File indexing completed on 2024-05-19 15:51:01
0001 /** 0002 * Copyright (C) 2006 Brad Hards <bradh@frogmouth.net> 0003 * 0004 * Redistribution and use in source and binary forms, with or without 0005 * modification, are permitted provided that the following conditions 0006 * are met: 0007 * 0008 * 1. Redistributions of source code must retain the above copyright 0009 * notice, this list of conditions and the following disclaimer. 0010 * 2. Redistributions in binary form must reproduce the above copyright 0011 * notice, this list of conditions and the following disclaimer in the 0012 * documentation and/or other materials provided with the distribution. 0013 * 0014 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 0015 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 0016 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 0017 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 0018 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 0019 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 0020 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 0021 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 0022 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 0023 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 0024 */ 0025 0026 #include <QtCrypto> 0027 #include <QtTest/QtTest> 0028 0029 #ifdef QT_STATICPLUGIN 0030 #include "import_plugins.h" 0031 #endif 0032 0033 class Pkits : public QObject 0034 { 0035 Q_OBJECT 0036 0037 private Q_SLOTS: 0038 void initTestCase(); 0039 0040 void pkits4_1_1(); 0041 void pkits4_1_2(); 0042 void pkits4_1_3(); 0043 void pkits4_1_4(); 0044 void pkits4_1_5(); 0045 void pkits4_1_6(); 0046 0047 void pkits4_2_1(); 0048 void pkits4_2_2(); 0049 void pkits4_2_3(); 0050 void pkits4_2_4(); 0051 void pkits4_2_5(); 0052 void pkits4_2_6(); 0053 void pkits4_2_7(); 0054 void pkits4_2_8(); 0055 0056 void pkits4_3_1(); 0057 void pkits4_3_2(); 0058 void pkits4_3_3(); 0059 void pkits4_3_4(); 0060 void pkits4_3_5(); 0061 void pkits4_3_6(); 0062 void pkits4_3_9(); 0063 #ifdef ALL_PKITS_TESTS 0064 void pkits4_3_7(); 0065 void pkits4_3_8(); 0066 void pkits4_3_10(); 0067 void pkits4_3_11(); 0068 #endif 0069 void pkits4_4_1(); 0070 void pkits4_4_2(); 0071 void pkits4_4_3(); 0072 0073 void cleanupTestCase(); 0074 0075 private: 0076 QCA::Initializer *m_init; 0077 }; 0078 0079 void Pkits::initTestCase() 0080 { 0081 m_init = new QCA::Initializer; 0082 } 0083 0084 void Pkits::cleanupTestCase() 0085 { 0086 delete m_init; 0087 } 0088 0089 static QCA::Certificate certFromDERFile(const QString &fileName, const QString &provider) 0090 { 0091 QFile certFile(fileName); 0092 certFile.open(QFile::ReadOnly); 0093 QByteArray certArray = certFile.readAll(); 0094 QCA::ConvertResult resultCert; 0095 QCA::Certificate cert = QCA::Certificate::fromDER(certArray, &resultCert, provider); 0096 return cert; 0097 } 0098 0099 static QCA::CRL crlFromDERFile(const QString &fileName, const QString &provider) 0100 { 0101 QFile crlFile(fileName); 0102 crlFile.open(QFile::ReadOnly); 0103 QByteArray crlArray = crlFile.readAll(); 0104 QCA::ConvertResult crlResult; 0105 QCA::CRL crl = QCA::CRL::fromDER(crlArray, &crlResult, provider); 0106 return crl; 0107 } 0108 0109 void Pkits::pkits4_1_1() 0110 { 0111 QStringList providersToTest; 0112 providersToTest.append(QStringLiteral("qca-ossl")); 0113 0114 foreach (const QString provider, providersToTest) { 0115 if (!QCA::isSupported("cert", provider)) 0116 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData()); 0117 else { 0118 QCA::Certificate cert = certFromDERFile(QStringLiteral("certs/ValidCertificatePathTest1EE.crt"), provider); 0119 QCOMPARE(cert.isNull(), false); 0120 0121 QCOMPARE(cert.policies().count(), 1); 0122 0123 QCA::CertificateCollection trusted; 0124 QCA::CertificateCollection untrusted; 0125 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA); 0126 0127 QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider); 0128 QCOMPARE(root.isNull(), false); 0129 trusted.addCertificate(root); 0130 QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider); 0131 QCOMPARE(rootCRL.isNull(), false); 0132 trusted.addCRL(rootCRL); 0133 0134 QCA::Certificate ca = certFromDERFile(QStringLiteral("certs/GoodCACert.crt"), provider); 0135 QCOMPARE(ca.isNull(), false); 0136 untrusted.addCertificate(ca); 0137 QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/GoodCACRL.crl"), provider); 0138 QCOMPARE(caCRL.isNull(), false); 0139 untrusted.addCRL(caCRL); 0140 0141 QCOMPARE(cert.validate(trusted, untrusted), QCA::ValidityGood); 0142 } 0143 } 0144 } 0145 0146 void Pkits::pkits4_1_2() 0147 { 0148 QStringList providersToTest; 0149 providersToTest.append(QStringLiteral("qca-ossl")); 0150 0151 foreach (const QString provider, providersToTest) { 0152 if (!QCA::isSupported("cert", provider)) 0153 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData()); 0154 else { 0155 QCA::Certificate cert = certFromDERFile(QStringLiteral("certs/InvalidCASignatureTest2EE.crt"), provider); 0156 QCOMPARE(cert.isNull(), false); 0157 0158 QCOMPARE(cert.policies().count(), 1); 0159 0160 QCA::CertificateCollection trusted; 0161 QCA::CertificateCollection untrusted; 0162 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA); 0163 0164 QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider); 0165 