QuasarApp/qca
4
0
Fork 0
mirror of https://github.com/QuasarApp/qca.git synced 2025-04-27 12:04:31 +00:00
Code Issues Projects Releases Wiki Activity

Update the X.509 certificates unit test.

Browse Source 
Changes:
1. The whole test is now a single file, so it is easier
to update, and to make the CMake integration simpler.
2. The old test certificates have expired. Those are
now used to test certificate expiry, and new certificates
(from http://openvalidation.org) have been added.
3. The old client and server cert tests have been updated
to reflect the updated certificates.

This passes for me on Qt 4.1.4, using qmake/qconf.

svn path=/trunk/kdesupport/qca/; revision=594680
This commit is contained in:
Brad Hards 2006-10-12 00:05:20 +00:00
parent ddb52a52f4
commit 95737b7486
7 changed files with 579 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
unittest/certunittest/certs/RootCA2cert.pem Normal file
View File

@ -0,0 +1,29 @@
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgIBADANBgkqhkiG9w0BAQQFADB/MQswCQYDVQQGEwJkZTEg
MB4GA1UEChMXSW5zZWN1cmVUZXN0Q2VydGlmaWNhdGUxJzAlBgNVBAMTHkZvciBU
ZXN0cyBPbmx5IG5leHQgZ2VuZXJhdGlvbjElMCMGCSqGSIb3DQEJARYWaW5zZWN1
cmVAdGVzdC5pbnNlY3VyZTAeFw0wMjA2MjcxMjE2MzJaFw0xMjA2MjQxMjE2MzJa
MH8xCzAJBgNVBAYTAmRlMSAwHgYDVQQKExdJbnNlY3VyZVRlc3RDZXJ0aWZpY2F0
ZTEnMCUGA1UEAxMeRm9yIFRlc3RzIE9ubHkgbmV4dCBnZW5lcmF0aW9uMSUwIwYJ
KoZIhvcNAQkBFhZpbnNlY3VyZUB0ZXN0Lmluc2VjdXJlMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEApU/ZjFU69b1kOa7R14gUA+fK4W2fiG5Rl7l1Y9Oa
ykDRQXOXzb2Jtqru0R8wdYHpKDDfJMnf0NkNbsMT9/EPztuEXhxgRM/V1+GxlZqR
w3B7vDg41wjBuq8/9xOfd8WqdeXID5/JSo/z0Q2v0ifBgCP60DbCFtPneIdElGSY
tCpNd2qG06CNJz5gvaHDIpQbjgQ2KiGSJStH+cYlwf24JdZgslXqo6JVg3/7SMHq
mY2A/MIFZRvUEwataZxtmOkba2AhwFesKq1V4DeIvH7VD29Ub0dB4O9r7LHTjxzG
j4nRrkNi6L4R4HN8q4CtxbJNaoMvFAuMKTIdiBDjEB5G7QIDAQABo4IBhjCCAYIw
DwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAeYwHQYDVR0OBBYEFI8IT5xTwVzI
5gzXEy7LUjwjlgIUMIGrBgNVHSMEgaMwgaCAFI8IT5xTwVzI5gzXEy7LUjwjlgIU
oYGEpIGBMH8xCzAJBgNVBAYTAmRlMSAwHgYDVQQKExdJbnNlY3VyZVRlc3RDZXJ0
aWZpY2F0ZTEnMCUGA1UEAxMeRm9yIFRlc3RzIE9ubHkgbmV4dCBnZW5lcmF0aW9u
MSUwIwYJKoZIhvcNAQkBFhZpbnNlY3VyZUB0ZXN0Lmluc2VjdXJlggEAMCEGA1Ud
EQQaMBiBFmluc2VjdXJlQHRlc3QuaW5zZWN1cmUwIQYDVR0SBBowGIEWaW5zZWN1
cmVAdGVzdC5pbnNlY3VyZTARBglghkgBhvhCAQEEBAMCAAcwPAYJYIZIAYb4QgEN
BC8WLVRoaXMgY2VydGlmaWNhdGUgd2FzIGlzc3VlZCBmb3IgdGVzdGluZyBvbmx5
ITANBgkqhkiG9w0BAQQFAAOCAQEAKG4CjdQ60pskcVVS9batPkOr3HR+20jgxtaW
Cul+QmepJCZTj2XjmspLlw00ZVcjxTuxsBVKQoSPA0V7xrNU6GVYQtfnYWoQ1Lw+
c2+J6XZ5iV58uyz4IJVgdq+kyXjopMiJV/cHqDX5fPeLT35L3UNZy8TdhHW+tj7X
sZelbK6kig9mzOBV2g0Pa86DwctHxL/eRDqX0+Mkvy9YAsBVhHDhVRWBpVMmQFMd
NbEiGRB0FEKTM+ztlb0QyBrhrjHI9a+P2Q5iap7HuiUrD7BRQ8YWEOUWI8jEdRaI
kC/K0U+WTB6e32XidjR7GCqFULLCE45of5JWJ/eV9gL5znhbEg==
-----END CERTIFICATE-----

