From 852d4b03f612748fb16f592dda884e9634b468cf Mon Sep 17 00:00:00 2001 From: Richard Moore Date: Mon, 11 Jul 2011 16:15:14 +0200 Subject: [PATCH] SSL: Add methods to access the tags of the subject and issuer of a cert Add methods that return a list of the tags in use in a certificate issuer or subject. This means that unknown elements of these fields can be accessed. Change-Id: I588989e34f541b1d31cc9e97f5a85d1624ece1b1 Merge-request: 18 Reviewed-by: Peter Hartmann Reviewed-on: http://codereview.qt.nokia.com/1451 --- src/network/ssl/qsslcertificate.cpp | 38 +++++++++++++ src/network/ssl/qsslcertificate.h | 2 + .../more-certificates/natwest-banking.pem | 36 ++++++++++++ .../more-certificates/test-cn-with-drink-cert.pem | 66 ++++++++++++++++++++++ tests/auto/qsslcertificate/tst_qsslcertificate.cpp | 18 ++++++ 5 files changed, 160 insertions(+) create mode 100644 tests/auto/qsslcertificate/more-certificates/natwest-banking.pem create mode 100644 tests/auto/qsslcertificate/more-certificates/test-cn-with-drink-cert.pem diff --git a/src/network/ssl/qsslcertificate.cpp b/src/network/ssl/qsslcertificate.cpp index 2e5b313..9cc74c6 100644 --- a/src/network/ssl/qsslcertificate.cpp +++ b/src/network/ssl/qsslcertificate.cpp @@ -386,6 +386,44 @@ QStringList QSslCertificate::subjectInfo(const QByteArray &tag) const } /*! + Returns a list of the tags that have values in the subject + information of this certificate. The information associated + with a given tag can be accessed using the subjectInfo() + method. Note that this list may include the OIDs for any + elements that are not known by the SSL backend. + + \sa subjectInfo() +*/ +QList QSslCertificate::subjectInfoTags() const +{ + // lazy init + if (d->subjectInfo.isEmpty() && d->x509) + d->subjectInfo = + _q_mapFromX509Name(q_X509_get_subject_name(d->x509)); + + return d->subjectInfo.uniqueKeys(); +} + +/*! + Returns a list of the tags that have values in the issuer + information of this certificate. The information associated + with a given tag can be accessed using the issuerInfo() + method. Note that this list may include the OIDs for any + elements that are not known by the SSL backend. + + \sa subjectInfo() +*/ +QList QSslCertificate::issuerInfoTags() const +{ + // lazy init + if (d->issuerInfo.isEmpty() && d->x509) + d->issuerInfo = + _q_mapFromX509Name(q_X509_get_issuer_name(d->x509)); + + return d->issuerInfo.uniqueKeys(); +} + +/*! Returns the list of alternative subject names for this certificate. The alternate subject names typically contain host names, optionally with wildcards, that are valid for this diff --git a/src/network/ssl/qsslcertificate.h