/****************************************************************************

**

** All rights reserved.

** Contact: Nokia Corporation (qt-info@nokia.com)

**

** This file is part of the test suite of the Qt Toolkit.

**

** $QT_BEGIN_LICENSE:LGPL$

** No Commercial Usage

** This file contains pre-release code and may not be distributed.

** You may use this file in accordance with the terms and conditions

** contained in the Technology Preview License Agreement accompanying

** this package.

**

** GNU Lesser General Public License Usage

** Alternatively, this file may be used under the terms of the GNU Lesser

** General Public License version 2.1 as published by the Free Software

** Foundation and appearing in the file LICENSE.LGPL included in the

** packaging of this file.  Please review the following information to

** ensure the GNU Lesser General Public License version 2.1 requirements

** will be met: http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html.

**

** In addition, as a special exception, Nokia gives you certain additional

** rights.  These rights are described in the Nokia Qt LGPL Exception

** version 1.1, included in the file LGPL_EXCEPTION.txt in this package.

**

** If you have questions regarding the use of this file, please contact

** Nokia at qt-info@nokia.com.

**

**

**

**

**

**

**

**

** $QT_END_LICENSE$

**

****************************************************************************/

#include <QtCore/qthread.h>

#include <QtNetwork/qhostaddress.h>

#include <QtNetwork/qhostinfo.h>

#include <QtNetwork/qnetworkproxy.h>

#include <QtNetwork/qsslcipher.h>

#include <QtNetwork/qsslconfiguration.h>

#include <QtNetwork/qsslkey.h>

#include <QtNetwork/qsslsocket.h>

#include <QtNetwork/qtcpserver.h>

#include <QtTest/QtTest>

#include <QNetworkProxy>

#include <QAuthenticator>

#include "../network-settings.h"

Q_DECLARE_METATYPE(QAbstractSocket::SocketState)

Q_DECLARE_METATYPE(QAbstractSocket::SocketError)

#ifndef QT_NO_OPENSSL

Q_DECLARE_METATYPE(QSslSocket::SslMode)

typedef QList<QSslError::SslError> SslErrorList;

Q_DECLARE_METATYPE(SslErrorList)

Q_DECLARE_METATYPE(QSslError)

#endif

#if defined Q_OS_HPUX && defined Q_CC_GNU

// This error is delivered every time we try to use the fluke CA

// certificate. For now we work around this bug. Task 202317.

#define QSSLSOCKET_CERTUNTRUSTED_WORKAROUND

#endif

#ifdef Q_OS_SYMBIAN

#define SRCDIR ""

#endif

#ifndef QT_NO_OPENSSL

class QSslSocketPtr: public QSharedPointer<QSslSocket>

{

public:

    inline QSslSocketPtr(QSslSocket *ptr = 0)

        : QSharedPointer<QSslSocket>(ptr)

    { }

    inline operator QSslSocket *() const { return data(); }

};

#endif

class tst_QSslSocket : public QObject

{

    Q_OBJECT

    int proxyAuthCalled;

public:

    tst_QSslSocket();

    virtual ~tst_QSslSocket();

    static void enterLoop(int secs)

    {

        ++loopLevel;

        QTestEventLoop::instance().enterLoop(secs);

    }

    static bool timeout()

    {

        return QTestEventLoop::instance().timeout();

    }

#ifndef QT_NO_OPENSSL

    QSslSocketPtr newSocket();

#endif

public slots:

    void initTestCase_data();

    void init();

    void cleanup();

    void proxyAuthenticationRequired(const QNetworkProxy &, QAuthenticator *auth);

#ifndef QT_NO_OPENSSL

private slots:

    void constructing();

    void simpleConnect();

    void simpleConnectWithIgnore();

