCA::Country), QStringLiteral("de"));
|
2006-05-13 11:07:11 +00:00
|
|
|
|
|
|
|
|
QCA::CertificateInfo ii = ca1.issuerInfo();
|
|
|
|
|
QCOMPARE(ii.isEmpty(), false);
|
2020-02-10 00:29:23 +01:00
|
|
|
QCOMPARE(ii.value(QCA::CommonName), QStringLiteral("For Tests Only"));
|
|
|
|
|
QCOMPARE(ii.value(QCA::Organization), QStringLiteral("InsecureTestCertificate"));
|
|
|
|
|
QCOMPARE(ii.value(QCA::Country), QStringLiteral("de"));
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2006-05-13 11:07:11 +00:00
|
|
|
QCOMPARE(ca1.notValidBefore().toString(),
|
|
|
|
|
QDateTime(QDate(2001, 8, 17), QTime(8, 30, 39), Qt::UTC).toString());
|
|
|
|
|
QCOMPARE(ca1.notValidAfter().toString(),
|
|
|
|
|
QDateTime(QDate(2011, 8, 15), QTime(8, 30, 39), Qt::UTC).toString());
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2013-04-02 11:00:43 +00:00
|
|
|
QCOMPARE(ca1.constraints().contains(QCA::DigitalSignature) == true, true);
|
|
|
|
|
QCOMPARE(ca1.constraints().contains(QCA::NonRepudiation) == true, true);
|
|
|
|
|
QCOMPARE(ca1.constraints().contains(QCA::KeyEncipherment) == true, true);
|
|
|
|
|
QCOMPARE(ca1.constraints().contains(QCA::DataEncipherment) == true, false);
|
|
|
|
|
QCOMPARE(ca1.constraints().contains(QCA::KeyAgreement) == true, false);
|
|
|
|
|
QCOMPARE(ca1.constraints().contains(QCA::KeyCertificateSign) == true, true);
|
|
|
|
|
QCOMPARE(ca1.constraints().contains(QCA::CRLSign) == true, true);
|
|
|
|
|
QCOMPARE(ca1.constraints().contains(QCA::EncipherOnly) == true, false);
|
|
|
|
|
QCOMPARE(ca1.constraints().contains(QCA::DecipherOnly) == true, false);
|
|
|
|
|
QCOMPARE(ca1.constraints().contains(QCA::ServerAuth) == true, false);
|
|
|
|
|
QCOMPARE(ca1.constraints().contains(QCA::ClientAuth) == true, false);
|
|
|
|
|
QCOMPARE(ca1.constraints().contains(QCA::CodeSigning) == true, false);
|
|
|
|
|
QCOMPARE(ca1.constraints().contains(QCA::EmailProtection) == true, false);
|
|
|
|
|
QCOMPARE(ca1.constraints().contains(QCA::IPSecEndSystem) == true, false);
|
|
|
|
|
QCOMPARE(ca1.constraints().contains(QCA::IPSecTunnel) == true, false);
|
|
|
|
|
QCOMPARE(ca1.constraints().contains(QCA::IPSecUser) == true, false);
|
|
|
|
|
QCOMPARE(ca1.constraints().contains(QCA::TimeStamping) == true, false);
|
|
|
|
|
QCOMPARE(ca1.constraints().contains(QCA::OCSPSigning) == true, false);
|
2006-05-13 11:07:11 +00:00
|
|
|
|
|
|
|
|
// no policies on this cert
|
|
|
|
|
QCOMPARE(ca1.policies().count(), 0);
|
|
|
|
|
|
|
|
|
|
QCOMPARE(ca1.signatureAlgorithm(), QCA::EMSA3_MD5);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2006-01-29 11:24:50 +00:00
|
|
|
|
2006-02-23 09:49:56 +00:00
|
|
|
void CertUnitTest::altName()
|
|
|
|
|
{
|
|
|
|
|
QStringList providersToTest;
|
2020-02-10 00:29:23 +01:00
|
|
|
providersToTest.append(QStringLiteral("qca-ossl"));
|
2006-02-23 09:49:56 +00:00
|
|
|
// providersToTest.append("qca-botan");
|
|
|
|
|
|
|
|
|
|
foreach (const QString provider, providersToTest) {
|
|
|
|
|
if (!QCA::isSupported("cert", provider))
|
2020-02-13 00:59:09 +01:00
|
|
|
QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
|
2006-02-23 09:49:56 +00:00
|
|
|
else {
|
|
|
|
|
QCA::ConvertResult resultClient1;
|
2020-02-10 00:29:23 +01:00
|
|
|
QCA::Certificate client1 =
|
|
|
|
|
QCA::Certificate::fromPEMFile(QStringLiteral("certs/altname.pem"), &resultClient1, provider);
|
2006-02-23 09:49:56 +00:00
|
|
|
QCOMPARE(resultClient1, QCA::ConvertGood);
|
|
|
|
|
QCOMPARE(client1.isNull(), false);
|
|
|
|
|
QCOMPARE(client1.isCA(), false);
|
|
|
|
|
QCOMPARE(client1.isSelfSigned(), false);
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2007-04-13 19:19:18 +00:00
|
|
|
QCOMPARE(client1.serialNumber(), QCA::BigInteger(1));
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2020-02-10 00:29:23 +01:00
|
|
|
QCOMPARE(client1.commonName(), QStringLiteral("Valid RFC822 nameConstraints EE Certificate Test21"));
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2013-04-02 11:00:43 +00:00
|
|
|
QCOMPARE(client1.constraints().contains(QCA::DigitalSignature) == true, true);
|
|
|
|
|
QCOMPARE(client1.constraints().contains(QCA::NonRepudiation) == true, true);
|
|
|
|
|
QCOMPARE(client1.constraints().contains(QCA::KeyEncipherment) == true, true);
|
|
|
|
|
QCOMPARE(client1.constraints().contains(QCA::DataEncipherment) == true, true);
|
|
|
|
|
QCOMPARE(client1.constraints().contains(QCA::KeyAgreement) == true, false);
|
|
|
|
|
QCOMPARE(client1.constraints().contains(QCA::KeyCertificateSign) == true, false);
|
|
|
|
|
QCOMPARE(client1.constraints().contains(QCA::CRLSign) == true, false);
|
|
|
|
|
QCOMPARE(client1.constraints().contains(QCA::EncipherOnly) == true, false);
|
|
|
|
|
QCOMPARE(client1.constraints().contains(QCA::DecipherOnly) == true, false);
|
|
|
|
|
QCOMPARE(client1.constraints().contains(QCA::ServerAuth) == true, false);
|
|
|
|
|
QCOMPARE(client1.constraints().contains(QCA::ClientAuth) == true, false);
|
|
|
|
|
QCOMPARE(client1.constraints().contains(QCA::CodeSigning) == true, false);
|
|
|
|
|
QCOMPARE(client1.constraints().contains(QCA::EmailProtection) == true, false);
|
|
|
|
|
QCOMPARE(client1.constraints().contains(QCA::IPSecEndSystem) == true, false);
|
|
|
|
|
QCOMPARE(client1.constraints().contains(QCA::IPSecTunnel) == true, false);
|
|
|
|
|
QCOMPARE(client1.constraints().contains(QCA::IPSecUser) == true, false);
|
|
|
|
|
QCOMPARE(client1.constraints().contains(QCA::TimeStamping) == true, false);
|
|
|
|
|
QCOMPARE(client1.constraints().contains(QCA::OCSPSigning) == true, false);
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2006-02-23 09:49:56 +00:00
|
|
|
QCOMPARE(client1.policies().count(), 1);
|
2020-02-10 00:29:23 +01:00
|
|
|
QCOMPARE(client1.policies().at(0), QStringLiteral("2.16.840.1.101.3.2.1.48.1"));
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2006-02-23 09:49:56 +00:00
|
|
|
QCA::CertificateInfo subject1 = client1.subjectInfo();
|
|
|
|
|
QCOMPARE(subject1.isEmpty(), false);
|
2020-09-06 21:31:10 +02:00
|
|
|
QVERIFY(subject1.contains(QCA::Country, QStringLiteral("US")));
|
|
|
|
|
QVERIFY(subject1.contains(QCA::Organization, QStringLiteral("Test Certificates")));
|
|
|
|
|
QVERIFY(subject1.contains(QCA::CommonName,
|
|
|
|
|
QStringLiteral("Valid RFC822 nameConstraints EE Certificate Test21")));
|
|
|
|
|
QVERIFY(subject1.contains(QCA::Email, QStringLiteral("Test21EE@mailserver.testcertificates.gov")));
