Add a new unit test for the RFC3546 SNI extension.

Also enable the base64 unit test, which was previously commented out pending the completion of the CMake port svn path=/trunk/kdesupport/qca/; revision=594798
2025-05-08 00:39:33 +00:00 · 2006-10-12 11:00:44 +00:00 · 2006-10-12 11:00:44 +00:00 · 07f89e03ba
commit 07f89e03ba
parent 622ff3f954
6 changed files with 271 additions and 1 deletions
--- a/unittest/CMakeLists.txt
+++ b/unittest/CMakeLists.txt
@ -1,4 +1,4 @@
-#add_subdirectory(base64unittest)
+add_subdirectory(base64unittest)
 add_subdirectory(bigintunittest)
 add_subdirectory(certunittest)
 add_subdirectory(cipherunittest)
@ -19,3 +19,4 @@ add_subdirectory(securearrayunittest)
 add_subdirectory(staticunittest)
 add_subdirectory(symmetrickeyunittest)
 add_subdirectory(tls)
+add_subdirectory(velox)
--- a/unittest/velox/CMakeLists.txt
+++ b/unittest/velox/CMakeLists.txt
@ -0,0 +1,9 @@
+set(veloxunittest_bin_SRCS veloxunittest.cpp)  
+
+MY_AUTOMOC( veloxunittest_bin_SRCS )
+
+add_executable(veloxunittest ${veloxunittest_bin_SRCS} )
+
+target_link_libraries( veloxunittest qca ${QT_QTTEST_LIBRARY} ${QT_QTNETWORK_LIBRARY} )
+
+CONFIGURE_FILE(${CMAKE_CURRENT_SOURCE_DIR}/root.crt ${CMAKE_CURRENT_BINARY_DIR}/root.crt COPYONLY)
--- a/unittest/velox/README
+++ b/unittest/velox/README
@ -0,0 +1,9 @@
+This test is intended to verify the subject hostname indication
+extension (see RFC3546 Section 3.1).
+
+It requires network access, and contacts a public test server
+(sni.velox.ch).
+
+Note that this test requires a suitable backend (plugin). If
+you are running this test with OpenSSL 0.9.8 or earlier, then
+you can expect it to fail.
--- a/unittest/velox/root.crt
+++ b/unittest/velox/root.crt
@ -0,0 +1,30 @@
+-----BEGIN CERTIFICATE-----
+MIIFNDCCAxygAwIBAgIGS2FzcGFyMA0GCSqGSIb3DQEBBQUAMDkxCzAJBgNVBAYT
+AkNIMQ4wDAYDVQQKEwVWZWxveDEaMBgGA1UEAxMRVmVsb3ggU05JIFRlc3QgQ0Ew
+HhcNMDYwMzEyMTMxNDE1WhcNMTYwMzEyMTMxNDE1WjA5MQswCQYDVQQGEwJDSDEO
+MAwGA1UEChMFVmVsb3gxGjAYBgNVBAMTEVZlbG94IFNOSSBUZXN0IENBMIICIjAN
+BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwykLtf/irTZ5PKTlJyhc0SHYStPy
+C758o9tGUjNzr0McyLxno2rMzYwl4BoqroxL/XU8wOxFQflLbdFxlJ7Jh6tC7JqJ
+9N9BQRPTs4IYxvUeZXKVyXIHBNJ2uIeclZfC2wppVuTY/lkFMUtWT9Lj6Z31DC1m
+gEKJTIcIMfR2FWcWAOdIivw7S8S4niD6ThXflh6AGHPN5FSgmQ2ZmC7BHF4nFGqe
+ZHtWeO4JZkh0x+99IUqkgOG3M2QtrbAxNluMrq8qTpozwbic9P80hKh0SOH6RBZB
+oAyeuWNl9YVUsgEOhFu5wyvo+SEOtyZjnjLIgpojRO4CzhTLgWcjVqwIZbJaNoeo
+oc7gkEWLMPlWk0KEw9HpUHfjHPTY58QvJg3mP0YH6VtyLFbYTrfhbsYb0YvbZEsC
+goosxxvnKbkcPsRWGwNmK6RXwER29AZgSLlAWYp3LUC7pib+GmuliRjYE/uztUVh
+BGeCXFRBfSwT2HkQB349fiqtsm0ystQt1O1/9X98/7+NNXNdwUg5XcjID18BRzff
+cRcEv54iXpmowJmBaVJcc4aG2xHZbOFgpUprBsen5x62ImQR9IVlgM97FJ+5OQrk
+UGGiWRyg7tuJw5D7qhfS1Ud3VPLIhS4Vdpbnx2HJeluCiINrxqdbrQSuPYBaJwYN
+2cguQ2bkx/BAbf8CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8E