86
unittest/certunittest/certs/servergood2cert.pem Normal file
View File

@ -0,0 +1,86 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6 (0x6)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=de, O=InsecureTestCertificate, CN=For Tests Only next generation/Email=insecure@test.insecure
Validity
Not Before: Jul 1 10:21:49 2002 GMT
Not After : Jun 30 10:21:49 2007 GMT
Subject: C=de, O=InsecureTestCertificate, CN=Insecure Server Cert/Email=insecure@test.insecure
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:bd:45:c9:dc:e9:70:4d:90:95:ff:07:09:24:8e:
08:8c:d2:64:ce:16:02:00:3d:8a:15:fe:e2:9a:eb:
81:3c:67:55:7e:5c:e1:75:ea:09:b4:76:84:c3:04:
3e:fc:8e:49:77:ad:97:db:44:5b:3e:44:32:b3:70:
c0:fe:4e:0f:82:bb:97:4b:11:34:0d:06:64:c6:8f:
60:85:3c:b9:a2:7c:fa:ce:28:ab:3c:3b:2d:72:d8:
e9:e4:c1:44:f3:83:00:5c:9c:51:78:6c:08:6d:a7:
97:19:ce:9a:81:4b:7d:fc:13:f7:30:94:20:19:b2:
60:16:77:68:a9:c4:3b:42:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage:
Digital Signature, Key Encipherment, Key Agreement
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Subject Key Identifier:
F5:F1:29:8A:CD:31:98:96:2B:00:5B:78:55:F6:CC:69:55:EE:F3:18
X509v3 Authority Key Identifier:
keyid:8F:08:4F:9C:53:C1:5C:C8:E6:0C:D7:13:2E:CB:52:3C:23:96:02:14
DirName:/C=de/O=InsecureTestCertificate/CN=For Tests Only next generation/Email=insecure@test.insecure
serial:00
X509v3 Subject Alternative Name:
email:insecure@test.insecure
X509v3 Issuer Alternative Name:
email:insecure@test.insecure
Netscape Cert Type:
SSL Server
Netscape Comment:
This certificate was issued for testing only!
Signature Algorithm: md5WithRSAEncryption
87:48:82:2d:5d:dc:e0:0a:a1:b9:11:3a:bf:37:40:cc:c3:42:
b1:9a:a7:62:3d:8d:0f:7e:bc:da:a9:cc:8f:2c:4b:66:c8:42:
69:fc:a9:66:8b:f0:51:84:40:23:01:30:98:10:d8:76:01:b0:
c0:bd:ae:68:42:a7:33:c9:48:e5:30:be:4b:4e:8b:e7:f2:56:
3f:11:2b:2b:10:1d:1e:51:98:39:62:c0:e1:cf:dc:ef:1b:c2:
2c:1c:cf:94:87:d7:a0:32:c6:50:b2:f4:00:49:61:a5:80:11:
9e:59:99:3e:d5:59:69:83:47:05:ae:08:bb:2c:0b:53:90:53:
a0:86:0d:9a:6c:d4:ce:c9:d2:fd:fb:b0:a8:24:64:70:0f:9f:
2b:64:3b:11:40:fa:b7:30:ea:82:e1:4b:32:14:bd:d4:72:e0:
3f:3e:27:26:b6:d1:80:8a:ad:d4:eb:b3:cf:fc:ab:0b:b6:2d:
25:5b:0f:be:d5:f1:73:5a:2f:70:c3:fd:9f:3a:db:bc:ab:a7:
5f:3c:aa:54:b3:c8:9d:a6:12:62:dc:7b:4b:8f:62:d7:fd:f7:
f4:f8:3e:be:ef:26:2b:b9:4b:40:a5:36:c2:e7:0b:7e:41:ba:
00:88:41:de:0d:ef:fb:0c:e9:df:a0:92:b2:29:1d:ab:d3:45:
c8:16:37:52
-----BEGIN CERTIFICATE-----
MIIEdzCCA1+gAwIBAgIBBjANBgkqhkiG9w0BAQQFADB/MQswCQYDVQQGEwJkZTEg
MB4GA1UEChMXSW5zZWN1cmVUZXN0Q2VydGlmaWNhdGUxJzAlBgNVBAMTHkZvciBU
ZXN0cyBPbmx5IG5leHQgZ2VuZXJhdGlvbjElMCMGCSqGSIb3DQEJARYWaW5zZWN1
cmVAdGVzdC5pbnNlY3VyZTAeFw0wMjA3MDExMDIxNDlaFw0wNzA2MzAxMDIxNDla
MHUxCzAJBgNVBAYTAmRlMSAwHgYDVQQKExdJbnNlY3VyZVRlc3RDZXJ0aWZpY2F0
ZTEdMBsGA1UEAxMUSW5zZWN1cmUgU2VydmVyIENlcnQxJTAjBgkqhkiG9w0BCQEW
Fmluc2VjdXJlQHRlc3QuaW5zZWN1cmUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
AoGBAL1FydzpcE2Qlf8HCSSOCIzSZM4WAgA9ihX+4prrgTxnVX5c4XXqCbR2hMME
PvyOSXetl9tEWz5EMrNwwP5OD4K7l0sRNA0GZMaPYIU8uaJ8+s4oqzw7LXLY6eTB
RPODAFycUXhsCG2nlxnOmoFLffwT9zCUIBmyYBZ3aKnEO0IhAgMBAAGjggGKMIIB
hjALBgNVHQ8EBAMCA6gwEwYDVR0lBAwwCgYIKwYBBQUHAwEwHQYDVR0OBBYEFPXx
KYrNMZiWKwBbeFX2zGlV7vMYMIGrBgNVHSMEgaMwgaCAFI8IT5xTwVzI5gzXEy7L
UjwjlgIUoYGEpIGBMH8xCzAJBgNVBAYTAmRlMSAwHgYDVQQKExdJbnNlY3VyZVRl
c3RDZXJ0aWZpY2F0ZTEnMCUGA1UEAxMeRm9yIFRlc3RzIE9ubHkgbmV4dCBnZW5l
cmF0aW9uMSUwIwYJKoZIhvcNAQkBFhZpbnNlY3VyZUB0ZXN0Lmluc2VjdXJlggEA
MCEGA1UdEQQaMBiBFmluc2VjdXJlQHRlc3QuaW5zZWN1cmUwIQYDVR0SBBowGIEW
aW5zZWN1cmVAdGVzdC5pbnNlY3VyZTARBglghkgBhvhCAQEEBAMCBkAwPAYJYIZI
AYb4QgENBC8WLVRoaXMgY2VydGlmaWNhdGUgd2FzIGlzc3VlZCBmb3IgdGVzdGlu
ZyBvbmx5ITANBgkqhkiG9w0BAQQFAAOCAQEAh0iCLV3c4AqhuRE6vzdAzMNCsZqn
Yj2ND3682qnMjyxLZshCafypZovwUYRAIwEwmBDYdgGwwL2uaEKnM8lI5TC+S06L
5/JWPxErKxAdHlGYOWLA4c/c7xvCLBzPlIfXoDLGULL0AElhpYARnlmZPtVZaYNH
Ba4IuywLU5BToIYNmmzUzsnS/fuwqCRkcA+fK2Q7EUD6tzDqguFLMhS91HLgPz4n
JrbRgIqt1Ouzz/yrC7YtJVsPvtXxc1ovcMP9nzrbvKunXzyqVLPInaYSYtx7S49i
1/339Pg+vu8mK7lLQKU2wucLfkG6AIhB3g3v+wzp36CSsikdq9NFyBY3Ug==
-----END CERTIFICATE-----

