Merge branch 'master' of git://scm.dev.nokia.troll.no/qt/qtbase-earth-staging

* 'master' of git://scm.dev.nokia.troll.no/qt/qtbase-earth-staging: add auto test for SSL certificates containing utf8 characters fix coding style for merge request re. utf8 characters in SSL certs Use OpenSSL X509_NAME_ENTRY API to parse UTF8 subjectName/issuerName
2011-05-24 01:59:03 +10:00 · 2011-05-24 01:59:03 +10:00 · da88412334
commit da88412334
parent 60cea67af0 a89436fd9d
7 changed files with 86 additions and 41 deletions
--- a/src/network/ssl/qsslcertificate.cpp
+++ b/src/network/ssl/qsslcertificate.cpp
@ -127,7 +127,7 @@
 QT_BEGIN_NAMESPACE
 // forward declaration
-static QMap<QString, QString> _q_mapFromOnelineName(char *name);
+static QMap<QString, QString> _q_mapFromX509Name(X509_NAME *name);
 /*!
    Constructs a QSslCertificate by reading \a format encoded data
@ -324,7 +324,7 @@ QString QSslCertificate::issuerInfo(SubjectInfo info) const
    // lazy init
    if (d->issuerInfo.isEmpty() && d->x509)
        d->issuerInfo =
-                _q_mapFromOnelineName(q_X509_NAME_oneline(q_X509_get_issuer_name(d->x509), 0, 0));
+                _q_mapFromX509Name(q_X509_get_issuer_name(d->x509));
    return d->issuerInfo.value(_q_SubjectInfoToString(info));
 }
@ -341,7 +341,7 @@ QString QSslCertificate::issuerInfo(const QByteArray &tag) const
    // lazy init
    if (d->issuerInfo.isEmpty() && d->x509)
        d->issuerInfo =
-                _q_mapFromOnelineName(q_X509_NAME_oneline(q_X509_get_issuer_name(d->x509), 0, 0));
+                _q_mapFromX509Name(q_X509_get_issuer_name(d->x509));
    return d->issuerInfo.value(QString::fromLatin1(tag));
 }
@ -360,7 +360,7 @@ QString QSslCertificate::subjectInfo(SubjectInfo info) const
    // lazy init
    if (d->subjectInfo.isEmpty() && d->x509)
        d->subjectInfo =
-                _q_mapFromOnelineName(q_X509_NAME_oneline(q_X509_get_subject_name(d->x509), 0, 0));
+                _q_mapFromX509Name(q_X509_get_subject_name(d->x509));
    return d->subjectInfo.value(_q_SubjectInfoToString(info));
 }
@ -376,7 +376,7 @@ QString QSslCertificate::subjectInfo(const QByteArray &tag) const
    // lazy init
    if (d->subjectInfo.isEmpty() && d->x509)
        d->subjectInfo =
-                _q_mapFromOnelineName(q_X509_NAME_oneline(q_X509_get_subject_name(d->x509), 0, 0));
+                _q_mapFromX509Name(q_X509_get_subject_name(d->x509));
    return d->subjectInfo.value(QString::fromLatin1(tag));
 }
@ -666,37 +666,17 @@ QByteArray QSslCertificatePrivate::QByteArray_from_X509(X509 *x509, QSsl::Encodi
    return BEGINCERTSTRING "\n" + tmp + ENDCERTSTRING "\n";
 }
-static QMap<QString, QString> _q_mapFromOnelineName(char *name)
+static QMap<QString, QString> _q_mapFromX509Name(X509_NAME *name)
 {
    QMap<QString, QString> info;
-    QString infoStr = QString::fromLocal8Bit(name);
+    for (int i = 0; i < q_X509_NAME_entry_count(name); ++i) {
-    q_CRYPTO_free(name);
+        X509_NAME_ENTRY *e = q_X509_NAME_get_entry(name, i);
-
+        const char *obj = q_OBJ_nid2sn(q_OBJ_obj2nid(q_X509_NAME_ENTRY_get_object(e)));
-    // ### The right-hand encoding seems to allow hex (Regulierungsbeh\xC8orde)
+        unsigned char *data = 0;
-    //entry.replace(QLatin1String("\\x"), QLatin1String("%"));
+        int size = q_ASN1_STRING_to_UTF8(&data, q_X509_NAME_ENTRY_get_data(e));
-    //entry = QUrl::fromPercentEncoding(entry.toLatin1());
+        info[QString::fromUtf8(obj)] = QString::fromUtf8((char*)data, size);
-    // ### See RFC-4630 for more details!