    // API tests

    void sslErrors_data();

    void sslErrors();

    void addCaCertificate();

    void addCaCertificates();

    void addCaCertificates2();

    void ciphers();

    void connectToHostEncrypted();

    void connectToHostEncryptedWithVerificationPeerName();

    void sessionCipher();

    void flush();

    void isEncrypted();

    void localCertificate();

    void mode();

    void peerCertificate();

    void peerCertificateChain();

    void privateKey();

    void protocol();

    void setCaCertificates();

    void setLocalCertificate();

    void setPrivateKey();

    void setProtocol();

    void setSocketDescriptor();

    void waitForEncrypted();

    void waitForConnectedEncryptedReadyRead();

    void startClientEncryption();

    void startServerEncryption();

    void addDefaultCaCertificate();

    void addDefaultCaCertificates();

    void addDefaultCaCertificates2();

    void defaultCaCertificates();

    void defaultCiphers();

    void resetDefaultCiphers();

    void setDefaultCaCertificates();

    void setDefaultCiphers();

    void supportedCiphers();

    void systemCaCertificates();

    void wildcard();

    void setEmptyKey();

    void spontaneousWrite();

    void setReadBufferSize();

    void setReadBufferSize_task_250027();

    void waitForMinusOne();

    void verifyMode();

    void verifyDepth();

    void peerVerifyError();

    void disconnectFromHostWhenConnecting();

    void disconnectFromHostWhenConnected();

    void resetProxy();

    void ignoreSslErrorsList_data();

    void ignoreSslErrorsList();

    void ignoreSslErrorsListWithSlot_data();

    void ignoreSslErrorsListWithSlot();

    void readFromClosedSocket();

    void writeBigChunk();

    static void exitLoop()

    {

        // Safe exit - if we aren't in an event loop, don't

        // exit one.

        if (loopLevel > 0) {

            --loopLevel;

            QTestEventLoop::instance().exitLoop();

        }

    }

protected slots:

    void ignoreErrorSlot()

    {

        socket->ignoreSslErrors();

    }

    void untrustedWorkaroundSlot(const QList<QSslError> &errors)

    {

        if (errors.size() == 1 &&

                (errors.first().error() == QSslError::CertificateUntrusted ||

                        errors.first().error() == QSslError::SelfSignedCertificate))

            socket->ignoreSslErrors();

    }

    void ignoreErrorListSlot(const QList<QSslError> &errors);

private:

    QSslSocket *socket;

    QList<QSslError> storedExpectedSslErrors;

#endif // QT_NO_OPENSSL

private:

    static int loopLevel;

};

int tst_QSslSocket::loopLevel = 0;

tst_QSslSocket::tst_QSslSocket()

{

#ifndef QT_NO_OPENSSL

    qRegisterMetaType<QList<QSslError> >("QList<QSslError>");

    qRegisterMetaType<QSslError>("QSslError");

    qRegisterMetaType<QAbstractSocket::SocketState>("QAbstractSocket::SocketState");

    qRegisterMetaType<QAbstractSocket::SocketError>("QAbstractSocket::SocketError");

    qRegisterMetaType<QAbstractSocket::SocketState>("QSslSocket::SslMode");

#endif

    Q_SET_DEFAULT_IAP

}

tst_QSslSocket::~tst_QSslSocket()

{

}

enum ProxyTests {

    NoProxy = 0x00,

    Socks5Proxy = 0x01,

    HttpProxy = 0x02,

    TypeMask = 0x0f,

    NoAuth = 0x00,

    AuthBasic = 0x10,

    AuthNtlm = 0x20,

    AuthMask = 0xf0

};

void tst_QSslSocket::initTestCase_data()

{

    QTest::addColumn<bool>("setProxy");

    QTest::addColumn<int>("proxyType");

    QTest::newRow("WithoutProxy") << false << 0;

    QTest::newRow("WithSocks5Proxy") << true << int(Socks5Proxy);

    QTest::newRow("WithSocks5ProxyAuth") << true << int(Socks5Proxy | AuthBasic);

    QTest::newRow("WithHttpProxy") << true << int(HttpProxy);

    QTest::newRow("WithHttpProxyBasicAuth") << true << int(HttpProxy | AuthBasic);

    // uncomment the line below when NTLM works

//    QTest::newRow("WithHttpProxyNtlmAuth") << true << int(HttpProxy | AuthNtlm);

}

void tst_QSslSocket::init()

