Import upstream version 0.8.3
Kali Janitor
1 year, 8 months ago
3 | 3 | |
4 | 4 | set(QSSLC_VERSION_MAJOR 0) |
5 | 5 | set(QSSLC_VERSION_MINOR 8) |
6 | set(QSSLC_VERSION_PATCH 1) | |
6 | set(QSSLC_VERSION_PATCH 3) | |
7 | 7 | set(QSSLC_VERSION "${QSSLC_VERSION_MAJOR}.${QSSLC_VERSION_MINOR}.${QSSLC_VERSION_PATCH}") |
8 | 8 | # version formatting stolen from KeepAssXC's CMakeLists.txt :-) |
9 | 9 | set(OVERRIDE_VERSION "" CACHE STRING "Override the qsslcaudit Version for Snapshot builds") |
153 | 153 | |
154 | 154 | find_package(CryptoPP REQUIRED) |
155 | 155 | |
156 | set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++11 -Wall") | |
156 | SET(CMAKE_CXX_STANDARD 11) | |
157 | ||
158 | set(CMAKE_INCLUDE_CURRENT_DIR ON) | |
159 | set(CMAKE_AUTOMOC ON) | |
157 | 160 | |
158 | 161 | set(THIRDPARTY_DIR "${CMAKE_SOURCE_DIR}/thirdparty") |
159 | 162 | set(UNSAFESSL_DIR "${CMAKE_SOURCE_DIR}/src/unsafessl") |
74 | 74 | ENDIF (CRYPTOPP_LIBRARY_DEBUG AND CRYPTOPP_LIBRARY_RELEASE) |
75 | 75 | |
76 | 76 | IF (CRYPTOPP_INCLUDE_DIR) |
77 | SET (_CRYPTOPP_VERSION_HEADER ${CRYPTOPP_INCLUDE_DIR}/cryptopp/config.h) | |
77 | SET (_CRYPTOPP_VERSION_HEADER ${CRYPTOPP_INCLUDE_DIR}/cryptopp/config_ver.h) | |
78 | ||
79 | IF (NOT EXISTS ${_CRYPTOPP_VERSION_HEADER}) | |
80 | SET (_CRYPTOPP_VERSION_HEADER ${CRYPTOPP_INCLUDE_DIR}/cryptopp/config.h) | |
81 | ENDIF (NOT EXISTS ${_CRYPTOPP_VERSION_HEADER}) | |
78 | 82 | |
79 | 83 | IF (EXISTS ${_CRYPTOPP_VERSION_HEADER}) |
80 | 84 | FILE (STRINGS ${_CRYPTOPP_VERSION_HEADER} _CRYPTOPP_VERSION_TMP REGEX |
11 | 11 | include_directories(${UNSAFESSL_DIR}) |
12 | 12 | endif() |
13 | 13 | |
14 | add_executable(qsslcaudit main.cpp) | |
14 | add_executable(qsslcaudit main.cpp sigwatch.cpp sigwatch.h) | |
15 | 15 | set_target_properties(qsslcaudit PROPERTIES AUTOMOC TRUE) |
16 | 16 | |
17 | 17 | target_link_libraries(qsslcaudit qsslcaudit_lib) |
15 | 15 | clientinfo.cpp |
16 | 16 | openssl-helper.cpp |
17 | 17 | cve-2020-0601_poc.cpp |
18 | testserver.cpp | |
18 | 19 | ) |
19 | 20 | |
20 | 21 | set(qsslcauditHeaders |
36 | 37 | clientinfo.h |
37 | 38 | openssl-helper.h |
38 | 39 | cve-2020-0601_poc.h |
40 | testserver.h | |
39 | 41 | ) |
40 | 42 | |
41 | 43 | include_directories( |
65 | 65 | void sslHandshakeFinished(const QList<XSslCertificate> &clientCerts); |
66 | 66 | void newPeer(const QHostAddress &peerAddress); |
67 | 67 | void rawDataCollected(const QByteArray &rdData, const QByteArray &wrData); |
68 | void sessionFinished(); | |
69 | void newConnection(); | |
68 | 70 | |
69 | 71 | private slots: |
70 | 72 | void handleSocketError(QAbstractSocket::SocketError socketError); |
141 | 143 | |
142 | 144 | collectedDgram = dgram; |
143 | 145 | clientConnected = true; |
146 | ||
147 | emit newConnection(); | |
144 | 148 | } else if (!currentConnection.isNull()) { |
145 | 149 | if (currentConnection->isConnectionEncrypted()) { |
146 | 150 | decryptDatagram(currentConnection, dgram); |
192 | 196 | |
193 | 197 | if (!result) { |
194 | 198 | clientFinished = true; |
199 | emit sessionFinished(); | |
195 | 200 | return; |
196 | 201 | } |
197 | 202 | |
219 | 224 | emit dtlsHandshakeError(connection->dtlsError(), connection->dtlsErrorString()); |
220 | 225 | |
221 | 226 | if (dgram.size()) { |
222 | VERBOSE("received data: " + QString(dgram)); | |
227 | // check if datagram has binary data | |
228 | bool binData = false; | |
229 | for (int i = 0; i < dgram.size(); i++) { | |
230 | if (dgram.at(i) < ' ') | |
231 | binData = true; | |
232 | } | |
233 | VERBOSE("received data: " + (binData ? QString(dgram.toHex()) : QString(dgram))); | |
223 | 234 | emit dataIntercepted(dgram); |
224 | 235 | |
225 | 236 | // send data to proxy, if requested |
242 | 253 | emit dataIntercepted(dgram); |
243 | 254 | } else if (connection->dtlsError() == XDtlsError::RemoteClosedConnectionError) { |
244 | 255 | clientFinished = true; |
256 | sessionFinished(); | |
245 | 257 | } else { |
246 | 258 | VERBOSE("data decryption error"); |
247 | 259 | } |
270 | 282 | Q_DECLARE_METATYPE(QList<SslUnsafeCertificate>) |
271 | 283 | Q_DECLARE_METATYPE(SslUnsafeDtlsError) |
272 | 284 | |
273 | DtlsServer::DtlsServer(const SslUserSettings &settings, | |
285 | DtlsServer::DtlsServer(const SslUserSettings *settings, | |
274 | 286 | QList<XSslCertificate> localCert, |
275 | 287 | XSslKey privateKey, |
276 | 288 | XSsl::SslProtocol sslProtocol, |
305 | 317 | connect(dtlsWorker, &DtlsServerWorker::rawDataCollected, [=](const QByteArray &rdData, const QByteArray &wrData) { |
306 | 318 | emit rawDataCollected(rdData, wrData); |
307 | 319 | }); |
320 | connect(dtlsWorker, &DtlsServerWorker::sessionFinished, this, &DtlsServer::sessionFinished); | |
321 | connect(dtlsWorker, &DtlsServerWorker::newConnection, this, &DtlsServer::newConnection); | |
308 | 322 | |
309 | 323 | dtlsThread.start(); |
310 | 324 | |
313 | 327 | dtlsWorker->m_sslProtocol = sslProtocol; |
314 | 328 | dtlsWorker->m_sslCiphers = sslCiphers; |
315 | 329 | |
316 | dtlsWorker->m_startTlsProtocol = settings.getStartTlsProtocol(); | |
317 | dtlsWorker->m_forwardHost = settings.getForwardHostAddr(); | |
318 | dtlsWorker->m_forwardPort = settings.getForwardHostPort(); | |
319 | dtlsWorker->m_waitDataTimeout = settings.getWaitDataTimeout(); | |
330 | dtlsWorker->m_startTlsProtocol = settings->getStartTlsProtocol(); | |
331 | dtlsWorker->m_forwardHost = settings->getForwardHostAddr(); | |
332 | dtlsWorker->m_forwardPort = settings->getForwardHostPort(); | |
333 | dtlsWorker->m_waitDataTimeout = settings->getWaitDataTimeout(); | |
320 | 334 | |
321 | 335 | dtlsWorker->clientConnected = false; |
322 | 336 | } |
341 | 355 | QTimer::singleShot(0, dtlsWorker, SLOT(close())); |
342 | 356 | } |
343 | 357 | |
344 | bool DtlsServer::waitForNewClient() | |
345 | { | |
346 | return dtlsWorker->waitForNewClient(); | |
347 | } | |
348 | ||
349 | 358 | void DtlsServer::handleClient() |
350 | 359 | { |
351 | 360 | QTimer::singleShot(0, dtlsWorker, SLOT(handleClient())); |
352 | 361 | dtlsWorker->waitForClientFinished(); |
353 | 362 | } |
354 | 363 | |
364 | bool DtlsServer::isForwarding() | |
365 | { | |
366 | return m_isForwarding; | |
367 | } | |
368 | ||
369 | void DtlsServer::handleSigInt() | |
370 | { | |
371 | ||
372 | } | |
373 | ||
355 | 374 | #include "dtlsserver.moc" |
14 | 14 | Q_OBJECT |
15 | 15 | |
16 | 16 | public: |
17 | DtlsServer(const SslUserSettings &settings, | |
17 | DtlsServer(const SslUserSettings *settings, | |
18 | 18 | QList<XSslCertificate> localCert, |
19 | 19 | XSslKey privateKey, |
20 | 20 | XSsl::SslProtocol sslProtocol, |
24 | 24 | |
25 | 25 | bool listen(const QHostAddress &address, quint16 port); |
26 | 26 | void close(); |
27 | bool waitForNewClient(); | |
28 | 27 | void handleClient(); |
29 | 28 | |
30 | 29 | signals: |
35 | 34 | void sslHandshakeFinished(const QList<XSslCertificate> &clientCerts); |
36 | 35 | void newPeer(const QHostAddress &peerAddress); |
37 | 36 | void rawDataCollected(const QByteArray &rdData, const QByteArray &wrData); |
37 | void sessionFinished(); | |
38 | void newConnection(); | |
38 | 39 | |
39 | 40 | private: |
41 | void handleSigInt(); | |
42 | bool isForwarding(); | |
43 | ||
40 | 44 | QThread dtlsThread; |
41 | 45 | DtlsServerWorker *dtlsWorker; |
46 | ||
47 | bool m_stopForwarding; | |
48 | bool m_isForwarding; | |
49 | ||
50 | friend class SslServer; | |
42 | 51 | }; |
43 | 52 | |
44 | 53 | #endif // DTLSSERVER_H |
0 | 0 | |
1 | 1 | #include "sslcaudit.h" |
2 | #include "sslserver.h" | |
3 | 2 | #include "debug.h" |
4 | #include "ciphers.h" | |
5 | ||
6 | #include <QCoreApplication> | |
7 | #include <QThread> | |
3 | #include "sslusersettings.h" | |
4 | #include "clientinfo.h" | |
5 | #include "testserver.h" | |
6 | #include "ssltest.h" | |
7 | ||
8 | 8 | #include <QFile> |
9 | 9 | #include <QXmlStreamWriter> |
10 | 10 | |
11 | #ifdef UNSAFE_QSSL | |
12 | #include "sslunsafesocket.h" | |
13 | #include "sslunsafeconfiguration.h" | |
14 | #else | |
15 | #include <QSslSocket> | |
16 | #include <QSslConfiguration> | |
17 | #endif | |
18 | ||
19 | ||
20 | SslCAudit::SslCAudit(const SslUserSettings settings, QObject *parent) : | |
11 | #include <QThread> | |
12 | ||
13 | SslCAudit::SslCAudit(const SslUserSettings *settings, QObject *parent) : | |
21 | 14 | QObject(parent), |
22 | settings(settings), | |
23 | sslTests(QList<SslTest *>()) | |
15 | settings(settings) | |
24 | 16 | { |
25 | 17 | VERBOSE("SSL library used: " + XSslSocket::sslLibraryVersionString()); |
26 | 18 | } |
27 | 19 | |
28 | void SslCAudit::showCiphersGroup(const QString &groupName, const QString &ciphersStr) | |
29 | { | |
30 | QStringList opensslCiphers = ciphersStr.split(":"); | |
31 | QString supportedCiphersStr; | |
32 | ||
33 | VERBOSE(" " + groupName + ":"); | |
34 | ||
35 | for (int i = 0; i < opensslCiphers.size(); i++) { | |
36 | XSslCipher cipher = XSslCipher(opensslCiphers.at(i)); | |
37 | ||
38 | if (!cipher.isNull()) | |
39 | supportedCiphersStr += opensslCiphers.at(i) + ":"; | |
40 | } | |
41 | ||
42 | supportedCiphersStr.chop(1); | |
43 | ||
44 | VERBOSE(" " + supportedCiphersStr); | |
45 | } | |
46 | ||
47 | void SslCAudit::showCiphers() | |
48 | { | |
49 | VERBOSE("supported ciphers:"); | |
50 | showCiphersGroup("EXPORT", ciphers_export_str); | |
51 | showCiphersGroup("LOW", ciphers_low_str); | |
52 | showCiphersGroup("MEDIUM", ciphers_medium_str); | |
53 | showCiphersGroup("HIGH", ciphers_high_str); | |
54 | } | |
55 | ||
56 | 20 | void SslCAudit::setSslTests(const QList<SslTest *> &tests) |
57 | 21 | { |
58 | 22 | sslTests = tests; |
59 | 23 | } |
60 | 24 | |
61 | void SslCAudit::runTest() | |
62 | { | |
63 | WHITE(QString("running test #%1: %2").arg(static_cast<int>(currentTest->id()) + 1) | |
64 | .arg(currentTest->description())); | |
65 | ||
66 | SslServer *sslServer = new SslServer(settings, | |
67 | currentTest->localCert(), | |
68 | currentTest->privateKey(), | |
69 | currentTest->sslProtocol(), | |
70 | currentTest->sslCiphers(), | |
71 | this); | |
72 | if (!sslServer->listen()) { | |
73 | // this place is in the middle of code path and others could expect | |
74 | // some return values, signals, etc. | |
75 | // however, if we can not setup listener (mostly due to permission/busy errors) | |
76 | // for one test, all others will fail. | |
77 | // there is no strong reason to attempt to recover from that, thus, exit with | |
78 | // non-zero code | |
79 | // alternative way -- test availability of socket prior launching SslCaudit | |
80 | exit(-1); | |
81 | } | |
82 | ||
83 | // can be emitted by both TCP and UDP servers | |
84 | connect(sslServer, &SslServer::sslSocketErrors, this, &SslCAudit::handleSslSocketErrors); | |
85 | ||
86 | // can be emitted by TCP server only | |
87 | connect(sslServer, &SslServer::sslErrors, [=](const QList<XSslError> &errors) { | |
88 | VERBOSE("SSL errors detected:"); | |
89 | XSslError error; | |
90 | foreach (error, errors) { | |
91 | VERBOSE("\t" + error.errorString()); | |
92 | currentClientInfo->addSslErrorString(error.errorString()); | |
93 | } | |
94 | currentClientInfo->addSslErrors(errors); | |
95 | }); | |
96 | ||
97 | // can be emitted by UDP server only | |
98 | connect(sslServer, &SslServer::dtlsHandshakeError, [=](const XDtlsError error, const QString &errorStr) { | |
99 | VERBOSE("DTLS error detected:"); | |
100 | VERBOSE(QString("\t%1(%2)").arg(errorStr).arg(SslServer::dtlsErrorToString(error))); | |
101 | currentClientInfo->addSslErrorString(errorStr); | |
102 | currentClientInfo->addDtlsError(error); | |
103 | }); | |
104 | ||
105 | // can be emitted by both TCP and UDP servers | |
106 | connect(sslServer, &SslServer::dataIntercepted, [=](const QByteArray &data) { | |
107 | currentClientInfo->addInterceptedData(data); | |
108 | }); | |
109 | ||
110 | // can be emitted by both TCP and UDP servers | |
111 | connect(sslServer, &SslServer::rawDataCollected, [=](const QByteArray &rdData, const QByteArray &wrData) { | |
112 | currentClientInfo->addRawDataRecv(rdData); | |
113 | currentClientInfo->addRawDataSent(wrData); | |
114 | }); | |
115 | ||
116 | // can be emitted by both TCP and UDP servers | |
117 | connect(sslServer, &SslServer::sslHandshakeFinished, [=](const QList<XSslCertificate> &clientCerts) { | |
118 | VERBOSE("SSL connection established"); | |
119 | if (clientCerts.size() > 0) { | |
120 | VERBOSE(QString("\tclient supplied chain of %1 certificates").arg(clientCerts.size())); | |
121 | for (int i = 0; i < clientCerts.size(); i++) { | |
122 | VERBOSE(clientCerts.at(i).toPem()); | |
25 | void SslCAudit::handleServerFinished() | |
26 | { | |
27 | TestServer *testServer = qobject_cast<TestServer *>(sender()); | |
28 | TestServer *newTestServer = nullptr; | |
29 | ||
30 | emit sslTestFinished(); | |
31 | ||
32 | for (int i = 0; i < testServers.size(); i++) { | |
33 | if (testServers.at(i) == testServer) { | |
34 | // the last test finished | |
35 | if (i == testServers.size() - 1) { | |
36 | // if we asked to loop tests, start again with the first one | |
37 | if (settings->getLoopTests()) { | |
38 | newTestServer = testServers.at(0); | |
39 | } else { | |
40 | emit sslTestsFinished(); | |
41 | return; | |
42 | } | |
43 | } else { | |
44 | // switch to the next test | |
45 | newTestServer = testServers.at(i + 1); | |
123 | 46 | } |
124 | 47 | } |
125 | ||
126 | currentClientInfo->setSslConnectionStatus(true); | |
127 | }); | |
128 | ||
129 | // can be emitted by TCP server only | |
130 | // for UDP see QDtls::peerVerificationErrors(), however, it does not make sense anyway | |
131 | connect(sslServer, &SslServer::peerVerifyError, [=](const XSslError &error) { | |
132 | VERBOSE("peer verify error:"); | |
133 | VERBOSE("\t" + error.errorString()); | |
134 | }); | |
135 | ||
136 | // can be emitted by both TCP and UDP servers | |
137 | connect(sslServer, &SslServer::newPeer, [=](const QHostAddress &peerAddress) { | |
138 | currentClientInfo->setSourceHost(peerAddress.toString()); | |
139 | }); | |
140 | ||
141 | emit sslTestReady(); | |
142 | ||
143 | if (sslServer->waitForClient()) { | |
144 | // check if *server* was not able to setup SSL connection | |
145 | // to check this we need to see if we already received some SSL errors | |
146 | // if this is the case -- then those errors are about SSL initialization | |
147 | if ((currentClientInfo->sslErrorsStr().size() > 0) | |
148 | || (currentClientInfo->socketErrors().size() > 0)) { | |
149 | RED("failure during SSL initialization, test will not continue"); | |
150 | ||
151 | for (int i = 0; i < currentClientInfo->sslErrorsStr().size(); i++) { | |
152 | VERBOSE("\t" + currentClientInfo->sslErrorsStr().at(i)); | |
153 | } | |
154 | ||
155 | currentTest->calcResults(*currentClientInfo); | |
156 | delete sslServer; | |
157 | return; | |
158 | } | |
159 | ||
160 | // now we can handle client side | |
161 | // this call will loop until connection close if 'forward' option is set | |
162 | sslServer->handleIncomingConnection(); | |
48 | } | |
49 | ||
50 | // run the next test | |
51 | if (newTestServer) | |
52 | newTestServer->runTest(); | |
53 | } | |
54 | ||
55 | void SslCAudit::run() | |
56 | { | |
57 | for (int i = 0; i < sslTests.size(); i++) { | |
58 | TestServer *testServer = new TestServer(sslTests.at(i), settings, this); | |
59 | ||
60 | testServers << testServer; | |
61 | ||
62 | connect(testServer, &TestServer::sslTestReady, this, &SslCAudit::sslTestReady); | |
63 | connect(testServer, &TestServer::sslTestFinished, this, &SslCAudit::handleServerFinished); | |
64 | ||
65 | connect(this, &SslCAudit::sigIntHandled, testServer, &TestServer::sigIntHandled); | |
66 | } | |
67 | ||
68 | if (testServers.size() == 0) { | |
69 | emit sslTestsFinished(); | |
70 | return; | |
71 | } | |
72 | ||
73 | testServers.at(0)->runTest(); | |
74 | } | |
75 | ||
76 | const ClientInfo *SslCAudit::getClientInfo(int num) { | |
77 | if (num < testServers.size()) | |
78 | return testServers.at(num)->getClientInfo(); | |
79 | return nullptr; | |
80 | } | |
81 | ||
82 | bool SslCAudit::isSameClient(bool doPrint) | |
83 | { | |
84 | const ClientInfo *client0; | |
85 | bool ret = true; | |
86 | ||
87 | if (testServers.size() == 0) | |
88 | return true; | |
89 | ||
90 | // ignore the first client fingerprint if duplication of the first test was requested | |
91 | if (!settings->getDoubleFirstTest()) { | |
92 | client0 = testServers.at(0)->getClientInfo(); | |
163 | 93 | } else { |
164 | VERBOSE("could not establish encrypted connection (" + currentClientInfo->sslErrorsStr().join(", ") + ")"); | |
165 | } | |
166 | ||
167 | delete sslServer; | |
168 | ||
169 | currentTest->calcResults(*currentClientInfo); | |
170 | ||
171 | WHITE("report:"); | |
172 | ||
173 | if (currentTest->result() != SslTestResult::Success) { | |
174 | RED(currentTest->report()); | |
175 | } else { | |
176 | GREEN(currentTest->report()); | |
177 | } | |
178 | ||
179 | WHITE("test finished"); | |
180 | ||
181 | emit sslTestFinished(); | |
182 | } | |
183 | ||
184 | void SslCAudit::handleSslSocketErrors(const QList<XSslError> &sslErrors, | |
185 | const QString &errorStr, QAbstractSocket::SocketError socketError) | |
186 | { | |
187 | VERBOSE(QString("socket error: %1 (#%2)").arg(errorStr).arg(socketError)); | |
188 | ||
189 | currentClientInfo->addSslErrors(sslErrors); | |
190 | currentClientInfo->addSslErrorString(errorStr); | |
191 | currentClientInfo->addSocketErrors(QList<QAbstractSocket::SocketError>() << socketError); | |
192 | ||
193 | switch (socketError) { | |
194 | case QAbstractSocket::SslInvalidUserDataError: | |
195 | VERBOSE("\tInvalid data (certificate, key, cypher, etc.) was provided and its use resulted in an error in the SSL library."); | |
196 | break; | |
197 | case QAbstractSocket::SslInternalError: | |
198 | VERBOSE("\tThe SSL library being used reported an internal error. This is probably the result of a bad installation or misconfiguration of the library."); | |
199 | break; | |
200 | case QAbstractSocket::SslHandshakeFailedError: | |
201 | if (errorStr.contains(QString("ssl3_get_client_hello:no shared cipher"))) { | |
202 | VERBOSE("\tThe SSL/TLS handshake failed (client did not provide expected ciphers), so the connection was closed."); | |
203 | } else if (errorStr.contains(QString("ssl3_read_bytes:tlsv1 alert protocol version"))) { | |
204 | VERBOSE("\tThe SSL/TLS handshake failed (client refused the proposed protocol), so the connection was closed."); | |
205 | } else { | |
206 | VERBOSE("\tThe SSL/TLS handshake failed, so the connection was closed."); | |
207 | } | |
208 | break; | |
209 | default: | |
210 | // just ignore all other errors | |
211 | break; | |
212 | } | |
213 | } | |
214 | ||
215 | void SslCAudit::run() | |
216 | { | |
217 | // in case we were re-launched, clear containers | |
218 | qDeleteAll(clientsInfo.begin(), clientsInfo.end()); | |
219 | clientsInfo.clear(); | |
220 | ||
221 | do { | |
222 | for (int i = 0; i < sslTests.size(); i++) { | |
223 | VERBOSE(""); | |
224 | currentTest = sslTests.at(i); | |
225 | currentTest->clear(); | |
226 | ||
227 | currentClientInfo = new ClientInfo(); | |
228 | currentClientInfo->setDtlsMode(settings.getUseDtls()); | |
229 | clientsInfo << currentClientInfo; | |
230 | ||
231 | runTest(); | |
232 | VERBOSE(""); | |
233 | } | |
234 | } while (settings.getLoopTests()); | |
235 | ||
236 | emit sslTestsFinished(); | |
237 | } | |
238 | ||
239 | bool SslCAudit::isSameClient(bool doPrint) | |
240 | { | |
241 | ClientInfo *client0; | |
242 | bool ret = true; | |
243 | ||
244 | if (!clientsInfo.size()) | |
245 | return ret; | |
246 | ||
247 | // ignore the first client fingerprint if duplication of the first test was requested | |
248 | if (!settings.getDoubleFirstTest()) { | |
249 | client0 = clientsInfo.at(0); | |
250 | } else { | |
251 | client0 = clientsInfo.at(1); | |
252 | } | |
253 | ||
254 | for (int i = 1; i < clientsInfo.size(); i++) { | |
255 | if (!client0->isEqualTo(clientsInfo.at(i))) { | |
94 | client0 = testServers.at(1)->getClientInfo(); | |
95 | } | |
96 | ||
97 | for (int i = 1; i < testServers.size(); i++) { | |
98 | if (!client0->isEqualTo(testServers.at(i)->getClientInfo())) { | |
256 | 99 | ret = false; |
257 | 100 | |
258 | 101 | if (doPrint) { |
266 | 109 | } |
267 | 110 | |
268 | 111 | VERBOSE(QString("client #%1").arg(i)); |
269 | VERBOSE(clientsInfo.at(i)->printable()); | |
112 | VERBOSE(testServers.at(i)->getClientInfo()->printable()); | |
270 | 113 | } else { |
271 | 114 | break; |
272 | 115 | } |
400 | 243 | |
401 | 244 | QString previousComment; |
402 | 245 | |
403 | for (int i = 0; i < sslTests.size(); i++) { | |
404 | SslTest *test = sslTests.at(i); | |
246 | for (int i = 0; i < testServers.size(); i++) { | |
247 | const SslTest *test = testServers.at(i)->getSslTest(); | |
405 | 248 | QString testName = test->name(); |
406 | 249 | QString comment = test->resultComment(); |
407 | 250 | |
442 | 285 | xmlWriter.writeStartDocument(); |
443 | 286 | |
444 | 287 | xmlWriter.writeStartElement("qsslcaudit"); |
445 | for (int i = 0; i < sslTests.size(); i++) { | |
446 | SslTest *test = sslTests.at(i); | |
288 | for (int i = 0; i < testServers.size(); i++) { | |
289 | const SslTest *test = testServers.at(i)->getSslTest(); | |
447 | 290 | QString testId = QString::number(static_cast<int>(test->id()) + 1); // keep numbering in human format |
448 | 291 | QString testName = test->name(); |
449 | 292 | QString testResult = sslTestResultToStatus(test->result()); |
458 | 301 | xmlWriter.writeEndElement(); |
459 | 302 | file.close(); |
460 | 303 | } |
304 | ||
305 | void SslCAudit::handleSigInt() | |
306 | { | |
307 | emit sigIntHandled(); | |
308 | } |
0 | ||
1 | 0 | #ifndef SSLCAUDIT_H |
2 | 1 | #define SSLCAUDIT_H |
3 | 2 | |
4 | #ifdef UNSAFE_QSSL | |
5 | #include "sslunsafeerror.h" | |
6 | #else | |
7 | #include <QSslError> | |
8 | #endif | |
3 | #include <QObject> | |
9 | 4 | |
10 | #include "sslusersettings.h" | |
11 | #include "ssltest.h" | |
5 | class SslUserSettings; | |
6 | class TestServer; | |
7 | class SslTest; | |
8 | class ClientInfo; | |
12 | 9 | |
13 | 10 | class SslCAudit : public QObject |
14 | 11 | { |
15 | 12 | Q_OBJECT |
16 | 13 | |
17 | 14 | public: |
18 | SslCAudit(const SslUserSettings settings, QObject *parent = nullptr); | |
15 | SslCAudit(const SslUserSettings *settings, QObject *parent = nullptr); | |
19 | 16 | |
20 | 17 | void setSslTests(const QList<SslTest *> &tests); |
21 | 18 | |
22 | static void showCiphers(); | |
23 | 19 | void printSummary(); |
24 | 20 | void writeXmlSummary(const QString &filename); |
21 | ||
25 | 22 | bool isSameClient(bool doPrint); |
26 | ClientInfo getClientInfo(int num) { | |
27 | if (num < clientsInfo.size()) | |
28 | return *clientsInfo.at(num); | |
29 | return ClientInfo(); | |
30 | } | |
23 | ||
24 | const ClientInfo *getClientInfo(int num); | |
31 | 25 | |
32 | 26 | public slots: |
27 | void handleSigInt(); | |
33 | 28 | void run(); |
34 | 29 | |
35 | 30 | signals: |
36 | 31 | void sslTestReady(); |
37 | 32 | void sslTestFinished(); |
38 | 33 | void sslTestsFinished(); |
34 | void sigIntHandled(); | |
39 | 35 | |
40 | 36 | private: |
41 | void runTest(); | |
42 | void handleSslSocketErrors(const QList<XSslError> &sslErrors, | |
43 | const QString &errorStr, QAbstractSocket::SocketError socketError); | |
44 | static void showCiphersGroup(const QString &groupName, const QString &ciphersStr); | |
37 | void handleServerFinished(); | |
45 | 38 | |
46 | SslUserSettings settings; | |
39 | const SslUserSettings *settings; | |
47 | 40 | |
48 | 41 | QList<SslTest *> sslTests; |
49 | SslTest *currentTest; | |
50 | ||
51 | QVector<ClientInfo *> clientsInfo; | |
52 | ClientInfo *currentClientInfo; | |
42 | QList<TestServer *> testServers; | |
53 | 43 | |
54 | 44 | }; |
55 | 45 |
76 | 76 | reqbuilder.setKey(key); |
77 | 77 | reqbuilder.addNameEntry(Certificate::EntryCountryName, "BE"); |
78 | 78 | reqbuilder.addNameEntry(Certificate::EntryOrganizationName, org.toLocal8Bit()); |
79 | if (commonName.length() > 0) | |
79 | if (commonName.length() > 0) { | |
80 | 80 | reqbuilder.addNameEntry(Certificate::EntryCommonName, commonName.toLocal8Bit()); |
81 | reqbuilder.addSubjectAlternativeNameEntry(XSsl::DnsEntry, commonName.toLocal8Bit()); | |
82 | } | |
81 | 83 | |
82 | 84 | // sign the request |
83 | 85 | CertificateRequest req = reqbuilder.signedRequest(key); |
142 | 144 | } |
143 | 145 | } |
144 | 146 | |
147 | QMultiMap<SslUnsafe::AlternativeNameEntryType, QString> sans = basecert.subjectAlternativeNames(); | |
148 | for (auto item = sans.begin(); item != sans.end(); item++) { | |
149 | reqbuilder.addSubjectAlternativeNameEntry(item.key(), item.value().toLocal8Bit()); | |
150 | } | |
151 | ||
145 | 152 | // sign the request |
146 | 153 | CertificateRequest req = reqbuilder.signedRequest(key); |
147 | 154 | |
148 | 155 | return req; |
149 | 156 | } |
150 | 157 | |
151 | static void setCertOptions(CertificateBuilder *builder, bool constrains, bool cansign, const QByteArray &serial = RandomGenerator::getPositiveBytes(16)) | |
158 | static void setCertOptions(CertificateBuilder *builder, bool constrains, bool cansign, const CertificateRequest &req = CertificateRequest(), const QByteArray &serial = RandomGenerator::getPositiveBytes(16)) | |
152 | 159 | { |
153 | 160 | // set common options |
154 | 161 | builder->setVersion(3); |
155 | 162 | builder->setSerial(serial); |
156 | 163 | builder->setActivationTime(QDateTime::currentDateTimeUtc()); |
157 | builder->setExpirationTime(QDateTime::currentDateTimeUtc().addYears(10)); | |
164 | builder->setExpirationTime(QDateTime::currentDateTimeUtc().addYears(1)); | |
158 | 165 | CertificateBuilder::KeyUsageFlags flags = CertificateBuilder::UsageKeyEncipherment | CertificateBuilder::UsageDigitalSignature; |
159 | 166 | if (cansign) |
160 | 167 | flags |= CertificateBuilder::UsageKeyCertSign; |
162 | 169 | builder->addKeyPurpose(CertificateBuilder::PurposeWebServer); |
163 | 170 | builder->addKeyPurpose(CertificateBuilder::PurposeWebClient); |
164 | 171 | builder->addSubjectKeyIdentifier(); |
172 | builder->copyRequestExtensions(req); | |
165 | 173 | |
166 | 174 | builder->setBasicConstraints(constrains); |
167 | 175 | } |
184 | 192 | CertificateBuilder builder; |
185 | 193 | builder.setRequest(req); |
186 | 194 | |
187 | setCertOptions(&builder, false, false); | |
195 | setCertOptions(&builder, false, false, req); | |
188 | 196 | |
189 | 197 | XSslCertificate cert = builder.signedCertificate(key); |
190 | 198 | |
212 | 220 | |
213 | 221 | QStringList serialInfo = basecert.subjectInfo(XSslCertificate::SerialNumber); |
214 | 222 | if (serialInfo.isEmpty()) { |
215 | setCertOptions(&builder, false, false); | |
223 | setCertOptions(&builder, false, false, req); | |
216 | 224 | } else { |
217 | setCertOptions(&builder, false, false, serialInfo.first().toLocal8Bit()); | |
225 | setCertOptions(&builder, false, false, req, serialInfo.first().toLocal8Bit()); | |
218 | 226 | } |
219 | 227 | |
220 | 228 | XSslCertificate cert = builder.signedCertificate(key); |
233 | 241 | CertificateBuilder leafbuilder; |
234 | 242 | leafbuilder.setRequest(leafreq); |
235 | 243 | |
236 | setCertOptions(&leafbuilder, false, false); | |
244 | setCertOptions(&leafbuilder, false, false, leafreq); | |
237 | 245 | |
238 | 246 | leafbuilder.addAuthorityKeyIdentifier(cacert); |
239 | 247 | |
258 | 266 | |
259 | 267 | QStringList serialInfo = basecert.subjectInfo(XSslCertificate::SerialNumber); |
260 | 268 | if (serialInfo.isEmpty()) { |
261 | setCertOptions(&leafbuilder, false, false); | |
269 | setCertOptions(&leafbuilder, false, false, leafreq); | |
262 | 270 | } else { |
263 | setCertOptions(&leafbuilder, false, false, serialInfo.first().toLocal8Bit()); | |
271 | setCertOptions(&leafbuilder, false, false, leafreq, serialInfo.first().toLocal8Bit()); | |
264 | 272 | } |
265 | 273 | |
266 | 274 | leafbuilder.addAuthorityKeyIdentifier(cacert); |
285 | 293 | CertificateBuilder interbuilder; |
286 | 294 | interbuilder.setRequest(interreq); |
287 | 295 | |
288 | setCertOptions(&interbuilder, true, true); | |
296 | setCertOptions(&interbuilder, true, true, interreq); | |
289 | 297 | |
290 | 298 | interbuilder.copyRequestExtensions(interreq); |
291 | 299 | interbuilder.addAuthorityKeyIdentifier(cacert); |
300 | 308 | CertificateBuilder leafbuilder; |
301 | 309 | leafbuilder.setRequest(leafreq); |
302 | 310 | |
303 | setCertOptions(&leafbuilder, false, false); | |
311 | setCertOptions(&leafbuilder, false, false, leafreq); | |
304 | 312 | |
305 | 313 | leafbuilder.copyRequestExtensions(leafreq); |
306 | 314 | leafbuilder.addAuthorityKeyIdentifier(intercert); |
11 | 11 | |
12 | 12 | } |
13 | 13 | |
14 | const SslCheckReport SslCheckSocketErrors::doCheck(const ClientInfo &client) const | |
14 | const SslCheckReport SslCheckSocketErrors::doCheck(const ClientInfo *client) const | |
15 | 15 | { |
16 | 16 | SslCheckReport rep; |
17 | 17 | |
18 | 18 | // the errors here should not appear during regular communication |
19 | 19 | // the rest is fine and are important for other checks |
20 | if (client.socketErrors().contains(QAbstractSocket::ConnectionRefusedError) | |
21 | || client.socketErrors().contains(QAbstractSocket::HostNotFoundError) | |
22 | || client.socketErrors().contains(QAbstractSocket::SocketAccessError) | |
23 | || client.socketErrors().contains(QAbstractSocket::SocketResourceError) | |
24 | || client.socketErrors().contains(QAbstractSocket::DatagramTooLargeError) | |
25 | || client.socketErrors().contains(QAbstractSocket::NetworkError) | |
26 | || client.socketErrors().contains(QAbstractSocket::AddressInUseError) | |
27 | || client.socketErrors().contains(QAbstractSocket::SocketAddressNotAvailableError) | |
28 | || client.socketErrors().contains(QAbstractSocket::UnsupportedSocketOperationError) | |
29 | || client.socketErrors().contains(QAbstractSocket::UnfinishedSocketOperationError) | |