+        q_CRYPTO_free(data);
    QRegExp rx(QLatin1String("/([A-Za-z]+)=(.+)"));
    int pos = 0;
    while ((pos = rx.indexIn(infoStr, pos)) != -1) {
        const QString name = rx.cap(1);
        QString value = rx.cap(2);
        const int valuePos = rx.pos(2);
        const int next = rx.indexIn(value);
        if (next == -1) {
            info.insert(name, value);
            break;
        }
        value = value.left(next);
        info.insert(name, value);
        pos = valuePos + value.length();
    }
    return info;
 }
--- a/src/network/ssl/qsslsocket_openssl_symbols.cpp
+++ b/src/network/ssl/qsslsocket_openssl_symbols.cpp
@ -101,6 +101,7 @@ DEFINEFUNC3(void *, ASN1_dup, i2d_of_void *a, a, d2i_of_void *b, b, char *c, c,
 DEFINEFUNC(long, ASN1_INTEGER_get, ASN1_INTEGER *a, a, return 0, return)
 DEFINEFUNC(unsigned char *, ASN1_STRING_data, ASN1_STRING *a, a, return 0, return)
 DEFINEFUNC(int, ASN1_STRING_length, ASN1_STRING *a, a, return 0, return)
 DEFINEFUNC2(int, ASN1_STRING_to_UTF8, unsigned char **a, a, ASN1_STRING *b, b, return 0, return);
 DEFINEFUNC4(long, BIO_ctrl, BIO *a, a, int b, b, long c, c, void *d, d, return -1, return)
 DEFINEFUNC(int, BIO_free, BIO *a, a, return 0, return)
 DEFINEFUNC(BIO *, BIO_new, BIO_METHOD *a, a, return 0, return)
@ -248,7 +249,10 @@ DEFINEFUNC4(void *, X509_get_ext_d2i, X509 *a, a, int b, b, int *c, c, int *d, d
 DEFINEFUNC(X509_NAME *, X509_get_issuer_name, X509 *a, a, return 0, return)
 DEFINEFUNC(X509_NAME *, X509_get_subject_name, X509 *a, a, return 0, return)
 DEFINEFUNC(int, X509_verify_cert, X509_STORE_CTX *a, a, return -1, return)
-DEFINEFUNC3(char *, X509_NAME_oneline, X509_NAME *a, a, char *b, b, int c, c, return 0, return)
+DEFINEFUNC(int, X509_NAME_entry_count, X509_NAME *a, a, return 0, return)
 DEFINEFUNC2(X509_NAME_ENTRY *, X509_NAME_get_entry, X509_NAME *a, a, int b, b, return 0, return)
 DEFINEFUNC(ASN1_STRING *, X509_NAME_ENTRY_get_data, X509_NAME_ENTRY *a, a, return 0, return)
 DEFINEFUNC(ASN1_OBJECT *, X509_NAME_ENTRY_get_object, X509_NAME_ENTRY *a, a, return 0, return)
 DEFINEFUNC(EVP_PKEY *, X509_PUBKEY_get, X509_PUBKEY *a, a, return 0, return)
 DEFINEFUNC(void, X509_STORE_free, X509_STORE *a, a, return, DUMMYARG)
 DEFINEFUNC(X509_STORE *, X509_STORE_new, DUMMYARG, DUMMYARG, return 0, return)
@ -647,6 +651,7 @@ bool q_resolveOpenSslSymbols()
    RESOLVEFUNC(ASN1_INTEGER_get)
    RESOLVEFUNC(ASN1_STRING_data)
    RESOLVEFUNC(ASN1_STRING_length)
    RESOLVEFUNC(ASN1_STRING_to_UTF8)
    RESOLVEFUNC(BIO_ctrl)
    RESOLVEFUNC(BIO_free)
    RESOLVEFUNC(BIO_new)
@ -736,7 +741,10 @@ bool q_resolveOpenSslSymbols()
    RESOLVEFUNC(SSLv3_server_method)
    RESOLVEFUNC(SSLv23_server_method)
    RESOLVEFUNC(TLSv1_server_method)
-    RESOLVEFUNC(X509_NAME_oneline)
+    RESOLVEFUNC(X509_NAME_entry_count)
    RESOLVEFUNC(X509_NAME_get_entry)
    RESOLVEFUNC(X509_NAME_ENTRY_get_data)
    RESOLVEFUNC(X509_NAME_ENTRY_get_object)
    RESOLVEFUNC(X509_PUBKEY_get)
    RESOLVEFUNC(X509_STORE_free)