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2006-02-23 09:49:56 +00:00
|
|
|
QCA::CertificateInfo issuer1 = client1.issuerInfo();
|
|
|
|
|
QCOMPARE(issuer1.isEmpty(), false);
|
2020-09-06 21:31:10 +02:00
|
|
|
QVERIFY(issuer1.contains(QCA::Country, QStringLiteral("US")));
|
|
|
|
|
QVERIFY(issuer1.contains(QCA::Organization, QStringLiteral("Test Certificates")));
|
|
|
|
|
QVERIFY(issuer1.contains(QCA::CommonName, QStringLiteral("nameConstraints RFC822 CA1")));
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2020-02-10 00:29:23 +01:00
|
|
|
QByteArray subjectKeyID =
|
|
|
|
|
QCA::Hex().stringToArray(QStringLiteral("b4200d42cd95ea87d463d54f0ed6d10fe5b73bfb")).toByteArray();
|
2006-02-23 09:49:56 +00:00
|
|
|
QCOMPARE(client1.subjectKeyId(), subjectKeyID);
|
2020-02-10 00:29:23 +01:00
|
|
|
QCOMPARE(QCA::Hex().arrayToString(client1.issuerKeyId()),
|
|
|
|
|
QStringLiteral("e37f857a8ea23b9eeeb8121d7913aac4bd2e59ad"));
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2006-02-23 09:49:56 +00:00
|
|
|
QCA::PublicKey pubkey1 = client1.subjectPublicKey();
|
|
|
|
|
QCOMPARE(pubkey1.isNull(), false);
|
|
|
|
|
QCOMPARE(pubkey1.isRSA(), true);
|
|
|
|
|
QCOMPARE(pubkey1.isDSA(), false);
|
|
|
|
|
QCOMPARE(pubkey1.isDH(), false);
|
|
|
|
|
QCOMPARE(pubkey1.isPublic(), true);
|
|
|
|
|
QCOMPARE(pubkey1.isPrivate(), false);
|
|
|
|
|
QCOMPARE(pubkey1.bitSize(), 1024);
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2006-02-23 09:49:56 +00:00
|
|
|
QCOMPARE(client1.pathLimit(), 0);
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2006-02-23 09:49:56 +00:00
|
|
|
QCOMPARE(client1.signatureAlgorithm(), QCA::EMSA3_SHA1);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2006-02-23 10:39:39 +00:00
|
|
|
|
|
|
|
|
void CertUnitTest::extXMPP()
|
|
|
|
|
{
|
|
|
|
|
QStringList providersToTest;
|
2020-02-10 00:29:23 +01:00
|
|
|
providersToTest.append(QStringLiteral("qca-ossl"));
|
2006-02-23 10:39:39 +00:00
|
|
|
// providersToTest.append("qca-botan");
|
|
|
|
|
|
|
|
|
|
foreach (const QString provider, providersToTest) {
|
|
|
|
|
if (!QCA::isSupported("cert", provider))
|
2020-02-13 00:59:09 +01:00
|
|
|
QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
|
2006-02-23 10:39:39 +00:00
|
|
|
else {
|
|
|
|
|
QCA::ConvertResult resultClient1;
|
2020-02-10 00:29:23 +01:00
|
|
|
QCA::Certificate client1 =
|
|
|
|
|
QCA::Certificate::fromPEMFile(QStringLiteral("certs/xmppcert.pem"), &resultClient1, provider);
|
2006-02-23 10:39:39 +00:00
|
|
|
QCOMPARE(resultClient1, QCA::ConvertGood);
|
|
|
|
|
QCOMPARE(client1.isNull(), false);
|
|
|
|
|
QCOMPARE(client1.isCA(), false);
|
|
|
|
|
QCOMPARE(client1.isSelfSigned(), true);
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2007-04-13 19:19:18 +00:00
|
|
|
QCOMPARE(client1.serialNumber(), QCA::BigInteger("9635301556349760241"));
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2020-02-10 00:29:23 +01:00
|
|
|
QCOMPARE(client1.commonName(), QStringLiteral("demo.jabber.com"));
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2006-02-23 10:39:39 +00:00
|
|
|
QCA::CertificateInfo subject1 = client1.subjectInfo();
|
|
|
|
|
QCOMPARE(subject1.isEmpty(), false);
|
2020-09-06 21:31:10 +02:00
|
|
|
QVERIFY(subject1.contains(QCA::Country, QStringLiteral("US")));
|
|
|
|
|
QVERIFY(subject1.contains(QCA::Organization, QStringLiteral("Jabber, Inc.")));
|
|
|
|
|
QVERIFY(subject1.contains(QCA::Locality, QStringLiteral("Denver")));
|
|
|
|
|
QVERIFY(subject1.contains(QCA::State, QStringLiteral("Colorado")));
|
|
|
|
|
QVERIFY(subject1.contains(QCA::CommonName, QStringLiteral("demo.jabber.com")));
|
|
|
|
|
QVERIFY(subject1.contains(QCA::DNS, QStringLiteral("demo.jabber.com")));
|
|
|
|
|
QVERIFY(subject1.contains(QCA::XMPP, QStringLiteral("demo.jabber.com")));
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2006-02-23 10:39:39 +00:00
|
|
|
QCA::CertificateInfo issuer1 = client1.issuerInfo();
|
|
|
|
|
QCOMPARE(issuer1.isEmpty(), false);
|
2020-09-06 21:31:10 +02:00
|
|
|
QVERIFY(issuer1.contains(QCA::Country, QStringLiteral("US")));
|
|
|
|
|
QVERIFY(issuer1.contains(QCA::Organization, QStringLiteral("Jabber, Inc.")));
|
|
|
|
|
QVERIFY(issuer1.contains(QCA::Locality, QStringLiteral("Denver")));
|
|
|
|
|
QVERIFY(issuer1.contains(QCA::State, QStringLiteral("Colorado")));
|
|
|
|
|
QVERIFY(issuer1.contains(QCA::CommonName, QStringLiteral("demo.jabber.com")));
|
2006-02-23 10:39:39 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2006-02-23 09:49:56 +00:00
|
|
|
|
2006-05-13 11:07:11 +00:00
|
|
|
void CertUnitTest::altNames76()
|
|
|
|
|
{
|
|
|
|
|
QStringList providersToTest;
|
2020-02-10 00:29:23 +01:00
|
|
|
providersToTest.append(QStringLiteral("qca-ossl"));
|
2006-05-13 11:07:11 +00:00
|
|
|
// providersToTest.append("qca-botan");
|
|
|
|
|
|
|
|
|
|
foreach (const QString provider, providersToTest) {
|
|
|
|
|
if (!QCA::isSupported("cert", provider))
|
2020-02-13 00:59:09 +01:00
|
|
|
QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
|
2006-05-13 11:07:11 +00:00
|
|
|
else {
|
|
|
|
|
QCA::ConvertResult resultClient1;
|
2020-02-10 00:29:23 +01:00
|
|
|
QCA::Certificate client1 =
|
|
|
|
|
QCA::Certificate::fromPEMFile(QStringLiteral("certs/76.pem"), &resultClient1, provider);
|
2006-05-13 11:07:11 +00:00
|
|
|
QCOMPARE(resultClient1, QCA::ConvertGood);
|
|
|
|
|
QCOMPARE(client1.isNull(), false);
|
|
|
|
|
QCOMPARE(client1.isCA(), false);
|
|
|
|
|
QCOMPARE(client1.isSelfSigned(), false);
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2007-04-13 19:19:18 +00:00
|
|
|
QCOMPARE(client1.serialNumber(), QCA::BigInteger(118));
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2020-02-10 00:29:23 +01:00
|
|
|
QCOMPARE(client1.commonName(), QStringLiteral("sip1.su.se"));
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2013-04-02 11:00:43 +00:00
|
|
|
QCOMPARE(client1.constraints().contains(QCA::DigitalSignature) == true, true);
|
|
|
|
|
QCOMPARE(client1.constraints().contains(QCA::NonRepudiation) == true, true);
|
|
|
|
|
QCOMPARE(client1.constraints().contains(QCA::KeyEncipherment) == true, true);
|
|
|
|
|
QCOMPARE(client1.constraints().contains(QCA::DataEncipherment) == true, false);
|
|
|
|
|
QCOMPARE(client1.constraints().contains(QCA::KeyAgreement) == true, false);
|
|
|
|
|