QCOMPARE(root.isNull(), false); 0166 trusted.addCertificate(root); 0167 QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider); 0168 QCOMPARE(rootCRL.isNull(), false); 0169 trusted.addCRL(rootCRL); 0170 0171 QCA::Certificate ca = certFromDERFile(QStringLiteral("certs/BadSignedCACert.crt"), provider); 0172 QCOMPARE(ca.isNull(), false); 0173 untrusted.addCertificate(ca); 0174 QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/BadSignedCACRL.crl"), provider); 0175 QCOMPARE(caCRL.isNull(), false); 0176 untrusted.addCRL(caCRL); 0177 0178 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorSignatureFailed); 0179 } 0180 } 0181 } 0182 0183 void Pkits::pkits4_1_3() 0184 { 0185 QStringList providersToTest; 0186 providersToTest.append(QStringLiteral("qca-ossl")); 0187 0188 foreach (const QString provider, providersToTest) { 0189 if (!QCA::isSupported("cert", provider)) 0190 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData()); 0191 else { 0192 QCA::Certificate cert = certFromDERFile(QStringLiteral("certs/InvalidEESignatureTest3EE.crt"), provider); 0193 QCOMPARE(cert.isNull(), false); 0194 0195 QCOMPARE(cert.policies().count(), 1); 0196 0197 QCA::CertificateCollection trusted; 0198 QCA::CertificateCollection untrusted; 0199 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA); 0200 0201 QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider); 0202 QCOMPARE(root.isNull(), false); 0203 trusted.addCertificate(root); 0204 QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider); 0205 QCOMPARE(rootCRL.isNull(), false); 0206 trusted.addCRL(rootCRL); 0207 0208 QCA::Certificate ca = certFromDERFile(QStringLiteral("certs/GoodCACert.crt"), provider); 0209 QCOMPARE(ca.isNull(), false); 0210 untrusted.addCertificate(ca); 0211 QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/GoodCACRL.crl"), provider); 0212 QCOMPARE(caCRL.isNull(), false); 0213 untrusted.addCRL(caCRL); 0214 0215 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorSignatureFailed); 0216 } 0217 } 0218 } 0219 0220 void Pkits::pkits4_1_4() 0221 { 0222 QStringList providersToTest; 0223 providersToTest.append(QStringLiteral("qca-ossl")); 0224 0225 foreach (const QString provider, providersToTest) { 0226 if (!QCA::isSupported("cert", provider)) 0227 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData()); 0228 else { 0229 QCA::Certificate cert = certFromDERFile(QStringLiteral("certs/ValidDSASignaturesTest4EE.crt"), provider); 0230 QCOMPARE(cert.isNull(), false); 0231 0232 QCOMPARE(cert.policies().count(), 1); 0233 0234 QCA::CertificateCollection trusted; 0235 QCA::CertificateCollection untrusted; 0236 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA); 0237 0238 QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider); 0239 QCOMPARE(root.isNull(), false); 0240 trusted.addCertificate(root); 0241 QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider); 0242 QCOMPARE(rootCRL.isNull(), false); 0243 trusted.addCRL(rootCRL); 0244 0245 QCA::Certificate ca = certFromDERFile(QStringLiteral("certs/DSACACert.crt"), provider); 0246 QCOMPARE(ca.isNull(), false); 0247 untrusted.addCertificate(ca); 0248 QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/DSACACRL.crl"), provider); 0249 QCOMPARE(caCRL.isNull(), false); 0250 untrusted.addCRL(caCRL); 0251 0252 QCOMPARE(cert.validate(trusted, untrusted), QCA::ValidityGood); 0253 } 0254 } 0255 } 0256 0257 void Pkits::pkits4_1_5() 0258 { 0259 // openssl has decided that they don't want to support this ¯\_(ツ)_/¯ 0260 // https://github.com/openssl/openssl/issues/20233 0261 #if 0 0262 QStringList providersToTest; 0263 providersToTest.append(QStringLiteral("qca-ossl")); 0264 0265 foreach (const QString provider, providersToTest) { 0266 if (!QCA::isSupported("cert", provider)) 0267 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData()); 0268 else { 0269 QCA::Certificate cert = 0270 certFromDERFile(QStringLiteral("certs/ValidDSAParameterInheritanceTest5EE.crt"), provider); 0271 QCOMPARE(cert.isNull(), false); 0272 0273 // QCOMPARE( cert.policies().count(), 1 ); 0274 0275 QCA::CertificateCollection trusted; 0276 QCA::CertificateCollection untrusted; 0277 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA); 0278 0279 QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider); 0280 QCOMPARE(root.isNull(), false); 0281 trusted.addCertificate(root); 0282 QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider); 0283 QCOMPARE(rootCRL.isNull(), false); 0284 trusted.addCRL(rootCRL); 0285 0286 QCA::Certificate ca = certFromDERFile(QStringLiteral("certs/DSACACert.crt"), provider); 0287 QCOMPARE(ca.isNull(), false); 0288 untrusted.addCertificate(ca); 0289 QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/DSACACRL.crl"), provider); 0290 QCOMPARE(caCRL.isNull(), false); 0291 untrusted.addCRL(caCRL); 0292 0293 QCA::Certificate params = 0294 certFromDERFile(QStringLiteral("certs/DSAParametersInheritedCACert.crt"), provider); 0295 QCOMPARE(params.isNull(), false); 0296 untrusted.addCertificate(params); 0297 QCA::CRL paramsCRL = crlFromDERFile(QStringLiteral("certs/DSAParametersInheritedCACRL.crl"), provider); 0298 QCOMPARE(paramsCRL.isNull(), false); 0299 untrusted.addCRL(paramsCRL); 0300 0301 QCOMPARE(cert.validate(trusted, untrusted), QCA::ValidityGood); 0302 } 0303 } 0304 #endif 0305 } 0306 0307 void Pkits::pkits4_1_6() 