1 /****************************************************************************

     2 **

     3 ** Copyright (C) 2009 Nokia Corporation and/or its subsidiary(-ies).

     4 ** All rights reserved.

     5 ** Contact: Nokia Corporation (qt-info@nokia.com)

     6 **

     7 ** This file is part of the test suite of the Qt Toolkit.

     8 **

     9 ** $QT_BEGIN_LICENSE:LGPL$

    10 ** No Commercial Usage

    11 ** This file contains pre-release code and may not be distributed.

    12 ** You may use this file in accordance with the terms and conditions

    13 ** contained in the Technology Preview License Agreement accompanying

    14 ** this package.

    15 **

    16 ** GNU Lesser General Public License Usage

    17 ** Alternatively, this file may be used under the terms of the GNU Lesser

    18 ** General Public License version 2.1 as published by the Free Software

    19 ** Foundation and appearing in the file LICENSE.LGPL included in the

    20 ** packaging of this file.  Please review the following information to

    21 ** ensure the GNU Lesser General Public License version 2.1 requirements

    22 ** will be met: http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html.

    23 **

    24 ** In addition, as a special exception, Nokia gives you certain additional

    25 ** rights.  These rights are described in the Nokia Qt LGPL Exception

    26 ** version 1.1, included in the file LGPL_EXCEPTION.txt in this package.

    27 **

    28 ** If you have questions regarding the use of this file, please contact

    29 ** Nokia at qt-info@nokia.com.

    30 **

    31 **

    32 **

    33 **

    34 **

    35 **

    36 **

    37 **

    38 ** $QT_END_LICENSE$

    39 **

    40 ****************************************************************************/

    41 

    42 

    43 #include <QtCore/qthread.h>

    44 #include <QtNetwork/qhostaddress.h>

    45 #include <QtNetwork/qhostinfo.h>

    46 #include <QtNetwork/qnetworkproxy.h>

    47 #include <QtNetwork/qsslcipher.h>

    48 #include <QtNetwork/qsslconfiguration.h>

    49 #include <QtNetwork/qsslkey.h>

    50 #include <QtNetwork/qsslsocket.h>

    51 #include <QtNetwork/qtcpserver.h>

    52 #include <QtTest/QtTest>

    53 

    54 #ifndef TEST_QNETWORK_PROXY

    55 #define TEST_QNETWORK_PROXY

    56 #endif

    57 #ifdef TEST_QNETWORK_PROXY

    58 #include <QNetworkProxy>

    59 #include <QAuthenticator>

    60 #endif

    61 

    62 #include "../network-settings.h"

    63 

    64 Q_DECLARE_METATYPE(QAbstractSocket::SocketState)

    65 Q_DECLARE_METATYPE(QAbstractSocket::SocketError)

    66 #ifndef QT_NO_OPENSSL

    67 Q_DECLARE_METATYPE(QSslSocket::SslMode)

    68 typedef QList<QSslError::SslError> SslErrorList;

    69 Q_DECLARE_METATYPE(SslErrorList)

    70 Q_DECLARE_METATYPE(QSslError)

    71 #endif

    72 

    73 #if defined Q_OS_HPUX && defined Q_CC_GNU

    74 // This error is delivered every time we try to use the fluke CA

    75 // certificate. For now we work around this bug. Task 202317.

    76 #define QSSLSOCKET_CERTUNTRUSTED_WORKAROUND

    77 #endif

    78 

    79 #ifdef Q_OS_SYMBIAN

    80 #define SRCDIR ""

    81 #endif

    82 

    83 #ifndef QT_NO_OPENSSL

    84 class QSslSocketPtr: public QSharedPointer<QSslSocket>

    85 {

    86 public:

    87     inline QSslSocketPtr(QSslSocket *ptr = 0)

    88         : QSharedPointer<QSslSocket>(ptr)

    89     { }

    90 

    91     inline operator QSslSocket *() const { return data(); }

    92 };

    93 #endif

    94 

    95 class tst_QSslSocket : public QObject

    96 {

    97     Q_OBJECT

    98 

    99     int proxyAuthCalled;

   100 

   101 public:

   102     tst_QSslSocket();

   103     virtual ~tst_QSslSocket();

   104 

   105     static void enterLoop(int secs)

   106     {

   107         ++loopLevel;

   108         QTestEventLoop::instance().enterLoop(secs);

   109     }

   110 

   111     static bool timeout()

   112     {

   113         return QTestEventLoop::instance().timeout();

   114     }

   115 

   116 #ifndef QT_NO_OPENSSL

   117     QSslSocketPtr newSocket();

   118 #endif

   119 

   120 public slots:

   121     void initTestCase_data();

   122     void init();

   123     void cleanup();

   124     void proxyAuthenticationRequired(const QNetworkProxy &, QAuthenticator *auth);

   125 

   126 #ifndef QT_NO_OPENSSL

   127 private slots:

   128     void constructing();

   129     void simpleConnect();

   130     void simpleConnectWithIgnore();

   131 

   132     // API tests

   133     void sslErrors_data();

   134     void sslErrors();

   135     void addCaCertificate();

   136     void addCaCertificates();

   137     void addCaCertificates2();

   138     void ciphers();

   139     void connectToHostEncrypted();

   140     void connectToHostEncryptedWithVerificationPeerName();

   141     void sessionCipher();

   142     void flush();

   143     void isEncrypted();

   144     void localCertificate();

   145     void mode();

   146     void peerCertificate();

   147     void peerCertificateChain();

   148     void privateKey();

   149     void protocol();

   150     void setCaCertificates();

   151     void setLocalCertificate();

   152     void setPrivateKey();

   153     void setProtocol();

   154     void setSocketDescriptor();

   155     void waitForEncrypted();

   156     void waitForConnectedEncryptedReadyRead();

   157     void startClientEncryption();

   158     void startServerEncryption();

   159     void addDefaultCaCertificate();

   160     void addDefaultCaCertificates();

   161     void addDefaultCaCertificates2();

   162     void defaultCaCertificates();

   163     void defaultCiphers();

   164     void resetDefaultCiphers();

   165     void setDefaultCaCertificates();

   166     void setDefaultCiphers();

   167     void supportedCiphers();

   168     void systemCaCertificates();

   169     void wildcard();

   170     void setEmptyKey();

   171     void spontaneousWrite();

   172     void setReadBufferSize();

   173     void setReadBufferSize_task_250027();

   174     void waitForMinusOne();

   175     void verifyMode();

   176     void verifyDepth();

   177     void peerVerifyError();

   178     void disconnectFromHostWhenConnecting();

   179     void disconnectFromHostWhenConnected();

   180     void resetProxy();

   181     void ignoreSslErrorsList_data();

   182     void ignoreSslErrorsList();

   183     void ignoreSslErrorsListWithSlot_data();

   184     void ignoreSslErrorsListWithSlot();

   185     void readFromClosedSocket();

   186     void writeBigChunk();

   187 

   188     static void exitLoop()

   189     {

   190         // Safe exit - if we aren't in an event loop, don't

   191         // exit one.