    RESOLVEFUNC(X509_STORE_new)
--- a/src/network/ssl/qsslsocket_openssl_symbols_p.h
+++ b/src/network/ssl/qsslsocket_openssl_symbols_p.h
@ -204,6 +204,7 @@ bool q_resolveOpenSslSymbols();
 long q_ASN1_INTEGER_get(ASN1_INTEGER *a);
 unsigned char * q_ASN1_STRING_data(ASN1_STRING *a);
 int q_ASN1_STRING_length(ASN1_STRING *a);
 int q_ASN1_STRING_to_UTF8(unsigned char **a, ASN1_STRING *b);
 long q_BIO_ctrl(BIO *a, int b, long c, void *d);
 int q_BIO_free(BIO *a);
 BIO *q_BIO_new(BIO_METHOD *a);
@ -360,7 +361,10 @@ void *q_X509_get_ext_d2i(X509 *a, int b, int *c, int *d);
 X509_NAME *q_X509_get_issuer_name(X509 *a);
 X509_NAME *q_X509_get_subject_name(X509 *a);
 int q_X509_verify_cert(X509_STORE_CTX *ctx);
-char *q_X509_NAME_oneline(X509_NAME *a, char *b, int c);
+int q_X509_NAME_entry_count(X509_NAME *a);
 X509_NAME_ENTRY *q_X509_NAME_get_entry(X509_NAME *a,int b);
 ASN1_STRING *q_X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *a);
 ASN1_OBJECT *q_X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *a);
 EVP_PKEY *q_X509_PUBKEY_get(X509_PUBKEY *a);
 void q_X509_STORE_free(X509_STORE *store);
 X509_STORE *q_X509_STORE_new();
--- a/tests/auto/qsslcertificate/certificates/cert-ss-san-utf8.pem
+++ b/tests/auto/qsslcertificate/certificates/cert-ss-san-utf8.pem
@ -0,0 +1,16 @@
 -----BEGIN CERTIFICATE-----
 MIICkTCCAfqgAwIBAgIJAL1nF+PLAF2KMA0GCSqGSIb3DQEBBQUAMGkxKzApBgNV
 BAoMIkjElcSCxrLDvyDKjeG6v8qI4bq34bi7IFLDqWPDtnJkxZ0xFTATBgNVBAsM
 DOOIp0HjiYHvvatCQzEWMBQGA1UEAwwNSm9obm55IEd1aXRhcjELMAkGA1UEBhMC
 Tk8wHhcNMTEwNTA1MDgxMzEwWhcNMTEwNjA0MDgxMzEwWjBpMSswKQYDVQQKDCJI
 xJXEgsayw78gyo3hur/KiOG6t+G4uyBSw6ljw7ZyZMWdMRUwEwYDVQQLDAzjiKdB
 44mB772rQkMxFjAUBgNVBAMMDUpvaG5ueSBHdWl0YXIxCzAJBgNVBAYTAk5PMIGf
 MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2zSxS17I6596dJE/VAmGz+06D9S8n
 3C0hnIGNVu+LwbgDJTvOw0SzNj4UP72UGgd3UI1KLBg5XWIsRNmE3COJMMh6syjI
 L1Ept+tVXxGL6n4gl+0nZ7dkUyxJmeFtigYrL+qCH1yd5rmf3sC3jO4IosuAiG66
 IDkJEVo64NT8ZQIDAQABo0EwPzA9BgNVHREENjA0gQ9hcm5lQGZvb2Jhci5vcmeC
 Dnd3dy5mb29iYXIub3JngRFiamFybmVAZm9vYmFyLm9yZzANBgkqhkiG9w0BAQUF
 AAOBgQAqVhbC0/EUFdnKlYV3PrknwGX1dPEPGJuIQHa0KpoicvNiOhs1HxBDYbzc
 F6wcAMEynq4YwGKhcQLZOs2mo0LreAjA9rU/yBnqrnUW/4gxtUUvmJKK+62IjfLp
 eO1L+1NcEMJiaZf8fip4VXhXdOYUhgE8WUZ1UJRC6w3T/yAgcQ==
 -----END CERTIFICATE-----
--- a/tests/auto/qsslcertificate/certificates/cert-ss-san-utf8.pem.san
+++ b/tests/auto/qsslcertificate/certificates/cert-ss-san-utf8.pem.san
@ -0,0 +1,5 @@
 [subj_alt_name]
 subjectAltName=\
  email:arne@foobar.org,\
  DNS:www.foobar.org,\
  email:bjarne@foobar.org
--- a/tests/auto/qsslcertificate/certificates/gencertificates.sh
+++ b/tests/auto/qsslcertificate/certificates/gencertificates.sh
@ -90,5 +90,15 @@ openssl req -x509 -in req-san.pem -out $outname -key rsa-pri-1024.pem \
    -config san.cnf -extensions subj_alt_name
 /bin/cp san.cnf $outname.san
 #--- Non-ASCII Subject ---------------------------------------------------------------------
 echo -e "\n generating self signed root cert. with Subject containing UTF-8 characters ..."