0308 { 0309 QStringList providersToTest; 0310 providersToTest.append(QStringLiteral("qca-ossl")); 0311 0312 foreach (const QString provider, providersToTest) { 0313 if (!QCA::isSupported("cert", provider)) 0314 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData()); 0315 else { 0316 QCA::Certificate cert = certFromDERFile(QStringLiteral("certs/InvalidDSASignatureTest6EE.crt"), provider); 0317 QCOMPARE(cert.isNull(), false); 0318 0319 QCA::CertificateCollection trusted; 0320 QCA::CertificateCollection untrusted; 0321 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA); 0322 0323 QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider); 0324 QCOMPARE(root.isNull(), false); 0325 trusted.addCertificate(root); 0326 QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider); 0327 QCOMPARE(rootCRL.isNull(), false); 0328 trusted.addCRL(rootCRL); 0329 0330 QCA::Certificate ca = certFromDERFile(QStringLiteral("certs/DSACACert.crt"), provider); 0331 QCOMPARE(ca.isNull(), false); 0332 untrusted.addCertificate(ca); 0333 QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/DSACACRL.crl"), provider); 0334 QCOMPARE(caCRL.isNull(), false); 0335 untrusted.addCRL(caCRL); 0336 0337 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorSignatureFailed); 0338 } 0339 } 0340 } 0341 0342 void Pkits::pkits4_2_1() 0343 { 0344 QStringList providersToTest; 0345 providersToTest.append(QStringLiteral("qca-ossl")); 0346 0347 foreach (const QString provider, providersToTest) { 0348 if (!QCA::isSupported("cert", provider)) 0349 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData()); 0350 else { 0351 QCA::Certificate cert = 0352 certFromDERFile(QStringLiteral("certs/InvalidCAnotBeforeDateTest1EE.crt"), provider); 0353 QCOMPARE(cert.isNull(), false); 0354 0355 QCA::CertificateCollection trusted; 0356 QCA::CertificateCollection untrusted; 0357 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA); 0358 0359 QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider); 0360 QCOMPARE(root.isNull(), false); 0361 trusted.addCertificate(root); 0362 QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider); 0363 QCOMPARE(rootCRL.isNull(), false); 0364 trusted.addCRL(rootCRL); 0365 0366 QCA::Certificate ca = certFromDERFile(QStringLiteral("certs/BadnotBeforeDateCACert.crt"), provider); 0367 QCOMPARE(ca.isNull(), false); 0368 untrusted.addCertificate(ca); 0369 QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/BadnotBeforeDateCACRL.crl"), provider); 0370 QCOMPARE(caCRL.isNull(), false); 0371 untrusted.addCRL(caCRL); 0372 0373 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorExpired); 0374 } 0375 } 0376 } 0377 0378 void Pkits::pkits4_2_2() 0379 { 0380 QStringList providersToTest; 0381 providersToTest.append(QStringLiteral("qca-ossl")); 0382 0383 foreach (const QString provider, providersToTest) { 0384 if (!QCA::isSupported("cert", provider)) 0385 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData()); 0386 else { 0387 QCA::Certificate cert = 0388 certFromDERFile(QStringLiteral("certs/InvalidEEnotBeforeDateTest2EE.crt"), provider); 0389 QCOMPARE(cert.isNull(), false); 0390 0391 QCA::CertificateCollection trusted; 0392 QCA::CertificateCollection untrusted; 0393 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA); 0394 0395 QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider); 0396 QCOMPARE(root.isNull(), false); 0397 trusted.addCertificate(root); 0398 QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider); 0399 QCOMPARE(rootCRL.isNull(), false); 0400 trusted.addCRL(rootCRL); 0401 0402 QCA::Certificate ca = certFromDERFile(QStringLiteral("certs/GoodCACert.crt"), provider); 0403 QCOMPARE(ca.isNull(), false); 0404 untrusted.addCertificate(ca); 0405 QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/GoodCACRL.crl"), provider); 0406 QCOMPARE(caCRL.isNull(), false); 0407 untrusted.addCRL(caCRL); 0408 0409 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorExpired); 0410 } 0411 } 0412 } 0413 0414 void Pkits::pkits4_2_3() 0415 { 0416 QStringList providersToTest; 0417 providersToTest.append(QStringLiteral("qca-ossl")); 0418 0419 foreach (const QString provider, providersToTest) { 0420 if (!QCA::isSupported("cert", provider)) 0421 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData()); 0422 else { 0423 QCA::Certificate cert = 0424 certFromDERFile(QStringLiteral("certs/Validpre2000UTCnotBeforeDateTest3EE.crt"), provider); 0425 QCOMPARE(cert.isNull(), false); 0426 0427 QCA::CertificateCollection trusted; 0428 QCA::CertificateCollection untrusted; 0429 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA); 0430 0431 QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider); 0432 QCOMPARE(root.isNull(), false); 0433 trusted.addCertificate(root); 0434 QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider); 0435 QCOMPARE(rootCRL.isNull(), false); 0436 trusted.addCRL(rootCRL); 0437 0438 QCA::Certificate ca = certFromDERFile(QStringLiteral("certs/GoodCACert.crt"), provider); 0439 QCOMPARE(ca.isNull(), false); 0440 untrusted.addCertificate(ca); 0441 QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/GoodCACRL.crl"), provider); 0442 QCOMPARE(caCRL.isNull(), false); 0443 untrusted.addCRL(caCRL); 0444 0445 QCOMPARE(cert.validate(trusted, untrusted), QCA::ValidityGood); 0446 } 0447 } 0448 } 0449 0450 void Pkits::pkits4_2_4() 