00001
00026 #include <QtCrypto>
00027 #include <QtTest/QtTest>
00028
00029 class CertUnitTest : public QObject
00030 {
00031 Q_OBJECT
00032
00033 private slots:
00034 void initTestCase();
00035 void checkSystemStore();
00036 void nullCert();
00037 void noSuchFile();
00038 void CAcertstest();
00039 void derCAcertstest();
00040 void qualitysslcatest();
00041 void checkExpiredClientCerts();
00042 void checkClientCerts();
00043 void altName();
00044 void extXMPP();
00045 void checkExpiredServerCerts();
00046 void checkServerCerts();
00047 void altNames76();
00048 void sha256cert();
00049 void crl();
00050 void crl2();
00051 void csr();
00052 void csr2();
00053 void cleanupTestCase();
00054 private:
00055 QCA::Initializer* m_init;
00056 };
00057
00058 void CertUnitTest::initTestCase()
00059 {
00060 m_init = new QCA::Initializer;
00061 #include "../fixpaths.include"
00062 }
00063
00064 void CertUnitTest::cleanupTestCase()
00065 {
00066 delete m_init;
00067 }
00068
00069 void CertUnitTest::nullCert()
00070 {
00071 QStringList providersToTest;
00072 providersToTest.append("qca-ossl");
00073
00074
00075 foreach(const QString provider, providersToTest) {
00076 if( !QCA::isSupported( "cert", provider ) )
00077 QWARN( QString( "Certificate handling not supported for "+provider).toLocal8Bit() );
00078 else {
00079 QCA::Certificate nullCert;
00080 QVERIFY(nullCert.isNull());
00081 QCA::Certificate anotherNullCert = nullCert;
00082 QVERIFY( anotherNullCert.isNull() );
00083 QCOMPARE( nullCert, anotherNullCert );
00084 }
00085 }
00086 }
00087
00088 void CertUnitTest::noSuchFile()
00089 {
00090 QStringList providersToTest;
00091 providersToTest.append("qca-ossl");
00092
00093
00094 foreach(const QString provider, providersToTest) {
00095 if( !QCA::isSupported( "cert", provider ) )
00096 QWARN( QString( "Certificate handling not supported for "+provider).toLocal8Bit() );
00097 else {
00098 QCA::ConvertResult resultNoFile;
00099 QCA::Certificate cert = QCA::Certificate::fromPEMFile( "thisIsJustaFileNameThatWeDontHave", &resultNoFile, provider);
00100 QCOMPARE( resultNoFile, QCA::ErrorFile );
00101 QVERIFY( cert.isNull() );
00102 }
00103 }
00104 }
00105
00106 void CertUnitTest::CAcertstest()
00107 {
00108 QStringList providersToTest;
00109 providersToTest.append("qca-ossl");
00110
00111
00112 foreach(const QString provider, providersToTest) {
00113 if( !QCA::isSupported( "cert", provider ) )
00114 QWARN( QString( "Certificate handling not supported for "+provider).toLocal8Bit() );
00115 else {
00116 QCA::ConvertResult resultca1;
00117 QCA::Certificate ca1 = QCA::Certificate::fromPEMFile( "certs/RootCAcert.pem", &resultca1, provider);
00118
00119 QCOMPARE( resultca1, QCA::ConvertGood );
00120 QCOMPARE( ca1.isNull(), false );
00121 QCOMPARE( ca1.pathLimit(), 0 );
00122 QCOMPARE( ca1.isCA(), true );
00123 QCOMPARE( ca1.isSelfSigned(), true );
00124
00125 QCOMPARE( ca1.serialNumber(), QCA::BigInteger(0) );
00126
00127 QCOMPARE( ca1.commonName(), QString("For Tests Only") );
00128
00129 QCOMPARE( ca1.notValidBefore().toString(), QDateTime( QDate( 2001, 8, 17 ), QTime( 8, 30, 39 ), Qt::UTC ).toString() );
00130 QCOMPARE( ca1.notValidAfter().toString(), QDateTime( QDate( 2011, 8, 15 ), QTime( 8, 30, 39 ), Qt::UTC ).toString() );
00131
00132 QCOMPARE( ca1.constraints().contains(QCA::DigitalSignature), (QBool)true );
00133 QCOMPARE( ca1.constraints().contains(QCA::NonRepudiation), (QBool)true );
00134 QCOMPARE( ca1.constraints().contains(QCA::KeyEncipherment), (QBool)true );
00135 QCOMPARE( ca1.constraints().contains(QCA::DataEncipherment), (QBool)false );
00136 QCOMPARE( ca1.constraints().contains(QCA::KeyAgreement), (QBool)false );
00137 QCOMPARE( ca1.constraints().contains(QCA::KeyCertificateSign), (QBool)true );
00138 QCOMPARE( ca1.constraints().contains(QCA::CRLSign), (QBool)true );
00139 QCOMPARE( ca1.constraints().contains(QCA::EncipherOnly), (QBool)false );
00140 QCOMPARE( ca1.constraints().contains(QCA::DecipherOnly), (QBool)false );
00141 QCOMPARE( ca1.constraints().contains(QCA::ServerAuth), (QBool)false );
00142 QCOMPARE( ca1.constraints().contains(QCA::ClientAuth), (QBool)false );
00143 QCOMPARE( ca1.constraints().contains(QCA::CodeSigning), (QBool)false );
00144 QCOMPARE( ca1.constraints().contains(QCA::EmailProtection), (QBool)false );
00145 QCOMPARE( ca1.constraints().contains(QCA::IPSecEndSystem), (QBool)false );
00146 QCOMPARE( ca1.constraints().contains(QCA::IPSecTunnel), (QBool)false);
00147 QCOMPARE( ca1.constraints().contains(QCA::IPSecUser), (QBool)false );
00148 QCOMPARE( ca1.constraints().contains(QCA::TimeStamping), (QBool)false );
00149 QCOMPARE( ca1.constraints().contains(QCA::OCSPSigning), (QBool)false );
00150
00151
00152 QCOMPARE( ca1.policies().count(), 0 );
00153 }
00154 }
00155 }
00156
00157 void CertUnitTest::qualitysslcatest()
00158 {
00159 QStringList providersToTest;
00160 providersToTest.append("qca-ossl");
00161
00162
00163 foreach(const QString provider, providersToTest) {
00164 if( !QCA::isSupported( "cert", provider ) )
00165 QWARN( QString( "Certificate handling not supported for "+provider).toLocal8Bit() );
00166 else {
00167 QCA::ConvertResult resultca1;
00168 QCA::Certificate ca1 = QCA::Certificate::fromPEMFile( "certs/QualitySSLIntermediateCA.crt", &resultca1, provider);
00169
00170 QCOMPARE( resultca1, QCA::ConvertGood );
00171 QCOMPARE( ca1.isNull(), false );
00172 QCOMPARE( ca1.isCA(), true );
00173 QCOMPARE( ca1.isSelfSigned(), false );
00174
00175 QCOMPARE( ca1.signatureAlgorithm(), QCA::EMSA3_SHA1 );
00176
00177 QCOMPARE( ca1.serialNumber(), QCA::BigInteger("33555098") );
00178
00179 QCOMPARE( ca1.commonName(), QString("Comodo Class 3 Security Services CA") );
00180
00181 QCOMPARE( ca1.notValidBefore().toString(), QDateTime( QDate( 2002, 8, 27 ), QTime( 19, 02, 00 ), Qt::UTC ).toString() );
00182 QCOMPARE( ca1.notValidAfter().toString(), QDateTime( QDate( 2012, 8, 27 ), QTime( 23, 59, 00 ), Qt::UTC ).toString() );
00183
00184
00185 QCOMPARE( ca1.pathLimit(), 0 );
00186
00187 QCOMPARE( ca1.constraints().contains(QCA::DigitalSignature), (QBool)true );
00188 QCOMPARE( ca1.constraints().contains(QCA::NonRepudiation), (QBool)true );
00189 QCOMPARE( ca1.constraints().contains(QCA::KeyEncipherment), (QBool)true );
00190 QCOMPARE( ca1.constraints().contains(QCA::DataEncipherment), (QBool)false );
00191 QCOMPARE( ca1.constraints().contains(QCA::KeyAgreement), (QBool)false );
00192 QCOMPARE( ca1.constraints().contains(QCA::KeyCertificateSign), (QBool)true );
00193 QCOMPARE( ca1.constraints().contains(QCA::CRLSign), (QBool)true );
00194 QCOMPARE( ca1.constraints().contains(QCA::EncipherOnly), (QBool)false );
00195 QCOMPARE( ca1.constraints().contains(QCA::DecipherOnly), (QBool)false );
00196 QCOMPARE( ca1.constraints().contains(QCA::ServerAuth), (QBool)false );
00197 QCOMPARE( ca1.constraints().contains(QCA::ClientAuth), (QBool)false );
00198 QCOMPARE( ca1.constraints().contains(QCA::CodeSigning), (QBool)false );
00199 QCOMPARE( ca1.constraints().contains(QCA::EmailProtection), (QBool)false );
00200 QCOMPARE( ca1.constraints().contains(QCA::IPSecEndSystem), (QBool)false );
00201 QCOMPARE( ca1.constraints().contains(QCA::IPSecTunnel), (QBool)false);
