File indexing completed on 2024-05-05 04:45:28
0001 /** 0002 * Copyright (C) 2004-2006 Brad Hards <bradh@frogmouth.net> 0003 * 0004 * Redistribution and use in source and binary forms, with or without 0005 * modification, are permitted provided that the following conditions 0006 * are met: 0007 * 0008 * 1. Redistributions of source code must retain the above copyright 0009 * notice, this list of conditions and the following disclaimer. 0010 * 2. Redistributions in binary form must reproduce the above copyright 0011 * notice, this list of conditions and the following disclaimer in the 0012 * documentation and/or other materials provided with the distribution. 0013 * 0014 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 0015 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 0016 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 0017 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 0018 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 0019 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 0020 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 0021 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 0022 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 0023 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 0024 */ 0025 0026 #include <QtCrypto> 0027 #include <QtTest/QtTest> 0028 0029 #ifdef QT_STATICPLUGIN 0030 #include "import_plugins.h" 0031 #endif 0032 0033 class CertUnitTest : public QObject 0034 { 0035 Q_OBJECT 0036 0037 private Q_SLOTS: 0038 void initTestCase(); 0039 void checkSystemStore(); 0040 void nullCert(); 0041 void noSuchFile(); 0042 void CAcertstest(); 0043 void derCAcertstest(); 0044 void qualitysslcatest(); 0045 void checkExpiredClientCerts(); 0046 void checkClientCerts(); 0047 void altName(); 0048 void extXMPP(); 0049 void checkExpiredServerCerts(); 0050 void checkServerCerts(); 0051 void altNames76(); 0052 void sha256cert(); 0053 void crl(); 0054 void crl2(); 0055 void csr(); 0056 void csr2(); 0057 void cleanupTestCase(); 0058 0059 private: 0060 QCA::Initializer *m_init; 0061 }; 0062 0063 void CertUnitTest::initTestCase() 0064 { 0065 m_init = new QCA::Initializer; 0066 } 0067 0068 void CertUnitTest::cleanupTestCase() 0069 { 0070 delete m_init; 0071 } 0072 0073 void CertUnitTest::nullCert() 0074 { 0075 QStringList providersToTest; 0076 providersToTest.append(QStringLiteral("qca-ossl")); 0077 // providersToTest.append("qca-botan"); 0078 0079 foreach (const QString provider, providersToTest) { 0080 if (!QCA::isSupported("cert", provider)) 0081 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData()); 0082 else { 0083 QCA::Certificate nullCert; 0084 QVERIFY(nullCert.isNull()); 0085 // This is copied on purpose to check the assignment operator 0086 QCA::Certificate anotherNullCert = nullCert; // NOLINT(performance-unnecessary-copy-initialization) 0087 QVERIFY(anotherNullCert.isNull()); 0088 QCOMPARE(nullCert, anotherNullCert); 0089 } 0090 } 0091 } 0092 0093 void CertUnitTest::noSuchFile() 0094 { 0095 QStringList providersToTest; 0096 providersToTest.append(QStringLiteral("qca-ossl")); 0097 // providersToTest.append("qca-botan"); 0098 0099 foreach (const QString provider, providersToTest) { 0100 if (!QCA::isSupported("cert", provider)) 0101 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData()); 0102 else { 0103 QCA::ConvertResult resultNoFile; 0104 QCA::Certificate cert = QCA::Certificate::fromPEMFile( 0105 QStringLiteral("thisIsJustaFileNameThatWeDontHave"), &resultNoFile, provider); 0106 QCOMPARE(resultNoFile, QCA::ErrorFile); 0107 QVERIFY(cert.isNull()); 0108 } 0109 } 0110 } 0111 0112 void CertUnitTest::CAcertstest() 0113 { 0114 QStringList providersToTest; 0115 providersToTest.append(QStringLiteral("qca-ossl")); 0116 // providersToTest.append("qca-botan"); 0117 0118 foreach (const QString provider, providersToTest) { 0119 if (!QCA::isSupported("cert", provider)) 0120 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData()); 0121 else { 0122 QCA::ConvertResult resultca1; 0123 QCA::Certificate ca1 = 0124 QCA::Certificate::fromPEMFile(QStringLiteral("certs/RootCAcert.pem"), &resultca1, provider); 0125 0126 QCOMPARE(resultca1, QCA::ConvertGood); 0127 QCOMPARE(ca1.isNull(), false); 0128 QCOMPARE(ca1.pathLimit(), 0); 0129 QCOMPARE(ca1.isCA(), true); 0130 QCOMPARE(ca1.isSelfSigned(), true); 0131 0132 QCOMPARE(ca1.serialNumber(), QCA::BigInteger(0)); 0133 0134 QCOMPARE(ca1.commonName(), QStringLiteral("For Tests Only")); 0135 0136 QCOMPARE(ca1.notValidBefore().toString(), 0137 QDateTime(QDate(2001, 8, 17), QTime(8, 30, 39), Qt::UTC).toString()); 0138 QCOMPARE(ca1.notValidAfter().toString(), 0139 QDateTime(QDate(2011, 8, 15), QTime(8, 30, 39), Qt::UTC).toString()); 0140 0141 QCOMPARE(ca1.constraints().contains(QCA::DigitalSignature) == true, true); 0142 QCOMPARE(ca1.constraints().contains(QCA::NonRepudiation) == true, true); 0143 QCOMPARE(ca1.constraints().contains(QCA::KeyEncipherment) == true, true); 0144 QCOMPARE(ca1.constraints().contains(QCA::DataEncipherment) == true, false); 0145 QCOMPARE(ca1.constraints().contains(QCA::KeyAgreement) == true, false); 0146 QCOMPARE(ca1.constraints().contains(QCA::KeyCertificateSign) == true, true); 0147 QCOMPARE(ca1.constraints().contains(QCA::CRLSign) == true, true); 0148 QCOMPARE(ca1.constraints().contains(QCA::EncipherOnly) == true, false); 0149 QCOMPARE(ca1.constraints().contains(QCA::DecipherOnly) == true, false); 0150 QCOMPARE(ca1.constraints().contains(QCA::ServerAuth) == true, false); 0151 QCOMPARE(ca1.constraints().contains(QCA::ClientAuth) == true, false); 0152 QCOMPARE(ca1.constraints().contains(QCA::CodeSigning) == true, false); 0153 QCOMPARE(ca1.constraints().contains(QCA::EmailProtection) == true, false); 0154 QCOMPARE(ca1.constraints().contains(QCA::IPSecEndSystem) == true, false); 0155 QCOMPARE(ca1.constraints().contains(QCA::IPSecTunnel) == true, false); 0156 QCOMPARE(ca1.constraints().contains(QCA::IPSecUser) == true, false); 0157 QCOMPARE(ca1.constraints().contains(QCA::TimeStamping) == true, false); 0158 QCOMPARE(ca1.constraints().contains(QCA::OCSPSigning) == true, false); 0159 0160 // no policies on this cert 0161 QCOMPARE(ca1.policies().count(), 0); 0162 } 0163 } 0164 } 0165 0166 void CertUnitTest::qualitysslcatest() 0167 { 0168 QStringList providersToTest; 0169 providersToTest.append(QStringLiteral("qca-ossl")); 0170 // providersToTest.append("qca-botan"); 0171 0172 foreach (const QString provider, providersToTest) { 0173 if (!QCA::isSupported("cert", provider)) 0174 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData()); 0175 else { 0176 QCA::ConvertResult resultca1; 0177 QCA::Certificate ca1 = QCA::Certificate::fromPEMFile( 0178 QStringLiteral("certs/QualitySSLIntermediateCA.crt"), &resultca1, provider); 0179 0180 QCOMPARE(resultca1, QCA::ConvertGood); 0181 QCOMPARE(ca1.isNull(), false); 0182 QCOMPARE(ca1.isCA(), true); 0183 QCOMPARE(ca1.isSelfSigned(), false); 0184 0185 QCOMPARE(ca1.signatureAlgorithm(), QCA::EMSA3_SHA1); 0186 0187 QCOMPARE(ca1.serialNumber(), QCA::BigInteger("33555098")); 0188 0189 QCOMPARE(ca1.commonName(), QStringLiteral("Comodo Class 3 Security Services CA")); 0190 0191 QCOMPARE(ca1.notValidBefore().toString(), 0192 QDateTime(QDate(2002, 8, 27), QTime(19, 02, 00), Qt::UTC).toString()); 0193 QCOMPARE(ca1.notValidAfter().toString(), 0194 QDateTime(QDate(2012, 8, 27), QTime(23, 59, 00), Qt::UTC).toString()); 0195 0196 QCOMPARE(ca1.pathLimit(), 0); 0197 0198 QCOMPARE(ca1.constraints().contains(QCA::DigitalSignature) == true, true); 0199 QCOMPARE(ca1.constraints().contains(QCA::NonRepudiation) == true, true); 