0451 { 0452 QStringList providersToTest; 0453 providersToTest.append(QStringLiteral("qca-ossl")); 0454 0455 foreach (const QString provider, providersToTest) { 0456 if (!QCA::isSupported("cert", provider)) 0457 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData()); 0458 else { 0459 QCA::Certificate cert = 0460 certFromDERFile(QStringLiteral("certs/ValidGeneralizedTimenotBeforeDateTest4EE.crt"), provider); 0461 QCOMPARE(cert.isNull(), false); 0462 0463 QCA::CertificateCollection trusted; 0464 QCA::CertificateCollection untrusted; 0465 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA); 0466 0467 QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider); 0468 QCOMPARE(root.isNull(), false); 0469 trusted.addCertificate(root); 0470 QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider); 0471 QCOMPARE(rootCRL.isNull(), false); 0472 trusted.addCRL(rootCRL); 0473 0474 QCA::Certificate ca = certFromDERFile(QStringLiteral("certs/GoodCACert.crt"), provider); 0475 QCOMPARE(ca.isNull(), false); 0476 untrusted.addCertificate(ca); 0477 QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/GoodCACRL.crl"), provider); 0478 QCOMPARE(caCRL.isNull(), false); 0479 untrusted.addCRL(caCRL); 0480 0481 QCOMPARE(cert.validate(trusted, untrusted), QCA::ValidityGood); 0482 } 0483 } 0484 } 0485 0486 void Pkits::pkits4_2_5() 0487 { 0488 QStringList providersToTest; 0489 providersToTest.append(QStringLiteral("qca-ossl")); 0490 0491 foreach (const QString provider, providersToTest) { 0492 if (!QCA::isSupported("cert", provider)) 0493 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData()); 0494 else { 0495 QCA::Certificate cert = certFromDERFile(QStringLiteral("certs/InvalidCAnotAfterDateTest5EE.crt"), provider); 0496 QCOMPARE(cert.isNull(), false); 0497 0498 QCA::CertificateCollection trusted; 0499 QCA::CertificateCollection untrusted; 0500 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA); 0501 0502 QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider); 0503 QCOMPARE(root.isNull(), false); 0504 trusted.addCertificate(root); 0505 QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider); 0506 QCOMPARE(rootCRL.isNull(), false); 0507 trusted.addCRL(rootCRL); 0508 0509 QCA::Certificate ca = certFromDERFile(QStringLiteral("certs/BadnotAfterDateCACert.crt"), provider); 0510 QCOMPARE(ca.isNull(), false); 0511 untrusted.addCertificate(ca); 0512 QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/BadnotAfterDateCACRL.crl"), provider); 0513 QCOMPARE(caCRL.isNull(), false); 0514 untrusted.addCRL(caCRL); 0515 0516 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorExpired); 0517 } 0518 } 0519 } 0520 0521 void Pkits::pkits4_2_6() 0522 { 0523 QStringList providersToTest; 0524 providersToTest.append(QStringLiteral("qca-ossl")); 0525 0526 foreach (const QString provider, providersToTest) { 0527 if (!QCA::isSupported("cert", provider)) 0528 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData()); 0529 else { 0530 QCA::Certificate cert = certFromDERFile(QStringLiteral("certs/InvalidEEnotAfterDateTest6EE.crt"), provider); 0531 QCOMPARE(cert.isNull(), false); 0532 0533 QCA::CertificateCollection trusted; 0534 QCA::CertificateCollection untrusted; 0535 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA); 0536 0537 QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider); 0538 QCOMPARE(root.isNull(), false); 0539 trusted.addCertificate(root); 0540 QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider); 0541 QCOMPARE(rootCRL.isNull(), false); 0542 trusted.addCRL(rootCRL); 0543 0544 QCA::Certificate ca = certFromDERFile(QStringLiteral("certs/GoodCACert.crt"), provider); 0545 QCOMPARE(ca.isNull(), false); 0546 untrusted.addCertificate(ca); 0547 QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/GoodCACRL.crl"), provider); 0548 QCOMPARE(caCRL.isNull(), false); 0549 untrusted.addCRL(caCRL); 0550 0551 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorExpired); 0552 } 0553 } 0554 } 0555 0556 void Pkits::pkits4_2_7() 0557 { 0558 QStringList providersToTest; 0559 providersToTest.append(QStringLiteral("qca-ossl")); 0560 0561 foreach (const QString provider, providersToTest) { 0562 if (!QCA::isSupported("cert", provider)) 0563 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData()); 0564 else { 0565 QCA::Certificate cert = 0566 certFromDERFile(QStringLiteral("certs/Invalidpre2000UTCEEnotAfterDateTest7EE.crt"), provider); 0567 QCOMPARE(cert.isNull(), false); 0568 0569 QCA::CertificateCollection trusted; 0570 QCA::CertificateCollection untrusted; 0571 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA); 0572 0573 QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider); 0574 QCOMPARE(root.isNull(), false); 0575 trusted.addCertificate(root); 0576 QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider); 0577 QCOMPARE(rootCRL.isNull(), false); 0578 trusted.addCRL(rootCRL); 0579 0580 QCA::Certificate ca = certFromDERFile(QStringLiteral("certs/GoodCACert.crt"), provider); 0581 QCOMPARE(ca.isNull(), false); 0582 untrusted.addCertificate(ca); 0583 QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/GoodCACRL.crl"), provider); 0584 QCOMPARE(caCRL.isNull(), false); 0585 untrusted.addCRL(caCRL); 0586 0587 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorExpired); 0588 } 0589 } 0590 } 0591 0592 void Pkits::pkits4_2_8() 