{

    QFETCH_GLOBAL(bool, setProxy);

    if (setProxy) {

        QFETCH_GLOBAL(int, proxyType);

        QString fluke = QHostInfo::fromName(QtNetworkSettings::serverName()).addresses().first().toString();

        QNetworkProxy proxy;

        switch (proxyType) {

        case Socks5Proxy:

            proxy = QNetworkProxy(QNetworkProxy::Socks5Proxy, fluke, 1080);

            break;

        case Socks5Proxy | AuthBasic:

            proxy = QNetworkProxy(QNetworkProxy::Socks5Proxy, fluke, 1081);

            break;

        case HttpProxy | NoAuth:

            proxy = QNetworkProxy(QNetworkProxy::HttpProxy, fluke, 3128);

            break;

        case HttpProxy | AuthBasic:

            proxy = QNetworkProxy(QNetworkProxy::HttpProxy, fluke, 3129);

            break;

        case HttpProxy | AuthNtlm:

            proxy = QNetworkProxy(QNetworkProxy::HttpProxy, fluke, 3130);

            break;

        }

        QNetworkProxy::setApplicationProxy(proxy);

    }

}

void tst_QSslSocket::cleanup()

{

    QNetworkProxy::setApplicationProxy(QNetworkProxy::DefaultProxy);

}

#ifndef QT_NO_OPENSSL

QSslSocketPtr tst_QSslSocket::newSocket()

{

    QSslSocket *socket = new QSslSocket;

    proxyAuthCalled = 0;

    connect(socket, SIGNAL(proxyAuthenticationRequired(QNetworkProxy,QAuthenticator*)),

            SLOT(proxyAuthenticationRequired(QNetworkProxy,QAuthenticator*)),

            Qt::DirectConnection);

    return QSslSocketPtr(socket);

}

#endif

void tst_QSslSocket::proxyAuthenticationRequired(const QNetworkProxy &, QAuthenticator *auth)

{

    ++proxyAuthCalled;

    auth->setUser("qsockstest");

    auth->setPassword("password");

}

#ifndef QT_NO_OPENSSL

void tst_QSslSocket::constructing()

{

    if (!QSslSocket::supportsSsl())

        return;

    QSslSocket socket;

    QCOMPARE(socket.state(), QSslSocket::UnconnectedState);

    QCOMPARE(socket.mode(), QSslSocket::UnencryptedMode);

    QVERIFY(!socket.isEncrypted());

    QCOMPARE(socket.bytesAvailable(), qint64(0));

    QCOMPARE(socket.bytesToWrite(), qint64(0));

    QVERIFY(!socket.canReadLine());

    QVERIFY(socket.atEnd());

    QCOMPARE(socket.localCertificate(), QSslCertificate());

    QCOMPARE(socket.sslConfiguration(), QSslConfiguration::defaultConfiguration());

    QCOMPARE(socket.errorString(), QString("Unknown error"));

    char c = '\0';

    QVERIFY(!socket.getChar(&c));

    QCOMPARE(c, '\0');

    QVERIFY(!socket.isOpen());

    QVERIFY(!socket.isReadable());

    QVERIFY(socket.isSequential());

    QVERIFY(!socket.isTextModeEnabled());

    QVERIFY(!socket.isWritable());

    QCOMPARE(socket.openMode(), QIODevice::NotOpen);

    QVERIFY(socket.peek(2).isEmpty());

    QCOMPARE(socket.pos(), qint64(0));

    QVERIFY(!socket.putChar('c'));

    QVERIFY(socket.read(2).isEmpty());

    QCOMPARE(socket.read(0, 0), qint64(-1));

    QVERIFY(socket.readAll().isEmpty());

    QTest::ignoreMessage(QtWarningMsg, "QIODevice::readLine: Called with maxSize < 2");

    QCOMPARE(socket.readLine(0, 0), qint64(-1));

    char buf[10];

    QCOMPARE(socket.readLine(buf, sizeof(buf)), qint64(-1));

    QTest::ignoreMessage(QtWarningMsg, "QIODevice::seek: The device is not open");