60
unittest/certunittest/certs/servergood2cert.txt Normal file
View File

@ -0,0 +1,60 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6 (0x6)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=de, O=InsecureTestCertificate, CN=For Tests Only next generation/Email=insecure@test.insecure
Validity
Not Before: Jul 1 10:21:49 2002 GMT
Not After : Jun 30 10:21:49 2007 GMT
Subject: C=de, O=InsecureTestCertificate, CN=Insecure Server Cert/Email=insecure@test.insecure
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:bd:45:c9:dc:e9:70:4d:90:95:ff:07:09:24:8e:
08:8c:d2:64:ce:16:02:00:3d:8a:15:fe:e2:9a:eb:
81:3c:67:55:7e:5c:e1:75:ea:09:b4:76:84:c3:04:
3e:fc:8e:49:77:ad:97:db:44:5b:3e:44:32:b3:70:
c0:fe:4e:0f:82:bb:97:4b:11:34:0d:06:64:c6:8f:
60:85:3c:b9:a2:7c:fa:ce:28:ab:3c:3b:2d:72:d8:
e9:e4:c1:44:f3:83:00:5c:9c:51:78:6c:08:6d:a7:
97:19:ce:9a:81:4b:7d:fc:13:f7:30:94:20:19:b2:
60:16:77:68:a9:c4:3b:42:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage:
Digital Signature, Key Encipherment, Key Agreement
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Subject Key Identifier:
F5:F1:29:8A:CD:31:98:96:2B:00:5B:78:55:F6:CC:69:55:EE:F3:18
X509v3 Authority Key Identifier:
keyid:8F:08:4F:9C:53:C1:5C:C8:E6:0C:D7:13:2E:CB:52:3C:23:96:02:14
DirName:/C=de/O=InsecureTestCertificate/CN=For Tests Only next generation/Email=insecure@test.insecure
serial:00
X509v3 Subject Alternative Name:
email:insecure@test.insecure
X509v3 Issuer Alternative Name:
email:insecure@test.insecure
Netscape Cert Type:
SSL Server
Netscape Comment:
This certificate was issued for testing only!
Signature Algorithm: md5WithRSAEncryption
87:48:82:2d:5d:dc:e0:0a:a1:b9:11:3a:bf:37:40:cc:c3:42:
b1:9a:a7:62:3d:8d:0f:7e:bc:da:a9:cc:8f:2c:4b:66:c8:42:
69:fc:a9:66:8b:f0:51:84:40:23:01:30:98:10:d8:76:01:b0:
c0:bd:ae:68:42:a7:33:c9:48:e5:30:be:4b:4e:8b:e7:f2:56:
3f:11:2b:2b:10:1d:1e:51:98:39:62:c0:e1:cf:dc:ef:1b:c2:
2c:1c:cf:94:87:d7:a0:32:c6:50:b2:f4:00:49:61:a5:80:11:
9e:59:99:3e:d5:59:69:83:47:05:ae:08:bb:2c:0b:53:90:53:
a0:86:0d:9a:6c:d4:ce:c9:d2:fd:fb:b0:a8:24:64:70:0f:9f:
2b:64:3b:11:40:fa:b7:30:ea:82:e1:4b:32:14:bd:d4:72:e0:
3f:3e:27:26:b6:d1:80:8a:ad:d4:eb:b3:cf:fc:ab:0b:b6:2d:
25:5b:0f:be:d5:f1:73:5a:2f:70:c3:fd:9f:3a:db:bc:ab:a7:
5f:3c:aa:54:b3:c8:9d:a6:12:62:dc:7b:4b:8f:62:d7:fd:f7:
f4:f8:3e:be:ef:26:2b:b9:4b:40:a5:36:c2:e7:0b:7e:41:ba:
00:88:41:de:0d:ef:fb:0c:e9:df:a0:92:b2:29:1d:ab:d3:45:
c8:16:37:52