0200 QCOMPARE(ca1.constraints().contains(QCA::KeyEncipherment) == true, true); 0201 QCOMPARE(ca1.constraints().contains(QCA::DataEncipherment) == true, false); 0202 QCOMPARE(ca1.constraints().contains(QCA::KeyAgreement) == true, false); 0203 QCOMPARE(ca1.constraints().contains(QCA::KeyCertificateSign) == true, true); 0204 QCOMPARE(ca1.constraints().contains(QCA::CRLSign) == true, true); 0205 QCOMPARE(ca1.constraints().contains(QCA::EncipherOnly) == true, false); 0206 QCOMPARE(ca1.constraints().contains(QCA::DecipherOnly) == true, false); 0207 QCOMPARE(ca1.constraints().contains(QCA::ServerAuth) == true, false); 0208 QCOMPARE(ca1.constraints().contains(QCA::ClientAuth) == true, false); 0209 QCOMPARE(ca1.constraints().contains(QCA::CodeSigning) == true, false); 0210 QCOMPARE(ca1.constraints().contains(QCA::EmailProtection) == true, false); 0211 QCOMPARE(ca1.constraints().contains(QCA::IPSecEndSystem) == true, false); 0212 QCOMPARE(ca1.constraints().contains(QCA::IPSecTunnel) == true, false); 0213 QCOMPARE(ca1.constraints().contains(QCA::IPSecUser) == true, false); 0214 QCOMPARE(ca1.constraints().contains(QCA::TimeStamping) == true, false); 0215 QCOMPARE(ca1.constraints().contains(QCA::OCSPSigning) == true, false); 0216 } 0217 } 0218 } 0219 0220 void CertUnitTest::checkExpiredClientCerts() 0221 { 0222 QStringList providersToTest; 0223 providersToTest.append(QStringLiteral("qca-ossl")); 0224 // providersToTest.append("qca-botan"); 0225 0226 foreach (const QString provider, providersToTest) { 0227 if (!QCA::isSupported("cert", provider)) 0228 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData()); 0229 else { 0230 QCA::ConvertResult resultClient1; 0231 QCA::Certificate client1 = 0232 QCA::Certificate::fromPEMFile(QStringLiteral("certs/User.pem"), &resultClient1, provider); 0233 QCOMPARE(resultClient1, QCA::ConvertGood); 0234 QCOMPARE(client1.isNull(), false); 0235 QCOMPARE(client1.isCA(), false); 0236 QCOMPARE(client1.isSelfSigned(), false); 0237 0238 QCOMPARE(client1.serialNumber(), QCA::BigInteger(2)); 0239 0240 QCOMPARE(client1.commonName(), QStringLiteral("Insecure User Test Cert")); 0241 0242 QCOMPARE(client1.notValidBefore().toString(), 0243 QDateTime(QDate(2001, 8, 17), QTime(8, 32, 38), Qt::UTC).toString()); 0244 QCOMPARE(client1.notValidAfter().toString(), 0245 QDateTime(QDate(2006, 8, 16), QTime(8, 32, 38), Qt::UTC).toString()); 0246 0247 QCOMPARE(client1.constraints().contains(QCA::DigitalSignature) == true, true); 0248 QCOMPARE(client1.constraints().contains(QCA::NonRepudiation) == true, true); 0249 QCOMPARE(client1.constraints().contains(QCA::KeyEncipherment) == true, true); 0250 QCOMPARE(client1.constraints().contains(QCA::DataEncipherment) == true, true); 0251 QCOMPARE(client1.constraints().contains(QCA::KeyAgreement) == true, false); 0252 QCOMPARE(client1.constraints().contains(QCA::KeyCertificateSign) == true, false); 0253 QCOMPARE(client1.constraints().contains(QCA::CRLSign) == true, false); 0254 QCOMPARE(client1.constraints().contains(QCA::EncipherOnly) == true, false); 0255 QCOMPARE(client1.constraints().contains(QCA::DecipherOnly) == true, false); 0256 QCOMPARE(client1.constraints().contains(QCA::ServerAuth) == true, false); 0257 QCOMPARE(client1.constraints().contains(QCA::ClientAuth) == true, true); 0258 QCOMPARE(client1.constraints().contains(QCA::CodeSigning) == true, false); 0259 QCOMPARE(client1.constraints().contains(QCA::EmailProtection) == true, true); 0260 QCOMPARE(client1.constraints().contains(QCA::IPSecEndSystem) == true, false); 0261 QCOMPARE(client1.constraints().contains(QCA::IPSecTunnel) == true, false); 0262 QCOMPARE(client1.constraints().contains(QCA::IPSecUser) == true, false); 0263 QCOMPARE(client1.constraints().contains(QCA::TimeStamping) == true, false); 0264 QCOMPARE(client1.constraints().contains(QCA::OCSPSigning) == true, false); 0265 0266 // no policies on this cert 0267 QCOMPARE(client1.policies().count(), 0); 0268 0269 QCA::CertificateInfo subject1 = client1.subjectInfo(); 0270 QCOMPARE(subject1.isEmpty(), false); 0271 QCOMPARE(subject1.contains(QCA::Country, QStringLiteral("de")) == true, true); 0272 QCOMPARE(subject1.contains(QCA::Organization, QStringLiteral("InsecureTestCertificate")) == true, true); 0273 QCOMPARE(subject1.contains(QCA::CommonName, QStringLiteral("Insecure User Test Cert")) == true, true); 0274 0275 QCA::CertificateInfo issuer1 = client1.issuerInfo(); 0276 QCOMPARE(issuer1.isEmpty(), false); 0277 QCOMPARE(issuer1.contains(QCA::Country, QStringLiteral("de")) == true, true); 0278 QCOMPARE(issuer1.contains(QCA::Organization, QStringLiteral("InsecureTestCertificate")) == true, true); 0279 QCOMPARE(issuer1.contains(QCA::CommonName, QStringLiteral("For Tests Only")) == true, true); 0280 0281 QByteArray subjectKeyID = 0282 QCA::Hex().stringToArray(QStringLiteral("889E7EF729719D7B280F361AAE6D00D39DE1AADB")).toByteArray(); 0283 QCOMPARE(client1.subjectKeyId(), subjectKeyID); 0284 QCOMPARE(QCA::Hex().arrayToString(client1.issuerKeyId()), 0285 QStringLiteral("bf53438278d09ec380e51b67ca0500dfb94883a5")); 0286 0287 QCA::PublicKey pubkey1 = client1.subjectPublicKey(); 0288 QCOMPARE(pubkey1.isNull(), false); 0289 QCOMPARE(pubkey1.isRSA(), true); 0290 QCOMPARE(pubkey1.isDSA(), false); 0291 QCOMPARE(pubkey1.isDH(), false); 0292 QCOMPARE(pubkey1.isPublic(), true); 0293 QCOMPARE(pubkey1.isPrivate(), false); 0294 QCOMPARE(pubkey1.bitSize(), 1024); 0295 0296 QCOMPARE(client1.pathLimit(), 0); 0297 0298 QCOMPARE(client1.signatureAlgorithm(), QCA::EMSA3_MD5); 0299 0300 QCA::CertificateCollection trusted; 0301 QCA::CertificateCollection untrusted; 0302 QCOMPARE(client1.validate(trusted, untrusted), QCA::ErrorInvalidCA); 0303 0304 QCA::ConvertResult resultca1; 0305 QCA::Certificate ca1 = 0306 QCA::Certificate::fromPEMFile(QStringLiteral("certs/RootCAcert.pem"), &resultca1, provider); 0307 QCOMPARE(resultca1, QCA::ConvertGood); 0308 trusted.addCertificate(ca1); 0309 0310 QCOMPARE(client1.validate(trusted, untrusted), QCA::ErrorExpired); 0311 QCOMPARE(client1.validate(trusted, untrusted, QCA::UsageAny), QCA::ErrorExpired); 0312 QCOMPARE(client1.validate(trusted, untrusted, QCA::UsageTLSServer), QCA::ErrorExpired); 0313 QCOMPARE(client1.validate(trusted, untrusted, QCA::UsageTLSClient), QCA::ErrorExpired); 0314 QCOMPARE(client1.validate(trusted, untrusted, QCA::UsageCodeSigning), QCA::ErrorExpired); 0315 QCOMPARE(client1.validate(trusted, untrusted, QCA::UsageTimeStamping), QCA::ErrorExpired); 0316 QCOMPARE(client1.validate(trusted, untrusted, QCA::UsageEmailProtection), QCA::ErrorExpired); 0317 QCOMPARE(client1.validate(trusted, untrusted, QCA::UsageCRLSigning), QCA::ErrorExpired); 0318 QByteArray derClient1 = client1.toDER(); 0319 QCOMPARE(derClient1.isEmpty(), false); 0320 QCA::Certificate fromDer1 = QCA::Certificate::fromDER(derClient1, &resultClient1, provider); 0321 QCOMPARE(resultClient1, QCA::ConvertGood); 0322 QVERIFY(fromDer1 == client1); 0323 0324 QString pemClient1 = client1.toPEM(); 0325 QCOMPARE(pemClient1.isEmpty(), false); 0326 QCA::Certificate fromPem1 = QCA::Certificate::fromPEM(pemClient1, &resultClient1, provider); 0327 QCOMPARE(resultClient1, QCA::ConvertGood); 0328 QVERIFY(fromPem1 == client1); 0329 QCOMPARE(fromPem1 != fromDer1, false); 0330 } 0331 } 0332 } 0333 0334 void CertUnitTest::checkClientCerts() 0335 { 0336 QStringList providersToTest; 0337 providersToTest.append(QStringLiteral("qca-ossl")); 0338 // providersToTest.append("qca-botan"); 0339 0340 foreach (const QString provider, providersToTest) { 0341 if (!QCA::isSupported("cert", provider)) 0342 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData()); 0343 else { 0344 QCA::ConvertResult resultClient2; 0345 QCA::Certificate client2 = 0346 QCA::Certificate::fromPEMFile(QStringLiteral("certs/QcaTestClientCert.pem"), &resultClient2, provider); 0347 QCOMPARE(resultClient2, QCA::ConvertGood); 0348 QCOMPARE(client2.isNull(), false); 0349 QCOMPARE(client2.isCA(), false); 0350 QCOMPARE(client2.isSelfSigned(), false); 0351 0352 QCOMPARE(client2.serialNumber(), QCA::BigInteger("13149359243510447488")); 0353 0354 QCOMPARE(client2.commonName(), QStringLiteral("Qca Test Client Certificate")); 0355 0356 QCOMPARE(client2.notValidBefore().toString(), 0357 QDateTime(QDate(2013, 7, 31), QTime(15, 14, 28), Qt::UTC).toString()); 0358 QCOMPARE(client2.notValidAfter().toString(), 0359 QDateTime(QDate(2033, 7, 26), QTime(15, 14, 28), Qt::UTC).toString()); 0360 0361 QCOMPARE(client2.constraints().contains(QCA::DigitalSignature) == true, true); 0362 QCOMPARE(client2.constraints().contains(QCA::NonRepudiation) == true, true); 0363 QCOMPARE(client2.constraints().contains(QCA::KeyEncipherment) == true, true); 0364 QCOMPARE(client2.constraints().contains(QCA::DataEncipherment) == true, true); 0365 QCOMPARE(client2.constraints().contains(QCA::KeyAgreement) == true, false); 0366 QCOMPARE(client2.constraints().contains(QCA::KeyCertificateSign) == true, false); 0367 QCOMPARE(client2.constraints().contains(QCA::CRLSign) == true, false); 0368 QCOMPARE(client2.constraints().contains(QCA::EncipherOnly) == true, false); 0369 QCOMPARE(client2.constraints().contains(QCA::DecipherOnly) == true, false); 0370 QCOMPARE(client2.constraints().contains(QCA::ServerAuth) == true, false); 0371 QCOMPARE(client2.constraints().contains(QCA::ClientAuth) == true, true); 0372 QCOMPARE(client2.constraints().contains(QCA::CodeSigning) == true, false); 0373 QCOMPARE(client2.constraints().contains(QCA::EmailProtection) == true, true); 0374 QCOMPARE(client2.constraints().contains(QCA::IPSecEndSystem) == true, false); 0375 QCOMPARE(client2.constraints().contains(QCA::IPSecTunnel) == true, false); 0376 QCOMPARE(client2.constraints().contains(QCA::IPSecUser) == true, false); 0377 QCOMPARE(client2.constraints().contains(QCA::TimeStamping) == true, false); 0378 QCOMPARE(client2.constraints().contains(QCA::OCSPSigning) == true, false); 0379 0380 // no policies on this cert 0381 QCOMPARE(client2.policies().count(), 0); 0382 0383 QCA::CertificateInfo subject2 = client2.subjectInfo(); 0384 QCOMPARE(subject2.isEmpty(), false); 0385 QVERIFY(subject2.contains(QCA::Country, QStringLiteral("US"))); 0386 QVERIFY(subject2.contains(QCA::Organization, QStringLiteral("Qca Development and Test"))); 0387 QVERIFY(subject2.contains(QCA::OrganizationalUnit, QStringLiteral("Certificate Generation Section"))); 0388 QVERIFY(subject2.contains(QCA::CommonName, QStringLiteral("Qca Test Client Certificate"))); 0389 0390 QCA::CertificateInfo issuer2 = client2.issuerInfo(); 0391 QCOMPARE(issuer2.isEmpty(), false); 0392 QVERIFY(issuer2.contains(QCA::Country, QStringLiteral("AU"))); 0393 QVERIFY(issuer2.contains(QCA::Organization, QStringLiteral("Qca Development and Test"))); 0394 QVERIFY(issuer2.contains(QCA::CommonName, QStringLiteral("Qca Test Root Certificate"))); 0395 0396 QByteArray subjectKeyID = 0397 QCA::Hex().stringToArray(QStringLiteral("1e604e03127d287ba40427a961b428a2d09b50d1")).toByteArray(); 0398 QCOMPARE(client2.subjectKeyId(), subjectKeyID); 0399 QCOMPARE(QCA::Hex().arrayToString(client2.issuerKeyId()), 0400 QStringLiteral("f61c451de1b0458138c60568c1a7cb0f7ade0363")); 0401 0402 QCA::PublicKey pubkey2 = client2.subjectPublicKey(); 0403 QCOMPARE(pubkey2.isNull(), false); 0404 QCOMPARE(pubkey2.isRSA(), true); 0405 QCOMPARE(pubkey2.isDSA(), false); 0406 QCOMPARE(pubkey2.isDH(), false); 0407 QCOMPARE(pubkey2.isPublic(), true); 0408 QCOMPARE(pubkey2.isPrivate(), false); 0409 QCOMPARE(pubkey2.bitSize(), 1024); 0410 0411 QCOMPARE(client2.pathLimit(), 0); 0412 0413 QCOMPARE(client2.signatureAlgorithm(), QCA::EMSA3_SHA1); 0414 0415 QCA::CertificateCollection trusted; 0416 QCA::CertificateCollection untrusted; 0417 QCOMPARE(client2.validate(trusted, untrusted), QCA::ErrorInvalidCA); 0418 0419 QCA::ConvertResult resultca2; 0420 QCA::Certificate ca2 = 0421 QCA::Certificate::fromPEMFile(QStringLiteral("certs/QcaTestRootCert.pem"), &resultca2, provider); 0422 QCOMPARE(resultca2, QCA::ConvertGood); 0423 trusted.addCertificate(ca2); 0424 0425 QCOMPARE(client2.validate(trusted, untrusted), QCA::ValidityGood); 0426 QCOMPARE(client2.validate(trusted, untrusted, QCA::UsageAny), QCA::ValidityGood); 0427 QCOMPARE(client2.validate(trusted, untrusted, QCA::UsageTLSServer), QCA::ErrorInvalidPurpose); 0428 QCOMPARE(client2.validate(trusted, untrusted, QCA::UsageTLSClient), QCA::ValidityGood); 0429 QCOMPARE(client2.validate(trusted, untrusted, QCA::UsageCodeSigning), QCA::ErrorInvalidPurpose); 0430 QCOMPARE(client2.validate(trusted, untrusted, QCA::UsageTimeStamping), QCA::ErrorInvalidPurpose); 0431 QCOMPARE(client2.validate(trusted, untrusted, QCA::UsageEmailProtection), QCA::ValidityGood); 0432 QCOMPARE(client2.validate(trusted, untrusted, QCA::UsageCRLSigning), QCA::ErrorInvalidPurpose); 0433 QByteArray derClient2 = client2.toDER(); 0434 QCOMPARE(derClient2.isEmpty(), false); 0435 QCA::Certificate fromDer2 = QCA::Certificate::fromDER(derClient2, &resultClient2, provider); 0436 QCOMPARE(resultClient2, QCA::ConvertGood); 0437 QVERIFY(fromDer2 == client2); 0438 0439 QString pemClient2 = client2.toPEM(); 0440 QCOMPARE(pemClient2.isEmpty(), false); 0441 QCA::Certificate fromPem2 = QCA::Certificate::fromPEM(pemClient2, &resultClient2, provider); 0442 QCOMPARE(resultClient2, QCA::ConvertGood); 0443 QVERIFY(fromPem2 == client2); 0444 QCOMPARE(fromPem2 != fromDer2, false); 0445 } 0446 } 0447 } 0448 0449 void CertUnitTest::derCAcertstest() 0450 { 0451 QStringList providersToTest; 0452 providersToTest.append(QStringLiteral("qca-ossl")); 0453 0454 foreach (const QString provider, providersToTest) { 0455 if (!QCA::isSupported("cert", provider)) 0456 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData()); 0457 else { 0458 QFile f(QStringLiteral("certs/ov-root-ca-cert.crt")); 0459 QVERIFY(f.open(QFile::ReadOnly)); 0460 QByteArray der = f.readAll(); 0461 QCA::ConvertResult resultca1; 0462 QCA::Certificate ca1 = QCA::Certificate::fromDER(der, &resultca1, provider); 0463 0464 QCOMPARE(resultca1, QCA::ConvertGood); 0465 0466 QCOMPARE(ca1.pathLimit(), 0); 0467 0468 QCOMPARE(ca1.isNull(), false); 0469 QCOMPARE(ca1.isCA(), true); 0470 0471 QCOMPARE(ca1.isSelfSigned(), true); 0472 0473 QCOMPARE(ca1.serialNumber(), QCA::BigInteger(0)); 0474 0475 QCOMPARE(ca1.commonName(), QStringLiteral("For Tests Only")); 0476 0477 QCA::CertificateInfo si = ca1.subjectInfo(); 0478 QCOMPARE(si.isEmpty(), false); 0479 QCOMPARE(si.value(QCA::CommonName), QStringLiteral("For Tests Only")); 0480 QCOMPARE(si.value(QCA::Organization), QStringLiteral("InsecureTestCertificate")); 0481 QCOMPARE(si.value(QCA::Country), QStringLiteral("de")); 0482 0483 QCA::CertificateInfo ii = ca1.issuerInfo(); 0484 QCOMPARE(ii.isEmpty(), false); 0485 QCOMPARE(ii.value(QCA::CommonName), QStringLiteral("For Tests Only")); 0486 QCOMPARE(ii.value(QCA::Organization), QStringLiteral("InsecureTestCertificate")); 0487 QCOMPARE(ii.value(QCA::Country), QStringLiteral("de")); 0488 0489 QCOMPARE(ca1.notValidBefore().toString(), 0490 QDateTime(QDate(2001, 8, 17), QTime(8, 30, 39), Qt::UTC).toString()); 0491 QCOMPARE(ca1.notValidAfter().toString(), 0492 