1berry/qtbase
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'master' of git://scm.dev.nokia.troll.no/qt/qtbase-earth-staging

Browse Source 
* 'master' of git://scm.dev.nokia.troll.no/qt/qtbase-earth-staging:
  add auto test for SSL certificates containing utf8 characters
  fix coding style for merge request re. utf8 characters in SSL certs
  Use OpenSSL X509_NAME_ENTRY API to parse UTF8 subjectName/issuerName
This commit is contained in:
Qt Continuous Integration System 2011-05-24 01:59:03 +10:00
commit da88412334
7 changed files with 86 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
src/network/ssl/qsslcertificate.cpp
View File

@ -127,7 +127,7 @@
QT_BEGIN_NAMESPACE
// forward declaration
static QMap<QString, QString> _q_mapFromOnelineName(char *name);
static QMap<QString, QString> _q_mapFromX509Name(X509_NAME *name);
/*!
Constructs a QSslCertificate by reading \a format encoded data
@ -324,7 +324,7 @@ QString QSslCertificate::issuerInfo(SubjectInfo info) const
// lazy init
if (d->issuerInfo.isEmpty() && d->x509)
d->issuerInfo =
_q_mapFromOnelineName(q_X509_NAME_oneline(q_X509_get_issuer_name(d->x509), 0, 0));
_q_mapFromX509Name(q_X509_get_issuer_name(d->x509));
return d->issuerInfo.value(_q_SubjectInfoToString(info));
}
@ -341,7 +341,7 @@ QString QSslCertificate::issuerInfo(const QByteArray &tag) const
// lazy init
if (d->issuerInfo.isEmpty() && d->x509)
d->issuerInfo =
_q_mapFromOnelineName(q_X509_NAME_oneline(q_X509_get_issuer_name(d->x509), 0, 0));
_q_mapFromX509Name(q_X509_get_issuer_name(d->x509));
return d->issuerInfo.value(QString::fromLatin1(tag));
}
@ -360,7 +360,7 @@ QString QSslCertificate::subjectInfo(SubjectInfo info) const
// lazy init
if (d->subjectInfo.isEmpty() && d->x509)
d->subjectInfo =
_q_mapFromOnelineName(q_X509_NAME_oneline(q_X509_get_subject_name(d->x509), 0, 0));
_q_mapFromX509Name(q_X509_get_subject_name(d->x509));
return d->subjectInfo.value(_q_SubjectInfoToString(info));
}
@ -376,7 +376,7 @@ QString QSslCertificate::subjectInfo(const QByteArray &tag) const
// lazy init
if (d->subjectInfo.isEmpty() && d->x509)
d->subjectInfo =
_q_mapFromOnelineName(q_X509_NAME_oneline(q_X509_get_subject_name(d->x509), 0, 0));
_q_mapFromX509Name(q_X509_get_subject_name(d->x509));
return d->subjectInfo.value(QString::fromLatin1(tag));
}
@ -666,37 +666,17 @@ QByteArray QSslCertificatePrivate::QByteArray_from_X509(X509 *x509, QSsl::Encodi
return BEGINCERTSTRING "\n" + tmp + ENDCERTSTRING "\n";
}
static QMap<QString, QString> _q_mapFromOnelineName(char *name)
static QMap<QString, QString> _q_mapFromX509Name(X509_NAME *name)
{
QMap<QString, QString> info;
QString infoStr = QString::fromLocal8Bit(name);
q_CRYPTO_free(name);
// ### The right-hand encoding seems to allow hex (Regulierungsbeh\xC8orde)
//entry.replace(QLatin1String("\\x"), QLatin1String("%"));
//entry = QUrl::fromPercentEncoding(entry.toLatin1());
// ### See RFC-4630 for more details!
QRegExp rx(QLatin1String("/([A-Za-z]+)=(.+)"));
int pos = 0;
while ((pos = rx.indexIn(infoStr, pos)) != -1) {
const QString name = rx.cap(1);
QString value = rx.cap(2);
const int valuePos = rx.pos(2);
const int next = rx.indexIn(value);
if (next == -1) {
info.insert(name, value);
break;
}
value = value.left(next);
info.insert(name, value);
pos = valuePos + value.length();
for (int i = 0; i < q_X509_NAME_entry_count(name); ++i) {
X509_NAME_ENTRY *e = q_X509_NAME_get_entry(name, i);
const char *obj = q_OBJ_nid2sn(q_OBJ_obj2nid(q_X509_NAME_ENTRY_get_object(e)));
unsigned char *data = 0;
int size = q_ASN1_STRING_to_UTF8(&data, q_X509_NAME_ENTRY_get_data(e));
info[QString::fromUtf8(obj)] = QString::fromUtf8((char*)data, size);
q_CRYPTO_free(data);
}
return info;
}