30 | || client.socketErrors().contains(QAbstractSocket::ProxyAuthenticationRequiredError) | |
31 | || client.socketErrors().contains(QAbstractSocket::ProxyConnectionRefusedError) | |
32 | || client.socketErrors().contains(QAbstractSocket::ProxyConnectionClosedError) | |
33 | || client.socketErrors().contains(QAbstractSocket::ProxyConnectionTimeoutError) | |
34 | || client.socketErrors().contains(QAbstractSocket::ProxyNotFoundError) | |
35 | || client.socketErrors().contains(QAbstractSocket::ProxyProtocolError) | |
36 | || client.socketErrors().contains(QAbstractSocket::OperationError) | |
37 | || client.socketErrors().contains(QAbstractSocket::TemporaryError)) { | |
20 | if (client->socketErrors().contains(QAbstractSocket::ConnectionRefusedError) | |
21 | || client->socketErrors().contains(QAbstractSocket::HostNotFoundError) | |
22 | || client->socketErrors().contains(QAbstractSocket::SocketAccessError) | |
23 | || client->socketErrors().contains(QAbstractSocket::SocketResourceError) | |
24 | || client->socketErrors().contains(QAbstractSocket::DatagramTooLargeError) | |
25 | || client->socketErrors().contains(QAbstractSocket::NetworkError) | |
26 | || client->socketErrors().contains(QAbstractSocket::AddressInUseError) | |
27 | || client->socketErrors().contains(QAbstractSocket::SocketAddressNotAvailableError) | |
28 | || client->socketErrors().contains(QAbstractSocket::UnsupportedSocketOperationError) | |
29 | || client->socketErrors().contains(QAbstractSocket::UnfinishedSocketOperationError) | |
30 | || client->socketErrors().contains(QAbstractSocket::ProxyAuthenticationRequiredError) | |
31 | || client->socketErrors().contains(QAbstractSocket::ProxyConnectionRefusedError) | |
32 | || client->socketErrors().contains(QAbstractSocket::ProxyConnectionClosedError) | |
33 | || client->socketErrors().contains(QAbstractSocket::ProxyConnectionTimeoutError) | |
34 | || client->socketErrors().contains(QAbstractSocket::ProxyNotFoundError) | |
35 | || client->socketErrors().contains(QAbstractSocket::ProxyProtocolError) | |
36 | || client->socketErrors().contains(QAbstractSocket::OperationError) | |
37 | || client->socketErrors().contains(QAbstractSocket::TemporaryError)) { | |
38 | 38 | rep.report = QString("socket/network error occuried"); |
39 | 39 | rep.suggestedTestResult = SslTestResult::Undefined; |
40 | 40 | rep.comment = QString("socket error"); |
41 | 41 | rep.isPassed = false; |
42 | 42 | return rep; |
43 | } else if (client.socketErrors().contains(QAbstractSocket::UnknownSocketError)) { | |
43 | } else if (client->socketErrors().contains(QAbstractSocket::UnknownSocketError)) { | |
44 | 44 | rep.report = QString("unknown socket error occuried"); |
45 | 45 | rep.suggestedTestResult = SslTestResult::Undefined; |
46 | 46 | rep.comment = QString("socket error"); |
55 | 55 | return rep; |
56 | 56 | } |
57 | 57 | |
58 | const SslCheckReport SslCheckNoData::doCheck(const ClientInfo &client) const | |
59 | { | |
60 | SslCheckReport rep; | |
61 | ||
62 | if ((client.rawDataRecv().size() == 0) | |
63 | && !client.socketErrors().contains(QAbstractSocket::RemoteHostClosedError) | |
64 | && client.socketErrors().contains(QAbstractSocket::SocketTimeoutError)) { | |
58 | const SslCheckReport SslCheckNoData::doCheck(const ClientInfo *client) const | |
59 | { | |
60 | SslCheckReport rep; | |
61 | ||
62 | if ((client->rawDataRecv().size() == 0) | |
63 | && !client->socketErrors().contains(QAbstractSocket::RemoteHostClosedError) | |
64 | && client->socketErrors().contains(QAbstractSocket::SocketTimeoutError)) { | |
65 | 65 | rep.report = QString("no data was transmitted before timeout expired"); |
66 | 66 | rep.suggestedTestResult = SslTestResult::Undefined; |
67 | 67 | rep.comment = QString("broken client"); |
69 | 69 | return rep; |
70 | 70 | } |
71 | 71 | |
72 | if ((client.rawDataRecv().size() == 0) | |
73 | && client.socketErrors().contains(QAbstractSocket::RemoteHostClosedError) | |
74 | && !client.socketErrors().contains(QAbstractSocket::SocketTimeoutError)) { | |
72 | if ((client->rawDataRecv().size() == 0) | |
73 | && client->socketErrors().contains(QAbstractSocket::RemoteHostClosedError) | |
74 | && !client->socketErrors().contains(QAbstractSocket::SocketTimeoutError)) { | |
75 | 75 | rep.report = QString("client closed the connection without transmitting any data"); |
76 | 76 | rep.suggestedTestResult = SslTestResult::Undefined; |
77 | 77 | rep.comment = QString("broken client"); |
79 | 79 | return rep; |
80 | 80 | } |
81 | 81 | |
82 | if (client.rawDataRecv().size() > 0) { | |
82 | if (client->rawDataRecv().size() > 0) { | |
83 | 83 | rep.report = QString(""); |
84 | 84 | rep.suggestedTestResult = SslTestResult::Undefined; |
85 | 85 | rep.comment = QString(""); |
94 | 94 | return rep; |
95 | 95 | } |
96 | 96 | |
97 | const SslCheckReport SslCheckNonSslData::doCheck(const ClientInfo &client) const | |
98 | { | |
99 | SslCheckReport rep; | |
100 | ||
101 | if (client.hasHelloMessage()) { | |
97 | const SslCheckReport SslCheckNonSslData::doCheck(const ClientInfo *client) const | |
98 | { | |
99 | SslCheckReport rep; | |
100 | ||
101 | if (client->hasHelloMessage()) { | |
102 | 102 | rep.report = QString(""); |
103 | 103 | rep.suggestedTestResult = SslTestResult::Undefined; |
104 | 104 | rep.comment = QString(""); |
106 | 106 | return rep; |
107 | 107 | } |
108 | 108 | |
109 | if ((client.rawDataRecv().size() > 0) | |
110 | && !client.hasHelloMessage() | |
111 | && ((client.sslErrorsStr().filter(QString("SSL23_GET_CLIENT_HELLO:http request")).size() > 0) | |
112 | || (client.sslErrorsStr().filter(QString("SSL23_GET_CLIENT_HELLO:unknown protocol")).size() > 0))) { | |
109 | if ((client->rawDataRecv().size() > 0) | |
110 | && !client->hasHelloMessage() | |
111 | && ((client->sslErrorsStr().filter(QString("SSL23_GET_CLIENT_HELLO:http request")).size() > 0) | |
112 | || (client->sslErrorsStr().filter(QString("SSL23_GET_CLIENT_HELLO:unknown protocol")).size() > 0))) { | |
113 | 113 | rep.report = QString("%1 bytes of unexpected protocol were received before the connection was closed") |
114 | .arg(client.rawDataRecv().size()); | |
115 | rep.suggestedTestResult = SslTestResult::Undefined; | |
116 | rep.comment = QString("broken client"); | |
117 | rep.isPassed = false; | |
118 | return rep; | |
119 | } | |
120 | ||
121 | if ((client.rawDataRecv().size() > 0) | |
122 | && !client.hasHelloMessage() | |
123 | && client.socketErrors().contains(QAbstractSocket::RemoteHostClosedError) | |
124 | && !client.socketErrors().contains(QAbstractSocket::SocketTimeoutError)) { | |
114 | .arg(client->rawDataRecv().size()); | |
115 | rep.suggestedTestResult = SslTestResult::Undefined; | |
116 | rep.comment = QString("broken client"); | |
117 | rep.isPassed = false; | |
118 | return rep; | |
119 | } | |
120 | ||
121 | if ((client->rawDataRecv().size() > 0) | |
122 | && !client->hasHelloMessage() | |
123 | && client->socketErrors().contains(QAbstractSocket::RemoteHostClosedError) | |
124 | && !client->socketErrors().contains(QAbstractSocket::SocketTimeoutError)) { | |
125 | 125 | rep.report = QString("%1 non-SSL bytes were received before client closed the connection") |
126 | .arg(client.rawDataRecv().size()); | |
127 | rep.suggestedTestResult = SslTestResult::Undefined; | |
128 | rep.comment = QString("broken client"); | |
129 | rep.isPassed = false; | |
130 | return rep; | |
131 | } | |
132 | ||
133 | if ((client.rawDataRecv().size() > 0) | |
134 | && !client.hasHelloMessage() | |
135 | && !client.socketErrors().contains(QAbstractSocket::RemoteHostClosedError) | |
136 | && client.socketErrors().contains(QAbstractSocket::SocketTimeoutError)) { | |
126 | .arg(client->rawDataRecv().size()); | |
127 | rep.suggestedTestResult = SslTestResult::Undefined; | |
128 | rep.comment = QString("broken client"); | |
129 | rep.isPassed = false; | |
130 | return rep; | |
131 | } | |
132 | ||
133 | if ((client->rawDataRecv().size() > 0) | |
134 | && !client->hasHelloMessage() | |
135 | && !client->socketErrors().contains(QAbstractSocket::RemoteHostClosedError) | |
136 | && client->socketErrors().contains(QAbstractSocket::SocketTimeoutError)) { | |
137 | 137 | rep.report = QString("%1 non-SSL bytes were received before timeout expired") |
138 | .arg(client.rawDataRecv().size()); | |
138 | .arg(client->rawDataRecv().size()); | |
139 | 139 | rep.suggestedTestResult = SslTestResult::Undefined; |
140 | 140 | rep.comment = QString("broken client"); |
141 | 141 | rep.isPassed = false; |
143 | 143 | } |
144 | 144 | |
145 | 145 | rep.report = QString("%1 bytes were received, however, unexpected set of other errors observed") |
146 | .arg(client.rawDataRecv().size()); | |
146 | .arg(client->rawDataRecv().size()); | |
147 | 147 | rep.suggestedTestResult = SslTestResult::Undefined; |
148 | 148 | rep.comment = QString("broken client"); |
149 | 149 | rep.isPassed = false; |
150 | 150 | return rep; |
151 | 151 | } |
152 | 152 | |
153 | const SslCheckReport SslCheckInvalidSsl::doCheck(const ClientInfo &client) const | |
154 | { | |
155 | SslCheckReport rep; | |
156 | ||
157 | if (client.hasHelloMessage() | |
158 | && !client.sslConnectionEstablished() | |
153 | const SslCheckReport SslCheckInvalidSsl::doCheck(const ClientInfo *client) const | |
154 | { | |
155 | SslCheckReport rep; | |
156 | ||
157 | if (client->hasHelloMessage() | |
158 | && !client->sslConnectionEstablished() | |
159 | 159 | // specifically checking that there are no SSL-related errors |
160 | && (((client.sslErrorsStr().size() == 1) && client.sslErrorsStr().contains("Network operation timed out")) | |
161 | || (client.sslErrorsStr().size() == 0))) { | |
160 | && (((client->sslErrorsStr().size() == 1) && client->sslErrorsStr().contains("Network operation timed out")) | |
161 | || (client->sslErrorsStr().size() == 0))) { | |
162 | 162 | // client sent HELLO, but as SSL errors list is empty and encrypted connection |
163 | 163 | // was not established, something went wrong in the middle of handshake |
164 | 164 | // thus, consider client as non-SSL |
176 | 176 | return rep; |
177 | 177 | } |
178 | 178 | |
179 | const SslCheckReport SslCheckForGenericSslErrors::doCheck(const ClientInfo &client) const | |
180 | { | |
181 | SslCheckReport rep; | |
182 | ||
183 | if (client.socketErrors().contains(QAbstractSocket::SslInternalError) | |
184 | || client.socketErrors().contains(QAbstractSocket::SslInvalidUserDataError)) { | |
179 | const SslCheckReport SslCheckForGenericSslErrors::doCheck(const ClientInfo *client) const | |
180 | { | |
181 | SslCheckReport rep; | |
182 | ||
183 | if (client->socketErrors().contains(QAbstractSocket::SslInternalError) | |
184 | || client->socketErrors().contains(QAbstractSocket::SslInvalidUserDataError)) { | |
185 | 185 | // somehow Firefox triggers SslInternalError when refusing the proposed certificate |
186 | 186 | // checking it here |
187 | if (client.socketErrors().contains(QAbstractSocket::SslInternalError)) { | |
188 | int idx = client.socketErrors().indexOf(QAbstractSocket::SslInternalError); | |
189 | if ((client.sslErrorsStr().at(idx).contains("alert bad certificate")) | |
190 | || (client.sslErrorsStr().at(idx).contains("alert unknown ca"))) { | |
187 | if (client->socketErrors().contains(QAbstractSocket::SslInternalError)) { | |
188 | int idx = client->socketErrors().indexOf(QAbstractSocket::SslInternalError); | |
189 | if ((client->sslErrorsStr().at(idx).contains("alert bad certificate")) | |
190 | || (client->sslErrorsStr().at(idx).contains("alert unknown ca"))) { | |
191 | 191 | rep.report = QString(""); |
192 | 192 | rep.suggestedTestResult = SslTestResult::Undefined; |
193 | 193 | rep.comment = QString(""); |
202 | 202 | return rep; |
203 | 203 | } |
204 | 204 | |
205 | if (!client.sslConnectionEstablished() | |
206 | && (client.socketErrors().contains(QAbstractSocket::SslHandshakeFailedError) | |
207 | && ((client.sslErrorsStr().filter(QString("SSL23_GET_CLIENT_HELLO:unknown protocol")).size() > 0) | |
208 | || (client.sslErrorsStr().filter(QString("ssl3_get_client_hello:wrong version number")).size() > 0)))) { | |
205 | if (!client->sslConnectionEstablished() | |
206 | && (client->socketErrors().contains(QAbstractSocket::SslHandshakeFailedError) | |
207 | && ((client->sslErrorsStr().filter(QString("SSL23_GET_CLIENT_HELLO:unknown protocol")).size() > 0) | |
208 | || (client->sslErrorsStr().filter(QString("ssl3_get_client_hello:wrong version number")).size() > 0)))) { | |
209 | 209 | rep.report = QString("secure connection was not established, %1 bytes of unsupported TLS/SSL protocol were received before the connection was closed") |
210 | .arg(client.rawDataRecv().size()); | |
210 | .arg(client->rawDataRecv().size()); | |
211 | 211 | rep.suggestedTestResult = SslTestResult::Undefined; |
212 | 212 | rep.comment = QString("client proposed unsupported TLS/SSL protocol"); |
213 | 213 | rep.isPassed = false; |
221 | 221 | return rep; |
222 | 222 | } |
223 | 223 | |
224 | const SslCheckReport SslCheckConnectionEstablished::doCheck(const ClientInfo &client) const | |
225 | { | |
226 | SslCheckReport rep; | |
227 | ||
228 | if (client.sslConnectionEstablished() | |
229 | && (client.interceptedData().size() > 0)) { | |
224 | const SslCheckReport SslCheckConnectionEstablished::doCheck(const ClientInfo *client) const | |
225 | { | |
226 | SslCheckReport rep; | |
227 | ||
228 | if (client->sslConnectionEstablished() | |
229 | && (client->interceptedData().size() > 0)) { | |
230 | 230 | rep.report = QString("test failed, client accepted fake certificate, data was intercepted"); |
231 | 231 | rep.suggestedTestResult = SslTestResult::DataIntercepted; |
232 | 232 | rep.comment = QString("mitm possible"); |
234 | 234 | return rep; |
235 | 235 | } |
236 | 236 | |
237 | if (client.sslConnectionEstablished() | |
238 | && (client.interceptedData().size() == 0) | |
239 | && ((client.dtlsMode() && !client.dtlsErrors().contains(XDtlsError::RemoteClosedConnectionError)) | |
240 | || (!client.dtlsMode() && !client.socketErrors().contains(QAbstractSocket::RemoteHostClosedError)))) { | |
237 | if (client->sslConnectionEstablished() | |
238 | && (client->interceptedData().size() == 0) | |
239 | && ((client->dtlsMode() && !client->dtlsErrors().contains(XDtlsError::RemoteClosedConnectionError)) | |
240 | || (!client->dtlsMode() && !client->socketErrors().contains(QAbstractSocket::RemoteHostClosedError)))) { | |
241 | 241 | rep.report = QString("test failed, client accepted fake certificate, but no data transmitted"); |
242 | 242 | rep.suggestedTestResult = SslTestResult::CertAccepted; |
243 | 243 | rep.comment = QString("mitm possible"); |
246 | 246 | } |
247 | 247 | |
248 | 248 | // this is a controversion situation |
249 | if (client.sslConnectionEstablished() | |
250 | && (client.interceptedData().size() == 0) | |
251 | && ((client.dtlsMode() && client.dtlsErrors().contains(XDtlsError::RemoteClosedConnectionError)) | |
252 | || (!client.dtlsMode() && client.socketErrors().contains(QAbstractSocket::RemoteHostClosedError)))) { | |
249 | if (client->sslConnectionEstablished() | |
250 | && (client->interceptedData().size() == 0) | |
251 | && ((client->dtlsMode() && client->dtlsErrors().contains(XDtlsError::RemoteClosedConnectionError)) | |
252 | || (!client->dtlsMode() && client->socketErrors().contains(QAbstractSocket::RemoteHostClosedError)))) { | |
253 | 253 | rep.report = QString("test result not clear, client established TLS session but disconnected without data transmission and explicit error message"); |
254 | 254 | rep.suggestedTestResult = SslTestResult::Undefined; |
255 | 255 | rep.comment = QString("consider PASSED for clients which send data on the first connection. other clients test with complete MitM setup (see --forward)"); |
257 | 257 | return rep; |
258 | 258 | } |
259 | 259 | |
260 | if (client.sslConnectionEstablished()) { | |
260 | if (client->sslConnectionEstablished()) { | |
261 | 261 | rep.report = QString("unhandled case! please report it to developers!"); |
262 | 262 | rep.suggestedTestResult = SslTestResult::UnhandledCase; |
263 | 263 | rep.comment = QString("report this to developers"); |
272 | 272 | return rep; |
273 | 273 | } |
274 | 274 | |
275 | const SslCheckReport SslCheckCertificateRefused::doCheck(const ClientInfo &client) const | |
275 | const SslCheckReport SslCheckCertificateRefused::doCheck(const ClientInfo *client) const | |
276 | 276 | { |
277 | 277 | SslCheckReport rep; |
278 | 278 | |
279 | 279 | rep.suggestedTestResult = SslTestResult::Success; |
280 | 280 | rep.isPassed = true; |
281 | 281 | |
282 | if (!client.sslConnectionEstablished() | |
283 | && (client.dtlsMode() || (!client.dtlsMode() && client.socketErrors().contains(QAbstractSocket::SslHandshakeFailedError))) | |
284 | && ((client.sslErrorsStr().filter(QString("certificate unknown")).size() > 0) | |
285 | || (client.sslErrorsStr().filter(QString("unknown ca")).size() > 0) | |
286 | || (client.sslErrorsStr().filter(QString("bad certificate")).size() > 0))) { | |
282 | if (!client->sslConnectionEstablished() | |
283 | && (client->dtlsMode() || (!client->dtlsMode() && client->socketErrors().contains(QAbstractSocket::SslHandshakeFailedError))) | |
284 | && ((client->sslErrorsStr().filter(QString("certificate unknown")).size() > 0) | |
285 | || (client->sslErrorsStr().filter(QString("unknown ca")).size() > 0) | |
286 | || (client->sslErrorsStr().filter(QString("bad certificate")).size() > 0))) { | |
287 | 287 | rep.report = QString("client accepted our protocol but explicitly refused our certificate"); |
288 | 288 | rep.suggestedTestResult = SslTestResult::ProtoAcceptedWithErr; |
289 | 289 | rep.comment = QString(""); |
294 | 294 | return rep; |
295 | 295 | } |
296 | 296 | |
297 | const SslCheckReport SslCheckHttpsClient::doCheck(const ClientInfo &client) const | |
298 | { | |
299 | SslCheckReport rep; | |
300 | ||
301 | if (client.hasHelloMessage() | |
302 | && (client.tlsHelloInfo.hnd_hello.alpn.contains(QByteArray("h2")) | |
303 | || client.tlsHelloInfo.hnd_hello.alpn.contains(QByteArray("http/1.1")))) { | |
297 | const SslCheckReport SslCheckNoSharedCipher::doCheck(const ClientInfo *client) const | |
298 | { | |
299 | SslCheckReport rep; | |
300 | ||
301 | rep.suggestedTestResult = SslTestResult::Success; | |
302 | rep.isPassed = true; | |
303 | ||
304 | if (!client->sslConnectionEstablished() | |
305 | && (client->sslErrorsStr().filter(QString("no shared cipher")).size() > 0)) { | |
306 | rep.report = QString("client accepted our protocol but explicitly refused our ciphers"); | |
307 | rep.suggestedTestResult = SslTestResult::Undefined; | |
308 | rep.comment = QString(""); | |
309 | rep.isPassed = false; | |
310 | return rep; | |
311 | } | |
312 | ||
313 | return rep; | |
314 | } | |
315 | ||
316 | const SslCheckReport SslCheckHttpsClient::doCheck(const ClientInfo *client) const | |
317 | { | |
318 | SslCheckReport rep; | |
319 | ||
320 | if (client->hasHelloMessage() | |
321 | && (client->tlsHelloInfo.hnd_hello.alpn.contains(QByteArray("h2")) | |
322 | || client->tlsHelloInfo.hnd_hello.alpn.contains(QByteArray("http/1.1")))) { | |
304 | 323 | rep.report = QString("client identifies itself as HTTPS client"); |
305 | 324 | rep.suggestedTestResult = SslTestResult::Success; |
306 | 325 | rep.comment = QString(""); |
308 | 327 | return rep; |
309 | 328 | } |
310 | 329 | |
311 | if (client.hasHelloMessage() | |
312 | && client.tlsHelloInfo.hnd_hello.alpn.isEmpty()) { | |
313 | rep.report = QString("client does not explitictly defines expected protocol"); | |
330 | if (client->hasHelloMessage() | |
331 | && client->tlsHelloInfo.hnd_hello.alpn.isEmpty()) { | |
332 | rep.report = QString("client does not explitictly define application layer protocol"); | |
314 | 333 | rep.suggestedTestResult = SslTestResult::Undefined; |
315 | 334 | rep.comment = QString(""); |
316 | 335 | rep.isPassed = false; |
11 | 11 | SslCheckForGenericSslErrors, |
12 | 12 | SslCheckConnectionEstablished, |
13 | 13 | SslCheckCertificateRefused, |
14 | SslCheckNoSharedCipher, | |
14 | 15 | SslCheckHttpsClient, |
15 | 16 | }; |
16 | 17 | |
40 | 41 | virtual ~SslCheck(); |
41 | 42 | |
42 | 43 | const SslCheckInfo getInfo() { return info; } |
43 | virtual const SslCheckReport doCheck(const ClientInfo &client) const = 0; | |
44 | virtual const SslCheckReport doCheck(const ClientInfo *client) const = 0; | |
44 | 45 | |
45 | 46 | protected: |
46 | 47 | SslCheckInfo info; |
53 | 54 | info.id = SslCheckId::SslCheckSocketErrors; |
54 | 55 | info.descr = QString("check if there are any errors reported by network socket"); |
55 | 56 | } |
56 | const SslCheckReport doCheck(const ClientInfo &client) const; | |
57 | const SslCheckReport doCheck(const ClientInfo *client) const; | |
57 | 58 | }; |
58 | 59 | |
59 | 60 | class SslCheckNoData : public SslCheck |
63 | 64 | info.id = SslCheckId::SslCheckNoData; |
64 | 65 | info.descr = QString("check if no data was transmitted"); |
65 | 66 | } |
66 | const SslCheckReport doCheck(const ClientInfo &client) const; | |
67 | const SslCheckReport doCheck(const ClientInfo *client) const; | |
67 | 68 | }; |
68 | 69 | |
69 | 70 | class SslCheckNonSslData : public SslCheck |
73 | 74 | info.id = SslCheckId::SslCheckNonSslData; |
74 | 75 | info.descr = QString("check if data transmitted does not have valid HELLO message"); |
75 | 76 | } |
76 | const SslCheckReport doCheck(const ClientInfo &client) const; | |
77 | const SslCheckReport doCheck(const ClientInfo *client) const; | |
77 | 78 | }; |
78 | 79 | |
79 | 80 | class SslCheckInvalidSsl : public SslCheck |
83 | 84 | info.id = SslCheckId::SslCheckInvalidSsl; |
84 | 85 | info.descr = QString("check if the client is non-SSL or is broken in another way"); |
85 | 86 | } |
86 | const SslCheckReport doCheck(const ClientInfo &client) const; | |
87 | const SslCheckReport doCheck(const ClientInfo *client) const; | |
87 | 88 | }; |
88 | 89 | |
89 | 90 | class SslCheckForGenericSslErrors : public SslCheck |
93 | 94 | info.id = SslCheckId::SslCheckForGenericSslErrors; |
94 | 95 | info.descr = QString("check if there are generic SSL errors during handshake"); |
95 | 96 | } |
96 | const SslCheckReport doCheck(const ClientInfo &client) const; | |
97 | const SslCheckReport doCheck(const ClientInfo *client) const; | |
97 | 98 | }; |
98 | 99 | |
99 | 100 | class SslCheckConnectionEstablished : public SslCheck |
103 | 104 | info.id = SslCheckId::SslCheckConnectionEstablished; |
104 | 105 | info.descr = QString("check if SSL connection was established"); |
105 | 106 | } |
106 | const SslCheckReport doCheck(const ClientInfo &client) const; | |
107 | const SslCheckReport doCheck(const ClientInfo *client) const; | |
107 | 108 | }; |
108 | 109 | |
109 | 110 | class SslCheckCertificateRefused : public SslCheck |
113 | 114 | info.id = SslCheckId::SslCheckCertificateRefused; |
114 | 115 | info.descr = QString("check if client explicitly refused server certificate"); |
115 | 116 | } |
116 | const SslCheckReport doCheck(const ClientInfo &client) const; | |
117 | const SslCheckReport doCheck(const ClientInfo *client) const; | |
118 | }; | |
119 | ||
120 | class SslCheckNoSharedCipher : public SslCheck | |
121 | { | |
122 | public: | |
123 | SslCheckNoSharedCipher() { | |
124 | info.id = SslCheckId::SslCheckNoSharedCipher; | |
125 | info.descr = QString("check if client did not accept any of server ciphers"); | |
126 | } | |
127 | const SslCheckReport doCheck(const ClientInfo *client) const; | |
117 | 128 | }; |
118 | 129 | |
119 | 130 | class SslCheckHttpsClient : public SslCheck |
123 | 134 | info.id = SslCheckId::SslCheckHttpsClient; |
124 | 135 | info.descr = QString("check if client identifies itself as HTTPS one"); |
125 | 136 | } |
126 | const SslCheckReport doCheck(const ClientInfo &client) const; | |
137 | const SslCheckReport doCheck(const ClientInfo *client) const; | |
127 | 138 | }; |
128 | 139 | |
129 | 140 | #endif // SSLCHECK_H |
5 | 5 | #include "dtlsserver.h" |
6 | 6 | |
7 | 7 | |
8 | SslServer::SslServer(const SslUserSettings &settings, | |
8 | SslServer::SslServer(const SslUserSettings *settings, | |
9 | 9 | QList<XSslCertificate> localCert, |
10 | 10 | XSslKey privateKey, |
11 | 11 | XSsl::SslProtocol sslProtocol, |
12 | 12 | QList<XSslCipher> sslCiphers, |
13 | 13 | QObject *parent) : QObject(parent) |
14 | 14 | { |
15 | m_listenAddress = settings.getListenAddress(); | |
16 | m_listenPort = settings.getListenPort(); | |
17 | m_dtlsMode = settings.getUseDtls(); | |
15 | m_listenAddress = settings->getListenAddress(); | |
16 | m_listenPort = settings->getListenPort(); | |
17 | m_dtlsMode = settings->getUseDtls(); | |
18 | 18 | |
19 | 19 | tcpsServer = nullptr; |
20 | 20 | dtlsServer = nullptr; |
28 | 28 | connect(tcpsServer, &TcpsServer::rawDataCollected, this, &SslServer::rawDataCollected); |
29 | 29 | connect(tcpsServer, &TcpsServer::sslHandshakeFinished, this, &SslServer::sslHandshakeFinished); |
30 | 30 | connect(tcpsServer, &TcpsServer::peerVerifyError, this, &SslServer::peerVerifyError); |
31 | ||
32 | connect(tcpsServer, &TcpsServer::newConnection, this, &SslServer::handleIncomingConnection); | |
33 | ||
31 | 34 | connect(tcpsServer, &TcpsServer::newPeer, this, &SslServer::newPeer); |
35 | ||
36 | connect(tcpsServer, &TcpsServer::sessionFinished, this, &SslServer::handleSessionFinished); | |
32 | 37 | } else { |
33 | 38 | dtlsServer = new DtlsServer(settings, localCert, privateKey, sslProtocol, sslCiphers, this); |
34 | 39 | |
36 | 41 | connect(dtlsServer, &DtlsServer::dtlsHandshakeError, this, &SslServer::dtlsHandshakeError, Qt::DirectConnection); |
37 | 42 | connect(dtlsServer, &DtlsServer::dataIntercepted, this, &SslServer::dataIntercepted, Qt::DirectConnection); |
38 | 43 | connect(dtlsServer, &DtlsServer::sslHandshakeFinished, this, &SslServer::sslHandshakeFinished, Qt::DirectConnection); |
44 | connect(dtlsServer, &DtlsServer::rawDataCollected, this, &SslServer::rawDataCollected, Qt::DirectConnection); | |
45 | ||
46 | connect(dtlsServer, &DtlsServer::newConnection, this, &SslServer::handleIncomingConnection); | |
47 | ||
39 | 48 | connect(dtlsServer, &DtlsServer::newPeer, this, &SslServer::newPeer, Qt::DirectConnection); |
40 | connect(dtlsServer, &DtlsServer::rawDataCollected, this, &SslServer::rawDataCollected, Qt::DirectConnection); | |
49 | ||
50 | connect(dtlsServer, &DtlsServer::sessionFinished, this, &SslServer::handleSessionFinished); | |
41 | 51 | } |
42 | 52 | } |
43 | 53 | |
44 | 54 | SslServer::~SslServer() |
45 | 55 | { |
46 | if (tcpsServer) { | |
47 | tcpsServer->close(); | |
48 | delete tcpsServer; | |
49 | } | |
50 | if (dtlsServer) { | |
51 | dtlsServer->close(); | |
52 | delete dtlsServer; | |
53 | } | |
56 | if (tcpsServer) | |
57 | tcpsServer->deleteLater(); | |
58 | if (dtlsServer) | |
59 | dtlsServer->deleteLater(); | |
54 | 60 | } |
55 | 61 | |
56 | 62 | bool SslServer::listen() |
69 | 75 | |
70 | 76 | VERBOSE(QString("listening on %1:%2").arg(m_listenAddress.toString()).arg(m_listenPort)); |
71 | 77 | return true; |
72 | } | |
73 | ||
74 | bool SslServer::waitForClient() | |
75 | { | |
76 | if (!m_dtlsMode) { | |
77 | return tcpsServer->waitForNewConnection(-1); | |
78 | } else { | |
79 | return dtlsServer->waitForNewClient(); | |
80 | } | |
81 | 78 | } |
82 | 79 | |
83 | 80 | void SslServer::handleIncomingConnection() |
114 | 111 | } |
115 | 112 | return QString(""); |
116 | 113 | } |
114 | ||
115 | void SslServer::handleSessionFinished() | |
116 | { | |
117 | if (!m_dtlsMode) { | |
118 | tcpsServer->close(); | |
119 | } else { | |
120 | dtlsServer->close(); | |
121 | } | |
122 | ||
123 | emit sessionFinished(); | |
124 | } | |
125 | ||
126 | void SslServer::handleSigInt() | |
127 | { | |
128 | // we handle SIGINT only to break forwarding process gracefully | |
129 | // in case we are not in forwarding state, just exit | |
130 | if (!m_dtlsMode) { | |
131 | if (!tcpsServer->isForwarding()) | |
132 | exit(0); | |
133 | tcpsServer->handleSigInt(); | |
134 | } else { | |
135 | if (!dtlsServer->isForwarding()) | |
136 | exit(0); | |
137 | dtlsServer->handleSigInt(); | |
138 | } | |
139 | } |
38 | 38 | StartTlsUnknownProtocol = -1 |
39 | 39 | }; |
40 | 40 | |
41 | SslServer(const SslUserSettings &settings, | |
41 | SslServer(const SslUserSettings *settings, | |
42 | 42 | QList<XSslCertificate> localCert, |
43 | 43 | XSslKey privateKey, |
44 | 44 | XSsl::SslProtocol sslProtocol, |
47 | 47 | ~SslServer(); |
48 | 48 | |
49 | 49 | bool listen(); |
50 | bool waitForClient(); | |
51 | void handleIncomingConnection(); | |
52 | 50 | |
53 | 51 | static QString dtlsErrorToString(XDtlsError error); |
52 | ||
53 | void handleSigInt(); | |
54 | 54 | |
55 | 55 | signals: |
56 | 56 | void sslSocketErrors(const QList<XSslError> &sslErrors, |
64 | 64 | |
65 | 65 | void dtlsHandshakeError(const XDtlsError, const QString &); |
66 | 66 | |
67 | void sessionFinished(); | |
68 | ||
67 | 69 | private: |
70 | void handleIncomingConnection(); | |
71 | void handleSessionFinished(); | |
72 | ||
68 | 73 | QHostAddress m_listenAddress; |
69 | 74 | quint16 m_listenPort; |
70 | 75 | bool m_dtlsMode; |
3 | 3 | #include "ssltests.h" |
4 | 4 | #include "ciphers.h" |
5 | 5 | #include "sslcheck.h" |
6 | #include "sslusersettings.h" | |
6 | 7 | |
7 | 8 | #ifdef UNSAFE |
8 | 9 | #include <openssl-unsafe/ssl.h> |
61 | 62 | return true; |
62 | 63 | } |
63 | 64 | |
64 | void SslCertificatesTest::calcResults(const ClientInfo client) | |
65 | void SslCertificatesTest::calcResults(const ClientInfo *client) | |
65 | 66 | { |
66 | 67 | SslCheckReport rep; |
67 | 68 | QVector<SslCheck *> checks; |
74 | 75 | checks << new SslCheckInvalidSsl(); |
75 | 76 | |
76 | 77 | checks << new SslCheckForGenericSslErrors(); |
78 | ||
79 | checks << new SslCheckNoSharedCipher(); | |
77 | 80 | |
78 | 81 | for (int i = 0; i < checks.size(); i++) { |
79 | 82 | rep = checks.at(i)->doCheck(client); |