QDateTime(QDate(2011, 8, 15), QTime(8, 30, 39), Qt::UTC).toString()); 0493 0494 QCOMPARE(ca1.constraints().contains(QCA::DigitalSignature) == true, true); 0495 QCOMPARE(ca1.constraints().contains(QCA::NonRepudiation) == true, true); 0496 QCOMPARE(ca1.constraints().contains(QCA::KeyEncipherment) == true, true); 0497 QCOMPARE(ca1.constraints().contains(QCA::DataEncipherment) == true, false); 0498 QCOMPARE(ca1.constraints().contains(QCA::KeyAgreement) == true, false); 0499 QCOMPARE(ca1.constraints().contains(QCA::KeyCertificateSign) == true, true); 0500 QCOMPARE(ca1.constraints().contains(QCA::CRLSign) == true, true); 0501 QCOMPARE(ca1.constraints().contains(QCA::EncipherOnly) == true, false); 0502 QCOMPARE(ca1.constraints().contains(QCA::DecipherOnly) == true, false); 0503 QCOMPARE(ca1.constraints().contains(QCA::ServerAuth) == true, false); 0504 QCOMPARE(ca1.constraints().contains(QCA::ClientAuth) == true, false); 0505 QCOMPARE(ca1.constraints().contains(QCA::CodeSigning) == true, false); 0506 QCOMPARE(ca1.constraints().contains(QCA::EmailProtection) == true, false); 0507 QCOMPARE(ca1.constraints().contains(QCA::IPSecEndSystem) == true, false); 0508 QCOMPARE(ca1.constraints().contains(QCA::IPSecTunnel) == true, false); 0509 QCOMPARE(ca1.constraints().contains(QCA::IPSecUser) == true, false); 0510 QCOMPARE(ca1.constraints().contains(QCA::TimeStamping) == true, false); 0511 QCOMPARE(ca1.constraints().contains(QCA::OCSPSigning) == true, false); 0512 0513 // no policies on this cert 0514 QCOMPARE(ca1.policies().count(), 0); 0515 0516 QCOMPARE(ca1.signatureAlgorithm(), QCA::EMSA3_MD5); 0517 } 0518 } 0519 } 0520 0521 void CertUnitTest::altName() 0522 { 0523 QStringList providersToTest; 0524 providersToTest.append(QStringLiteral("qca-ossl")); 0525 // providersToTest.append("qca-botan"); 0526 0527 foreach (const QString provider, providersToTest) { 0528 if (!QCA::isSupported("cert", provider)) 0529 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData()); 0530 else { 0531 QCA::ConvertResult resultClient1; 0532 QCA::Certificate client1 = 0533 QCA::Certificate::fromPEMFile(QStringLiteral("certs/altname.pem"), &resultClient1, provider); 0534 QCOMPARE(resultClient1, QCA::ConvertGood); 0535 QCOMPARE(client1.isNull(), false); 0536 QCOMPARE(client1.isCA(), false); 0537 QCOMPARE(client1.isSelfSigned(), false); 0538 0539 QCOMPARE(client1.serialNumber(), QCA::BigInteger(1)); 0540 0541 QCOMPARE(client1.commonName(), QStringLiteral("Valid RFC822 nameConstraints EE Certificate Test21")); 0542 0543 QCOMPARE(client1.constraints().contains(QCA::DigitalSignature) == true, true); 0544 QCOMPARE(client1.constraints().contains(QCA::NonRepudiation) == true, true); 0545 QCOMPARE(client1.constraints().contains(QCA::KeyEncipherment) == true, true); 0546 QCOMPARE(client1.constraints().contains(QCA::DataEncipherment) == true, true); 0547 QCOMPARE(client1.constraints().contains(QCA::KeyAgreement) == true, false); 0548 QCOMPARE(client1.constraints().contains(QCA::KeyCertificateSign) == true, false); 0549 QCOMPARE(client1.constraints().contains(QCA::CRLSign) == true, false); 0550 QCOMPARE(client1.constraints().contains(QCA::EncipherOnly) == true, false); 0551 QCOMPARE(client1.constraints().contains(QCA::DecipherOnly) == true, false); 0552 QCOMPARE(client1.constraints().contains(QCA::ServerAuth) == true, false); 0553 QCOMPARE(client1.constraints().contains(QCA::ClientAuth) == true, false); 0554 QCOMPARE(client1.constraints().contains(QCA::CodeSigning) == true, false); 0555 QCOMPARE(client1.constraints().contains(QCA::EmailProtection) == true, false); 0556 QCOMPARE(client1.constraints().contains(QCA::IPSecEndSystem) == true, false); 0557 QCOMPARE(client1.constraints().contains(QCA::IPSecTunnel) == true, false); 0558 QCOMPARE(client1.constraints().contains(QCA::IPSecUser) == true, false); 0559 QCOMPARE(client1.constraints().contains(QCA::TimeStamping) == true, false); 0560 QCOMPARE(client1.constraints().contains(QCA::OCSPSigning) == true, false); 0561 0562 QCOMPARE(client1.policies().count(), 1); 0563 QCOMPARE(client1.policies().at(0), QStringLiteral("2.16.840.1.101.3.2.1.48.1")); 0564 0565 QCA::CertificateInfo subject1 = client1.subjectInfo(); 0566 QCOMPARE(subject1.isEmpty(), false); 0567 QVERIFY(subject1.contains(QCA::Country, QStringLiteral("US"))); 0568 QVERIFY(subject1.contains(QCA::Organization, QStringLiteral("Test Certificates"))); 0569 QVERIFY(subject1.contains(QCA::CommonName, 0570 QStringLiteral("Valid RFC822 nameConstraints EE Certificate Test21"))); 0571 QVERIFY(subject1.contains(QCA::Email, QStringLiteral("Test21EE@mailserver.testcertificates.gov"))); 0572 0573 QCA::CertificateInfo issuer1 = client1.issuerInfo(); 0574 QCOMPARE(issuer1.isEmpty(), false); 0575 QVERIFY(issuer1.contains(QCA::Country, QStringLiteral("US"))); 0576 QVERIFY(issuer1.contains(QCA::Organization, QStringLiteral("Test Certificates"))); 0577 QVERIFY(issuer1.contains(QCA::CommonName, QStringLiteral("nameConstraints RFC822 CA1"))); 0578 0579 QByteArray subjectKeyID = 0580 QCA::Hex().stringToArray(QStringLiteral("b4200d42cd95ea87d463d54f0ed6d10fe5b73bfb")).toByteArray(); 0581 QCOMPARE(client1.subjectKeyId(), subjectKeyID); 0582 QCOMPARE(QCA::Hex().arrayToString(client1.issuerKeyId()), 0583 QStringLiteral("e37f857a8ea23b9eeeb8121d7913aac4bd2e59ad")); 0584 0585 QCA::PublicKey pubkey1 = client1.subjectPublicKey(); 0586 QCOMPARE(pubkey1.isNull(), false); 0587 QCOMPARE(pubkey1.isRSA(), true); 0588 QCOMPARE(pubkey1.isDSA(), false); 0589 QCOMPARE(pubkey1.isDH(), false); 0590 QCOMPARE(pubkey1.isPublic(), true); 0591 QCOMPARE(pubkey1.isPrivate(), false); 0592 QCOMPARE(pubkey1.bitSize(), 1024); 0593 0594 QCOMPARE(client1.pathLimit(), 0); 0595 0596 QCOMPARE(client1.signatureAlgorithm(), QCA::EMSA3_SHA1); 0597 } 0598 } 0599 } 0600 0601 void CertUnitTest::extXMPP() 0602 { 0603 QStringList providersToTest; 0604 providersToTest.append(QStringLiteral("qca-ossl")); 0605 // providersToTest.append("qca-botan"); 0606 0607 foreach (const QString provider, providersToTest) { 0608 if (!QCA::isSupported("cert", provider)) 0609 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData()); 0610 else { 0611 QCA::ConvertResult resultClient1; 0612 QCA::Certificate client1 = 0613 QCA::Certificate::fromPEMFile(QStringLiteral("certs/xmppcert.pem"), &resultClient1, provider); 0614 QCOMPARE(resultClient1, QCA::ConvertGood); 0615 QCOMPARE(client1.isNull(), false); 0616 QCOMPARE(client1.isCA(), false); 0617 QCOMPARE(client1.isSelfSigned(), true); 0618 0619 QCOMPARE(client1.serialNumber(), QCA::BigInteger("9635301556349760241")); 0620 0621 QCOMPARE(client1.commonName(), QStringLiteral("demo.jabber.com")); 0622 0623 QCA::CertificateInfo subject1 = client1.subjectInfo(); 0624 QCOMPARE(subject1.isEmpty(), false); 0625 QVERIFY(subject1.contains(QCA::Country, QStringLiteral("US"))); 0626 QVERIFY(subject1.contains(QCA::Organization, QStringLiteral("Jabber, Inc."))); 0627 QVERIFY(subject1.contains(QCA::Locality, QStringLiteral("Denver"))); 0628 QVERIFY(subject1.contains(QCA::State, QStringLiteral("Colorado"))); 0629 QVERIFY(subject1.contains(QCA::CommonName, QStringLiteral("demo.jabber.com"))); 0630 QVERIFY(subject1.contains(QCA::DNS, QStringLiteral("demo.jabber.com"))); 0631 QVERIFY(subject1.contains(QCA::XMPP, QStringLiteral("demo.jabber.com"))); 0632 0633 QCA::CertificateInfo issuer1 = client1.issuerInfo(); 0634 QCOMPARE(issuer1.isEmpty(), false); 0635 QVERIFY(issuer1.contains(QCA::Country, QStringLiteral("US"))); 0636 QVERIFY(issuer1.contains(QCA::Organization, QStringLiteral("Jabber, Inc."))); 0637 