   192         if (loopLevel > 0) {

   193             --loopLevel;

   194             QTestEventLoop::instance().exitLoop();

   195         }

   196     }

   197 

   198 protected slots:

   199     void ignoreErrorSlot()

   200     {

   201         socket->ignoreSslErrors();

   202     }

   203     void untrustedWorkaroundSlot(const QList<QSslError> &errors)

   204     {

   205         if (errors.size() == 1 &&

   206                 (errors.first().error() == QSslError::CertificateUntrusted ||

   207                         errors.first().error() == QSslError::SelfSignedCertificate))

   208             socket->ignoreSslErrors();

   209     }

   210     void ignoreErrorListSlot(const QList<QSslError> &errors);

   211 

   212 private:

   213     QSslSocket *socket;

   214     QList<QSslError> storedExpectedSslErrors;

   215 #endif // QT_NO_OPENSSL

   216 private:

   217     static int loopLevel;

   218 };

   219 

   220 int tst_QSslSocket::loopLevel = 0;

   221 

   222 tst_QSslSocket::tst_QSslSocket()

   223 {

   224 #ifndef QT_NO_OPENSSL

   225     qRegisterMetaType<QList<QSslError> >("QList<QSslError>");

   226     qRegisterMetaType<QSslError>("QSslError");

   227     qRegisterMetaType<QAbstractSocket::SocketState>("QAbstractSocket::SocketState");

   228     qRegisterMetaType<QAbstractSocket::SocketError>("QAbstractSocket::SocketError");

   229     qRegisterMetaType<QAbstractSocket::SocketState>("QSslSocket::SslMode");

   230 #endif

   231     Q_SET_DEFAULT_IAP

   232 }

   233 

   234 tst_QSslSocket::~tst_QSslSocket()

   235 {

   236 }

   237 

   238 enum ProxyTests {

   239     NoProxy = 0x00,

   240     Socks5Proxy = 0x01,

   241     HttpProxy = 0x02,

   242     TypeMask = 0x0f,

   243 

   244     NoAuth = 0x00,

   245     AuthBasic = 0x10,

   246     AuthNtlm = 0x20,

   247     AuthMask = 0xf0

   248 };

   249 

   250 void tst_QSslSocket::initTestCase_data()

   251 {

   252     QTest::addColumn<bool>("setProxy");

   253     QTest::addColumn<int>("proxyType");

   254 

   255     QTest::newRow("WithoutProxy") << false << 0;

   256 #ifdef TEST_QNETWORK_PROXY

   257     QTest::newRow("WithSocks5Proxy") << true << int(Socks5Proxy);

   258     QTest::newRow("WithSocks5ProxyAuth") << true << int(Socks5Proxy | AuthBasic);

   259 

   260     QTest::newRow("WithHttpProxy") << true << int(HttpProxy);

   261     QTest::newRow("WithHttpProxyBasicAuth") << true << int(HttpProxy | AuthBasic);

   262     // uncomment the line below when NTLM works

   263 //    QTest::newRow("WithHttpProxyNtlmAuth") << true << int(HttpProxy | AuthNtlm);

   264 #endif

   265 }

   266 

   267 void tst_QSslSocket::init()

   268 {

   269     QFETCH_GLOBAL(bool, setProxy);

   270     if (setProxy) {

   271 #ifdef TEST_QNETWORK_PROXY

   272         QFETCH_GLOBAL(int, proxyType);

   273         QString fluke = QHostInfo::fromName(QtNetworkSettings::serverName()).addresses().first().toString();

   274         QNetworkProxy proxy;

   275 

   276         switch (proxyType) {

   277         case Socks5Proxy:

   278             proxy = QNetworkProxy(QNetworkProxy::Socks5Proxy, fluke, 1080);

   279             break;

   280 

   281         case Socks5Proxy | AuthBasic:

   282             proxy = QNetworkProxy(QNetworkProxy::Socks5Proxy, fluke, 1081);

   283             break;

   284 

   285         case HttpProxy | NoAuth:

   286             proxy = QNetworkProxy(QNetworkProxy::HttpProxy, fluke, 3128);

   287             break;

   288 

   289         case HttpProxy | AuthBasic:

   290             proxy = QNetworkProxy(QNetworkProxy::HttpProxy, fluke, 3129);

   291             break;

   292 

   293         case HttpProxy | AuthNtlm:

   294             proxy = QNetworkProxy(QNetworkProxy::HttpProxy, fluke, 3130);

   295             break;

   296         }

   297         QNetworkProxy::setApplicationProxy(proxy);

   298 #endif

   299     }

   300 }

   301 

   302 void tst_QSslSocket::cleanup()

   303 {

   304 #ifdef TEST_QNETWORK_PROXY

   305     QNetworkProxy::setApplicationProxy(QNetworkProxy::DefaultProxy);

   306 #endif

   307 }

   308 

   309 #ifndef QT_NO_OPENSSL

   310 QSslSocketPtr tst_QSslSocket::newSocket()

   311 {

   312     QSslSocket *socket = new QSslSocket;

   313 

   314     proxyAuthCalled = 0;

   315     connect(socket, SIGNAL(proxyAuthenticationRequired(QNetworkProxy,QAuthenticator*)),

   316             SLOT(proxyAuthenticationRequired(QNetworkProxy,QAuthenticator*)),

   317             Qt::DirectConnection);

   318 

   319     return QSslSocketPtr(socket);

   320 }

   321 #endif

   322 

   323 void tst_QSslSocket::proxyAuthenticationRequired(const QNetworkProxy &, QAuthenticator *auth)