87
unittest/certunittest/certs/user2goodcert.pem Normal file
View File

@ -0,0 +1,87 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4 (0x4)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=de, O=InsecureTestCertificate, CN=For Tests Only next generation/Email=insecure@test.insecure
Validity
Not Before: Jul 1 09:58:50 2002 GMT
Not After : Jun 30 09:58:50 2007 GMT
Subject: C=de, O=InsecureTestCertificate, CN=Insecure User Test Cert/Email=insecure@test.insecure
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:f1:79:30:51:bb:49:33:97:ef:e8:03:91:df:f6:
9d:3b:7e:c7:13:90:7f:60:16:fe:67:8d:b3:58:20:
6e:09:21:89:f3:25:f3:0d:df:69:b0:33:71:72:70:
67:af:52:4f:14:3a:6e:f6:6d:fd:b9:c3:8e:71:63:
31:f7:f4:3a:6e:0b:54:88:ef:d0:57:87:9a:d6:e9:
d5:7d:78:a6:03:a4:54:77:04:f4:27:a3:04:ad:b1:
12:4d:13:12:b5:e3:32:2e:03:be:b8:d7:8d:5a:c0:
39:89:33:20:19:3c:32:43:69:5c:31:f2:5c:39:a9:
54:15:26:ce:3b:bd:f1:92:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment
X509v3 Extended Key Usage:
TLS Web Client Authentication, E-mail Protection
X509v3 Subject Key Identifier:
7B:5C:26:F0:14:E4:7D:3C:5C:9D:5C:B4:86:A5:E7:6C:BE:8E:77:FB
X509v3 Authority Key Identifier:
keyid:8F:08:4F:9C:53:C1:5C:C8:E6:0C:D7:13:2E:CB:52:3C:23:96:02:14
DirName:/C=de/O=InsecureTestCertificate/CN=For Tests Only next generation/Email=insecure@test.insecure
serial:00
X509v3 Subject Alternative Name:
email:insecure@test.insecure
X509v3 Issuer Alternative Name:
email:insecure@test.insecure
Netscape Cert Type:
SSL Client, S/MIME
Netscape Comment:
This certificate was issued for testing only!
Signature Algorithm: md5WithRSAEncryption
46:1e:57:24:97:95:da:b9:c3:7e:66:ac:19:ba:08:6d:5e:2e:
19:e7:bc:c7:78:c9:0d:e6:4a:76:18:b5:ef:d9:2c:6d:a8:3c:
10:6e:d4:ce:7a:91:70:2a:19:13:2f:8a:60:82:14:57:8c:b0:
bd:ae:0d:0b:44:0d:ba:c7:e7:96:02:61:81:c7:07:c6:cc:73:
c6:a0:15:1c:a2:b4:5c:a5:28:21:6a:d6:c2:cd:84:52:05:36:
8f:06:97:29:c0:fe:c6:05:32:03:10:cc:fd:1c:56:ce:80:40:
1e:c2:19:96:8c:cf:27:5d:b5:88:e9:a0:9e:b7:ad:d0:73:c0:
d4:0f:37:09:63:64:57:3d:92:fc:2f:b8:c6:fa:3b:dd:91:f3:
66:d0:5e:50:d3:1d:10:a5:56:03:c4:7a:dc:b4:5f:0d:a7:34:
c5:47:67:ee:c2:8e:1a:87:30:1f:60:bb:30:25:ce:cc:56:1b:
22:1f:b2:ca:1e:17:65:92:15:16:ce:f9:09:21:e0:9f:45:dd:
76:67:ba:f6:7e:98:e0:cf:fe:3c:b0:75:af:34:61:c9:9c:cf:
42:99:01:cf:05:22:8f:c9:38:87:3f:85:11:8c:68:41:a9:97:
95:62:56:7f:57:8e:ed:ef:cb:f9:29:7f:d9:9a:ee:3f:d5:c1:
80:9e:85:05
-----BEGIN CERTIFICATE-----
MIIEhDCCA2ygAwIBAgIBBDANBgkqhkiG9w0BAQQFADB/MQswCQYDVQQGEwJkZTEg
MB4GA1UEChMXSW5zZWN1cmVUZXN0Q2VydGlmaWNhdGUxJzAlBgNVBAMTHkZvciBU
ZXN0cyBPbmx5IG5leHQgZ2VuZXJhdGlvbjElMCMGCSqGSIb3DQEJARYWaW5zZWN1
cmVAdGVzdC5pbnNlY3VyZTAeFw0wMjA3MDEwOTU4NTBaFw0wNzA2MzAwOTU4NTBa
MHgxCzAJBgNVBAYTAmRlMSAwHgYDVQQKExdJbnNlY3VyZVRlc3RDZXJ0aWZpY2F0
ZTEgMB4GA1UEAxMXSW5zZWN1cmUgVXNlciBUZXN0IENlcnQxJTAjBgkqhkiG9w0B
CQEWFmluc2VjdXJlQHRlc3QuaW5zZWN1cmUwgZ8wDQYJKoZIhvcNAQEBBQADgY0A
MIGJAoGBAPF5MFG7STOX7+gDkd/2nTt+xxOQf2AW/meNs1ggbgkhifMl8w3fabAz
cXJwZ69STxQ6bvZt/bnDjnFjMff0Om4LVIjv0FeHmtbp1X14pgOkVHcE9CejBK2x
Ek0TErXjMi4DvrjXjVrAOYkzIBk8MkNpXDHyXDmpVBUmzju98ZLZAgMBAAGjggGU
MIIBkDALBgNVHQ8EBAMCBPAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwME
MB0GA1UdDgQWBBR7XCbwFOR9PFydXLSGpedsvo53+zCBqwYDVR0jBIGjMIGggBSP
CE+cU8FcyOYM1xMuy1I8I5YCFKGBhKSBgTB/MQswCQYDVQQGEwJkZTEgMB4GA1UE
ChMXSW5zZWN1cmVUZXN0Q2VydGlmaWNhdGUxJzAlBgNVBAMTHkZvciBUZXN0cyBP
bmx5IG5leHQgZ2VuZXJhdGlvbjElMCMGCSqGSIb3DQEJARYWaW5zZWN1cmVAdGVz
dC5pbnNlY3VyZYIBADAhBgNVHREEGjAYgRZpbnNlY3VyZUB0ZXN0Lmluc2VjdXJl
MCEGA1UdEgQaMBiBFmluc2VjdXJlQHRlc3QuaW5zZWN1cmUwEQYJYIZIAYb4QgEB
BAQDAgWgMDwGCWCGSAGG+EIBDQQvFi1UaGlzIGNlcnRpZmljYXRlIHdhcyBpc3N1
ZWQgZm9yIHRlc3Rpbmcgb25seSEwDQYJKoZIhvcNAQEEBQADggEBAEYeVySXldq5
w35mrBm6CG1eLhnnvMd4yQ3mSnYYte/ZLG2oPBBu1M56kXAqGRMvimCCFFeMsL2u
DQtEDbrH55YCYYHHB8bMc8agFRyitFylKCFq1sLNhFIFNo8GlynA/sYFMgMQzP0c
Vs6AQB7CGZaMzyddtYjpoJ63rdBzwNQPNwljZFc9kvwvuMb6O92R82bQXlDTHRCl
VgPEety0Xw2nNMVHZ+7CjhqHMB9guzAlzsxWGyIfssoeF2WSFRbO+Qkh4J9F3XZn
uvZ+mODP/jywda80Ycmcz0KZAc8FIo/JOIc/hRGMaEGpl5ViVn9Xju3vy/kpf9ma
7j/VwYCehQU=
-----END CERTIFICATE-----