QVERIFY(issuer1.contains(QCA::Locality, QStringLiteral("Denver"))); 0638 QVERIFY(issuer1.contains(QCA::State, QStringLiteral("Colorado"))); 0639 QVERIFY(issuer1.contains(QCA::CommonName, QStringLiteral("demo.jabber.com"))); 0640 } 0641 } 0642 } 0643 0644 void CertUnitTest::altNames76() 0645 { 0646 QStringList providersToTest; 0647 providersToTest.append(QStringLiteral("qca-ossl")); 0648 // providersToTest.append("qca-botan"); 0649 0650 foreach (const QString provider, providersToTest) { 0651 if (!QCA::isSupported("cert", provider)) 0652 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData()); 0653 else { 0654 QCA::ConvertResult resultClient1; 0655 QCA::Certificate client1 = 0656 QCA::Certificate::fromPEMFile(QStringLiteral("certs/76.pem"), &resultClient1, provider); 0657 QCOMPARE(resultClient1, QCA::ConvertGood); 0658 QCOMPARE(client1.isNull(), false); 0659 QCOMPARE(client1.isCA(), false); 0660 QCOMPARE(client1.isSelfSigned(), false); 0661 0662 QCOMPARE(client1.serialNumber(), QCA::BigInteger(118)); 0663 0664 QCOMPARE(client1.commonName(), QStringLiteral("sip1.su.se")); 0665 0666 QCOMPARE(client1.constraints().contains(QCA::DigitalSignature) == true, true); 0667 QCOMPARE(client1.constraints().contains(QCA::NonRepudiation) == true, true); 0668 QCOMPARE(client1.constraints().contains(QCA::KeyEncipherment) == true, true); 0669 QCOMPARE(client1.constraints().contains(QCA::DataEncipherment) == true, false); 0670 QCOMPARE(client1.constraints().contains(QCA::KeyAgreement) == true, false); 0671 QCOMPARE(client1.constraints().contains(QCA::KeyCertificateSign) == true, false); 0672 QCOMPARE(client1.constraints().contains(QCA::CRLSign) == true, false); 0673 QCOMPARE(client1.constraints().contains(QCA::EncipherOnly) == true, false); 0674 QCOMPARE(client1.constraints().contains(QCA::DecipherOnly) == true, false); 0675 QCOMPARE(client1.constraints().contains(QCA::ServerAuth) == true, true); 0676 QCOMPARE(client1.constraints().contains(QCA::ClientAuth) == true, true); 0677 QCOMPARE(client1.constraints().contains(QCA::CodeSigning) == true, false); 0678 QCOMPARE(client1.constraints().contains(QCA::EmailProtection) == true, false); 0679 QCOMPARE(client1.constraints().contains(QCA::IPSecEndSystem) == true, false); 0680 QCOMPARE(client1.constraints().contains(QCA::IPSecTunnel) == true, false); 0681 QCOMPARE(client1.constraints().contains(QCA::IPSecUser) == true, false); 0682 QCOMPARE(client1.constraints().contains(QCA::TimeStamping) == true, false); 0683 QCOMPARE(client1.constraints().contains(QCA::OCSPSigning) == true, false); 0684 0685 QCOMPARE(client1.policies().count(), 1); 0686 0687 QCA::CertificateInfo subject1 = client1.subjectInfo(); 0688 QCOMPARE(subject1.isEmpty(), false); 0689 QVERIFY(subject1.contains(QCA::Country, QStringLiteral("SE"))); 0690 QVERIFY(subject1.contains(QCA::Organization, QStringLiteral("Stockholms universitet"))); 0691 QVERIFY(subject1.contains(QCA::CommonName, QStringLiteral("sip1.su.se"))); 0692 QCOMPARE(subject1.values(QCA::Email).count(), 0); // clazy:exclude=container-anti-pattern 0693 QCOMPARE(subject1.values(QCA::DNS).count(), 8); // clazy:exclude=container-anti-pattern 0694 QVERIFY(subject1.contains(QCA::DNS, QStringLiteral("incomingproxy.sip.su.se"))); 0695 QVERIFY(subject1.contains(QCA::DNS, QStringLiteral("incomingproxy1.sip.su.se"))); 0696 QVERIFY(subject1.contains(QCA::DNS, QStringLiteral("outgoingproxy.sip.su.se"))); 0697 QVERIFY(subject1.contains(QCA::DNS, QStringLiteral("outgoingproxy1.sip.su.se"))); 0698 QVERIFY(subject1.contains(QCA::DNS, QStringLiteral("out.sip.su.se"))); 0699 QVERIFY(subject1.contains(QCA::DNS, QStringLiteral("appserver.sip.su.se"))); 0700 QVERIFY(subject1.contains(QCA::DNS, QStringLiteral("appserver1.sip.su.se"))); 0701 QVERIFY(subject1.contains(QCA::DNS, QStringLiteral("sip1.su.se"))); 0702 0703 QVERIFY(client1.matchesHostName(QStringLiteral("incomingproxy.sip.su.se"))); 0704 QVERIFY(client1.matchesHostName(QStringLiteral("incomingproxy1.sip.su.se"))); 0705 QVERIFY(client1.matchesHostName(QStringLiteral("outgoingproxy.sip.su.se"))); 0706 QVERIFY(client1.matchesHostName(QStringLiteral("outgoingproxy1.sip.su.se"))); 0707 QVERIFY(client1.matchesHostName(QStringLiteral("out.sip.su.se"))); 0708 QVERIFY(client1.matchesHostName(QStringLiteral("appserver.sip.su.se"))); 0709 QVERIFY(client1.matchesHostName(QStringLiteral("appserver1.sip.su.se"))); 0710 QVERIFY(client1.matchesHostName(QStringLiteral("sip1.su.se"))); 0711 0712 QCA::CertificateInfo issuer1 = client1.issuerInfo(); 0713 QCOMPARE(issuer1.isEmpty(), false); 0714 QVERIFY(issuer1.contains(QCA::Country, QStringLiteral("SE"))); 0715 QVERIFY(issuer1.contains(QCA::Organization, QStringLiteral("Stockholms universitet"))); 0716 QVERIFY(issuer1.contains(QCA::CommonName, QStringLiteral("Stockholm University CA"))); 0717 QVERIFY(issuer1.contains(QCA::URI, QStringLiteral("http://ca.su.se"))); 0718 QVERIFY(issuer1.contains(QCA::Email, QStringLiteral("ca@su.se"))); 0719 0720 QByteArray subjectKeyID = 0721 QCA::Hex().stringToArray(QStringLiteral("3a5c5cd1cc2c9edf73f73bd81b59b1eab83035c5")).toByteArray(); 0722 QCOMPARE(client1.subjectKeyId(), subjectKeyID); 0723 QCOMPARE(QCA::Hex().arrayToString(client1.issuerKeyId()), 0724 QStringLiteral("9e2e30ba37d95144c99dbf1821f1bd7eeeb58648")); 0725 0726 QCA::PublicKey pubkey1 = client1.subjectPublicKey(); 0727 QCOMPARE(pubkey1.isNull(), false); 0728 QCOMPARE(pubkey1.isRSA(), true); 0729 QCOMPARE(pubkey1.isDSA(), false); 0730 QCOMPARE(pubkey1.isDH(), false); 0731 QCOMPARE(pubkey1.isPublic(), true); 0732 QCOMPARE(pubkey1.isPrivate(), false); 0733 QCOMPARE(pubkey1.bitSize(), 1024); 0734 0735 QCOMPARE(client1.pathLimit(), 0); 0736 0737 QCOMPARE(client1.signatureAlgorithm(), QCA::EMSA3_SHA1); 0738 } 0739 } 0740 } 0741 0742 void CertUnitTest::sha256cert() 0743 { 0744 QStringList providersToTest; 0745 providersToTest.append(QStringLiteral("qca-ossl")); 0746 // providersToTest.append("qca-botan"); 0747 0748 foreach (const QString provider, providersToTest) { 0749 if (!QCA::isSupported("cert", provider)) 0750 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData()); 0751 else { 0752 QFile f(QStringLiteral("certs/RAIZ2007_CERTIFICATE_AND_CRL_SIGNING_SHA256.crt")); 0753 QVERIFY(f.open(QFile::ReadOnly)); 0754 QByteArray der = f.readAll(); 0755 QCA::ConvertResult resultcert; 0756 QCA::Certificate cert = QCA::Certificate::fromDER(der, &resultcert, provider); 0757 0758 QCOMPARE(resultcert, QCA::ConvertGood); 0759 QCOMPARE(cert.isNull(), false); 0760 QCOMPARE(cert.isCA(), true); 0761 QCOMPARE(cert.isSelfSigned(), true); 0762 0763 QCA::PublicKey pubkey = cert.subjectPublicKey(); 0764 QCOMPARE(pubkey.isNull(), false); 0765 QCOMPARE(pubkey.isRSA(), true); 0766 QCOMPARE(pubkey.isDSA(), false); 0767 QCOMPARE(pubkey.isDH(), false); 0768 QCOMPARE(pubkey.isPublic(), true); 0769 QCOMPARE(pubkey.isPrivate(), false); 0770 QCOMPARE(pubkey.bitSize(), 4096); 0771 0772 QCOMPARE(cert.pathLimit(), 0); 0773 0774 QCOMPARE(cert.signatureAlgorithm(), QCA::EMSA3_SHA256); 0775 } 0776 } 0777 } 0778 0779 void CertUnitTest::checkExpiredServerCerts() 0780 { 0781 QStringList providersToTest; 0782 providersToTest.append(QStringLiteral("qca-ossl")); 0783 // providersToTest.append("qca-botan"); 0784 0785 foreach (const QString provider, providersToTest) { 0786 if (!QCA::isSupported("cert", provider)) 0787 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData()); 0788 else { 0789 QCA::ConvertResult resultServer1; 0790 QCA::Certificate server1 = 0791 QCA::Certificate::fromPEMFile(QStringLiteral("certs/Server.pem"), &resultServer1, provider); 0792 