   324 {

   325     ++proxyAuthCalled;

   326     auth->setUser("qsockstest");

   327     auth->setPassword("password");

   328 }

   329 

   330 #ifndef QT_NO_OPENSSL

   331 

   332 void tst_QSslSocket::constructing()

   333 {

   334     if (!QSslSocket::supportsSsl())

   335         return;

   336 

   337     QSslSocket socket;

   338 

   339     QCOMPARE(socket.state(), QSslSocket::UnconnectedState);

   340     QCOMPARE(socket.mode(), QSslSocket::UnencryptedMode);

   341     QVERIFY(!socket.isEncrypted());

   342     QCOMPARE(socket.bytesAvailable(), qint64(0));

   343     QCOMPARE(socket.bytesToWrite(), qint64(0));

   344     QVERIFY(!socket.canReadLine());

   345     QVERIFY(socket.atEnd());

   346     QCOMPARE(socket.localCertificate(), QSslCertificate());

   347     QCOMPARE(socket.sslConfiguration(), QSslConfiguration::defaultConfiguration());

   348     QCOMPARE(socket.errorString(), QString("Unknown error"));

   349     char c = '\0';

   350     QTest::ignoreMessage(QtWarningMsg, "QIODevice::getChar: Closed device");

   351     QVERIFY(!socket.getChar(&c));

   352     QCOMPARE(c, '\0');

   353     QVERIFY(!socket.isOpen());

   354     QVERIFY(!socket.isReadable());

   355     QVERIFY(socket.isSequential());

   356     QVERIFY(!socket.isTextModeEnabled());

   357     QVERIFY(!socket.isWritable());

   358     QCOMPARE(socket.openMode(), QIODevice::NotOpen);

   359     QVERIFY(socket.peek(2).isEmpty());

   360     QCOMPARE(socket.pos(), qint64(0));

   361     QVERIFY(!socket.putChar('c'));

   362     QVERIFY(socket.read(2).isEmpty());

   363     QCOMPARE(socket.read(0, 0), qint64(-1));

   364     QVERIFY(socket.readAll().isEmpty());

   365     QTest::ignoreMessage(QtWarningMsg, "QIODevice::readLine: Called with maxSize < 2");

   366     QCOMPARE(socket.readLine(0, 0), qint64(-1));

   367     char buf[10];

   368     QCOMPARE(socket.readLine(buf, sizeof(buf)), qint64(-1));

   369     QTest::ignoreMessage(QtWarningMsg, "QIODevice::seek: The device is not open");

   370     QVERIFY(!socket.reset());

   371     QTest::ignoreMessage(QtWarningMsg, "QIODevice::seek: The device is not open");

   372     QVERIFY(!socket.seek(2));

   373     QCOMPARE(socket.size(), qint64(0));

   374     QVERIFY(!socket.waitForBytesWritten(10));

   375     QVERIFY(!socket.waitForReadyRead(10));

   376     QCOMPARE(socket.write(0, 0), qint64(-1));

   377     QCOMPARE(socket.write(QByteArray()), qint64(-1));

   378     QCOMPARE(socket.error(), QAbstractSocket::UnknownSocketError);

   379     QVERIFY(!socket.flush());

   380     QVERIFY(!socket.isValid());

   381     QCOMPARE(socket.localAddress(), QHostAddress());

   382     QCOMPARE(socket.localPort(), quint16(0));

   383     QCOMPARE(socket.peerAddress(), QHostAddress());

   384     QVERIFY(socket.peerName().isEmpty());

   385     QCOMPARE(socket.peerPort(), quint16(0));

   386     QCOMPARE(socket.proxy().type(), QNetworkProxy::DefaultProxy);

   387     QCOMPARE(socket.readBufferSize(), qint64(0));

   388     QCOMPARE(socket.socketDescriptor(), -1);

   389     QCOMPARE(socket.socketType(), QAbstractSocket::TcpSocket);

   390     QVERIFY(!socket.waitForConnected(10));

   391     QTest::ignoreMessage(QtWarningMsg, "QSslSocket::waitForDisconnected() is not allowed in UnconnectedState");

   392     QVERIFY(!socket.waitForDisconnected(10));

   393     QCOMPARE(socket.protocol(), QSsl::SslV3);

   394 

   395     QSslConfiguration savedDefault = QSslConfiguration::defaultConfiguration();

   396 

   397     // verify that changing the default config doesn't affect this socket

   398     QSslSocket::setDefaultCaCertificates(QList<QSslCertificate>());

   399     QSslSocket::setDefaultCiphers(QList<QSslCipher>());

   400     QVERIFY(!socket.caCertificates().isEmpty());

   401     QVERIFY(!socket.ciphers().isEmpty());

   402 

   403     // verify the default as well:

   404     QVERIFY(QSslConfiguration::defaultConfiguration().caCertificates().isEmpty());

   405     QVERIFY(QSslConfiguration::defaultConfiguration().ciphers().isEmpty());

   406 

   407     QSslConfiguration::setDefaultConfiguration(savedDefault);

   408 }

   409 

   410 void tst_QSslSocket::simpleConnect()

   411 {

   412     if (!QSslSocket::supportsSsl())

   413         return;

   414 

   415     QFETCH_GLOBAL(bool, setProxy);

   416     if (setProxy)

   417         return;

   418 

   419     QSslSocket socket;

   420     QSignalSpy connectedSpy(&socket, SIGNAL(connected()));

   421     QSignalSpy hostFoundSpy(&socket, SIGNAL(hostFound()));

   422     QSignalSpy disconnectedSpy(&socket, SIGNAL(disconnected()));

   423     QSignalSpy connectionEncryptedSpy(&socket, SIGNAL(encrypted()));

   424     QSignalSpy sslErrorsSpy(&socket, SIGNAL(sslErrors(const QList<QSslError> &)));

   425 

   426     connect(&socket, SIGNAL(connected()), this, SLOT(exitLoop()));

   427     connect(&socket, SIGNAL(disconnected()), this, SLOT(exitLoop()));

   428     connect(&socket, SIGNAL(modeChanged(QSslSocket::SslMode)), this, SLOT(exitLoop()));

   429     connect(&socket, SIGNAL(encrypted()), this, SLOT(exitLoop()));