QCOMPARE(client1.constraints().contains(QCA::KeyCertificateSign) == true, false);
|
|
|
|
|
QCOMPARE(client1.constraints().contains(QCA::CRLSign) == true, false);
|
|
|
|
|
QCOMPARE(client1.constraints().contains(QCA::EncipherOnly) == true, false);
|
|
|
|
|
QCOMPARE(client1.constraints().contains(QCA::DecipherOnly) == true, false);
|
|
|
|
|
QCOMPARE(client1.constraints().contains(QCA::ServerAuth) == true, true);
|
|
|
|
|
QCOMPARE(client1.constraints().contains(QCA::ClientAuth) == true, true);
|
|
|
|
|
QCOMPARE(client1.constraints().contains(QCA::CodeSigning) == true, false);
|
|
|
|
|
QCOMPARE(client1.constraints().contains(QCA::EmailProtection) == true, false);
|
|
|
|
|
QCOMPARE(client1.constraints().contains(QCA::IPSecEndSystem) == true, false);
|
|
|
|
|
QCOMPARE(client1.constraints().contains(QCA::IPSecTunnel) == true, false);
|
|
|
|
|
QCOMPARE(client1.constraints().contains(QCA::IPSecUser) == true, false);
|
|
|
|
|
QCOMPARE(client1.constraints().contains(QCA::TimeStamping) == true, false);
|
|
|
|
|
QCOMPARE(client1.constraints().contains(QCA::OCSPSigning) == true, false);
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2006-05-13 11:07:11 +00:00
|
|
|
QCOMPARE(client1.policies().count(), 1);
|
|
|
|
|
|
|
|
|
|
QCA::CertificateInfo subject1 = client1.subjectInfo();
|
|
|
|
|
QCOMPARE(subject1.isEmpty(), false);
|
2020-09-06 21:31:10 +02:00
|
|
|
QVERIFY(subject1.contains(QCA::Country, QStringLiteral("SE")));
|
|
|
|
|
QVERIFY(subject1.contains(QCA::Organization, QStringLiteral("Stockholms universitet")));
|
|
|
|
|
QVERIFY(subject1.contains(QCA::CommonName, QStringLiteral("sip1.su.se")));
|
2020-02-12 16:55:18 +01:00
|
|
|
QCOMPARE(subject1.values(QCA::Email).count(), 0); // clazy:exclude=container-anti-pattern
|
|
|
|
|
QCOMPARE(subject1.values(QCA::DNS).count(), 8); // clazy:exclude=container-anti-pattern
|
2020-09-06 21:31:10 +02:00
|
|
|
QVERIFY(subject1.contains(QCA::DNS, QStringLiteral("incomingproxy.sip.su.se")));
|
|
|
|
|
QVERIFY(subject1.contains(QCA::DNS, QStringLiteral("incomingproxy1.sip.su.se")));
|
|
|
|
|
QVERIFY(subject1.contains(QCA::DNS, QStringLiteral("outgoingproxy.sip.su.se")));
|
|
|
|
|
QVERIFY(subject1.contains(QCA::DNS, QStringLiteral("outgoingproxy1.sip.su.se")));
|
|
|
|
|
QVERIFY(subject1.contains(QCA::DNS, QStringLiteral("out.sip.su.se")));
|
|
|
|
|
QVERIFY(subject1.contains(QCA::DNS, QStringLiteral("appserver.sip.su.se")));
|
|
|
|
|
QVERIFY(subject1.contains(QCA::DNS, QStringLiteral("appserver1.sip.su.se")));
|
|
|
|
|
QVERIFY(subject1.contains(QCA::DNS, QStringLiteral("sip1.su.se")));
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2020-02-10 00:29:23 +01:00
|
|
|
QVERIFY(client1.matchesHostName(QStringLiteral("incomingproxy.sip.su.se")));
|
|
|
|
|
QVERIFY(client1.matchesHostName(QStringLiteral("incomingproxy1.sip.su.se")));
|
|
|
|
|
QVERIFY(client1.matchesHostName(QStringLiteral("outgoingproxy.sip.su.se")));
|
|
|
|
|
QVERIFY(client1.matchesHostName(QStringLiteral("outgoingproxy1.sip.su.se")));
|
|
|
|
|
QVERIFY(client1.matchesHostName(QStringLiteral("out.sip.su.se")));
|
|
|
|
|
QVERIFY(client1.matchesHostName(QStringLiteral("appserver.sip.su.se")));
|
|
|
|
|
QVERIFY(client1.matchesHostName(QStringLiteral("appserver1.sip.su.se")));
|
|
|
|
|
QVERIFY(client1.matchesHostName(QStringLiteral("sip1.su.se")));
|
2006-05-14 00:34:57 +00:00
|
|
|
|
2006-05-13 11:07:11 +00:00
|
|
|
QCA::CertificateInfo issuer1 = client1.issuerInfo();
|
|
|
|
|
QCOMPARE(issuer1.isEmpty(), false);
|
2020-09-06 21:31:10 +02:00
|
|
|
QVERIFY(issuer1.contains(QCA::Country, QStringLiteral("SE")));
|
|
|
|
|
QVERIFY(issuer1.contains(QCA::Organization, QStringLiteral("Stockholms universitet")));
|
|
|
|
|
QVERIFY(issuer1.contains(QCA::CommonName, QStringLiteral("Stockholm University CA")));
|
|
|
|
|
QVERIFY(issuer1.contains(QCA::URI, QStringLiteral("http://ca.su.se")));
|
|
|
|
|
QVERIFY(issuer1.contains(QCA::Email, QStringLiteral("ca@su.se")));
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2020-02-10 00:29:23 +01:00
|
|
|
QByteArray subjectKeyID =
|
|
|
|
|
QCA::Hex().stringToArray(QStringLiteral("3a5c5cd1cc2c9edf73f73bd81b59b1eab83035c5")).toByteArray();
|
2006-05-13 11:07:11 +00:00
|
|
|
QCOMPARE(client1.subjectKeyId(), subjectKeyID);
|
2020-02-10 00:29:23 +01:00
|
|
|
QCOMPARE(QCA::Hex().arrayToString(client1.issuerKeyId()),
|
|
|
|
|
QStringLiteral("9e2e30ba37d95144c99dbf1821f1bd7eeeb58648"));
|
2006-05-13 11:07:11 +00:00
|
|
|
|
|
|
|
|
QCA::PublicKey pubkey1 = client1.subjectPublicKey();
|
|
|
|
|
QCOMPARE(pubkey1.isNull(), false);
|
|
|
|
|
QCOMPARE(pubkey1.isRSA(), true);
|
|
|
|
|
QCOMPARE(pubkey1.isDSA(), false);
|
|
|
|
|
QCOMPARE(pubkey1.isDH(), false);
|
|
|
|
|
QCOMPARE(pubkey1.isPublic(), true);
|
|
|
|
|
QCOMPARE(pubkey1.isPrivate(), false);
|
|
|
|
|
QCOMPARE(pubkey1.bitSize(), 1024);
|
|
|
|
|
|
|
|
|
|
QCOMPARE(client1.pathLimit(), 0);
|
|
|
|
|
|
|
|
|
|
QCOMPARE(client1.signatureAlgorithm(), QCA::EMSA3_SHA1);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2006-01-29 11:24:50 +00:00
|
|
|
|
2009-07-07 12:24:51 +00:00
|
|
|
void CertUnitTest::sha256cert()
|
|
|
|
|
{
|
|
|
|
|
QStringList providersToTest;
|
2020-02-10 00:29:23 +01:00
|
|
|
providersToTest.append(QStringLiteral("qca-ossl"));
|
2009-07-07 12:24:51 +00:00
|
|
|
// providersToTest.append("qca-botan");
|
|
|
|
|
|
|
|
|
|
foreach (const QString provider, providersToTest) {
|
|
|
|
|
if (!QCA::isSupported("cert", provider))
|
2020-02-13 00:59:09 +01:00
|
|
|
QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
|
2009-07-07 12:24:51 +00:00
|
|
|
else {
|
2020-02-10 00:29:23 +01:00
|
|
|
QFile f(QStringLiteral("certs/RAIZ2007_CERTIFICATE_AND_CRL_SIGNING_SHA256.crt"));
|
2009-07-07 12:24:51 +00:00
|
|
|
QVERIFY(f.open(QFile::ReadOnly));
|
|
|
|
|
QByteArray der = f.readAll();
|
|
|
|
|
QCA::ConvertResult resultcert;
|
|
|
|
|
QCA::Certificate cert = QCA::Certificate::fromDER(der, &resultcert, provider);
|
|
|
|
|
|
|
|
|
|
QCOMPARE(resultcert, QCA::ConvertGood);
|
|
|
|
|
QCOMPARE(cert.isNull(), false);
|
|
|
|
|
QCOMPARE(cert.isCA(), true);
|
|
|
|
|
QCOMPARE(cert.isSelfSigned(), true);
|
|
|
|
|
|
|
|
|
|
QCA::PublicKey pubkey = cert.subjectPublicKey();
|
|
|
|
|
QCOMPARE(pubkey.isNull(), false);
|
|
|
|
|
QCOMPARE(pubkey.isRSA(), true);
|
|
|
|
|
QCOMPARE(pubkey.isDSA(), false);
|
|
|
|
|
QCOMPARE(pubkey.isDH(), false);
|
|
|
|
|