QCOMPARE(resultServer1, QCA::ConvertGood); 0793 QCOMPARE(server1.isNull(), false); 0794 QCOMPARE(server1.isCA(), false); 0795 QCOMPARE(server1.isSelfSigned(), false); 0796 0797 QCOMPARE(server1.serialNumber(), QCA::BigInteger(4)); 0798 0799 QCOMPARE(server1.commonName(), QStringLiteral("Insecure Server Cert")); 0800 0801 QCOMPARE(server1.notValidBefore().toString(), 0802 QDateTime(QDate(2001, 8, 17), QTime(8, 46, 24), Qt::UTC).toString()); 0803 QCOMPARE(server1.notValidAfter().toString(), 0804 QDateTime(QDate(2006, 8, 16), QTime(8, 46, 24), Qt::UTC).toString()); 0805 0806 QCOMPARE(server1.constraints().contains(QCA::DigitalSignature) == true, true); 0807 QCOMPARE(server1.constraints().contains(QCA::NonRepudiation) == true, false); 0808 QCOMPARE(server1.constraints().contains(QCA::KeyEncipherment) == true, true); 0809 QCOMPARE(server1.constraints().contains(QCA::DataEncipherment) == true, false); 0810 QCOMPARE(server1.constraints().contains(QCA::KeyAgreement) == true, true); 0811 QCOMPARE(server1.constraints().contains(QCA::KeyCertificateSign) == true, false); 0812 QCOMPARE(server1.constraints().contains(QCA::CRLSign) == true, false); 0813 QCOMPARE(server1.constraints().contains(QCA::EncipherOnly) == true, false); 0814 QCOMPARE(server1.constraints().contains(QCA::DecipherOnly) == true, false); 0815 QCOMPARE(server1.constraints().contains(QCA::ServerAuth) == true, true); 0816 QCOMPARE(server1.constraints().contains(QCA::ClientAuth) == true, false); 0817 QCOMPARE(server1.constraints().contains(QCA::CodeSigning) == true, false); 0818 QCOMPARE(server1.constraints().contains(QCA::EmailProtection) == true, false); 0819 QCOMPARE(server1.constraints().contains(QCA::IPSecEndSystem) == true, false); 0820 QCOMPARE(server1.constraints().contains(QCA::IPSecTunnel) == true, false); 0821 QCOMPARE(server1.constraints().contains(QCA::IPSecUser) == true, false); 0822 QCOMPARE(server1.constraints().contains(QCA::TimeStamping) == true, false); 0823 QCOMPARE(server1.constraints().contains(QCA::OCSPSigning) == true, false); 0824 0825 // no policies on this cert 0826 QCOMPARE(server1.policies().count(), 0); 0827 0828 QCA::CertificateInfo subject1 = server1.subjectInfo(); 0829 QCOMPARE(subject1.isEmpty(), false); 0830 QCOMPARE(subject1.contains(QCA::Country, QStringLiteral("de")) == true, true); 0831 QCOMPARE(subject1.contains(QCA::Organization, QStringLiteral("InsecureTestCertificate")) == true, true); 0832 QCOMPARE(subject1.contains(QCA::CommonName, QStringLiteral("Insecure Server Cert")) == true, true); 0833 0834 QCA::CertificateInfo issuer1 = server1.issuerInfo(); 0835 QCOMPARE(issuer1.isEmpty(), false); 0836 QCOMPARE(issuer1.contains(QCA::Country, QStringLiteral("de")) == true, true); 0837 QCOMPARE(issuer1.contains(QCA::Organization, QStringLiteral("InsecureTestCertificate")) == true, true); 0838 QCOMPARE(issuer1.contains(QCA::CommonName, QStringLiteral("For Tests Only")) == true, true); 0839 0840 QByteArray subjectKeyID = 0841 QCA::Hex().stringToArray(QStringLiteral("0234E2C906F6E0B44253BE04C0CBA7823A6DB509")).toByteArray(); 0842 QCOMPARE(server1.subjectKeyId(), subjectKeyID); 0843 QByteArray authorityKeyID = 0844 QCA::Hex().stringToArray(QStringLiteral("BF53438278D09EC380E51B67CA0500DFB94883A5")).toByteArray(); 0845 QCOMPARE(server1.issuerKeyId(), authorityKeyID); 0846 0847 QCA::PublicKey pubkey1 = server1.subjectPublicKey(); 0848 QCOMPARE(pubkey1.isNull(), false); 0849 QCOMPARE(pubkey1.isRSA(), true); 0850 QCOMPARE(pubkey1.isDSA(), false); 0851 QCOMPARE(pubkey1.isDH(), false); 0852 QCOMPARE(pubkey1.isPublic(), true); 0853 QCOMPARE(pubkey1.isPrivate(), false); 0854 QCOMPARE(pubkey1.bitSize(), 1024); 0855 0856 QCOMPARE(server1.pathLimit(), 0); 0857 0858 QCOMPARE(server1.signatureAlgorithm(), QCA::EMSA3_MD5); 0859 0860 QCA::CertificateCollection trusted; 0861 QCA::CertificateCollection untrusted; 0862 QCOMPARE(server1.validate(trusted, untrusted), QCA::ErrorInvalidCA); 0863 0864 QCA::ConvertResult resultca1; 0865 QCA::Certificate ca1 = 0866 QCA::Certificate::fromPEMFile(QStringLiteral("certs/RootCAcert.pem"), &resultca1, provider); 0867 QCOMPARE(resultca1, QCA::ConvertGood); 0868 trusted.addCertificate(ca1); 0869 QCOMPARE(server1.validate(trusted, untrusted), QCA::ErrorExpired); 0870 QCOMPARE(server1.validate(trusted, untrusted, QCA::UsageAny), QCA::ErrorExpired); 0871 QCOMPARE(server1.validate(trusted, untrusted, QCA::UsageTLSServer), QCA::ErrorExpired); 0872 QCOMPARE(server1.validate(trusted, untrusted, QCA::UsageTLSClient), QCA::ErrorExpired); 0873 QCOMPARE(server1.validate(trusted, untrusted, QCA::UsageCodeSigning), QCA::ErrorExpired); 0874 QCOMPARE(server1.validate(trusted, untrusted, QCA::UsageTimeStamping), QCA::ErrorExpired); 0875 QCOMPARE(server1.validate(trusted, untrusted, QCA::UsageEmailProtection), QCA::ErrorExpired); 0876 QCOMPARE(server1.validate(trusted, untrusted, QCA::UsageCRLSigning), QCA::ErrorExpired); 0877 0878 QByteArray derServer1 = server1.toDER(); 0879 QCOMPARE(derServer1.isEmpty(), false); 0880 QCA::Certificate fromDer1 = QCA::Certificate::fromDER(derServer1, &resultServer1, provider); 0881 QCOMPARE(resultServer1, QCA::ConvertGood); 0882 QCOMPARE(fromDer1 == server1, true); 0883 } 0884 } 0885 } 0886 0887 void CertUnitTest::checkServerCerts() 0888 { 0889 QStringList providersToTest; 0890 providersToTest.append(QStringLiteral("qca-ossl")); 0891 // providersToTest.append("qca-botan"); 0892 0893 foreach (const QString provider, providersToTest) { 0894 if (!QCA::isSupported("cert", provider)) 0895 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData()); 0896 else { 0897 QCA::ConvertResult resultServer1; 0898 QCA::Certificate server1 = 0899 QCA::Certificate::fromPEMFile(QStringLiteral("certs/QcaTestServerCert.pem"), &resultServer1, provider); 0900 QCOMPARE(resultServer1, QCA::ConvertGood); 0901 QCOMPARE(server1.isNull(), false); 0902 QCOMPARE(server1.isCA(), false); 0903 QCOMPARE(server1.isSelfSigned(), false); 0904 0905 QCOMPARE(server1.serialNumber(), QCA::BigInteger("13149359243510447489")); 0906 0907 QCOMPARE(server1.commonName(), QStringLiteral("Qca Server Test certificate")); 0908 0909 QCOMPARE(server1.notValidBefore().toString(), 0910 QDateTime(QDate(2013, 7, 31), QTime(15, 23, 25), Qt::UTC).toString()); 0911 QCOMPARE(server1.notValidAfter().toString(), 0912 QDateTime(QDate(2033, 7, 26), QTime(15, 23, 25), Qt::UTC).toString()); 0913 0914 QCOMPARE(server1.constraints().contains(QCA::DigitalSignature) == true, true); 0915 QCOMPARE(server1.constraints().contains(QCA::NonRepudiation) == true, true); 0916 QCOMPARE(server1.constraints().contains(QCA::KeyEncipherment) == true, true); 0917 QCOMPARE(server1.constraints().contains(QCA::DataEncipherment) == true, false); 0918 QCOMPARE(server1.constraints().contains(QCA::KeyAgreement) == true, false); 0919 QCOMPARE(server1.constraints().contains(QCA::KeyCertificateSign) == true, false); 0920 QCOMPARE(server1.constraints().contains(QCA::CRLSign) == true, false); 0921 QCOMPARE(server1.constraints().contains(QCA::EncipherOnly) == true, false); 0922 QCOMPARE(server1.constraints().contains(QCA::DecipherOnly) == true, false); 0923 QCOMPARE(server1.constraints().contains(QCA::ServerAuth) == true, true); 0924 QCOMPARE(server1.constraints().contains(QCA::ClientAuth) == true, false); 0925 QCOMPARE(server1.constraints().contains(QCA::CodeSigning) == true, false); 0926 QCOMPARE(server1.constraints().contains(QCA::EmailProtection) == true, false); 0927 QCOMPARE(server1.constraints().contains(QCA::IPSecEndSystem) == true, false); 0928 QCOMPARE(server1.constraints().contains(QCA::IPSecTunnel) == true, false); 