00202 QCOMPARE( ca1.constraints().contains(QCA::IPSecUser), (QBool)false );
00203 QCOMPARE( ca1.constraints().contains(QCA::TimeStamping), (QBool)false );
00204 QCOMPARE( ca1.constraints().contains(QCA::OCSPSigning), (QBool)false );
00205 }
00206 }
00207 }
00208
00209 void CertUnitTest::checkExpiredClientCerts()
00210 {
00211 QStringList providersToTest;
00212 providersToTest.append("qca-ossl");
00213
00214
00215 foreach(const QString provider, providersToTest) {
00216 if( !QCA::isSupported( "cert", provider ) )
00217 QWARN( QString( "Certificate handling not supported for "+provider).toLocal8Bit() );
00218 else {
00219 QCA::ConvertResult resultClient1;
00220 QCA::Certificate client1 = QCA::Certificate::fromPEMFile( "certs/User.pem", &resultClient1, provider);
00221 QCOMPARE( resultClient1, QCA::ConvertGood );
00222 QCOMPARE( client1.isNull(), false );
00223 QCOMPARE( client1.isCA(), false );
00224 QCOMPARE( client1.isSelfSigned(), false );
00225
00226 QCOMPARE( client1.serialNumber(), QCA::BigInteger(2) );
00227
00228 QCOMPARE( client1.commonName(), QString("Insecure User Test Cert") );
00229
00230 QCOMPARE( client1.notValidBefore().toString(), QDateTime( QDate( 2001, 8, 17 ), QTime( 8, 32, 38 ), Qt::UTC ).toString() );
00231 QCOMPARE( client1.notValidAfter().toString(), QDateTime( QDate( 2006, 8, 16 ), QTime( 8, 32, 38 ), Qt::UTC ).toString() );
00232
00233 QCOMPARE( client1.constraints().contains(QCA::DigitalSignature), (QBool)true );
00234 QCOMPARE( client1.constraints().contains(QCA::NonRepudiation), (QBool)true );
00235 QCOMPARE( client1.constraints().contains(QCA::KeyEncipherment), (QBool)true );
00236 QCOMPARE( client1.constraints().contains(QCA::DataEncipherment), (QBool)true );
00237 QCOMPARE( client1.constraints().contains(QCA::KeyAgreement), (QBool)false );
00238 QCOMPARE( client1.constraints().contains(QCA::KeyCertificateSign), (QBool)false );
00239 QCOMPARE( client1.constraints().contains(QCA::CRLSign), (QBool)false );
00240 QCOMPARE( client1.constraints().contains(QCA::EncipherOnly), (QBool)false );
00241 QCOMPARE( client1.constraints().contains(QCA::DecipherOnly), (QBool)false );
00242 QCOMPARE( client1.constraints().contains(QCA::ServerAuth), (QBool)false );
00243 QCOMPARE( client1.constraints().contains(QCA::ClientAuth), (QBool)true );
00244 QCOMPARE( client1.constraints().contains(QCA::CodeSigning), (QBool)false );
00245 QCOMPARE( client1.constraints().contains(QCA::EmailProtection), (QBool)true );
00246 QCOMPARE( client1.constraints().contains(QCA::IPSecEndSystem), (QBool)false );
00247 QCOMPARE( client1.constraints().contains(QCA::IPSecTunnel), (QBool)false);
00248 QCOMPARE( client1.constraints().contains(QCA::IPSecUser), (QBool)false );
00249 QCOMPARE( client1.constraints().contains(QCA::TimeStamping), (QBool)false );
00250 QCOMPARE( client1.constraints().contains(QCA::OCSPSigning), (QBool)false );
00251
00252
00253 QCOMPARE( client1.policies().count(), 0 );
00254
00255 QCA::CertificateInfo subject1 = client1.subjectInfo();
00256 QCOMPARE( subject1.isEmpty(), false );
00257 QCOMPARE( subject1.values(QCA::Country).contains("de"), (QBool)true );
00258 QCOMPARE( subject1.values(QCA::Organization).contains("InsecureTestCertificate"), (QBool)true );
00259 QCOMPARE( subject1.values(QCA::CommonName).contains("Insecure User Test Cert"), (QBool)true );
00260
00261 QCA::CertificateInfo issuer1 = client1.issuerInfo();
00262 QCOMPARE( issuer1.isEmpty(), false );
00263 QCOMPARE( issuer1.values(QCA::Country).contains("de"), (QBool)true );
00264 QCOMPARE( issuer1.values(QCA::Organization).contains("InsecureTestCertificate"), (QBool)true );
00265 QCOMPARE( issuer1.values(QCA::CommonName).contains("For Tests Only"), (QBool)true );
00266
00267 QByteArray subjectKeyID = QCA::Hex().stringToArray("889E7EF729719D7B280F361AAE6D00D39DE1AADB").toByteArray();
00268 QCOMPARE( client1.subjectKeyId(), subjectKeyID );
00269 QCOMPARE( QCA::Hex().arrayToString(client1.issuerKeyId()), QString("bf53438278d09ec380e51b67ca0500dfb94883a5") );
00270
00271 QCA::PublicKey pubkey1 = client1.subjectPublicKey();
00272 QCOMPARE( pubkey1.isNull(), false );
00273 QCOMPARE( pubkey1.isRSA(), true );
00274 QCOMPARE( pubkey1.isDSA(), false );
00275 QCOMPARE( pubkey1.isDH(), false );
00276 QCOMPARE( pubkey1.isPublic(), true );
00277 QCOMPARE( pubkey1.isPrivate(), false );
00278 QCOMPARE( pubkey1.bitSize(), 1024 );
00279
00280 QCOMPARE( client1.pathLimit(), 0 );
00281
00282 QCOMPARE( client1.signatureAlgorithm(), QCA::EMSA3_MD5 );
00283
00284 QCA::CertificateCollection trusted;
00285 QCA::CertificateCollection untrusted;
00286 QCOMPARE( client1.validate( trusted, untrusted ), QCA::ErrorInvalidCA );
00287
00288 QCA::ConvertResult resultca1;
00289 QCA::Certificate ca1 = QCA::Certificate::fromPEMFile( "certs/RootCAcert.pem", &resultca1, provider);
00290 QCOMPARE( resultca1, QCA::ConvertGood );
00291 trusted.addCertificate( ca1 );
00292
00293 QCOMPARE( client1.validate( trusted, untrusted ), QCA::ErrorExpired );
00294 QCOMPARE( client1.validate( trusted, untrusted, QCA::UsageAny ), QCA::ErrorExpired );
00295 QCOMPARE( client1.validate( trusted, untrusted, QCA::UsageTLSServer ), QCA::ErrorExpired );
00296 QCOMPARE( client1.validate( trusted, untrusted, QCA::UsageTLSClient ), QCA::ErrorExpired );
00297 QCOMPARE( client1.validate( trusted, untrusted, QCA::UsageCodeSigning ), QCA::ErrorExpired );
00298 QCOMPARE( client1.validate( trusted, untrusted, QCA::UsageTimeStamping ), QCA::ErrorExpired );
00299 QCOMPARE( client1.validate( trusted, untrusted, QCA::UsageEmailProtection ), QCA::ErrorExpired );
00300 QCOMPARE( client1.validate( trusted, untrusted, QCA::UsageCRLSigning ), QCA::ErrorExpired );
00301 QByteArray derClient1 = client1.toDER();
00302 QCOMPARE( derClient1.isEmpty(), false );
00303 QCA::Certificate fromDer1 = QCA::Certificate::fromDER( derClient1, &resultClient1, provider );
00304 QCOMPARE( resultClient1, QCA::ConvertGood );
00305 QVERIFY( fromDer1 == client1 );
00306
00307 QString pemClient1 = client1.toPEM();
00308 QCOMPARE( pemClient1.isEmpty(), false );
00309 QCA::Certificate fromPem1 = QCA::Certificate::fromPEM( pemClient1, &resultClient1, provider);
00310 QCOMPARE( resultClient1, QCA::ConvertGood );
00311 QVERIFY( fromPem1 == client1);
00312 QCOMPARE( fromPem1 != fromDer1, false );
00313 }
00314 }
00315 }
00316
00317 void CertUnitTest::checkClientCerts()
00318 {
00319 QStringList providersToTest;
00320 providersToTest.append("qca-ossl");
00321
00322
00323 foreach(const QString provider, providersToTest) {
00324 if( !QCA::isSupported( "cert", provider ) )
00325 QWARN( QString( "Certificate handling not supported for "+provider).toLocal8Bit() );
00326 else {
00327 QCA::ConvertResult resultClient2;
00328 QCA::Certificate client2 = QCA::Certificate::fromPEMFile( "certs/QcaTestClientCert.pem", &resultClient2, provider);
00329 QCOMPARE( resultClient2, QCA::ConvertGood );
00330 QCOMPARE( client2.isNull(), false );
00331 QCOMPARE( client2.isCA(), false );
00332 QCOMPARE( client2.isSelfSigned(), false );
00333
00334 QCOMPARE( client2.serialNumber(), QCA::BigInteger("13149359243510447488") );
00335
00336 QCOMPARE( client2.commonName(), QString("Qca Test Client Certificate") );
00337