   430     connect(&socket, SIGNAL(stateChanged(QAbstractSocket::SocketState)), this, SLOT(exitLoop()));

   431     connect(&socket, SIGNAL(sslErrors(const QList<QSslError> &)), this, SLOT(exitLoop()));

   432 

   433     // Start connecting

   434     socket.connectToHost(QtNetworkSettings::serverName(), 993);

   435     QCOMPARE(socket.state(), QAbstractSocket::HostLookupState);

   436     enterLoop(10);

   437 

   438     // Entered connecting state

   439 #ifndef Q_OS_SYMBIAN

   440     QCOMPARE(socket.state(), QAbstractSocket::ConnectingState);

   441     QCOMPARE(connectedSpy.count(), 0);

   442 #endif

   443     QCOMPARE(hostFoundSpy.count(), 1);

   444     QCOMPARE(disconnectedSpy.count(), 0);

   445     enterLoop(10);

   446 

   447     // Entered connected state

   448     QCOMPARE(socket.state(), QAbstractSocket::ConnectedState);

   449     QCOMPARE(socket.mode(), QSslSocket::UnencryptedMode);

   450     QVERIFY(!socket.isEncrypted());

   451     QCOMPARE(connectedSpy.count(), 1);

   452     QCOMPARE(hostFoundSpy.count(), 1);

   453     QCOMPARE(disconnectedSpy.count(), 0);

   454 

   455     // Enter encrypted mode

   456     socket.startClientEncryption();

   457     QCOMPARE(socket.mode(), QSslSocket::SslClientMode);

   458     QVERIFY(!socket.isEncrypted());

   459     QCOMPARE(connectionEncryptedSpy.count(), 0);

   460     QCOMPARE(sslErrorsSpy.count(), 0);

   461 

   462     // Starting handshake

   463     enterLoop(10);

   464     QCOMPARE(sslErrorsSpy.count(), 1);

   465     QCOMPARE(connectionEncryptedSpy.count(), 0);

   466     QVERIFY(!socket.isEncrypted());

   467     QCOMPARE(socket.state(), QAbstractSocket::UnconnectedState);

   468 }

   469 

   470 void tst_QSslSocket::simpleConnectWithIgnore()

   471 {

   472     if (!QSslSocket::supportsSsl())

   473         return;

   474 

   475     QFETCH_GLOBAL(bool, setProxy);

   476     if (setProxy)

   477         return;

   478 

   479     QSslSocket socket;

   480     this->socket = &socket;

   481     QSignalSpy encryptedSpy(&socket, SIGNAL(encrypted()));

   482     QSignalSpy sslErrorsSpy(&socket, SIGNAL(sslErrors(const QList<QSslError> &)));

   483 

   484     connect(&socket, SIGNAL(readyRead()), this, SLOT(exitLoop()));

   485     connect(&socket, SIGNAL(encrypted()), this, SLOT(exitLoop()));

   486     connect(&socket, SIGNAL(connected()), this, SLOT(exitLoop()));

   487     connect(&socket, SIGNAL(sslErrors(const QList<QSslError> &)), this, SLOT(ignoreErrorSlot()));

   488     connect(&socket, SIGNAL(sslErrors(const QList<QSslError> &)), this, SLOT(exitLoop()));

   489 

   490     // Start connecting

   491     socket.connectToHost(QtNetworkSettings::serverName(), 993);

   492     QCOMPARE(socket.state(), QAbstractSocket::HostLookupState);

   493     enterLoop(10);

   494 

   495     // Start handshake

   496     QCOMPARE(socket.state(), QAbstractSocket::ConnectedState);

   497     socket.startClientEncryption();

   498     enterLoop(10);

   499 

   500     // Done; encryption should be enabled.

   501     QCOMPARE(sslErrorsSpy.count(), 1);

   502     QVERIFY(socket.isEncrypted());

   503     QCOMPARE(socket.state(), QAbstractSocket::ConnectedState);

   504     QCOMPARE(encryptedSpy.count(), 1);

   505 

   506     // Wait for incoming data

   507     if (!socket.canReadLine())

   508         enterLoop(10);

   509 

   510     QCOMPARE(socket.readAll(), QtNetworkSettings::expectedReplySSL());

   511     socket.disconnectFromHost();

   512 }

   513 

   514 void tst_QSslSocket::sslErrors_data()

   515 {

   516     QTest::addColumn<QString>("host");

   517     QTest::addColumn<int>("port");

   518     QTest::addColumn<SslErrorList>("expected");

   519 

   520     QTest::newRow(qPrintable(QtNetworkSettings::serverLocalName()))

   521         << QtNetworkSettings::serverLocalName()

   522         << 993

   523         << (SslErrorList() << QSslError::HostNameMismatch

   524                            << QSslError::SelfSignedCertificate);

   525 

   526     QTest::newRow("imap.trolltech.com")

   527         << "imap.trolltech.com"

   528         << 993

   529         << (SslErrorList() << QSslError::SelfSignedCertificateInChain);

   530 }

   531 

   532 void tst_QSslSocket::sslErrors()

   533 {

   534     QFETCH(QString, host);

   535     QFETCH(int, port);

   536     QFETCH(SslErrorList, expected);

   537 

   538     QSslSocketPtr socket = newSocket();

   539     socket->connectToHostEncrypted(host, port);

   540     socket->waitForEncrypted(5000);

   541 

   542     SslErrorList output;

   543     foreach (QSslError error, socket->sslErrors()) {

   544         output << error.error();

   545     }

   546 

   547 #ifdef QSSLSOCKET_CERTUNTRUSTED_WORKAROUND

   548     if (output.last() == QSslError::CertificateUntrusted)

   549         output.takeLast();

   550 #endif

   551     QCOMPARE(output, expected);

   552 }

   553 

   554 void tst_QSslSocket::addCaCertificate()

   555 {

   556     if (!QSslSocket::supportsSsl())

   557         return;

   558 }

   559 

   560 void tst_QSslSocket::addCaCertificates()

   561 {

   562     if (!QSslSocket::supportsSsl())

   563         return;

   564 }

   565 

   566 void tst_QSslSocket::addCaCertificates2()

   567 {

   568     if (!QSslSocket::supportsSsl())

   569         return;

   570 }

   571 

   572 void tst_QSslSocket::ciphers()

   573 {

   574     if (!QSslSocket::supportsSsl())