QCOMPARE(pubkey.isPublic(), true);
|
|
|
|
|
QCOMPARE(pubkey.isPrivate(), false);
|
|
|
|
|
QCOMPARE(pubkey.bitSize(), 4096);
|
|
|
|
|
|
|
|
|
|
QCOMPARE(cert.pathLimit(), 0);
|
|
|
|
|
|
|
|
|
|
QCOMPARE(cert.signatureAlgorithm(), QCA::EMSA3_SHA256);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2006-10-12 00:05:20 +00:00
|
|
|
void CertUnitTest::checkExpiredServerCerts()
|
2006-01-29 11:24:50 +00:00
|
|
|
{
|
|
|
|
|
QStringList providersToTest;
|
2020-02-10 00:29:23 +01:00
|
|
|
providersToTest.append(QStringLiteral("qca-ossl"));
|
2006-02-23 09:49:56 +00:00
|
|
|
// providersToTest.append("qca-botan");
|
2006-01-29 11:24:50 +00:00
|
|
|
|
|
|
|
|
foreach (const QString provider, providersToTest) {
|
|
|
|
|
if (!QCA::isSupported("cert", provider))
|
2020-02-13 00:59:09 +01:00
|
|
|
QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
|
2006-01-29 11:24:50 +00:00
|
|
|
else {
|
|
|
|
|
QCA::ConvertResult resultServer1;
|
2020-02-10 00:29:23 +01:00
|
|
|
QCA::Certificate server1 =
|
|
|
|
|
QCA::Certificate::fromPEMFile(QStringLiteral("certs/Server.pem"), &resultServer1, provider);
|
2006-01-29 11:24:50 +00:00
|
|
|
QCOMPARE(resultServer1, QCA::ConvertGood);
|
|
|
|
|
QCOMPARE(server1.isNull(), false);
|
|
|
|
|
QCOMPARE(server1.isCA(), false);
|
|
|
|
|
QCOMPARE(server1.isSelfSigned(), false);
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2007-04-13 19:19:18 +00:00
|
|
|
QCOMPARE(server1.serialNumber(), QCA::BigInteger(4));
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2020-02-10 00:29:23 +01:00
|
|
|
QCOMPARE(server1.commonName(), QStringLiteral("Insecure Server Cert"));
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2006-01-29 11:24:50 +00:00
|
|
|
QCOMPARE(server1.notValidBefore().toString(),
|
|
|
|
|
QDateTime(QDate(2001, 8, 17), QTime(8, 46, 24), Qt::UTC).toString());
|
|
|
|
|
QCOMPARE(server1.notValidAfter().toString(),
|
|
|
|
|
QDateTime(QDate(2006, 8, 16), QTime(8, 46, 24), Qt::UTC).toString());
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2013-04-02 11:00:43 +00:00
|
|
|
QCOMPARE(server1.constraints().contains(QCA::DigitalSignature) == true, true);
|
|
|
|
|
QCOMPARE(server1.constraints().contains(QCA::NonRepudiation) == true, false);
|
|
|
|
|
QCOMPARE(server1.constraints().contains(QCA::KeyEncipherment) == true, true);
|
|
|
|
|
QCOMPARE(server1.constraints().contains(QCA::DataEncipherment) == true, false);
|
|
|
|
|
QCOMPARE(server1.constraints().contains(QCA::KeyAgreement) == true, true);
|
|
|
|
|
QCOMPARE(server1.constraints().contains(QCA::KeyCertificateSign) == true, false);
|
|
|
|
|
QCOMPARE(server1.constraints().contains(QCA::CRLSign) == true, false);
|
|
|
|
|
QCOMPARE(server1.constraints().contains(QCA::EncipherOnly) == true, false);
|
|
|
|
|
QCOMPARE(server1.constraints().contains(QCA::DecipherOnly) == true, false);
|
|
|
|
|
QCOMPARE(server1.constraints().contains(QCA::ServerAuth) == true, true);
|
|
|
|
|
QCOMPARE(server1.constraints().contains(QCA::ClientAuth) == true, false);
|
|
|
|
|
QCOMPARE(server1.constraints().contains(QCA::CodeSigning) == true, false);
|
|
|
|
|
QCOMPARE(server1.constraints().contains(QCA::EmailProtection) == true, false);
|
|
|
|
|
QCOMPARE(server1.constraints().contains(QCA::IPSecEndSystem) == true, false);
|
|
|
|
|
QCOMPARE(server1.constraints().contains(QCA::IPSecTunnel) == true, false);
|
|
|
|
|
QCOMPARE(server1.constraints().contains(QCA::IPSecUser) == true, false);
|
|
|
|
|
QCOMPARE(server1.constraints().contains(QCA::TimeStamping) == true, false);
|
|
|
|
|
QCOMPARE(server1.constraints().contains(QCA::OCSPSigning) == true, false);
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2006-01-29 11:24:50 +00:00
|
|
|
// no policies on this cert
|
|
|
|
|
QCOMPARE(server1.policies().count(), 0);
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2006-01-29 11:24:50 +00:00
|
|
|
QCA::CertificateInfo subject1 = server1.subjectInfo();
|
|
|
|
|
QCOMPARE(subject1.isEmpty(), false);
|
2020-09-06 23:41:53 +02:00
|
|
|
QCOMPARE(subject1.contains(QCA::Country, QStringLiteral("de")) == true, true);
|
|
|
|
|
QCOMPARE(subject1.contains(QCA::Organization, QStringLiteral("InsecureTestCertificate")) == true, true);
|
|
|
|
|
QCOMPARE(subject1.contains(QCA::CommonName, QStringLiteral("Insecure Server Cert")) == true, true);
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2006-01-29 11:24:50 +00:00
|
|
|
QCA::CertificateInfo issuer1 = server1.issuerInfo();
|
|
|
|
|
QCOMPARE(issuer1.isEmpty(), false);
|
2020-09-06 23:41:53 +02:00
|
|
|
QCOMPARE(issuer1.contains(QCA::Country, QStringLiteral("de")) == true, true);
|
|
|
|
|
QCOMPARE(issuer1.contains(QCA::Organization, QStringLiteral("InsecureTestCertificate")) == true, true);
|
|
|
|
|
QCOMPARE(issuer1.contains(QCA::CommonName, QStringLiteral("For Tests Only")) == true, true);
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2020-02-10 00:29:23 +01:00
|
|
|
QByteArray subjectKeyID =
|
|
|
|
|
QCA::Hex().stringToArray(QStringLiteral("0234E2C906F6E0B44253BE04C0CBA7823A6DB509")).toByteArray();
|
2006-01-29 11:24:50 +00:00
|
|
|
QCOMPARE(server1.subjectKeyId(), subjectKeyID);
|
2020-02-10 00:29:23 +01:00
|
|
|
QByteArray authorityKeyID =
|
|
|
|
|
QCA::Hex().stringToArray(QStringLiteral("BF53438278D09EC380E51B67CA0500DFB94883A5")).toByteArray();
|
2006-01-29 11:24:50 +00:00
|
|
|
QCOMPARE(server1.issuerKeyId(), authorityKeyID);
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2006-01-29 11:24:50 +00:00
|
|
|
QCA::PublicKey pubkey1 = server1.subjectPublicKey();
|
|
|
|
|
QCOMPARE(pubkey1.isNull(), false);
|
|
|
|
|
QCOMPARE(pubkey1.isRSA(), true);
|
|
|
|
|
QCOMPARE(pubkey1.isDSA(), false);
|
|
|
|
|
QCOMPARE(pubkey1.isDH(), false);
|
|
|
|
|
QCOMPARE(pubkey1.isPublic(), true);
|
|
|
|
|
QCOMPARE(pubkey1.isPrivate(), false);
|
|
|
|
|
QCOMPARE(pubkey1.bitSize(), 1024);
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2006-01-29 11:24:50 +00:00
|
|
|
QCOMPARE(server1.pathLimit(), 0);
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2006-01-29 11:24:50 +00:00
|
|
|
QCOMPARE(server1.signatureAlgorithm(), QCA::EMSA3_MD5);
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2006-01-29 11:24:50 +00:00
|
|
|
QCA::CertificateCollection trusted;
|
|
|
|
|
QCA::CertificateCollection untrusted;
|
|
|
|
|
QCOMPARE(server1.validate(trusted, untrusted), QCA::ErrorInvalidCA);