00338 QCOMPARE( client2.notValidBefore().toString(), QDateTime( QDate( 2007, 7, 22 ), QTime( 3, 30, 29 ), Qt::UTC ).toString() );
00339 QCOMPARE( client2.notValidAfter().toString(), QDateTime( QDate( 2012, 7, 20 ), QTime( 3, 30, 29 ), Qt::UTC ).toString() );
00340
00341 QCOMPARE( client2.constraints().contains(QCA::DigitalSignature), (QBool)true );
00342 QCOMPARE( client2.constraints().contains(QCA::NonRepudiation), (QBool)true );
00343 QCOMPARE( client2.constraints().contains(QCA::KeyEncipherment), (QBool)true );
00344 QCOMPARE( client2.constraints().contains(QCA::DataEncipherment), (QBool)true );
00345 QCOMPARE( client2.constraints().contains(QCA::KeyAgreement), (QBool)false );
00346 QCOMPARE( client2.constraints().contains(QCA::KeyCertificateSign), (QBool)false );
00347 QCOMPARE( client2.constraints().contains(QCA::CRLSign), (QBool)false );
00348 QCOMPARE( client2.constraints().contains(QCA::EncipherOnly), (QBool)false );
00349 QCOMPARE( client2.constraints().contains(QCA::DecipherOnly), (QBool)false );
00350 QCOMPARE( client2.constraints().contains(QCA::ServerAuth), (QBool)false );
00351 QCOMPARE( client2.constraints().contains(QCA::ClientAuth), (QBool)true );
00352 QCOMPARE( client2.constraints().contains(QCA::CodeSigning), (QBool)false );
00353 QCOMPARE( client2.constraints().contains(QCA::EmailProtection), (QBool)true );
00354 QCOMPARE( client2.constraints().contains(QCA::IPSecEndSystem), (QBool)false );
00355 QCOMPARE( client2.constraints().contains(QCA::IPSecTunnel), (QBool)false);
00356 QCOMPARE( client2.constraints().contains(QCA::IPSecUser), (QBool)false );
00357 QCOMPARE( client2.constraints().contains(QCA::TimeStamping), (QBool)false );
00358 QCOMPARE( client2.constraints().contains(QCA::OCSPSigning), (QBool)false );
00359
00360
00361 QCOMPARE( client2.policies().count(), 0 );
00362
00363 QCA::CertificateInfo subject2 = client2.subjectInfo();
00364 QCOMPARE( subject2.isEmpty(), false );
00365 QVERIFY( subject2.values(QCA::Country).contains("US") );
00366 QVERIFY( subject2.values(QCA::Organization).contains("Qca Development and Test") );
00367 QVERIFY( subject2.values(QCA::OrganizationalUnit).contains("Certificate Generation Section") );
00368 QVERIFY( subject2.values(QCA::CommonName).contains("Qca Test Client Certificate") );
00369
00370 QCA::CertificateInfo issuer2 = client2.issuerInfo();
00371 QCOMPARE( issuer2.isEmpty(), false );
00372 QVERIFY( issuer2.values(QCA::Country).contains("AU") );
00373 QVERIFY( issuer2.values(QCA::Organization).contains("Qca Development and Test") );
00374 QVERIFY( issuer2.values(QCA::CommonName).contains("Qca Test Root Certificate") );
00375
00376 QByteArray subjectKeyID = QCA::Hex().stringToArray("B27FD3113923BE1DC46F53CE81AFF1D48001F6F6").toByteArray();
00377 QCOMPARE( client2.subjectKeyId(), subjectKeyID );
00378 QCOMPARE( QCA::Hex().arrayToString(client2.issuerKeyId()), QString("513ff2146e496adc41b815b5a086f42ee4f545f8") );
00379
00380 QCA::PublicKey pubkey2 = client2.subjectPublicKey();
00381 QCOMPARE( pubkey2.isNull(), false );
00382 QCOMPARE( pubkey2.isRSA(), true );
00383 QCOMPARE( pubkey2.isDSA(), false );
00384 QCOMPARE( pubkey2.isDH(), false );
00385 QCOMPARE( pubkey2.isPublic(), true );
00386 QCOMPARE( pubkey2.isPrivate(), false );
00387 QCOMPARE( pubkey2.bitSize(), 1024 );
00388
00389 QCOMPARE( client2.pathLimit(), 0 );
00390
00391 QCOMPARE( client2.signatureAlgorithm(), QCA::EMSA3_SHA1 );
00392
00393 QCA::CertificateCollection trusted;
00394 QCA::CertificateCollection untrusted;
00395 QCOMPARE( client2.validate( trusted, untrusted ), QCA::ErrorInvalidCA );
00396
00397 QCA::ConvertResult resultca2;
00398 QCA::Certificate ca2 = QCA::Certificate::fromPEMFile( "certs/QcaTestRootCert.pem", &resultca2, provider);
00399 QCOMPARE( resultca2, QCA::ConvertGood );
00400 trusted.addCertificate( ca2 );
00401
00402 QCOMPARE( client2.validate( trusted, untrusted ), QCA::ValidityGood );
00403 QCOMPARE( client2.validate( trusted, untrusted, QCA::UsageAny ), QCA::ValidityGood );
00404 QCOMPARE( client2.validate( trusted, untrusted, QCA::UsageTLSServer ), QCA::ErrorInvalidPurpose );
00405 QCOMPARE( client2.validate( trusted, untrusted, QCA::UsageTLSClient ), QCA::ValidityGood );
00406 QCOMPARE( client2.validate( trusted, untrusted, QCA::UsageCodeSigning ), QCA::ErrorInvalidPurpose );
00407 QCOMPARE( client2.validate( trusted, untrusted, QCA::UsageTimeStamping ), QCA::ErrorInvalidPurpose );
00408 QCOMPARE( client2.validate( trusted, untrusted, QCA::UsageEmailProtection ), QCA::ValidityGood );
00409 QCOMPARE( client2.validate( trusted, untrusted, QCA::UsageCRLSigning ), QCA::ErrorInvalidPurpose );
00410 QByteArray derClient2 = client2.toDER();
00411 QCOMPARE( derClient2.isEmpty(), false );
00412 QCA::Certificate fromDer2 = QCA::Certificate::fromDER( derClient2, &resultClient2, provider );
00413 QCOMPARE( resultClient2, QCA::ConvertGood );
00414 QVERIFY( fromDer2 == client2 );
00415
00416 QString pemClient2 = client2.toPEM();
00417 QCOMPARE( pemClient2.isEmpty(), false );
00418 QCA::Certificate fromPem2 = QCA::Certificate::fromPEM( pemClient2, &resultClient2, provider);
00419 QCOMPARE( resultClient2, QCA::ConvertGood );
00420 QVERIFY( fromPem2 == client2);
00421 QCOMPARE( fromPem2 != fromDer2, false );
00422 }
00423 }
00424 }
00425
00426
00427 void CertUnitTest::derCAcertstest()
00428 {
00429 QStringList providersToTest;
00430 providersToTest.append("qca-ossl");
00431
00432 foreach(const QString provider, providersToTest) {
00433 if( !QCA::isSupported( "cert", provider ) )
00434 QWARN( QString( "Certificate handling not supported for "+provider).toLocal8Bit() );
00435 else {
00436 QFile f("certs/ov-root-ca-cert.crt");
00437 QVERIFY(f.open(QFile::ReadOnly));
00438 QByteArray der = f.readAll();
00439 QCA::ConvertResult resultca1;
00440 QCA::Certificate ca1 = QCA::Certificate::fromDER(der,
00441 &resultca1,
00442 provider);
00443
00444 QCOMPARE( resultca1, QCA::ConvertGood );
00445
00446 QCOMPARE( ca1.pathLimit(), 0 );
00447
00448 QCOMPARE( ca1.isNull(), false );
00449 QCOMPARE( ca1.isCA(), true );
00450
00451 QCOMPARE( ca1.isSelfSigned(), true );
00452
00453 QCOMPARE( ca1.serialNumber(), QCA::BigInteger(0) );
00454
00455 QCOMPARE( ca1.commonName(), QString("For Tests Only") );
00456
00457 QCA::CertificateInfo si = ca1.subjectInfo();
00458 QCOMPARE( si.isEmpty(), false );
00459 QCOMPARE( si.value(QCA::CommonName), QString("For Tests Only") );
00460 QCOMPARE( si.value(QCA::Organization), QString("InsecureTestCertificate") );
00461 QCOMPARE( si.value(QCA::Country), QString("de") );
00462
00463
00464 QCA::CertificateInfo ii = ca1.issuerInfo();
00465 QCOMPARE( ii.isEmpty(), false );
00466 QCOMPARE( ii.value(QCA::CommonName), QString("For Tests Only") );
00467 QCOMPARE( ii.value(QCA::Organization), QString("InsecureTestCertificate") );
00468 QCOMPARE( ii.value(QCA::Country), QString("de") );
00469
00470 QCOMPARE( ca1.notValidBefore().toString(), QDateTime( QDate( 2001, 8, 17 ), QTime( 8, 30, 39 ), Qt::UTC ).toString() );
00471 QCOMPARE( ca1.notValidAfter().toString(), QDateTime( QDate( 2011, 8, 15 ), QTime( 8, 30, 39 ), Qt::UTC ).toString() );
00472
00473 QCOMPARE( ca1.constraints().contains(QCA::DigitalSignature), (QBool)true );