+BAMCAQYwHQYDVR0OBBYEFD1VGg/8kE55Hjx0JkgoWBFMj0OBMA0GCSqGSIb3DQEB
+BQUAA4ICAQBSM6ID33jBJhvvaPh3ii9CwuA7u+mXxhfL4XmeY/h+dEIvUe6gAvMm
+l5SGmsX+VkIhL1fxNGDaiGqo5Zh7QbkRbrftm4hbodDLDSbqhgyVrOpeqbRAKCqH
+YUCcrkxOp+q4pYXiQv9MUHI/c72Hp4HSlRtoc2RArfZwMGDeF5tD2QCIRGOt3/eQ
+MvmgzB2FGSjPrKBfaffrImqgV6RAEqEqn5HTMheT7ldhT7ZcyLKCiBGd8Jb9Z0/S
+/yIct0fYN2EIjw21UhP6Hc62cTurXlutrm8PQmuHpk7Ns0aXZ1xA6rsHejlWw3yR
+hSqYUBkOUvN5ovu3xYixX4DJRKwOX6eXpzRTDuGYEfVRXwEWL8inBy1GeJykK9ol
+XUZQng4Bgkz+33VuKw0M2InIq+9LtAguU6QfAeWDFuu8G2c1Z4FCKaKkJCl6iFaF
+X5Kmeg6xp5j6wadka1gCIbCvF24Kr+mHX9gwSLp/zXZKahWWhsnFlVE9nFVsu8FX
+gn/stOFdSrm6Gpm/Ilh+s2ZALmM7RU7LgrrrIT1S9YAI45ebiY/hqNk8XK9yPeM
+3Jzj+ziNpwl0K8aW4xADnHzVvVDaDPccrmh7WKPuU8LQnYu236RscUiWAbBshEO2
+gGGyvlPpRDIX3NTPfovT+igyfSesT9zIwDK8jIMDxRu/UZ46b7ORXg==
+-----END CERTIFICATE-----
--- a/unittest/velox/velox.pro
+++ b/unittest/velox/velox.pro
@ -0,0 +1,15 @@
+TEMPLATE = app
+TARGET = veloxunittest
+DEPENDPATH += .
+INCLUDEPATH += ../../include/QtCrypto
+LIBS += -L../../lib -lqca
+CONFIG += qtestlib thread console
+QT -= gui
+
+# check target
+QMAKE_EXTRA_TARGETS = check
+check.depends = veloxunittest
+check.commands = ./veloxunittest
+
+# Input
+SOURCES += veloxunittest.cpp
--- a/unittest/velox/veloxunittest.cpp
+++ b/unittest/velox/veloxunittest.cpp
@ -0,0 +1,206 @@
+/**
+ * Copyright (C)  2006  Brad Hards <bradh@frogmouth.net>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in the
+ *   documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <QtCrypto>
+#include <QtNetwork>
+#include <QtTest/QtTest>
+
+class TlsTest : public QObject
+{
+    Q_OBJECT
+public:
+    TlsTest()
+    {
+        sock = new QTcpSocket;
+        connect(sock, SIGNAL(connected()), SLOT(sock_connected()));
+        connect(sock, SIGNAL(readyRead()), SLOT(sock_readyRead()));
+
+        ssl = new QCA::TLS;
+        connect(ssl, SIGNAL(handshaken()), SLOT(ssl_handshaken()));
+        connect(ssl, SIGNAL(readyReadOutgoing()),
+                SLOT(ssl_readyReadOutgoing()));
+    }
+
+    ~TlsTest()
+    {
+        delete ssl;
+        delete sock;
+    }
+
+    void start(const QString &_host, int port)
+    {
+        host = _host;
+        sock->connectToHost(host, port);
+    }
+
+    bool isHandshaken()
+    {
+        return ssl->isHandshaken();
+    }
+
+private slots:
+    void sock_connected()
+    {
+        QCA::CertificateCollection rootCerts;
+        QCA::ConvertResult resultRootCert;
+        QCA::Certificate rootCert = QCA::Certificate::fromPEMFile( "root.crt", &resultRootCert);
+        QCOMPARE( resultRootCert, QCA::ConvertGood );
+        rootCerts.addCertificate( rootCert );
+
+        ssl->setTrustedCertificates(rootCerts);
+
+        ssl->startClient(host);
+    }
+
+    void sock_readyRead()
+    {