   575         return;

   576 

   577     QSslSocket socket;

   578     QCOMPARE(socket.ciphers(), QSslSocket::supportedCiphers());

   579     socket.setCiphers(QList<QSslCipher>());

   580     QVERIFY(socket.ciphers().isEmpty());

   581     socket.setCiphers(socket.defaultCiphers());

   582     QCOMPARE(socket.ciphers(), QSslSocket::supportedCiphers());

   583     socket.setCiphers(socket.defaultCiphers());

   584     QCOMPARE(socket.ciphers(), QSslSocket::supportedCiphers());

   585 

   586     // Task 164356

   587     socket.setCiphers("ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");

   588 }

   589 

   590 void tst_QSslSocket::connectToHostEncrypted()

   591 {

   592     if (!QSslSocket::supportsSsl())

   593         return;

   594 

   595     QSslSocketPtr socket = newSocket();

   596     this->socket = socket;

   597     QVERIFY(socket->addCaCertificates(QLatin1String(SRCDIR "certs/qt-test-server-cacert.pem")));

   598 #ifdef QSSLSOCKET_CERTUNTRUSTED_WORKAROUND

   599     connect(socket, SIGNAL(sslErrors(QList<QSslError>)),

   600             this, SLOT(untrustedWorkaroundSlot(QList<QSslError>)));

   601 #endif

   602 

   603     socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 443);

   604 

   605     // This should pass unconditionally when using fluke's CA certificate.

   606     // or use untrusted certificate workaround

   607     QVERIFY2(socket->waitForEncrypted(10000), qPrintable(socket->errorString()));

   608 

   609     socket->disconnectFromHost();

   610     QVERIFY(socket->waitForDisconnected());

   611 

   612     QCOMPARE(socket->mode(), QSslSocket::SslClientMode);

   613 

   614     socket->connectToHost(QtNetworkSettings::serverName(), 13);

   615 

   616     QCOMPARE(socket->mode(), QSslSocket::UnencryptedMode);

   617 

   618     QVERIFY(socket->waitForDisconnected());

   619 }

   620 

   621 void tst_QSslSocket::connectToHostEncryptedWithVerificationPeerName()

   622 {

   623     if (!QSslSocket::supportsSsl())

   624         return;

   625 

   626     QSslSocketPtr socket = newSocket();

   627     this->socket = socket;

   628 

   629     socket->addCaCertificates(QLatin1String(SRCDIR "certs/qt-test-server-cacert.pem"));

   630 #ifdef QSSLSOCKET_CERTUNTRUSTED_WORKAROUND

   631     connect(socket, SIGNAL(sslErrors(QList<QSslError>)),

   632             this, SLOT(untrustedWorkaroundSlot(QList<QSslError>)));

   633 #endif

   634 

   635     // connect to the server with its local name, but use the full name for verification.

   636     socket->connectToHostEncrypted(QtNetworkSettings::serverLocalName(), 443, QtNetworkSettings::serverName());

   637 

   638     // This should pass unconditionally when using fluke's CA certificate.

   639     QVERIFY2(socket->waitForEncrypted(10000), qPrintable(socket->errorString()));

   640 

   641     socket->disconnectFromHost();

   642     QVERIFY(socket->waitForDisconnected());

   643 

   644     QCOMPARE(socket->mode(), QSslSocket::SslClientMode);

   645 }

   646 

   647 void tst_QSslSocket::sessionCipher()

   648 {

   649     if (!QSslSocket::supportsSsl())

   650         return;

   651 

   652     QSslSocketPtr socket = newSocket();

   653     this->socket = socket;

   654     connect(socket, SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(ignoreErrorSlot()));

   655     QVERIFY(socket->sessionCipher().isNull());

   656     socket->connectToHost(QtNetworkSettings::serverName(), 443 /* https */);

   657     QVERIFY(socket->waitForConnected(5000));

   658     QVERIFY(socket->sessionCipher().isNull());

   659     socket->startClientEncryption();

   660     QVERIFY(socket->waitForEncrypted(5000));

   661     QVERIFY(!socket->sessionCipher().isNull());

   662     QVERIFY(QSslSocket::supportedCiphers().contains(socket->sessionCipher()));

   663     socket->disconnectFromHost();

   664     QVERIFY(socket->waitForDisconnected());

   665 }

   666 

   667 void tst_QSslSocket::flush()

   668 {

   669 }

   670 

   671 void tst_QSslSocket::isEncrypted()

   672 {

   673 }

   674 

   675 void tst_QSslSocket::localCertificate()

   676 {

   677 }

   678 

   679 void tst_QSslSocket::mode()

   680 {

   681 }

   682 

   683 void tst_QSslSocket::peerCertificate()

   684 {

   685 }

   686 

   687 void tst_QSslSocket::peerCertificateChain()

   688 {

   689     if (!QSslSocket::supportsSsl())

   690         return;

   691 

   692     QSslSocketPtr socket = newSocket();

   693     this->socket = socket;

   694 

   695     QList<QSslCertificate> caCertificates = QSslCertificate::fromPath(QLatin1String(SRCDIR "certs/qt-test-server-cacert.pem"));

   696     QVERIFY(caCertificates.count() == 1);

   697     socket->addCaCertificates(caCertificates);

   698 #ifdef QSSLSOCKET_CERTUNTRUSTED_WORKAROUND

   699     connect(socket, SIGNAL(sslErrors(QList<QSslError>)),

   700             this, SLOT(untrustedWorkaroundSlot(QList<QSslError>)));

   701 #endif

   702 

   703     socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 443);

   704     QCOMPARE(socket->mode(), QSslSocket::UnencryptedMode);

   705     QVERIFY(socket->peerCertificateChain().isEmpty());

   706     QVERIFY2(socket->waitForEncrypted(10000), qPrintable(socket->errorString()));

   707 

   708     QList<QSslCertificate> certChain = socket->peerCertificateChain();

   709     QVERIFY(certChain.count() > 0);

   710     QCOMPARE(certChain.first(), socket->peerCertificate());

   711 

   712     socket->disconnectFromHost();

   713     QVERIFY(socket->waitForDisconnected());

   714 

   715     // connect again to a different server

   716     socket->connectToHostEncrypted("trolltech.com", 443);

   717     socket->ignoreSslErrors();