60
unittest/certunittest/certs/user2goodcert.txt Normal file
View File

@ -0,0 +1,60 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4 (0x4)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=de, O=InsecureTestCertificate, CN=For Tests Only next generation/Email=insecure@test.insecure
Validity
Not Before: Jul 1 09:58:50 2002 GMT
Not After : Jun 30 09:58:50 2007 GMT
Subject: C=de, O=InsecureTestCertificate, CN=Insecure User Test Cert/Email=insecure@test.insecure
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:f1:79:30:51:bb:49:33:97:ef:e8:03:91:df:f6:
9d:3b:7e:c7:13:90:7f:60:16:fe:67:8d:b3:58:20:
6e:09:21:89:f3:25:f3:0d:df:69:b0:33:71:72:70:
67:af:52:4f:14:3a:6e:f6:6d:fd:b9:c3:8e:71:63:
31:f7:f4:3a:6e:0b:54:88:ef:d0:57:87:9a:d6:e9:
d5:7d:78:a6:03:a4:54:77:04:f4:27:a3:04:ad:b1:
12:4d:13:12:b5:e3:32:2e:03:be:b8:d7:8d:5a:c0:
39:89:33:20:19:3c:32:43:69:5c:31:f2:5c:39:a9:
54:15:26:ce:3b:bd:f1:92:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment
X509v3 Extended Key Usage:
TLS Web Client Authentication, E-mail Protection
X509v3 Subject Key Identifier:
7B:5C:26:F0:14:E4:7D:3C:5C:9D:5C:B4:86:A5:E7:6C:BE:8E:77:FB
X509v3 Authority Key Identifier:
keyid:8F:08:4F:9C:53:C1:5C:C8:E6:0C:D7:13:2E:CB:52:3C:23:96:02:14
DirName:/C=de/O=InsecureTestCertificate/CN=For Tests Only next generation/Email=insecure@test.insecure
serial:00
X509v3 Subject Alternative Name:
email:insecure@test.insecure
X509v3 Issuer Alternative Name:
email:insecure@test.insecure
Netscape Cert Type:
SSL Client, S/MIME
Netscape Comment:
This certificate was issued for testing only!
Signature Algorithm: md5WithRSAEncryption
46:1e:57:24:97:95:da:b9:c3:7e:66:ac:19:ba:08:6d:5e:2e:
19:e7:bc:c7:78:c9:0d:e6:4a:76:18:b5:ef:d9:2c:6d:a8:3c:
10:6e:d4:ce:7a:91:70:2a:19:13:2f:8a:60:82:14:57:8c:b0:
bd:ae:0d:0b:44:0d:ba:c7:e7:96:02:61:81:c7:07:c6:cc:73:
c6:a0:15:1c:a2:b4:5c:a5:28:21:6a:d6:c2:cd:84:52:05:36:
8f:06:97:29:c0:fe:c6:05:32:03:10:cc:fd:1c:56:ce:80:40:
1e:c2:19:96:8c:cf:27:5d:b5:88:e9:a0:9e:b7:ad:d0:73:c0:
d4:0f:37:09:63:64:57:3d:92:fc:2f:b8:c6:fa:3b:dd:91:f3:
66:d0:5e:50:d3:1d:10:a5:56:03:c4:7a:dc:b4:5f:0d:a7:34:
c5:47:67:ee:c2:8e:1a:87:30:1f:60:bb:30:25:ce:cc:56:1b:
22:1f:b2:ca:1e:17:65:92:15:16:ce:f9:09:21:e0:9f:45:dd:
76:67:ba:f6:7e:98:e0:cf:fe:3c:b0:75:af:34:61:c9:9c:cf:
42:99:01:cf:05:22:8f:c9:38:87:3f:85:11:8c:68:41:a9:97:
95:62:56:7f:57:8e:ed:ef:cb:f9:29:7f:d9:9a:ee:3f:d5:c1:
80:9e:85:05