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2006-01-29 11:24:50 +00:00
|
|
|
QCA::ConvertResult resultca1;
|
2020-02-10 00:29:23 +01:00
|
|
|
QCA::Certificate ca1 =
|
|
|
|
|
QCA::Certificate::fromPEMFile(QStringLiteral("certs/RootCAcert.pem"), &resultca1, provider);
|
2006-01-29 11:24:50 +00:00
|
|
|
QCOMPARE(resultca1, QCA::ConvertGood);
|
|
|
|
|
trusted.addCertificate(ca1);
|
2006-10-12 00:05:20 +00:00
|
|
|
QCOMPARE(server1.validate(trusted, untrusted), QCA::ErrorExpired);
|
|
|
|
|
QCOMPARE(server1.validate(trusted, untrusted, QCA::UsageAny), QCA::ErrorExpired);
|
2006-10-12 00:53:26 +00:00
|
|
|
QCOMPARE(server1.validate(trusted, untrusted, QCA::UsageTLSServer), QCA::ErrorExpired);
|
2006-10-12 00:05:20 +00:00
|
|
|
QCOMPARE(server1.validate(trusted, untrusted, QCA::UsageTLSClient), QCA::ErrorExpired);
|
|
|
|
|
QCOMPARE(server1.validate(trusted, untrusted, QCA::UsageCodeSigning), QCA::ErrorExpired);
|
|
|
|
|
QCOMPARE(server1.validate(trusted, untrusted, QCA::UsageTimeStamping), QCA::ErrorExpired);
|
|
|
|
|
QCOMPARE(server1.validate(trusted, untrusted, QCA::UsageEmailProtection), QCA::ErrorExpired);
|
|
|
|
|
QCOMPARE(server1.validate(trusted, untrusted, QCA::UsageCRLSigning), QCA::ErrorExpired);
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2007-06-12 02:30:58 +00:00
|
|
|
QByteArray derServer1 = server1.toDER();
|
2006-10-12 00:05:20 +00:00
|
|
|
QCOMPARE(derServer1.isEmpty(), false);
|
|
|
|
|
QCA::Certificate fromDer1 = QCA::Certificate::fromDER(derServer1, &resultServer1, provider);
|
|
|
|
|
QCOMPARE(resultServer1, QCA::ConvertGood);
|
|
|
|
|
QCOMPARE(fromDer1 == server1, true);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void CertUnitTest::checkServerCerts()
|
|
|
|
|
{
|
|
|
|
|
QStringList providersToTest;
|
2020-02-10 00:29:23 +01:00
|
|
|
providersToTest.append(QStringLiteral("qca-ossl"));
|
2006-10-12 00:05:20 +00:00
|
|
|
// providersToTest.append("qca-botan");
|
|
|
|
|
|
|
|
|
|
foreach (const QString provider, providersToTest) {
|
|
|
|
|
if (!QCA::isSupported("cert", provider))
|
2020-02-13 00:59:09 +01:00
|
|
|
QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData());
|
2006-10-12 00:05:20 +00:00
|
|
|
else {
|
|
|
|
|
QCA::ConvertResult resultServer1;
|
2020-02-10 00:29:23 +01:00
|
|
|
QCA::Certificate server1 =
|
|
|
|
|
QCA::Certificate::fromPEMFile(QStringLiteral("certs/QcaTestServerCert.pem"), &resultServer1, provider);
|
2006-10-12 00:05:20 +00:00
|
|
|
QCOMPARE(resultServer1, QCA::ConvertGood);
|
|
|
|
|
QCOMPARE(server1.isNull(), false);
|
|
|
|
|
QCOMPARE(server1.isCA(), false);
|
|
|
|
|
QCOMPARE(server1.isSelfSigned(), false);
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2007-07-22 04:22:00 +00:00
|
|
|
QCOMPARE(server1.serialNumber(), QCA::BigInteger("13149359243510447489"));
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2020-02-10 00:29:23 +01:00
|
|
|
QCOMPARE(server1.commonName(), QStringLiteral("Qca Server Test certificate"));
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2013-07-31 21:29:33 +06:00
|
|
|
QCOMPARE(server1.notValidBefore().toString(),
|
|
|
|
|
QDateTime(QDate(2013, 7, 31), QTime(15, 23, 25), Qt::UTC).toString());
|
|
|
|
|
QCOMPARE(server1.notValidAfter().toString(),
|
|
|
|
|
QDateTime(QDate(2033, 7, 26), QTime(15, 23, 25), Qt::UTC).toString());
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2013-04-02 11:00:43 +00:00
|
|
|
QCOMPARE(server1.constraints().contains(QCA::DigitalSignature) == true, true);
|
|
|
|
|
QCOMPARE(server1.constraints().contains(QCA::NonRepudiation) == true, true);
|
|
|
|
|
QCOMPARE(server1.constraints().contains(QCA::KeyEncipherment) == true, true);
|
|
|
|
|
QCOMPARE(server1.constraints().contains(QCA::DataEncipherment) == true, false);
|
|
|
|
|
QCOMPARE(server1.constraints().contains(QCA::KeyAgreement) == true, false);
|
|
|
|
|
QCOMPARE(server1.constraints().contains(QCA::KeyCertificateSign) == true, false);
|
|
|
|
|
QCOMPARE(server1.constraints().contains(QCA::CRLSign) == true, false);
|
|
|
|
|
QCOMPARE(server1.constraints().contains(QCA::EncipherOnly) == true, false);
|
|
|
|
|
QCOMPARE(server1.constraints().contains(QCA::DecipherOnly) == true, false);
|
|
|
|
|
QCOMPARE(server1.constraints().contains(QCA::ServerAuth) == true, true);
|
|
|
|
|
QCOMPARE(server1.constraints().contains(QCA::ClientAuth) == true, false);
|
|
|
|
|
QCOMPARE(server1.constraints().contains(QCA::CodeSigning) == true, false);
|
|
|
|
|
QCOMPARE(server1.constraints().contains(QCA::EmailProtection) == true, false);
|
|
|
|
|
QCOMPARE(server1.constraints().contains(QCA::IPSecEndSystem) == true, false);
|
|
|
|
|
QCOMPARE(server1.constraints().contains(QCA::IPSecTunnel) == true, false);
|
|
|
|
|
QCOMPARE(server1.constraints().contains(QCA::IPSecUser) == true, false);
|
|
|
|
|
QCOMPARE(server1.constraints().contains(QCA::TimeStamping) == true, false);
|
|
|
|
|
QCOMPARE(server1.constraints().contains(QCA::OCSPSigning) == true, false);
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2006-10-12 00:05:20 +00:00
|
|
|
// no policies on this cert
|
|
|
|
|
QCOMPARE(server1.policies().count(), 0);
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2006-10-12 00:05:20 +00:00
|
|
|
QCA::CertificateInfo subject1 = server1.subjectInfo();
|
|
|
|
|
QCOMPARE(subject1.isEmpty(), false);
|
2020-09-06 21:31:10 +02:00
|
|
|
QVERIFY(subject1.contains(QCA::Country, QStringLiteral("IL")));
|
|
|
|
|
QVERIFY(subject1.contains(QCA::Organization, QStringLiteral("Qca Development and Test")));
|
|
|
|
|
QVERIFY(subject1.contains(QCA::OrganizationalUnit, QStringLiteral("Server Management Section")));
|
|
|
|
|
QVERIFY(subject1.contains(QCA::CommonName, QStringLiteral("Qca Server Test certificate")));
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2006-10-12 00:05:20 +00:00
|
|
|
QCA::CertificateInfo issuer1 = server1.issuerInfo();
|
|
|
|
|
QCOMPARE(issuer1.isEmpty(), false);
|
2020-09-06 21:31:10 +02:00
|
|
|
QVERIFY(issuer1.contains(QCA::Country, QStringLiteral("AU")));
|
|
|
|
|
QVERIFY(issuer1.contains(QCA::Organization, QStringLiteral("Qca Development and Test")));
|
|
|
|
|
QVERIFY(issuer1.contains(QCA::OrganizationalUnit, QStringLiteral("Certificate Generation Section")));
|
|
|
|
|
QVERIFY(issuer1.contains(QCA::CommonName, QStringLiteral("Qca Test Root Certificate")));
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2020-02-10 00:29:23 +01:00