   718     QCOMPARE(socket->mode(), QSslSocket::UnencryptedMode);

   719     QVERIFY(socket->peerCertificateChain().isEmpty());

   720     QVERIFY2(socket->waitForEncrypted(10000), qPrintable(socket->errorString()));

   721 

   722     QCOMPARE(socket->peerCertificateChain().first(), socket->peerCertificate());

   723     QVERIFY(socket->peerCertificateChain() != certChain);

   724 

   725     socket->disconnectFromHost();

   726     QVERIFY(socket->waitForDisconnected());

   727 

   728     // now do it again back to the original server

   729     socket->connectToHost(QtNetworkSettings::serverName(), 443);

   730     QCOMPARE(socket->mode(), QSslSocket::UnencryptedMode);

   731     QVERIFY(socket->peerCertificateChain().isEmpty());

   732     QVERIFY2(socket->waitForConnected(10000), "Network timeout");

   733 

   734     socket->startClientEncryption();

   735     QVERIFY2(socket->waitForEncrypted(10000), qPrintable(socket->errorString()));

   736 

   737     QCOMPARE(socket->peerCertificateChain().first(), socket->peerCertificate());

   738     QVERIFY(socket->peerCertificateChain() == certChain);

   739 

   740     socket->disconnectFromHost();

   741     QVERIFY(socket->waitForDisconnected());

   742 }

   743 

   744 void tst_QSslSocket::privateKey()

   745 {

   746 }

   747 

   748 void tst_QSslSocket::protocol()

   749 {

   750     if (!QSslSocket::supportsSsl())

   751         return;

   752 

   753     QSslSocketPtr socket = newSocket();

   754     this->socket = socket;

   755     QList<QSslCertificate> certs = QSslCertificate::fromPath(SRCDIR "certs/qt-test-server-cacert.pem");

   756 

   757 //    qDebug() << "certs:" << certs.at(0).issuerInfo(QSslCertificate::CommonName);

   758     socket->setCaCertificates(certs);

   759 #ifdef QSSLSOCKET_CERTUNTRUSTED_WORKAROUND

   760     connect(socket, SIGNAL(sslErrors(QList<QSslError>)),

   761             this, SLOT(untrustedWorkaroundSlot(QList<QSslError>)));

   762 #endif

   763 

   764 //    qDebug() << "socket cert:" << socket->caCertificates().at(0).issuerInfo(QSslCertificate::CommonName);

   765     QCOMPARE(socket->protocol(), QSsl::SslV3);

   766     {

   767         // Fluke allows SSLv3.

   768         socket->setProtocol(QSsl::SslV3);

   769         QCOMPARE(socket->protocol(), QSsl::SslV3);

   770         socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 443);

   771         QVERIFY2(socket->waitForEncrypted(), qPrintable(socket->errorString()));

   772         QCOMPARE(socket->protocol(), QSsl::SslV3);

   773         socket->abort();

   774         QCOMPARE(socket->protocol(), QSsl::SslV3);

   775         socket->connectToHost(QtNetworkSettings::serverName(), 443);

   776         QVERIFY2(socket->waitForConnected(), qPrintable(socket->errorString()));

   777         socket->startClientEncryption();

   778         QVERIFY2(socket->waitForEncrypted(), qPrintable(socket->errorString()));

   779         QCOMPARE(socket->protocol(), QSsl::SslV3);

   780         socket->abort();

   781     }

   782     {

   783         // Fluke allows TLSV1.

   784         socket->setProtocol(QSsl::TlsV1);

   785         QCOMPARE(socket->protocol(), QSsl::TlsV1);

   786         socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 443);

   787         QVERIFY2(socket->waitForEncrypted(), qPrintable(socket->errorString()));

   788         QCOMPARE(socket->protocol(), QSsl::TlsV1);

   789         socket->abort();

   790         QCOMPARE(socket->protocol(), QSsl::TlsV1);

   791         socket->connectToHost(QtNetworkSettings::serverName(), 443);

   792         QVERIFY2(socket->waitForConnected(), qPrintable(socket->errorString()));

   793         socket->startClientEncryption();

   794         QVERIFY2(socket->waitForEncrypted(), qPrintable(socket->errorString()));

   795         QCOMPARE(socket->protocol(), QSsl::TlsV1);

   796         socket->abort();

   797     }

   798     {

   799         // Fluke allows SSLV2.

   800         socket->setProtocol(QSsl::SslV2);

   801         QCOMPARE(socket->protocol(), QSsl::SslV2);

   802         socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 443);

   803         QVERIFY(socket->waitForEncrypted());

   804         QCOMPARE(socket->protocol(), QSsl::SslV2);

   805         socket->abort();

   806         QCOMPARE(socket->protocol(), QSsl::SslV2);

   807         socket->connectToHost(QtNetworkSettings::serverName(), 443);

   808         QVERIFY2(socket->waitForConnected(), qPrintable(socket->errorString()));

   809         socket->startClientEncryption();

   810         QVERIFY2(socket->waitForEncrypted(), qPrintable(socket->errorString()));

   811         socket->abort();

   812     }

   813     {

   814         // Fluke allows SSLV3, so it allows AnyProtocol.

   815         socket->setProtocol(QSsl::AnyProtocol);

   816         QCOMPARE(socket->protocol(), QSsl::AnyProtocol);

   817         socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 443);

   818         QVERIFY(socket->waitForEncrypted());

   819         QCOMPARE(socket->protocol(), QSsl::AnyProtocol);

   820         socket->abort();

   821         QCOMPARE(socket->protocol(), QSsl::AnyProtocol);

   822         socket->connectToHost(QtNetworkSettings::serverName(), 443);

   823         QVERIFY2(socket->waitForConnected(), qPrintable(socket->errorString()));

   824         socket->startClientEncryption();

   825         QVERIFY2(socket->waitForEncrypted(), qPrintable(socket->errorString()));

   826         QCOMPARE(socket->protocol(), QSsl::AnyProtocol);

   827         socket->abort();

   828     }

   829 }

   830 

   831 void tst_QSslSocket::setCaCertificates()

   832 {

   833     if (!QSslSocket::supportsSsl())

   834         return;

   835 

   836     QSslSocket socket;

   837     QCOMPARE(socket.caCertificates(), QSslSocket::defaultCaCertificates());

   838     socket.setCaCertificates(QSslCertificate::fromPath(SRCDIR "certs/qt-test-server-cacert.pem"));