0593 { 0594 QStringList providersToTest; 0595 providersToTest.append(QStringLiteral("qca-ossl")); 0596 0597 foreach (const QString provider, providersToTest) { 0598 if (!QCA::isSupported("cert", provider)) 0599 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData()); 0600 else { 0601 QCA::Certificate cert = 0602 certFromDERFile(QStringLiteral("certs/ValidGeneralizedTimenotAfterDateTest8EE.crt"), provider); 0603 QCOMPARE(cert.isNull(), false); 0604 0605 QCA::CertificateCollection trusted; 0606 QCA::CertificateCollection untrusted; 0607 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA); 0608 0609 QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider); 0610 QCOMPARE(root.isNull(), false); 0611 trusted.addCertificate(root); 0612 QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider); 0613 QCOMPARE(rootCRL.isNull(), false); 0614 trusted.addCRL(rootCRL); 0615 0616 QCA::Certificate ca = certFromDERFile(QStringLiteral("certs/GoodCACert.crt"), provider); 0617 QCOMPARE(ca.isNull(), false); 0618 untrusted.addCertificate(ca); 0619 QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/GoodCACRL.crl"), provider); 0620 QCOMPARE(caCRL.isNull(), false); 0621 untrusted.addCRL(caCRL); 0622 0623 QCOMPARE(cert.validate(trusted, untrusted), QCA::ValidityGood); 0624 } 0625 } 0626 } 0627 0628 void Pkits::pkits4_3_1() 0629 { 0630 QStringList providersToTest; 0631 providersToTest.append(QStringLiteral("qca-ossl")); 0632 0633 foreach (const QString provider, providersToTest) { 0634 if (!QCA::isSupported("cert", provider)) 0635 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData()); 0636 else { 0637 QCA::Certificate cert = certFromDERFile(QStringLiteral("certs/InvalidNameChainingTest1EE.crt"), provider); 0638 QCOMPARE(cert.isNull(), false); 0639 0640 QCA::CertificateCollection trusted; 0641 QCA::CertificateCollection untrusted; 0642 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA); 0643 0644 QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider); 0645 QCOMPARE(root.isNull(), false); 0646 trusted.addCertificate(root); 0647 QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider); 0648 QCOMPARE(rootCRL.isNull(), false); 0649 trusted.addCRL(rootCRL); 0650 0651 QCA::Certificate ca = certFromDERFile(QStringLiteral("certs/GoodCACert.crt"), provider); 0652 QCOMPARE(ca.isNull(), false); 0653 untrusted.addCertificate(ca); 0654 QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/GoodCACRL.crl"), provider); 0655 QCOMPARE(caCRL.isNull(), false); 0656 untrusted.addCRL(caCRL); 0657 0658 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA); 0659 } 0660 } 0661 } 0662 0663 void Pkits::pkits4_3_2() 0664 { 0665 QStringList providersToTest; 0666 providersToTest.append(QStringLiteral("qca-ossl")); 0667 0668 foreach (const QString provider, providersToTest) { 0669 if (!QCA::isSupported("cert", provider)) 0670 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData()); 0671 else { 0672 QCA::Certificate cert = 0673 certFromDERFile(QStringLiteral("certs/InvalidNameChainingOrderTest2EE.crt"), provider); 0674 QCOMPARE(cert.isNull(), false); 0675 0676 QCA::CertificateCollection trusted; 0677 QCA::CertificateCollection untrusted; 0678 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA); 0679 0680 QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider); 0681 QCOMPARE(root.isNull(), false); 0682 trusted.addCertificate(root); 0683 QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider); 0684 QCOMPARE(rootCRL.isNull(), false); 0685 trusted.addCRL(rootCRL); 0686 0687 QCA::Certificate ca = certFromDERFile(QStringLiteral("certs/GoodCACert.crt"), provider); 0688 QCOMPARE(ca.isNull(), false); 0689 untrusted.addCertificate(ca); 0690 QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/GoodCACRL.crl"), provider); 0691 QCOMPARE(caCRL.isNull(), false); 0692 untrusted.addCRL(caCRL); 0693 0694 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA); 0695 } 0696 } 0697 } 0698 0699 void Pkits::pkits4_3_3() 0700 { 0701 QStringList providersToTest; 0702 providersToTest.append(QStringLiteral("qca-ossl")); 0703 0704 foreach (const QString provider, providersToTest) { 0705 if (!QCA::isSupported("cert", provider)) 0706 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData()); 0707 else { 0708 QCA::Certificate cert = 0709 certFromDERFile(QStringLiteral("certs/ValidNameChainingWhitespaceTest3EE.crt"), provider); 0710 QCOMPARE(cert.isNull(), false); 0711 0712 QCA::CertificateCollection trusted; 0713 QCA::CertificateCollection untrusted; 0714 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA); 0715 0716 QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider); 0717 QCOMPARE(root.isNull(), false); 0718 trusted.addCertificate(root); 0719 QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider); 0720 QCOMPARE(rootCRL.isNull(), false); 0721 trusted.addCRL(rootCRL); 0722 0723 QCA::Certificate ca = certFromDERFile(QStringLiteral("certs/GoodCACert.crt"), provider); 0724 QCOMPARE(ca.isNull(), false); 0725 untrusted.addCertificate(ca); 0726 QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/GoodCACRL.crl"), provider); 0727 QCOMPARE(caCRL.isNull(), false); 0728 untrusted.addCRL(caCRL); 0729 0730 QCOMPARE(cert.validate(trusted, untrusted), QCA::ValidityGood); 0731 } 0732 } 0733 } 0734 0735 void Pkits::pkits4_3_4() 0736 { 0737 QStringList