116 | 119 | m_resultComment = QString(""); |
117 | 120 | } |
118 | 121 | |
119 | void SslProtocolsCiphersTest::calcResults(const ClientInfo client) | |
122 | void SslProtocolsCiphersTest::calcResults(const ClientInfo *client) | |
120 | 123 | { |
121 | 124 | SslCheckReport rep; |
122 | 125 | QVector<SslCheck *> checks; |
161 | 164 | m_resultComment = QString(""); |
162 | 165 | } |
163 | 166 | |
164 | bool SslProtocolsCiphersTest::prepare(const SslUserSettings &settings) | |
167 | bool SslProtocolsCiphersTest::prepare(const SslUserSettings *settings) | |
165 | 168 | { |
166 | 169 | // in case of DTLS omit protocols test for normal TLS |
167 | 170 | switch (m_id) { |
171 | 174 | case SslTestId::SslTestCiphersDtls12Exp: |
172 | 175 | case SslTestId::SslTestCiphersDtls12Low: |
173 | 176 | case SslTestId::SslTestCiphersDtls12Med: |
174 | if (!settings.getUseDtls()) | |
177 | if (!settings->getUseDtls()) | |
175 | 178 | return false; |
176 | 179 | break; |
177 | 180 | default: |
178 | if (settings.getUseDtls()) | |
181 | if (settings->getUseDtls()) | |
179 | 182 | return false; |
180 | 183 | } |
181 | 184 | |
182 | 185 | XSslKey key; |
183 | QList<XSslCertificate> chain = settings.getUserCert(); | |
186 | QList<XSslCertificate> chain = settings->getUserCert(); | |
184 | 187 | if (chain.size() != 0) { |
185 | key = settings.getUserKey(); | |
188 | key = settings->getUserKey(); | |
186 | 189 | } |
187 | 190 | |
188 | 191 | if ((chain.size() == 0) || key.isNull()) { |
189 | 192 | QString cn; |
190 | 193 | |
191 | if (settings.getUserCN().length() > 0) { | |
192 | cn = settings.getUserCN(); | |
194 | if (settings->getUserCN().length() > 0) { | |
195 | cn = settings->getUserCN(); | |
193 | 196 | } else { |
194 | 197 | cn = "www.example.com"; |
195 | 198 | } |
14 | 14 | #include <QSslConfiguration> |
15 | 15 | #endif |
16 | 16 | |
17 | #include "sslusersettings.h" | |
18 | 17 | #include "ssltestresult.h" |
19 | #include "clientinfo.h" | |
20 | 18 | |
19 | class SslUserSettings; | |
20 | class ClientInfo; | |
21 | 21 | |
22 | 22 | enum class SslTestGroup { |
23 | 23 | Certificates, |
69 | 69 | void clear(); |
70 | 70 | |
71 | 71 | // implemented by a particular tests |
72 | virtual bool prepare(const SslUserSettings &settings) = 0; | |
73 | virtual void calcResults(const ClientInfo client) = 0; | |
72 | virtual bool prepare(const SslUserSettings *settings) = 0; | |
73 | virtual void calcResults(const ClientInfo *client) = 0; | |
74 | 74 | |
75 | 75 | // test description |
76 | 76 | SslTestId id() const { return m_id; } |
132 | 132 | m_group = SslTestGroup::Certificates; |
133 | 133 | } |
134 | 134 | |
135 | virtual void calcResults(const ClientInfo client); | |
135 | virtual void calcResults(const ClientInfo *client); | |
136 | 136 | |
137 | 137 | }; |
138 | 138 | |
139 | 139 | class SslProtocolsCiphersTest : public SslTest |
140 | 140 | { |
141 | 141 | public: |
142 | virtual bool prepare(const SslUserSettings &settings); | |
143 | virtual void calcResults(const ClientInfo client); | |
142 | virtual bool prepare(const SslUserSettings *settings); | |
143 | virtual void calcResults(const ClientInfo *client); | |
144 | 144 | virtual bool setProtoAndCiphers() = 0; |
145 | 145 | protected: |
146 | 146 | bool setProtoAndSupportedCiphers(XSsl::SslProtocol proto); |
1 | 1 | #include "ssltests.h" |
2 | 2 | #include "sslcertgen.h" |
3 | 3 | #include "debug.h" |
4 | #include "sslusersettings.h" | |
4 | 5 | #include "openssl-helper.h" |
5 | 6 | #include "cve-2020-0601_poc.h" |
6 | 7 | |
59 | 60 | } |
60 | 61 | } |
61 | 62 | |
62 | bool SslTestCertCustom1::prepare(const SslUserSettings &settings) | |
63 | bool SslTestCertCustom1::prepare(const SslUserSettings *settings) | |
63 | 64 | { |
64 | 65 | // if user did not provide a certificate, do not emit error, just skip test initialization |
65 | if (settings.getUserCertPath().isEmpty()) { | |
66 | return false; | |
67 | } | |
68 | ||
69 | QList<XSslCertificate> chain = settings.getUserCert(); | |
66 | if (settings->getUserCertPath().isEmpty()) { | |
67 | return false; | |
68 | } | |
69 | ||
70 | QList<XSslCertificate> chain = settings->getUserCert(); | |
70 | 71 | if (chain.size() == 0) { |
71 | 72 | RED("can not parse user-supplied certificate"); |
72 | 73 | return false; |
74 | 75 | |
75 | 76 | m_localCertsChain = chain; |
76 | 77 | |
77 | XSslKey key = settings.getUserKey(); | |
78 | XSslKey key = settings->getUserKey(); | |
78 | 79 | if (key.isNull()) { |
79 | 80 | RED("can not parse user-supplied key"); |
80 | 81 | return false; |
82 | 83 | |
83 | 84 | m_privateKey = key; |
84 | 85 | |
85 | m_sslCiphers = XSslConfiguration::supportedCiphers(); | |
86 | // DTLS mode requires specific protocol to be set | |
87 | if (settings.getUseDtls()) { | |
88 | m_sslProtocol = XSsl::DtlsV1_0OrLater; | |
89 | } else { | |
90 | m_sslProtocol = XSsl::AnyProtocol; | |
91 | } | |
92 | ||
93 | return true; | |
94 | } | |
95 | ||
96 | ||
97 | bool SslTestCertSS1::prepare(const SslUserSettings &settings) | |
86 | m_sslCiphers = settings->getSupportedCiphers().count() ? | |
87 | settings->getSupportedCiphers() : XSslConfiguration::supportedCiphers(); | |
88 | ||
89 | // DTLS mode requires specific protocol to be set | |
90 | if (settings->getUseDtls()) { | |
91 | m_sslProtocol = XSsl::DtlsV1_0OrLater; | |
92 | } else { | |
93 | m_sslProtocol = XSsl::AnyProtocol; | |
94 | } | |
95 | ||
96 | return true; | |
97 | } | |
98 | ||
99 | ||
100 | bool SslTestCertSS1::prepare(const SslUserSettings *settings) | |
98 | 101 | { |
99 | 102 | QPair<XSslCertificate, XSslKey> cert; |
100 | 103 | |
101 | if (settings.getUserCN().length() != 0) { | |
102 | QString cn = settings.getUserCN(); | |
104 | if (settings->getUserCN().length() != 0) { | |
105 | QString cn = settings->getUserCN(); | |
103 | 106 | |
104 | 107 | cert = SslCertGen::genSignedCert(cn); |
105 | } else if (settings.getServerAddr().length() != 0) { | |
106 | XSslCertificate basecert = settings.getPeerCertificates().first(); | |
108 | } else if (settings->getServerAddr().length() != 0) { | |
109 | XSslCertificate basecert = settings->getPeerCertificates().first(); | |
107 | 110 | |
108 | 111 | cert = SslCertGen::genSignedCertFromTemplate(basecert); |
109 | 112 | } else { |
116 | 119 | m_localCertsChain = chain; |
117 | 120 | m_privateKey = cert.second; |
118 | 121 | |
119 | m_sslCiphers = XSslConfiguration::supportedCiphers(); | |
120 | // DTLS mode requires specific protocol to be set | |
121 | if (settings.getUseDtls()) { | |
122 | m_sslProtocol = XSsl::DtlsV1_0OrLater; | |
123 | } else { | |
124 | m_sslProtocol = XSsl::AnyProtocol; | |
125 | } | |
126 | ||
127 | return true; | |
128 | } | |
129 | ||
130 | ||
131 | bool SslTestCertSS2::prepare(const SslUserSettings &settings) | |
122 | m_sslCiphers = settings->getSupportedCiphers().count() ? | |
123 | settings->getSupportedCiphers() : XSslConfiguration::supportedCiphers(); | |
124 | ||
125 | // DTLS mode requires specific protocol to be set | |
126 | if (settings->getUseDtls()) { | |
127 | m_sslProtocol = XSsl::DtlsV1_0OrLater; | |
128 | } else { | |
129 | m_sslProtocol = XSsl::AnyProtocol; | |
130 | } | |
131 | ||
132 | return true; | |
133 | } | |
134 | ||
135 | ||
136 | bool SslTestCertSS2::prepare(const SslUserSettings *settings) | |
132 | 137 | { |
133 | 138 | QPair<XSslCertificate, XSslKey> cert = SslCertGen::genSignedCert("www.example.com"); |
134 | 139 | |
138 | 143 | m_localCertsChain = chain; |
139 | 144 | m_privateKey = cert.second; |
140 | 145 | |
141 | m_sslCiphers = XSslConfiguration::supportedCiphers(); | |
142 | // DTLS mode requires specific protocol to be set | |
143 | if (settings.getUseDtls()) { | |
144 | m_sslProtocol = XSsl::DtlsV1_0OrLater; | |
145 | } else { | |
146 | m_sslProtocol = XSsl::AnyProtocol; | |
147 | } | |
148 | ||
149 | return true; | |
150 | } | |
151 | ||
152 | ||
153 | bool SslTestCertCustom2::prepare(const SslUserSettings &settings) | |
146 | m_sslCiphers = settings->getSupportedCiphers().count() ? | |
147 | settings->getSupportedCiphers() : XSslConfiguration::supportedCiphers(); | |
148 | ||
149 | // DTLS mode requires specific protocol to be set | |
150 | if (settings->getUseDtls()) { | |
151 | m_sslProtocol = XSsl::DtlsV1_0OrLater; | |
152 | } else { | |
153 | m_sslProtocol = XSsl::AnyProtocol; | |
154 | } | |
155 | ||
156 | return true; | |
157 | } | |
158 | ||
159 | ||
160 | bool SslTestCertCustom2::prepare(const SslUserSettings *settings) | |
154 | 161 | { |
155 | 162 | QPair<QList<XSslCertificate>, XSslKey> generatedCert; |
156 | 163 | |
157 | QList<XSslCertificate> chain = settings.getUserCert(); | |
164 | QList<XSslCertificate> chain = settings->getUserCert(); | |
158 | 165 | if (chain.size() == 0) |
159 | 166 | return false; |
160 | 167 | |
161 | XSslKey key = settings.getUserKey(); | |
168 | XSslKey key = settings->getUserKey(); | |
162 | 169 | if (key.isNull()) |
163 | 170 | return false; |
164 | 171 | |
165 | if (settings.getUserCN().length() != 0) { | |
166 | QString cn = settings.getUserCN(); | |
172 | if (settings->getUserCN().length() != 0) { | |
173 | QString cn = settings->getUserCN(); | |
167 | 174 | |
168 | 175 | generatedCert = SslCertGen::genSignedByCACert(cn, chain.at(0), key); |
169 | } else if (settings.getServerAddr().length() != 0) { | |
170 | XSslCertificate basecert = settings.getPeerCertificates().first(); | |
176 | } else if (settings->getServerAddr().length() != 0) { | |
177 | XSslCertificate basecert = settings->getPeerCertificates().first(); | |
171 | 178 | |
172 | 179 | generatedCert = SslCertGen::genSignedByCACertFromTemplate(basecert, chain.at(0), key); |
173 | 180 | } else { |
179 | 186 | m_localCertsChain = generatedCert.first; |
180 | 187 | m_privateKey = generatedCert.second; |
181 | 188 | |
182 | m_sslCiphers = XSslConfiguration::supportedCiphers(); | |
183 | // DTLS mode requires specific protocol to be set | |
184 | if (settings.getUseDtls()) { | |
185 | m_sslProtocol = XSsl::DtlsV1_0OrLater; | |
186 | } else { | |
187 | m_sslProtocol = XSsl::AnyProtocol; | |
188 | } | |
189 | ||
190 | return true; | |
191 | } | |
192 | ||
193 | ||
194 | bool SslTestCertCustom3::prepare(const SslUserSettings &settings) | |
195 | { | |
196 | QList<XSslCertificate> chain = settings.getUserCert(); | |
189 | m_sslCiphers = settings->getSupportedCiphers().count() ? | |
190 | settings->getSupportedCiphers() : XSslConfiguration::supportedCiphers(); | |
191 | ||
192 | // DTLS mode requires specific protocol to be set | |
193 | if (settings->getUseDtls()) { | |
194 | m_sslProtocol = XSsl::DtlsV1_0OrLater; | |
195 | } else { | |
196 | m_sslProtocol = XSsl::AnyProtocol; | |
197 | } | |
198 | ||
199 | return true; | |
200 | } | |
201 | ||
202 | ||
203 | bool SslTestCertCustom3::prepare(const SslUserSettings *settings) | |
204 | { | |
205 | QList<XSslCertificate> chain = settings->getUserCert(); | |
197 | 206 | if (chain.size() == 0) |
198 | 207 | return false; |
199 | 208 | |
200 | XSslKey key = settings.getUserKey(); | |
209 | XSslKey key = settings->getUserKey(); | |
201 | 210 | if (key.isNull()) |
202 | 211 | return false; |
203 | 212 | |
208 | 217 | m_localCertsChain = generatedCert.first; |
209 | 218 | m_privateKey = generatedCert.second; |
210 | 219 | |
211 | m_sslCiphers = XSslConfiguration::supportedCiphers(); | |
212 | // DTLS mode requires specific protocol to be set | |
213 | if (settings.getUseDtls()) { | |
214 | m_sslProtocol = XSsl::DtlsV1_0OrLater; | |
215 | } else { | |
216 | m_sslProtocol = XSsl::AnyProtocol; | |
217 | } | |
218 | ||
219 | return true; | |
220 | } | |
221 | ||
222 | ||
223 | bool SslTestCertCA1::prepare(const SslUserSettings &settings) | |
220 | m_sslCiphers = settings->getSupportedCiphers().count() ? | |
221 | settings->getSupportedCiphers() : XSslConfiguration::supportedCiphers(); | |
222 | ||
223 | // DTLS mode requires specific protocol to be set | |
224 | if (settings->getUseDtls()) { | |
225 | m_sslProtocol = XSsl::DtlsV1_0OrLater; | |
226 | } else { | |
227 | m_sslProtocol = XSsl::AnyProtocol; | |
228 | } | |
229 | ||
230 | return true; | |
231 | } | |
232 | ||
233 | ||
234 | bool SslTestCertCA1::prepare(const SslUserSettings *settings) | |
224 | 235 | { |
225 | 236 | QString cn; |
226 | 237 | |
227 | if (settings.getUserCN().length() != 0) { | |
228 | cn = settings.getUserCN(); | |
229 | } else if (settings.getServerAddr().length() != 0) { | |
230 | cn = settings.getPeerCertificates().first().subjectInfo(XSslCertificate::CommonName).first(); | |
231 | } else { | |
232 | return false; | |
233 | } | |
234 | ||
235 | QList<XSslCertificate> chain = settings.getUserCaCert(); | |
238 | if (settings->getUserCN().length() != 0) { | |
239 | cn = settings->getUserCN(); | |
240 | } else if (settings->getServerAddr().length() != 0) { | |
241 | cn = settings->getPeerCertificates().first().subjectInfo(XSslCertificate::CommonName).first(); | |
242 | } else { | |
243 | return false; | |
244 | } | |
245 | ||
246 | QList<XSslCertificate> chain = settings->getUserCaCert(); | |
236 | 247 | if (chain.size() == 0) |
237 | 248 | return false; |
238 | 249 | |
239 | XSslKey key = settings.getUserCaKey(); | |
250 | XSslKey key = settings->getUserCaKey(); | |
240 | 251 | if (key.isNull()) |
241 | 252 | return false; |
242 | 253 | |
248 | 259 | m_localCertsChain = generatedCert.first; |
249 | 260 | m_privateKey = generatedCert.second; |
250 | 261 | |
251 | m_sslCiphers = XSslConfiguration::supportedCiphers(); | |
252 | // DTLS mode requires specific protocol to be set | |
253 | if (settings.getUseDtls()) { | |
254 | m_sslProtocol = XSsl::DtlsV1_0OrLater; | |
255 | } else { | |
256 | m_sslProtocol = XSsl::AnyProtocol; | |
257 | } | |
258 | ||
259 | return true; | |
260 | } | |
261 | ||
262 | ||
263 | bool SslTestCertCA2::prepare(const SslUserSettings &settings) | |
264 | { | |
265 | QList<XSslCertificate> chain = settings.getUserCaCert(); | |
262 | m_sslCiphers = settings->getSupportedCiphers().count() ? | |
263 | settings->getSupportedCiphers() : XSslConfiguration::supportedCiphers(); | |
264 | ||
265 | // DTLS mode requires specific protocol to be set | |
266 | if (settings->getUseDtls()) { | |
267 | m_sslProtocol = XSsl::DtlsV1_0OrLater; | |
268 | } else { | |
269 | m_sslProtocol = XSsl::AnyProtocol; | |
270 | } | |
271 | ||
272 | return true; | |
273 | } | |
274 | ||
275 | ||
276 | bool SslTestCertCA2::prepare(const SslUserSettings *settings) | |
277 | { | |
278 | QList<XSslCertificate> chain = settings->getUserCaCert(); | |
266 | 279 | if (chain.size() == 0) |
267 | 280 | return false; |
268 | 281 | |
269 | XSslKey key = settings.getUserCaKey(); | |
282 | XSslKey key = settings->getUserCaKey(); | |
270 | 283 | if (key.isNull()) |
271 | 284 | return false; |
272 | 285 | |
277 | 290 | m_localCertsChain = generatedCert.first; |
278 | 291 | m_privateKey = generatedCert.second; |
279 | 292 | |
280 | m_sslCiphers = XSslConfiguration::supportedCiphers(); | |
281 | // DTLS mode requires specific protocol to be set | |
282 | if (settings.getUseDtls()) { | |
293 | m_sslCiphers = settings->getSupportedCiphers().count() ? | |
294 | settings->getSupportedCiphers() : XSslConfiguration::supportedCiphers(); | |
295 | ||
296 | // DTLS mode requires specific protocol to be set | |
297 | if (settings->getUseDtls()) { | |
283 | 298 | m_sslProtocol = XSsl::DtlsV1_0OrLater; |
284 | 299 | } else { |
285 | 300 | m_sslProtocol = XSsl::AnyProtocol; |
412 | 427 | return setProtoAndMediumCiphers(XSsl::DtlsV1_2); |
413 | 428 | } |
414 | 429 | |
415 | bool SslTestCertCve20200601::prepare(const SslUserSettings &settings) | |
430 | bool SslTestCertCve20200601::prepare(const SslUserSettings *settings) | |
416 | 431 | { |
417 | 432 | XSslCertificate caCert; |
418 | 433 | QByteArray caSN; |
421 | 436 | bool ret = false; |
422 | 437 | |
423 | 438 | // if user provided CA cert, use it as a base one |
424 | QList<XSslCertificate> chain = settings.getUserCaCert(); | |
439 | QList<XSslCertificate> chain = settings->getUserCaCert(); | |
425 | 440 | if (chain.size() == 0) { |
426 | 441 | // ok, no CA cert, may be remote server is provided? |
427 | if (settings.getServerAddr().length() != 0) { | |
442 | if (settings->getServerAddr().length() != 0) { | |
428 | 443 | // assume that CA will be last in the list |
429 | caCert = settings.getPeerCertificates().last(); | |
444 | caCert = settings->getPeerCertificates().last(); | |
430 | 445 | // get common name of the host |
431 | targetCN = settings.getPeerCertificates().first().subjectInfo(XSslCertificate::CommonName).first(); | |
446 | targetCN = settings->getPeerCertificates().first().subjectInfo(XSslCertificate::CommonName).first(); | |
432 | 447 | } |
433 | 448 | } else { |
434 | 449 | caCert = chain.at(0); |
472 | 487 | caPubKey.resize(caPubKeyLen); |
473 | 488 | |
474 | 489 | // decide what target common name to use |
475 | if (settings.getUserCN().size() > 0) { | |
476 | targetCN = settings.getUserCN(); | |
490 | if (settings->getUserCN().size() > 0) { | |
491 | targetCN = settings->getUserCN(); | |
477 | 492 | } |
478 | 493 | if (targetCN.size() == 0) { |
479 | 494 | targetCN = "www.example.com"; |
552 | 567 | |
553 | 568 | m_sslCiphers = XSslConfiguration::supportedCiphers(); |
554 | 569 | // DTLS mode requires specific protocol to be set |
555 | if (settings.getUseDtls()) { | |
556 | m_sslProtocol = XSsl::DtlsV1_0OrLater; | |
557 | } else { | |
558 | m_sslProtocol = XSsl::AnyProtocol; | |
559 | } | |
560 | ||
561 | return true; | |
562 | } | |
570 | if (settings->getUseDtls()) { | |
571 | m_sslProtocol = XSsl::DtlsV1_0OrLater; | |
572 | } else { | |
573 | m_sslProtocol = XSsl::AnyProtocol; | |
574 | } | |
575 | ||
576 | return true; | |
577 | } |
42 | 42 | m_name = "custom certificate trust"; |
43 | 43 | m_description = "certificate trust test with user-supplied certificate"; |
44 | 44 | } |
45 | bool prepare(const SslUserSettings &settings); | |
45 | bool prepare(const SslUserSettings *settings); | |
46 | 46 | |
47 | 47 | }; |
48 | 48 | |
54 | 54 | m_name = "self-signed certificate for target domain trust"; |
55 | 55 | m_description = "certificate trust test with self-signed certificate for user-supplied common name"; |
56 | 56 | } |
57 | bool prepare(const SslUserSettings &settings); | |
57 | bool prepare(const SslUserSettings *settings); | |
58 | 58 | |
59 | 59 | }; |
60 | 60 | |
66 | 66 | m_name = "self-signed certificate for invalid domain trust"; |
67 | 67 | m_description = "certificate trust test with self-signed certificate for www.example.com"; |
68 | 68 | } |
69 | bool prepare(const SslUserSettings &settings); | |
69 | bool prepare(const SslUserSettings *settings); | |
70 | 70 | |
71 | 71 | }; |
72 | 72 | |
78 | 78 | m_name = "custom certificate for target domain trust"; |
79 | 79 | m_description = "certificate trust test with user-supplied common name signed by user-supplied certificate"; |
80 | 80 | } |
81 | bool prepare(const SslUserSettings &settings); | |
81 | bool prepare(const SslUserSettings *settings); | |
82 | 82 | |
83 | 83 | }; |
84 | 84 | |
90 | 90 | m_name = "custom certificate for invalid domain trust"; |
91 | 91 | m_description = "certificate trust test with www.example.com common name signed by user-supplied certificate"; |
92 | 92 | } |
93 | bool prepare(const SslUserSettings &settings); | |
93 | bool prepare(const SslUserSettings *settings); | |
94 | 94 | |
95 | 95 | }; |
96 | 96 | |
102 | 102 | m_name = "certificate for target domain signed by custom CA trust"; |
103 | 103 | m_description = "certificate trust test with user-supplied common name signed by user-supplied CA certificate"; |
104 | 104 | } |
105 | bool prepare(const SslUserSettings &settings); | |
105 | bool prepare(const SslUserSettings *settings); | |
106 | 106 | |
107 | 107 | }; |
108 | 108 | |
114 | 114 | m_name = "certificate for invalid domain signed by custom CA trust"; |
115 | 115 | m_description = "certificate trust test with www.example.com common name signed by user-supplied CA certificate"; |
116 | 116 | } |
117 | bool prepare(const SslUserSettings &settings); | |
117 | bool prepare(const SslUserSettings *settings); | |
118 | 118 | |
119 | 119 | }; |
120 | 120 | |
378 | 378 | m_name = "CVE-2020-0601 ECC cert trust"; |
379 | 379 | m_description = "test for trusting certificate signed by private key with custom curve"; |
380 | 380 | } |
381 | bool prepare(const SslUserSettings &settings); | |
381 | bool prepare(const SslUserSettings *settings); | |
382 | 382 | |
383 | 383 | }; |
384 | 384 |
35 | 35 | pidFile = ""; |
36 | 36 | useDtls = false; |
37 | 37 | doubleFirstTest = false; |
38 | supportedCiphers = QList<XSslCipher>(); | |
38 | 39 | } |
39 | 40 | |
40 | 41 | void SslUserSettings::setListenAddress(const QHostAddress &addr) |
383 | 384 | { |
384 | 385 | return doubleFirstTest; |
385 | 386 | } |
387 | ||
388 | void SslUserSettings::setSupportedCiphers(const QString &ciphers) | |
389 | { | |
390 | QStringList opensslCiphers = ciphers.split(":"); | |
391 | ||
392 | for (int i = 0; i < opensslCiphers.size(); i++) { | |
393 | XSslCipher cipher = XSslCipher(opensslCiphers.at(i)); | |
394 | ||
395 | if (!cipher.isNull()) | |
396 | supportedCiphers << cipher; | |
397 | } | |
398 | } | |
399 | ||
400 | QList<SslUnsafeCipher> SslUserSettings::getSupportedCiphers() const | |
401 | { | |
402 | return supportedCiphers; | |
403 | } |
71 | 71 | void setDoubleFirstTest(bool flag); |
72 | 72 | bool getDoubleFirstTest() const; |
73 | 73 | |
74 | void setSupportedCiphers(const QString &ciphers); | |
75 | QList<XSslCipher> getSupportedCiphers() const; | |
76 | ||
74 | 77 | private: |
75 | 78 | QHostAddress listenAddress; |
76 | 79 | quint16 listenPort; |
89 | 92 | QString pidFile; |
90 | 93 | bool useDtls; |
91 | 94 | bool doubleFirstTest; |
95 | QList<XSslCipher> supportedCiphers; | |
92 | 96 | }; |
93 | 97 | |
94 | 98 | #endif // SSLUSERSETTINGS_H |
2 | 2 | #include "sslusersettings.h" |
3 | 3 | #include "starttls.h" |
4 | 4 | |
5 | TcpsServer::TcpsServer(const SslUserSettings &settings, | |
5 | TcpsServer::TcpsServer(const SslUserSettings *settings, | |
6 | 6 | QList<XSslCertificate> localCert, |
7 | 7 | XSslKey privateKey, |
8 | 8 | XSsl::SslProtocol sslProtocol, |
14 | 14 | m_sslProtocol(sslProtocol), |
15 | 15 | m_sslCiphers(sslCiphers) |
16 | 16 | { |
17 | m_startTlsProtocol = settings.getStartTlsProtocol(); | |
18 | m_forwardHost = settings.getForwardHostAddr(); | |
19 | m_forwardPort = settings.getForwardHostPort(); | |
20 | m_waitDataTimeout = settings.getWaitDataTimeout(); | |
17 | m_startTlsProtocol = settings->getStartTlsProtocol(); | |
18 | m_forwardHost = settings->getForwardHostAddr(); | |
19 | m_forwardPort = settings->getForwardHostPort(); | |
20 | m_waitDataTimeout = settings->getWaitDataTimeout(); | |
21 | ||
22 | m_isForwarding = false; | |
21 | 23 | } |
22 | 24 | |
23 | 25 | void TcpsServer::handleStartTls(XSslSocket *const socket) |
89 | 91 | |
90 | 92 | emit newPeer(sslSocket->peerAddress()); |
91 | 93 | |
94 | // handling socket errors makes sence only in non-interception mode | |
95 | connect(sslSocket, &XSslSocket::encrypted, this, &TcpsServer::handleSslHandshakeFinished); | |
96 | connect(sslSocket, &XSslSocket::peerVerifyError, this, &TcpsServer::peerVerifyError); | |
97 | connect(sslSocket, static_cast<void(XSslSocket::*)(const QList<XSslError> &)>(&XSslSocket::sslErrors), | |
98 | this, &TcpsServer::sslErrors); | |
99 | ||
92 | 100 | if (!m_forwardHost.isNull()) { |
93 | 101 | // this will loop until connection is interrupted |
94 | 102 | proxyConnection(sslSocket); |
95 | 103 | } else { |
96 | // handling socket errors makes sence only in non-interception mode | |
97 | ||
98 | connect(sslSocket, &XSslSocket::encrypted, this, &TcpsServer::handleSslHandshakeFinished); | |
99 | connect(sslSocket, &XSslSocket::peerVerifyError, this, &TcpsServer::peerVerifyError); | |
100 | connect(sslSocket, static_cast<void(XSslSocket::*)(const QList<XSslError> &)>(&XSslSocket::sslErrors), | |
101 | this, &TcpsServer::sslErrors); | |
102 | ||
103 | 104 | // no 'forward' option -- just read the first packet of unencrypted data and close the connection |
104 | 105 | if (sslSocket->waitForReadyRead(m_waitDataTimeout)) { |
105 | 106 | QByteArray message = sslSocket->readAll(); |
110 | 111 | } else { |
111 | 112 | VERBOSE("no unencrypted data received (" + sslSocket->errorString() + ")"); |
112 | 113 | } |
114 | } | |
113 | 115 | |
114 | 116 | #ifdef UNSAFE_QSSL |
115 | emit rawDataCollected(sslSocket->getRawReadData(), sslSocket->getRawWrittenData()); | |
117 | emit rawDataCollected(sslSocket->getRawReadData(), sslSocket->getRawWrittenData()); | |
116 | 118 | #endif |
117 | 119 | |
118 | sslSocket->disconnectFromHost(); | |
119 | if (sslSocket->state() != QAbstractSocket::UnconnectedState) | |
120 | sslSocket->waitForDisconnected(); | |
121 | VERBOSE("disconnected"); | |
122 | } | |
120 | sslSocket->disconnectFromHost(); | |
121 | if (sslSocket->state() != QAbstractSocket::UnconnectedState) | |
122 | sslSocket->waitForDisconnected(); | |
123 | sslSocket->deleteLater(); | |
124 | ||
125 | VERBOSE("disconnected"); | |
126 | ||
127 | emit sessionFinished(); | |
123 | 128 | } |
124 | 129 | |
125 | 130 | void TcpsServer::proxyConnection(XSslSocket *sslSocket) |
129 | 134 | // - synchronously read data from ssl socket |
130 | 135 | // - synchronously send this data to proxy |
131 | 136 | QTcpSocket proxy; |
137 | QByteArray data; | |
138 | ||
139 | // before connecting to the proxy, collect data from the socket | |
140 | // it will make tests decision logic happy | |
141 | // we also need waitFor() here. it gives some windows for signal/slots subsystem to | |
142 | // process all events from SSL socket | |
143 | if (sslSocket->waitForReadyRead(100)) { | |
144 | data = sslSocket->readAll(); | |
145 | emit dataIntercepted(data); | |
146 | } | |
132 | 147 | |
133 | 148 | proxy.connectToHost(m_forwardHost, m_forwardPort); |
134 | 149 | |
138 | 153 | WHITE("forwarding incoming data to the provided proxy"); |
139 | 154 | WHITE("to get test results, relauch this app without 'forward' option"); |
140 | 155 | |
141 | while (1) { | |
156 | // disconnect socket errors slot, otherwise it will flood us with 'timeout' errors | |
157 | disconnect(sslSocket, static_cast<void(XSslSocket::*)(QAbstractSocket::SocketError)>(&XSslSocket::error), | |
158 | this, &TcpsServer::handleSocketError); | |
159 | ||
160 | // start with sending previously read data | |
161 | proxy.write(data); | |
162 | ||
163 | // we wait until one of the communicating parties disconnect the socket | |
164 | // or SIGINT is sent | |
165 | m_stopForwarding = false; | |
166 | m_isForwarding = true; | |
167 | ||
168 | while (!m_stopForwarding) { | |
142 | 169 | if (sslSocket->state() == QAbstractSocket::UnconnectedState) |
143 | 170 | break; |
144 | 171 | if (proxy.state() == QAbstractSocket::UnconnectedState) |
145 | 172 | break; |
146 | 173 | |
147 | 174 | if (sslSocket->waitForReadyRead(100)) { |
148 | QByteArray data = sslSocket->readAll(); | |
175 | data = sslSocket->readAll(); | |
149 | 176 | |
150 | 177 | emit dataIntercepted(data); |
151 | 178 | |
153 | 180 | } |
154 | 181 | |
155 | 182 | if (proxy.waitForReadyRead(100)) { |
156 | sslSocket->write(proxy.readAll()); | |
183 | data = proxy.readAll(); | |
184 | ||
185 | emit dataIntercepted(data); | |
186 | ||
187 | sslSocket->write(data); | |
157 | 188 | } |
158 | 189 | } |
159 | } | |
160 | } | |
190 | ||
191 | // return socket errors handling | |
192 | connect(sslSocket, static_cast<void(XSslSocket::*)(QAbstractSocket::SocketError)>(&XSslSocket::error), | |
193 | this, &TcpsServer::handleSocketError); | |
194 | } | |
195 | } | |
196 | ||
197 | bool TcpsServer::isForwarding() | |
198 | { | |
199 | return m_isForwarding; | |
200 | } | |
201 | ||
202 | void TcpsServer::handleSigInt() | |
203 | { | |
204 | m_stopForwarding = true; | |
205 | } |
11 | 11 | Q_OBJECT |
12 | 12 | |
13 | 13 | public: |
14 | TcpsServer(const SslUserSettings &settings, | |
14 | TcpsServer(const SslUserSettings *settings, | |
15 | 15 | QList<XSslCertificate> localCert, |
16 | 16 | XSslKey privateKey, |
17 | 17 | XSsl::SslProtocol sslProtocol, |
32 | 32 | void peerVerifyError(const XSslError &error); |
33 | 33 | void sslErrors(const QList<XSslError> &errors); |
34 | 34 | void newPeer(const QHostAddress &peerAddress); |
35 | void sessionFinished(); | |
35 | 36 | |
36 | 37 | private: |
37 | 38 | void handleStartTls(XSslSocket *const socket); |
38 | 39 | void handleSocketError(QAbstractSocket::SocketError socketError); |
39 | 40 | void handleSslHandshakeFinished(); |
40 | 41 | void proxyConnection(XSslSocket *sslSocket); |
42 | void handleSigInt(); | |
43 | bool isForwarding(); | |
41 | 44 | |
42 | 45 | QList<XSslCertificate> m_sslCertsChain; |
43 | 46 | XSslKey m_sslPrivateKey; |
49 | 52 | quint16 m_forwardPort; |
50 | 53 | quint32 m_waitDataTimeout; |
51 | 54 | |
55 | bool m_stopForwarding; | |
56 | bool m_isForwarding; | |
57 | ||
52 | 58 | friend class SslServer; |
53 | 59 | }; |
54 | 60 |
0 | #include "testserver.h" | |
1 | #include "debug.h" | |
2 | #include "ssltest.h" | |
3 | #include "sslserver.h" | |
4 | #include "clientinfo.h" | |
5 | #include "sslusersettings.h" | |
6 | ||
7 | // for msleep() | |
8 | #include <QThread> | |
9 | ||
10 | TestServer::TestServer(SslTest *sslTest, const SslUserSettings *settings, | |
11 | QObject *parent) : | |
12 | QObject(parent), | |
13 | sslSettings(settings), | |
14 | sslTest(sslTest) | |
15 | { | |
16 | clientInfo = new ClientInfo(); | |
17 | clientInfo->setDtlsMode(settings->getUseDtls()); | |
18 | ||
19 | sslServer = new SslServer(settings, | |
20 | sslTest->localCert(), | |
21 | sslTest->privateKey(), | |
22 | sslTest->sslProtocol(), | |
23 | sslTest->sslCiphers(), | |
24 | this); | |
25 | ||
26 | // can be emitted by both TCP and UDP servers | |
27 | connect(sslServer, &SslServer::sslSocketErrors, this, &TestServer::handleSslSocketErrors); | |