12
src/network/ssl/qsslsocket_openssl_symbols.cpp
View File

@ -101,6 +101,7 @@ DEFINEFUNC3(void *, ASN1_dup, i2d_of_void *a, a, d2i_of_void *b, b, char *c, c,
DEFINEFUNC(long, ASN1_INTEGER_get, ASN1_INTEGER *a, a, return 0, return)
DEFINEFUNC(unsigned char *, ASN1_STRING_data, ASN1_STRING *a, a, return 0, return)
DEFINEFUNC(int, ASN1_STRING_length, ASN1_STRING *a, a, return 0, return)
DEFINEFUNC2(int, ASN1_STRING_to_UTF8, unsigned char **a, a, ASN1_STRING *b, b, return 0, return);
DEFINEFUNC4(long, BIO_ctrl, BIO *a, a, int b, b, long c, c, void *d, d, return -1, return)
DEFINEFUNC(int, BIO_free, BIO *a, a, return 0, return)
DEFINEFUNC(BIO *, BIO_new, BIO_METHOD *a, a, return 0, return)
@ -248,7 +249,10 @@ DEFINEFUNC4(void *, X509_get_ext_d2i, X509 *a, a, int b, b, int *c, c, int *d, d
DEFINEFUNC(X509_NAME *, X509_get_issuer_name, X509 *a, a, return 0, return)
DEFINEFUNC(X509_NAME *, X509_get_subject_name, X509 *a, a, return 0, return)
DEFINEFUNC(int, X509_verify_cert, X509_STORE_CTX *a, a, return -1, return)
DEFINEFUNC3(char *, X509_NAME_oneline, X509_NAME *a, a, char *b, b, int c, c, return 0, return)
DEFINEFUNC(int, X509_NAME_entry_count, X509_NAME *a, a, return 0, return)
DEFINEFUNC2(X509_NAME_ENTRY *, X509_NAME_get_entry, X509_NAME *a, a, int b, b, return 0, return)
DEFINEFUNC(ASN1_STRING *, X509_NAME_ENTRY_get_data, X509_NAME_ENTRY *a, a, return 0, return)
DEFINEFUNC(ASN1_OBJECT *, X509_NAME_ENTRY_get_object, X509_NAME_ENTRY *a, a, return 0, return)
DEFINEFUNC(EVP_PKEY *, X509_PUBKEY_get, X509_PUBKEY *a, a, return 0, return)
DEFINEFUNC(void, X509_STORE_free, X509_STORE *a, a, return, DUMMYARG)
DEFINEFUNC(X509_STORE *, X509_STORE_new, DUMMYARG, DUMMYARG, return 0, return)
@ -647,6 +651,7 @@ bool q_resolveOpenSslSymbols()
RESOLVEFUNC(ASN1_INTEGER_get)
RESOLVEFUNC(ASN1_STRING_data)
RESOLVEFUNC(ASN1_STRING_length)
RESOLVEFUNC(ASN1_STRING_to_UTF8)
RESOLVEFUNC(BIO_ctrl)
RESOLVEFUNC(BIO_free)
RESOLVEFUNC(BIO_new)
@ -736,7 +741,10 @@ bool q_resolveOpenSslSymbols()
RESOLVEFUNC(SSLv3_server_method)
RESOLVEFUNC(SSLv23_server_method)
RESOLVEFUNC(TLSv1_server_method)
RESOLVEFUNC(X509_NAME_oneline)
RESOLVEFUNC(X509_NAME_entry_count)
RESOLVEFUNC(X509_NAME_get_entry)
RESOLVEFUNC(X509_NAME_ENTRY_get_data)
RESOLVEFUNC(X509_NAME_ENTRY_get_object)
RESOLVEFUNC(X509_PUBKEY_get)
RESOLVEFUNC(X509_STORE_free)
RESOLVEFUNC(X509_STORE_new)