270
unittest/certunittest/certunittest.cpp
View File

@ -22,7 +22,36 @@
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "certunittest.h"
#include <QtCrypto>
#include <QtTest/QtTest>
class CertUnitTest : public QObject
{
Q_OBJECT
private slots:
void initTestCase();
void checkSystemStore();
void nullCert();
void CAcertstest();
void derCAcertstest();
void qualitysslcatest();
void checkExpiredClientCerts();
void checkClientCerts();
void altName();
void extXMPP();
void checkExpiredServerCerts();
void checkServerCerts();
void altNames76();
void crl();
void crl2();
void csr();
void csr2();
void cleanupTestCase();
private:
QCA::Initializer* m_init;
};
void CertUnitTest::initTestCase()
{
@ -158,7 +187,7 @@ void CertUnitTest::qualitysslcatest()
}
}
void CertUnitTest::checkClientCerts()
void CertUnitTest::checkExpiredClientCerts()
{
QStringList providersToTest;
providersToTest.append("qca-openssl");
@ -241,15 +270,15 @@ void CertUnitTest::checkClientCerts()
QCA::Certificate ca1 = QCA::Certificate::fromPEMFile( "certs/RootCAcert.pem", &resultca1, provider);
QCOMPARE( resultca1, QCA::ConvertGood );
trusted.addCertificate( ca1 );
QCOMPARE( client1.validate( trusted, untrusted ), QCA::ValidityGood );
QCOMPARE( client1.validate( trusted, untrusted, QCA::UsageAny ), QCA::ValidityGood );
QCOMPARE( client1.validate( trusted, untrusted, QCA::UsageTLSServer ), QCA::ErrorInvalidPurpose );
QCOMPARE( client1.validate( trusted, untrusted, QCA::UsageTLSClient ), QCA::ValidityGood );
QCOMPARE( client1.validate( trusted, untrusted, QCA::UsageCodeSigning ), QCA::ErrorInvalidPurpose );
QCOMPARE( client1.validate( trusted, untrusted, QCA::UsageTimeStamping ), QCA::ErrorInvalidPurpose );
QCOMPARE( client1.validate( trusted, untrusted, QCA::UsageEmailProtection ), QCA::ValidityGood );
QCOMPARE( client1.validate( trusted, untrusted, QCA::UsageCRLSigning ), QCA::ErrorInvalidPurpose );
QCOMPARE( client1.validate( trusted, untrusted ), QCA::ErrorExpired );
QCOMPARE( client1.validate( trusted, untrusted, QCA::UsageAny ), QCA::ErrorExpired );
QCOMPARE( client1.validate( trusted, untrusted, QCA::UsageTLSServer ), QCA::ErrorExpired );
QCOMPARE( client1.validate( trusted, untrusted, QCA::UsageTLSClient ), QCA::ErrorExpired );
QCOMPARE( client1.validate( trusted, untrusted, QCA::UsageCodeSigning ), QCA::ErrorExpired );
QCOMPARE( client1.validate( trusted, untrusted, QCA::UsageTimeStamping ), QCA::ErrorExpired );
QCOMPARE( client1.validate( trusted, untrusted, QCA::UsageEmailProtection ), QCA::ErrorExpired );
QCOMPARE( client1.validate( trusted, untrusted, QCA::UsageCRLSigning ), QCA::ErrorExpired );
QSecureArray derClient1 = client1.toDER();
QCOMPARE( derClient1.isEmpty(), false );
QCA::Certificate fromDer1 = QCA::Certificate::fromDER( derClient1, &resultClient1, provider );
@ -265,6 +294,116 @@ void CertUnitTest::checkClientCerts()
}
}
}
void CertUnitTest::checkClientCerts()
{
QStringList providersToTest;
providersToTest.append("qca-openssl");
// providersToTest.append("qca-botan");
foreach(const QString provider, providersToTest) {
if( !QCA::isSupported( "cert", provider ) )
QWARN( QString( "Certificate handling not supported for "+provider).toLocal8Bit() );
else {
QCA::ConvertResult resultClient2;
QCA::Certificate client2 = QCA::Certificate::fromPEMFile( "certs/user2goodcert.pem", &resultClient2, provider);
QCOMPARE( resultClient2, QCA::ConvertGood );
QCOMPARE( client2.isNull(), false );
QCOMPARE( client2.isCA(), false );
QCOMPARE( client2.isSelfSigned(), false );
QCOMPARE( client2.serialNumber(), QBigInteger(4) );
QCOMPARE( client2.commonName(), QString("Insecure User Test Cert") );
QCOMPARE( client2.notValidBefore().toString(), QDateTime( QDate( 2002, 7, 1 ), QTime( 9, 58, 50 ), Qt::UTC ).toString() );
QCOMPARE( client2.notValidAfter().toString(), QDateTime( QDate( 2007, 6, 30 ), QTime( 9, 58, 50 ), Qt::UTC ).toString() );
QCOMPARE( client2.constraints().contains(QCA::DigitalSignature), (QBool)true );
QCOMPARE( client2.constraints().contains(QCA::NonRepudiation), (QBool)true );
QCOMPARE( client2.constraints().contains(QCA::KeyEncipherment), (QBool)true );
QCOMPARE( client2.constraints().contains(QCA::DataEncipherment), (QBool)true );
QCOMPARE( client2.constraints().contains(QCA::KeyAgreement), (QBool)false );
QCOMPARE( client2.constraints().contains(QCA::KeyCertificateSign), (QBool)false );
QCOMPARE( client2.constraints().contains(QCA::CRLSign), (QBool)false );
QCOMPARE( client2.constraints().contains(QCA::EncipherOnly), (QBool)false );
QCOMPARE( client2.constraints().contains(QCA::DecipherOnly), (QBool)false );
QCOMPARE( client2.constraints().contains(QCA::ServerAuth), (QBool)false );
QCOMPARE( client2.constraints().contains(QCA::ClientAuth), (QBool)true );
QCOMPARE( client2.constraints().contains(QCA::CodeSigning), (QBool)false );
QCOMPARE( client2.constraints().contains(QCA::EmailProtection), (QBool)true );
QCOMPARE( client2.constraints().contains(QCA::IPSecEndSystem), (QBool)false );
QCOMPARE( client2.constraints().contains(QCA::IPSecTunnel), (QBool)false);