28 | ||
29 | // can be emitted by TCP server only | |
30 | connect(sslServer, &SslServer::sslErrors, [=](const QList<XSslError> &errors) { | |
31 | VERBOSE("SSL errors detected:"); | |
32 | XSslError error; | |
33 | foreach (error, errors) { | |
34 | VERBOSE("\t" + error.errorString()); | |
35 | clientInfo->addSslErrorString(error.errorString()); | |
36 | } | |
37 | clientInfo->addSslErrors(errors); | |
38 | }); | |
39 | ||
40 | // can be emitted by UDP server only | |
41 | connect(sslServer, &SslServer::dtlsHandshakeError, [=](const XDtlsError error, const QString &errorStr) { | |
42 | VERBOSE("DTLS error detected:"); | |
43 | VERBOSE(QString("\t%1(%2)").arg(errorStr).arg(SslServer::dtlsErrorToString(error))); | |
44 | clientInfo->addSslErrorString(errorStr); | |
45 | clientInfo->addDtlsError(error); | |
46 | }); | |
47 | ||
48 | // can be emitted by both TCP and UDP servers | |
49 | connect(sslServer, &SslServer::dataIntercepted, [=](const QByteArray &data) { | |
50 | clientInfo->addInterceptedData(data); | |
51 | }); | |
52 | ||
53 | // can be emitted by both TCP and UDP servers | |
54 | connect(sslServer, &SslServer::rawDataCollected, [=](const QByteArray &rdData, const QByteArray &wrData) { | |
55 | clientInfo->addRawDataRecv(rdData); | |
56 | clientInfo->addRawDataSent(wrData); | |
57 | }); | |
58 | ||
59 | // can be emitted by both TCP and UDP servers | |
60 | connect(sslServer, &SslServer::sslHandshakeFinished, [=](const QList<XSslCertificate> &clientCerts) { | |
61 | VERBOSE("SSL connection established"); | |
62 | if (clientCerts.size() > 0) { | |
63 | VERBOSE(QString("\tclient supplied chain of %1 certificates").arg(clientCerts.size())); | |
64 | for (int i = 0; i < clientCerts.size(); i++) { | |
65 | VERBOSE(clientCerts.at(i).toPem()); | |
66 | } | |
67 | } | |
68 | ||
69 | clientInfo->setSslConnectionStatus(true); | |
70 | }); | |
71 | ||
72 | // can be emitted by TCP server only | |
73 | // for UDP see QDtls::peerVerificationErrors(), however, it does not make sense anyway | |
74 | connect(sslServer, &SslServer::peerVerifyError, [=](const XSslError &error) { | |
75 | VERBOSE("peer verify error:"); | |
76 | VERBOSE("\t" + error.errorString()); | |
77 | }); | |
78 | ||
79 | // can be emitted by both TCP and UDP servers | |
80 | connect(sslServer, &SslServer::newPeer, [=](const QHostAddress &peerAddress) { | |
81 | clientInfo->setSourceHost(peerAddress.toString()); | |
82 | }); | |
83 | ||
84 | // client disconnected or similar | |
85 | connect(sslServer, &SslServer::sessionFinished, this, &TestServer::handleSessionFinished); | |
86 | ||
87 | // we handle SIGINT only to break forwarding process gracefully | |
88 | // in case we are not in forwarding state, just exit | |
89 | connect(this, &TestServer::sigIntHandled, sslServer, &SslServer::handleSigInt); | |
90 | } | |
91 | ||
92 | TestServer::~TestServer() | |
93 | { | |
94 | delete clientInfo; | |
95 | sslServer->deleteLater(); | |
96 | } | |
97 | ||
98 | void TestServer::runTest() | |
99 | { | |
100 | WHITE(QString("running test #%1: %2").arg(static_cast<int>(sslTest->id()) + 1) | |
101 | .arg(sslTest->description())); | |
102 | ||
103 | // when doing many tests in a row creating a new listener too soon after the previous | |
104 | // has finished may cause weird errors in some clients. in most cases this will be an | |
105 | // iOS mobile app | |
106 | // this can be easily avoided by the following weird delay. this does not impact on | |
107 | // our tests but solves the weird issue with clients. technically, can be set as | |
108 | // another user option, but it will be too much as for me | |
109 | QThread::msleep(500); | |
110 | ||
111 | sslTest->clear(); | |
112 | clientInfo->clear(); | |
113 | ||
114 | if (!sslServer->listen()) { | |
115 | RED("failure during listener initialization, test will not continue"); | |
116 | sslTest->calcResults(clientInfo); | |
117 | emit sslTestFinished(); | |
118 | return; | |
119 | } | |
120 | ||
121 | // check if *server* was not able to setup SSL connection | |
122 | // to check this we need to see if we already received some SSL errors | |
123 | // if this is the case -- then those errors are about SSL initialization | |
124 | if ((clientInfo->sslErrorsStr().size() > 0) | |
125 | || (clientInfo->socketErrors().size() > 0)) { | |
126 | RED("failure during SSL initialization, test will not continue"); | |
127 | ||
128 | for (int i = 0; i < clientInfo->sslErrorsStr().size(); i++) { | |
129 | VERBOSE("\t" + clientInfo->sslErrorsStr().at(i)); | |
130 | } | |
131 | ||
132 | sslTest->calcResults(clientInfo); | |
133 | emit sslTestFinished(); | |
134 | return; | |
135 | } | |
136 | ||
137 | emit sslTestReady(); | |
138 | } | |
139 | ||
140 | void TestServer::handleSessionFinished() | |
141 | { | |
142 | sslTest->calcResults(clientInfo); | |
143 | ||
144 | WHITE("report:"); | |
145 | ||
146 | if (sslTest->result() != SslTestResult::Success) { | |
147 | RED(sslTest->report()); | |
148 | } else { | |
149 | GREEN(sslTest->report()); | |
150 | } | |
151 | ||
152 | WHITE("result: " + sslTestResultToStatus(sslTest->result())); | |
153 | ||
154 | WHITE("test finished"); | |
155 | ||
156 | emit sslTestFinished(); | |
157 | } | |
158 | ||
159 | void TestServer::handleSslSocketErrors(const QList<XSslError> &sslErrors, | |
160 | const QString &errorStr, QAbstractSocket::SocketError socketError) | |
161 | { | |
162 | VERBOSE(QString("socket error: %1 (#%2)").arg(errorStr).arg(socketError)); | |
163 | ||
164 | clientInfo->addSslErrors(sslErrors); | |
165 | clientInfo->addSslErrorString(errorStr); | |
166 | clientInfo->addSocketErrors(QList<QAbstractSocket::SocketError>() << socketError); | |
167 | ||
168 | switch (socketError) { | |
169 | case QAbstractSocket::SslInvalidUserDataError: | |
170 | VERBOSE("\tInvalid data (certificate, key, cypher, etc.) was provided and its use resulted in an error in the SSL library."); | |
171 | break; | |
172 | case QAbstractSocket::SslInternalError: | |
173 | VERBOSE("\tThe SSL library being used reported an internal error. This is probably the result of a bad installation or misconfiguration of the library."); | |
174 | break; | |
175 | case QAbstractSocket::SslHandshakeFailedError: | |
176 | if (errorStr.contains(QString("ssl3_get_client_hello:no shared cipher"))) { | |
177 | VERBOSE("\tThe SSL/TLS handshake failed (client did not provide expected ciphers), so the connection was closed."); | |
178 | } else if (errorStr.contains(QString("ssl3_read_bytes:tlsv1 alert protocol version"))) { | |
179 | VERBOSE("\tThe SSL/TLS handshake failed (client refused the proposed protocol), so the connection was closed."); | |
180 | } else { | |
181 | VERBOSE("\tThe SSL/TLS handshake failed, so the connection was closed."); | |
182 | } | |
183 | break; | |
184 | default: | |
185 | // just ignore all other errors | |
186 | break; | |
187 | } | |
188 | } |
0 | #ifndef TESTSERVER_H | |
1 | #define TESTSERVER_H | |
2 | ||
3 | #include <QObject> | |
4 | #include <QAbstractSocket> | |
5 | ||
6 | #ifdef UNSAFE_QSSL | |
7 | #include "sslunsafeerror.h" | |
8 | #else | |
9 | #include <QSslError> | |
10 | #endif | |
11 | ||
12 | ||
13 | class SslUserSettings; | |
14 | class SslTest; | |
15 | class SslServer; | |
16 | class ClientInfo; | |
17 | ||
18 | class TestServer : public QObject | |
19 | { | |
20 | Q_OBJECT | |
21 | ||
22 | public: | |
23 | TestServer(SslTest *sslTest, const SslUserSettings *settings, | |
24 | QObject *parent = nullptr); | |
25 | ~TestServer(); | |
26 | ||
27 | const SslTest *getSslTest() { | |
28 | return sslTest; | |
29 | } | |
30 | ||
31 | const ClientInfo *getClientInfo() { | |
32 | return clientInfo; | |
33 | } | |
34 | ||
35 | public slots: | |
36 | void runTest(); | |
37 | ||
38 | signals: | |
39 | void sslTestReady(); | |
40 | void sslTestFinished(); | |
41 | void sigIntHandled(); | |
42 | ||
43 | private: | |
44 | void handleSslSocketErrors(const QList<XSslError> &sslErrors, | |
45 | const QString &errorStr, QAbstractSocket::SocketError socketError); | |
46 | void handleSessionFinished(); | |
47 | ||
48 | const SslUserSettings *sslSettings; | |
49 | SslTest *sslTest; | |
50 | SslServer *sslServer; | |
51 | ClientInfo *clientInfo; | |
52 | ||
53 | }; | |
54 | ||
55 | #endif // TESTSERVER_H |
2 | 2 | #include <QtEndian> |
3 | 3 | #include <QDebug> |
4 | 4 | |
5 | // this we need only for TlsClientHello type | |
6 | #include "ssltest.h" | |
5 | #include "clientinfo.h" | |
7 | 6 | |
8 | 7 | // taken from packet-{d,t}ls.c, wireshark source code |
9 | 8 |
2 | 2 | #include "sslusersettings.h" |
3 | 3 | #include "ssltests.h" |
4 | 4 | #include "sslcaudit.h" |
5 | #include "ciphers.h" | |
6 | #include "sigwatch.h" | |
5 | 7 | |
6 | 8 | #include <QCoreApplication> |
7 | 9 | #include <QCommandLineParser> |
8 | 10 | #include <QThread> |
9 | 11 | #include <QHostAddress> |
10 | 12 | #include <QFile> |
11 | ||
13 | #include <QTimer> | |
12 | 14 | |
13 | 15 | static QList<int> selectedTests; |
14 | 16 | |
17 | ||
18 | void showCiphersGroup(const QString &groupName, const QString &ciphersStr) | |
19 | { | |
20 | QStringList opensslCiphers = ciphersStr.split(":"); | |
21 | QString supportedCiphersStr; | |
22 | ||
23 | VERBOSE(" " + groupName + ":"); | |
24 | ||
25 | for (int i = 0; i < opensslCiphers.size(); i++) { | |
26 | XSslCipher cipher = XSslCipher(opensslCiphers.at(i)); | |
27 | ||
28 | if (!cipher.isNull()) | |
29 | supportedCiphersStr += opensslCiphers.at(i) + ":"; | |
30 | } | |
31 | ||
32 | supportedCiphersStr.chop(1); | |
33 | ||
34 | VERBOSE(" " + supportedCiphersStr); | |
35 | } | |
36 | ||
37 | void showCiphers() | |
38 | { | |
39 | VERBOSE("supported ciphers:"); | |
40 | showCiphersGroup("EXPORT", ciphers_export_str); | |
41 | showCiphersGroup("LOW", ciphers_low_str); | |
42 | showCiphersGroup("MEDIUM", ciphers_medium_str); | |
43 | showCiphersGroup("HIGH", ciphers_high_str); | |
44 | } | |
15 | 45 | |
16 | 46 | void parseOptions(const QCoreApplication &a, SslUserSettings *settings) |
17 | 47 | { |
98 | 128 | settings->setUseDtls(true); |
99 | 129 | } |
100 | 130 | if (parser.isSet(showciphersOption)) { |
101 | SslCAudit::showCiphers(); | |
131 | showCiphers(); | |
102 | 132 | exit(0); |
103 | 133 | } |
104 | 134 | if (parser.isSet(listenAddressOption)) { |
263 | 293 | } |
264 | 294 | |
265 | 295 | |
266 | QList<SslTest *> prepareSslTests(const SslUserSettings &settings) | |
296 | QList<SslTest *> prepareSslTests(const SslUserSettings *settings) | |
267 | 297 | { |
268 | 298 | QList<SslTest *> ret; |
269 | 299 | bool doubled = false; |
277 | 307 | ret << test; |
278 | 308 | |
279 | 309 | // dublicate the first test if requested |
280 | if (!doubled && settings.getDoubleFirstTest()) { | |
310 | if (!doubled && settings->getDoubleFirstTest()) { | |
281 | 311 | doubled = true; |
282 | 312 | test = sslTestsFactory.create(static_cast<SslTestId>(selectedTests.at(i))); |
283 | 313 | test->prepare(settings); |
307 | 337 | QFile::remove(pidFile); |
308 | 338 | } |
309 | 339 | |
310 | ||
311 | 340 | int main(int argc, char *argv[]) |
312 | 341 | { |
313 | 342 | QCoreApplication a(argc, argv); |
319 | 348 | // has to be called even before parsing options |
320 | 349 | fillSslTestsFactory(); |
321 | 350 | |
322 | SslUserSettings settings; | |
323 | ||
324 | parseOptions(a, &settings); | |
351 | SslUserSettings *settings = new SslUserSettings(); | |
352 | ||
353 | parseOptions(a, settings); | |
325 | 354 | |
326 | 355 | QList<SslTest *> sslTests = prepareSslTests(settings); |
327 | 356 | |
357 | SslCAudit *caudit = new SslCAudit(settings); | |
358 | ||
359 | caudit->setSslTests(sslTests); | |
360 | ||
328 | 361 | QThread thread; |
329 | SslCAudit *caudit = new SslCAudit(settings); | |
330 | ||
331 | caudit->setSslTests(sslTests); | |
362 | ||
363 | QObject::connect(&thread, &QThread::finished, caudit, &QObject::deleteLater); | |
364 | ||
332 | 365 | caudit->moveToThread(&thread); |
333 | QObject::connect(&thread, &QThread::finished, caudit, &QObject::deleteLater); | |
334 | QObject::connect(&thread, &QThread::started, caudit, &SslCAudit::run); | |
366 | thread.start(); | |
367 | ||
368 | UnixSignalWatcher sigwatch; | |
369 | sigwatch.watchForSignal(SIGINT); | |
370 | QObject::connect(&sigwatch, &UnixSignalWatcher::unixSignal, caudit, &SslCAudit::handleSigInt); | |
335 | 371 | |
336 | 372 | QObject::connect(caudit, &SslCAudit::sslTestsFinished, [=](){ |
337 | 373 | caudit->printSummary(); |
339 | 375 | |
340 | 376 | VERBOSE(QString("%1 version: %2").arg(QCoreApplication::applicationName()).arg(QCoreApplication::applicationVersion())); |
341 | 377 | |
342 | if (settings.getOutputXml().length() > 0) | |
343 | caudit->writeXmlSummary(settings.getOutputXml()); | |
378 | if (settings->getOutputXml().length() > 0) | |
379 | caudit->writeXmlSummary(settings->getOutputXml()); | |
344 | 380 | |
345 | 381 | qApp->exit(); |
346 | 382 | }); |
347 | 383 | |
348 | QString pidFile = settings.getPidFile(); | |
384 | QString pidFile = settings->getPidFile(); | |
349 | 385 | if (pidFile.length() > 0) |
350 | 386 | createPidFile(pidFile); |
351 | 387 | |
352 | thread.start(); | |
388 | QTimer::singleShot(0, caudit, &SslCAudit::run); | |
353 | 389 | |
354 | 390 | int exitCode = a.exec(); |
355 | 391 |
0 | /* | |
1 | * Unix signal watcher for Qt. | |
2 | * | |
3 | * Copyright (C) 2014 Simon Knopp | |
4 | * | |
5 | * Permission is hereby granted, free of charge, to any person obtaining a copy | |
6 | * of this software and associated documentation files (the "Software"), to deal | |
7 | * in the Software without restriction, including without limitation the rights | |
8 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | |
9 | * copies of the Software, and to permit persons to whom the Software is | |
10 | * furnished to do so, subject to the following conditions: | |
11 | * | |
12 | * The above copyright notice and this permission notice shall be included in | |
13 | * all copies or substantial portions of the Software. | |
14 | * | |
15 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | |
16 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | |
17 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | |
18 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | |
19 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | |
20 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE | |
21 | * SOFTWARE. | |
22 | */ | |
23 | ||
24 | #include <sys/socket.h> | |
25 | #include <unistd.h> | |
26 | #include <errno.h> | |
27 | #include <QMap> | |
28 | #include <QSocketNotifier> | |
29 | #include <QDebug> | |
30 | #include "sigwatch.h" | |
31 | ||
32 | ||
33 | /*! | |
34 | * \brief The UnixSignalWatcherPrivate class implements the back-end signal | |
35 | * handling for the UnixSignalWatcher. | |
36 | * | |
37 | * \see http://qt-project.org/doc/qt-5.0/qtdoc/unix-signals.html | |
38 | */ | |
39 | class UnixSignalWatcherPrivate : public QObject | |
40 | { | |
41 | UnixSignalWatcher * const q_ptr; | |
42 | Q_DECLARE_PUBLIC(UnixSignalWatcher) | |
43 | ||
44 | public: | |
45 | UnixSignalWatcherPrivate(UnixSignalWatcher *q); | |
46 | ~UnixSignalWatcherPrivate(); | |
47 | ||
48 | void watchForSignal(int signal); | |
49 | static void signalHandler(int signal); | |
50 | ||
51 | void _q_onNotify(int sockfd); | |
52 | ||
53 | private: | |
54 | static int sockpair[2]; | |
55 | QSocketNotifier *notifier; | |
56 | QList<int> watchedSignals; | |
57 | }; | |
58 | ||
59 | ||
60 | int UnixSignalWatcherPrivate::sockpair[2]; | |
61 | ||
62 | UnixSignalWatcherPrivate::UnixSignalWatcherPrivate(UnixSignalWatcher *q) : | |
63 | q_ptr(q) | |
64 | { | |
65 | // Create socket pair | |
66 | if (::socketpair(AF_UNIX, SOCK_STREAM, 0, sockpair)) { | |
67 | qDebug() << "UnixSignalWatcher: socketpair: " << ::strerror(errno); | |
68 | return; | |
69 | } | |
70 | ||
71 | // Create a notifier for the read end of the pair | |
72 | notifier = new QSocketNotifier(sockpair[1], QSocketNotifier::Read); | |
73 | QObject::connect(notifier, SIGNAL(activated(int)), q, SLOT(_q_onNotify(int))); | |
74 | notifier->setEnabled(true); | |
75 | } | |
76 | ||
77 | UnixSignalWatcherPrivate::~UnixSignalWatcherPrivate() | |
78 | { | |
79 | delete notifier; | |
80 | } | |
81 | ||
82 | /*! | |
83 | * Registers a handler for the given Unix \a signal. The handler will write to | |
84 | * a socket pair, the other end of which is connected to a QSocketNotifier. | |
85 | * This provides a way to break out of the asynchronous context from which the | |
86 | * signal handler is called and back into the Qt event loop. | |
87 | */ | |
88 | void UnixSignalWatcherPrivate::watchForSignal(int signal) | |
89 | { | |
90 | if (watchedSignals.contains(signal)) { | |
91 | qDebug() << "Already watching for signal" << signal; | |
92 | return; | |
93 | } | |
94 | ||
95 | // Register a sigaction which will write to the socket pair | |
96 | struct sigaction sigact; | |
97 | sigact.sa_handler = UnixSignalWatcherPrivate::signalHandler; | |
98 | sigact.sa_flags = 0; | |
99 | ::sigemptyset(&sigact.sa_mask); | |
100 | sigact.sa_flags |= SA_RESTART; | |
101 | if (::sigaction(signal, &sigact, NULL)) { | |
102 | qDebug() << "UnixSignalWatcher: sigaction: " << ::strerror(errno); | |
103 | return; | |
104 | } | |
105 | ||
106 | watchedSignals.append(signal); | |
107 | } | |
108 | ||
109 | /*! | |
110 | * Called when a Unix \a signal is received. Write to the socket to wake up the | |
111 | * QSocketNotifier. | |
112 | */ | |
113 | void UnixSignalWatcherPrivate::signalHandler(int signal) | |
114 | { | |
115 | ssize_t nBytes = ::write(sockpair[0], &signal, sizeof(signal)); | |
116 | Q_UNUSED(nBytes); | |
117 | } | |
118 | ||
119 | /*! | |
120 | * Called when the signal handler has written to the socket pair. Emits the Unix | |
121 | * signal as a Qt signal. | |
122 | */ | |
123 | void UnixSignalWatcherPrivate::_q_onNotify(int sockfd) | |
124 | { | |
125 | Q_Q(UnixSignalWatcher); | |
126 | ||
127 | int signal; | |
128 | ssize_t nBytes = ::read(sockfd, &signal, sizeof(signal)); | |
129 | Q_UNUSED(nBytes); | |
130 | qDebug() << "Caught signal:" << ::strsignal(signal); | |
131 | emit q->unixSignal(signal); | |
132 | } | |
133 | ||
134 | ||
135 | /*! | |
136 | * Create a new UnixSignalWatcher as a child of the given \a parent. | |
137 | */ | |
138 | UnixSignalWatcher::UnixSignalWatcher(QObject *parent) : | |
139 | QObject(parent), | |
140 | d_ptr(new UnixSignalWatcherPrivate(this)) | |
141 | { | |
142 | } | |
143 | ||
144 | /*! | |
145 | * Destroy this UnixSignalWatcher. | |
146 | */ | |
147 | UnixSignalWatcher::~UnixSignalWatcher() | |
148 | { | |
149 | delete d_ptr; | |
150 | } | |
151 | ||
152 | /*! | |
153 | * Register a signal handler for the given \a signal. | |
154 | * | |
155 | * After calling this method you can \c connect() to the unixSignal() Qt signal | |
156 | * to be notified when the Unix signal is received. | |
157 | */ | |
158 | void UnixSignalWatcher::watchForSignal(int signal) | |
159 | { | |
160 | Q_D(UnixSignalWatcher); | |
161 | d->watchForSignal(signal); | |
162 | } | |
163 | ||
164 | /*! | |
165 | * \fn void UnixSignalWatcher::unixSignal(int signal) | |
166 | * Emitted when the given Unix \a signal is received. | |
167 | * | |
168 | * watchForSignal() must be called for each Unix signal that you want to receive | |
169 | * via the unixSignal() Qt signal. If a watcher is watching multiple signals, | |
170 | * unixSignal() will be emitted whenever *any* of the watched Unix signals are | |
171 | * received, and the \a signal argument can be inspected to find out which one | |
172 | * was actually received. | |
173 | */ | |
174 | ||
175 | #include "moc_sigwatch.cpp" |
0 | /* | |
1 | * Unix signal watcher for Qt. | |
2 | * | |
3 | * Copyright (C) 2014 Simon Knopp | |
4 | * | |
5 | * Permission is hereby granted, free of charge, to any person obtaining a copy | |
6 | * of this software and associated documentation files (the "Software"), to deal | |
7 | * in the Software without restriction, including without limitation the rights | |
8 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | |
9 | * copies of the Software, and to permit persons to whom the Software is | |
10 | * furnished to do so, subject to the following conditions: | |
11 | * | |
12 | * The above copyright notice and this permission notice shall be included in | |
13 | * all copies or substantial portions of the Software. | |
14 | * | |
15 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | |
16 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | |
17 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | |
18 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | |
19 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | |
20 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE | |
21 | * SOFTWARE. | |
22 | */ | |
23 | ||
24 | #ifndef SIGWATCH_H | |
25 | #define SIGWATCH_H | |
26 | ||
27 | #include <QObject> | |
28 | #include <signal.h> | |
29 | ||
30 | class UnixSignalWatcherPrivate; | |
31 | ||
32 | ||
33 | /*! | |
34 | * \brief The UnixSignalWatcher class converts Unix signals to Qt signals. | |
35 | * | |
36 | * To watch for a given signal, e.g. \c SIGINT, call \c watchForSignal(SIGINT) | |
37 | * and \c connect() your handler to unixSignal(). | |
38 | */ | |
39 | ||
40 | class UnixSignalWatcher : public QObject | |
41 | { | |
42 | Q_OBJECT | |
43 | public: | |
44 | explicit UnixSignalWatcher(QObject *parent = 0); | |
45 | ~UnixSignalWatcher(); | |
46 | ||
47 | void watchForSignal(int signal); | |
48 | ||
49 | signals: | |
50 | void unixSignal(int signal); | |
51 | ||
52 | private: | |
53 | UnixSignalWatcherPrivate * const d_ptr; | |
54 | Q_DECLARE_PRIVATE(UnixSignalWatcher) | |
55 | Q_PRIVATE_SLOT(d_func(), void _q_onNotify(int)) | |
56 | }; | |
57 | ||
58 | #endif // SIGWATCH_H |
54 | 54 | #include <QtCore/qbytearray.h> |
55 | 55 | #include <QtCore/qvector.h> |
56 | 56 | |
57 | #include <climits> | |
58 | ||
57 | 59 | QT_BEGIN_NAMESPACE |
58 | 60 | |
59 | 61 | #ifndef QRINGBUFFER_CHUNKSIZE |
68 | 68 | add_test(tests_SslTestCiphersDtls12Exp tests_SslTestCiphersDtls12Exp) |
69 | 69 | endif() |
70 | 70 | |
71 | add_executable(tests_RecurrentRequests tests_RecurrentRequests.cpp test.h) | |
72 | set_target_properties(tests_RecurrentRequests PROPERTIES AUTOMOC TRUE) | |
73 | target_link_libraries(tests_RecurrentRequests qsslcaudit_lib) | |
74 | add_test(NAME tests_RecurrentRequests COMMAND tests_RecurrentRequests 100) | |
71 | add_executable(tests_MultipleTests tests_MultipleTests.cpp test.h) | |
72 | set_target_properties(tests_MultipleTests PROPERTIES AUTOMOC TRUE) | |
73 | target_link_libraries(tests_MultipleTests qsslcaudit_lib) | |
74 | add_test(NAME tests_MultipleTests COMMAND tests_MultipleTests 100) | |
75 | 75 | |
76 | 76 | add_executable(tests_DifferentClientTypes tests_DifferentClientTypes.cpp test.h) |
77 | 77 | set_target_properties(tests_DifferentClientTypes PROPERTIES AUTOMOC TRUE) |
2 | 2 | |
3 | 3 | #include "debug.h" |
4 | 4 | #include "sslcaudit.h" |
5 | #include "ssltest.h" | |
5 | 6 | #include "ssltestresult.h" |
7 | #include "sslusersettings.h" | |
6 | 8 | |
7 | 9 | #include <QThread> |
8 | ||
10 | #include <QTimer> | |
9 | 11 | |
10 | 12 | class Test : public QObject |
11 | 13 | { |
25 | 27 | ~Test() { |
26 | 28 | sslCAuditThread.quit(); |
27 | 29 | sslCAuditThread.wait(); |
28 | delete caudit; | |
30 | caudit->deleteLater(); | |
29 | 31 | } |
30 | 32 | |
31 | 33 | int getId() { return id; } |
46 | 48 | return sslTests.at(currentTestNum); |
47 | 49 | } |
48 | 50 | |
49 | ClientInfo currentClient() { | |
51 | const ClientInfo *currentClient() { | |
50 | 52 | return caudit->getClientInfo(currentTestNum); |
51 | 53 | } |
52 | 54 | |
53 | 55 | // required for "recurrentRequests" test |
54 | ClientInfo getClient(int testNum) { | |
56 | const ClientInfo *getClient(int testNum) { | |
55 | 57 | return caudit->getClientInfo(testNum); |
56 | 58 | } |
57 | 59 | |
67 | 69 | virtual void startTests() { |
68 | 70 | prepareTests(); |
69 | 71 | launchSslCAudit(); |
70 | if (!waitForSslTestsFinished()) { | |
71 | setResult(-1); | |
72 | printTestFailed("tests are not finished in time"); | |
73 | } | |
74 | 72 | } |
75 | 73 | |
76 | 74 | // called by Test class in prepareTests() method |
91 | 89 | setTestsSettings(); |
92 | 90 | |
93 | 91 | for (int i = 0; i < sslTests.size(); i++) { |
94 | if (!sslTests.at(i)->prepare(testSettings)) { | |
92 | if (!sslTests.at(i)->prepare(&testSettings)) { | |
95 | 93 | RED("failed to prepare test " + sslTests.at(i)->name()); |
96 | 94 | return; |
97 | 95 | } |
98 | 96 | } |
99 | 97 | |
100 | caudit = new SslCAudit(testSettings); | |
101 | ||
98 | caudit = new SslCAudit(&testSettings); | |
99 | ||
100 | caudit->moveToThread(&sslCAuditThread); | |
101 | sslCAuditThread.start(); | |
102 | ||
103 | connect(caudit, &SslCAudit::sslTestReady, this, &Test::launchClientTest); | |
104 | connect(caudit, &SslCAudit::sslTestFinished, this, &Test::handleTestFinished); | |
102 | 105 | connect(caudit, &SslCAudit::sslTestsFinished, this, &Test::handleAllTestsFinished); |
103 | 106 | |
104 | connect(caudit, &SslCAudit::sslTestReady, this, &Test::handleTestReady); | |
105 | ||
106 | connect(caudit, &SslCAudit::sslTestFinished, this, &Test::handleTestFinished); | |
107 | ||
108 | connect(&sslCAuditThread, &QThread::started, caudit, &SslCAudit::run); | |
109 | ||
110 | 107 | caudit->setSslTests(sslTests); |
111 | caudit->moveToThread(&sslCAuditThread); | |
112 | 108 | } |
113 | 109 | |
114 | 110 | // asynchronously launches SslCAudit thread. this ends up with the first test becoming ready |
115 | 111 | // this is supposed to be called by autotest |
116 | 112 | void launchSslCAudit() { |
117 | // flush all the statuses | |
118 | testIsReady = false; | |
119 | testIsFinished = false; | |
120 | testsAreFinished = false; | |
121 | ||
122 | sslCAuditThread.quit(); | |
123 | sslCAuditThread.wait(); | |
124 | ||
125 | sslCAuditThread.start(); | |
126 | } | |
127 | ||
128 | // synchronously waits for the current test to become ready | |
129 | bool waitforSslTestReady() { | |
130 | int count = 0; | |
131 | int to = 5000; | |
132 | while (!testIsReady && ++count < to/10) | |
133 | QThread::msleep(10); | |
134 | ||
135 | return testIsReady; | |
136 | } | |
137 | ||
138 | // synchronously waits for all the tests to finish | |
139 | bool waitForSslTestsFinished() { | |
140 | int count = 0; | |
141 | // we have to wait more than the test will be executed | |
142 | int to = static_cast<int>(2 * testSettings.getWaitDataTimeout()) * sslTests.size(); | |
143 | while (!testsAreFinished && ++count < to/10) | |
144 | QThread::msleep(10); | |
145 | ||
146 | return testsAreFinished; | |
147 | } | |
148 | ||
149 | // synchronously waits for the current test to finish | |
150 | bool waitForSslTestFinished() { | |
151 | int count = 0; | |
152 | // we have to wait more than the test will be executed | |
153 | int to = static_cast<int>(2 * testSettings.getWaitDataTimeout()); | |
154 | while (!testIsFinished && ++count < to/10) | |
155 | QThread::msleep(10); | |
156 | ||
157 | return testIsFinished; | |
113 | QTimer::singleShot(0, caudit, &SslCAudit::run); | |
158 | 114 | } |
159 | 115 | |
160 | 116 | // print helpers |
179 | 135 | testResults[currentTestNum] = result; |
180 | 136 | } |
181 | 137 | |
138 | signals: | |
139 | void autotestFinished(); | |
140 | ||
182 | 141 | private slots: |
183 | void handleAllTestsFinished() { | |
184 | testsAreFinished = true; | |
185 | } | |
186 | ||
187 | void handleTestReady() { | |
188 | testIsReady = true; | |
189 | testIsFinished = false; | |
190 | ||
191 | // executeNextSslTest() must set current test result to '0' if this stage succeeded | |
142 | void launchClientTest() { | |
192 | 143 | setResult(-1); |
193 | 144 | executeNextSslTest(); |
194 | 145 | } |
195 | 146 | |
147 | void handleAllTestsFinished() { | |
148 | sslCAuditThread.quit(); | |
149 | sslCAuditThread.wait(); | |
150 | } | |
151 | ||
196 | 152 | void handleTestFinished() { |
197 | testIsFinished = true; | |
198 | ||
199 | // if test failed during execution, do not even run results | |
200 | // verification because it could produce false-positives | |
201 | if (getResult() != 0) { | |
202 | printTestFailed("test failed on execution"); | |
153 | verifySslTestResult(); | |
154 | ||
155 | if (currentTestNum == sslTests.size()-1) { | |
156 | emit autotestFinished(); | |
203 | 157 | } else { |
204 | verifySslTestResult(); | |
205 | } | |
206 | ||
207 | currentTestNum++; | |
208 | if (currentTestNum >= sslTests.size()) { | |
209 | currentTestNum = sslTests.size()-1; | |
158 | currentTestNum++; | |
210 | 159 | } |
211 | 160 | } |
212 | 161 | |
214 | 163 | int id; |
215 | 164 | QString testBaseName; |
216 | 165 | QVector<int> testResults; |
217 | bool testIsReady; | |
218 | bool testIsFinished; | |
219 | bool testsAreFinished; | |
166 | ||
220 | 167 | QThread sslCAuditThread; |
221 | 168 | SslCAudit *caudit; |
169 | ||
222 | 170 | int currentTestNum; |
223 | 171 | QList<SslTest *> sslTests; |
224 | 172 | |
232 | 180 | TestsLauncher(QList<Test *> sslTests, QObject *parent = nullptr) : |
233 | 181 | QObject(parent), |
234 | 182 | sslTests(sslTests) |
235 | {} | |
183 | { | |
184 | retCode = 0; | |
185 | ||
186 | // re-parenting tests as they will belong to the main()'s thread | |
187 | for (int i = 0; i < sslTests.size(); i++) { | |
188 | sslTests.at(i)->setParent(this); | |
189 | } | |
190 | } | |
236 | 191 | |
237 | 192 | ~TestsLauncher() {} |
238 | 193 | |
239 | void launchTests() | |
240 | { | |
241 | retCode = 0; | |
242 | ||
243 | while (sslTests.size() > 0) { | |
194 | void launchNextTest() | |
195 | { | |
196 | if (sslTests.size() > 0) { | |
244 | 197 | Test *test = sslTests.takeFirst(); |
245 | 198 | launchSingleTest(test); |
246 | if (test->getResult() != 0) { | |
247 | retCode = -1; | |
248 | } | |