00474 QCOMPARE( ca1.constraints().contains(QCA::NonRepudiation), (QBool)true );
00475 QCOMPARE( ca1.constraints().contains(QCA::KeyEncipherment), (QBool)true );
00476 QCOMPARE( ca1.constraints().contains(QCA::DataEncipherment), (QBool)false );
00477 QCOMPARE( ca1.constraints().contains(QCA::KeyAgreement), (QBool)false );
00478 QCOMPARE( ca1.constraints().contains(QCA::KeyCertificateSign), (QBool)true );
00479 QCOMPARE( ca1.constraints().contains(QCA::CRLSign), (QBool)true );
00480 QCOMPARE( ca1.constraints().contains(QCA::EncipherOnly), (QBool)false );
00481 QCOMPARE( ca1.constraints().contains(QCA::DecipherOnly), (QBool)false );
00482 QCOMPARE( ca1.constraints().contains(QCA::ServerAuth), (QBool)false );
00483 QCOMPARE( ca1.constraints().contains(QCA::ClientAuth), (QBool)false );
00484 QCOMPARE( ca1.constraints().contains(QCA::CodeSigning), (QBool)false );
00485 QCOMPARE( ca1.constraints().contains(QCA::EmailProtection), (QBool)false );
00486 QCOMPARE( ca1.constraints().contains(QCA::IPSecEndSystem), (QBool)false );
00487 QCOMPARE( ca1.constraints().contains(QCA::IPSecTunnel), (QBool)false);
00488 QCOMPARE( ca1.constraints().contains(QCA::IPSecUser), (QBool)false );
00489 QCOMPARE( ca1.constraints().contains(QCA::TimeStamping), (QBool)false );
00490 QCOMPARE( ca1.constraints().contains(QCA::OCSPSigning), (QBool)false );
00491
00492
00493 QCOMPARE( ca1.policies().count(), 0 );
00494
00495 QCOMPARE( ca1.signatureAlgorithm(), QCA::EMSA3_MD5 );
00496 }
00497 }
00498 }
00499
00500 void CertUnitTest::altName()
00501 {
00502 QStringList providersToTest;
00503 providersToTest.append("qca-ossl");
00504
00505
00506 foreach(const QString provider, providersToTest) {
00507 if( !QCA::isSupported( "cert", provider ) )
00508 QWARN( QString( "Certificate handling not supported for "+provider).toLocal8Bit() );
00509 else {
00510 QCA::ConvertResult resultClient1;
00511 QCA::Certificate client1 = QCA::Certificate::fromPEMFile( "certs/altname.pem", &resultClient1, provider);
00512 QCOMPARE( resultClient1, QCA::ConvertGood );
00513 QCOMPARE( client1.isNull(), false );
00514 QCOMPARE( client1.isCA(), false );
00515 QCOMPARE( client1.isSelfSigned(), false );
00516
00517 QCOMPARE( client1.serialNumber(), QCA::BigInteger(1) );
00518
00519 QCOMPARE( client1.commonName(), QString("Valid RFC822 nameConstraints EE Certificate Test21") );
00520
00521 QCOMPARE( client1.constraints().contains(QCA::DigitalSignature), (QBool)true );
00522 QCOMPARE( client1.constraints().contains(QCA::NonRepudiation), (QBool)true );
00523 QCOMPARE( client1.constraints().contains(QCA::KeyEncipherment), (QBool)true );
00524 QCOMPARE( client1.constraints().contains(QCA::DataEncipherment), (QBool)true );
00525 QCOMPARE( client1.constraints().contains(QCA::KeyAgreement), (QBool)false );
00526 QCOMPARE( client1.constraints().contains(QCA::KeyCertificateSign), (QBool)false );
00527 QCOMPARE( client1.constraints().contains(QCA::CRLSign), (QBool)false );
00528 QCOMPARE( client1.constraints().contains(QCA::EncipherOnly), (QBool)false );
00529 QCOMPARE( client1.constraints().contains(QCA::DecipherOnly), (QBool)false );
00530 QCOMPARE( client1.constraints().contains(QCA::ServerAuth), (QBool)false );
00531 QCOMPARE( client1.constraints().contains(QCA::ClientAuth), (QBool)false );
00532 QCOMPARE( client1.constraints().contains(QCA::CodeSigning), (QBool)false );
00533 QCOMPARE( client1.constraints().contains(QCA::EmailProtection), (QBool)false );
00534 QCOMPARE( client1.constraints().contains(QCA::IPSecEndSystem), (QBool)false );
00535 QCOMPARE( client1.constraints().contains(QCA::IPSecTunnel), (QBool)false);
00536 QCOMPARE( client1.constraints().contains(QCA::IPSecUser), (QBool)false );
00537 QCOMPARE( client1.constraints().contains(QCA::TimeStamping), (QBool)false );
00538 QCOMPARE( client1.constraints().contains(QCA::OCSPSigning), (QBool)false );
00539
00540 QCOMPARE( client1.policies().count(), 1 );
00541 QCOMPARE( client1.policies().at(0), QString("2.16.840.1.101.3.2.1.48.1") );
00542
00543 QCA::CertificateInfo subject1 = client1.subjectInfo();
00544 QCOMPARE( subject1.isEmpty(), false );
00545 QVERIFY( subject1.values(QCA::Country).contains("US") );
00546 QVERIFY( subject1.values(QCA::Organization).contains("Test Certificates") );
00547 QVERIFY( subject1.values(QCA::CommonName).contains("Valid RFC822 nameConstraints EE Certificate Test21") );
00548 QVERIFY( subject1.values(QCA::Email).contains("Test21EE@mailserver.testcertificates.gov") );
00549
00550 QCA::CertificateInfo issuer1 = client1.issuerInfo();
00551 QCOMPARE( issuer1.isEmpty(), false );
00552 QVERIFY( issuer1.values(QCA::Country).contains("US") );
00553 QVERIFY( issuer1.values(QCA::Organization).contains("Test Certificates") );
00554 QVERIFY( issuer1.values(QCA::CommonName).contains("nameConstraints RFC822 CA1") );
00555
00556 QByteArray subjectKeyID = QCA::Hex().stringToArray("b4200d42cd95ea87d463d54f0ed6d10fe5b73bfb").toByteArray();
00557 QCOMPARE( client1.subjectKeyId(), subjectKeyID );
00558 QCOMPARE( QCA::Hex().arrayToString(client1.issuerKeyId()), QString("e37f857a8ea23b9eeeb8121d7913aac4bd2e59ad") );
00559
00560 QCA::PublicKey pubkey1 = client1.subjectPublicKey();
00561 QCOMPARE( pubkey1.isNull(), false );
00562 QCOMPARE( pubkey1.isRSA(), true );
00563 QCOMPARE( pubkey1.isDSA(), false );
00564 QCOMPARE( pubkey1.isDH(), false );
00565 QCOMPARE( pubkey1.isPublic(), true );
00566 QCOMPARE( pubkey1.isPrivate(), false );
00567 QCOMPARE( pubkey1.bitSize(), 1024 );
00568
00569 QCOMPARE( client1.pathLimit(), 0 );
00570
00571 QCOMPARE( client1.signatureAlgorithm(), QCA::EMSA3_SHA1 );
00572 }
00573 }
00574 }
00575
00576 void CertUnitTest::extXMPP()
00577 {
00578 QStringList providersToTest;
00579 providersToTest.append("qca-ossl");
00580
00581
00582 foreach(const QString provider, providersToTest) {
00583 if( !QCA::isSupported( "cert", provider ) )
00584 QWARN( QString( "Certificate handling not supported for "+provider).toLocal8Bit() );
00585 else {
00586 QCA::ConvertResult resultClient1;
00587 QCA::Certificate client1 = QCA::Certificate::fromPEMFile( "certs/xmppcert.pem", &resultClient1, provider);
00588 QCOMPARE( resultClient1, QCA::ConvertGood );
00589 QCOMPARE( client1.isNull(), false );
00590 QCOMPARE( client1.isCA(), false );
00591 QCOMPARE( client1.isSelfSigned(), true );
00592
00593 QCOMPARE( client1.serialNumber(), QCA::BigInteger("9635301556349760241") );
00594
00595 QCOMPARE( client1.commonName(), QString("demo.jabber.com") );
00596
00597 QCA::CertificateInfo subject1 = client1.subjectInfo();
00598 QCOMPARE( subject1.isEmpty(), false );
00599 QVERIFY( subject1.values(QCA::Country).contains("US") );
00600 QVERIFY( subject1.values(QCA::Organization).contains("Jabber, Inc.") );
00601 QVERIFY( subject1.values(QCA::Locality).contains("Denver") );
00602 QVERIFY( subject1.values(QCA::State).contains("Colorado") );
00603 QVERIFY( subject1.values(QCA::CommonName).contains("demo.jabber.com") );
00604 QVERIFY( subject1.values(QCA::DNS).contains("demo.jabber.com") );
00605 QVERIFY( subject1.values(QCA::XMPP).contains("demo.jabber.com") );
00606
00607 QCA::CertificateInfo issuer1 = client1.issuerInfo();
00608 QCOMPARE( issuer1.isEmpty(), false );
00609 QVERIFY( issuer1.values(QCA::Country).contains("US") );