   839     QCOMPARE(socket.caCertificates().size(), 1);

   840     socket.setCaCertificates(socket.defaultCaCertificates());

   841     QCOMPARE(socket.caCertificates(), QSslSocket::defaultCaCertificates());

   842 }

   843 

   844 void tst_QSslSocket::setLocalCertificate()

   845 {

   846 }

   847 

   848 void tst_QSslSocket::setPrivateKey()

   849 {

   850 }

   851 

   852 void tst_QSslSocket::setProtocol()

   853 {

   854 }

   855 

   856 class SslServer : public QTcpServer

   857 {

   858     Q_OBJECT

   859 public:

   860     SslServer() : socket(0) { }

   861     QSslSocket *socket;

   862 

   863 protected:

   864     void incomingConnection(int socketDescriptor)

   865     {

   866         socket = new QSslSocket(this);

   867         connect(socket, SIGNAL(sslErrors(const QList<QSslError> &)), this, SLOT(ignoreErrorSlot()));

   868 

   869         QFile file(SRCDIR "certs/fluke.key");

   870         QVERIFY(file.open(QIODevice::ReadOnly));

   871         QSslKey key(file.readAll(), QSsl::Rsa, QSsl::Pem, QSsl::PrivateKey);

   872         QVERIFY(!key.isNull());

   873         socket->setPrivateKey(key);

   874 

   875         QList<QSslCertificate> localCert = QSslCertificate::fromPath(SRCDIR "certs/fluke.cert");

   876         QVERIFY(!localCert.isEmpty());

   877         QVERIFY(localCert.first().handle());

   878         socket->setLocalCertificate(localCert.first());

   879 

   880         QVERIFY(socket->setSocketDescriptor(socketDescriptor, QAbstractSocket::ConnectedState));

   881         QVERIFY(!socket->peerAddress().isNull());

   882         QVERIFY(socket->peerPort() != 0);

   883         QVERIFY(!socket->localAddress().isNull());

   884         QVERIFY(socket->localPort() != 0);

   885 

   886         socket->startServerEncryption();

   887     }

   888 

   889 protected slots:

   890     void ignoreErrorSlot()

   891     {

   892         socket->ignoreSslErrors();

   893     }

   894 };

   895 

   896 void tst_QSslSocket::setSocketDescriptor()

   897 {

   898     if (!QSslSocket::supportsSsl())

   899         return;

   900 

   901     QFETCH_GLOBAL(bool, setProxy);

   902     if (setProxy)

   903         return;

   904 

   905     SslServer server;

   906     QVERIFY(server.listen());

   907 

   908     QEventLoop loop;

   909     QTimer::singleShot(5000, &loop, SLOT(quit()));

   910 

   911     QSslSocketPtr client = new QSslSocket;

   912     socket = client;

   913     connect(socket, SIGNAL(sslErrors(const QList<QSslError> &)), this, SLOT(ignoreErrorSlot()));

   914     connect(client, SIGNAL(encrypted()), &loop, SLOT(quit()));

   915 

   916     client->connectToHostEncrypted(QHostAddress(QHostAddress::LocalHost).toString(), server.serverPort());

   917 

   918     loop.exec();

   919 

   920     QCOMPARE(client->state(), QAbstractSocket::ConnectedState);

   921     QVERIFY(client->isEncrypted());

   922     QVERIFY(!client->peerAddress().isNull());

   923     QVERIFY(client->peerPort() != 0);

   924     QVERIFY(!client->localAddress().isNull());

   925     QVERIFY(client->localPort() != 0);

   926 }

   927 

   928 void tst_QSslSocket::waitForEncrypted()

   929 {

   930     if (!QSslSocket::supportsSsl())

   931         return;

   932 

   933     QSslSocketPtr socket = newSocket();

   934     this->socket = socket;

   935 

   936     connect(socket, SIGNAL(sslErrors(const QList<QSslError> &)), this, SLOT(ignoreErrorSlot()));

   937     socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 443);

   938 

   939     QVERIFY(socket->waitForEncrypted(10000));

   940 }

   941 

   942 void tst_QSslSocket::waitForConnectedEncryptedReadyRead()

   943 {

   944     if (!QSslSocket::supportsSsl())

   945         return;

   946 

   947     QSslSocketPtr socket = newSocket();

   948     this->socket = socket;

   949 

   950     connect(socket, SIGNAL(sslErrors(const QList<QSslError> &)), this, SLOT(ignoreErrorSlot()));

   951     socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 993);

   952 

   953 #ifdef Q_OS_SYMBIAN

   954     QVERIFY(socket->waitForConnected(10000));

   955     QVERIFY(socket->waitForEncrypted(10000));

   956 

   957     // dont forget to login

   958     QCOMPARE((int) socket->write("USER ftptest\r\n"), 14);

   959     QCOMPARE((int) socket->write("PASS ftP2Ptf\r\n"), 14);

   960 

   961     QVERIFY(socket->waitForReadyRead(10000));

   962     QVERIFY(!socket->peerCertificate().isNull());

   963     QVERIFY(!socket->peerCertificateChain().isEmpty());

   964 #else

   965     QVERIFY(socket->waitForConnected(10000));

   966     QVERIFY(socket->waitForEncrypted(10000));

   967     QVERIFY(socket->waitForReadyRead(10000));

   968     QVERIFY(!socket->peerCertificate().isNull());

   969     QVERIFY(!socket->peerCertificateChain().isEmpty());

   970 #endif

   971 }

   972 

   973 void tst_QSslSocket::startClientEncryption()

   974 {

   975 }

   976 

   977 void tst_QSslSocket::startServerEncryption()

   978 {

   979 }

   980 

   981 void tst_QSslSocket::addDefaultCaCertificate()

   982 {

   983     if (!QSslSocket::supportsSsl())

   984         return;