|
|
|
QByteArray subjectKeyID =
|
|
|
|
|
QCA::Hex().stringToArray(QStringLiteral("819870c8b81eab53e72d0446b65790aa0d3eab1a")).toByteArray();
|
2006-10-12 00:05:20 +00:00
|
|
|
QCOMPARE(server1.subjectKeyId(), subjectKeyID);
|
2020-02-10 00:29:23 +01:00
|
|
|
QByteArray authorityKeyID =
|
|
|
|
|
QCA::Hex().stringToArray(QStringLiteral("f61c451de1b0458138c60568c1a7cb0f7ade0363")).toByteArray();
|
2006-10-12 00:05:20 +00:00
|
|
|
QCOMPARE(server1.issuerKeyId(), authorityKeyID);
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2006-10-12 00:05:20 +00:00
|
|
|
QCA::PublicKey pubkey1 = server1.subjectPublicKey();
|
|
|
|
|
QCOMPARE(pubkey1.isNull(), false);
|
|
|
|
|
QCOMPARE(pubkey1.isRSA(), true);
|
|
|
|
|
QCOMPARE(pubkey1.isDSA(), false);
|
|
|
|
|
QCOMPARE(pubkey1.isDH(), false);
|
|
|
|
|
QCOMPARE(pubkey1.isPublic(), true);
|
|
|
|
|
QCOMPARE(pubkey1.isPrivate(), false);
|
|
|
|
|
QCOMPARE(pubkey1.bitSize(), 1024);
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2006-10-12 00:05:20 +00:00
|
|
|
QCOMPARE(server1.pathLimit(), 0);
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2007-07-22 04:22:00 +00:00
|
|
|
QCOMPARE(server1.signatureAlgorithm(), QCA::EMSA3_SHA1);
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2006-10-12 00:05:20 +00:00
|
|
|
QCA::CertificateCollection trusted;
|
|
|
|
|
QCA::CertificateCollection untrusted;
|
|
|
|
|
QCOMPARE(server1.validate(trusted, untrusted), QCA::ErrorInvalidCA);
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2006-10-12 00:05:20 +00:00
|
|
|
QCA::ConvertResult resultca1;
|
2020-02-10 00:29:23 +01:00
|
|
|
QCA::Certificate ca1 =
|
|
|
|
|
QCA::Certificate::fromPEMFile(QStringLiteral("certs/QcaTestRootCert.pem"), &resultca1, provider);
|
2006-10-12 00:05:20 +00:00
|
|
|
QCOMPARE(resultca1, QCA::ConvertGood);
|
|
|
|
|
trusted.addCertificate(ca1);
|
2006-01-29 11:24:50 +00:00
|
|
|
QCOMPARE(server1.validate(trusted, untrusted), QCA::ValidityGood);
|
2006-10-12 00:05:20 +00:00
|
|
|
QCOMPARE(server1.validate(trusted, untrusted, QCA::UsageAny), QCA::ValidityGood);
|
|
|
|
|
QCOMPARE(server1.validate(trusted, untrusted, QCA::UsageTLSServer), QCA::ValidityGood);
|
2006-01-29 11:24:50 +00:00
|
|
|
QCOMPARE(server1.validate(trusted, untrusted, QCA::UsageTLSClient), QCA::ErrorInvalidPurpose);
|
|
|
|
|
QCOMPARE(server1.validate(trusted, untrusted, QCA::UsageCodeSigning), QCA::ErrorInvalidPurpose);
|
|
|
|
|
QCOMPARE(server1.validate(trusted, untrusted, QCA::UsageTimeStamping), QCA::ErrorInvalidPurpose);
|
|
|
|
|
QCOMPARE(server1.validate(trusted, untrusted, QCA::UsageEmailProtection), QCA::ErrorInvalidPurpose);
|
|
|
|
|
QCOMPARE(server1.validate(trusted, untrusted, QCA::UsageCRLSigning), QCA::ErrorInvalidPurpose);
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2007-06-12 02:30:58 +00:00
|
|
|
QByteArray derServer1 = server1.toDER();
|
2006-01-29 11:24:50 +00:00
|
|
|
QCOMPARE(derServer1.isEmpty(), false);
|
|
|
|
|
QCA::Certificate fromDer1 = QCA::Certificate::fromDER(derServer1, &resultServer1, provider);
|
|
|
|
|
QCOMPARE(resultServer1, QCA::ConvertGood);
|
|
|
|
|
QCOMPARE(fromDer1 == server1, true);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void CertUnitTest::checkSystemStore()
|
|
|
|
|
{
|
2007-07-08 03:03:39 +00:00
|
|
|
if (QCA::isSupported("cert") && QCA::isSupported("crl")) {
|
|
|
|
|
QCOMPARE(QCA::haveSystemStore(), true);
|
2006-01-29 11:24:50 +00:00
|
|
|
|
|
|
|
|
QCA::CertificateCollection collection1;
|
|
|
|
|
collection1 = QCA::systemStore();
|
2007-07-08 03:03:39 +00:00
|
|
|
// Do we have any certs?
|
|
|
|
|
QVERIFY(collection1.certificates().count() > 0);
|
|
|
|
|
} else {
|
|
|
|
|
QCOMPARE(QCA::haveSystemStore(), false);
|
2006-01-29 11:24:50 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2006-02-23 09:49:56 +00:00
|
|
|
void CertUnitTest::crl()
|
|
|
|
|
{
|
|
|
|
|
QStringList providersToTest;
|
2020-02-10 00:29:23 +01:00
|
|
|
providersToTest.append(QStringLiteral("qca-ossl"));
|
2006-02-23 09:49:56 +00:00
|
|
|
// providersToTest.append("qca-botan");
|
|
|
|
|
|
|
|
|
|
foreach (const QString provider, providersToTest) {
|
|
|
|
|
if (!QCA::isSupported("crl", provider))
|
2020-02-13 00:59:09 +01:00
|
|
|
QWARN((QStringLiteral("Certificate revocation not supported for ") + provider).toLocal8Bit().constData());
|
2006-02-23 09:49:56 +00:00
|
|
|
else {
|
|
|
|
|
QCA::CRL emptyCRL;
|
|
|
|
|
QVERIFY(emptyCRL.isNull());
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2006-02-23 09:49:56 +00:00
|
|
|
QCA::ConvertResult resultCrl;
|
2020-02-10 00:29:23 +01:00
|
|
|
QCA::CRL crl1 = QCA::CRL::fromPEMFile(QStringLiteral("certs/Test_CRL.crl"), &resultCrl, provider);
|
2006-02-23 09:49:56 +00:00
|
|
|
QCOMPARE(resultCrl, QCA::ConvertGood);
|
|
|
|
|
QCOMPARE(crl1.isNull(), false);
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2006-02-23 09:49:56 +00:00
|
|
|
QCA::CertificateInfo issuer = crl1.issuerInfo();
|
|
|
|
|
QCOMPARE(issuer.isEmpty(), false);
|
2020-09-06 21:31:10 +02:00
|
|
|
QVERIFY(issuer.contains(QCA::Country, QStringLiteral("de")));
|
|
|
|
|
QVERIFY(issuer.contains(QCA::Organization, QStringLiteral("InsecureTestCertificate")));
|
|
|
|
|
QVERIFY(issuer.contains(QCA::CommonName, QStringLiteral("For Tests Only")));
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2006-02-23 09:49:56 +00:00
|
|
|
// No keyid extension on this crl
|
2020-02-10 00:29:23 +01:00
|
|
|
QCOMPARE(QCA::arrayToHex(crl1.issuerKeyId()), QLatin1String(""));
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2013-12-09 03:41:39 +06:00
|
|
|
QCOMPARE(crl1.thisUpdate(), QDateTime(QDate(2001, 8, 17), QTime(11, 12, 03), Qt::UTC));
|
|
|
|
|
QCOMPARE(crl1.nextUpdate(), QDateTime(QDate(2006, 8, 16), QTime(11, 12, 03), Qt::UTC));
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2006-02-23 09:49:56 +00:00
|
|
|
QCOMPARE(crl1.signatureAlgorithm(), QCA::EMSA3_MD5);
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2006-02-23 09:49:56 +00:00
|
|
|
QCOMPARE(crl1.issuerKeyId(), QByteArray(""));
|
|
|
|
|
QCOMPARE(crl1, QCA::CRL(crl1));
|
|
|
|
|
QCOMPARE(crl1 == QCA::CRL(), false);
|
|
|
|
|
QCOMPARE(crl1.number(), -1);
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2006-02-23 09:49:56 +00:00
|
|
|
QList<QCA::CRLEntry> revokedList = crl1.revoked();
|
|
|
|
|
QCOMPARE(revokedList.size(), 2);
|
2020-01-19 17:35:06 +01:00
|
|
|