b/src/network/ssl/qsslcertificate.h index 8abaa3f..b038a6a 100644 --- a/src/network/ssl/qsslcertificate.h +++ b/src/network/ssl/qsslcertificate.h @@ -103,6 +103,8 @@ public: QStringList issuerInfo(const QByteArray &tag) const; QStringList subjectInfo(SubjectInfo info) const; QStringList subjectInfo(const QByteArray &tag) const; + QList subjectInfoTags() const; + QList issuerInfoTags() const; QMultiMap alternateSubjectNames() const; QDateTime effectiveDate() const; QDateTime expiryDate() const; diff --git a/tests/auto/qsslcertificate/more-certificates/natwest-banking.pem b/tests/auto/qsslcertificate/more-certificates/natwest-banking.pem new file mode 100644 index 0000000..c3e303c --- /dev/null +++ b/tests/auto/qsslcertificate/more-certificates/natwest-banking.pem @@ -0,0 +1,36 @@ +-----BEGIN CERTIFICATE----- +MIIGTTCCBTWgAwIBAgIQEdaGfQ9bnSLsmQJm4rWlBjANBgkqhkiG9w0BAQUFADCB +vjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL +ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug +YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE4MDYGA1UEAxMv +VmVyaVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBTR0MgQ0Ew +HhcNMDkwOTE1MDAwMDAwWhcNMTExMTA5MjM1OTU5WjCCAQAxEzARBgsrBgEEAYI3 +PAIBAxMCR0IxGzAZBgNVBA8TElYxLjAsIENsYXVzZSA1LihiKTERMA8GA1UEBRMI +U0MwNDU1NTExCzAJBgNVBAYTAkdCMRAwDgYDVQQRFAdFSDMgNlVZMRAwDgYDVQQI +EwdMb3RoaWFuMRIwEAYDVQQHFAlFZGluYnVyZ2gxFjAUBgNVBAkUDTM0IEZldHRl +cyBSb3cxLTArBgNVBAoUJFRoZSBSb3lhbCBCYW5rIG9mIFNjb3RsYW5kIEdyb3Vw +IFBsYzEVMBMGA1UECxQMV2ViIFNlcnZpY2VzMRYwFAYDVQQDFA13d3cubndvbGIu +Y29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw4bRz9mxrbicnYun +uYoobkfDBjmmJKpSDBbcZCsZDWyLsLvoZh2Ez6Ux9GAbf4m5pLoIQnzQORy40NAt +bNDFhMJV0Iq65ju8qdYaUaWUdrxkLiwrIsiZwUMgcDOwdOvgO4qTev2OjkQg6syj +J+3HTaRrqekfrV5RvBNZ8vPVXK3cWERykzxwqXHwr9QL/n3wqDn4hCOb11Ic2rUf +H9TcPvxv7eFFnGL4ZJ3EU83tE/CmOYgz086BUDBKSvOHqHt2QWiPN/tHAgwfHYKj +eYCMWM21G0rDugeN+urZN+p364kO+VygBxnNIPSr/ZY+4DCdjaKGe8sOJdvI6ip5 +4a1q3QIDAQABo4ICADCCAfwwCQYDVR0TBAIwADAdBgNVHQ4EFgQUX5AjzSTKUsk2 +KfB+nbH+CODuafAwCwYDVR0PBAQDAgWgMD4GA1UdHwQ3MDUwM6AxoC+GLWh0dHA6 +Ly9FVkludGwtY3JsLnZlcmlzaWduLmNvbS9FVkludGwyMDA2LmNybDBEBgNVHSAE +PTA7MDkGC2CGSAGG+EUBBxcGMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZl +cmlzaWduLmNvbS9ycGEwNAYDVR0lBC0wKwYIKwYBBQUHAwEGCCsGAQUFBwMCBglg +hkgBhvhCBAEGCisGAQQBgjcKAwMwHwYDVR0jBBgwFoAUTkPIHXbvN1N6T/JYb5Tz +OOLVvd8wdgYIKwYBBQUHAQEEajBoMCsGCCsGAQUFBzABhh9odHRwOi8vRVZJbnRs +LW9jc3AudmVyaXNpZ24uY29tMDkGCCsGAQUFBzAChi1odHRwOi8vRVZJbnRsLWFp +YS52ZXJpc2lnbi5jb20vRVZJbnRsMjAwNi5jZXIwbgYIKwYBBQUHAQwEYjBgoV6g +XDBaMFgwVhYJaW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUS2u5KJYGDLvQUjibKaxL +B4shBRgwJhYkaHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nbzEuZ2lmMA0G +CSqGSIb3DQEBBQUAA4IBAQCT64k2YepUu257B3pA4pjbKr/dmlOztUYS/IAtlJpo +As+R+T9dohGP+4liqHtlMMSKPRnwmSCj/KucJJ9UnIC89D3bVAP1Drvk5+gTwGZ5 +JkqPQqZsfEaeihmf8iu9stkYSQxMJcr24S4VEiGt2rdHhESq0OUel4SkMhlmSp5P +sZxqX1HByBJnsF4bcvIY3C4eTrso5awqNgomGhxizJWmK8/sdEcys82SHgSjG4Bp +05gUpXQrLTqWXDDOg5Uy745Gc8TpgqW1ZfpGg7EkjJX7EhBSKF0/2cNKVYUE9bnO +VGd7vK10NOhK7Uk9CkDALK+MvIIkxmRBmAFuQ4D+eqNF +-----END CERTIFICATE----- diff --git a/tests/auto/qsslcertificate/more-certificates/test-cn-with-drink-cert.pem b/tests/auto/qsslcertificate/more-certificates/test-cn-with-drink-cert.pem new file mode 100644 index 0000000..952b711 --- /dev/null +++ b/tests/auto/qsslcertificate/more-certificates/test-cn-with-drink-cert.pem @@ -0,0 +1,66 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 11 (0xb) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN=Westpoint Certificate Test CA, ST=Lancashire, C=UK/emailAddress=ca@example.com, O=Westpoint Certificate Test Root Certification Authority + Validity + Not Before: Jun 26 19:36:40 2011 GMT + Not After : Jun 23 19:36:40 2021 GMT + Subject: CN=example.com/emailAddress=test@example.com/favouriteDrink=tequila + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:a5:88:9c:fd:1b:8d:26:90:7d:ed:b2:66:14:09: + 88:9f:c5:96:87:97:84:33:db:fd:a9:32:20:d0:4d: + 03:ce:34:a6:b3:e2:db:33:27:e5:5b:09:3b:6f:49: + 36:c8:99:63:88:4c:33:f2:55:bc:04:02:07:50:59: + 6a:34:52:4c:83:74:cb:d5:54:b5:a9:41:91:07:0e: + cf:50:3b:87:09:a5:5f:d8:71:f3:ee:d8:10:6d:5c: + 5d:69:ab:dc:98:d7:1a:38:63:c6:15:4e:d7:31:19: + 96:4c:db:be:d3:32:9d:ad:8b:1d:85:1b:aa:cf:d1: + b1:a4:ce:bf:5a:0f:30:a0:63 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Authority Information Access: + OCSP - URI:http://ocsp.example.com:8888/ + + Signature Algorithm: sha1WithRSAEncryption + 21:55:2f:82:17:e6:8c:2c:39:af:2a:ce:b7:83:7f:cf:76:ce: + 25:39:b5:08:3c:9b:33:a2:9b:f7:3f:df:7d:67:7b:11:c7:e3: + ac:6f:59:c0:4f:25:3b:6d:3c:ec:3e:c2:0d:4c:a4:43:dd:4f: + c4:4c:5a:67:9d:a9:7a:91:c3:48:ed:40:5e:4d:6f:18:46:38: + 9c:e2:9a:7f:c9:d8:26:0c:35:fa:60:87:67:45:56:42:81:ba: + 4b:b6:03:6f:6c:7d:d1:f9:78:a1:08:9e:4a:f1:00:07:4b:ca: + ec:a4:1d:26:ad:63:46:63:5f:b2:64:2e:d3:cd:80:35:87:4f: + c4:16:1a:91:97:50:95:16:31:c5:97:49:70:19:68:a9:a8:6c: + 0f:c3:5b:8f:6a:1f:3f:e7:3b:ba:48:76:2c:b0:8d:b3:de:ce: + 7b:c7:bf:0f:80:34:7c:73:d5:d6:45:63:83:02:c5:4d:73:9b: + 66:8a:3a:66:dc:0c:9f:75:1a:a7:15:d1:1d:7f:12:af:f4:5d: + 9c:80:99:55:9b:26:69:ec:76:11:fe:4e:65:f7:57:7d:32:bb: + 9a:25:51:76:f5:68:99:2a:d2:a5:53:17:87:b6:ad:08:f1:24: + db:6f:45:07:d2:f1:60:50:ac:a0:d0:b7:0b:45:aa:e2:27:38: + 1f:4c:41:a3 +-----BEGIN CERTIFICATE----- +MIIDOzCCAiOgAwIBAgIBCzANBgkqhkiG9w0BAQUFADCBqzEmMCQGA1UEAxMdV2Vz +dHBvaW50IENlcnRpZmljYXRlIFRlc3QgQ0ExEzARBgNVBAgTCkxhbmNhc2hpcmUx +CzAJBgNVBAYTAlVLMR0wGwYJKoZIhvcNAQkBFg5jYUBleGFtcGxlLmNvbTFAMD4G +A1UEChM3V2VzdHBvaW50IENlcnRpZmljYXRlIFRlc3QgUm9vdCBDZXJ0aWZpY2F0 +aW9uIEF1dGhvcml0eTAeFw0xMTA2MjYxOTM2NDBaFw0yMTA2MjMxOTM2NDBaMFAx +FDASBgNVBAMTC2V4YW1wbGUuY29tMR8wHQYJKoZIhvcNAQkBFhB0ZXN0QGV4YW1w +bGUuY29tMRcwFQYKCZImiZPyLGQBBRMHdGVxdWlsYTCBnzANBgkqhkiG9w0BAQEF +AAOBjQAwgYkCgYEApYic/RuNJpB97bJmFAmIn8WWh5eEM9v9qTIg0E0DzjSms+Lb +MyflWwk7b0k2yJljiEwz8lW8BAIHUFlqNFJMg3TL1VS1qUGRBw7PUDuHCaVf2HHz +7tgQbVxdaavcmNcaOGPGFU7XMRmWTNu+0zKdrYsdhRuqz9GxpM6/Wg8woGMCAwEA +AaNIMEYwCQYDVR0TBAIwADA5BggrBgEFBQcBAQQtMCswKQYIKwYBBQUHMAGGHWh0 +dHA6Ly9vY3NwLmV4YW1wbGUuY29tOjg4ODgvMA0GCSqGSIb3DQEBBQUAA4IBAQAh +VS+CF+aMLDmvKs63g3/Pds4lObUIPJszopv3P999Z3sRx+Osb1nATyU7bTzsPsIN +TKRD3U/ETFpnnal6kcNI7UBeTW8YRjic4pp/ydgmDDX6YIdnRVZCgbpLtgNvbH3R ++XihCJ5K8QAHS8rspB0mrWNGY1+yZC7TzYA1h0/EFhqRl1CVFjHFl0lwGWipqGwP +w1uPah8/5zu6SHYssI2z3s57x78PgDR8c9XWRWODAsVNc5tmijpm3AyfdRqnFdEd +fxKv9F2cgJlVmyZp7HYR/k5l91d9MruaJVF29WiZKtKlUxeHtq0I8STbb0UH0vFg +UKyg0LcLRariJzgfTEGj +-----END CERTIFICATE----- diff --git a/tests/auto/qsslcertificate/tst_qsslcertificate.cpp b/tests/auto/qsslcertificate/tst_qsslcertificate.cpp index e95af1e..c04f315 100644 --- a/tests/auto/qsslcertificate/tst_qsslcertificate.cpp +++ b/tests/auto/qsslcertificate/tst_qsslcertificate.cpp @@ -115,6 +115,7 @@ private slots: void blacklistedCertificates(); void toText(); void multipleCommonNames(); + void subjectAndIssuerTags(); // ### add tests for certificate bundles (multiple certificates concatenated into a single // structure); both PEM and DER formatted @@ -883,6 +884,23 @@ void tst_QSslCertificate::multipleCommonNames() QVERIFY(commonNames.contains(QString("www2.example.com"))); } +void tst_QSslCertificate::subjectAndIssuerTags() +{ + QList certList = + QSslCertificate::fromPath(SRCDIR "more-certificates/test-cn-with-drink-cert.pem"); + QVERIFY2(certList.count() > 0, "Please run this test from the source directory"); + + QList tags = certList[0].subjectInfoTags(); + QVERIFY(tags.contains(QByteArray("favouriteDrink"))); + tags.clear(); + + certList = QSslCertificate::fromPath(SRCDIR "more-certificates/natwest-banking.pem"); + QVERIFY2(certList.count() > 0, "Please run this test from the source directory"); + + tags = certList[0].subjectInfoTags(); + QVERIFY(tags.contains(QByteArray("1.3.6.1.4.1.311.60.2.1.3"))); +} + #endif // QT_NO_OPENSSL QTEST_MAIN(tst_QSslCertificate) -- 2.7.4