 outname=cert-ss-san-utf8.pem
 #subject="/O=HĕĂƲÿ ʍếʈặḻ Récördŝ/OU=㈧A㉁ｫBC/CN=Johnny Guitar/C=NO"
 subject=$'/O=H\xc4\x95\xc4\x82\xc6\xb2\xc3\xbf \xca\x8d\xe1\xba\xbf\xca\x88\xe1\xba\xb7\xe1\xb8\xbb R\xc3\xa9c\xc3\xb6rd\xc5\x9d/OU=\xe3\x88\xa7A\xe3\x89\x81\xef\xbd\xabBC/CN=Johnny Guitar/C=NO'
 openssl req -out req-san.pem -new -key rsa-pri-1024.pem -utf8 -subj "$subject"
 openssl req -x509 -in req-san.pem -out $outname -key rsa-pri-1024.pem \
    -config san.cnf -extensions subj_alt_name -nameopt multiline,utf8,-esc_msb
 /bin/cp san.cnf $outname.san
 echo -e "\n cleaning up ..."
 /bin/rm rsa-pri-1024.pem rsa-pub-1024.* req*.pem
--- a/tests/auto/qsslcertificate/tst_qsslcertificate.cpp
+++ b/tests/auto/qsslcertificate/tst_qsslcertificate.cpp
@ -96,6 +96,7 @@ private slots:
    void digest_data();
    void digest();
    void alternateSubjectNames_data();
    void utf8SubjectNames();
    void alternateSubjectNames();
    void publicKey_data();
    void publicKey();
@ -407,6 +408,27 @@ void tst_QSslCertificate::alternateSubjectNames()
    }
 }
 void tst_QSslCertificate::utf8SubjectNames()
 {
    QSslCertificate cert = QSslCertificate::fromPath("certificates/cert-ss-san-utf8.pem", QSsl::Pem,
                                                     QRegExp::FixedString).first();
    QVERIFY(!cert.isNull());
    // O is "Heavy Metal Records" with heavy use of "decorations" like accents, umlauts etc.,
    // OU uses arabian / asian script letters near codepoint 64K.
    // strings split where the compiler would otherwise find three-digit hex numbers
    static const char *o = "H\xc4\x95\xc4\x82\xc6\xb2\xc3\xbf \xca\x8d\xe1\xba\xbf\xca\x88\xe1\xba"
            "\xb7\xe1\xb8\xbb R\xc3\xa9" "c" "\xc3\xb6rd\xc5\x9d";
    static const char *ou = "\xe3\x88\xa7" "A" "\xe3\x89\x81\xef\xbd\xab" "BC";
    // the following two tests should help find "\x"-literal encoding bugs in the test itself
    QCOMPARE(cert.subjectInfo("O").length(), QString::fromUtf8(o).length());
    QCOMPARE (cert.subjectInfo("O").toUtf8().toHex(), QByteArray(o).toHex());
    QCOMPARE(cert.subjectInfo("O"), QString::fromUtf8(o));
    QCOMPARE(cert.subjectInfo("OU"), QString::fromUtf8(ou));
 }
 void tst_QSslCertificate::publicKey_data()
 {
    QTest::addColumn<QString>("certFilePath");
@ -519,13 +541,13 @@ void tst_QSslCertificate::fromPath_data()
    QTest::newRow("\"certificates/*\" fixed der") << QString("certificates/*") << int(QRegExp::FixedString) << false << 0;
    QTest::newRow("\"certificates/*\" regexp pem") << QString("certificates/*") << int(QRegExp::RegExp) << true << 0;
    QTest::newRow("\"certificates/*\" regexp der") << QString("certificates/*") << int(QRegExp::RegExp) << false << 0;
-    QTest::newRow("\"certificates/*\" wildcard pem") << QString("certificates/*") << int(QRegExp::Wildcard) << true << 4;
+    QTest::newRow("\"certificates/*\" wildcard pem") << QString("certificates/*") << int(QRegExp::Wildcard) << true << 5;
    QTest::newRow("\"certificates/*\" wildcard der") << QString("certificates/*") << int(QRegExp::Wildcard) << false << 0;