providersToTest; 0738 providersToTest.append(QStringLiteral("qca-ossl")); 0739 0740 foreach (const QString provider, providersToTest) { 0741 if (!QCA::isSupported("cert", provider)) 0742 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData()); 0743 else { 0744 QCA::Certificate cert = 0745 certFromDERFile(QStringLiteral("certs/ValidNameChainingWhitespaceTest4EE.crt"), provider); 0746 QCOMPARE(cert.isNull(), false); 0747 0748 QCA::CertificateCollection trusted; 0749 QCA::CertificateCollection untrusted; 0750 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA); 0751 0752 QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider); 0753 QCOMPARE(root.isNull(), false); 0754 trusted.addCertificate(root); 0755 QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider); 0756 QCOMPARE(rootCRL.isNull(), false); 0757 trusted.addCRL(rootCRL); 0758 0759 QCA::Certificate ca = certFromDERFile(QStringLiteral("certs/GoodCACert.crt"), provider); 0760 QCOMPARE(ca.isNull(), false); 0761 untrusted.addCertificate(ca); 0762 QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/GoodCACRL.crl"), provider); 0763 QCOMPARE(caCRL.isNull(), false); 0764 untrusted.addCRL(caCRL); 0765 0766 QCOMPARE(cert.validate(trusted, untrusted), QCA::ValidityGood); 0767 } 0768 } 0769 } 0770 0771 void Pkits::pkits4_3_5() 0772 { 0773 QStringList providersToTest; 0774 providersToTest.append(QStringLiteral("qca-ossl")); 0775 0776 foreach (const QString provider, providersToTest) { 0777 if (!QCA::isSupported("cert", provider)) 0778 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData()); 0779 else { 0780 QCA::Certificate cert = 0781 certFromDERFile(QStringLiteral("certs/ValidNameChainingCapitalizationTest5EE.crt"), provider); 0782 QCOMPARE(cert.isNull(), false); 0783 0784 QCA::CertificateCollection trusted; 0785 QCA::CertificateCollection untrusted; 0786 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA); 0787 0788 QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider); 0789 QCOMPARE(root.isNull(), false); 0790 trusted.addCertificate(root); 0791 QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider); 0792 QCOMPARE(rootCRL.isNull(), false); 0793 trusted.addCRL(rootCRL); 0794 0795 QCA::Certificate ca = certFromDERFile(QStringLiteral("certs/GoodCACert.crt"), provider); 0796 QCOMPARE(ca.isNull(), false); 0797 untrusted.addCertificate(ca); 0798 QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/GoodCACRL.crl"), provider); 0799 QCOMPARE(caCRL.isNull(), false); 0800 untrusted.addCRL(caCRL); 0801 0802 QCOMPARE(cert.validate(trusted, untrusted), QCA::ValidityGood); 0803 } 0804 } 0805 } 0806 0807 void Pkits::pkits4_3_6() 0808 { 0809 QStringList providersToTest; 0810 providersToTest.append(QStringLiteral("qca-ossl")); 0811 0812 foreach (const QString provider, providersToTest) { 0813 if (!QCA::isSupported("cert", provider)) 0814 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData()); 0815 else { 0816 QCA::Certificate cert = certFromDERFile(QStringLiteral("certs/ValidNameUIDsTest6EE.crt"), provider); 0817 QCOMPARE(cert.isNull(), false); 0818 0819 QCA::CertificateCollection trusted; 0820 QCA::CertificateCollection untrusted; 0821 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA); 0822 0823 QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider); 0824 QCOMPARE(root.isNull(), false); 0825 trusted.addCertificate(root); 0826 QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider); 0827 QCOMPARE(rootCRL.isNull(), false); 0828 trusted.addCRL(rootCRL); 0829 0830 QCA::Certificate ca = certFromDERFile(QStringLiteral("certs/UIDCACert.crt"), provider); 0831 QCOMPARE(ca.isNull(), false); 0832 untrusted.addCertificate(ca); 0833 QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/UIDCACRL.crl"), provider); 0834 QCOMPARE(caCRL.isNull(), false); 0835 untrusted.addCRL(caCRL); 0836 0837 QCOMPARE(cert.validate(trusted, untrusted), QCA::ValidityGood); 0838 } 0839 } 0840 } 0841 0842 #ifdef ALL_PKITS_TESTS 0843 void Pkits::pkits4_3_7() 0844 { 0845 QStringList providersToTest; 0846 providersToTest.append(QStringLiteral("qca-ossl")); 0847 0848 foreach (const QString provider, providersToTest) { 0849 if (!QCA::isSupported("cert", provider)) 0850 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData()); 0851 else { 0852 QCA::Certificate cert = 0853 certFromDERFile(QStringLiteral("certs/ValidRFC3280MandatoryAttributeTypesTest7EE.crt"), provider); 0854 QCOMPARE(cert.isNull(), false); 0855 0856 QCA::CertificateCollection trusted; 0857 QCA::CertificateCollection untrusted; 0858 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA); 0859 0860 QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider); 0861 QCOMPARE(root.isNull(), false); 0862 trusted.addCertificate(root); 0863 QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider); 0864 QCOMPARE(rootCRL.isNull(), false); 0865 trusted.addCRL(rootCRL); 0866 0867 QCA::Certificate ca = 0868 certFromDERFile(QStringLiteral("certs/RFC3280MandatoryAttributeTypesCACert.crt"), provider); 0869 QCOMPARE(ca.isNull(), false); 0870 untrusted.addCertificate(ca); 0871 QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/RFC3280MandatoryAttributeTypesCACRL.crl"), provider); 0872 QCOMPARE(caCRL.isNull(), false); 0873 untrusted.addCRL(caCRL); 0874 0875 QCOMPARE(cert.validate(trusted, untrusted), QCA::ValidityGood); 0876 } 