    QVERIFY(!socket.reset());

    QTest::ignoreMessage(QtWarningMsg, "QIODevice::seek: The device is not open");

    QVERIFY(!socket.seek(2));

    QCOMPARE(socket.size(), qint64(0));

    QVERIFY(!socket.waitForBytesWritten(10));

    QVERIFY(!socket.waitForReadyRead(10));

    QCOMPARE(socket.write(0, 0), qint64(-1));

    QCOMPARE(socket.write(QByteArray()), qint64(-1));

    QCOMPARE(socket.error(), QAbstractSocket::UnknownSocketError);

    QVERIFY(!socket.flush());

    QVERIFY(!socket.isValid());

    QCOMPARE(socket.localAddress(), QHostAddress());

    QCOMPARE(socket.localPort(), quint16(0));

    QCOMPARE(socket.peerAddress(), QHostAddress());

    QVERIFY(socket.peerName().isEmpty());

    QCOMPARE(socket.peerPort(), quint16(0));

    QCOMPARE(socket.proxy().type(), QNetworkProxy::DefaultProxy);

    QCOMPARE(socket.readBufferSize(), qint64(0));

    QCOMPARE(socket.socketDescriptor(), -1);

    QCOMPARE(socket.socketType(), QAbstractSocket::TcpSocket);

    QVERIFY(!socket.waitForConnected(10));

    QTest::ignoreMessage(QtWarningMsg, "QSslSocket::waitForDisconnected() is not allowed in UnconnectedState");

    QVERIFY(!socket.waitForDisconnected(10));

    QCOMPARE(socket.protocol(), QSsl::SslV3);

    QSslConfiguration savedDefault = QSslConfiguration::defaultConfiguration();

    // verify that changing the default config doesn't affect this socket

    QSslSocket::setDefaultCaCertificates(QList<QSslCertificate>());

    QSslSocket::setDefaultCiphers(QList<QSslCipher>());

    QVERIFY(!socket.caCertificates().isEmpty());

    QVERIFY(!socket.ciphers().isEmpty());

    // verify the default as well:

    QVERIFY(QSslConfiguration::defaultConfiguration().caCertificates().isEmpty());

    QVERIFY(QSslConfiguration::defaultConfiguration().ciphers().isEmpty());

    QSslConfiguration::setDefaultConfiguration(savedDefault);

}

void tst_QSslSocket::simpleConnect()

{

    if (!QSslSocket::supportsSsl())

        return;

    QFETCH_GLOBAL(bool, setProxy);

    if (setProxy)

        return;

    QSslSocket socket;

    QSignalSpy connectedSpy(&socket, SIGNAL(connected()));

    QSignalSpy hostFoundSpy(&socket, SIGNAL(hostFound()));

    QSignalSpy disconnectedSpy(&socket, SIGNAL(disconnected()));

    QSignalSpy connectionEncryptedSpy(&socket, SIGNAL(encrypted()));

    QSignalSpy sslErrorsSpy(&socket, SIGNAL(sslErrors(const QList<QSslError> &)));

    connect(&socket, SIGNAL(connected()), this, SLOT(exitLoop()));

    connect(&socket, SIGNAL(disconnected()), this, SLOT(exitLoop()));

    connect(&socket, SIGNAL(modeChanged(QSslSocket::SslMode)), this, SLOT(exitLoop()));

    connect(&socket, SIGNAL(encrypted()), this, SLOT(exitLoop()));

    connect(&socket, SIGNAL(stateChanged(QAbstractSocket::SocketState)), this, SLOT(exitLoop()));

    connect(&socket, SIGNAL(sslErrors(const QList<QSslError> &)), this, SLOT(exitLoop()));

    // Start connecting

    socket.connectToHost(QtNetworkSettings::serverName(), 993);

    QCOMPARE(socket.state(), QAbstractSocket::HostLookupState);

    enterLoop(10);

    // Entered connecting state

#ifndef Q_OS_SYMBIAN

    QCOMPARE(socket.state(), QAbstractSocket::ConnectingState);

    QCOMPARE(connectedSpy.count(), 0);