0929 QCOMPARE(server1.constraints().contains(QCA::IPSecUser) == true, false); 0930 QCOMPARE(server1.constraints().contains(QCA::TimeStamping) == true, false); 0931 QCOMPARE(server1.constraints().contains(QCA::OCSPSigning) == true, false); 0932 0933 // no policies on this cert 0934 QCOMPARE(server1.policies().count(), 0); 0935 0936 QCA::CertificateInfo subject1 = server1.subjectInfo(); 0937 QCOMPARE(subject1.isEmpty(), false); 0938 QVERIFY(subject1.contains(QCA::Country, QStringLiteral("IL"))); 0939 QVERIFY(subject1.contains(QCA::Organization, QStringLiteral("Qca Development and Test"))); 0940 QVERIFY(subject1.contains(QCA::OrganizationalUnit, QStringLiteral("Server Management Section"))); 0941 QVERIFY(subject1.contains(QCA::CommonName, QStringLiteral("Qca Server Test certificate"))); 0942 0943 QCA::CertificateInfo issuer1 = server1.issuerInfo(); 0944 QCOMPARE(issuer1.isEmpty(), false); 0945 QVERIFY(issuer1.contains(QCA::Country, QStringLiteral("AU"))); 0946 QVERIFY(issuer1.contains(QCA::Organization, QStringLiteral("Qca Development and Test"))); 0947 QVERIFY(issuer1.contains(QCA::OrganizationalUnit, QStringLiteral("Certificate Generation Section"))); 0948 QVERIFY(issuer1.contains(QCA::CommonName, QStringLiteral("Qca Test Root Certificate"))); 0949 0950 QByteArray subjectKeyID = 0951 QCA::Hex().stringToArray(QStringLiteral("819870c8b81eab53e72d0446b65790aa0d3eab1a")).toByteArray(); 0952 QCOMPARE(server1.subjectKeyId(), subjectKeyID); 0953 QByteArray authorityKeyID = 0954 QCA::Hex().stringToArray(QStringLiteral("f61c451de1b0458138c60568c1a7cb0f7ade0363")).toByteArray(); 0955 QCOMPARE(server1.issuerKeyId(), authorityKeyID); 0956 0957 QCA::PublicKey pubkey1 = server1.subjectPublicKey(); 0958 QCOMPARE(pubkey1.isNull(), false); 0959 QCOMPARE(pubkey1.isRSA(), true); 0960 QCOMPARE(pubkey1.isDSA(), false); 0961 QCOMPARE(pubkey1.isDH(), false); 0962 QCOMPARE(pubkey1.isPublic(), true); 0963 QCOMPARE(pubkey1.isPrivate(), false); 0964 QCOMPARE(pubkey1.bitSize(), 1024); 0965 0966 QCOMPARE(server1.pathLimit(), 0); 0967 0968 QCOMPARE(server1.signatureAlgorithm(), QCA::EMSA3_SHA1); 0969 0970 QCA::CertificateCollection trusted; 0971 QCA::CertificateCollection untrusted; 0972 QCOMPARE(server1.validate(trusted, untrusted), QCA::ErrorInvalidCA); 0973 0974 QCA::ConvertResult resultca1; 0975 QCA::Certificate ca1 = 0976 QCA::Certificate::fromPEMFile(QStringLiteral("certs/QcaTestRootCert.pem"), &resultca1, provider); 0977 QCOMPARE(resultca1, QCA::ConvertGood); 0978 trusted.addCertificate(ca1); 0979 QCOMPARE(server1.validate(trusted, untrusted), QCA::ValidityGood); 0980 QCOMPARE(server1.validate(trusted, untrusted, QCA::UsageAny), QCA::ValidityGood); 0981 QCOMPARE(server1.validate(trusted, untrusted, QCA::UsageTLSServer), QCA::ValidityGood); 0982 QCOMPARE(server1.validate(trusted, untrusted, QCA::UsageTLSClient), QCA::ErrorInvalidPurpose); 0983 QCOMPARE(server1.validate(trusted, untrusted, QCA::UsageCodeSigning), QCA::ErrorInvalidPurpose); 0984 QCOMPARE(server1.validate(trusted, untrusted, QCA::UsageTimeStamping), QCA::ErrorInvalidPurpose); 0985 QCOMPARE(server1.validate(trusted, untrusted, QCA::UsageEmailProtection), QCA::ErrorInvalidPurpose); 0986 QCOMPARE(server1.validate(trusted, untrusted, QCA::UsageCRLSigning), QCA::ErrorInvalidPurpose); 0987 0988 QByteArray derServer1 = server1.toDER(); 0989 QCOMPARE(derServer1.isEmpty(), false); 0990 QCA::Certificate fromDer1 = QCA::Certificate::fromDER(derServer1, &resultServer1, provider); 0991 QCOMPARE(resultServer1, QCA::ConvertGood); 0992 QCOMPARE(fromDer1 == server1, true); 0993 } 0994 } 0995 } 0996 0997 void CertUnitTest::checkSystemStore() 0998 { 0999 if (QCA::isSupported("cert") && QCA::isSupported("crl")) { 1000 QCOMPARE(QCA::haveSystemStore(), true); 1001 1002 QCA::CertificateCollection collection1; 1003 collection1 = QCA::systemStore(); 1004 // Do we have any certs? 1005 QVERIFY(collection1.certificates().count() > 0); 1006 } else { 1007 QCOMPARE(QCA::haveSystemStore(), false); 1008 } 1009 } 1010 1011 void CertUnitTest::crl() 1012 { 1013 QStringList providersToTest; 1014 providersToTest.append(QStringLiteral("qca-ossl")); 1015 // providersToTest.append("qca-botan"); 1016 1017 foreach (const QString provider, providersToTest) { 1018 if (!QCA::isSupported("crl", provider)) 1019 QWARN((QStringLiteral("Certificate revocation not supported for ") + provider).toLocal8Bit().constData()); 1020 else { 1021 QCA::CRL emptyCRL; 1022 QVERIFY(emptyCRL.isNull()); 1023 1024 QCA::ConvertResult resultCrl; 1025 QCA::CRL crl1 = QCA::CRL::fromPEMFile(QStringLiteral("certs/Test_CRL.crl"), &resultCrl, provider); 1026 QCOMPARE(resultCrl, QCA::ConvertGood); 1027 QCOMPARE(crl1.isNull(), false); 1028 1029 QCA::CertificateInfo issuer = crl1.issuerInfo(); 1030 QCOMPARE(issuer.isEmpty(), false); 1031 QVERIFY(issuer.contains(QCA::Country, QStringLiteral("de"))); 1032 QVERIFY(issuer.contains(QCA::Organization, QStringLiteral("InsecureTestCertificate"))); 1033 QVERIFY(issuer.contains(QCA::CommonName, QStringLiteral("For Tests Only"))); 1034 1035 // No keyid extension on this crl 1036 QCOMPARE(QCA::arrayToHex(crl1.issuerKeyId()), QLatin1String("")); 1037 1038 QCOMPARE(crl1.thisUpdate(), QDateTime(QDate(2001, 8, 17), QTime(11, 12, 03), Qt::UTC)); 1039 QCOMPARE(crl1.nextUpdate(), QDateTime(QDate(2006, 8, 16), QTime(11, 12, 03), Qt::UTC)); 1040 1041 QCOMPARE(crl1.signatureAlgorithm(), QCA::EMSA3_MD5); 1042 1043 QCOMPARE(crl1.issuerKeyId(), QByteArray("")); 1044 QCOMPARE(crl1, QCA::CRL(crl1)); 1045 QCOMPARE(crl1 == QCA::CRL(), false); 1046 QCOMPARE(crl1.number(), -1); 1047 1048 QList<QCA::CRLEntry> revokedList = crl1.revoked(); 1049 QCOMPARE(revokedList.size(), 2); 1050 std::sort(revokedList.begin(), revokedList.end()); 1051 QCOMPARE(revokedList[0].serialNumber(), QCA::BigInteger("3")); 1052 QCOMPARE(revokedList[1].serialNumber(), QCA::BigInteger("5")); 1053 QCOMPARE(revokedList[0].reason(), QCA::CRLEntry::Unspecified); 1054 QCOMPARE(revokedList[1].reason(), QCA::CRLEntry::Unspecified); 1055 QCOMPARE(revokedList[0].time(), QDateTime(QDate(2001, 8, 17), QTime(11, 10, 39), Qt::UTC)); 1056 QCOMPARE(revokedList[1].time(), QDateTime(QDate(2001, 8, 17), QTime(11, 11, 59), Qt::UTC)); 1057 1058 // convert to DER 1059 QByteArray derCRL1 = crl1.toDER(); 1060 // check we got something, at least 1061 QCOMPARE(derCRL1.isEmpty(), false); 1062 // convert back from DER 1063 QCA::CRL fromDer1 = QCA::CRL::fromDER(derCRL1, &resultCrl, provider); 1064 // check the conversion at least appeared to work 1065 QCOMPARE(resultCrl, QCA::ConvertGood); 1066 // check the result is the same as what we started with 1067 QCOMPARE(fromDer1, crl1); 1068 } 1069 } 1070 } 1071 1072 void CertUnitTest::crl2() 1073 { 1074 QStringList providersToTest; 1075 providersToTest.append(QStringLiteral("qca-ossl")); 1076 // providersToTest.append("qca-botan"); 1077 1078 foreach (const QString provider, providersToTest) { 1079 if (!QCA::isSupported("crl", provider)) 1080 QWARN((QStringLiteral("Certificate revocation not supported for ") + provider).toLocal8Bit().constData()); 1081 else { 1082 QCA::ConvertResult resultCrl; 1083 QCA::CRL crl1 = QCA::CRL::fromPEMFile(QStringLiteral("certs/GoodCACRL.pem"), &resultCrl, provider); 1084 QCOMPARE(resultCrl, QCA::ConvertGood); 1085 QCOMPARE(crl1.isNull(), false); 1086 QCOMPARE(crl1.provider()->name(), provider); 1087 1088 QCA::CertificateInfo issuer = crl1.issuerInfo(); 1089 QCOMPARE(issuer.isEmpty(), false); 1090 QVERIFY(issuer.contains(QCA::Country, QStringLiteral("US"))); 1091 QVERIFY(issuer.contains(QCA::Organization, QStringLiteral("Test