0877 } 0878 } 0879 #endif 0880 0881 #ifdef ALL_PKITS_TESTS 0882 void Pkits::pkits4_3_8() 0883 { 0884 QStringList providersToTest; 0885 providersToTest.append(QStringLiteral("qca-ossl")); 0886 0887 foreach (const QString provider, providersToTest) { 0888 if (!QCA::isSupported("cert", provider)) 0889 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData()); 0890 else { 0891 QCA::Certificate cert = 0892 certFromDERFile(QStringLiteral("certs/ValidRFC3280OptionalAttributeTypesTest8EE.crt"), provider); 0893 QCOMPARE(cert.isNull(), false); 0894 0895 QCA::CertificateCollection trusted; 0896 QCA::CertificateCollection untrusted; 0897 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA); 0898 0899 QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider); 0900 QCOMPARE(root.isNull(), false); 0901 trusted.addCertificate(root); 0902 QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider); 0903 QCOMPARE(rootCRL.isNull(), false); 0904 trusted.addCRL(rootCRL); 0905 0906 QCA::Certificate ca = 0907 certFromDERFile(QStringLiteral("certs/RFC3280OptionalAttributeTypesCACert.crt"), provider); 0908 QCOMPARE(ca.isNull(), false); 0909 untrusted.addCertificate(ca); 0910 QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/RFC3280OptionalAttributeTypesCACRL.crl"), provider); 0911 QCOMPARE(caCRL.isNull(), false); 0912 untrusted.addCRL(caCRL); 0913 0914 QCOMPARE(cert.validate(trusted, untrusted), QCA::ValidityGood); 0915 } 0916 } 0917 } 0918 #endif 0919 0920 void Pkits::pkits4_3_9() 0921 { 0922 QStringList providersToTest; 0923 providersToTest.append(QStringLiteral("qca-ossl")); 0924 0925 foreach (const QString provider, providersToTest) { 0926 if (!QCA::isSupported("cert", provider)) 0927 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData()); 0928 else { 0929 QCA::Certificate cert = 0930 certFromDERFile(QStringLiteral("certs/ValidUTF8StringEncodedNamesTest9EE.crt"), provider); 0931 QCOMPARE(cert.isNull(), false); 0932 0933 QCA::CertificateCollection trusted; 0934 QCA::CertificateCollection untrusted; 0935 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA); 0936 0937 QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider); 0938 QCOMPARE(root.isNull(), false); 0939 trusted.addCertificate(root); 0940 QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider); 0941 QCOMPARE(rootCRL.isNull(), false); 0942 trusted.addCRL(rootCRL); 0943 0944 QCA::Certificate ca = certFromDERFile(QStringLiteral("certs/UTF8StringEncodedNamesCACert.crt"), provider); 0945 QCOMPARE(ca.isNull(), false); 0946 untrusted.addCertificate(ca); 0947 QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/UTF8StringEncodedNamesCACRL.crl"), provider); 0948 QCOMPARE(caCRL.isNull(), false); 0949 untrusted.addCRL(caCRL); 0950 0951 QCOMPARE(cert.validate(trusted, untrusted), QCA::ValidityGood); 0952 } 0953 } 0954 } 0955 0956 #ifdef ALL_PKITS_TESTS 0957 void Pkits::pkits4_3_10() 0958 { 0959 QStringList providersToTest; 0960 providersToTest.append(QStringLiteral("qca-ossl")); 0961 0962 foreach (const QString provider, providersToTest) { 0963 if (!QCA::isSupported("cert", provider)) 0964 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData()); 0965 else { 0966 QCA::Certificate cert = certFromDERFile( 0967 QStringLiteral("certs/ValidRolloverfromPrintableStringtoUTF8StringTest10EE.crt"), provider); 0968 QCOMPARE(cert.isNull(), false); 0969 0970 QCA::CertificateCollection trusted; 0971 QCA::CertificateCollection untrusted; 0972 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA); 0973 0974 QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider); 0975 QCOMPARE(root.isNull(), false); 0976 trusted.addCertificate(root); 0977 QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider); 0978 QCOMPARE(rootCRL.isNull(), false); 0979 trusted.addCRL(rootCRL); 0980 0981 QCA::Certificate ca = 0982 certFromDERFile(QStringLiteral("certs/RolloverfromPrintableStringtoUTF8StringCACert.crt"), provider); 0983 QCOMPARE(ca.isNull(), false); 0984 untrusted.addCertificate(ca); 0985 QCA::CRL caCRL = 0986 crlFromDERFile(QStringLiteral("certs/RolloverfromPrintableStringtoUTF8StringCACRL.crl"), provider); 0987 QCOMPARE(caCRL.isNull(), false); 0988 untrusted.addCRL(caCRL); 0989 0990 QCOMPARE(cert.validate(trusted, untrusted), QCA::ValidityGood); 0991 } 0992 } 0993 } 0994 #endif 0995 0996 #ifdef ALL_PKITS_TESTS 0997 void Pkits::pkits4_3_11() 0998 { 0999 QStringList providersToTest; 1000 providersToTest.append(QStringLiteral("qca-ossl")); 1001 1002 foreach (const QString provider, providersToTest) { 1003 if (!QCA::isSupported("cert", provider)) 1004 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData()); 1005 else { 1006 QCA::Certificate cert = 1007 certFromDERFile(QStringLiteral("certs/ValidUTF8StringCaseInsensitiveMatchTest11EE.crt"), provider); 1008 QCOMPARE(cert.isNull(), false); 1009 1010 QCA::CertificateCollection trusted; 1011 QCA::CertificateCollection untrusted; 1012 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA); 1013 1014 QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider); 1015 QCOMPARE(root.isNull(), false); 1016 trusted.addCertificate(root); 1017 QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider); 1018 QCOMPARE(rootCRL.isNull(), false); 1019 trusted.addCRL(rootCRL); 1020 1021 QCA::Certificate ca = 1022 certFromDERFile(QStringLiteral("certs/UTF8StringCaseInsensitiveMatchCACert.crt"), provider); 