6
src/network/ssl/qsslsocket_openssl_symbols_p.h
View File

@ -204,6 +204,7 @@ bool q_resolveOpenSslSymbols();
long q_ASN1_INTEGER_get(ASN1_INTEGER *a);
unsigned char * q_ASN1_STRING_data(ASN1_STRING *a);
int q_ASN1_STRING_length(ASN1_STRING *a);
int q_ASN1_STRING_to_UTF8(unsigned char **a, ASN1_STRING *b);
long q_BIO_ctrl(BIO *a, int b, long c, void *d);
int q_BIO_free(BIO *a);
BIO *q_BIO_new(BIO_METHOD *a);
@ -360,7 +361,10 @@ void *q_X509_get_ext_d2i(X509 *a, int b, int *c, int *d);
X509_NAME *q_X509_get_issuer_name(X509 *a);
X509_NAME *q_X509_get_subject_name(X509 *a);
int q_X509_verify_cert(X509_STORE_CTX *ctx);
char *q_X509_NAME_oneline(X509_NAME *a, char *b, int c);
int q_X509_NAME_entry_count(X509_NAME *a);
X509_NAME_ENTRY *q_X509_NAME_get_entry(X509_NAME *a,int b);
ASN1_STRING *q_X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *a);
ASN1_OBJECT *q_X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *a);
EVP_PKEY *q_X509_PUBKEY_get(X509_PUBKEY *a);
void q_X509_STORE_free(X509_STORE *store);
X509_STORE *q_X509_STORE_new();

16
tests/auto/qsslcertificate/certificates/cert-ss-san-utf8.pem Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN CERTIFICATE-----
MIICkTCCAfqgAwIBAgIJAL1nF+PLAF2KMA0GCSqGSIb3DQEBBQUAMGkxKzApBgNV
BAoMIkjElcSCxrLDvyDKjeG6v8qI4bq34bi7IFLDqWPDtnJkxZ0xFTATBgNVBAsM
DOOIp0HjiYHvvatCQzEWMBQGA1UEAwwNSm9obm55IEd1aXRhcjELMAkGA1UEBhMC
Tk8wHhcNMTEwNTA1MDgxMzEwWhcNMTEwNjA0MDgxMzEwWjBpMSswKQYDVQQKDCJI
xJXEgsayw78gyo3hur/KiOG6t+G4uyBSw6ljw7ZyZMWdMRUwEwYDVQQLDAzjiKdB
44mB772rQkMxFjAUBgNVBAMMDUpvaG5ueSBHdWl0YXIxCzAJBgNVBAYTAk5PMIGf
MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2zSxS17I6596dJE/VAmGz+06D9S8n
3C0hnIGNVu+LwbgDJTvOw0SzNj4UP72UGgd3UI1KLBg5XWIsRNmE3COJMMh6syjI
L1Ept+tVXxGL6n4gl+0nZ7dkUyxJmeFtigYrL+qCH1yd5rmf3sC3jO4IosuAiG66
IDkJEVo64NT8ZQIDAQABo0EwPzA9BgNVHREENjA0gQ9hcm5lQGZvb2Jhci5vcmeC
Dnd3dy5mb29iYXIub3JngRFiamFybmVAZm9vYmFyLm9yZzANBgkqhkiG9w0BAQUF
AAOBgQAqVhbC0/EUFdnKlYV3PrknwGX1dPEPGJuIQHa0KpoicvNiOhs1HxBDYbzc
F6wcAMEynq4YwGKhcQLZOs2mo0LreAjA9rU/yBnqrnUW/4gxtUUvmJKK+62IjfLp
eO1L+1NcEMJiaZf8fip4VXhXdOYUhgE8WUZ1UJRC6w3T/yAgcQ==
-----END CERTIFICATE-----

5
tests/auto/qsslcertificate/certificates/cert-ss-san-utf8.pem.san Normal file
View File

@ -0,0 +1,5 @@
[subj_alt_name]
subjectAltName=\
email:arne@foobar.org,\
DNS:www.foobar.org,\
email:bjarne@foobar.org