249 | test->deleteLater(); | |
250 | } | |
251 | ||
252 | emit autotestsFinished(); | |
199 | } else { | |
200 | emit autotestsFinished(); | |
201 | } | |
253 | 202 | } |
254 | 203 | |
255 | 204 | void launchSingleTest(Test *autotest) |
256 | 205 | { |
257 | 206 | WHITE(QString("launching autotest #%1").arg(autotest->getId())); |
207 | ||
208 | connect(autotest, &Test::autotestFinished, this, &TestsLauncher::handleAutotestFinished); | |
209 | ||
258 | 210 | autotest->startTests(); |
259 | 211 | } |
260 | 212 | |
267 | 219 | void autotestsFinished(); |
268 | 220 | |
269 | 221 | private: |
222 | void handleAutotestFinished() | |
223 | { | |
224 | Test *autotest = qobject_cast<Test *>(sender()); | |
225 | if (autotest->getResult() != 0) { | |
226 | retCode = -1; | |
227 | } | |
228 | autotest->deleteLater(); | |
229 | ||
230 | launchNextTest(); | |
231 | } | |
232 | ||
270 | 233 | QList<Test *> sslTests; |
271 | 234 | int retCode; |
272 | 235 |
61 | 61 | |
62 | 62 | void executeNextSslTest() |
63 | 63 | { |
64 | if (!socket) | |
64 | if (!socket) { | |
65 | 65 | socket = new QTcpSocket; |
66 | 66 | |
67 | connect(socket, &QTcpSocket::connected, [=]() { | |
68 | QThread::msleep(10); | |
69 | socket->disconnectFromHost(); | |
70 | if (socket->state() != QAbstractSocket::UnconnectedState) | |
71 | socket->waitForDisconnected(); | |
72 | }); | |
73 | } | |
74 | ||
67 | 75 | socket->connectToHost("localhost", 8443); |
68 | ||
69 | if (!socket->waitForConnected()) { | |
70 | setResult(-1); | |
71 | printTestFailed("can not connect to qsslcaudit"); | |
72 | } else { | |
73 | QThread::msleep(10); | |
74 | socket->disconnectFromHost(); | |
75 | if (socket->state() != QAbstractSocket::UnconnectedState) | |
76 | socket->waitForDisconnected(); | |
77 | setResult(0); | |
78 | } | |
79 | 76 | } |
80 | 77 | |
81 | 78 | void verifySslTestResult() |
115 | 112 | |
116 | 113 | void executeNextSslTest() |
117 | 114 | { |
118 | if (!socket) | |
115 | if (!socket) { | |
119 | 116 | socket = new QTcpSocket; |
120 | 117 | |
118 | connect(socket, &QTcpSocket::connected, [=]() { | |
119 | QThread::msleep(5500); | |
120 | socket->disconnectFromHost(); | |
121 | }); | |
122 | } | |
123 | ||
121 | 124 | socket->connectToHost("localhost", 8443); |
122 | ||
123 | if (!socket->waitForConnected()) { | |
124 | setResult(-1); | |
125 | printTestFailed("can not connect to qsslcaudit"); | |
126 | } else { | |
127 | QThread::msleep(5500); | |
128 | socket->disconnectFromHost(); | |
129 | setResult(0); | |
130 | } | |
131 | 125 | } |
132 | 126 | |
133 | 127 | void verifySslTestResult() |
154 | 148 | public: |
155 | 149 | Test03(int id, QString testBaseName, QList<SslTest *> sslTests) : Test(id, testBaseName, sslTests) { |
156 | 150 | socket = nullptr; |
151 | data = QByteArray("GET / HTTP/1.0\r\n\r\n"); | |
157 | 152 | } |
158 | 153 | |
159 | 154 | ~Test03() { |
167 | 162 | |
168 | 163 | void executeNextSslTest() |
169 | 164 | { |
170 | if (!socket) | |
165 | if (!socket) { | |
171 | 166 | socket = new QTcpSocket; |
172 | 167 | |
173 | data = QByteArray("GET / HTTP/1.0\r\n\r\n"); | |
168 | connect(socket, &QTcpSocket::connected, [=]() { | |
169 | socket->write(data); | |
170 | socket->flush(); | |
171 | QThread::msleep(10); | |
172 | socket->disconnectFromHost(); | |
173 | if (socket->state() != QAbstractSocket::UnconnectedState) | |
174 | socket->waitForDisconnected(); | |
175 | }); | |
176 | } | |
174 | 177 | |
175 | 178 | socket->connectToHost("localhost", 8443); |
176 | ||
177 | if (!socket->waitForConnected()) { | |
178 | setResult(-1); | |
179 | printTestFailed("can not connect to qsslcaudit"); | |
180 | } else { | |
181 | socket->write(data); | |
182 | socket->flush(); | |
183 | QThread::msleep(10); | |
184 | socket->disconnectFromHost(); | |
185 | if (socket->state() != QAbstractSocket::UnconnectedState) | |
186 | socket->waitForDisconnected(); | |
187 | setResult(0); | |
188 | } | |
189 | 179 | } |
190 | 180 | |
191 | 181 | void verifySslTestResult() |
213 | 203 | public: |
214 | 204 | Test04(int id, QString testBaseName, QList<SslTest *> sslTests) : Test(id, testBaseName, sslTests) { |
215 | 205 | socket = nullptr; |
206 | data = QByteArray("GET / HTTP/1.0\r\n\r\n"); | |
216 | 207 | } |
217 | 208 | |
218 | 209 | ~Test04() { |
226 | 217 | |
227 | 218 | void executeNextSslTest() |
228 | 219 | { |
229 | if (!socket) | |
220 | if (!socket) { | |
230 | 221 | socket = new QTcpSocket; |
231 | 222 | |
232 | data = QByteArray("GET / HTTP/1.0\r\n\r\n"); | |
223 | connect(socket, &QTcpSocket::connected, [=]() { | |
224 | socket->write(data); | |
225 | socket->flush(); | |
226 | QThread::msleep(5500); | |
227 | socket->disconnectFromHost(); | |
228 | }); | |
229 | } | |
233 | 230 | |
234 | 231 | socket->connectToHost("localhost", 8443); |
235 | ||
236 | if (!socket->waitForConnected()) { | |
237 | setResult(-1); | |
238 | printTestFailed("can not connect to qsslcaudit"); | |
239 | } else { | |
240 | socket->write(data); | |
241 | socket->flush(); | |
242 | QThread::msleep(5500); | |
243 | socket->disconnectFromHost(); | |
244 | setResult(0); | |
245 | } | |
246 | 232 | } |
247 | 233 | |
248 | 234 | void verifySslTestResult() |
270 | 256 | public: |
271 | 257 | Test05(int id, QString testBaseName, QList<SslTest *> sslTests) : Test(id, testBaseName, sslTests) { |
272 | 258 | socket = nullptr; |
259 | data = QByteArray("ABCDEF"); | |
273 | 260 | } |
274 | 261 | |
275 | 262 | ~Test05() { |
283 | 270 | |
284 | 271 | void executeNextSslTest() |
285 | 272 | { |
286 | if (!socket) | |
273 | if (!socket) { | |
287 | 274 | socket = new QTcpSocket; |
288 | 275 | |
289 | data = QByteArray("ABCDEF"); | |
276 | connect(socket, &QTcpSocket::connected, [=]() { | |
277 | socket->write(data); | |
278 | socket->flush(); | |
279 | QThread::msleep(10); | |
280 | socket->disconnectFromHost(); | |
281 | if (socket->state() != QAbstractSocket::UnconnectedState) | |
282 | socket->waitForDisconnected(); | |
283 | }); | |
284 | } | |
290 | 285 | |
291 | 286 | socket->connectToHost("localhost", 8443); |
292 | ||
293 | if (!socket->waitForConnected()) { | |
294 | setResult(-1); | |
295 | printTestFailed("can not connect to qsslcaudit"); | |
296 | } else { | |
297 | socket->write(data); | |
298 | socket->flush(); | |
299 | QThread::msleep(10); | |
300 | socket->disconnectFromHost(); | |
301 | if (socket->state() != QAbstractSocket::UnconnectedState) | |
302 | socket->waitForDisconnected(); | |
303 | setResult(0); | |
304 | } | |
305 | 287 | } |
306 | 288 | |
307 | 289 | void verifySslTestResult() |
329 | 311 | public: |
330 | 312 | Test06(int id, QString testBaseName, QList<SslTest *> sslTests) : Test(id, testBaseName, sslTests) { |
331 | 313 | socket = nullptr; |
314 | data = QByteArray("ABCDEF"); | |
332 | 315 | } |
333 | 316 | |
334 | 317 | ~Test06() { |
342 | 325 | |
343 | 326 | void executeNextSslTest() |
344 | 327 | { |
345 | if (!socket) | |
328 | if (!socket) { | |
346 | 329 | socket = new QTcpSocket; |
347 | 330 | |
348 | data = QByteArray("ABCDEF"); | |
331 | connect(socket, &QTcpSocket::connected, [=]() { | |
332 | socket->write(data); | |
333 | socket->flush(); | |
334 | QThread::msleep(5500); | |
335 | socket->disconnectFromHost(); | |
336 | }); | |
337 | } | |
349 | 338 | |
350 | 339 | socket->connectToHost("localhost", 8443); |
351 | ||
352 | if (!socket->waitForConnected()) { | |
353 | setResult(-1); | |
354 | printTestFailed("can not connect to qsslcaudit"); | |
355 | } else { | |
356 | socket->write(data); | |
357 | socket->flush(); | |
358 | QThread::msleep(5500); | |
359 | socket->disconnectFromHost(); | |
360 | setResult(0); | |
361 | } | |
362 | 340 | } |
363 | 341 | |
364 | 342 | void verifySslTestResult() |
386 | 364 | public: |
387 | 365 | Test07(int id, QString testBaseName, QList<SslTest *> sslTests) : Test(id, testBaseName, sslTests) { |
388 | 366 | socket = nullptr; |
367 | data = QByteArray("ABCDEFGHIJKLMNOP\n"); | |
389 | 368 | } |
390 | 369 | |
391 | 370 | ~Test07() { |
399 | 378 | |
400 | 379 | void executeNextSslTest() |
401 | 380 | { |
402 | if (!socket) | |
381 | if (!socket) { | |
403 | 382 | socket = new QTcpSocket; |
404 | 383 | |
405 | data = QByteArray("ABCDEFGHIJKLMNOP\n"); | |
384 | connect(socket, &QTcpSocket::connected, [=]() { | |
385 | socket->write(data); | |
386 | socket->flush(); | |
387 | QThread::msleep(10); | |
388 | socket->disconnectFromHost(); | |
389 | if (socket->state() != QAbstractSocket::UnconnectedState) | |
390 | socket->waitForDisconnected(); | |
391 | }); | |
392 | } | |
406 | 393 | |
407 | 394 | socket->connectToHost("localhost", 8443); |
408 | ||
409 | if (!socket->waitForConnected()) { | |
410 | setResult(-1); | |
411 | printTestFailed("can not connect to qsslcaudit"); | |
412 | } else { | |
413 | socket->write(data); | |
414 | socket->flush(); | |
415 | QThread::msleep(10); | |
416 | socket->disconnectFromHost(); | |
417 | if (socket->state() != QAbstractSocket::UnconnectedState) | |
418 | socket->waitForDisconnected(); | |
419 | setResult(0); | |
420 | } | |
421 | 395 | } |
422 | 396 | |
423 | 397 | void verifySslTestResult() |
445 | 419 | public: |
446 | 420 | Test08(int id, QString testBaseName, QList<SslTest *> sslTests) : Test(id, testBaseName, sslTests) { |
447 | 421 | socket = nullptr; |
422 | data = QByteArray("ABCDEFGHIJKLMNOP\n"); | |
448 | 423 | } |
449 | 424 | |
450 | 425 | ~Test08() { |
458 | 433 | |
459 | 434 | void executeNextSslTest() |
460 | 435 | { |
461 | if (!socket) | |
436 | if (!socket) { | |
462 | 437 | socket = new QTcpSocket; |
463 | 438 | |
464 | data = QByteArray("ABCDEFGHIJKLMNOP\n"); | |
439 | connect(socket, &QTcpSocket::connected, [=]() { | |
440 | socket->write(data); | |
441 | socket->flush(); | |
442 | QThread::msleep(5500); | |
443 | socket->disconnectFromHost(); | |
444 | }); | |
445 | } | |
465 | 446 | |
466 | 447 | socket->connectToHost("localhost", 8443); |
467 | ||
468 | if (!socket->waitForConnected()) { | |
469 | setResult(-1); | |
470 | printTestFailed("can not connect to qsslcaudit"); | |
471 | } else { | |
472 | socket->write(data); | |
473 | socket->flush(); | |
474 | QThread::msleep(5500); | |
475 | socket->disconnectFromHost(); | |
476 | setResult(0); | |
477 | } | |
478 | 448 | } |
479 | 449 | |
480 | 450 | void verifySslTestResult() |
516 | 486 | |
517 | 487 | void executeNextSslTest() |
518 | 488 | { |
519 | if (!socket) | |
489 | if (!socket) { | |
520 | 490 | socket = new XSslSocket; |
521 | 491 | |
522 | socket->setProtocol(XSsl::SslV3); | |
523 | socket->setPeerVerifyMode(XSslSocket::VerifyPeer); | |
492 | socket->setProtocol(XSsl::SslV3); | |
493 | socket->setPeerVerifyMode(XSslSocket::VerifyPeer); | |
494 | ||
495 | connect(socket, &XSslSocket::encrypted, [=]() { | |
496 | setResult(-1); | |
497 | printTestFailed("encrypted session was established, but should not"); | |
498 | }); | |
499 | } | |
524 | 500 | |
525 | 501 | socket->connectToHostEncrypted("localhost", 8443); |
526 | ||
527 | if (!socket->waitForEncrypted()) { | |
528 | setResult(0); | |
529 | } else { | |
530 | setResult(-1); | |
531 | printTestFailed("encrypted session was established, but should not"); | |
532 | } | |
533 | socket->disconnectFromHost(); | |
534 | 502 | } |
535 | 503 | |
536 | 504 | void verifySslTestResult() |
571 | 539 | |
572 | 540 | void executeNextSslTest() |
573 | 541 | { |
574 | if (!socket) | |
542 | if (!socket) { | |
575 | 543 | socket = new XSslSocket; |
576 | 544 | |
577 | socket->setProtocol(XSsl::SslV3); | |
578 | socket->setPeerVerifyMode(XSslSocket::VerifyNone); | |
545 | socket->setProtocol(XSsl::SslV3); | |
546 | socket->setPeerVerifyMode(XSslSocket::VerifyNone); | |
547 | ||
548 | connect(socket, &XSslSocket::encrypted, [=]() { | |
549 | QThread::msleep(5500); | |
550 | socket->disconnectFromHost(); | |
551 | }); | |
552 | } | |
579 | 553 | |
580 | 554 | socket->connectToHostEncrypted("localhost", 8443); |
581 | ||
582 | if (!socket->waitForEncrypted()) { | |
583 | setResult(-1); | |
584 | printTestFailed("can not establish encrypted connection"); | |
585 | } else { | |
586 | setResult(0); | |
587 | QThread::msleep(5500); | |
588 | socket->disconnectFromHost(); | |
589 | } | |
590 | 555 | } |
591 | 556 | |
592 | 557 | void verifySslTestResult() |
626 | 591 | |
627 | 592 | void executeNextSslTest() |
628 | 593 | { |
629 | if (!socket) | |
594 | if (!socket) { | |
630 | 595 | socket = new XSslSocket; |
631 | 596 | |
632 | socket->setProtocol(XSsl::SslV3); | |
633 | socket->setPeerVerifyMode(XSslSocket::VerifyNone); | |
597 | socket->setProtocol(XSsl::SslV3); | |
598 | socket->setPeerVerifyMode(XSslSocket::VerifyNone); | |
599 | ||
600 | connect(socket, &XSslSocket::encrypted, [=]() { | |
601 | QThread::msleep(10); | |
602 | socket->close(); | |
603 | }); | |
604 | } | |
634 | 605 | |
635 | 606 | socket->connectToHostEncrypted("localhost", 8443); |
636 | ||
637 | if (!socket->waitForEncrypted()) { | |
638 | setResult(-1); | |
639 | printTestFailed("can not establish encrypted connection"); | |
640 | } else { | |
641 | QThread::msleep(10); | |
642 | socket->close(); | |
643 | setResult(0); | |
644 | } | |
645 | 607 | } |
646 | 608 | |
647 | 609 | void verifySslTestResult() |
668 | 630 | public: |
669 | 631 | Test12(int id, QString testBaseName, QList<SslTest *> sslTests) : Test(id, testBaseName, sslTests) { |
670 | 632 | socket = nullptr; |
633 | data = QByteArray("GET / HTTP/1.0\r\n\r\n"); | |
671 | 634 | } |
672 | 635 | |
673 | 636 | ~Test12() { |
681 | 644 | |
682 | 645 | void executeNextSslTest() |
683 | 646 | { |
684 | if (!socket) | |
647 | if (!socket) { | |
685 | 648 | socket = new XSslSocket; |
686 | 649 | |
687 | data = QByteArray("GET / HTTP/1.0\r\n\r\n"); | |
688 | ||
689 | socket->setProtocol(XSsl::SslV3); | |
690 | socket->setPeerVerifyMode(XSslSocket::VerifyNone); | |
650 | socket->setProtocol(XSsl::SslV3); | |
651 | socket->setPeerVerifyMode(XSslSocket::VerifyNone); | |
652 | ||
653 | connect(socket, &XSslSocket::encrypted, [=]() { | |
654 | socket->write(data); | |
655 | socket->flush(); | |
656 | QThread::msleep(5500); | |
657 | socket->disconnectFromHost(); | |
658 | }); | |
659 | } | |
691 | 660 | |
692 | 661 | socket->connectToHostEncrypted("localhost", 8443); |
693 | ||
694 | if (!socket->waitForEncrypted()) { | |
695 | setResult(-1); | |
696 | printTestFailed("can not establish encrypted connection"); | |
697 | } else { | |
698 | socket->write(data); | |
699 | socket->flush(); | |
700 | setResult(0); | |
701 | QThread::msleep(5500); | |
702 | socket->disconnectFromHost(); | |
703 | } | |
704 | 662 | } |
705 | 663 | |
706 | 664 | void verifySslTestResult() |
728 | 686 | public: |
729 | 687 | Test13(int id, QString testBaseName, QList<SslTest *> sslTests) : Test(id, testBaseName, sslTests) { |
730 | 688 | socket = nullptr; |
689 | data = QByteArray("GET / HTTP/1.0\r\n\r\n"); | |
731 | 690 | } |
732 | 691 | |
733 | 692 | ~Test13() { |
741 | 700 | |
742 | 701 | void executeNextSslTest() |
743 | 702 | { |
744 | if (!socket) | |
703 | if (!socket) { | |
745 | 704 | socket = new XSslSocket; |
746 | 705 | |
747 | data = QByteArray("GET / HTTP/1.0\r\n\r\n"); | |
748 | ||
749 | socket->setProtocol(XSsl::SslV3); | |
750 | socket->setPeerVerifyMode(XSslSocket::VerifyNone); | |
706 | socket->setProtocol(XSsl::SslV3); | |
707 | socket->setPeerVerifyMode(XSslSocket::VerifyNone); | |
708 | ||
709 | connect(socket, &XSslSocket::encrypted, [=]() { | |
710 | socket->write(data); | |
711 | socket->flush(); | |
712 | QThread::msleep(10); | |
713 | socket->disconnectFromHost(); | |
714 | if (socket->state() != QAbstractSocket::UnconnectedState) | |
715 | socket->waitForDisconnected(); | |
716 | }); | |
717 | } | |
751 | 718 | |
752 | 719 | socket->connectToHostEncrypted("localhost", 8443); |
753 | ||
754 | if (!socket->waitForEncrypted()) { | |
755 | setResult(-1); | |
756 | printTestFailed("can not establish encrypted connection"); | |
757 | } else { | |
758 | socket->write(data); | |
759 | socket->flush(); | |
760 | QThread::msleep(10); | |
761 | socket->disconnectFromHost(); | |
762 | if (socket->state() != QAbstractSocket::UnconnectedState) | |
763 | socket->waitForDisconnected(); | |
764 | setResult(0); | |
765 | } | |
766 | 720 | } |
767 | 721 | |
768 | 722 | void verifySslTestResult() |
804 | 758 | |
805 | 759 | void executeNextSslTest() |
806 | 760 | { |
807 | if (!socket) | |
761 | if (!socket) { | |
808 | 762 | socket = new XSslSocket; |
809 | 763 | |
810 | socket->setProtocol(XSsl::TlsV1_1); | |
811 | socket->setPeerVerifyMode(XSslSocket::VerifyPeer); | |
764 | socket->setProtocol(XSsl::TlsV1_1); | |
765 | socket->setPeerVerifyMode(XSslSocket::VerifyPeer); | |
766 | ||
767 | connect(socket, &XSslSocket::encrypted, [=]() { | |
768 | printTestFailed("encrypted session was established, but should not"); | |
769 | }); | |
770 | } | |
812 | 771 | |
813 | 772 | socket->connectToHostEncrypted("localhost", 8443); |
814 | ||
815 | if (!socket->waitForEncrypted()) { | |
816 | setResult(0); | |
817 | } else { | |
818 | setResult(-1); | |
819 | printTestFailed("encrypted session was established, but should not"); | |
820 | } | |
821 | socket->disconnectFromHost(); | |
822 | 773 | } |
823 | 774 | |
824 | 775 | void verifySslTestResult() |
859 | 810 | |
860 | 811 | void executeNextSslTest() |
861 | 812 | { |
862 | if (!socket) | |
813 | if (!socket) { | |
863 | 814 | socket = new XSslSocket; |
864 | 815 | |
865 | socket->setProtocol(XSsl::TlsV1_1); | |
866 | socket->setPeerVerifyMode(XSslSocket::VerifyNone); | |
816 | socket->setProtocol(XSsl::TlsV1_1); | |
817 | socket->setPeerVerifyMode(XSslSocket::VerifyNone); | |
818 | ||
819 | connect(socket, &XSslSocket::encrypted, [=]() { | |
820 | QThread::msleep(5500); | |
821 | socket->disconnectFromHost(); | |
822 | }); | |
823 | } | |
867 | 824 | |
868 | 825 | socket->connectToHostEncrypted("localhost", 8443); |
869 | ||
870 | if (!socket->waitForEncrypted()) { | |
871 | setResult(-1); | |
872 | printTestFailed("can not establish encrypted connection"); | |
873 | } else { | |
874 | QThread::msleep(5500); | |
875 | socket->disconnectFromHost(); | |
876 | setResult(0); | |
877 | } | |
878 | 826 | } |
879 | 827 | |
880 | 828 | void verifySslTestResult() |
914 | 862 | |
915 | 863 | void executeNextSslTest() |
916 | 864 | { |
917 | if (!socket) | |
865 | if (!socket) { | |
918 | 866 | socket = new XSslSocket; |
919 | 867 | |
920 | socket->setProtocol(XSsl::TlsV1_1); | |
921 | socket->setPeerVerifyMode(XSslSocket::VerifyNone); | |
868 | socket->setProtocol(XSsl::TlsV1_1); | |
869 | socket->setPeerVerifyMode(XSslSocket::VerifyNone); | |
870 | ||
871 | connect(socket, &XSslSocket::encrypted, [=]() { | |
872 | QThread::msleep(10); | |
873 | socket->close(); | |
874 | }); | |
875 | } | |
922 | 876 | |
923 | 877 | socket->connectToHostEncrypted("localhost", 8443); |
924 | ||
925 | if (!socket->waitForEncrypted()) { | |
926 | setResult(-1); | |
927 | printTestFailed("can not establish encrypted connection"); | |
928 | } else { | |
929 | QThread::msleep(10); | |
930 | socket->close(); | |
931 | setResult(0); | |
932 | } | |
933 | 878 | } |
934 | 879 | |
935 | 880 | void verifySslTestResult() |
956 | 901 | public: |
957 | 902 | Test17(int id, QString testBaseName, QList<SslTest *> sslTests) : Test(id, testBaseName, sslTests) { |
958 | 903 | socket = nullptr; |
904 | data = QByteArray("GET / HTTP/1.0\r\n\r\n"); | |
959 | 905 | } |
960 | 906 | |
961 | 907 | ~Test17() { |
969 | 915 | |
970 | 916 | void executeNextSslTest() |
971 | 917 | { |
972 | if (!socket) | |
918 | if (!socket) { | |
973 | 919 | socket = new XSslSocket; |
974 | 920 | |
975 | data = QByteArray("GET / HTTP/1.0\r\n\r\n"); | |
976 | ||
977 | socket->setProtocol(XSsl::TlsV1_1); | |
978 | socket->setPeerVerifyMode(XSslSocket::VerifyNone); | |
921 | socket->setProtocol(XSsl::TlsV1_1); | |
922 | socket->setPeerVerifyMode(XSslSocket::VerifyNone); | |
923 | ||
924 | connect(socket, &XSslSocket::encrypted, [=]() { | |
925 | socket->write(data); | |
926 | socket->flush(); | |
927 | QThread::msleep(5500); | |
928 | socket->disconnectFromHost(); | |
929 | }); | |
930 | } | |
979 | 931 | |
980 | 932 | socket->connectToHostEncrypted("localhost", 8443); |
981 | ||
982 | if (!socket->waitForEncrypted()) { | |
983 | setResult(-1); | |
984 | printTestFailed("can not establish encrypted connection"); | |
985 | } else { | |
986 | socket->write(data); | |
987 | socket->flush(); | |
988 | QThread::msleep(5500); | |
989 | socket->disconnectFromHost(); | |
990 | setResult(0); | |
991 | } | |
992 | 933 | } |
993 | 934 | |
994 | 935 | void verifySslTestResult() |
1016 | 957 | public: |
1017 | 958 | Test18(int id, QString testBaseName, QList<SslTest *> sslTests) : Test(id, testBaseName, sslTests) { |
1018 | 959 | socket = nullptr; |
960 | data = QByteArray("GET / HTTP/1.0\r\n\r\n"); | |
1019 | 961 | } |
1020 | 962 | |
1021 | 963 | ~Test18() { |
1029 | 971 | |
1030 | 972 | void executeNextSslTest() |
1031 | 973 | { |
1032 | if (!socket) | |
974 | if (!socket) { | |
1033 | 975 | socket = new XSslSocket; |
1034 | 976 | |
1035 | data = QByteArray("GET / HTTP/1.0\r\n\r\n"); | |
1036 | ||
1037 | socket->setProtocol(XSsl::TlsV1_1); | |
1038 | socket->setPeerVerifyMode(XSslSocket::VerifyNone); | |
977 | socket->setProtocol(XSsl::TlsV1_1); | |
978 | socket->setPeerVerifyMode(XSslSocket::VerifyNone); | |
979 | ||
980 | connect(socket, &XSslSocket::encrypted, [=]() { | |
981 | socket->write(data); | |
982 | socket->flush(); | |
983 | QThread::msleep(10); | |
984 | socket->disconnectFromHost(); | |
985 | if (socket->state() != QAbstractSocket::UnconnectedState) | |
986 | socket->waitForDisconnected(); | |
987 | }); | |
988 | } | |
1039 | 989 | |
1040 | 990 | socket->connectToHostEncrypted("localhost", 8443); |
1041 | ||
1042 | if (!socket->waitForEncrypted()) { | |
1043 | setResult(-1); | |
1044 | printTestFailed("can not establish encrypted connection"); | |
1045 | } else { | |
1046 | socket->write(data); | |
1047 | socket->flush(); | |
1048 | QThread::msleep(10); | |
1049 | socket->disconnectFromHost(); | |
1050 | if (socket->state() != QAbstractSocket::UnconnectedState) | |
1051 | socket->waitForDisconnected(); | |
1052 | setResult(0); | |
1053 | } | |
1054 | 991 | } |
1055 | 992 | |
1056 | 993 | void verifySslTestResult() |
1092 | 1029 | |
1093 | 1030 | void executeNextSslTest() |
1094 | 1031 | { |
1095 | if (!socket) | |
1032 | if (!socket) { | |
1096 | 1033 | socket = new XSslSocket; |
1097 | 1034 | |
1035 | socket->setProtocol(XSsl::TlsV1_1); | |
1036 | socket->setPeerVerifyMode(XSslSocket::VerifyPeer); | |
1037 | ||
1038 | connect(socket, &XSslSocket::encrypted, [=]() { | |
1039 | printTestFailed("session was encrypted but should not"); | |
1040 | }); | |
1041 | } | |
1042 | ||
1098 | 1043 | data = QByteArray("AUTH TLS\r\n"); |
1099 | ||
1100 | socket->setProtocol(XSsl::TlsV1_1); | |
1101 | socket->setPeerVerifyMode(XSslSocket::VerifyPeer); | |
1102 | 1044 | |
1103 | 1045 | socket->connectToHost("localhost", 8443); |
1104 | 1046 | socket->waitForReadyRead(); |
1106 | 1048 | QByteArray buf; |
1107 | 1049 | buf = socket->readAll(); |
1108 | 1050 | if (buf != QByteArray("220 ready.\r\n")) { |
1109 | setResult(-1); | |
1110 | 1051 | printTestFailed("invalid STARTTLS sequence"); |
1111 | 1052 | return; |
1112 | 1053 | } |
1116 | 1057 | socket->waitForReadyRead(); |
1117 | 1058 | buf = socket->readAll(); |
1118 | 1059 | if (buf != QByteArray("234 AUTH TLS successful.\r\n")) { |
1119 | setResult(-1); | |
1120 | 1060 | printTestFailed("invalid STARTTLS sequence"); |
1121 | 1061 | return; |
1122 | 1062 | } |
1123 | 1063 | |
1124 | 1064 | socket->startClientEncryption(); |
1125 | ||
1126 | if (!socket->waitForEncrypted()) { | |
1127 | setResult(0); | |
1128 | } else { | |
1129 | setResult(-1); | |
1130 | printTestFailed("session was encrypted but should not"); | |
1131 | } | |
1132 | socket->disconnectFromHost(); | |
1133 | 1065 | } |
1134 | 1066 | |
1135 | 1067 | void verifySslTestResult() |
1172 | 1104 | |
1173 | 1105 | void executeNextSslTest() |
1174 | 1106 | { |
1175 | if (!socket) | |
1107 | if (!socket) { | |
1176 | 1108 | socket = new XSslSocket; |
1177 | 1109 | |
1110 | socket->setProtocol(XSsl::TlsV1_1); | |
1111 | socket->setPeerVerifyMode(XSslSocket::VerifyNone); | |
1112 | ||
1113 | connect(socket, &XSslSocket::encrypted, [=]() { | |
1114 | QThread::msleep(5500); | |
1115 | socket->disconnectFromHost(); | |
1116 | }); | |
1117 | } | |
1118 | ||
1178 | 1119 | data = QByteArray("AUTH TLS\r\n"); |
1179 | ||
1180 | socket->setProtocol(XSsl::TlsV1_1); | |
1181 | socket->setPeerVerifyMode(XSslSocket::VerifyNone); | |
1182 | 1120 | |
1183 | 1121 | socket->connectToHost("localhost", 8443); |
1184 | 1122 | socket->waitForReadyRead(); |
1202 | 1140 | } |
1203 | 1141 | |
1204 | 1142 | socket->startClientEncryption(); |
1205 | ||
1206 | if (!socket->waitForEncrypted()) { | |
1207 | setResult(-1); | |
1208 | printTestFailed("encrypted session not established"); | |
1209 | } else { | |
1210 | setResult(0); | |
1211 | QThread::msleep(5500); | |
1212 | socket->disconnectFromHost(); | |
1213 | } | |
1214 | 1143 | } |
1215 | 1144 | |
1216 | 1145 | void verifySslTestResult() |
1252 | 1181 | |
1253 | 1182 | void executeNextSslTest() |
1254 | 1183 | { |
1255 | if (!socket) | |
1184 | if (!socket) { | |
1256 | 1185 | socket = new XSslSocket; |
1257 | 1186 | |
1187 | socket->setProtocol(XSsl::TlsV1_1); | |
1188 | socket->setPeerVerifyMode(XSslSocket::VerifyNone); | |
1189 | ||
1190 | connect(socket, &XSslSocket::encrypted, [=]() { | |
1191 | QThread::msleep(10); | |
1192 | socket->close(); | |
1193 | }); | |
1194 | } | |
1195 | ||
1258 | 1196 | data = QByteArray("AUTH TLS\r\n"); |
1259 | ||
1260 | socket->setProtocol(XSsl::TlsV1_1); | |
1261 | socket->setPeerVerifyMode(XSslSocket::VerifyNone); | |
1262 | 1197 | |
1263 | 1198 | socket->connectToHost("localhost", 8443); |
1264 | 1199 | socket->waitForReadyRead(); |
1282 | 1217 | } |
1283 | 1218 | |
1284 | 1219 | socket->startClientEncryption(); |
1285 | ||
1286 | if (!socket->waitForEncrypted()) { | |
1287 | setResult(-1); | |
1288 | printTestFailed("encrypted session not established"); | |
1289 | } else { | |
1290 | QThread::msleep(10); | |
1291 | socket->close(); | |
1292 | setResult(0); | |
1293 | } | |
1294 | 1220 | } |
1295 | 1221 | |
1296 | 1222 | void verifySslTestResult() |
1333 | 1259 | |
1334 | 1260 | void executeNextSslTest() |
1335 | 1261 | { |
1336 | if (!socket) | |
1262 | QByteArray userData = QByteArray("CWD /root\r\n"); | |
1263 | ||
1264 | if (!socket) { | |
1337 | 1265 | socket = new XSslSocket; |
1338 | 1266 | |
1267 | socket->setProtocol(XSsl::TlsV1_1); | |
1268 | socket->setPeerVerifyMode(XSslSocket::VerifyNone); | |
1269 | ||
1270 | connect(socket, &XSslSocket::encrypted, [=]() { | |
1271 | socket->write(userData); | |
1272 | socket->flush(); | |
1273 | QThread::msleep(5500); | |
1274 | socket->disconnectFromHost(); | |
1275 | }); | |
1276 | } | |
1277 | ||
1339 | 1278 | data = QByteArray("AUTH TLS\r\n"); |
1340 | QByteArray userData = QByteArray("CWD /root\r\n"); | |
1341 | ||
1342 | socket->setProtocol(XSsl::TlsV1_1); | |
1343 | socket->setPeerVerifyMode(XSslSocket::VerifyNone); | |
1344 | 1279 | |
1345 | 1280 | socket->connectToHost("localhost", 8443); |
1346 | 1281 | socket->waitForReadyRead(); |
1364 | 1299 | } |
1365 | 1300 | |
1366 | 1301 | socket->startClientEncryption(); |
1367 | ||
1368 | if (!socket->waitForEncrypted()) { | |
1369 | setResult(-1); | |
1370 | printTestFailed("encrypted session not established"); | |
1371 | } else { | |
1372 | socket->write(userData); | |
1373 | socket->flush(); | |
1374 | QThread::msleep(5500); | |
1375 | socket->disconnectFromHost(); | |
1376 | setResult(0); | |
1377 | } | |
1378 | 1302 | } |
1379 | 1303 | |
1380 | 1304 | void verifySslTestResult() |
1416 | 1340 | |
1417 | 1341 | void executeNextSslTest() |
1418 | 1342 | { |
1419 | if (!socket) | |
1343 | QByteArray userData = QByteArray("CWD /root\r\n"); | |
1344 | ||
1345 | if (!socket) { | |
1420 | 1346 | socket = new XSslSocket; |
1421 | 1347 | |
1348 | socket->setProtocol(XSsl::TlsV1_1); | |
1349 | socket->setPeerVerifyMode(XSslSocket::VerifyNone); | |
1350 | ||
1351 | connect(socket, &XSslSocket::encrypted, [=]() { | |
1352 | socket->write(userData); | |
1353 | socket->flush(); | |
1354 | QThread::msleep(10); | |
1355 | socket->disconnectFromHost(); | |
1356 | if (socket->state() != QAbstractSocket::UnconnectedState) | |
1357 | socket->waitForDisconnected(); | |
1358 | }); | |
1359 | } | |
1360 | ||
1422 | 1361 | data = QByteArray("AUTH TLS\r\n"); |
1423 | QByteArray userData = QByteArray("CWD /root\r\n"); | |
1424 | ||
1425 | socket->setProtocol(XSsl::TlsV1_1); | |
1426 | socket->setPeerVerifyMode(XSslSocket::VerifyNone); | |
1427 | 1362 | |
1428 | 1363 | socket->connectToHost("localhost", 8443); |
1429 | 1364 | socket->waitForReadyRead(); |
1447 | 1382 | } |
1448 | 1383 | |
1449 | 1384 | socket->startClientEncryption(); |
1450 | ||
1451 | if (!socket->waitForEncrypted()) { | |
1452 | setResult(-1); | |
1453 | printTestFailed("encrypted session not established"); | |
1454 | } else { | |
1455 | socket->write(userData); | |
1456 | socket->flush(); | |
1457 | QThread::msleep(10); | |
1458 | socket->disconnectFromHost(); | |
1459 | if (socket->state() != QAbstractSocket::UnconnectedState) | |
1460 | socket->waitForDisconnected(); | |
1461 | setResult(0); | |
1462 | } | |
1463 | 1385 | } |
1464 | 1386 | |
1465 | 1387 | void verifySslTestResult() |
1500 | 1422 | |
1501 | 1423 | void executeNextSslTest() |
1502 | 1424 | { |
1503 | if (!socket) | |
1425 | if (!socket) { | |
1504 | 1426 | socket = new QTcpSocket; |
1427 | ||
1428 | connect(socket, &QTcpSocket::connected, [=]() { | |
1429 | socket->write(data); | |
1430 | socket->flush(); | |
1431 | QThread::msleep(5500); | |
1432 | socket->disconnectFromHost(); | |
1433 | }); | |
1434 | } | |
1505 | 1435 | |