std::sort(revokedList.begin(), revokedList.end());
|
2007-04-13 19:19:18 +00:00
|
|
|
QCOMPARE(revokedList[0].serialNumber(), QCA::BigInteger("3"));
|
|
|
|
|
QCOMPARE(revokedList[1].serialNumber(), QCA::BigInteger("5"));
|
2006-02-23 09:49:56 +00:00
|
|
|
QCOMPARE(revokedList[0].reason(), QCA::CRLEntry::Unspecified);
|
|
|
|
|
QCOMPARE(revokedList[1].reason(), QCA::CRLEntry::Unspecified);
|
2013-12-09 03:41:39 +06:00
|
|
|
QCOMPARE(revokedList[0].time(), QDateTime(QDate(2001, 8, 17), QTime(11, 10, 39), Qt::UTC));
|
|
|
|
|
QCOMPARE(revokedList[1].time(), QDateTime(QDate(2001, 8, 17), QTime(11, 11, 59), Qt::UTC));
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2006-02-23 09:49:56 +00:00
|
|
|
// convert to DER
|
2007-06-12 02:30:58 +00:00
|
|
|
QByteArray derCRL1 = crl1.toDER();
|
2006-02-23 09:49:56 +00:00
|
|
|
// check we got something, at least
|
|
|
|
|
QCOMPARE(derCRL1.isEmpty(), false);
|
|
|
|
|
// convert back from DER
|
|
|
|
|
QCA::CRL fromDer1 = QCA::CRL::fromDER(derCRL1, &resultCrl, provider);
|
|
|
|
|
// check the conversion at least appeared to work
|
|
|
|
|
QCOMPARE(resultCrl, QCA::ConvertGood);
|
|
|
|
|
// check the result is the same as what we started with
|
|
|
|
|
QCOMPARE(fromDer1, crl1);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void CertUnitTest::crl2()
|
|
|
|
|
{
|
|
|
|
|
QStringList providersToTest;
|
2020-02-10 00:29:23 +01:00
|
|
|
providersToTest.append(QStringLiteral("qca-ossl"));
|
2006-02-23 09:49:56 +00:00
|
|
|
// providersToTest.append("qca-botan");
|
|
|
|
|
|
|
|
|
|
foreach (const QString provider, providersToTest) {
|
|
|
|
|
if (!QCA::isSupported("crl", provider))
|
2020-02-13 00:59:09 +01:00
|
|
|
QWARN((QStringLiteral("Certificate revocation not supported for ") + provider).toLocal8Bit().constData());
|
2006-02-23 09:49:56 +00:00
|
|
|
else {
|
|
|
|
|
QCA::ConvertResult resultCrl;
|
2020-02-10 00:29:23 +01:00
|
|
|
QCA::CRL crl1 = QCA::CRL::fromPEMFile(QStringLiteral("certs/GoodCACRL.pem"), &resultCrl, provider);
|
2006-02-23 09:49:56 +00:00
|
|
|
QCOMPARE(resultCrl, QCA::ConvertGood);
|
|
|
|
|
QCOMPARE(crl1.isNull(), false);
|
|
|
|
|
QCOMPARE(crl1.provider()->name(), provider);
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2006-02-23 09:49:56 +00:00
|
|
|
QCA::CertificateInfo issuer = crl1.issuerInfo();
|
|
|
|
|
QCOMPARE(issuer.isEmpty(), false);
|
2020-09-06 21:31:10 +02:00
|
|
|
QVERIFY(issuer.contains(QCA::Country, QStringLiteral("US")));
|
|
|
|
|
QVERIFY(issuer.contains(QCA::Organization, QStringLiteral("Test Certificates")));
|
|
|
|
|
QVERIFY(issuer.contains(QCA::CommonName, QStringLiteral("Good CA")));
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2013-12-09 03:41:39 +06:00
|
|
|
QCOMPARE(crl1.thisUpdate(), QDateTime(QDate(2001, 4, 19), QTime(14, 57, 20), Qt::UTC));
|
|
|
|
|
QCOMPARE(crl1.nextUpdate(), QDateTime(QDate(2011, 4, 19), QTime(14, 57, 20), Qt::UTC));
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2006-02-23 09:49:56 +00:00
|
|
|
QCOMPARE(crl1.signatureAlgorithm(), QCA::EMSA3_SHA1);
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2020-02-10 00:29:23 +01:00
|
|
|
QCOMPARE(QCA::arrayToHex(crl1.issuerKeyId()), QStringLiteral("b72ea682cbc2c8bca87b2744d73533df9a1594c7"));
|
2006-02-23 09:49:56 +00:00
|
|
|
QCOMPARE(crl1.number(), 1);
|
|
|
|
|
QCOMPARE(crl1, QCA::CRL(crl1));
|
|
|
|
|
QCOMPARE(crl1 == QCA::CRL(), false);
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2006-02-23 09:49:56 +00:00
|
|
|
QList<QCA::CRLEntry> revokedList = crl1.revoked();
|
|
|
|
|
QCOMPARE(revokedList.size(), 2);
|
2020-01-19 17:35:06 +01:00
|
|
|
std::sort(revokedList.begin(), revokedList.end());
|
2007-04-13 19:19:18 +00:00
|
|
|
QCOMPARE(revokedList[0].serialNumber(), QCA::BigInteger("14"));
|
|
|
|
|
QCOMPARE(revokedList[1].serialNumber(), QCA::BigInteger("15"));
|
2006-02-23 09:49:56 +00:00
|
|
|
QCOMPARE(revokedList[0].reason(), QCA::CRLEntry::KeyCompromise);
|
|
|
|
|
QCOMPARE(revokedList[1].reason(), QCA::CRLEntry::KeyCompromise);
|
2013-12-09 03:41:39 +06:00
|
|
|
QCOMPARE(revokedList[0].time(), QDateTime(QDate(2001, 4, 19), QTime(14, 57, 20), Qt::UTC));
|
|
|
|
|
QCOMPARE(revokedList[1].time(), QDateTime(QDate(2001, 4, 19), QTime(14, 57, 20), Qt::UTC));
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2006-02-23 09:49:56 +00:00
|
|
|
// convert to DER
|
2007-06-12 02:30:58 +00:00
|
|
|
QByteArray derCRL1 = crl1.toDER();
|
2006-02-23 09:49:56 +00:00
|
|
|
// check we got something, at least
|
|
|
|
|
QCOMPARE(derCRL1.isEmpty(), false);
|
|
|
|
|
// convert back from DER
|
|
|
|
|
QCA::CRL fromDer1 = QCA::CRL::fromDER(derCRL1, &resultCrl, provider);
|
|
|
|
|
// check the conversion at least appeared to work
|
|
|
|
|
QCOMPARE(resultCrl, QCA::ConvertGood);
|
|
|
|
|
// check the result is the same as what we started with
|
|
|
|
|
QCOMPARE(fromDer1, crl1);
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2006-02-23 09:49:56 +00:00
|
|
|
// convert to PEM
|
|
|
|
|
QString pemCRL1 = crl1.toPEM();
|
|
|
|
|
// check we got something, at least
|
|
|
|
|
QCOMPARE(pemCRL1.isEmpty(), false);
|
|
|
|
|
// convert back from PEM
|
|
|
|
|
QCA::CRL fromPEM1 = QCA::CRL::fromPEM(pemCRL1, &resultCrl, provider);
|
|
|
|
|
// check the conversion at least appeared to work
|
|
|
|
|
QCOMPARE(resultCrl, QCA::ConvertGood);
|
|
|
|
|
// check the result is the same as what we started with
|
|
|
|
|
QCOMPARE(fromPEM1, crl1);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2006-02-26 04:17:51 +00:00
|
|
|
void CertUnitTest::csr()
|
|
|
|
|
{
|
|
|
|
|
QStringList providersToTest;
|
2020-02-10 00:29:23 +01:00
|
|
|
providersToTest.append(QStringLiteral("qca-ossl"));
|
2006-02-26 04:17:51 +00:00
|
|
|
// providersToTest.append("qca-botan");
|
|
|
|
|
|
|
|
|
|
foreach (const QString provider, providersToTest) {
|
|
|
|
|
if (!QCA::isSupported("csr", provider))
|
2020-02-13 00:59:09 +01:00
|
|
|
QWARN((QStringLiteral("Certificate signing requests not supported for ") + provider)
|
|
|
|
|
.toLocal8Bit()
|
|
|
|
|
.constData());
|
2006-02-26 04:17:51 +00:00
|
|
|
else {
|
|
|
|
|
QCA::CertificateRequest nullCSR;
|
|
|
|
|
QVERIFY(nullCSR.isNull());
|
2020-09-06 20:45:09 +02:00
|
|
|
// This is copied on purpose to check the assignment operator
|
|
|
|
|
QCA::CertificateRequest anotherNullCSR = nullCSR; // NOLINT(performance-unnecessary-copy-initialization)