00610 QVERIFY( issuer1.values(QCA::Organization).contains("Jabber, Inc.") );
00611 QVERIFY( issuer1.values(QCA::Locality).contains("Denver") );
00612 QVERIFY( issuer1.values(QCA::State).contains("Colorado") );
00613 QVERIFY( issuer1.values(QCA::CommonName).contains("demo.jabber.com") );
00614 }
00615 }
00616 }
00617
00618 void CertUnitTest::altNames76()
00619 {
00620 QStringList providersToTest;
00621 providersToTest.append("qca-ossl");
00622
00623
00624 foreach(const QString provider, providersToTest) {
00625 if( !QCA::isSupported( "cert", provider ) )
00626 QWARN( QString( "Certificate handling not supported for "+provider).toLocal8Bit() );
00627 else {
00628 QCA::ConvertResult resultClient1;
00629 QCA::Certificate client1 = QCA::Certificate::fromPEMFile( "certs/76.pem", &resultClient1, provider);
00630 QCOMPARE( resultClient1, QCA::ConvertGood );
00631 QCOMPARE( client1.isNull(), false );
00632 QCOMPARE( client1.isCA(), false );
00633 QCOMPARE( client1.isSelfSigned(), false );
00634
00635 QCOMPARE( client1.serialNumber(), QCA::BigInteger(118) );
00636
00637 QCOMPARE( client1.commonName(), QString("sip1.su.se") );
00638
00639 QCOMPARE( client1.constraints().contains(QCA::DigitalSignature), (QBool)true );
00640 QCOMPARE( client1.constraints().contains(QCA::NonRepudiation), (QBool)true );
00641 QCOMPARE( client1.constraints().contains(QCA::KeyEncipherment), (QBool)true );
00642 QCOMPARE( client1.constraints().contains(QCA::DataEncipherment), (QBool)false );
00643 QCOMPARE( client1.constraints().contains(QCA::KeyAgreement), (QBool)false );
00644 QCOMPARE( client1.constraints().contains(QCA::KeyCertificateSign), (QBool)false );
00645 QCOMPARE( client1.constraints().contains(QCA::CRLSign), (QBool)false );
00646 QCOMPARE( client1.constraints().contains(QCA::EncipherOnly), (QBool)false );
00647 QCOMPARE( client1.constraints().contains(QCA::DecipherOnly), (QBool)false );
00648 QCOMPARE( client1.constraints().contains(QCA::ServerAuth), (QBool)true );
00649 QCOMPARE( client1.constraints().contains(QCA::ClientAuth), (QBool)true );
00650 QCOMPARE( client1.constraints().contains(QCA::CodeSigning), (QBool)false );
00651 QCOMPARE( client1.constraints().contains(QCA::EmailProtection), (QBool)false );
00652 QCOMPARE( client1.constraints().contains(QCA::IPSecEndSystem), (QBool)false );
00653 QCOMPARE( client1.constraints().contains(QCA::IPSecTunnel), (QBool)false);
00654 QCOMPARE( client1.constraints().contains(QCA::IPSecUser), (QBool)false );
00655 QCOMPARE( client1.constraints().contains(QCA::TimeStamping), (QBool)false );
00656 QCOMPARE( client1.constraints().contains(QCA::OCSPSigning), (QBool)false );
00657
00658 QCOMPARE( client1.policies().count(), 1 );
00659
00660 QCA::CertificateInfo subject1 = client1.subjectInfo();
00661 QCOMPARE( subject1.isEmpty(), false );
00662 QVERIFY( subject1.values(QCA::Country).contains("SE") );
00663 QVERIFY( subject1.values(QCA::Organization).contains("Stockholms universitet") );
00664 QVERIFY( subject1.values(QCA::CommonName).contains("sip1.su.se") );
00665 QCOMPARE( subject1.values(QCA::Email).count(), 0 );
00666 QCOMPARE( subject1.values(QCA::DNS).count(), 8 );
00667 QVERIFY( subject1.values(QCA::DNS).contains("incomingproxy.sip.su.se") );
00668 QVERIFY( subject1.values(QCA::DNS).contains("incomingproxy1.sip.su.se") );
00669 QVERIFY( subject1.values(QCA::DNS).contains("outgoingproxy.sip.su.se") );
00670 QVERIFY( subject1.values(QCA::DNS).contains("outgoingproxy1.sip.su.se") );
00671 QVERIFY( subject1.values(QCA::DNS).contains("out.sip.su.se") );
00672 QVERIFY( subject1.values(QCA::DNS).contains("appserver.sip.su.se") );
00673 QVERIFY( subject1.values(QCA::DNS).contains("appserver1.sip.su.se") );
00674 QVERIFY( subject1.values(QCA::DNS).contains("sip1.su.se") );
00675
00676 QVERIFY( client1.matchesHostName("incomingproxy.sip.su.se") );
00677 QVERIFY( client1.matchesHostName("incomingproxy1.sip.su.se") );
00678 QVERIFY( client1.matchesHostName("outgoingproxy.sip.su.se") );
00679 QVERIFY( client1.matchesHostName("outgoingproxy1.sip.su.se") );
00680 QVERIFY( client1.matchesHostName("out.sip.su.se") );
00681 QVERIFY( client1.matchesHostName("appserver.sip.su.se") );
00682 QVERIFY( client1.matchesHostName("appserver1.sip.su.se") );
00683 QVERIFY( client1.matchesHostName("sip1.su.se") );
00684
00685 QCA::CertificateInfo issuer1 = client1.issuerInfo();
00686 QCOMPARE( issuer1.isEmpty(), false );
00687 QVERIFY( issuer1.values(QCA::Country).contains("SE") );
00688 QVERIFY( issuer1.values(QCA::Organization).contains("Stockholms universitet") );
00689 QVERIFY( issuer1.values(QCA::CommonName).contains("Stockholm University CA") );
00690 QVERIFY( issuer1.values(QCA::URI).contains("http://ca.su.se") );
00691 QVERIFY( issuer1.values(QCA::Email).contains("ca@su.se") );
00692
00693 QByteArray subjectKeyID = QCA::Hex().stringToArray("3a5c5cd1cc2c9edf73f73bd81b59b1eab83035c5").toByteArray();
00694 QCOMPARE( client1.subjectKeyId(), subjectKeyID );
00695 QCOMPARE( QCA::Hex().arrayToString(client1.issuerKeyId()), QString("9e2e30ba37d95144c99dbf1821f1bd7eeeb58648") );
00696
00697 QCA::PublicKey pubkey1 = client1.subjectPublicKey();
00698 QCOMPARE( pubkey1.isNull(), false );
00699 QCOMPARE( pubkey1.isRSA(), true );
00700 QCOMPARE( pubkey1.isDSA(), false );
00701 QCOMPARE( pubkey1.isDH(), false );
00702 QCOMPARE( pubkey1.isPublic(), true );
00703 QCOMPARE( pubkey1.isPrivate(), false );
00704 QCOMPARE( pubkey1.bitSize(), 1024 );
00705
00706 QCOMPARE( client1.pathLimit(), 0 );
00707
00708 QCOMPARE( client1.signatureAlgorithm(), QCA::EMSA3_SHA1 );
00709 }
00710 }
00711 }
00712
00713 void CertUnitTest::sha256cert()
00714 {
00715 QStringList providersToTest;
00716 providersToTest.append("qca-ossl");
00717
00718
00719 foreach(const QString provider, providersToTest) {
00720 if( !QCA::isSupported( "cert", provider ) )
00721 QWARN( QString( "Certificate handling not supported for "+provider).toLocal8Bit() );
00722 else {
00723 QFile f("certs/RAIZ2007_CERTIFICATE_AND_CRL_SIGNING_SHA256.crt");
00724 QVERIFY(f.open(QFile::ReadOnly));
00725 QByteArray der = f.readAll();
00726 QCA::ConvertResult resultcert;
00727 QCA::Certificate cert = QCA::Certificate::fromDER(der,
00728 &resultcert,
00729 provider);
00730
00731 QCOMPARE( resultcert, QCA::ConvertGood );
00732 QCOMPARE( cert.isNull(), false );
00733 QCOMPARE( cert.isCA(), true );
00734 QCOMPARE( cert.isSelfSigned(), true );
00735
00736 QCA::PublicKey pubkey = cert.subjectPublicKey();
00737 QCOMPARE( pubkey.isNull(), false );
00738 QCOMPARE( pubkey.isRSA(), true );
00739 QCOMPARE( pubkey.isDSA(), false );
00740 QCOMPARE( pubkey.isDH(), false );
00741 QCOMPARE( pubkey.isPublic(), true );
00742 QCOMPARE( pubkey.isPrivate(), false );
00743 QCOMPARE( pubkey.bitSize(), 4096 );
00744
00745 QCOMPARE( cert.pathLimit(), 0 );
00746
00747 QCOMPARE( cert.signatureAlgorithm(), QCA::EMSA3_SHA256 );
00748 }
00749 }
00750 }
00751
00752 void CertUnitTest::checkExpiredServerCerts()
00753 {
00754 QStringList providersToTest;
00755 providersToTest.append("qca-ossl");
00756
00757
00758 foreach(const QString provider, providersToTest) {
00759 if( !QCA::isSupported( "cert", provider ) )
00760 QWARN( QString( "Certificate handling not supported for "+provider).toLocal8Bit() );