1506 | 1436 | data = QByteArray(QByteArray::fromRawData("\x16\x03\x00\x00\x95\x01\x00\x00\x91\x03\x00\xf5\xe7\xaf\xcc\x96" \ |
1507 | 1437 | "\x2b\x74\x42\x2f\x75\x12\x4f\xb3\x6c\x69\xae\x8c\x54\xfa\xc3\x19" \ |
1515 | 1445 | "\x00\x05\x00\x04\x00\x8a\x00\xff\x01\x00", 154)); |
1516 | 1446 | |
1517 | 1447 | socket->connectToHost("localhost", 8443); |
1518 | if (!socket->waitForConnected()) { | |
1519 | setResult(-1); | |
1520 | printTestFailed("can't connect to qsslcaudit"); | |
1521 | } else { | |
1522 | socket->write(data); | |
1523 | socket->flush(); | |
1524 | setResult(0); | |
1525 | QThread::msleep(5500); | |
1526 | socket->disconnectFromHost(); | |
1527 | } | |
1528 | 1448 | } |
1529 | 1449 | |
1530 | 1450 | void verifySslTestResult() |
1565 | 1485 | |
1566 | 1486 | void executeNextSslTest() |
1567 | 1487 | { |
1568 | if (!socket) | |
1488 | if (!socket) { | |
1569 | 1489 | socket = new QTcpSocket; |
1490 | ||
1491 | connect(socket, &QTcpSocket::connected, [=]() { | |
1492 | socket->write(data); | |
1493 | socket->flush(); | |
1494 | QThread::msleep(500); | |
1495 | socket->disconnectFromHost(); | |
1496 | }); | |
1497 | } | |
1570 | 1498 | |
1571 | 1499 | data = QByteArray(QByteArray::fromRawData("\x16\x03\x00\x00\x95\x01\x00\x00\x91\x03\x00\xf5\xe7\xaf\xcc\x96" \ |
1572 | 1500 | "\x2b\x74\x42\x2f\x75\x12\x4f\xb3\x6c\x69\xae\x8c\x54\xfa\xc3\x19" \ |
1580 | 1508 | "\x00\x05\x00\x04\x00\x8a\x00\xff\x01\x00", 154)); |
1581 | 1509 | |
1582 | 1510 | socket->connectToHost("localhost", 8443); |
1583 | if (!socket->waitForConnected()) { | |
1584 | setResult(-1); | |
1585 | printTestFailed("can't connect to qsslcaudit"); | |
1586 | } else { | |
1587 | socket->write(data); | |
1588 | socket->flush(); | |
1589 | QThread::msleep(500); | |
1590 | socket->disconnectFromHost(); | |
1591 | setResult(0); | |
1592 | } | |
1593 | 1511 | } |
1594 | 1512 | |
1595 | 1513 | void verifySslTestResult() |
1638 | 1556 | |
1639 | 1557 | void executeNextSslTest() |
1640 | 1558 | { |
1641 | if (!socket) | |
1559 | if (!socket) { | |
1642 | 1560 | socket = new QTcpSocket; |
1561 | ||
1562 | connect(socket, &QTcpSocket::connected, [=]() { | |
1563 | socket->write(data); | |
1564 | socket->flush(); | |
1565 | QThread::msleep(5500); | |
1566 | socket->disconnectFromHost(); | |
1567 | }); | |
1568 | } | |
1643 | 1569 | |
1644 | 1570 | data = QByteArray(QByteArray::fromRawData("\x16\x03\x00\x00\x95\x01\x00\x00\x91\x03\x00\xf5\xe7\xaf\xcc\x96" \ |
1645 | 1571 | "\x2b\x74\x42\x2f\x75\x12\x4f\xb3\x6c\x69\xae\x8c\x54\xfa\xc3\x19" \ |
1653 | 1579 | "\x00\x05\x00\x04\x00\x8a\x00\xff\x01\x00", 100)); |
1654 | 1580 | |
1655 | 1581 | socket->connectToHost("localhost", 8443); |
1656 | if (!socket->waitForConnected()) { | |
1657 | setResult(-1); | |
1658 | printTestFailed("can't connect to qsslcaudit"); | |
1659 | } else { | |
1660 | socket->write(data); | |
1661 | socket->flush(); | |
1662 | setResult(0); | |
1663 | QThread::msleep(5500); | |
1664 | socket->disconnectFromHost(); | |
1665 | } | |
1666 | 1582 | } |
1667 | 1583 | |
1668 | 1584 | void verifySslTestResult() |
1703 | 1619 | |
1704 | 1620 | void executeNextSslTest() |
1705 | 1621 | { |
1706 | if (!socket) | |
1622 | if (!socket) { | |
1707 | 1623 | socket = new QTcpSocket; |
1624 | ||
1625 | connect(socket, &QTcpSocket::connected, [=]() { | |
1626 | socket->write(data); | |
1627 | socket->flush(); | |
1628 | QThread::msleep(500); | |
1629 | socket->disconnectFromHost(); | |
1630 | }); | |
1631 | } | |
1708 | 1632 | |
1709 | 1633 | data = QByteArray(QByteArray::fromRawData("\x16\x03\x00\x00\x95\x01\x00\x00\x91\x03\x00\xf5\xe7\xaf\xcc\x96" \ |
1710 | 1634 | "\x2b\x74\x42\x2f\x75\x12\x4f\xb3\x6c\x69\xae\x8c\x54\xfa\xc3\x19" \ |
1718 | 1642 | "\x00\x05\x00\x04\x00\x8a\x00\xff\x01\x00", 100)); |
1719 | 1643 | |
1720 | 1644 | socket->connectToHost("localhost", 8443); |
1721 | if (!socket->waitForConnected()) { | |
1722 | setResult(-1); | |
1723 | printTestFailed("can't connect to qsslcaudit"); | |
1724 | } else { | |
1725 | socket->write(data); | |
1726 | socket->flush(); | |
1727 | QThread::msleep(500); | |
1728 | socket->disconnectFromHost(); | |
1729 | setResult(0); | |
1730 | } | |
1731 | 1645 | } |
1732 | 1646 | |
1733 | 1647 | void verifySslTestResult() |
1788 | 1702 | int main(int argc, char *argv[]) |
1789 | 1703 | { |
1790 | 1704 | QCoreApplication a(argc, argv); |
1791 | QThread thread; | |
1792 | 1705 | TestsLauncher *testsLauncher; |
1793 | 1706 | |
1794 | 1707 | testsLauncher = new TestsLauncher(createAutotests()); |
1795 | testsLauncher->moveToThread(&thread); | |
1796 | QObject::connect(&thread, &QThread::finished, testsLauncher, &QObject::deleteLater); | |
1797 | QObject::connect(&thread, &QThread::started, testsLauncher, &TestsLauncher::launchTests); | |
1708 | ||
1798 | 1709 | QObject::connect(testsLauncher, &TestsLauncher::autotestsFinished, [=](){ |
1799 | 1710 | qApp->exit(testsLauncher->testsResult()); |
1800 | 1711 | }); |
1801 | 1712 | |
1802 | thread.start(); | |
1803 | ||
1804 | int ret = a.exec(); | |
1805 | ||
1806 | thread.quit(); | |
1807 | thread.wait(); | |
1808 | ||
1809 | return ret; | |
1713 | testsLauncher->launchNextTest(); | |
1714 | ||
1715 | return a.exec(); | |
1810 | 1716 | } |
1811 | 1717 | |
1812 | 1718 | #include "tests_DifferentClientTypes.moc" |
0 | 0 | #include "test.h" |
1 | 1 | #include "ssltests.h" |
2 | 2 | #include "ciphers.h" |
3 | #include "clientinfo.h" | |
3 | 4 | |
4 | 5 | #include <QCoreApplication> |
5 | 6 | |
43 | 44 | |
44 | 45 | void executeNextSslTest() |
45 | 46 | { |
46 | if (!socket) | |
47 | if (!socket) { | |
47 | 48 | socket = new QTcpSocket; |
48 | 49 | |
50 | connect(socket, &QTcpSocket::connected, [=]() { | |
51 | QThread::msleep(10); | |
52 | socket->disconnectFromHost(); | |
53 | if (socket->state() != QAbstractSocket::UnconnectedState) | |
54 | socket->waitForDisconnected(); | |
55 | }); | |
56 | } | |
57 | ||
49 | 58 | socket->connectToHost("localhost", 8443); |
50 | ||
51 | if (!socket->waitForConnected()) { | |
52 | setResult(-1); | |
53 | printTestFailed("can not establish connection"); | |
54 | } else { | |
55 | QThread::msleep(10); | |
56 | socket->disconnectFromHost(); | |
57 | if (socket->state() != QAbstractSocket::UnconnectedState) | |
58 | socket->waitForDisconnected(); | |
59 | setResult(0); | |
60 | } | |
61 | 59 | } |
62 | 60 | |
63 | 61 | void verifySslTestResult() |
93 | 91 | public: |
94 | 92 | Test02(int id, QString testBaseName, QList<SslTest *> sslTests) : Test(id, testBaseName, sslTests) { |
95 | 93 | socket = nullptr; |
94 | data = QByteArray("ABCDEF"); | |
96 | 95 | } |
97 | 96 | |
98 | 97 | ~Test02() { |
106 | 105 | |
107 | 106 | void executeNextSslTest() |
108 | 107 | { |
109 | if (!socket) | |
108 | if (!socket) { | |
110 | 109 | socket = new QTcpSocket; |
111 | 110 | |
112 | data = QByteArray("ABCDEF"); | |
111 | connect(socket, &QTcpSocket::connected, [=]() { | |
112 | socket->write(data); | |
113 | socket->flush(); | |
114 | QThread::msleep(10); | |
115 | socket->disconnectFromHost(); | |
116 | if (socket->state() != QAbstractSocket::UnconnectedState) | |
117 | socket->waitForDisconnected(); | |
118 | }); | |
119 | } | |
113 | 120 | |
114 | 121 | socket->connectToHost("localhost", 8443); |
115 | ||
116 | if (!socket->waitForConnected()) { | |
117 | setResult(-1); | |
118 | printTestFailed("can not establish connection"); | |
119 | } else { | |
120 | socket->write(data); | |
121 | socket->flush(); | |
122 | QThread::msleep(10); | |
123 | socket->disconnectFromHost(); | |
124 | if (socket->state() != QAbstractSocket::UnconnectedState) | |
125 | socket->waitForDisconnected(); | |
126 | setResult(0); | |
127 | } | |
128 | 122 | } |
129 | 123 | |
130 | 124 | void verifySslTestResult() |
174 | 168 | |
175 | 169 | void executeNextSslTest() |
176 | 170 | { |
177 | if (!socket) | |
171 | data = QString("ABCDEF%1").arg(currentSslTestNum()).toLocal8Bit(); | |
172 | ||
173 | if (!socket) { | |
178 | 174 | socket = new QTcpSocket; |
179 | 175 | |
180 | data = QString("ABCDEF%1").arg(currentSslTestNum()).toLocal8Bit(); | |
176 | connect(socket, &QTcpSocket::connected, [=]() { | |
177 | socket->write(data); | |
178 | socket->flush(); | |
179 | QThread::msleep(10); | |
180 | socket->disconnectFromHost(); | |
181 | if (socket->state() != QAbstractSocket::UnconnectedState) | |
182 | socket->waitForDisconnected(); | |
183 | }); | |
184 | } | |
181 | 185 | |
182 | 186 | socket->connectToHost("localhost", 8443); |
183 | ||
184 | if (!socket->waitForConnected()) { | |
185 | setResult(-1); | |
186 | printTestFailed("can not establish connection"); | |
187 | } else { | |
188 | socket->write(data); | |
189 | socket->flush(); | |
190 | QThread::msleep(10); | |
191 | socket->disconnectFromHost(); | |
192 | if (socket->state() != QAbstractSocket::UnconnectedState) | |
193 | socket->waitForDisconnected(); | |
194 | setResult(0); | |
195 | } | |
196 | 187 | } |
197 | 188 | |
198 | 189 | void verifySslTestResult() |
242 | 233 | |
243 | 234 | void executeNextSslTest() |
244 | 235 | { |
245 | if (!socket) | |
236 | if (!socket) { | |
246 | 237 | socket = new XSslSocket; |
247 | 238 | |
248 | socket->setProtocol(XSsl::TlsV1_1); | |
249 | socket->setPeerVerifyMode(XSslSocket::VerifyPeer); | |
239 | socket->setProtocol(XSsl::TlsV1_1); | |
240 | socket->setPeerVerifyMode(XSslSocket::VerifyPeer); | |
241 | ||
242 | connect(socket, &XSslSocket::encrypted, [=]() { | |
243 | printTestFailed("encrypted session was established, but should not"); | |
244 | }); | |
245 | } | |
250 | 246 | |
251 | 247 | socket->connectToHostEncrypted("localhost", 8443); |
252 | ||
253 | if (!socket->waitForEncrypted()) { | |
254 | setResult(0); | |
255 | } else { | |
256 | setResult(-1); | |
257 | printTestFailed("encrypted session was established, but should not"); | |
258 | } | |
259 | socket->disconnectFromHost(); | |
260 | 248 | } |
261 | 249 | |
262 | 250 | void verifySslTestResult() |
305 | 293 | |
306 | 294 | void executeNextSslTest() |
307 | 295 | { |
308 | if (!socket) | |
296 | if (!socket) { | |
309 | 297 | socket = new XSslSocket; |
298 | ||
299 | connect(socket, &XSslSocket::encrypted, [=]() { | |
300 | printTestFailed("encrypted session was established, but should not"); | |
301 | }); | |
302 | } | |
310 | 303 | |
311 | 304 | if (currentSslTestNum() == 0) { |
312 | 305 | socket->setProtocol(XSsl::TlsV1_1); |
316 | 309 | socket->setPeerVerifyMode(XSslSocket::VerifyPeer); |
317 | 310 | |
318 | 311 | socket->connectToHostEncrypted("localhost", 8443); |
319 | ||
320 | if (!socket->waitForEncrypted()) { | |
321 | setResult(0); | |
322 | } else { | |
323 | setResult(-1); | |
324 | printTestFailed("encrypted session was established, but should not"); | |
325 | } | |
326 | socket->disconnectFromHost(); | |
327 | 312 | } |
328 | 313 | |
329 | 314 | void verifySslTestResult() |
372 | 357 | |
373 | 358 | void executeNextSslTest() |
374 | 359 | { |
375 | if (!socket) | |
360 | if (!socket) { | |
376 | 361 | socket = new XSslSocket; |
362 | ||
363 | connect(socket, &XSslSocket::encrypted, [=]() { | |
364 | printTestFailed("encrypted session was established, but should not"); | |
365 | }); | |
366 | } | |
377 | 367 | |
378 | 368 | socket->setProtocol(XSsl::TlsV1_2); |
379 | 369 | if (currentSslTestNum() == 1) { |
397 | 387 | socket->setPeerVerifyMode(XSslSocket::VerifyPeer); |
398 | 388 | |
399 | 389 | socket->connectToHostEncrypted("localhost", 8443); |
400 | ||
401 | if (!socket->waitForEncrypted()) { | |
402 | setResult(0); | |
403 | } else { | |
404 | setResult(-1); | |
405 | printTestFailed("encrypted session was established, but should not"); | |
406 | } | |
407 | socket->disconnectFromHost(); | |
408 | 390 | } |
409 | 391 | |
410 | 392 | void verifySslTestResult() |
453 | 435 | |
454 | 436 | void executeNextSslTest() |
455 | 437 | { |
456 | if (!socket) | |
438 | if (!socket) { | |
457 | 439 | socket = new XSslSocket; |
440 | ||
441 | connect(socket, &XSslSocket::encrypted, [=]() { | |
442 | socket->write(data); | |
443 | socket->flush(); | |
444 | }); | |
445 | } | |
458 | 446 | |
459 | 447 | data = QString("ABCDEF%1").arg(currentSslTestNum()).toLocal8Bit(); |
460 | 448 | |
462 | 450 | socket->setPeerVerifyMode(XSslSocket::VerifyNone); |
463 | 451 | |
464 | 452 | socket->connectToHostEncrypted("localhost", 8443); |
465 | ||
466 | if (!socket->waitForEncrypted()) { | |
467 | setResult(-1); | |
468 | printTestFailed("can not establish encrypted connection"); | |
469 | } else { | |
470 | setResult(0); | |
471 | socket->write(data); | |
472 | socket->flush(); | |
473 | } | |
474 | socket->disconnectFromHost(); | |
475 | 453 | } |
476 | 454 | |
477 | 455 | void verifySslTestResult() |
479 | 457 | setResult(-1); |
480 | 458 | |
481 | 459 | if ((currentSslTest()->result() == SslTestResult::DataIntercepted) |
482 | && (currentClient().interceptedData() == data)) { | |
460 | && (currentClient()->interceptedData() == data)) { | |
483 | 461 | if (currentSslTestNum() == 1) { |
484 | 462 | if (!isSameClient(false)) { |
485 | 463 | setResult(-1); |
522 | 500 | |
523 | 501 | void executeNextSslTest() |
524 | 502 | { |
525 | if (!socket) | |
503 | if (!socket) { | |
526 | 504 | socket = new XSslSocket; |
505 | ||
506 | connect(socket, &XSslSocket::encrypted, [=]() { | |
507 | socket->write(data); | |
508 | socket->flush(); | |
509 | }); | |
510 | } | |
527 | 511 | |
528 | 512 | data = QByteArray("ABCDEF"); |
529 | 513 | |
535 | 519 | socket->setPeerVerifyMode(XSslSocket::VerifyNone); |
536 | 520 | |
537 | 521 | socket->connectToHostEncrypted("localhost", 8443); |
538 | ||
539 | if (!socket->waitForEncrypted()) { | |
540 | setResult(-1); | |
541 | printTestFailed("can not establish encrypted connection"); | |
542 | } else { | |
543 | setResult(0); | |
544 | socket->write(data); | |
545 | socket->flush(); | |
546 | } | |
547 | socket->disconnectFromHost(); | |
548 | 522 | } |
549 | 523 | |
550 | 524 | void verifySslTestResult() |
552 | 526 | setResult(-1); |
553 | 527 | |
554 | 528 | if ((currentSslTest()->result() == SslTestResult::DataIntercepted) |
555 | && (currentClient().interceptedData() == data)) { | |
529 | && (currentClient()->interceptedData() == data)) { | |
556 | 530 | if (currentSslTestNum() == 1) { |
557 | 531 | if (isSameClient(false)) { |
558 | 532 | setResult(-1); |
592 | 566 | int main(int argc, char *argv[]) |
593 | 567 | { |
594 | 568 | QCoreApplication a(argc, argv); |
595 | QThread thread; | |
596 | 569 | TestsLauncher *testsLauncher; |
597 | 570 | |
598 | 571 | testsLauncher = new TestsLauncher(createAutotests()); |
599 | testsLauncher->moveToThread(&thread); | |
600 | QObject::connect(&thread, &QThread::finished, testsLauncher, &QObject::deleteLater); | |
601 | QObject::connect(&thread, &QThread::started, testsLauncher, &TestsLauncher::launchTests); | |
572 | ||
602 | 573 | QObject::connect(testsLauncher, &TestsLauncher::autotestsFinished, [=](){ |
603 | 574 | qApp->exit(testsLauncher->testsResult()); |
604 | 575 | }); |
605 | 576 | |
606 | thread.start(); | |
607 | ||
608 | int ret = a.exec(); | |
609 | ||
610 | thread.quit(); | |
611 | thread.wait(); | |
612 | ||
613 | return ret; | |
577 | testsLauncher->launchNextTest(); | |
578 | ||
579 | return a.exec(); | |
614 | 580 | } |
615 | 581 | |
616 | 582 |
0 | #include "test.h" | |
1 | #include "ssltests.h" | |
2 | #include "ciphers.h" | |
3 | #include "clientinfo.h" | |
4 | ||
5 | #include <QCoreApplication> | |
6 | ||
7 | #ifdef UNSAFE_QSSL | |
8 | #include "sslunsafesocket.h" | |
9 | #else | |
10 | #include <QSslSocket> | |
11 | #endif | |
12 | ||
13 | // This verifies how sslcaudit handles requests sent repeatedly | |
14 | ||
15 | ||
16 | // do not verify peer certificate, use TLSv1.1 and stronger protocols | |
17 | // check for proper test result code each time | |
18 | class Test01 : public Test | |
19 | { | |
20 | Q_OBJECT | |
21 | public: | |
22 | Test01(int id, QString testBaseName, QList<SslTest *> sslTests) : | |
23 | Test(id, testBaseName, sslTests) { | |
24 | socket = nullptr; | |
25 | times = sslTests.size(); | |
26 | currentAttempt = 1; | |
27 | data = QByteArray("GET / HTTP/1.0\r\n\r\n"); | |
28 | } | |
29 | ||
30 | ~Test01() { | |
31 | delete socket; | |
32 | } | |
33 | ||
34 | void setTestsSettings() | |
35 | { | |
36 | testSettings.setUserCN("www.example.com"); | |
37 | } | |
38 | ||
39 | void executeNextSslTest() | |
40 | { | |
41 | if (!socket) { | |
42 | socket = new XSslSocket; | |
43 | ||
44 | socket->setPeerVerifyMode(XSslSocket::VerifyNone); | |
45 | socket->setProtocol(XSsl::TlsV1_1OrLater); | |
46 | ||
47 | connect(socket, &XSslSocket::encrypted, [=]() { | |
48 | socket->write(data); | |
49 | socket->flush(); | |
50 | }); | |
51 | ||
52 | connect(socket, QOverload<const QList<XSslError> &>::of(&XSslSocket::sslErrors), [=](const QList<XSslError> &errors) { | |
53 | socket->ignoreSslErrors(); | |
54 | }); | |
55 | } | |
56 | ||
57 | socket->connectToHostEncrypted("localhost", 8443); | |
58 | } | |
59 | ||
60 | void verifySslTestResult() | |
61 | { | |
62 | // we can't use currentSslTest as it becomes broken due to manual relaunch of SslCAudit | |
63 | if ((allSslTests().first()->result() == SslTestResult::DataIntercepted) | |
64 | && (getClient(0)->interceptedData() == data)) { | |
65 | ; | |
66 | } else { | |
67 | socket->close(); | |
68 | setResult(-1); | |
69 | printTestFailed(QString("unexpected test result (%1), attempt %2") | |
70 | .arg(sslTestResultToString(allSslTests().first()->result())) | |
71 | .arg(currentAttempt)); | |
72 | } | |
73 | ||
74 | socket->close(); | |
75 | if (socket->state() != QAbstractSocket::UnconnectedState) | |
76 | socket->waitForDisconnected(); | |
77 | ||
78 | if (currentAttempt++ >= times) { | |
79 | setResult(0); | |
80 | printTestSucceeded(); | |
81 | } | |
82 | } | |
83 | ||
84 | private: | |
85 | XSslSocket *socket; | |
86 | QByteArray data; | |
87 | int times; | |
88 | int currentAttempt; | |
89 | ||
90 | }; | |
91 | ||
92 | // do verify peer certificate, use TLSv1.1 and stronger protocols | |
93 | // check for proper test result code each time | |
94 | class Test02 : public Test | |
95 | { | |
96 | Q_OBJECT | |
97 | public: | |
98 | Test02(int id, QString testBaseName, QList<SslTest *> sslTests) : | |
99 | Test(id, testBaseName, sslTests) { | |
100 | socket = nullptr; | |
101 | currentAttempt = 1; | |
102 | times = sslTests.size(); | |
103 | } | |
104 | ||
105 | ~Test02() { | |
106 | delete socket; | |
107 | } | |
108 | ||
109 | void setTestsSettings() | |
110 | { | |
111 | testSettings.setUserCN("www.example.com"); | |
112 | } | |
113 | ||
114 | void executeNextSslTest() | |
115 | { | |
116 | if (!socket) | |
117 | socket = new XSslSocket; | |
118 | ||
119 | socket->setPeerVerifyMode(XSslSocket::VerifyPeer); | |
120 | socket->setProtocol(XSsl::TlsV1_1OrLater); | |
121 | ||
122 | connect(socket, &XSslSocket::encrypted, [=]() { | |
123 | setResult(-1); | |
124 | printTestFailed(QString("encrypted connection established but should not, attempt %1").arg(currentAttempt)); | |
125 | }); | |
126 | ||
127 | socket->connectToHostEncrypted("localhost", 8443); | |
128 | } | |
129 | ||
130 | void verifySslTestResult() | |
131 | { | |
132 | // we can't use currentSslTest as it becomes broken due to manual relaunch of SslCAudit | |
133 | if ((allSslTests().first()->result() == SslTestResult::Undefined) | |
134 | && (QString::compare(socket->errorString(), | |
135 | "The host name did not match any of the valid hosts for this certificate") == 0)) { | |
136 | ; | |
137 | } else { | |
138 | socket->close(); | |
139 | setResult(-1); | |
140 | printTestFailed(QString("unexpected test result (%1), attempt %2") | |
141 | .arg(sslTestResultToString(allSslTests().first()->result())) | |
142 | .arg(currentAttempt)); | |
143 | } | |
144 | ||
145 | socket->close(); | |
146 | if (socket->state() != QAbstractSocket::UnconnectedState) | |
147 | socket->waitForDisconnected(); | |
148 | ||
149 | if (currentAttempt++ >= times) { | |
150 | setResult(0); | |
151 | printTestSucceeded(); | |
152 | } | |
153 | } | |
154 | ||
155 | private: | |
156 | XSslSocket *socket; | |
157 | int times; | |
158 | int currentAttempt; | |
159 | ||
160 | }; | |
161 | ||
162 | ||
163 | QList<Test *> createAutotests(int times) | |
164 | { | |
165 | QList<SslTest *> sslTests; | |
166 | for (int i = 0; i < times; i++) { | |
167 | sslTests << new SslTestCertSS1; | |
168 | } | |
169 | return QList<Test *>() | |
170 | << new Test01(1, "MultipleTests", sslTests) | |
171 | << new Test02(2, "MultipleTests", sslTests) | |
172 | ; | |
173 | } | |
174 | ||
175 | int main(int argc, char *argv[]) | |
176 | { | |
177 | QCoreApplication a(argc, argv); | |
178 | TestsLauncher *testsLauncher; | |
179 | ||
180 | int times = 20; | |
181 | bool ok; | |
182 | ||
183 | if (argc == 2) { | |
184 | times = QString(argv[1]).toInt(&ok); | |
185 | if (!ok) | |
186 | times = 20; | |
187 | } | |
188 | ||
189 | testsLauncher = new TestsLauncher(createAutotests(times)); | |
190 | ||
191 | QObject::connect(testsLauncher, &TestsLauncher::autotestsFinished, [=](){ | |
192 | qApp->exit(testsLauncher->testsResult()); | |
193 | }); | |
194 | ||
195 | testsLauncher->launchNextTest(); | |
196 | ||
197 | return a.exec(); | |
198 | } | |
199 | ||
200 | #include "tests_MultipleTests.moc" |
0 | #include "test.h" | |
1 | #include "ssltests.h" | |
2 | #include "ciphers.h" | |
3 | ||
4 | #include <QCoreApplication> | |
5 | ||
6 | #ifdef UNSAFE_QSSL | |
7 | #include "sslunsafesocket.h" | |
8 | #else | |
9 | #include <QSslSocket> | |
10 | #endif | |
11 | ||
12 | // This verifies how sslcaudit handles requests sent repeatedly | |
13 | ||
14 | ||
15 | // do not verify peer certificate, use TLSv1.1 and stronger protocols | |
16 | // check for proper test result code each time | |
17 | class Test01 : public Test | |
18 | { | |
19 | Q_OBJECT | |
20 | public: | |
21 | Test01(int times, int id, QString testBaseName, QList<SslTest *> sslTests) : | |
22 | Test(id, testBaseName, sslTests), times(times) { | |
23 | socket = nullptr; | |
24 | currentAttempt = 1; | |
25 | isRunning = true; | |
26 | data = QByteArray("GET / HTTP/1.0\r\n\r\n"); | |
27 | } | |
28 | ||
29 | ~Test01() { | |
30 | delete socket; | |
31 | } | |
32 | ||
33 | void setTestsSettings() | |
34 | { | |
35 | testSettings.setUserCN("www.example.com"); | |
36 | } | |
37 | ||
38 | void startTests() { | |
39 | prepareTests(); | |
40 | launchSslCAudit(); | |
41 | ||
42 | int count = 0; | |
43 | // we have to wait more than the test will be executed | |
44 | int to = 2 * times * 100; | |
45 | while (isRunning && ++count < to/100) | |
46 | QThread::msleep(100); | |
47 | ||
48 | if (isRunning) { | |
49 | setResult(-1); | |
50 | printTestFailed(QString("tests are not finished in time, attempt %1").arg(currentAttempt)); | |
51 | } | |
52 | } | |
53 | ||
54 | void executeNextSslTest() | |
55 | { | |
56 | if (!socket) | |
57 | socket = new XSslSocket; | |
58 | ||
59 | socket->setPeerVerifyMode(XSslSocket::VerifyNone); | |
60 | socket->setProtocol(XSsl::TlsV1_1OrLater); | |
61 | ||
62 | setResult(0); | |
63 | ||
64 | socket->connectToHostEncrypted("localhost", 8443); | |
65 | ||
66 | if (!socket->waitForEncrypted()) { | |
67 | setResult(-1); | |
68 | printTestFailed(QString("can not establish encrypted connection, attempt %1").arg(currentAttempt)); | |
69 | isRunning = false; | |
70 | } else { | |
71 | socket->write(data); | |
72 | socket->flush(); | |
73 | setResult(0); | |
74 | } | |
75 | } | |
76 | ||
77 | void verifySslTestResult() | |
78 | { | |
79 | // we can't use currentSslTest as it becomes broken due to manual relaunch of SslCAudit | |
80 | if ((allSslTests().first()->result() == SslTestResult::DataIntercepted) | |
81 | && (getClient(0).interceptedData() == data)) { | |
82 | ; | |
83 | } else { | |
84 | socket->close(); | |
85 | setResult(-1); | |
86 | printTestFailed(QString("unexpected test result (%1), attempt %2") | |
87 | .arg(sslTestResultToString(allSslTests().first()->result())) | |
88 | .arg(currentAttempt)); | |
89 | isRunning = false; | |
90 | } | |
91 | ||
92 | socket->close(); | |
93 | if (socket->state() != QAbstractSocket::UnconnectedState) | |
94 | socket->waitForDisconnected(); | |
95 | ||
96 | if (currentAttempt++ >= times) { | |
97 | setResult(0); | |
98 | printTestSucceeded(); | |
99 | isRunning = false; | |
100 | } else { | |
101 | launchSslCAudit(); | |
102 | } | |
103 | } | |
104 | ||
105 | private: | |
106 | XSslSocket *socket; | |
107 | QByteArray data; | |
108 | int times; | |
109 | int currentAttempt; | |
110 | bool isRunning; | |
111 | ||
112 | }; | |
113 | ||
114 | // do verify peer certificate, use TLSv1.1 and stronger protocols | |
115 | // check for proper test result code each time | |
116 | class Test02 : public Test | |
117 | { | |
118 | Q_OBJECT | |
119 | public: | |
120 | Test02(int times, int id, QString testBaseName, QList<SslTest *> sslTests) : | |
121 | Test(id, testBaseName, sslTests), times(times) { | |
122 | socket = nullptr; | |
123 | currentAttempt = 1; | |
124 | isRunning = true; | |
125 | } | |
126 | ||
127 | ~Test02() { | |
128 | delete socket; | |
129 | } | |
130 | ||
131 | void setTestsSettings() | |
132 | { | |
133 | testSettings.setUserCN("www.example.com"); | |
134 | } | |
135 | ||
136 | void startTests() { | |
137 | prepareTests(); | |
138 | launchSslCAudit(); | |
139 | ||
140 | int count = 0; | |
141 | // we have to wait more than the test will be executed | |
142 | int to = 2 * times * 100; | |
143 | while (isRunning && ++count < to/100) | |
144 | QThread::msleep(100); | |
145 | ||
146 | if (isRunning) { | |
147 | setResult(-1); | |
148 | printTestFailed(QString("tests are not finished in time, attempt %1").arg(currentAttempt)); | |
149 | } | |
150 | } | |
151 | ||
152 | void executeNextSslTest() | |
153 | { | |
154 | if (!socket) | |
155 | socket = new XSslSocket; | |
156 | ||
157 | socket->setPeerVerifyMode(XSslSocket::VerifyPeer); | |
158 | socket->setProtocol(XSsl::TlsV1_1OrLater); | |
159 | ||
160 | setResult(0); | |
161 | ||
162 | socket->connectToHostEncrypted("localhost", 8443); | |
163 | ||
164 | if (!socket->waitForEncrypted()) { | |
165 | setResult(0); | |
166 | } else { | |
167 | setResult(-1); | |
168 | printTestFailed(QString("encrypted connection established but shouldnot, attempt %1").arg(currentAttempt)); | |
169 | isRunning = false; | |
170 | } | |
171 | } | |
172 | ||
173 | void verifySslTestResult() | |
174 | { | |
175 | // we can't use currentSslTest as it becomes broken due to manual relaunch of SslCAudit | |
176 | if ((allSslTests().first()->result() == SslTestResult::Undefined) | |
177 | && (QString::compare(socket->errorString(), | |
178 | "The host name did not match any of the valid hosts for this certificate") == 0)) { | |
179 | ; | |
180 | } else { | |
181 | socket->close(); | |
182 | setResult(-1); | |
183 | printTestFailed(QString("unexpected test result (%1), attempt %2") | |
184 | .arg(sslTestResultToString(allSslTests().first()->result())) | |
185 | .arg(currentAttempt)); | |
186 | isRunning = false; | |
187 | } | |
188 | ||
189 | socket->close(); | |
190 | if (socket->state() != QAbstractSocket::UnconnectedState) | |
191 | socket->waitForDisconnected(); | |
192 | ||
193 | if (currentAttempt++ >= times) { | |
194 | setResult(0); | |
195 | printTestSucceeded(); | |
196 | isRunning = false; | |
197 | } else { | |
198 | launchSslCAudit(); | |
199 | } | |
200 | } | |
201 | ||
202 | private: | |
203 | XSslSocket *socket; | |
204 | int times; | |
205 | int currentAttempt; | |
206 | bool isRunning; | |
207 | ||
208 | }; | |
209 | ||
210 | ||
211 | QList<Test *> createAutotests(int times) | |
212 | { | |
213 | return QList<Test *>() | |
214 | << new Test01(times, 1, "RecurrentRequests", QList<SslTest *>() << new SslTestCertSS1) | |
215 | << new Test02(times, 2, "RecurrentRequests", QList<SslTest *>() << new SslTestCertSS1) | |
216 | ; | |
217 | } | |
218 | ||
219 | int main(int argc, char *argv[]) | |
220 | { | |
221 | QCoreApplication a(argc, argv); | |
222 | QThread thread; | |
223 | TestsLauncher *testsLauncher; | |
224 | ||
225 | int times = 20; | |
226 | bool ok; | |
227 | ||
228 | if (argc == 2) { | |
229 | times = QString(argv[1]).toInt(&ok); | |
230 | if (!ok) | |
231 | times = 20; | |
232 | } | |
233 | ||
234 | testsLauncher = new TestsLauncher(createAutotests(times)); | |
235 | testsLauncher->moveToThread(&thread); | |
236 | QObject::connect(&thread, &QThread::finished, testsLauncher, &QObject::deleteLater); | |
237 | QObject::connect(&thread, &QThread::started, testsLauncher, &TestsLauncher::launchTests); | |
238 | QObject::connect(testsLauncher, &TestsLauncher::autotestsFinished, [=](){ | |
239 | qApp->exit(testsLauncher->testsResult()); | |
240 | }); | |
241 | ||
242 | thread.start(); | |
243 | ||
244 | int ret = a.exec(); | |
245 | ||
246 | thread.quit(); | |
247 | thread.wait(); | |
248 | ||
249 | return ret; | |
250 | } | |
251 | ||
252 | #include "tests_RecurrentRequests.moc" |
0 | 0 | #include "test.h" |
1 | 1 | #include "ssltests.h" |
2 | #include "clientinfo.h" | |
2 | 3 | |
3 | 4 | #include <QCoreApplication> |
4 | 5 | |
19 | 20 | public: |
20 | 21 | Test01(int id, QString testBaseName, QList<SslTest *> sslTests) : Test(id, testBaseName, sslTests) { |
21 | 22 | socket = nullptr; |
23 | data = QByteArray("GET / HTTP/1.0\r\n\r\n"); | |
22 | 24 | } |
23 | 25 | |
24 | 26 | ~Test01() { |
32 | 34 | |
33 | 35 | void executeNextSslTest() |
34 | 36 | { |
35 | if (!socket) | |
36 | socket = new XSslSocket; | |
37 | ||
38 | data = QByteArray("GET / HTTP/1.0\r\n\r\n"); | |
39 | ||
40 | socket->setPeerVerifyMode(XSslSocket::VerifyNone); | |
41 | ||
42 | socket->connectToHostEncrypted("localhost", 8443); | |
43 | ||
44 | if (!socket->waitForEncrypted()) { | |
45 | setResult(-1); | |
46 | printTestFailed("can not establish encrypted connection"); | |
47 | } else { | |
48 | socket->write(data); | |
49 | socket->flush(); | |