|
2006-02-26 04:17:51 +00:00
|
|
|
QVERIFY(anotherNullCSR.isNull());
|
|
|
|
|
QCOMPARE(nullCSR, anotherNullCSR);
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2006-02-26 04:17:51 +00:00
|
|
|
QCA::ConvertResult resultCsr;
|
2020-02-10 00:29:23 +01:00
|
|
|
QCA::CertificateRequest csr1 =
|
|
|
|
|
QCA::CertificateRequest::fromPEMFile(QStringLiteral("certs/csr1.pem"), &resultCsr, provider);
|
2006-02-26 04:17:51 +00:00
|
|
|
QCOMPARE(resultCsr, QCA::ConvertGood);
|
|
|
|
|
QCOMPARE(csr1.isNull(), false);
|
|
|
|
|
QCOMPARE(csr1.provider()->name(), provider);
|
|
|
|
|
QCA::CertificateInfo subject = csr1.subjectInfo();
|
|
|
|
|
QCOMPARE(subject.isEmpty(), false);
|
2020-09-06 21:31:10 +02:00
|
|
|
QVERIFY(subject.contains(QCA::Country, QStringLiteral("AU")));
|
|
|
|
|
QVERIFY(subject.contains(QCA::State, QStringLiteral("Victoria")));
|
|
|
|
|
QVERIFY(subject.contains(QCA::Locality, QStringLiteral("Mitcham")));
|
|
|
|
|
QVERIFY(subject.contains(QCA::Organization, QStringLiteral("GE Interlogix")));
|
|
|
|
|
QVERIFY(subject.contains(QCA::OrganizationalUnit, QStringLiteral("Engineering")));
|
|
|
|
|
QVERIFY(subject.contains(QCA::CommonName, QStringLiteral("coldfire")));
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2006-02-26 04:17:51 +00:00
|
|
|
QCA::PublicKey pkey = csr1.subjectPublicKey();
|
|
|
|
|
QCOMPARE(pkey.isNull(), false);
|
|
|
|
|
QVERIFY(pkey.isRSA());
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2006-02-26 04:17:51 +00:00
|
|
|
QCA::RSAPublicKey rsaPkey = pkey.toRSA();
|
|
|
|
|
QCOMPARE(rsaPkey.isNull(), false);
|
2007-04-13 19:19:18 +00:00
|
|
|
QCOMPARE(rsaPkey.e(), QCA::BigInteger(65537));
|
|
|
|
|
QCOMPARE(rsaPkey.n(),
|
|
|
|
|
QCA::BigInteger("104853561647822232509211983664549572246855698961210758585652966258891659217901732"
|
|
|
|
|
"470712446421431206166165309547771124747713609923038218156616083520796442797276676"
|
|
|
|
|
"074122658684367500665423564881889504308700315044585826841844654287577169905826705"
|
|
|
|
|
"891670004942854611681809539126326134927995969418712881512819058439"));
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2006-02-26 04:17:51 +00:00
|
|
|
QCOMPARE(csr1.signatureAlgorithm(), QCA::EMSA3_MD5);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2006-02-26 06:24:36 +00:00
|
|
|
|
|
|
|
|
void CertUnitTest::csr2()
|
|
|
|
|
{
|
|
|
|
|
QStringList providersToTest;
|
2020-02-10 00:29:23 +01:00
|
|
|
providersToTest.append(QStringLiteral("qca-ossl"));
|
2006-02-26 06:24:36 +00:00
|
|
|
// providersToTest.append("qca-botan");
|
|
|
|
|
|
|
|
|
|
foreach (const QString provider, providersToTest) {
|
|
|
|
|
if (!QCA::isSupported("csr", provider))
|
2020-02-13 00:59:09 +01:00
|
|
|
QWARN((QStringLiteral("Certificate signing requests not supported for ") + provider)
|
|
|
|
|
.toLocal8Bit()
|
|
|
|
|
.constData());
|
2006-02-26 06:24:36 +00:00
|
|
|
else {
|
|
|
|
|
QCA::ConvertResult resultCsr;
|
2020-02-10 00:29:23 +01:00
|
|
|
QCA::CertificateRequest csr1 =
|
|
|
|
|
QCA::CertificateRequest::fromPEMFile(QStringLiteral("certs/newreq.pem"), &resultCsr, provider);
|
2006-02-26 06:24:36 +00:00
|
|
|
QCOMPARE(resultCsr, QCA::ConvertGood);
|
|
|
|
|
QCOMPARE(csr1.isNull(), false);
|
|
|
|
|
QCOMPARE(csr1.provider()->name(), provider);
|
|
|
|
|
QCA::CertificateInfo subject = csr1.subjectInfo();
|
|
|
|
|
QCOMPARE(subject.isEmpty(), false);
|
2020-09-06 21:31:10 +02:00
|
|
|
QVERIFY(subject.contains(QCA::Country, QStringLiteral("AI")));
|
|
|
|
|
QVERIFY(subject.contains(QCA::State, QStringLiteral("Hutt River Province")));
|
|
|
|
|
QVERIFY(subject.contains(QCA::Locality, QStringLiteral("Lesser Internet")));
|
|
|
|
|
QVERIFY(subject.contains(QCA::Organization, QStringLiteral("My Company Ltd")));
|
|
|
|
|
QVERIFY(subject.contains(QCA::OrganizationalUnit, QStringLiteral("Backwater Branch Office")));
|
|
|
|
|
QVERIFY(subject.contains(QCA::CommonName, QStringLiteral("FirstName Surname")));
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2006-02-26 06:24:36 +00:00
|
|
|
QCA::PublicKey pkey = csr1.subjectPublicKey();
|
|
|
|
|
QCOMPARE(pkey.isNull(), false);
|
|
|
|
|
QVERIFY(pkey.isRSA());
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2006-02-26 06:24:36 +00:00
|
|
|
QCA::RSAPublicKey rsaPkey = pkey.toRSA();
|
|
|
|
|
QCOMPARE(rsaPkey.isNull(), false);
|
2007-04-13 19:19:18 +00:00
|
|
|
QCOMPARE(rsaPkey.e(), QCA::BigInteger(65537));
|
|
|
|
|
QCOMPARE(rsaPkey.n(),
|
|
|
|
|
QCA::BigInteger("151872780463004414908584891835397365176526767139347372444365914360701714510188717"
|
|
|
|
|
"169754430290680734981291754624394094502297070722505032645306680495915914243593438"
|
|
|
|
|
"796635264236530526146243919417744996366836534380790370421346490191416041004278161"
|
|
|
|
|
"146551997010463199760480957900518811859984176646089981367745961681"));
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2006-02-26 06:24:36 +00:00
|
|
|
QCOMPARE(csr1.signatureAlgorithm(), QCA::EMSA3_MD5);
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2006-02-26 06:24:36 +00:00
|
|
|
// convert to DER
|
2007-06-12 02:30:58 +00:00
|
|
|
QByteArray derCSR1 = csr1.toDER();
|
2006-02-26 06:24:36 +00:00
|
|
|
// check we got something, at least
|
|
|
|
|
QCOMPARE(derCSR1.isEmpty(), false);
|
|
|
|
|
// convert back from DER
|
|
|
|
|
QCA::CertificateRequest fromDer1 = QCA::CertificateRequest::fromDER(derCSR1, &resultCsr, provider);
|
|
|
|
|
// check the conversion at least appeared to work
|
|
|
|
|
QCOMPARE(resultCsr, QCA::ConvertGood);
|
|
|
|
|
// check the result is the same as what we started with
|
|
|
|
|
QCOMPARE(fromDer1, csr1);
|
2020-09-06 20:19:00 +02:00
|
|
|
|
2006-02-26 06:24:36 +00:00
|
|
|
// convert to PEM
|
|
|
|
|
QString pemCSR1 = csr1.toPEM();
|
|
|
|
|
// check we got something, at least
|
|
|
|
|
QCOMPARE(pemCSR1.isEmpty(), false);
|
|
|
|
|
// convert back from PEM
|
|
|
|
|
QCA::CertificateRequest fromPEM1 = QCA::CertificateRequest::fromPEM(pemCSR1, &resultCsr, provider);
|
|
|
|
|
// check the conversion at least appeared to work
|
|
|
|
|
QCOMPARE(resultCsr, QCA::ConvertGood);
|
|
|
|
|
// check the result is the same as what we started with
|
|
|
|
|
QCOMPARE(fromPEM1, csr1);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2006-01-29 11:24:50 +00:00
|
|
|
QTEST_MAIN(CertUnitTest)
|
2006-10-12 00:05:20 +00:00
|
|
|
|
|
|
|
|
#include "certunittest.moc"
|