QCOMPARE( client2.constraints().contains(QCA::IPSecUser), (QBool)false );
QCOMPARE( client2.constraints().contains(QCA::TimeStamping), (QBool)false );
QCOMPARE( client2.constraints().contains(QCA::OCSPSigning), (QBool)false );
// no policies on this cert
QCOMPARE( client2.policies().count(), 0 );
QCA::CertificateInfo subject2 = client2.subjectInfo();
QCOMPARE( subject2.isEmpty(), false );
QCOMPARE( subject2.values(QCA::Country).contains("de"), (QBool)true );
QCOMPARE( subject2.values(QCA::Organization).contains("InsecureTestCertificate"), (QBool)true );
QCOMPARE( subject2.values(QCA::CommonName).contains("Insecure User Test Cert"), (QBool)true );
QCA::CertificateInfo issuer2 = client2.issuerInfo();
QCOMPARE( issuer2.isEmpty(), false );
QCOMPARE( issuer2.values(QCA::Country).contains("de"), (QBool)true );
QCOMPARE( issuer2.values(QCA::Organization).contains("InsecureTestCertificate"), (QBool)true );
QCOMPARE( issuer2.values(QCA::CommonName).contains("For Tests Only next generation"), (QBool)true );
QByteArray subjectKeyID = QCA::Hex().stringToArray("7b5c26f014e47d3c5c9d5cb486a5e76cbe8e77fb").toByteArray();
QCOMPARE( client2.subjectKeyId(), subjectKeyID );
QCOMPARE( QCA::Hex().arrayToString(client2.issuerKeyId()), QString("8f084f9c53c15cc8e60cd7132ecb523c23960214") );
QCA::PublicKey pubkey2 = client2.subjectPublicKey();
QCOMPARE( pubkey2.isNull(), false );
QCOMPARE( pubkey2.isRSA(), true );
QCOMPARE( pubkey2.isDSA(), false );
QCOMPARE( pubkey2.isDH(), false );
QCOMPARE( pubkey2.isPublic(), true );
QCOMPARE( pubkey2.isPrivate(), false );
QCOMPARE( pubkey2.bitSize(), 1024 );
QCOMPARE( client2.pathLimit(), 0 );
QCOMPARE( client2.signatureAlgorithm(), QCA::EMSA3_MD5 );
QCA::CertificateCollection trusted;
QCA::CertificateCollection untrusted;
QCOMPARE( client2.validate( trusted, untrusted ), QCA::ErrorInvalidCA );
QCA::ConvertResult resultca2;
QCA::Certificate ca2 = QCA::Certificate::fromPEMFile( "certs/RootCA2cert.pem", &resultca2, provider);
QCOMPARE( resultca2, QCA::ConvertGood );
trusted.addCertificate( ca2 );
QCOMPARE( client2.validate( trusted, untrusted ), QCA::ValidityGood );
QCOMPARE( client2.validate( trusted, untrusted, QCA::UsageAny ), QCA::ValidityGood );
QCOMPARE( client2.validate( trusted, untrusted, QCA::UsageTLSServer ), QCA::ErrorInvalidPurpose );
QCOMPARE( client2.validate( trusted, untrusted, QCA::UsageTLSClient ), QCA::ValidityGood );
QCOMPARE( client2.validate( trusted, untrusted, QCA::UsageCodeSigning ), QCA::ErrorInvalidPurpose );
QCOMPARE( client2.validate( trusted, untrusted, QCA::UsageTimeStamping ), QCA::ErrorInvalidPurpose );
QCOMPARE( client2.validate( trusted, untrusted, QCA::UsageEmailProtection ), QCA::ValidityGood );
QCOMPARE( client2.validate( trusted, untrusted, QCA::UsageCRLSigning ), QCA::ErrorInvalidPurpose );
QSecureArray derClient2 = client2.toDER();
QCOMPARE( derClient2.isEmpty(), false );
QCA::Certificate fromDer2 = QCA::Certificate::fromDER( derClient2, &resultClient2, provider );
QCOMPARE( resultClient2, QCA::ConvertGood );
QVERIFY( fromDer2 == client2 );
QString pemClient2 = client2.toPEM();
QCOMPARE( pemClient2.isEmpty(), false );
QCA::Certificate fromPem2 = QCA::Certificate::fromPEM( pemClient2, &resultClient2, provider);
QCOMPARE( resultClient2, QCA::ConvertGood );
QVERIFY( fromPem2 == client2);
QCOMPARE( fromPem2 != fromDer2, false );
}
}
}
void CertUnitTest::derCAcertstest()
{
QStringList providersToTest;
@ -551,7 +690,7 @@ void CertUnitTest::altNames76()
}
}
void CertUnitTest::checkServerCerts()
void CertUnitTest::checkExpiredServerCerts()
{
QStringList providersToTest;
providersToTest.append("qca-openssl");
@ -635,9 +774,112 @@ void CertUnitTest::checkServerCerts()
QCA::Certificate ca1 = QCA::Certificate::fromPEMFile( "certs/RootCAcert.pem", &resultca1, provider);
QCOMPARE( resultca1, QCA::ConvertGood );
trusted.addCertificate( ca1 );
QCOMPARE( server1.validate( trusted, untrusted ), QCA::ErrorExpired );
QCOMPARE( server1.validate( trusted, untrusted, QCA::UsageAny ), QCA::ErrorExpired );
QCOMPARE( server1.validate( trusted, untrusted, QCA::UsageTLSServer ), QCA::ErrorExpired );
QCOMPARE( server1.validate( trusted, untrusted, QCA::UsageTLSClient ), QCA::ErrorExpired );
QCOMPARE( server1.validate( trusted, untrusted, QCA::UsageCodeSigning ), QCA::ErrorExpired );
QCOMPARE( server1.validate( trusted, untrusted, QCA::UsageTimeStamping ), QCA::ErrorExpired );
QCOMPARE( server1.validate( trusted, untrusted, QCA::UsageEmailProtection ), QCA::ErrorExpired );
QCOMPARE( server1.validate( trusted, untrusted, QCA::UsageCRLSigning ), QCA::ErrorExpired );
QSecureArray derServer1 = server1.toDER();
QCOMPARE( derServer1.isEmpty(), false );
QCA::Certificate fromDer1 = QCA::Certificate::fromDER( derServer1, &resultServer1, provider );
QCOMPARE( resultServer1, QCA::ConvertGood );
QCOMPARE( fromDer1 == server1, true );
}
}
}
void CertUnitTest::checkServerCerts()
{
QStringList providersToTest;
providersToTest.append("qca-openssl");
// providersToTest.append("qca-botan");
foreach(const QString provider, providersToTest) {
if( !QCA::isSupported( "cert", provider ) )