10
tests/auto/qsslcertificate/certificates/gencertificates.sh
View File

@ -90,5 +90,15 @@ openssl req -x509 -in req-san.pem -out $outname -key rsa-pri-1024.pem \
-config san.cnf -extensions subj_alt_name
/bin/cp san.cnf $outname.san
#--- Non-ASCII Subject ---------------------------------------------------------------------
echo -e "\n generating self signed root cert. with Subject containing UTF-8 characters ..."
outname=cert-ss-san-utf8.pem
#subject="/O=HĕĂƲÿ ʍếʈặḻ Récördŝ/OU=㈧A㉁ォBC/CN=Johnny Guitar/C=NO"
subject=$'/O=H\xc4\x95\xc4\x82\xc6\xb2\xc3\xbf \xca\x8d\xe1\xba\xbf\xca\x88\xe1\xba\xb7\xe1\xb8\xbb R\xc3\xa9c\xc3\xb6rd\xc5\x9d/OU=\xe3\x88\xa7A\xe3\x89\x81\xef\xbd\xabBC/CN=Johnny Guitar/C=NO'
openssl req -out req-san.pem -new -key rsa-pri-1024.pem -utf8 -subj "$subject"
openssl req -x509 -in req-san.pem -out $outname -key rsa-pri-1024.pem \
-config san.cnf -extensions subj_alt_name -nameopt multiline,utf8,-esc_msb
/bin/cp san.cnf $outname.san
echo -e "\n cleaning up ..."
/bin/rm rsa-pri-1024.pem rsa-pub-1024.* req*.pem