1023 QCOMPARE(ca.isNull(), false); 1024 untrusted.addCertificate(ca); 1025 QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/UTF8StringCaseInsensitiveMatchCACRL.crl"), provider); 1026 QCOMPARE(caCRL.isNull(), false); 1027 untrusted.addCRL(caCRL); 1028 1029 qDebug() << "validity: " << cert.validate(trusted, untrusted); 1030 1031 QEXPECT_FAIL("", "This should validate, but it doesn't (QCA::ErrorInvalidCA)", Continue); 1032 QCOMPARE(cert.validate(trusted, untrusted), QCA::ValidityGood); 1033 } 1034 } 1035 } 1036 #endif 1037 1038 void Pkits::pkits4_4_1() 1039 { 1040 QStringList providersToTest; 1041 providersToTest.append(QStringLiteral("qca-ossl")); 1042 1043 foreach (const QString provider, providersToTest) { 1044 if (!QCA::isSupported("cert", provider)) 1045 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData()); 1046 else { 1047 QCA::Certificate cert = certFromDERFile(QStringLiteral("certs/InvalidMissingCRLTest1EE.crt"), provider); 1048 QCOMPARE(cert.isNull(), false); 1049 1050 QCA::CertificateCollection trusted; 1051 QCA::CertificateCollection untrusted; 1052 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA); 1053 1054 QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider); 1055 QCOMPARE(root.isNull(), false); 1056 trusted.addCertificate(root); 1057 QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider); 1058 QCOMPARE(rootCRL.isNull(), false); 1059 trusted.addCRL(rootCRL); 1060 1061 QCA::Certificate ca = certFromDERFile(QStringLiteral("certs/NoCRLCACert.crt"), provider); 1062 QCOMPARE(ca.isNull(), false); 1063 untrusted.addCertificate(ca); 1064 1065 qDebug() << "validity: " << cert.validate(trusted, untrusted); 1066 1067 QEXPECT_FAIL("", "This should not validate, but it does", Continue); 1068 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA); 1069 } 1070 } 1071 } 1072 1073 void Pkits::pkits4_4_2() 1074 { 1075 QStringList providersToTest; 1076 providersToTest.append(QStringLiteral("qca-ossl")); 1077 1078 foreach (const QString provider, providersToTest) { 1079 if (!QCA::isSupported("cert", provider)) 1080 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData()); 1081 else { 1082 QCA::Certificate cert = certFromDERFile(QStringLiteral("certs/InvalidRevokedCATest2EE.crt"), provider); 1083 QCOMPARE(cert.isNull(), false); 1084 1085 QCA::CertificateCollection trusted; 1086 QCA::CertificateCollection untrusted; 1087 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA); 1088 1089 QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider); 1090 QCOMPARE(root.isNull(), false); 1091 trusted.addCertificate(root); 1092 QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider); 1093 QCOMPARE(rootCRL.isNull(), false); 1094 trusted.addCRL(rootCRL); 1095 1096 QCA::Certificate ca = certFromDERFile(QStringLiteral("certs/GoodCACert.crt"), provider); 1097 QCOMPARE(ca.isNull(), false); 1098 untrusted.addCertificate(ca); 1099 QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/GoodCACRL.crl"), provider); 1100 QCOMPARE(caCRL.isNull(), false); 1101 untrusted.addCRL(caCRL); 1102 1103 QCA::Certificate subca = certFromDERFile(QStringLiteral("certs/RevokedsubCACert.crt"), provider); 1104 QCOMPARE(subca.isNull(), false); 1105 untrusted.addCertificate(subca); 1106 QCA::CRL subcaCRL = crlFromDERFile(QStringLiteral("certs/RevokedsubCACRL.crl"), provider); 1107 QCOMPARE(subcaCRL.isNull(), false); 1108 untrusted.addCRL(subcaCRL); 1109 1110 qDebug() << "validity: " << cert.validate(trusted, untrusted); 1111 1112 QEXPECT_FAIL("", "This should not validate, but it does", Continue); 1113 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA); 1114 } 1115 } 1116 } 1117 1118 void Pkits::pkits4_4_3() 1119 { 1120 QStringList providersToTest; 1121 providersToTest.append(QStringLiteral("qca-ossl")); 1122 1123 foreach (const QString provider, providersToTest) { 1124 if (!QCA::isSupported("cert", provider)) 1125 QWARN((QStringLiteral("Certificate handling not supported for ") + provider).toLocal8Bit().constData()); 1126 else { 1127 QCA::Certificate cert = certFromDERFile(QStringLiteral("certs/InvalidRevokedEETest3EE.crt"), provider); 1128 QCOMPARE(cert.isNull(), false); 1129 1130 QCA::CertificateCollection trusted; 1131 QCA::CertificateCollection untrusted; 1132 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorInvalidCA); 1133 1134 QCA::Certificate root = certFromDERFile(QStringLiteral("certs/TrustAnchorRootCertificate.crt"), provider); 1135 QCOMPARE(root.isNull(), false); 1136 trusted.addCertificate(root); 1137 QCA::CRL rootCRL = crlFromDERFile(QStringLiteral("certs/TrustAnchorRootCRL.crl"), provider); 1138 QCOMPARE(rootCRL.isNull(), false); 1139 trusted.addCRL(rootCRL); 1140 1141 QCA::Certificate ca = certFromDERFile(QStringLiteral("certs/GoodCACert.crt"), provider); 1142 QCOMPARE(ca.isNull(), false); 1143 untrusted.addCertificate(ca); 1144 QCA::CRL caCRL = crlFromDERFile(QStringLiteral("certs/GoodCACRL.crl"), provider); 1145 QCOMPARE(caCRL.isNull(), false); 1146 untrusted.addCRL(caCRL); 1147 1148 qDebug() << "validity: " << cert.validate(trusted, untrusted); 1149 1150 QEXPECT_FAIL("", "This should not validate, but it does", Continue); 1151 QCOMPARE(cert.validate(trusted, untrusted), QCA::ErrorUntrusted); 1152 } 1153 } 1154 } 1155 1156 QTEST_MAIN(Pkits) 1157 1158 #include "pkits.moc"