#endif

    QCOMPARE(hostFoundSpy.count(), 1);

    QCOMPARE(disconnectedSpy.count(), 0);

    enterLoop(10);

    // Entered connected state

    QCOMPARE(socket.state(), QAbstractSocket::ConnectedState);

    QCOMPARE(socket.mode(), QSslSocket::UnencryptedMode);

    QVERIFY(!socket.isEncrypted());

    QCOMPARE(connectedSpy.count(), 1);

    QCOMPARE(hostFoundSpy.count(), 1);

    QCOMPARE(disconnectedSpy.count(), 0);

    // Enter encrypted mode

    socket.startClientEncryption();

    QCOMPARE(socket.mode(), QSslSocket::SslClientMode);

    QVERIFY(!socket.isEncrypted());

    QCOMPARE(connectionEncryptedSpy.count(), 0);

    QCOMPARE(sslErrorsSpy.count(), 0);

    // Starting handshake

    enterLoop(10);

    QCOMPARE(sslErrorsSpy.count(), 1);

    QCOMPARE(connectionEncryptedSpy.count(), 0);

    QVERIFY(!socket.isEncrypted());

    QCOMPARE(socket.state(), QAbstractSocket::UnconnectedState);

}

void tst_QSslSocket::simpleConnectWithIgnore()

{

    if (!QSslSocket::supportsSsl())

        return;

    QFETCH_GLOBAL(bool, setProxy);

    if (setProxy)

        return;

    QSslSocket socket;

    this->socket = &socket;

    QSignalSpy encryptedSpy(&socket, SIGNAL(encrypted()));

    QSignalSpy sslErrorsSpy(&socket, SIGNAL(sslErrors(const QList<QSslError> &)));

    connect(&socket, SIGNAL(readyRead()), this, SLOT(exitLoop()));

    connect(&socket, SIGNAL(encrypted()), this, SLOT(exitLoop()));

    connect(&socket, SIGNAL(connected()), this, SLOT(exitLoop()));

    connect(&socket, SIGNAL(sslErrors(const QList<QSslError> &)), this, SLOT(ignoreErrorSlot()));

    connect(&socket, SIGNAL(sslErrors(const QList<QSslError> &)), this, SLOT(exitLoop()));

    // Start connecting

    socket.connectToHost(QtNetworkSettings::serverName(), 993);

    QCOMPARE(socket.state(), QAbstractSocket::HostLookupState);

    enterLoop(10);

    // Start handshake

    QCOMPARE(socket.state(), QAbstractSocket::ConnectedState);

    socket.startClientEncryption();

    enterLoop(10);

    // Done; encryption should be enabled.

    QCOMPARE(sslErrorsSpy.count(), 1);

    QVERIFY(socket.isEncrypted());

    QCOMPARE(socket.state(), QAbstractSocket::ConnectedState);

    QCOMPARE(encryptedSpy.count(), 1);

    // Wait for incoming data

    if (!socket.canReadLine())

        enterLoop(10);

    QCOMPARE(socket.readAll(), QtNetworkSettings::expectedReplySSL());

    socket.disconnectFromHost();

}

void tst_QSslSocket::sslErrors_data()

{

    QTest::addColumn<QString>("host");

    QTest::addColumn<int>("port");

    QTest::addColumn<SslErrorList>("expected");

    QTest::newRow(qPrintable(QtNetworkSettings::serverLocalName()))

        << QtNetworkSettings::serverLocalName()

        << 993

        << (SslErrorList() << QSslError::HostNameMismatch

                           << QSslError::SelfSignedCertificate);

    QTest::newRow("imap.trolltech.com")

        << "imap.trolltech.com"

        << 993

        << (SslErrorList() << QSslError::SelfSignedCertificateInChain);

}

void tst_QSslSocket::sslErrors()

{

    QFETCH(QString, host);

    QFETCH(int, port);

    QFETCH(SslErrorList, expected);

    QSslSocketPtr socket = newSocket();

    socket->connectToHostEncrypted(host, port);

    socket->waitForEncrypted(5000);