32
tests/auto/qsslcertificate/tst_qsslcertificate.cpp
View File

@ -96,6 +96,7 @@ private slots:
void digest_data();
void digest();
void alternateSubjectNames_data();
void utf8SubjectNames();
void alternateSubjectNames();
void publicKey_data();
void publicKey();
@ -407,6 +408,27 @@ void tst_QSslCertificate::alternateSubjectNames()
}
}
void tst_QSslCertificate::utf8SubjectNames()
{
QSslCertificate cert = QSslCertificate::fromPath("certificates/cert-ss-san-utf8.pem", QSsl::Pem,
QRegExp::FixedString).first();
QVERIFY(!cert.isNull());
// O is "Heavy Metal Records" with heavy use of "decorations" like accents, umlauts etc.,
// OU uses arabian / asian script letters near codepoint 64K.
// strings split where the compiler would otherwise find three-digit hex numbers
static const char *o = "H\xc4\x95\xc4\x82\xc6\xb2\xc3\xbf \xca\x8d\xe1\xba\xbf\xca\x88\xe1\xba"
"\xb7\xe1\xb8\xbb R\xc3\xa9" "c" "\xc3\xb6rd\xc5\x9d";
static const char *ou = "\xe3\x88\xa7" "A" "\xe3\x89\x81\xef\xbd\xab" "BC";
// the following two tests should help find "\x"-literal encoding bugs in the test itself
QCOMPARE(cert.subjectInfo("O").length(), QString::fromUtf8(o).length());
QCOMPARE (cert.subjectInfo("O").toUtf8().toHex(), QByteArray(o).toHex());
QCOMPARE(cert.subjectInfo("O"), QString::fromUtf8(o));
QCOMPARE(cert.subjectInfo("OU"), QString::fromUtf8(ou));
}
void tst_QSslCertificate::publicKey_data()
{
QTest::addColumn<QString>("certFilePath");
@ -519,13 +541,13 @@ void tst_QSslCertificate::fromPath_data()
QTest::newRow("\"certificates/*\" fixed der") << QString("certificates/*") << int(QRegExp::FixedString) << false << 0;
QTest::newRow("\"certificates/*\" regexp pem") << QString("certificates/*") << int(QRegExp::RegExp) << true << 0;
QTest::newRow("\"certificates/*\" regexp der") << QString("certificates/*") << int(QRegExp::RegExp) << false << 0;
QTest::newRow("\"certificates/*\" wildcard pem") << QString("certificates/*") << int(QRegExp::Wildcard) << true << 4;
QTest::newRow("\"certificates/*\" wildcard pem") << QString("certificates/*") << int(QRegExp::Wildcard) << true << 5;
QTest::newRow("\"certificates/*\" wildcard der") << QString("certificates/*") << int(QRegExp::Wildcard) << false << 0;
QTest::newRow("\"c*/c*.pem\" fixed pem") << QString("c*/c*.pem") << int(QRegExp::FixedString) << true << 0;
QTest::newRow("\"c*/c*.pem\" fixed der") << QString("c*/c*.pem") << int(QRegExp::FixedString) << false << 0;
QTest::newRow("\"c*/c*.pem\" regexp pem") << QString("c*/c*.pem") << int(QRegExp::RegExp) << true << 0;
QTest::newRow("\"c*/c*.pem\" regexp der") << QString("c*/c*.pem") << int(QRegExp::RegExp) << false << 0;
QTest::newRow("\"c*/c*.pem\" wildcard pem") << QString("c*/c*.pem") << int(QRegExp::Wildcard) << true << 4;
QTest::newRow("\"c*/c*.pem\" wildcard pem") << QString("c*/c*.pem") << int(QRegExp::Wildcard) << true << 5;
QTest::newRow("\"c*/c*.pem\" wildcard der") << QString("c*/c*.pem") << int(QRegExp::Wildcard) << false << 0;
QTest::newRow("\"d*/c*.pem\" fixed pem") << QString("d*/c*.pem") << int(QRegExp::FixedString) << true << 0;
QTest::newRow("\"d*/c*.pem\" fixed der") << QString("d*/c*.pem") << int(QRegExp::FixedString) << false << 0;
@ -535,7 +557,7 @@ void tst_QSslCertificate::fromPath_data()
QTest::newRow("\"d*/c*.pem\" wildcard der") << QString("d*/c*.pem") << int(QRegExp::Wildcard) << false << 0;
QTest::newRow("\"c.*/c.*.pem\" fixed pem") << QString("c.*/c.*.pem") << int(QRegExp::FixedString) << true << 0;
QTest::newRow("\"c.*/c.*.pem\" fixed der") << QString("c.*/c.*.pem") << int(QRegExp::FixedString) << false << 0;
QTest::newRow("\"c.*/c.*.pem\" regexp pem") << QString("c.*/c.*.pem") << int(QRegExp::RegExp) << true << 4;
QTest::newRow("\"c.*/c.*.pem\" regexp pem") << QString("c.*/c.*.pem") << int(QRegExp::RegExp) << true << 5;
QTest::newRow("\"c.*/c.*.pem\" regexp der") << QString("c.*/c.*.pem") << int(QRegExp::RegExp) << false << 0;
QTest::newRow("\"c.*/c.*.pem\" wildcard pem") << QString("c.*/c.*.pem") << int(QRegExp::Wildcard) << true << 0;
QTest::newRow("\"c.*/c.*.pem\" wildcard der") << QString("c.*/c.*.pem") << int(QRegExp::Wildcard) << false << 0;
@ -546,7 +568,7 @@ void tst_QSslCertificate::fromPath_data()
QTest::newRow("\"d.*/c.*.pem\" wildcard pem") << QString("d.*/c.*.pem") << int(QRegExp::Wildcard) << true << 0;
QTest::newRow("\"d.*/c.*.pem\" wildcard der") << QString("d.*/c.*.pem") << int(QRegExp::Wildcard) << false << 0;
#ifdef Q_OS_LINUX
QTest::newRow("absolute path wildcard pem") << QString(QDir::currentPath() + "/certificates/*.pem") << int(QRegExp::Wildcard) << true << 4;
QTest::newRow("absolute path wildcard pem") << QString(QDir::currentPath() + "/certificates/*.pem") << int(QRegExp::Wildcard) << true << 5;
#endif
QTest::newRow("trailing-whitespace") << QString("more-certificates/trailing-whitespace.pem") << int(QRegExp::FixedString) << true << 1;
@ -769,7 +791,7 @@ void tst_QSslCertificate::nulInCN()
QString cn = cert.subjectInfo(QSslCertificate::CommonName);
QVERIFY(cn != "www.bank.com");
static const char realCN[] = "www.bank.com\\x00.badguy.com";
static const char realCN[] = "www.bank.com\0.badguy.com";
QCOMPARE(cn, QString::fromLatin1(realCN, sizeof realCN - 1));
}