+        ssl->writeIncoming(sock->readAll());
+    }
+
+    void ssl_handshaken()
+    {
+        QCA::TLS::IdentityResult r = ssl->peerIdentityResult();
+
+        QCOMPARE( r,  QCA::TLS::Valid );
+    }
+
+    void ssl_readyReadOutgoing()
+    {
+        sock->write(ssl->readOutgoing());
+    }
+
+private:
+    QString host;
+    QTcpSocket *sock;
+    QCA::TLS *ssl;
+    QCA::Certificate cert;
+};
+
+
+class VeloxUnitTest : public QObject
+{
+    Q_OBJECT
+
+private slots:
+    void initTestCase();
+    void cleanupTestCase();
+    void sniAlice();
+    void sniBob();
+    void sniCarol();
+    void sniDave();
+    void sniMallory();
+    void sniIvan();
+private:
+    QCA::Initializer* m_init;
+    QCA::CertificateCollection rootCerts;
+};
+
+void VeloxUnitTest::initTestCase()
+{
+    m_init = new QCA::Initializer;
+#include "../fixpaths.include"
+}
+
+void VeloxUnitTest::cleanupTestCase()
+{
+    delete m_init;
+}
+
+void VeloxUnitTest::sniAlice()
+{
+    if(!QCA::isSupported("tls", "qca-openssl"))
+	QWARN("TLS not supported for qca-openssl");
+    else {
+        TlsTest *s = new TlsTest;
+        s->start( "alice.sni.velox.ch", 443 );
+        QTest::qWait( 4000 );
+        QVERIFY( s->isHandshaken() );
+    }
+}
+
+void VeloxUnitTest::sniBob()
+{
+    if(!QCA::isSupported("tls", "qca-openssl"))
+	QWARN("TLS not supported for qca-openssl");
+    else {
+        TlsTest *s = new TlsTest;
+        s->start( "bob.sni.velox.ch", 443 );
+        QTest::qWait( 4000 );
+        QVERIFY( s->isHandshaken() );
+    }
+}
+
+void VeloxUnitTest::sniCarol()
+{
+    if(!QCA::isSupported("tls", "qca-openssl"))
+	QWARN("TLS not supported for qca-openssl");
+    else {
+        TlsTest *s = new TlsTest;
+        s->start( "carol.sni.velox.ch", 443 );
+        QTest::qWait( 4000 );
+        QVERIFY( s->isHandshaken() );
+    }
+}
+
+void VeloxUnitTest::sniDave()
+{
+    if(!QCA::isSupported("tls", "qca-openssl"))
+	QWARN("TLS not supported for qca-openssl");
+    else {
+        TlsTest *s = new TlsTest;
+        s->start( "dave.sni.velox.ch", 443 );
+        QTest::qWait( 4000 );
+        QVERIFY( s->isHandshaken() );
+    }
+}
+
+void VeloxUnitTest::sniMallory()
+{
+    if(!QCA::isSupported("tls", "qca-openssl"))
+	QWARN("TLS not supported for qca-openssl");
+    else {
+        TlsTest *s = new TlsTest;
+        s->start( "mallory.sni.velox.ch", 443 );
+        QTest::qWait( 4000 );
+        QVERIFY( s->isHandshaken() );
+    }
+}
+
+
+void VeloxUnitTest::sniIvan()
+{
+    if(!QCA::isSupported("tls", "qca-openssl"))
+	QWARN("TLS not supported for qca-openssl");
+    else {
+        TlsTest *s = new TlsTest;
+        s->start( "ivan.sni.velox.ch", 443 );
+        QTest::qWait( 4000 );
+        QVERIFY( s->isHandshaken() );
+    }
+}
+
+QTEST_MAIN(VeloxUnitTest)
+
+#include "veloxunittest.moc"