00761 else {
00762 QCA::ConvertResult resultServer1;
00763 QCA::Certificate server1 = QCA::Certificate::fromPEMFile( "certs/Server.pem", &resultServer1, provider);
00764 QCOMPARE( resultServer1, QCA::ConvertGood );
00765 QCOMPARE( server1.isNull(), false );
00766 QCOMPARE( server1.isCA(), false );
00767 QCOMPARE( server1.isSelfSigned(), false );
00768
00769 QCOMPARE( server1.serialNumber(), QCA::BigInteger(4) );
00770
00771 QCOMPARE( server1.commonName(), QString("Insecure Server Cert") );
00772
00773 QCOMPARE( server1.notValidBefore().toString(), QDateTime( QDate( 2001, 8, 17 ), QTime( 8, 46, 24 ), Qt::UTC ).toString() );
00774 QCOMPARE( server1.notValidAfter().toString(), QDateTime( QDate( 2006, 8, 16 ), QTime( 8, 46, 24 ), Qt::UTC ).toString() );
00775
00776 QCOMPARE( server1.constraints().contains(QCA::DigitalSignature), (QBool)true );
00777 QCOMPARE( server1.constraints().contains(QCA::NonRepudiation), (QBool)false );
00778 QCOMPARE( server1.constraints().contains(QCA::KeyEncipherment), (QBool)true );
00779 QCOMPARE( server1.constraints().contains(QCA::DataEncipherment), (QBool)false );
00780 QCOMPARE( server1.constraints().contains(QCA::KeyAgreement), (QBool)true );
00781 QCOMPARE( server1.constraints().contains(QCA::KeyCertificateSign), (QBool)false );
00782 QCOMPARE( server1.constraints().contains(QCA::CRLSign), (QBool)false );
00783 QCOMPARE( server1.constraints().contains(QCA::EncipherOnly), (QBool)false );
00784 QCOMPARE( server1.constraints().contains(QCA::DecipherOnly), (QBool)false );
00785 QCOMPARE( server1.constraints().contains(QCA::ServerAuth), (QBool)true );
00786 QCOMPARE( server1.constraints().contains(QCA::ClientAuth), (QBool)false );
00787 QCOMPARE( server1.constraints().contains(QCA::CodeSigning), (QBool)false );
00788 QCOMPARE( server1.constraints().contains(QCA::EmailProtection), (QBool)false );
00789 QCOMPARE( server1.constraints().contains(QCA::IPSecEndSystem), (QBool)false );
00790 QCOMPARE( server1.constraints().contains(QCA::IPSecTunnel), (QBool)false);
00791 QCOMPARE( server1.constraints().contains(QCA::IPSecUser), (QBool)false );
00792 QCOMPARE( server1.constraints().contains(QCA::TimeStamping), (QBool)false );
00793 QCOMPARE( server1.constraints().contains(QCA::OCSPSigning), (QBool)false );
00794
00795
00796 QCOMPARE( server1.policies().count(), 0 );
00797
00798 QCA::CertificateInfo subject1 = server1.subjectInfo();
00799 QCOMPARE( subject1.isEmpty(), false );
00800 QCOMPARE( subject1.values(QCA::Country).contains("de"), (QBool)true );
00801 QCOMPARE( subject1.values(QCA::Organization).contains("InsecureTestCertificate"), (QBool)true );
00802 QCOMPARE( subject1.values(QCA::CommonName).contains("Insecure Server Cert"), (QBool)true );
00803
00804 QCA::CertificateInfo issuer1 = server1.issuerInfo();
00805 QCOMPARE( issuer1.isEmpty(), false );
00806 QCOMPARE( issuer1.values(QCA::Country).contains("de"), (QBool)true );
00807 QCOMPARE( issuer1.values(QCA::Organization).contains("InsecureTestCertificate"), (QBool)true );
00808 QCOMPARE( issuer1.values(QCA::CommonName).contains("For Tests Only"), (QBool)true );
00809
00810 QByteArray subjectKeyID = QCA::Hex().stringToArray("0234E2C906F6E0B44253BE04C0CBA7823A6DB509").toByteArray();
00811 QCOMPARE( server1.subjectKeyId(), subjectKeyID );
00812 QByteArray authorityKeyID = QCA::Hex().stringToArray("BF53438278D09EC380E51B67CA0500DFB94883A5").toByteArray();
00813 QCOMPARE( server1.issuerKeyId(), authorityKeyID );
00814
00815 QCA::PublicKey pubkey1 = server1.subjectPublicKey();
00816 QCOMPARE( pubkey1.isNull(), false );
00817 QCOMPARE( pubkey1.isRSA(), true );
00818 QCOMPARE( pubkey1.isDSA(), false );
00819 QCOMPARE( pubkey1.isDH(), false );
00820 QCOMPARE( pubkey1.isPublic(), true );
00821 QCOMPARE( pubkey1.isPrivate(), false );
00822 QCOMPARE( pubkey1.bitSize(), 1024 );
00823
00824 QCOMPARE( server1.pathLimit(), 0 );
00825
00826 QCOMPARE( server1.signatureAlgorithm(), QCA::EMSA3_MD5 );
00827
00828 QCA::CertificateCollection trusted;
00829 QCA::CertificateCollection untrusted;
00830 QCOMPARE( server1.validate( trusted, untrusted ), QCA::ErrorInvalidCA );
00831
00832 QCA::ConvertResult resultca1;
00833 QCA::Certificate ca1 = QCA::Certificate::fromPEMFile( "certs/RootCAcert.pem", &resultca1, provider);
00834 QCOMPARE( resultca1, QCA::ConvertGood );
00835 trusted.addCertificate( ca1 );
00836 QCOMPARE( server1.validate( trusted, untrusted ), QCA::ErrorExpired );
00837 QCOMPARE( server1.validate( trusted, untrusted, QCA::UsageAny ), QCA::ErrorExpired );
00838 QCOMPARE( server1.validate( trusted, untrusted, QCA::UsageTLSServer ), QCA::ErrorExpired );
00839 QCOMPARE( server1.validate( trusted, untrusted, QCA::UsageTLSClient ), QCA::ErrorExpired );
00840 QCOMPARE( server1.validate( trusted, untrusted, QCA::UsageCodeSigning ), QCA::ErrorExpired );
00841 QCOMPARE( server1.validate( trusted, untrusted, QCA::UsageTimeStamping ), QCA::ErrorExpired );
00842 QCOMPARE( server1.validate( trusted, untrusted, QCA::UsageEmailProtection ), QCA::ErrorExpired );
00843 QCOMPARE( server1.validate( trusted, untrusted, QCA::UsageCRLSigning ), QCA::ErrorExpired );
00844
00845 QByteArray derServer1 = server1.toDER();
00846 QCOMPARE( derServer1.isEmpty(), false );
00847 QCA::Certificate fromDer1 = QCA::Certificate::fromDER( derServer1, &resultServer1, provider );
00848 QCOMPARE( resultServer1, QCA::ConvertGood );
00849 QCOMPARE( fromDer1 == server1, true );
00850 }
00851 }
00852 }
00853
00854
00855 void CertUnitTest::checkServerCerts()
00856 {
00857 QStringList providersToTest;
00858 providersToTest.append("qca-ossl");
00859
00860
00861 foreach(const QString provider, providersToTest) {
00862 if( !QCA::isSupported( "cert", provider ) )
00863 QWARN( QString( "Certificate handling not supported for "+provider).toLocal8Bit() );
00864 else {
00865 QCA::ConvertResult resultServer1;
00866 QCA::Certificate server1 = QCA::Certificate::fromPEMFile( "certs/QcaTestServerCert.pem", &resultServer1, provider);
00867 QCOMPARE( resultServer1, QCA::ConvertGood );
00868 QCOMPARE( server1.isNull(), false );
00869 QCOMPARE( server1.isCA(), false );
00870 QCOMPARE( server1.isSelfSigned(), false );
00871
00872 QCOMPARE( server1.serialNumber(), QCA::BigInteger("13149359243510447489") );
00873
00874 QCOMPARE( server1.commonName(), QString("Qca Server Test certificate") );
00875
00876 QCOMPARE( server1.notValidBefore().toString(), QDateTime( QDate( 2007, 7, 22 ), QTime( 6, 5, 39 ), Qt::UTC ).toString() );
00877 QCOMPARE( server1.notValidAfter().toString(), QDateTime( QDate( 2012, 7, 20 ), QTime( 6, 5, 39 ), Qt::UTC ).toString() );
00878
00879 QCOMPARE( server1.constraints().contains(QCA::DigitalSignature), (QBool)true );
00880 QCOMPARE( server1.constraints().contains(QCA::NonRepudiation), (QBool)true );
00881 QCOMPARE( server1.constraints().contains(QCA::KeyEncipherment), (QBool)true );
00882 QCOMPARE( server1.constraints().contains(QCA::DataEncipherment), (QBool)false );
00883 QCOMPARE( server1.constraints().contains(QCA::KeyAgreement), (QBool)false );
00884 QCOMPARE( server1.constraints().contains(QCA::KeyCertificateSign), (QBool)false );
00885 QCOMPARE( server1.constraints().contains(QCA::CRLSign), (QBool)false );