   985 

   986     // Reset the global CA chain

   987     QSslSocket::setDefaultCaCertificates(QSslSocket::systemCaCertificates());

   988 

   989     QList<QSslCertificate> flukeCerts = QSslCertificate::fromPath(SRCDIR "certs/qt-test-server-cacert.pem");

   990     QCOMPARE(flukeCerts.size(), 1);

   991     QList<QSslCertificate> globalCerts = QSslSocket::defaultCaCertificates();

   992     QVERIFY(!globalCerts.contains(flukeCerts.first()));

   993     QSslSocket::addDefaultCaCertificate(flukeCerts.first());

   994     QCOMPARE(QSslSocket::defaultCaCertificates().size(), globalCerts.size() + 1);

   995     QVERIFY(QSslSocket::defaultCaCertificates().contains(flukeCerts.first()));

   996 

   997     // Restore the global CA chain

   998     QSslSocket::setDefaultCaCertificates(QSslSocket::systemCaCertificates());

   999 }

  1000 

  1001 void tst_QSslSocket::addDefaultCaCertificates()

  1002 {

  1003 }

  1004 

  1005 void tst_QSslSocket::addDefaultCaCertificates2()

  1006 {

  1007 }

  1008 

  1009 void tst_QSslSocket::defaultCaCertificates()

  1010 {

  1011     if (!QSslSocket::supportsSsl())

  1012         return;

  1013 

  1014     QList<QSslCertificate> certs = QSslSocket::defaultCaCertificates();

  1015     QVERIFY(certs.size() > 1);

  1016     QCOMPARE(certs, QSslSocket::systemCaCertificates());

  1017 }

  1018 

  1019 void tst_QSslSocket::defaultCiphers()

  1020 {

  1021 }

  1022 

  1023 void tst_QSslSocket::resetDefaultCiphers()

  1024 {

  1025 }

  1026 

  1027 void tst_QSslSocket::setDefaultCaCertificates()

  1028 {

  1029 }

  1030 

  1031 void tst_QSslSocket::setDefaultCiphers()

  1032 {

  1033 }

  1034 

  1035 void tst_QSslSocket::supportedCiphers()

  1036 {

  1037     if (!QSslSocket::supportsSsl())

  1038         return;

  1039 

  1040     QList<QSslCipher> ciphers = QSslSocket::supportedCiphers();

  1041     QVERIFY(ciphers.size() > 1);

  1042 

  1043     QSslSocket socket;

  1044     QCOMPARE(socket.supportedCiphers(), ciphers);

  1045     QCOMPARE(socket.defaultCiphers(), ciphers);

  1046     QCOMPARE(socket.ciphers(), ciphers);

  1047 }

  1048 

  1049 void tst_QSslSocket::systemCaCertificates()

  1050 {

  1051     if (!QSslSocket::supportsSsl())

  1052         return;

  1053 

  1054     QList<QSslCertificate> certs = QSslSocket::systemCaCertificates();

  1055     QVERIFY(certs.size() > 1);

  1056     QCOMPARE(certs, QSslSocket::defaultCaCertificates());

  1057 }

  1058 

  1059 void tst_QSslSocket::wildcard()

  1060 {

  1061     QSKIP("TODO: solve wildcard problem", SkipAll);

  1062 

  1063     if (!QSslSocket::supportsSsl())

  1064         return;

  1065 

  1066     // Fluke runs an apache server listening on port 4443, serving the

  1067     // wildcard fluke.*.troll.no.  The DNS entry for

  1068     // fluke.wildcard.dev.troll.no, served by ares (root for dev.troll.no),

  1069     // returns the CNAME fluke.troll.no for this domain. The web server

  1070     // responds with the wildcard, and QSslSocket should accept that as a

  1071     // valid connection.  This was broken in 4.3.0.

  1072     QSslSocketPtr socket = newSocket();

  1073     socket->addCaCertificates(QLatin1String("certs/aspiriniks.ca.crt"));

  1074     this->socket = socket;

  1075 #ifdef QSSLSOCKET_CERTUNTRUSTED_WORKAROUND

  1076     connect(socket, SIGNAL(sslErrors(QList<QSslError>)),

  1077             this, SLOT(untrustedWorkaroundSlot(QList<QSslError>)));

  1078 #endif

  1079     socket->connectToHostEncrypted(QtNetworkSettings::wildcardServerName(), 4443);

  1080 

  1081     QVERIFY2(socket->waitForEncrypted(3000), qPrintable(socket->errorString()));

  1082 

  1083     QSslCertificate certificate = socket->peerCertificate();

  1084     QCOMPARE(certificate.subjectInfo(QSslCertificate::CommonName), QString(QtNetworkSettings::serverLocalName() + ".*." + QtNetworkSettings::serverDomainName()));

  1085     QCOMPARE(certificate.issuerInfo(QSslCertificate::CommonName), QtNetworkSettings::serverName());

  1086 

  1087     socket->close();

  1088 }

  1089 

  1090 class SslServer2 : public QTcpServer

  1091 {

  1092 protected:

  1093     void incomingConnection(int socketDescriptor)

  1094     {

  1095         QSslSocket *socket = new QSslSocket(this);

  1096         socket->ignoreSslErrors();

  1097 

  1098         // Only set the certificate

  1099         QList<QSslCertificate> localCert = QSslCertificate::fromPath(SRCDIR "certs/fluke.cert");

  1100         QVERIFY(!localCert.isEmpty());

  1101         QVERIFY(localCert.first().handle());

  1102         socket->setLocalCertificate(localCert.first());

  1103 

  1104         QVERIFY(socket->setSocketDescriptor(socketDescriptor, QAbstractSocket::ConnectedState));

  1105 

  1106         socket->startServerEncryption();

  1107     }

  1108 };

  1109 

  1110 void tst_QSslSocket::setEmptyKey()

  1111 {

  1112     if (!QSslSocket::supportsSsl())

  1113         return;

  1114 

  1115     QFETCH_GLOBAL(bool, setProxy);

  1116     if (setProxy)

  1117         return;

  1118 

  1119     SslServer2 server;

  1120     server.listen();

  1121 

  1122     QSslSocket socket;

  1123     socket.connectToHostEncrypted("127.0.0.1", server.serverPort());

  1124 

  1125     QTestEventLoop::instance().enterLoop(2);

  1126 

  1127     QCOMPARE(socket.state(), QAbstractSocket::ConnectedState);

  1128     QCOMPARE(socket.error(), QAbstractSocket::UnknownSocketError);

  1129 }

  1130 

  1131 void tst_QSslSocket::spontaneousWrite()

  1132 {

  1133     QFETCH_GLOBAL(bool, setProxy);

  1134     if (setProxy)