QWARN( QString( "Certificate handling not supported for "+provider).toLocal8Bit() );
else {
QCA::ConvertResult resultServer1;
QCA::Certificate server1 = QCA::Certificate::fromPEMFile( "certs/servergood2cert.pem", &resultServer1, provider);
QCOMPARE( resultServer1, QCA::ConvertGood );
QCOMPARE( server1.isNull(), false );
QCOMPARE( server1.isCA(), false );
QCOMPARE( server1.isSelfSigned(), false );
QCOMPARE( server1.serialNumber(), QBigInteger(6) );
QCOMPARE( server1.commonName(), QString("Insecure Server Cert") );
QCOMPARE( server1.notValidBefore().toString(), QDateTime( QDate( 2002, 7, 1 ), QTime( 10, 21, 49 ), Qt::UTC ).toString() );
QCOMPARE( server1.notValidAfter().toString(), QDateTime( QDate( 2007, 6, 30 ), QTime( 10, 21, 49 ), Qt::UTC ).toString() );
QCOMPARE( server1.constraints().contains(QCA::DigitalSignature), (QBool)true );
QCOMPARE( server1.constraints().contains(QCA::NonRepudiation), (QBool)false );
QCOMPARE( server1.constraints().contains(QCA::KeyEncipherment), (QBool)true );
QCOMPARE( server1.constraints().contains(QCA::DataEncipherment), (QBool)false );
QCOMPARE( server1.constraints().contains(QCA::KeyAgreement), (QBool)true );
QCOMPARE( server1.constraints().contains(QCA::KeyCertificateSign), (QBool)false );
QCOMPARE( server1.constraints().contains(QCA::CRLSign), (QBool)false );
QCOMPARE( server1.constraints().contains(QCA::EncipherOnly), (QBool)false );
QCOMPARE( server1.constraints().contains(QCA::DecipherOnly), (QBool)false );
QCOMPARE( server1.constraints().contains(QCA::ServerAuth), (QBool)true );
QCOMPARE( server1.constraints().contains(QCA::ClientAuth), (QBool)false );
QCOMPARE( server1.constraints().contains(QCA::CodeSigning), (QBool)false );
QCOMPARE( server1.constraints().contains(QCA::EmailProtection), (QBool)false );
QCOMPARE( server1.constraints().contains(QCA::IPSecEndSystem), (QBool)false );
QCOMPARE( server1.constraints().contains(QCA::IPSecTunnel), (QBool)false);
QCOMPARE( server1.constraints().contains(QCA::IPSecUser), (QBool)false );
QCOMPARE( server1.constraints().contains(QCA::TimeStamping), (QBool)false );
QCOMPARE( server1.constraints().contains(QCA::OCSPSigning), (QBool)false );
// no policies on this cert
QCOMPARE( server1.policies().count(), 0 );
QCA::CertificateInfo subject1 = server1.subjectInfo();
QCOMPARE( subject1.isEmpty(), false );
QCOMPARE( subject1.values(QCA::Country).contains("de"), (QBool)true );
QCOMPARE( subject1.values(QCA::Organization).contains("InsecureTestCertificate"), (QBool)true );
QCOMPARE( subject1.values(QCA::CommonName).contains("Insecure Server Cert"), (QBool)true );
QCA::CertificateInfo issuer1 = server1.issuerInfo();
QCOMPARE( issuer1.isEmpty(), false );
QCOMPARE( issuer1.values(QCA::Country).contains("de"), (QBool)true );
QCOMPARE( issuer1.values(QCA::Organization).contains("InsecureTestCertificate"), (QBool)true );
QCOMPARE( issuer1.values(QCA::CommonName).contains("For Tests Only next generation"), (QBool)true );
QByteArray subjectKeyID = QCA::Hex().stringToArray("f5f1298acd3198962b005b7855f6cc6955eef318").toByteArray();
QCOMPARE( server1.subjectKeyId(), subjectKeyID );
QByteArray authorityKeyID = QCA::Hex().stringToArray("8f084f9c53c15cc8e60cd7132ecb523c23960214").toByteArray();
QCOMPARE( server1.issuerKeyId(), authorityKeyID );
QCA::PublicKey pubkey1 = server1.subjectPublicKey();
QCOMPARE( pubkey1.isNull(), false );
QCOMPARE( pubkey1.isRSA(), true );
QCOMPARE( pubkey1.isDSA(), false );
QCOMPARE( pubkey1.isDH(), false );
QCOMPARE( pubkey1.isPublic(), true );
QCOMPARE( pubkey1.isPrivate(), false );
QCOMPARE( pubkey1.bitSize(), 1024 );
QCOMPARE( server1.pathLimit(), 0 );
QCOMPARE( server1.signatureAlgorithm(), QCA::EMSA3_MD5 );
QCA::CertificateCollection trusted;
QCA::CertificateCollection untrusted;
QCOMPARE( server1.validate( trusted, untrusted ), QCA::ErrorInvalidCA );
QCA::ConvertResult resultca1;
QCA::Certificate ca1 = QCA::Certificate::fromPEMFile( "certs/RootCA2cert.pem", &resultca1, provider);
QCOMPARE( resultca1, QCA::ConvertGood );
trusted.addCertificate( ca1 );
QCOMPARE( server1.validate( trusted, untrusted ), QCA::ValidityGood );
QCOMPARE( server1.validate( trusted, untrusted, QCA::UsageAny ), QCA::ValidityGood );
QCOMPARE( server1.validate( trusted, untrusted, QCA::UsageTLSServer ), QCA::ValidityGood);
QCOMPARE( server1.validate( trusted, untrusted, QCA::UsageAny ), QCA::ValidityGood );
QCOMPARE( server1.validate( trusted, untrusted, QCA::UsageTLSServer ), QCA::ValidityGood );
QCOMPARE( server1.validate( trusted, untrusted, QCA::UsageTLSClient ), QCA::ErrorInvalidPurpose );
QCOMPARE( server1.validate( trusted, untrusted, QCA::UsageCodeSigning ), QCA::ErrorInvalidPurpose );
QCOMPARE( server1.validate( trusted, untrusted, QCA::UsageTimeStamping ), QCA::ErrorInvalidPurpose );
@ -896,3 +1138,5 @@ void CertUnitTest::csr2()
}
}
QTEST_MAIN(CertUnitTest)
#include "certunittest.moc"

1
unittest/certunittest/certunittest.pro
View File

@ -12,5 +12,4 @@ check.depends = certunittest
check.commands = ./certunittest
# Input
HEADERS += certunittest.h
SOURCES += certunittest.cpp