00886 QCOMPARE( server1.constraints().contains(QCA::EncipherOnly), (QBool)false );
00887 QCOMPARE( server1.constraints().contains(QCA::DecipherOnly), (QBool)false );
00888 QCOMPARE( server1.constraints().contains(QCA::ServerAuth), (QBool)true );
00889 QCOMPARE( server1.constraints().contains(QCA::ClientAuth), (QBool)false );
00890 QCOMPARE( server1.constraints().contains(QCA::CodeSigning), (QBool)false );
00891 QCOMPARE( server1.constraints().contains(QCA::EmailProtection), (QBool)false );
00892 QCOMPARE( server1.constraints().contains(QCA::IPSecEndSystem), (QBool)false );
00893 QCOMPARE( server1.constraints().contains(QCA::IPSecTunnel), (QBool)false);
00894 QCOMPARE( server1.constraints().contains(QCA::IPSecUser), (QBool)false );
00895 QCOMPARE( server1.constraints().contains(QCA::TimeStamping), (QBool)false );
00896 QCOMPARE( server1.constraints().contains(QCA::OCSPSigning), (QBool)false );
00897
00898
00899 QCOMPARE( server1.policies().count(), 0 );
00900
00901 QCA::CertificateInfo subject1 = server1.subjectInfo();
00902 QCOMPARE( subject1.isEmpty(), false );
00903 QVERIFY( subject1.values(QCA::Country).contains("IL") );
00904 QVERIFY( subject1.values(QCA::Organization).contains("Qca Development and Test") );
00905 QVERIFY( subject1.values(QCA::OrganizationalUnit).contains("Server Management Section") );
00906 QVERIFY( subject1.values(QCA::CommonName).contains("Qca Server Test certificate") );
00907
00908 QCA::CertificateInfo issuer1 = server1.issuerInfo();
00909 QCOMPARE( issuer1.isEmpty(), false );
00910 QVERIFY( issuer1.values(QCA::Country).contains("AU") );
00911 QVERIFY( issuer1.values(QCA::Organization).contains("Qca Development and Test") );
00912 QVERIFY( issuer1.values(QCA::OrganizationalUnit).contains("Certificate Generation Section") );
00913 QVERIFY( issuer1.values(QCA::CommonName).contains("Qca Test Root Certificate") );
00914
00915 QByteArray subjectKeyID = QCA::Hex().stringToArray("3CAAB3B75975DB2C95AFB481FA5640D8986B27CB").toByteArray();
00916 QCOMPARE( server1.subjectKeyId(), subjectKeyID );
00917 QByteArray authorityKeyID = QCA::Hex().stringToArray("513ff2146e496adc41b815b5a086f42ee4f545f8").toByteArray();
00918 QCOMPARE( server1.issuerKeyId(), authorityKeyID );
00919
00920 QCA::PublicKey pubkey1 = server1.subjectPublicKey();
00921 QCOMPARE( pubkey1.isNull(), false );
00922 QCOMPARE( pubkey1.isRSA(), true );
00923 QCOMPARE( pubkey1.isDSA(), false );
00924 QCOMPARE( pubkey1.isDH(), false );
00925 QCOMPARE( pubkey1.isPublic(), true );
00926 QCOMPARE( pubkey1.isPrivate(), false );
00927 QCOMPARE( pubkey1.bitSize(), 1024 );
00928
00929 QCOMPARE( server1.pathLimit(), 0 );
00930
00931 QCOMPARE( server1.signatureAlgorithm(), QCA::EMSA3_SHA1 );
00932
00933 QCA::CertificateCollection trusted;
00934 QCA::CertificateCollection untrusted;
00935 QCOMPARE( server1.validate( trusted, untrusted ), QCA::ErrorInvalidCA );
00936
00937 QCA::ConvertResult resultca1;
00938 QCA::Certificate ca1 = QCA::Certificate::fromPEMFile( "certs/QcaTestRootCert.pem", &resultca1, provider);
00939 QCOMPARE( resultca1, QCA::ConvertGood );
00940 trusted.addCertificate( ca1 );
00941 QCOMPARE( server1.validate( trusted, untrusted ), QCA::ValidityGood );
00942 QCOMPARE( server1.validate( trusted, untrusted, QCA::UsageAny ), QCA::ValidityGood );
00943 QCOMPARE( server1.validate( trusted, untrusted, QCA::UsageTLSServer ), QCA::ValidityGood );
00944 QCOMPARE( server1.validate( trusted, untrusted, QCA::UsageTLSClient ), QCA::ErrorInvalidPurpose );
00945 QCOMPARE( server1.validate( trusted, untrusted, QCA::UsageCodeSigning ), QCA::ErrorInvalidPurpose );
00946 QCOMPARE( server1.validate( trusted, untrusted, QCA::UsageTimeStamping ), QCA::ErrorInvalidPurpose );
00947 QCOMPARE( server1.validate( trusted, untrusted, QCA::UsageEmailProtection ), QCA::ErrorInvalidPurpose );
00948 QCOMPARE( server1.validate( trusted, untrusted, QCA::UsageCRLSigning ), QCA::ErrorInvalidPurpose );
00949
00950 QByteArray derServer1 = server1.toDER();
00951 QCOMPARE( derServer1.isEmpty(), false );
00952 QCA::Certificate fromDer1 = QCA::Certificate::fromDER( derServer1, &resultServer1, provider );
00953 QCOMPARE( resultServer1, QCA::ConvertGood );
00954 QCOMPARE( fromDer1 == server1, true );
00955 }
00956 }
00957 }
00958
00959
00960 void CertUnitTest::checkSystemStore()
00961 {
00962 if ( QCA::isSupported("cert") && QCA::isSupported("crl") ) {
00963 QCOMPARE( QCA::haveSystemStore(), true );
00964
00965 QCA::CertificateCollection collection1;
00966 collection1 = QCA::systemStore();
00967
00968 QVERIFY( collection1.certificates().count() > 0);
00969 } else {
00970 QCOMPARE( QCA::haveSystemStore(), false );
00971 }
00972 }
00973
00974 void CertUnitTest::crl()
00975 {
00976 QStringList providersToTest;
00977 providersToTest.append("qca-ossl");
00978
00979
00980 foreach(const QString provider, providersToTest) {
00981 if( !QCA::isSupported( "crl", provider ) )
00982 QWARN( QString( "Certificate revocation not supported for "+provider).toLocal8Bit() );
00983 else {
00984 QCA::CRL emptyCRL;
00985 QVERIFY( emptyCRL.isNull() );
00986
00987 QCA::ConvertResult resultCrl;
00988 QCA::CRL crl1 = QCA::CRL::fromPEMFile( "certs/Test_CRL.crl", &resultCrl, provider);
00989 QCOMPARE( resultCrl, QCA::ConvertGood );
00990 QCOMPARE( crl1.isNull(), false );
00991
00992 QCA::CertificateInfo issuer = crl1.issuerInfo();
00993 QCOMPARE( issuer.isEmpty(), false );
00994 QVERIFY( issuer.values(QCA::Country).contains("de") );
00995 QVERIFY( issuer.values(QCA::Organization).contains("InsecureTestCertificate") );
00996 QVERIFY( issuer.values(QCA::CommonName).contains("For Tests Only") );
00997
00998
00999 QCOMPARE( QCA::arrayToHex( crl1.issuerKeyId() ), QString("") );
01000
01001 QCOMPARE( crl1.thisUpdate(), QDateTime(QDate(2001, 8, 17), QTime(11, 12, 03)) );
01002 QCOMPARE( crl1.nextUpdate(), QDateTime(QDate(2006, 8, 16), QTime(11, 12, 03)) );
01003
01004 QCOMPARE( crl1.signatureAlgorithm(), QCA::EMSA3_MD5 );
01005
01006 QCOMPARE( crl1.issuerKeyId(), QByteArray("") );
01007 QCOMPARE( crl1, QCA::CRL(crl1) );
01008 QCOMPARE( crl1 == QCA::CRL(), false );
01009 QCOMPARE( crl1.number(), -1 );
01010
01011 QList<QCA::CRLEntry> revokedList = crl1.revoked();
01012 QCOMPARE( revokedList.size(), 2 );
01013 qSort(revokedList);
01014 QCOMPARE( revokedList[0].serialNumber(), QCA::BigInteger("3") );
01015 QCOMPARE( revokedList[1].serialNumber(), QCA::BigInteger("5") );
01016 QCOMPARE( revokedList[0].reason(), QCA::CRLEntry::Unspecified );
01017 QCOMPARE( revokedList[1].reason(), QCA::CRLEntry::Unspecified );
01018 QCOMPARE( revokedList[0].time(), QDateTime(QDate(2001, 8, 17), QTime(11, 10, 39)) );
01019 QCOMPARE( revokedList[1].time(), QDateTime(QDate(2001, 8, 17), QTime(11, 11, 59)) );
01020
01021
01022 QByteArray derCRL1 = crl1.toDER();
01023
01024 QCOMPARE( derCRL1.isEmpty(), false );
01025
01026 QCA::CRL fromDer1 = QCA::CRL::fromDER( derCRL1, &resultCrl, provider );
01027
01028 QCOMPARE( resultCrl, QCA::ConvertGood );
01029
01030 QCOMPARE( fromDer1, crl1 );
01031 }
01032 }
01033 }
01034
01035 void CertUnitTest::crl2()
01036 {
01037 QStringList providersToTest;
01038 providersToTest.append("qca-ossl");
01039
01040
01041 foreach(const QString provider, providersToTest) {