Certificates"))); 1092 QVERIFY(issuer.contains(QCA::CommonName, QStringLiteral("Good CA"))); 1093 1094 QCOMPARE(crl1.thisUpdate(), QDateTime(QDate(2001, 4, 19), QTime(14, 57, 20), Qt::UTC)); 1095 QCOMPARE(crl1.nextUpdate(), QDateTime(QDate(2011, 4, 19), QTime(14, 57, 20), Qt::UTC)); 1096 1097 QCOMPARE(crl1.signatureAlgorithm(), QCA::EMSA3_SHA1); 1098 1099 QCOMPARE(QCA::arrayToHex(crl1.issuerKeyId()), QStringLiteral("b72ea682cbc2c8bca87b2744d73533df9a1594c7")); 1100 QCOMPARE(crl1.number(), 1); 1101 QCOMPARE(crl1, QCA::CRL(crl1)); 1102 QCOMPARE(crl1 == QCA::CRL(), false); 1103 1104 QList<QCA::CRLEntry> revokedList = crl1.revoked(); 1105 QCOMPARE(revokedList.size(), 2); 1106 std::sort(revokedList.begin(), revokedList.end()); 1107 QCOMPARE(revokedList[0].serialNumber(), QCA::BigInteger("14")); 1108 QCOMPARE(revokedList[1].serialNumber(), QCA::BigInteger("15")); 1109 QCOMPARE(revokedList[0].reason(), QCA::CRLEntry::KeyCompromise); 1110 QCOMPARE(revokedList[1].reason(), QCA::CRLEntry::KeyCompromise); 1111 QCOMPARE(revokedList[0].time(), QDateTime(QDate(2001, 4, 19), QTime(14, 57, 20), Qt::UTC)); 1112 QCOMPARE(revokedList[1].time(), QDateTime(QDate(2001, 4, 19), QTime(14, 57, 20), Qt::UTC)); 1113 1114 // convert to DER 1115 QByteArray derCRL1 = crl1.toDER(); 1116 // check we got something, at least 1117 QCOMPARE(derCRL1.isEmpty(), false); 1118 // convert back from DER 1119 QCA::CRL fromDer1 = QCA::CRL::fromDER(derCRL1, &resultCrl, provider); 1120 // check the conversion at least appeared to work 1121 QCOMPARE(resultCrl, QCA::ConvertGood); 1122 // check the result is the same as what we started with 1123 QCOMPARE(fromDer1, crl1); 1124 1125 // convert to PEM 1126 QString pemCRL1 = crl1.toPEM(); 1127 // check we got something, at least 1128 QCOMPARE(pemCRL1.isEmpty(), false); 1129 // convert back from PEM 1130 QCA::CRL fromPEM1 = QCA::CRL::fromPEM(pemCRL1, &resultCrl, provider); 1131 // check the conversion at least appeared to work 1132 QCOMPARE(resultCrl, QCA::ConvertGood); 1133 // check the result is the same as what we started with 1134 QCOMPARE(fromPEM1, crl1); 1135 } 1136 } 1137 } 1138 1139 void CertUnitTest::csr() 1140 { 1141 QStringList providersToTest; 1142 providersToTest.append(QStringLiteral("qca-ossl")); 1143 // providersToTest.append("qca-botan"); 1144 1145 foreach (const QString provider, providersToTest) { 1146 if (!QCA::isSupported("csr", provider)) 1147 QWARN((QStringLiteral("Certificate signing requests not supported for ") + provider) 1148 .toLocal8Bit() 1149 .constData()); 1150 else { 1151 QCA::CertificateRequest nullCSR; 1152 QVERIFY(nullCSR.isNull()); 1153 // This is copied on purpose to check the assignment operator 1154 QCA::CertificateRequest anotherNullCSR = nullCSR; // NOLINT(performance-unnecessary-copy-initialization) 1155 QVERIFY(anotherNullCSR.isNull()); 1156 QCOMPARE(nullCSR, anotherNullCSR); 1157 1158 QCA::ConvertResult resultCsr; 1159 QCA::CertificateRequest csr1 = 1160 QCA::CertificateRequest::fromPEMFile(QStringLiteral("certs/csr1.pem"), &resultCsr, provider); 1161 QCOMPARE(resultCsr, QCA::ConvertGood); 1162 QCOMPARE(csr1.isNull(), false); 1163 QCOMPARE(csr1.provider()->name(), provider); 1164 QCA::CertificateInfo subject = csr1.subjectInfo(); 1165 QCOMPARE(subject.isEmpty(), false); 1166 QVERIFY(subject.contains(QCA::Country, QStringLiteral("AU"))); 1167 QVERIFY(subject.contains(QCA::State, QStringLiteral("Victoria"))); 1168 QVERIFY(subject.contains(QCA::Locality, QStringLiteral("Mitcham"))); 1169 QVERIFY(subject.contains(QCA::Organization, QStringLiteral("GE Interlogix"))); 1170 QVERIFY(subject.contains(QCA::OrganizationalUnit, QStringLiteral("Engineering"))); 1171 QVERIFY(subject.contains(QCA::CommonName, QStringLiteral("coldfire"))); 1172 1173 QCA::PublicKey pkey = csr1.subjectPublicKey(); 1174 QCOMPARE(pkey.isNull(), false); 1175 QVERIFY(pkey.isRSA()); 1176 1177 QCA::RSAPublicKey rsaPkey = pkey.toRSA(); 1178 QCOMPARE(rsaPkey.isNull(), false); 1179 QCOMPARE(rsaPkey.e(), QCA::BigInteger(65537)); 1180 QCOMPARE(rsaPkey.n(), 1181 QCA::BigInteger("104853561647822232509211983664549572246855698961210758585652966258891659217901732" 1182 "470712446421431206166165309547771124747713609923038218156616083520796442797276676" 1183 "074122658684367500665423564881889504308700315044585826841844654287577169905826705" 1184 "891670004942854611681809539126326134927995969418712881512819058439")); 1185 1186 QCOMPARE(csr1.signatureAlgorithm(), QCA::EMSA3_MD5); 1187 } 1188 } 1189 } 1190 1191 void CertUnitTest::csr2() 1192 { 1193 QStringList providersToTest; 1194 providersToTest.append(QStringLiteral("qca-ossl")); 1195 // providersToTest.append("qca-botan"); 1196 1197 foreach (const QString provider, providersToTest) { 1198 if (!QCA::isSupported("csr", provider)) 1199 QWARN((QStringLiteral("Certificate signing requests not supported for ") + provider) 1200 .toLocal8Bit() 1201 .constData()); 1202 else { 1203 QCA::ConvertResult resultCsr; 1204 QCA::CertificateRequest csr1 = 1205 QCA::CertificateRequest::fromPEMFile(QStringLiteral("certs/newreq.pem"), &resultCsr, provider); 1206 QCOMPARE(resultCsr, QCA::ConvertGood); 1207 QCOMPARE(csr1.isNull(), false); 1208 QCOMPARE(csr1.provider()->name(), provider); 1209 QCA::CertificateInfo subject = csr1.subjectInfo(); 1210 QCOMPARE(subject.isEmpty(), false); 1211 QVERIFY(subject.contains(QCA::Country, QStringLiteral("AI"))); 1212 QVERIFY(subject.contains(QCA::State, QStringLiteral("Hutt River Province"))); 1213 QVERIFY(subject.contains(QCA::Locality, QStringLiteral("Lesser Internet"))); 1214 QVERIFY(subject.contains(QCA::Organization, QStringLiteral("My Company Ltd"))); 1215 QVERIFY(subject.contains(QCA::OrganizationalUnit, QStringLiteral("Backwater Branch Office"))); 1216 QVERIFY(subject.contains(QCA::CommonName, QStringLiteral("FirstName Surname"))); 1217 1218 QCA::PublicKey pkey = csr1.subjectPublicKey(); 1219 QCOMPARE(pkey.isNull(), false); 1220 QVERIFY(pkey.isRSA()); 1221 1222 QCA::RSAPublicKey rsaPkey = pkey.toRSA(); 1223 QCOMPARE(rsaPkey.isNull(), false); 1224 QCOMPARE(rsaPkey.e(), QCA::BigInteger(65537)); 1225 QCOMPARE(rsaPkey.n(), 1226 QCA::BigInteger("151872780463004414908584891835397365176526767139347372444365914360701714510188717" 1227 "169754430290680734981291754624394094502297070722505032645306680495915914243593438" 1228 "796635264236530526146243919417744996366836534380790370421346490191416041004278161" 1229 "146551997010463199760480957900518811859984176646089981367745961681")); 1230 1231 QCOMPARE(csr1.signatureAlgorithm(), QCA::EMSA3_MD5); 1232 1233 // convert to DER 1234 QByteArray derCSR1 = csr1.toDER(); 1235 // check we got something, at least 1236 QCOMPARE(derCSR1.isEmpty(), false); 1237 // convert back from DER 1238 QCA::CertificateRequest fromDer1 = QCA::CertificateRequest::fromDER(derCSR1, &resultCsr, provider); 1239 // check the conversion at least appeared to work 1240 QCOMPARE(resultCsr, QCA::ConvertGood); 1241 // check the result is the same as what we started with 1242 QCOMPARE(fromDer1, csr1); 1243 1244 // convert to PEM 1245 QString pemCSR1 = csr1.toPEM(); 1246 // check we got something, at least 1247 QCOMPARE(pemCSR1.isEmpty(), false); 1248 // convert back from PEM 1249 QCA::CertificateRequest fromPEM1 = QCA::CertificateRequest::fromPEM(pemCSR1, &resultCsr, provider); 1250 // check the conversion at least appeared to work 1251 QCOMPARE(resultCsr, QCA::ConvertGood); 1252 // check the result is the same as what we started with 1253 QCOMPARE(fromPEM1, csr1); 1254 } 1255 } 1256 } 1257 QTEST_MAIN(CertUnitTest) 1258 1259 #include "certunittest.moc"