50 | setResult(0); | |
51 | } | |
52 | socket->disconnectFromHost(); | |
37 | if (!socket) { | |
38 | socket = new XSslSocket; | |
39 | ||
40 | socket->setPeerVerifyMode(XSslSocket::VerifyNone); | |
41 | ||
42 | connect(socket, &XSslSocket::encrypted, [=]() { | |
43 | socket->write(data); | |
44 | socket->flush(); | |
45 | }); | |
46 | } | |
47 | ||
48 | socket->connectToHostEncrypted("localhost", 8443); | |
53 | 49 | } |
54 | 50 | |
55 | 51 | void verifySslTestResult() |
56 | 52 | { |
57 | 53 | if ((currentSslTest()->result() == SslTestResult::DataIntercepted) |
58 | && (currentClient().interceptedData() == data)) { | |
54 | && (currentClient()->interceptedData() == data)) { | |
59 | 55 | setResult(0); |
60 | 56 | printTestSucceeded(); |
61 | 57 | } else { |
92 | 88 | |
93 | 89 | void executeNextSslTest() |
94 | 90 | { |
95 | if (!socket) | |
96 | socket = new XSslSocket; | |
97 | ||
98 | socket->setPeerVerifyMode(XSslSocket::VerifyNone); | |
99 | ||
100 | socket->connectToHostEncrypted("localhost", 8443); | |
101 | ||
102 | if (!socket->waitForEncrypted()) { | |
103 | setResult(-1); | |
104 | printTestFailed("can not establish encrypted connection"); | |
105 | } else { | |
106 | QThread::msleep(5500); | |
107 | setResult(0); | |
108 | } | |
109 | socket->disconnectFromHost(); | |
91 | if (!socket) { | |
92 | socket = new XSslSocket; | |
93 | ||
94 | socket->setPeerVerifyMode(XSslSocket::VerifyNone); | |
95 | ||
96 | connect(socket, &XSslSocket::encrypted, [=]() { | |
97 | QThread::msleep(5500); | |
98 | }); | |
99 | } | |
100 | ||
101 | socket->connectToHostEncrypted("localhost", 8443); | |
110 | 102 | } |
111 | 103 | |
112 | 104 | void verifySslTestResult() |
126 | 118 | |
127 | 119 | }; |
128 | 120 | |
129 | // do verify peer certificate | |
121 | // do verify peer certificate, do not specify application protocol, result should be undefined | |
130 | 122 | // check for proper test result code |
131 | 123 | class Test03 : public Test |
132 | 124 | { |
147 | 139 | |
148 | 140 | void executeNextSslTest() |
149 | 141 | { |
150 | if (!socket) | |
151 | socket = new XSslSocket; | |
152 | ||
153 | socket->setPeerVerifyMode(XSslSocket::VerifyPeer); | |
154 | ||
155 | socket->connectToHostEncrypted("localhost", 8443); | |
156 | ||
157 | if (!socket->waitForEncrypted()) { | |
158 | setResult(0); | |
159 | } else { | |
160 | setResult(-1); | |
161 | printTestFailed("encrypted session was established, but should not"); | |
162 | } | |
163 | socket->disconnectFromHost(); | |
142 | if (!socket) { | |
143 | socket = new XSslSocket; | |
144 | ||
145 | socket->setPeerVerifyMode(XSslSocket::VerifyPeer); | |
146 | ||
147 | connect(socket, &XSslSocket::encrypted, [=]() { | |
148 | printTestFailed("encrypted session was established, but should not"); | |
149 | }); | |
150 | } | |
151 | ||
152 | socket->connectToHostEncrypted("localhost", 8443); | |
164 | 153 | } |
165 | 154 | |
166 | 155 | void verifySslTestResult() |
167 | 156 | { |
168 | 157 | if (currentSslTest()->result() == SslTestResult::Undefined) { |
158 | setResult(0); | |
159 | printTestSucceeded(); | |
160 | } else { | |
161 | setResult(-1); | |
162 | printTestFailed(QString("unexpected test result (%1)") | |
163 | .arg(sslTestResultToString(currentSslTest()->result()))); | |
164 | } | |
165 | } | |
166 | ||
167 | private: | |
168 | XSslSocket *socket; | |
169 | ||
170 | }; | |
171 | ||
172 | // do verify peer certificate, do specify application protocol (HTTP), result should be failed | |
173 | // check for proper test result code | |
174 | class Test04 : public Test | |
175 | { | |
176 | Q_OBJECT | |
177 | public: | |
178 | Test04(int id, QString testBaseName, QList<SslTest *> sslTests) : Test(id, testBaseName, sslTests) { | |
179 | socket = nullptr; | |
180 | } | |
181 | ||
182 | ~Test04() { | |
183 | delete socket; | |
184 | } | |
185 | ||
186 | void setTestsSettings() | |
187 | { | |
188 | testSettings.setUserCN("www.example.com"); | |
189 | } | |
190 | ||
191 | void executeNextSslTest() | |
192 | { | |
193 | if (!socket) { | |
194 | socket = new XSslSocket; | |
195 | ||
196 | SslUnsafeConfiguration c; | |
197 | c.setPeerVerifyMode(XSslSocket::VerifyPeer); | |
198 | c.setAllowedNextProtocols(QList<QByteArray>() << SslUnsafeConfiguration::ALPNProtocolHTTP2); | |
199 | socket->setSslConfiguration(c); | |
200 | ||
201 | connect(socket, &XSslSocket::encrypted, [=]() { | |
202 | printTestFailed("encrypted session was established, but should not"); | |
203 | }); | |
204 | } | |
205 | ||
206 | socket->connectToHostEncrypted("localhost", 8443); | |
207 | } | |
208 | ||
209 | void verifySslTestResult() | |
210 | { | |
211 | if (currentSslTest()->result() == SslTestResult::Success) { | |
169 | 212 | setResult(0); |
170 | 213 | printTestSucceeded(); |
171 | 214 | } else { |
183 | 226 | // connect to localhost, but set server name to the same as for ssl server |
184 | 227 | // do verify peer certificate |
185 | 228 | // check for proper test result code |
186 | class Test04 : public Test | |
187 | { | |
188 | Q_OBJECT | |
189 | public: | |
190 | Test04(int id, QString testBaseName, QList<SslTest *> sslTests) : Test(id, testBaseName, sslTests) { | |
191 | socket = nullptr; | |
192 | } | |
193 | ||
194 | ~Test04() { | |
195 | delete socket; | |
196 | } | |
197 | ||
198 | void setTestsSettings() | |
199 | { | |
200 | testSettings.setUserCN("www.example.com"); | |
201 | } | |
202 | ||
203 | void executeNextSslTest() | |
204 | { | |
205 | if (!socket) | |
206 | socket = new XSslSocket; | |
207 | ||
208 | socket->setPeerVerifyMode(XSslSocket::VerifyPeer); | |
229 | class Test05 : public Test | |
230 | { | |
231 | Q_OBJECT | |
232 | public: | |
233 | Test05(int id, QString testBaseName, QList<SslTest *> sslTests) : Test(id, testBaseName, sslTests) { | |
234 | socket = nullptr; | |
235 | } | |
236 | ||
237 | ~Test05() { | |
238 | delete socket; | |
239 | } | |
240 | ||
241 | void setTestsSettings() | |
242 | { | |
243 | testSettings.setUserCN("www.example.com"); | |
244 | } | |
245 | ||
246 | void executeNextSslTest() | |
247 | { | |
248 | if (!socket) { | |
249 | socket = new XSslSocket; | |
250 | ||
251 | socket->setPeerVerifyMode(XSslSocket::VerifyPeer); | |
252 | ||
253 | connect(socket, &XSslSocket::encrypted, [=]() { | |
254 | printTestFailed("encrypted session was established, but should not"); | |
255 | }); | |
256 | } | |
257 | ||
209 | 258 | |
210 | 259 | socket->connectToHostEncrypted("localhost", 8443, "www.example.com"); |
211 | ||
212 | if (!socket->waitForEncrypted()) { | |
213 | setResult(0); | |
214 | } else { | |
215 | setResult(-1); | |
216 | printTestFailed("encrypted session was established, but should not"); | |
217 | } | |
218 | socket->disconnectFromHost(); | |
260 | } | |
261 | ||
262 | void verifySslTestResult() | |
263 | { | |
264 | if (currentSslTest()->result() == SslTestResult::Undefined) { | |
265 | setResult(0); | |
266 | printTestSucceeded(); | |
267 | } else { | |
268 | setResult(-1); | |
269 | printTestFailed(QString("unexpected test result (%1)") | |
270 | .arg(sslTestResultToString(currentSslTest()->result()))); | |
271 | } | |
272 | } | |
273 | ||
274 | private: | |
275 | XSslSocket *socket; | |
276 | ||
277 | }; | |
278 | ||
279 | // do verify peer certificate but do not support server's ciphers | |
280 | // check for proper test result code | |
281 | class Test06 : public Test | |
282 | { | |
283 | Q_OBJECT | |
284 | public: | |
285 | Test06(int id, QString testBaseName, QList<SslTest *> sslTests) : Test(id, testBaseName, sslTests) { | |
286 | socket = nullptr; | |
287 | } | |
288 | ||
289 | ~Test06() { | |
290 | delete socket; | |
291 | } | |
292 | ||
293 | void setTestsSettings() | |
294 | { | |
295 | testSettings.setUserCN("www.example.com"); | |
296 | testSettings.setSupportedCiphers("DHE-DSS-AES256-SHA"); | |
297 | } | |
298 | ||
299 | void executeNextSslTest() | |
300 | { | |
301 | if (!socket) { | |
302 | socket = new XSslSocket; | |
303 | ||
304 | SslUnsafeConfiguration c; | |
305 | c.setPeerVerifyMode(XSslSocket::VerifyPeer); | |
306 | c.setCiphers(QList<XSslCipher>() << XSslCipher("AES128-GCM-SHA256")); | |
307 | socket->setSslConfiguration(c); | |
308 | ||
309 | connect(socket, &XSslSocket::encrypted, [=]() { | |
310 | printTestFailed("encrypted session was established, but should not"); | |
311 | }); | |
312 | } | |
313 | ||
314 | socket->connectToHostEncrypted("localhost", 8443); | |
219 | 315 | } |
220 | 316 | |
221 | 317 | void verifySslTestResult() |
243 | 339 | << new Test02(2, "SslTestCertSS1", QList<SslTest *>() << new SslTestCertSS1) |
244 | 340 | << new Test03(3, "SslTestCertSS1", QList<SslTest *>() << new SslTestCertSS1) |
245 | 341 | << new Test04(4, "SslTestCertSS1", QList<SslTest *>() << new SslTestCertSS1) |
342 | << new Test05(5, "SslTestCertSS1", QList<SslTest *>() << new SslTestCertSS1) | |
343 | << new Test06(5, "SslTestCertSS1", QList<SslTest *>() << new SslTestCertSS1) | |
246 | 344 | ; |
247 | 345 | } |
248 | 346 | |
249 | 347 | int main(int argc, char *argv[]) |
250 | 348 | { |
251 | 349 | QCoreApplication a(argc, argv); |
252 | QThread thread; | |
253 | 350 | TestsLauncher *testsLauncher; |
254 | 351 | |
255 | 352 | testsLauncher = new TestsLauncher(createAutotests()); |
256 | testsLauncher->moveToThread(&thread); | |
257 | QObject::connect(&thread, &QThread::finished, testsLauncher, &QObject::deleteLater); | |
258 | QObject::connect(&thread, &QThread::started, testsLauncher, &TestsLauncher::launchTests); | |
353 | ||
259 | 354 | QObject::connect(testsLauncher, &TestsLauncher::autotestsFinished, [=](){ |
260 | 355 | qApp->exit(testsLauncher->testsResult()); |
261 | 356 | }); |
262 | 357 | |
263 | thread.start(); | |
264 | ||
265 | int ret = a.exec(); | |
266 | ||
267 | thread.quit(); | |
268 | thread.wait(); | |
269 | ||
270 | return ret; | |
358 | testsLauncher->launchNextTest(); | |
359 | ||
360 | return a.exec(); | |
271 | 361 | } |
272 | 362 | |
273 | 363 | #include "tests_SslTestCertSS1.moc" |
0 | 0 | #include "test.h" |
1 | 1 | #include "ssltests.h" |
2 | 2 | #include "ciphers.h" |
3 | #include "clientinfo.h" | |
3 | 4 | |
4 | 5 | #include <QCoreApplication> |
5 | 6 | #include <QUdpSocket> |
54 | 55 | |
55 | 56 | bool ret = dtls.doHandshake(socket); |
56 | 57 | if (!ret) { |
57 | setResult(-1); | |
58 | 58 | printTestFailed("handshake failed too early"); |
59 | 59 | dtls.shutdown(socket); |
60 | 60 | return; |
71 | 71 | if ((dtls.handshakeState() == XDtls::HandshakeComplete) |
72 | 72 | && (dtls.dtlsError() == XDtlsError::NoError)) { |
73 | 73 | dtls.writeDatagramEncrypted(socket, data); |
74 | setResult(0); | |
75 | } else { | |
76 | setResult(-1); | |
74 | } else { | |
77 | 75 | printTestFailed("encrypted session was not established, but should"); |
78 | 76 | } |
79 | 77 | |
83 | 81 | void verifySslTestResult() |
84 | 82 | { |
85 | 83 | if ((currentSslTest()->result() == SslTestResult::DataIntercepted) |
86 | && (currentClient().interceptedData() == data)) { | |
84 | && (currentClient()->interceptedData() == data)) { | |
87 | 85 | setResult(0); |
88 | 86 | printTestSucceeded(); |
89 | 87 | } else { |
136 | 134 | |
137 | 135 | bool ret = dtls.doHandshake(socket); |
138 | 136 | if (!ret) { |
139 | setResult(-1); | |
140 | 137 | printTestFailed("handshake failed too early"); |
141 | 138 | dtls.shutdown(socket); |
142 | 139 | return; |
153 | 150 | if ((dtls.handshakeState() == XDtls::HandshakeComplete) |
154 | 151 | && (dtls.dtlsError() == XDtlsError::NoError)) { |
155 | 152 | QThread::msleep(5500); |
156 | setResult(0); | |
157 | } else { | |
158 | setResult(-1); | |
153 | } else { | |
159 | 154 | printTestFailed("encrypted session was not established, but should"); |
160 | 155 | } |
161 | 156 | |
164 | 159 | |
165 | 160 | void verifySslTestResult() |
166 | 161 | { |
167 | if (currentSslTest()->result() == SslTestResult::CertAccepted) { | |
162 | if (currentSslTest()->result() == SslTestResult::Undefined) { | |
168 | 163 | setResult(0); |
169 | 164 | printTestSucceeded(); |
170 | 165 | } else { |
217 | 212 | |
218 | 213 | bool ret = dtls.doHandshake(socket); |
219 | 214 | if (!ret) { |
220 | setResult(-1); | |
221 | 215 | printTestFailed("handshake failed too early"); |
222 | 216 | dtls.shutdown(socket); |
223 | 217 | return; |
238 | 232 | } |
239 | 233 | |
240 | 234 | if (verifyError) { |
241 | setResult(0); | |
242 | } else { | |
243 | setResult(-1); | |
235 | } else { | |
244 | 236 | printTestFailed("encrypted session was established, but should not"); |
245 | 237 | } |
246 | 238 | dtls.shutdown(socket); |
302 | 294 | |
303 | 295 | bool ret = dtls.doHandshake(socket); |
304 | 296 | if (!ret) { |
305 | setResult(-1); | |
306 | 297 | printTestFailed("handshake failed too early"); |
307 | 298 | dtls.shutdown(socket); |
308 | 299 | return; |
323 | 314 | } |
324 | 315 | |
325 | 316 | if (verifyError) { |
326 | setResult(0); | |
327 | } else { | |
328 | setResult(-1); | |
317 | } else { | |
329 | 318 | printTestFailed("encrypted session was established, but should not"); |
330 | 319 | } |
331 | 320 | dtls.shutdown(socket); |
362 | 351 | int main(int argc, char *argv[]) |
363 | 352 | { |
364 | 353 | QCoreApplication a(argc, argv); |
365 | QThread thread; | |
366 | 354 | TestsLauncher *testsLauncher; |
367 | 355 | |
368 | 356 | testsLauncher = new TestsLauncher(createAutotests()); |
369 | testsLauncher->moveToThread(&thread); | |
370 | QObject::connect(&thread, &QThread::finished, testsLauncher, &QObject::deleteLater); | |
371 | QObject::connect(&thread, &QThread::started, testsLauncher, &TestsLauncher::launchTests); | |
357 | ||
372 | 358 | QObject::connect(testsLauncher, &TestsLauncher::autotestsFinished, [=](){ |
373 | 359 | qApp->exit(testsLauncher->testsResult()); |
374 | 360 | }); |
375 | 361 | |
376 | thread.start(); | |
377 | ||
378 | int ret = a.exec(); | |
379 | ||
380 | thread.quit(); | |
381 | thread.wait(); | |
382 | ||
383 | return ret; | |
362 | testsLauncher->launchNextTest(); | |
363 | ||
364 | return a.exec(); | |
384 | 365 | } |
385 | 366 | |
386 | 367 | #include "tests_SslTestCertSS1dtls.moc" |
52 | 52 | |
53 | 53 | bool ret = dtls.doHandshake(socket); |
54 | 54 | if (!ret) { |
55 | setResult(-1); | |
56 | 55 | printTestFailed("handshake failed too early"); |
57 | 56 | dtls.shutdown(socket); |
58 | 57 | return; |
68 | 67 | |
69 | 68 | if ((dtls.handshakeState() == XDtls::HandshakeNotStarted) |
70 | 69 | && (dtls.dtlsErrorString().contains("handshake failure"))) { |
71 | setResult(0); | |
72 | } else { | |
73 | setResult(-1); | |
70 | ; | |
71 | } else { | |
74 | 72 | printTestFailed("encrypted session was established, but should not"); |
75 | 73 | } |
76 | 74 | |
133 | 131 | mediumCiphers << cipher; |
134 | 132 | } |
135 | 133 | if (mediumCiphers.size() == 0) { |
136 | setResult(-1); | |
137 | 134 | printTestFailed(); |
138 | 135 | QThread::currentThread()->quit(); |
139 | 136 | return; |
148 | 145 | |
149 | 146 | bool ret = dtls.doHandshake(socket); |
150 | 147 | if (!ret) { |
151 | setResult(-1); | |
152 | 148 | printTestFailed("handshake failed too early"); |
153 | 149 | dtls.shutdown(socket); |
154 | 150 | return; |
164 | 160 | |
165 | 161 | if ((dtls.handshakeState() == XDtls::HandshakeNotStarted) |
166 | 162 | && (dtls.dtlsErrorString().contains("handshake failure"))) { |
167 | setResult(0); | |
168 | } else { | |
169 | setResult(-1); | |
163 | ; | |
164 | } else { | |
170 | 165 | printTestFailed("encrypted session was established, but should not"); |
171 | 166 | } |
172 | 167 | |
230 | 225 | highCiphers << cipher; |
231 | 226 | } |
232 | 227 | if (highCiphers.size() == 0) { |
233 | setResult(-1); | |
234 | 228 | printTestFailed(); |
235 | 229 | QThread::currentThread()->quit(); |
236 | 230 | return; |
245 | 239 | |
246 | 240 | bool ret = dtls.doHandshake(socket); |
247 | 241 | if (!ret) { |
248 | setResult(-1); | |
249 | 242 | printTestFailed("handshake failed too early"); |
250 | 243 | dtls.shutdown(socket); |
251 | 244 | return; |
261 | 254 | |
262 | 255 | if ((dtls.handshakeState() == XDtls::HandshakeNotStarted) |
263 | 256 | && (dtls.dtlsErrorString().contains("handshake failure"))) { |
264 | setResult(0); | |
265 | } else { | |
266 | setResult(-1); | |
257 | ; | |
258 | } else { | |
267 | 259 | printTestFailed("encrypted session was established, but should not"); |
268 | 260 | } |
269 | 261 | |
327 | 319 | exportCiphers << cipher; |
328 | 320 | } |
329 | 321 | if (exportCiphers.size() == 0) { |
330 | setResult(-1); | |
331 | 322 | printTestFailed(); |
332 | 323 | QThread::currentThread()->quit(); |
333 | 324 | return; |
342 | 333 | |
343 | 334 | bool ret = dtls.doHandshake(socket); |
344 | 335 | if (!ret) { |
345 | setResult(-1); | |
346 | 336 | printTestFailed("handshake failed too early"); |
347 | 337 | dtls.shutdown(socket); |
348 | 338 | return; |
363 | 353 | } |
364 | 354 | |
365 | 355 | if (verifyError) { |
366 | setResult(0); | |
367 | } else { | |
368 | setResult(-1); | |
356 | ; | |
357 | } else { | |
369 | 358 | printTestFailed("encrypted session was established, but should not"); |
370 | 359 | } |
371 | 360 | dtls.shutdown(socket); |
428 | 417 | exportCiphers << cipher; |
429 | 418 | } |
430 | 419 | if (exportCiphers.size() == 0) { |
431 | setResult(-1); | |
432 | 420 | printTestFailed(); |
433 | 421 | QThread::currentThread()->quit(); |
434 | 422 | return; |
443 | 431 | |
444 | 432 | bool ret = dtls.doHandshake(socket); |
445 | 433 | if (!ret) { |
446 | setResult(-1); | |
447 | 434 | printTestFailed("handshake failed too early"); |
448 | 435 | dtls.shutdown(socket); |
449 | 436 | return; |
464 | 451 | } |
465 | 452 | |
466 | 453 | if (verifyError) { |
467 | setResult(-1); | |
468 | 454 | printTestFailed("encrypted session was not established, but should"); |
469 | 455 | } else { |
470 | setResult(0); | |
456 | ; | |
471 | 457 | } |
472 | 458 | dtls.shutdown(socket); |
473 | 459 | } |
503 | 489 | int main(int argc, char *argv[]) |
504 | 490 | { |
505 | 491 | QCoreApplication a(argc, argv); |
506 | QThread thread; | |
507 | 492 | TestsLauncher *testsLauncher; |
508 | 493 | |
509 | 494 | testsLauncher = new TestsLauncher(createAutotests()); |
510 | testsLauncher->moveToThread(&thread); | |
511 | QObject::connect(&thread, &QThread::finished, testsLauncher, &QObject::deleteLater); | |
512 | QObject::connect(&thread, &QThread::started, testsLauncher, &TestsLauncher::launchTests); | |
495 | ||
513 | 496 | QObject::connect(testsLauncher, &TestsLauncher::autotestsFinished, [=](){ |
514 | 497 | qApp->exit(testsLauncher->testsResult()); |
515 | 498 | }); |
516 | 499 | |
517 | thread.start(); | |
518 | ||
519 | int ret = a.exec(); | |
520 | ||
521 | thread.quit(); | |
522 | thread.wait(); | |
523 | ||
524 | return ret; | |
500 | testsLauncher->launchNextTest(); | |
501 | ||
502 | return a.exec(); | |
525 | 503 | } |
526 | 504 | |
527 | 505 | #include "tests_SslTestCiphersDtls10Exp.moc" |
52 | 52 | |
53 | 53 | bool ret = dtls.doHandshake(socket); |
54 | 54 | if (!ret) { |
55 | setResult(-1); | |
56 | 55 | printTestFailed("handshake failed too early"); |
57 | 56 | dtls.shutdown(socket); |
58 | 57 | return; |
68 | 67 | |
69 | 68 | if ((dtls.handshakeState() == XDtls::HandshakeNotStarted) |
70 | 69 | && (dtls.dtlsErrorString().contains("alert protocol version"))) { |
71 | setResult(0); | |
72 | } else { | |
73 | setResult(-1); | |
70 | ; | |
71 | } else { | |
74 | 72 | printTestFailed("encrypted session was established, but should not"); |
75 | 73 | } |
76 | 74 | |
133 | 131 | mediumCiphers << cipher; |
134 | 132 | } |
135 | 133 | if (mediumCiphers.size() == 0) { |
136 | setResult(-1); | |
137 | 134 | printTestFailed(); |
138 | 135 | QThread::currentThread()->quit(); |
139 | 136 | return; |
148 | 145 | |
149 | 146 | bool ret = dtls.doHandshake(socket); |
150 | 147 | if (!ret) { |
151 | setResult(-1); | |
152 | 148 | printTestFailed("handshake failed too early"); |
153 | 149 | dtls.shutdown(socket); |
154 | 150 | return; |
164 | 160 | |
165 | 161 | if ((dtls.handshakeState() == XDtls::HandshakeNotStarted) |
166 | 162 | && (dtls.dtlsErrorString().contains("handshake failure"))) { |
167 | setResult(0); | |
168 | } else { | |
169 | setResult(-1); | |
163 | ; | |
164 | } else { | |
170 | 165 | printTestFailed("encrypted session was established, but should not"); |
171 | 166 | } |
172 | 167 | |
230 | 225 | highCiphers << cipher; |
231 | 226 | } |
232 | 227 | if (highCiphers.size() == 0) { |
233 | setResult(-1); | |
234 | 228 | printTestFailed(); |
235 | 229 | QThread::currentThread()->quit(); |
236 | 230 | return; |
245 | 239 | |
246 | 240 | bool ret = dtls.doHandshake(socket); |
247 | 241 | if (!ret) { |
248 | setResult(-1); | |
249 | 242 | printTestFailed("handshake failed too early"); |
250 | 243 | dtls.shutdown(socket); |
251 | 244 | return; |
261 | 254 | |
262 | 255 | if ((dtls.handshakeState() == XDtls::HandshakeNotStarted) |
263 | 256 | && (dtls.dtlsErrorString().contains("handshake failure"))) { |
264 | setResult(0); | |
265 | } else { | |
266 | setResult(-1); | |
257 | ; | |
258 | } else { | |
267 | 259 | printTestFailed("encrypted session was established, but should not"); |
268 | 260 | } |
269 | 261 | |
327 | 319 | exportCiphers << cipher; |
328 | 320 | } |
329 | 321 | if (exportCiphers.size() == 0) { |
330 | setResult(-1); | |
331 | 322 | printTestFailed(); |
332 | 323 | QThread::currentThread()->quit(); |
333 | 324 | return; |
342 | 333 | |
343 | 334 | bool ret = dtls.doHandshake(socket); |
344 | 335 | if (!ret) { |
345 | setResult(-1); | |
346 | 336 | printTestFailed("handshake failed too early"); |
347 | 337 | dtls.shutdown(socket); |
348 | 338 | return; |
363 | 353 | } |
364 | 354 | |
365 | 355 | if (verifyError) { |
366 | setResult(0); | |
367 | } else { | |
368 | setResult(-1); | |
356 | ; | |
357 | } else { | |
369 | 358 | printTestFailed("encrypted session was established, but should not"); |
370 | 359 | } |
371 | 360 | dtls.shutdown(socket); |
428 | 417 | exportCiphers << cipher; |
429 | 418 | } |
430 | 419 | if (exportCiphers.size() == 0) { |
431 | setResult(-1); | |
432 | 420 | printTestFailed(); |
433 | 421 | QThread::currentThread()->quit(); |
434 | 422 | return; |
443 | 431 | |
444 | 432 | bool ret = dtls.doHandshake(socket); |
445 | 433 | if (!ret) { |
446 | setResult(-1); | |
447 | 434 | printTestFailed("handshake failed too early"); |
448 | 435 | dtls.shutdown(socket); |
449 | 436 | return; |
464 | 451 | } |
465 | 452 | |
466 | 453 | if (verifyError) { |
467 | setResult(-1); | |
468 | 454 | printTestFailed("encrypted session was not established, but should"); |
469 | 455 | } else { |
470 | setResult(0); | |
456 | ; | |
471 | 457 | } |
472 | 458 | dtls.shutdown(socket); |
473 | 459 | } |
503 | 489 | int main(int argc, char *argv[]) |
504 | 490 | { |
505 | 491 | QCoreApplication a(argc, argv); |
506 | QThread thread; | |
507 | 492 | TestsLauncher *testsLauncher; |
508 | 493 | |
509 | 494 | testsLauncher = new TestsLauncher(createAutotests()); |
510 | testsLauncher->moveToThread(&thread); | |
511 | QObject::connect(&thread, &QThread::finished, testsLauncher, &QObject::deleteLater); | |
512 | QObject::connect(&thread, &QThread::started, testsLauncher, &TestsLauncher::launchTests); | |
495 | ||
513 | 496 | QObject::connect(testsLauncher, &TestsLauncher::autotestsFinished, [=](){ |
514 | 497 | qApp->exit(testsLauncher->testsResult()); |
515 | 498 | }); |
516 | 499 | |
517 | thread.start(); | |
518 | ||
519 | int ret = a.exec(); | |
520 | ||
521 | thread.quit(); | |
522 | thread.wait(); | |
523 | ||
524 | return ret; | |
500 | testsLauncher->launchNextTest(); | |
501 | ||
502 | return a.exec(); | |
525 | 503 | } |
526 | 504 | |
527 | 505 | #include "tests_SslTestCiphersDtls12Exp.moc" |
35 | 35 | |
36 | 36 | void executeNextSslTest() |
37 | 37 | { |
38 | if (!socket) | |
38 | if (!socket) { | |
39 | 39 | socket = new XSslSocket; |
40 | 40 | |
41 | socket->setPeerVerifyMode(XSslSocket::VerifyPeer); | |
42 | socket->setProtocol(XSsl::TlsV1_1OrLater); | |
41 | socket->setPeerVerifyMode(XSslSocket::VerifyPeer); | |
42 | socket->setProtocol(XSsl::TlsV1_1OrLater); | |
43 | ||
44 | connect(socket, &XSslSocket::encrypted, [=]() { | |
45 | printTestFailed("encrypted session was established, but should not"); | |
46 | }); | |
47 | } | |
43 | 48 | |
44 | 49 | socket->connectToHostEncrypted("localhost", 8443); |
45 | ||
46 | if (!socket->waitForEncrypted()) { | |
47 | setResult(0); | |
48 | } else { | |
49 | setResult(-1); | |
50 | printTestFailed("encrypted session was established, but should not"); | |
51 | } | |
52 | socket->disconnectFromHost(); | |
53 | 50 | } |
54 | 51 | |
55 | 52 | void verifySslTestResult() |
90 | 87 | |
91 | 88 | void executeNextSslTest() |
92 | 89 | { |
93 | if (!socket) | |
90 | if (!socket) { | |
94 | 91 | socket = new XSslSocket; |
95 | 92 | |
96 | socket->setPeerVerifyMode(XSslSocket::VerifyPeer); | |
97 | socket->setProtocol(XSsl::SslV3); | |
98 | QList<XSslCipher> mediumCiphers; | |
99 | QStringList opensslCiphers = ciphers_medium_str.split(":"); | |
100 | ||
101 | for (int i = 0; i < opensslCiphers.size(); i++) { | |
102 | XSslCipher cipher = XSslCipher(opensslCiphers.at(i)); | |
103 | ||
104 | if (!cipher.isNull()) | |
105 | mediumCiphers << cipher; | |
106 | } | |
107 | if (mediumCiphers.size() == 0) { | |
108 | setResult(-1); | |
109 | printTestFailed(); | |
110 | QThread::currentThread()->quit(); | |
111 | return; | |
112 | } | |
113 | socket->setCiphers(mediumCiphers); | |
93 | socket->setPeerVerifyMode(XSslSocket::VerifyPeer); | |
94 | socket->setProtocol(XSsl::SslV3); | |
95 | QList<XSslCipher> mediumCiphers; | |
96 | QStringList opensslCiphers = ciphers_medium_str.split(":"); | |
97 | ||
98 | for (int i = 0; i < opensslCiphers.size(); i++) { | |
99 | XSslCipher cipher = XSslCipher(opensslCiphers.at(i)); | |
100 | ||
101 | if (!cipher.isNull()) | |
102 | mediumCiphers << cipher; | |
103 | } | |
104 | if (mediumCiphers.size() == 0) { | |
105 | setResult(-1); | |
106 | printTestFailed(); | |
107 | QThread::currentThread()->quit(); | |
108 | return; | |
109 | } | |
110 | socket->setCiphers(mediumCiphers); | |
111 | ||
112 | connect(socket, &XSslSocket::encrypted, [=]() { | |
113 | printTestFailed("encrypted session was established, but should not"); | |
114 | }); | |
115 | } | |
114 | 116 | |
115 | 117 | socket->connectToHostEncrypted("localhost", 8443); |
116 | ||
117 | if (!socket->waitForEncrypted()) { | |
118 | setResult(0); | |
119 | } else { | |
120 | setResult(-1); | |
121 | printTestFailed("encrypted session was established, but should not"); | |
122 | } | |
123 | socket->disconnectFromHost(); | |
124 | 118 | } |
125 | 119 | |
126 | 120 | void verifySslTestResult() |
161 | 155 | |
162 | 156 | void executeNextSslTest() |
163 | 157 | { |
164 | if (!socket) | |
158 | if (!socket) { | |
165 | 159 | socket = new XSslSocket; |
166 | 160 | |
167 | socket->setPeerVerifyMode(XSslSocket::VerifyPeer); | |
168 | socket->setProtocol(XSsl::SslV3); | |
169 | QList<XSslCipher> highCiphers; | |
170 | QStringList opensslCiphers = ciphers_high_str.split(":"); | |
171 | ||
172 | for (int i = 0; i < opensslCiphers.size(); i++) { | |
173 | XSslCipher cipher = XSslCipher(opensslCiphers.at(i)); | |
174 | ||
175 | if (!cipher.isNull()) | |
176 | highCiphers << cipher; | |
177 | } | |
178 | if (highCiphers.size() == 0) { | |
179 | setResult(-1); | |
180 | printTestFailed(); | |
181 | QThread::currentThread()->quit(); | |
182 | return; | |
183 | } | |
184 | socket->setCiphers(highCiphers); | |
161 | socket->setPeerVerifyMode(XSslSocket::VerifyPeer); | |
162 | socket->setProtocol(XSsl::SslV3); | |
163 | QList<XSslCipher> highCiphers; | |
164 | QStringList opensslCiphers = ciphers_high_str.split(":"); | |
165 | ||
166 | for (int i = 0; i < opensslCiphers.size(); i++) { | |
167 | XSslCipher cipher = XSslCipher(opensslCiphers.at(i)); | |
168 | ||
169 | if (!cipher.isNull()) | |
170 | highCiphers << cipher; | |
171 | } | |
172 | if (highCiphers.size() == 0) { | |
173 | setResult(-1); | |
174 | printTestFailed(); | |
175 | QThread::currentThread()->quit(); | |
176 | return; | |
177 | } | |
178 | socket->setCiphers(highCiphers); | |
179 | ||
180 | connect(socket, &XSslSocket::encrypted, [=]() { | |
181 | printTestFailed("encrypted session was established, but should not"); | |
182 | }); | |
183 | } | |
185 | 184 | |
186 | 185 | socket->connectToHostEncrypted("localhost", 8443); |
187 | ||
188 | if (!socket->waitForEncrypted()) { | |
189 | setResult(0); | |
190 | } else { | |
191 | setResult(-1); | |
192 | printTestFailed("encrypted session was established, but should not"); | |
193 | } | |
194 | socket->disconnectFromHost(); | |
195 | 186 | } |
196 | 187 | |
197 | 188 | void verifySslTestResult() |
232 | 223 | |
233 | 224 | void executeNextSslTest() |
234 | 225 | { |
235 | if (!socket) | |
226 | if (!socket) { | |
236 | 227 | socket = new XSslSocket; |
237 | 228 | |
238 | socket->setPeerVerifyMode(XSslSocket::VerifyNone); | |
239 | socket->setProtocol(XSsl::SslV3); | |
240 | QList<XSslCipher> mediumCiphers; | |
241 | QStringList opensslCiphers = ciphers_medium_str.split(":"); | |
242 | ||
243 | for (int i = 0; i < opensslCiphers.size(); i++) { | |
244 | XSslCipher cipher = XSslCipher(opensslCiphers.at(i)); | |
245 | ||
246 | if (!cipher.isNull()) | |
247 | mediumCiphers << cipher; | |
248 | } | |
249 | if (mediumCiphers.size() == 0) { | |
250 | setResult(-1); | |
251 | printTestFailed(); | |
252 | QThread::currentThread()->quit(); | |
253 | return; | |
254 | } | |
255 | socket->setCiphers(mediumCiphers); | |
229 | socket->setPeerVerifyMode(XSslSocket::VerifyNone); | |
230 | socket->setProtocol(XSsl::SslV3); | |
231 | QList<XSslCipher> mediumCiphers; | |
232 | QStringList opensslCiphers = ciphers_medium_str.split(":"); | |
233 | ||
234 | for (int i = 0; i < opensslCiphers.size(); i++) { | |
235 | XSslCipher cipher = XSslCipher(opensslCiphers.at(i)); | |
236 | ||