01042 if( !QCA::isSupported( "crl", provider ) )
01043 QWARN( QString( "Certificate revocation not supported for "+provider).toLocal8Bit() );
01044 else {
01045 QCA::ConvertResult resultCrl;
01046 QCA::CRL crl1 = QCA::CRL::fromPEMFile( "certs/GoodCACRL.pem", &resultCrl, provider);
01047 QCOMPARE( resultCrl, QCA::ConvertGood );
01048 QCOMPARE( crl1.isNull(), false );
01049 QCOMPARE( crl1.provider()->name(), provider );
01050
01051 QCA::CertificateInfo issuer = crl1.issuerInfo();
01052 QCOMPARE( issuer.isEmpty(), false );
01053 QVERIFY( issuer.values(QCA::Country).contains("US") );
01054 QVERIFY( issuer.values(QCA::Organization).contains("Test Certificates") );
01055 QVERIFY( issuer.values(QCA::CommonName).contains("Good CA") );
01056
01057 QCOMPARE( crl1.thisUpdate(), QDateTime(QDate(2001, 4, 19), QTime(14, 57, 20)) );
01058 QCOMPARE( crl1.nextUpdate(), QDateTime(QDate(2011, 4, 19), QTime(14, 57, 20)) );
01059
01060 QCOMPARE( crl1.signatureAlgorithm(), QCA::EMSA3_SHA1 );
01061
01062 QCOMPARE( QCA::arrayToHex( crl1.issuerKeyId() ), QString("b72ea682cbc2c8bca87b2744d73533df9a1594c7") );
01063 QCOMPARE( crl1.number(), 1 );
01064 QCOMPARE( crl1, QCA::CRL(crl1) );
01065 QCOMPARE( crl1 == QCA::CRL(), false );
01066
01067 QList<QCA::CRLEntry> revokedList = crl1.revoked();
01068 QCOMPARE( revokedList.size(), 2 );
01069 qSort(revokedList);
01070 QCOMPARE( revokedList[0].serialNumber(), QCA::BigInteger("14") );
01071 QCOMPARE( revokedList[1].serialNumber(), QCA::BigInteger("15") );
01072 QCOMPARE( revokedList[0].reason(), QCA::CRLEntry::KeyCompromise );
01073 QCOMPARE( revokedList[1].reason(), QCA::CRLEntry::KeyCompromise );
01074 QCOMPARE( revokedList[0].time(), QDateTime(QDate(2001, 4, 19), QTime(14, 57, 20)) );
01075 QCOMPARE( revokedList[1].time(), QDateTime(QDate(2001, 4, 19), QTime(14, 57, 20)) );
01076
01077
01078 QByteArray derCRL1 = crl1.toDER();
01079
01080 QCOMPARE( derCRL1.isEmpty(), false );
01081
01082 QCA::CRL fromDer1 = QCA::CRL::fromDER( derCRL1, &resultCrl, provider );
01083
01084 QCOMPARE( resultCrl, QCA::ConvertGood );
01085
01086 QCOMPARE( fromDer1, crl1 );
01087
01088
01089 QString pemCRL1 = crl1.toPEM();
01090
01091 QCOMPARE( pemCRL1.isEmpty(), false );
01092
01093 QCA::CRL fromPEM1 = QCA::CRL::fromPEM( pemCRL1, &resultCrl, provider );
01094
01095 QCOMPARE( resultCrl, QCA::ConvertGood );
01096
01097 QCOMPARE( fromPEM1, crl1 );
01098 }
01099 }
01100 }
01101
01102 void CertUnitTest::csr()
01103 {
01104 QStringList providersToTest;
01105 providersToTest.append("qca-ossl");
01106
01107
01108 foreach(const QString provider, providersToTest) {
01109 if( !QCA::isSupported( "csr", provider ) )
01110 QWARN( QString( "Certificate signing requests not supported for "+provider).toLocal8Bit() );
01111 else {
01112 QCA::CertificateRequest nullCSR;
01113 QVERIFY( nullCSR.isNull() );
01114 QCA::CertificateRequest anotherNullCSR = nullCSR;
01115 QVERIFY( anotherNullCSR.isNull() );
01116 QCOMPARE( nullCSR, anotherNullCSR);
01117
01118 QCA::ConvertResult resultCsr;
01119 QCA::CertificateRequest csr1 = QCA::CertificateRequest::fromPEMFile( "certs/csr1.pem", &resultCsr, provider);
01120 QCOMPARE( resultCsr, QCA::ConvertGood );
01121 QCOMPARE( csr1.isNull(), false );
01122 QCOMPARE( csr1.provider()->name(), provider );
01123 QCA::CertificateInfo subject = csr1.subjectInfo();
01124 QCOMPARE( subject.isEmpty(), false );
01125 QVERIFY( subject.values(QCA::Country).contains("AU") );
01126 QVERIFY( subject.values(QCA::State).contains("Victoria") );
01127 QVERIFY( subject.values(QCA::Locality).contains("Mitcham") );
01128 QVERIFY( subject.values(QCA::Organization).contains("GE Interlogix") );
01129 QVERIFY( subject.values(QCA::OrganizationalUnit).contains("Engineering") );
01130 QVERIFY( subject.values(QCA::CommonName).contains("coldfire") );
01131
01132 QCA::PublicKey pkey = csr1.subjectPublicKey();
01133 QCOMPARE( pkey.isNull(), false );
01134 QVERIFY( pkey.isRSA() );
01135
01136 QCA::RSAPublicKey rsaPkey = pkey.toRSA();
01137 QCOMPARE( rsaPkey.isNull(), false );
01138 QCOMPARE( rsaPkey.e(), QCA::BigInteger(65537) );
01139 QCOMPARE( rsaPkey.n(), QCA::BigInteger("104853561647822232509211983664549572246855698961210758585652966258891659217901732470712446421431206166165309547771124747713609923038218156616083520796442797276676074122658684367500665423564881889504308700315044585826841844654287577169905826705891670004942854611681809539126326134927995969418712881512819058439") );
01140
01141 QCOMPARE( csr1.signatureAlgorithm(), QCA::EMSA3_MD5 );
01142 }
01143 }
01144 }
01145
01146 void CertUnitTest::csr2()
01147 {
01148 QStringList providersToTest;
01149 providersToTest.append("qca-ossl");
01150
01151
01152 foreach(const QString provider, providersToTest) {
01153 if( !QCA::isSupported( "csr", provider ) )
01154 QWARN( QString( "Certificate signing requests not supported for "+provider).toLocal8Bit() );
01155 else {
01156 QCA::ConvertResult resultCsr;
01157 QCA::CertificateRequest csr1 = QCA::CertificateRequest::fromPEMFile( "certs/newreq.pem", &resultCsr, provider);
01158 QCOMPARE( resultCsr, QCA::ConvertGood );
01159 QCOMPARE( csr1.isNull(), false );
01160 QCOMPARE( csr1.provider()->name(), provider );
01161 QCA::CertificateInfo subject = csr1.subjectInfo();
01162 QCOMPARE( subject.isEmpty(), false );
01163 QVERIFY( subject.values(QCA::Country).contains("AI") );
01164 QVERIFY( subject.values(QCA::State).contains("Hutt River Province") );
01165 QVERIFY( subject.values(QCA::Locality).contains("Lesser Internet") );
01166 QVERIFY( subject.values(QCA::Organization).contains("My Company Ltd") );
01167 QVERIFY( subject.values(QCA::OrganizationalUnit).contains("Backwater Branch Office") );
01168 QVERIFY( subject.values(QCA::CommonName).contains("FirstName Surname") );
01169
01170 QCA::PublicKey pkey = csr1.subjectPublicKey();
01171 QCOMPARE( pkey.isNull(), false );
01172 QVERIFY( pkey.isRSA() );
01173
01174 QCA::RSAPublicKey rsaPkey = pkey.toRSA();
01175 QCOMPARE( rsaPkey.isNull(), false );
01176 QCOMPARE( rsaPkey.e(), QCA::BigInteger(65537) );
01177 QCOMPARE( rsaPkey.n(), QCA::BigInteger("151872780463004414908584891835397365176526767139347372444365914360701714510188717169754430290680734981291754624394094502297070722505032645306680495915914243593438796635264236530526146243919417744996366836534380790370421346490191416041004278161146551997010463199760480957900518811859984176646089981367745961681" ) );
01178
01179 QCOMPARE( csr1.signatureAlgorithm(), QCA::EMSA3_MD5 );
01180
01181
01182 QByteArray derCSR1 = csr1.toDER();
01183
01184 QCOMPARE( derCSR1.isEmpty(), false );
01185
01186 QCA::CertificateRequest fromDer1 = QCA::CertificateRequest::fromDER( derCSR1, &resultCsr, provider );
01187
01188 QCOMPARE( resultCsr, QCA::ConvertGood );
01189
01190 QCOMPARE( fromDer1, csr1 );
01191
01192
01193 QString pemCSR1 = csr1.toPEM();
01194
01195 QCOMPARE( pemCSR1.isEmpty(), false );
01196
01197 QCA::CertificateRequest fromPEM1 = QCA::CertificateRequest::fromPEM( pemCSR1, &resultCsr, provider );
01198
01199 QCOMPARE( resultCsr, QCA::ConvertGood );
01200
01201 QCOMPARE( fromPEM1, csr1 );
01202 }
01203 }
01204 }
01205 QTEST_MAIN(CertUnitTest)
01206
01207 #include "certunittest.moc"
KDE 4.4 API Reference 