    QTest::newRow("\"c*/c*.pem\" fixed pem") << QString("c*/c*.pem") << int(QRegExp::FixedString) << true << 0;
    QTest::newRow("\"c*/c*.pem\" fixed der") << QString("c*/c*.pem") << int(QRegExp::FixedString) << false << 0;
    QTest::newRow("\"c*/c*.pem\" regexp pem") << QString("c*/c*.pem") << int(QRegExp::RegExp) << true << 0;
    QTest::newRow("\"c*/c*.pem\" regexp der") << QString("c*/c*.pem") << int(QRegExp::RegExp) << false << 0;
-    QTest::newRow("\"c*/c*.pem\" wildcard pem") << QString("c*/c*.pem") << int(QRegExp::Wildcard) << true << 4;
+    QTest::newRow("\"c*/c*.pem\" wildcard pem") << QString("c*/c*.pem") << int(QRegExp::Wildcard) << true << 5;
    QTest::newRow("\"c*/c*.pem\" wildcard der") << QString("c*/c*.pem") << int(QRegExp::Wildcard) << false << 0;
    QTest::newRow("\"d*/c*.pem\" fixed pem") << QString("d*/c*.pem") << int(QRegExp::FixedString) << true << 0;
    QTest::newRow("\"d*/c*.pem\" fixed der") << QString("d*/c*.pem") << int(QRegExp::FixedString) << false << 0;
@ -535,7 +557,7 @@ void tst_QSslCertificate::fromPath_data()
    QTest::newRow("\"d*/c*.pem\" wildcard der") << QString("d*/c*.pem") << int(QRegExp::Wildcard) << false << 0;
    QTest::newRow("\"c.*/c.*.pem\" fixed pem") << QString("c.*/c.*.pem") << int(QRegExp::FixedString) << true << 0;
    QTest::newRow("\"c.*/c.*.pem\" fixed der") << QString("c.*/c.*.pem") << int(QRegExp::FixedString) << false << 0;
-    QTest::newRow("\"c.*/c.*.pem\" regexp pem") << QString("c.*/c.*.pem") << int(QRegExp::RegExp) << true << 4;
+    QTest::newRow("\"c.*/c.*.pem\" regexp pem") << QString("c.*/c.*.pem") << int(QRegExp::RegExp) << true << 5;
    QTest::newRow("\"c.*/c.*.pem\" regexp der") << QString("c.*/c.*.pem") << int(QRegExp::RegExp) << false << 0;
    QTest::newRow("\"c.*/c.*.pem\" wildcard pem") << QString("c.*/c.*.pem") << int(QRegExp::Wildcard) << true << 0;
    QTest::newRow("\"c.*/c.*.pem\" wildcard der") << QString("c.*/c.*.pem") << int(QRegExp::Wildcard) << false << 0;
@ -546,7 +568,7 @@ void tst_QSslCertificate::fromPath_data()
    QTest::newRow("\"d.*/c.*.pem\" wildcard pem") << QString("d.*/c.*.pem") << int(QRegExp::Wildcard) << true << 0;
    QTest::newRow("\"d.*/c.*.pem\" wildcard der") << QString("d.*/c.*.pem") << int(QRegExp::Wildcard) << false << 0;
 #ifdef Q_OS_LINUX
-    QTest::newRow("absolute path wildcard pem") << QString(QDir::currentPath() + "/certificates/*.pem") << int(QRegExp::Wildcard) << true << 4;
+    QTest::newRow("absolute path wildcard pem") << QString(QDir::currentPath() + "/certificates/*.pem") << int(QRegExp::Wildcard) << true << 5;
 #endif
    QTest::newRow("trailing-whitespace") << QString("more-certificates/trailing-whitespace.pem") << int(QRegExp::FixedString) << true << 1;
@ -769,7 +791,7 @@ void tst_QSslCertificate::nulInCN()
    QString cn = cert.subjectInfo(QSslCertificate::CommonName);
    QVERIFY(cn != "www.bank.com");
-    static const char realCN[] = "www.bank.com\\x00.badguy.com";
+    static const char realCN[] = "www.bank.com\0.badguy.com";
    QCOMPARE(cn, QString::fromLatin1(realCN, sizeof realCN - 1));
 }