237 | if (!cipher.isNull()) | |
238 | mediumCiphers << cipher; | |
239 | } | |
240 | if (mediumCiphers.size() == 0) { | |
241 | setResult(-1); | |
242 | printTestFailed(); | |
243 | QThread::currentThread()->quit(); | |
244 | return; | |
245 | } | |
246 | socket->setCiphers(mediumCiphers); | |
247 | ||
248 | connect(socket, &XSslSocket::encrypted, [=]() { | |
249 | }); | |
250 | } | |
256 | 251 | |
257 | 252 | socket->connectToHostEncrypted("localhost", 8443); |
258 | ||
259 | if (!socket->waitForEncrypted()) { | |
260 | setResult(-1); | |
261 | printTestFailed("can not establish encrypted connection"); | |
262 | } else { | |
263 | setResult(0); | |
264 | } | |
265 | socket->disconnectFromHost(); | |
266 | 253 | } |
267 | 254 | |
268 | 255 | void verifySslTestResult() |
297 | 284 | int main(int argc, char *argv[]) |
298 | 285 | { |
299 | 286 | QCoreApplication a(argc, argv); |
300 | QThread thread; | |
301 | 287 | TestsLauncher *testsLauncher; |
302 | 288 | |
303 | 289 | testsLauncher = new TestsLauncher(createAutotests()); |
304 | testsLauncher->moveToThread(&thread); | |
305 | QObject::connect(&thread, &QThread::finished, testsLauncher, &QObject::deleteLater); | |
306 | QObject::connect(&thread, &QThread::started, testsLauncher, &TestsLauncher::launchTests); | |
290 | ||
307 | 291 | QObject::connect(testsLauncher, &TestsLauncher::autotestsFinished, [=](){ |
308 | 292 | qApp->exit(testsLauncher->testsResult()); |
309 | 293 | }); |
310 | 294 | |
311 | thread.start(); | |
312 | ||
313 | int ret = a.exec(); | |
314 | ||
315 | thread.quit(); | |
316 | thread.wait(); | |
317 | ||
318 | return ret; | |
295 | testsLauncher->launchNextTest(); | |
296 | ||
297 | return a.exec(); | |
319 | 298 | } |
320 | 299 | |
321 | 300 | #include "tests_SslTestCiphersSsl3Med.moc" |
34 | 34 | |
35 | 35 | void executeNextSslTest() |
36 | 36 | { |
37 | if (!socket) | |
38 | socket = new XSslSocket; | |
39 | ||
40 | socket->setPeerVerifyMode(XSslSocket::VerifyPeer); | |
41 | socket->setProtocol(XSsl::TlsV1_1OrLater); | |
42 | ||
43 | socket->connectToHostEncrypted("localhost", 8443); | |
44 | ||
45 | if (!socket->waitForEncrypted()) { | |
46 | setResult(0); | |
47 | } else { | |
48 | setResult(-1); | |
49 | printTestFailed("encrypted session was established, but should not"); | |
50 | } | |
51 | socket->disconnectFromHost(); | |
37 | if (!socket) { | |
38 | socket = new XSslSocket; | |
39 | ||
40 | socket->setPeerVerifyMode(XSslSocket::VerifyPeer); | |
41 | socket->setProtocol(XSsl::TlsV1_1OrLater); | |
42 | ||
43 | connect(socket, &XSslSocket::encrypted, [=]() { | |
44 | printTestFailed("encrypted session was established, but should not"); | |
45 | }); | |
46 | } | |
47 | ||
48 | socket->connectToHostEncrypted("localhost", 8443); | |
52 | 49 | } |
53 | 50 | |
54 | 51 | void verifySslTestResult() |
89 | 86 | |
90 | 87 | void executeNextSslTest() |
91 | 88 | { |
92 | if (!socket) | |
93 | socket = new XSslSocket; | |
94 | ||
95 | socket->setPeerVerifyMode(XSslSocket::VerifyPeer); | |
96 | socket->setProtocol(XSsl::TlsV1_0); | |
97 | QList<XSslCipher> mediumCiphers; | |
98 | QStringList opensslCiphers = ciphers_medium_str.split(":"); | |
99 | ||
100 | for (int i = 0; i < opensslCiphers.size(); i++) { | |
101 | XSslCipher cipher = XSslCipher(opensslCiphers.at(i)); | |
102 | ||
103 | if (!cipher.isNull()) | |
104 | mediumCiphers << cipher; | |
105 | } | |
106 | if (mediumCiphers.size() == 0) { | |
107 | setResult(-1); | |
108 | printTestFailed(); | |
109 | QThread::currentThread()->quit(); | |
110 | return; | |
111 | } | |
112 | socket->setCiphers(mediumCiphers); | |
113 | ||
114 | socket->connectToHostEncrypted("localhost", 8443); | |
115 | ||
116 | if (!socket->waitForEncrypted()) { | |
117 | setResult(0); | |
118 | } else { | |
119 | setResult(-1); | |
120 | printTestFailed("encrypted session was established, but should not"); | |
121 | } | |
122 | socket->disconnectFromHost(); | |
89 | if (!socket) { | |
90 | socket = new XSslSocket; | |
91 | ||
92 | socket->setPeerVerifyMode(XSslSocket::VerifyPeer); | |
93 | socket->setProtocol(XSsl::TlsV1_0); | |
94 | QList<XSslCipher> mediumCiphers; | |
95 | QStringList opensslCiphers = ciphers_medium_str.split(":"); | |
96 | ||
97 | for (int i = 0; i < opensslCiphers.size(); i++) { | |
98 | XSslCipher cipher = XSslCipher(opensslCiphers.at(i)); | |
99 | ||
100 | if (!cipher.isNull()) | |
101 | mediumCiphers << cipher; | |
102 | } | |
103 | if (mediumCiphers.size() == 0) { | |
104 | setResult(-1); | |
105 | printTestFailed(); | |
106 | QThread::currentThread()->quit(); | |
107 | return; | |
108 | } | |
109 | socket->setCiphers(mediumCiphers); | |
110 | ||
111 | connect(socket, &XSslSocket::encrypted, [=]() { | |
112 | printTestFailed("encrypted session was established, but should not"); | |
113 | }); | |
114 | } | |
115 | ||
116 | socket->connectToHostEncrypted("localhost", 8443); | |
123 | 117 | } |
124 | 118 | |
125 | 119 | void verifySslTestResult() |
160 | 154 | |
161 | 155 | void executeNextSslTest() |
162 | 156 | { |
163 | if (!socket) | |
164 | socket = new XSslSocket; | |
165 | ||
166 | socket->setPeerVerifyMode(XSslSocket::VerifyPeer); | |
167 | socket->setProtocol(XSsl::TlsV1_0); | |
168 | QList<XSslCipher> highCiphers; | |
169 | QStringList opensslCiphers = ciphers_high_str.split(":"); | |
170 | ||
171 | for (int i = 0; i < opensslCiphers.size(); i++) { | |
172 | XSslCipher cipher = XSslCipher(opensslCiphers.at(i)); | |
173 | ||
174 | if (!cipher.isNull()) | |
175 | highCiphers << cipher; | |
176 | } | |
177 | if (highCiphers.size() == 0) { | |
178 | setResult(-1); | |
179 | printTestFailed(); | |
180 | QThread::currentThread()->quit(); | |
181 | return; | |
182 | } | |
183 | socket->setCiphers(highCiphers); | |
184 | ||
185 | socket->connectToHostEncrypted("localhost", 8443); | |
186 | ||
187 | if (!socket->waitForEncrypted()) { | |
188 | setResult(0); | |
189 | } else { | |
190 | setResult(-1); | |
191 | printTestFailed("encrypted session was established, but should not"); | |
192 | } | |
193 | socket->disconnectFromHost(); | |
157 | if (!socket) { | |
158 | socket = new XSslSocket; | |
159 | ||
160 | socket->setPeerVerifyMode(XSslSocket::VerifyPeer); | |
161 | socket->setProtocol(XSsl::TlsV1_0); | |
162 | QList<XSslCipher> highCiphers; | |
163 | QStringList opensslCiphers = ciphers_high_str.split(":"); | |
164 | ||
165 | for (int i = 0; i < opensslCiphers.size(); i++) { | |
166 | XSslCipher cipher = XSslCipher(opensslCiphers.at(i)); | |
167 | ||
168 | if (!cipher.isNull()) | |
169 | highCiphers << cipher; | |
170 | } | |
171 | if (highCiphers.size() == 0) { | |
172 | setResult(-1); | |
173 | printTestFailed(); | |
174 | QThread::currentThread()->quit(); | |
175 | return; | |
176 | } | |
177 | socket->setCiphers(highCiphers); | |
178 | ||
179 | connect(socket, &XSslSocket::encrypted, [=]() { | |
180 | printTestFailed("encrypted session was established, but should not"); | |
181 | }); | |
182 | } | |
183 | ||
184 | socket->connectToHostEncrypted("localhost", 8443); | |
194 | 185 | } |
195 | 186 | |
196 | 187 | void verifySslTestResult() |
231 | 222 | |
232 | 223 | void executeNextSslTest() |
233 | 224 | { |
234 | if (!socket) | |
235 | socket = new XSslSocket; | |
236 | ||
237 | socket->setPeerVerifyMode(XSslSocket::VerifyNone); | |
238 | socket->setProtocol(XSsl::TlsV1_0); | |
239 | QList<XSslCipher> mediumCiphers; | |
240 | QStringList opensslCiphers = ciphers_medium_str.split(":"); | |
241 | ||
242 | for (int i = 0; i < opensslCiphers.size(); i++) { | |
243 | XSslCipher cipher = XSslCipher(opensslCiphers.at(i)); | |
244 | ||
245 | if (!cipher.isNull()) | |
246 | mediumCiphers << cipher; | |
247 | } | |
248 | if (mediumCiphers.size() == 0) { | |
249 | setResult(-1); | |
250 | printTestFailed(); | |
251 | QThread::currentThread()->quit(); | |
252 | return; | |
253 | } | |
254 | socket->setCiphers(mediumCiphers); | |
255 | ||
256 | socket->connectToHostEncrypted("localhost", 8443); | |
257 | ||
258 | if (!socket->waitForEncrypted()) { | |
259 | setResult(-1); | |
260 | printTestFailed("can not establish encrypted connection"); | |
261 | } else { | |
262 | setResult(0); | |
263 | } | |
264 | socket->disconnectFromHost(); | |
225 | if (!socket) { | |
226 | socket = new XSslSocket; | |
227 | ||
228 | socket->setPeerVerifyMode(XSslSocket::VerifyNone); | |
229 | socket->setProtocol(XSsl::TlsV1_0); | |
230 | QList<XSslCipher> mediumCiphers; | |
231 | QStringList opensslCiphers = ciphers_medium_str.split(":"); | |
232 | ||
233 | for (int i = 0; i < opensslCiphers.size(); i++) { | |
234 | XSslCipher cipher = XSslCipher(opensslCiphers.at(i)); | |
235 | ||
236 | if (!cipher.isNull()) | |
237 | mediumCiphers << cipher; | |
238 | } | |
239 | if (mediumCiphers.size() == 0) { | |
240 | setResult(-1); | |
241 | printTestFailed(); | |
242 | QThread::currentThread()->quit(); | |
243 | return; | |
244 | } | |
245 | socket->setCiphers(mediumCiphers); | |
246 | ||
247 | connect(socket, &XSslSocket::encrypted, [=]() { | |
248 | }); | |
249 | } | |
250 | ||
251 | socket->connectToHostEncrypted("localhost", 8443); | |
265 | 252 | } |
266 | 253 | |
267 | 254 | void verifySslTestResult() |
303 | 290 | |
304 | 291 | void executeNextSslTest() |
305 | 292 | { |
306 | if (!socket) | |
307 | socket = new XSslSocket; | |
308 | ||
309 | socket->setPeerVerifyMode(XSslSocket::VerifyNone); | |
310 | socket->setProtocol(XSsl::TlsV1_2); | |
311 | QList<XSslCipher> mediumCiphers; | |
312 | QStringList opensslCiphers = ciphers_medium_str.split(":"); | |
313 | opensslCiphers.append(ciphers_low_str.split(":")); | |
314 | opensslCiphers.append(ciphers_export_str.split(":")); | |
315 | opensslCiphers.append(ciphers_high_str.split(":")); | |
316 | ||
317 | for (int i = 0; i < opensslCiphers.size(); i++) { | |
318 | XSslCipher cipher = XSslCipher(opensslCiphers.at(i)); | |
319 | ||
320 | if (!cipher.isNull()) | |
321 | mediumCiphers << cipher; | |
322 | } | |
323 | if (mediumCiphers.size() == 0) { | |
324 | setResult(-1); | |
325 | printTestFailed(); | |
326 | QThread::currentThread()->quit(); | |
327 | return; | |
328 | } | |
329 | socket->setCiphers(mediumCiphers); | |
330 | ||
331 | socket->connectToHostEncrypted("localhost", 8443); | |
332 | ||
333 | if (!socket->waitForEncrypted()) { | |
334 | setResult(0); | |
335 | } else { | |
336 | setResult(-1); | |
337 | printTestFailed("encrypted session was established, but should not"); | |
338 | } | |
339 | socket->disconnectFromHost(); | |
293 | if (!socket) { | |
294 | socket = new XSslSocket; | |
295 | ||
296 | socket->setPeerVerifyMode(XSslSocket::VerifyNone); | |
297 | socket->setProtocol(XSsl::TlsV1_2); | |
298 | QList<XSslCipher> mediumCiphers; | |
299 | QStringList opensslCiphers = ciphers_medium_str.split(":"); | |
300 | opensslCiphers.append(ciphers_low_str.split(":")); | |
301 | opensslCiphers.append(ciphers_export_str.split(":")); | |
302 | opensslCiphers.append(ciphers_high_str.split(":")); | |
303 | ||
304 | for (int i = 0; i < opensslCiphers.size(); i++) { | |
305 | XSslCipher cipher = XSslCipher(opensslCiphers.at(i)); | |
306 | ||
307 | if (!cipher.isNull()) | |
308 | mediumCiphers << cipher; | |
309 | } | |
310 | if (mediumCiphers.size() == 0) { | |
311 | setResult(-1); | |
312 | printTestFailed(); | |
313 | QThread::currentThread()->quit(); | |
314 | return; | |
315 | } | |
316 | socket->setCiphers(mediumCiphers); | |
317 | ||
318 | connect(socket, &XSslSocket::encrypted, [=]() { | |
319 | printTestFailed("encrypted session was established, but should not"); | |
320 | }); | |
321 | } | |
322 | ||
323 | socket->connectToHostEncrypted("localhost", 8443); | |
340 | 324 | } |
341 | 325 | |
342 | 326 | void verifySslTestResult() |
371 | 355 | int main(int argc, char *argv[]) |
372 | 356 | { |
373 | 357 | QCoreApplication a(argc, argv); |
374 | QThread thread; | |
375 | 358 | TestsLauncher *testsLauncher; |
376 | 359 | |
377 | 360 | testsLauncher = new TestsLauncher(createAutotests()); |
378 | testsLauncher->moveToThread(&thread); | |
379 | QObject::connect(&thread, &QThread::finished, testsLauncher, &QObject::deleteLater); | |
380 | QObject::connect(&thread, &QThread::started, testsLauncher, &TestsLauncher::launchTests); | |
361 | ||
381 | 362 | QObject::connect(testsLauncher, &TestsLauncher::autotestsFinished, [=](){ |
382 | 363 | qApp->exit(testsLauncher->testsResult()); |
383 | 364 | }); |
384 | 365 | |
385 | thread.start(); | |
386 | ||
387 | int ret = a.exec(); | |
388 | ||
389 | thread.quit(); | |
390 | thread.wait(); | |
391 | ||
392 | return ret; | |
366 | testsLauncher->launchNextTest(); | |
367 | ||
368 | return a.exec(); | |
393 | 369 | } |
394 | 370 | |
395 | 371 | #include "tests_SslTestCiphersTls10Med.moc" |
34 | 34 | |
35 | 35 | void executeNextSslTest() |
36 | 36 | { |
37 | if (!socket) | |
37 | if (!socket) { | |
38 | 38 | socket = new XSslSocket; |
39 | 39 | |
40 | socket->setPeerVerifyMode(XSslSocket::VerifyPeer); | |
41 | socket->setProtocol(XSsl::TlsV1_2); | |
40 | socket->setPeerVerifyMode(XSslSocket::VerifyPeer); | |
41 | socket->setProtocol(XSsl::TlsV1_2); | |
42 | ||
43 | connect(socket, &XSslSocket::encrypted, [=]() { | |
44 | printTestFailed("encrypted session was established, but should not"); | |
45 | }); | |
46 | } | |
42 | 47 | |
43 | 48 | socket->connectToHostEncrypted("localhost", 8443); |
44 | ||
45 | if (!socket->waitForEncrypted()) { | |
46 | setResult(0); | |
47 | } else { | |
48 | setResult(-1); | |
49 | printTestFailed("encrypted session was established, but should not"); | |
50 | } | |
51 | socket->disconnectFromHost(); | |
52 | 49 | } |
53 | 50 | |
54 | 51 | void verifySslTestResult() |
89 | 86 | |
90 | 87 | void executeNextSslTest() |
91 | 88 | { |
92 | if (!socket) | |
89 | if (!socket) { | |
93 | 90 | socket = new XSslSocket; |
94 | 91 | |
95 | socket->setPeerVerifyMode(XSslSocket::VerifyPeer); | |
96 | socket->setProtocol(XSsl::TlsV1_1); | |
97 | QList<XSslCipher> mediumCiphers; | |
98 | QStringList opensslCiphers = ciphers_medium_str.split(":"); | |
99 | ||
100 | for (int i = 0; i < opensslCiphers.size(); i++) { | |
101 | XSslCipher cipher = XSslCipher(opensslCiphers.at(i)); | |
102 | ||
103 | if (!cipher.isNull()) | |
104 | mediumCiphers << cipher; | |
105 | } | |
106 | if (mediumCiphers.size() == 0) { | |
107 | setResult(-1); | |
108 | printTestFailed(); | |
109 | QThread::currentThread()->quit(); | |
110 | return; | |
111 | } | |
112 | socket->setCiphers(mediumCiphers); | |
92 | socket->setPeerVerifyMode(XSslSocket::VerifyPeer); | |
93 | socket->setProtocol(XSsl::TlsV1_1); | |
94 | QList<XSslCipher> mediumCiphers; | |
95 | QStringList opensslCiphers = ciphers_medium_str.split(":"); | |
96 | ||
97 | for (int i = 0; i < opensslCiphers.size(); i++) { | |
98 | XSslCipher cipher = XSslCipher(opensslCiphers.at(i)); | |
99 | ||
100 | if (!cipher.isNull()) | |
101 | mediumCiphers << cipher; | |
102 | } | |
103 | if (mediumCiphers.size() == 0) { | |
104 | setResult(-1); | |
105 | printTestFailed(); | |
106 | QThread::currentThread()->quit(); | |
107 | return; | |
108 | } | |
109 | socket->setCiphers(mediumCiphers); | |
110 | ||
111 | connect(socket, &XSslSocket::encrypted, [=]() { | |
112 | printTestFailed("encrypted session was established, but should not"); | |
113 | }); | |
114 | } | |
113 | 115 | |
114 | 116 | socket->connectToHostEncrypted("localhost", 8443); |
115 | ||
116 | if (!socket->waitForEncrypted()) { | |
117 | setResult(0); | |
118 | } else { | |
119 | setResult(-1); | |
120 | printTestFailed("encrypted session was established, but should not"); | |
121 | } | |
122 | socket->disconnectFromHost(); | |
123 | 117 | } |
124 | 118 | |
125 | 119 | void verifySslTestResult() |
160 | 154 | |
161 | 155 | void executeNextSslTest() |
162 | 156 | { |
163 | if (!socket) | |
157 | if (!socket) { | |
164 | 158 | socket = new XSslSocket; |
165 | 159 | |
166 | socket->setPeerVerifyMode(XSslSocket::VerifyPeer); | |
167 | socket->setProtocol(XSsl::TlsV1_1); | |
168 | QList<XSslCipher> highCiphers; | |
169 | QStringList opensslCiphers = ciphers_high_str.split(":"); | |
170 | ||
171 | for (int i = 0; i < opensslCiphers.size(); i++) { | |
172 | XSslCipher cipher = XSslCipher(opensslCiphers.at(i)); | |
173 | ||
174 | if (!cipher.isNull()) | |
175 | highCiphers << cipher; | |
176 | } | |
177 | if (highCiphers.size() == 0) { | |
178 | setResult(-1); | |
179 | printTestFailed(); | |
180 | QThread::currentThread()->quit(); | |
181 | return; | |
182 | } | |
183 | socket->setCiphers(highCiphers); | |
160 | socket->setPeerVerifyMode(XSslSocket::VerifyPeer); | |
161 | socket->setProtocol(XSsl::TlsV1_1); | |
162 | QList<XSslCipher> highCiphers; | |
163 | QStringList opensslCiphers = ciphers_high_str.split(":"); | |
164 | ||
165 | for (int i = 0; i < opensslCiphers.size(); i++) { | |
166 | XSslCipher cipher = XSslCipher(opensslCiphers.at(i)); | |
167 | ||
168 | if (!cipher.isNull()) | |
169 | highCiphers << cipher; | |
170 | } | |
171 | if (highCiphers.size() == 0) { | |
172 | setResult(-1); | |
173 | printTestFailed(); | |
174 | QThread::currentThread()->quit(); | |
175 | return; | |
176 | } | |
177 | socket->setCiphers(highCiphers); | |
178 | ||
179 | connect(socket, &XSslSocket::encrypted, [=]() { | |
180 | printTestFailed("encrypted session was established, but should not"); | |
181 | }); | |
182 | } | |
184 | 183 | |
185 | 184 | socket->connectToHostEncrypted("localhost", 8443); |
186 | ||
187 | if (!socket->waitForEncrypted()) { | |
188 | setResult(0); | |
189 | } else { | |
190 | setResult(-1); | |
191 | printTestFailed("encrypted session was established, but should not"); | |
192 | } | |
193 | socket->disconnectFromHost(); | |
194 | 185 | } |
195 | 186 | |
196 | 187 | void verifySslTestResult() |
231 | 222 | |
232 | 223 | void executeNextSslTest() |
233 | 224 | { |
234 | if (!socket) | |
225 | if (!socket) { | |
235 | 226 | socket = new XSslSocket; |
236 | 227 | |
237 | socket->setPeerVerifyMode(XSslSocket::VerifyNone); | |
238 | socket->setProtocol(XSsl::TlsV1_1); | |
239 | QList<XSslCipher> mediumCiphers; | |
240 | QStringList opensslCiphers = ciphers_medium_str.split(":"); | |
241 | ||
242 | for (int i = 0; i < opensslCiphers.size(); i++) { | |
243 | XSslCipher cipher = XSslCipher(opensslCiphers.at(i)); | |
244 | ||
245 | if (!cipher.isNull()) | |
246 | mediumCiphers << cipher; | |
247 | } | |
248 | if (mediumCiphers.size() == 0) { | |
249 | setResult(-1); | |
250 | printTestFailed(); | |
251 | QThread::currentThread()->quit(); | |
252 | return; | |
253 | } | |
254 | socket->setCiphers(mediumCiphers); | |
228 | socket->setPeerVerifyMode(XSslSocket::VerifyNone); | |
229 | socket->setProtocol(XSsl::TlsV1_1); | |
230 | QList<XSslCipher> mediumCiphers; | |
231 | QStringList opensslCiphers = ciphers_medium_str.split(":"); | |
232 | ||
233 | for (int i = 0; i < opensslCiphers.size(); i++) { | |
234 | XSslCipher cipher = XSslCipher(opensslCiphers.at(i)); | |
235 | ||
236 | if (!cipher.isNull()) | |
237 | mediumCiphers << cipher; | |
238 | } | |
239 | if (mediumCiphers.size() == 0) { | |
240 | setResult(-1); | |
241 | printTestFailed(); | |
242 | QThread::currentThread()->quit(); | |
243 | return; | |
244 | } | |
245 | socket->setCiphers(mediumCiphers); | |
246 | ||
247 | connect(socket, &XSslSocket::encrypted, [=]() { | |
248 | }); | |
249 | } | |
255 | 250 | |
256 | 251 | socket->connectToHostEncrypted("localhost", 8443); |
257 | ||
258 | if (!socket->waitForEncrypted()) { | |
259 | setResult(-1); | |
260 | printTestFailed("can not establish encrypted connection"); | |
261 | } else { | |
262 | setResult(0); | |
263 | } | |
264 | socket->disconnectFromHost(); | |
265 | 252 | } |
266 | 253 | |
267 | 254 | void verifySslTestResult() |
296 | 283 | int main(int argc, char *argv[]) |
297 | 284 | { |
298 | 285 | QCoreApplication a(argc, argv); |
299 | QThread thread; | |
300 | 286 | TestsLauncher *testsLauncher; |
301 | 287 | |
302 | 288 | testsLauncher = new TestsLauncher(createAutotests()); |
303 | testsLauncher->moveToThread(&thread); | |
304 | QObject::connect(&thread, &QThread::finished, testsLauncher, &QObject::deleteLater); | |
305 | QObject::connect(&thread, &QThread::started, testsLauncher, &TestsLauncher::launchTests); | |
289 | ||
306 | 290 | QObject::connect(testsLauncher, &TestsLauncher::autotestsFinished, [=](){ |
307 | 291 | qApp->exit(testsLauncher->testsResult()); |
308 | 292 | }); |
309 | 293 | |
310 | thread.start(); | |
311 | ||
312 | int ret = a.exec(); | |
313 | ||
314 | thread.quit(); | |
315 | thread.wait(); | |
316 | ||
317 | return ret; | |
294 | testsLauncher->launchNextTest(); | |
295 | ||
296 | return a.exec(); | |
318 | 297 | } |
319 | 298 | |
320 | 299 | #include "tests_SslTestCiphersTls11Med.moc" |
34 | 34 | |
35 | 35 | void executeNextSslTest() |
36 | 36 | { |
37 | if (!socket) | |
37 | if (!socket) { | |
38 | 38 | socket = new XSslSocket; |
39 | 39 | |
40 | socket->setPeerVerifyMode(XSslSocket::VerifyPeer); | |
41 | socket->setProtocol(XSsl::TlsV1_1); | |
40 | socket->setPeerVerifyMode(XSslSocket::VerifyPeer); | |
41 | socket->setProtocol(XSsl::TlsV1_1); | |
42 | ||
43 | connect(socket, &XSslSocket::encrypted, [=]() { | |
44 | printTestFailed("encrypted session was established, but should not"); | |
45 | }); | |
46 | } | |
42 | 47 | |
43 | 48 | socket->connectToHostEncrypted("localhost", 8443); |
44 | ||
45 | if (!socket->waitForEncrypted()) { | |
46 | setResult(0); | |
47 | } else { | |
48 | setResult(-1); | |
49 | printTestFailed("encrypted session was established, but should not"); | |
50 | } | |
51 | socket->disconnectFromHost(); | |
52 | 49 | } |
53 | 50 | |
54 | 51 | void verifySslTestResult() |
89 | 86 | |
90 | 87 | void executeNextSslTest() |
91 | 88 | { |
92 | if (!socket) | |
89 | if (!socket) { | |
93 | 90 | socket = new XSslSocket; |
94 | 91 | |
95 | socket->setPeerVerifyMode(XSslSocket::VerifyPeer); | |
96 | socket->setProtocol(XSsl::TlsV1_2); | |
97 | QList<XSslCipher> mediumCiphers; | |
98 | QStringList opensslCiphers = ciphers_medium_str.split(":"); | |
99 | ||
100 | for (int i = 0; i < opensslCiphers.size(); i++) { | |
101 | XSslCipher cipher = XSslCipher(opensslCiphers.at(i)); | |
102 | ||
103 | if (!cipher.isNull()) | |
104 | mediumCiphers << cipher; | |
105 | } | |
106 | if (mediumCiphers.size() == 0) { | |
107 | setResult(-1); | |
108 | printTestFailed(); | |
109 | QThread::currentThread()->quit(); | |
110 | return; | |
111 | } | |
112 | socket->setCiphers(mediumCiphers); | |
92 | socket->setPeerVerifyMode(XSslSocket::VerifyPeer); | |
93 | socket->setProtocol(XSsl::TlsV1_2); | |
94 | QList<XSslCipher> mediumCiphers; | |
95 | QStringList opensslCiphers = ciphers_medium_str.split(":"); | |
96 | ||
97 | for (int i = 0; i < opensslCiphers.size(); i++) { | |
98 | XSslCipher cipher = XSslCipher(opensslCiphers.at(i)); | |
99 | ||
100 | if (!cipher.isNull()) | |
101 | mediumCiphers << cipher; | |
102 | } | |
103 | if (mediumCiphers.size() == 0) { | |
104 | setResult(-1); | |
105 | printTestFailed(); | |
106 | QThread::currentThread()->quit(); | |
107 | return; | |
108 | } | |
109 | socket->setCiphers(mediumCiphers); | |
110 | ||
111 | connect(socket, &XSslSocket::encrypted, [=]() { | |
112 | printTestFailed("encrypted session was established, but should not"); | |
113 | }); | |
114 | } | |
113 | 115 | |
114 | 116 | socket->connectToHostEncrypted("localhost", 8443); |
115 | ||
116 | if (!socket->waitForEncrypted()) { | |
117 | setResult(0); | |
118 | } else { | |
119 | setResult(-1); | |
120 | printTestFailed("encrypted session was established, but should not"); | |
121 | } | |
122 | socket->disconnectFromHost(); | |
123 | 117 | } |
124 | 118 | |
125 | 119 | void verifySslTestResult() |
160 | 154 | |
161 | 155 | void executeNextSslTest() |
162 | 156 | { |
163 | if (!socket) | |
157 | if (!socket) { | |
164 | 158 | socket = new XSslSocket; |
165 | 159 | |
166 | socket->setPeerVerifyMode(XSslSocket::VerifyPeer); | |
167 | socket->setProtocol(XSsl::TlsV1_2); | |
168 | QList<XSslCipher> highCiphers; | |
169 | QStringList opensslCiphers = ciphers_high_str.split(":"); | |
170 | ||
171 | for (int i = 0; i < opensslCiphers.size(); i++) { | |
172 | XSslCipher cipher = XSslCipher(opensslCiphers.at(i)); | |
173 | ||
174 | if (!cipher.isNull()) | |
175 | highCiphers << cipher; | |
176 | } | |
177 | if (highCiphers.size() == 0) { | |
178 | setResult(-1); | |
179 | printTestFailed(); | |
180 | QThread::currentThread()->quit(); | |
181 | return; | |
182 | } | |
183 | socket->setCiphers(highCiphers); | |
160 | socket->setPeerVerifyMode(XSslSocket::VerifyPeer); | |
161 | socket->setProtocol(XSsl::TlsV1_2); | |
162 | QList<XSslCipher> highCiphers; | |
163 | QStringList opensslCiphers = ciphers_high_str.split(":"); | |
164 | ||
165 | for (int i = 0; i < opensslCiphers.size(); i++) { | |
166 | XSslCipher cipher = XSslCipher(opensslCiphers.at(i)); | |
167 | ||
168 | if (!cipher.isNull()) | |
169 | highCiphers << cipher; | |
170 | } | |
171 | if (highCiphers.size() == 0) { | |
172 | setResult(-1); | |
173 | printTestFailed(); | |
174 | QThread::currentThread()->quit(); | |
175 | return; | |
176 | } | |
177 | socket->setCiphers(highCiphers); | |
178 | ||
179 | connect(socket, &XSslSocket::encrypted, [=]() { | |
180 | connect(socket, &XSslSocket::encrypted, [=]() { | |
181 | }); | |
182 | }); | |
183 | } | |
184 | 184 | |
185 | 185 | socket->connectToHostEncrypted("localhost", 8443); |
186 | ||
187 | if (!socket->waitForEncrypted()) { | |
188 | setResult(0); | |
189 | } else { | |
190 | setResult(-1); | |
191 | printTestFailed("encrypted session was established, but should not"); | |
192 | } | |
193 | socket->disconnectFromHost(); | |
194 | 186 | } |
195 | 187 | |
196 | 188 | void verifySslTestResult() |
231 | 223 | |
232 | 224 | void executeNextSslTest() |
233 | 225 | { |
234 | if (!socket) | |
226 | if (!socket) { | |
235 | 227 | socket = new XSslSocket; |
236 | 228 | |
237 | socket->setPeerVerifyMode(XSslSocket::VerifyNone); | |
238 | socket->setProtocol(XSsl::TlsV1_2); | |
239 | QList<XSslCipher> mediumCiphers; | |
240 | QStringList opensslCiphers = ciphers_medium_str.split(":"); | |
241 | ||
242 | for (int i = 0; i < opensslCiphers.size(); i++) { | |
243 | XSslCipher cipher = XSslCipher(opensslCiphers.at(i)); | |
244 | ||
245 | if (!cipher.isNull()) | |
246 | mediumCiphers << cipher; | |
247 | } | |
248 | if (mediumCiphers.size() == 0) { | |
249 | setResult(-1); | |
250 | printTestFailed(); | |
251 | QThread::currentThread()->quit(); | |
252 | return; | |
253 | } | |
254 | socket->setCiphers(mediumCiphers); | |
229 | socket->setPeerVerifyMode(XSslSocket::VerifyNone); | |
230 | socket->setProtocol(XSsl::TlsV1_2); | |
231 | QList<XSslCipher> mediumCiphers; | |
232 | QStringList opensslCiphers = ciphers_medium_str.split(":"); | |
233 | ||
234 | for (int i = 0; i < opensslCiphers.size(); i++) { | |
235 | XSslCipher cipher = XSslCipher(opensslCiphers.at(i)); | |
236 | ||
237 | if (!cipher.isNull()) | |
238 | mediumCiphers << cipher; | |
239 | } | |
240 | if (mediumCiphers.size() == 0) { | |
241 | setResult(-1); | |
242 | printTestFailed(); | |
243 | QThread::currentThread()->quit(); | |
244 | return; | |
245 | } | |
246 | socket->setCiphers(mediumCiphers); | |
247 | ||
248 | connect(socket, &XSslSocket::encrypted, [=]() { | |
249 | }); | |
250 | } | |
255 | 251 | |
256 | 252 | socket->connectToHostEncrypted("localhost", 8443); |
257 | ||
258 | if (!socket->waitForEncrypted()) { | |
259 | setResult(-1); | |
260 | printTestFailed("can not establish encrypted connection"); | |
261 | } else { | |
262 | setResult(0); | |
263 | } | |
264 | socket->disconnectFromHost(); | |
265 | 253 | } |
266 | 254 | |
267 | 255 | void verifySslTestResult() |
296 | 284 | int main(int argc, char *argv[]) |
297 | 285 | { |
298 | 286 | QCoreApplication a(argc, argv); |
299 | QThread thread; | |
300 | 287 | TestsLauncher *testsLauncher; |
301 | 288 | |
302 | 289 | testsLauncher = new TestsLauncher(createAutotests()); |
303 | testsLauncher->moveToThread(&thread); | |
304 | QObject::connect(&thread, &QThread::finished, testsLauncher, &QObject::deleteLater); | |
305 | QObject::connect(&thread, &QThread::started, testsLauncher, &TestsLauncher::launchTests); | |
290 | ||
306 | 291 | QObject::connect(testsLauncher, &TestsLauncher::autotestsFinished, [=](){ |
307 | 292 | qApp->exit(testsLauncher->testsResult()); |
308 | 293 | }); |
309 | 294 | |
310 | thread.start(); | |
311 | ||
312 | int ret = a.exec(); | |
313 | ||
314 | thread.quit(); | |
315 | thread.wait(); | |
316 | ||
317 | return ret; | |
295 | testsLauncher->launchNextTest(); | |
296 | ||
297 | return a.exec(); | |
318 | 298 | } |
319 | 299 | |
320 | 300 | #include "tests_SslTestCiphersTls12Med.moc" |
34 | 34 | |
35 | 35 | void executeNextSslTest() |
36 | 36 | { |
37 | if (!socket) | |
38 | socket = new XSslSocket; | |
39 | ||
40 | socket->setPeerVerifyMode(XSslSocket::VerifyPeer); | |
41 | socket->setProtocol(XSsl::TlsV1_1OrLater); | |
42 | ||
43 | socket->connectToHostEncrypted("localhost", 8443); | |
44 | ||
45 | if (!socket->waitForEncrypted()) { | |
46 | setResult(0); | |
47 | } else { | |
48 | setResult(-1); | |
49 | printTestFailed("encrypted session was established, but should not"); | |
50 | } | |
51 | socket->disconnectFromHost(); | |
37 | if (!socket) { | |
38 | socket = new XSslSocket; | |
39 | ||
40 | socket->setPeerVerifyMode(XSslSocket::VerifyPeer); | |
41 | socket->setProtocol(XSsl::TlsV1_1OrLater); | |
42 | ||
43 | connect(socket, &XSslSocket::encrypted, [=]() { | |
44 | printTestFailed("encrypted session was established, but should not"); | |
45 | }); | |
46 | } | |
47 | ||
48 | socket->connectToHostEncrypted("localhost", 8443); | |
52 | 49 | } |
53 | 50 | |
54 | 51 | void verifySslTestResult() |
88 | 85 | |
89 | 86 | void executeNextSslTest() |
90 | 87 | { |
91 | if (!socket) | |
92 | socket = new XSslSocket; | |
93 | ||
94 | socket->setPeerVerifyMode(XSslSocket::VerifyPeer); | |
95 | socket->setProtocol(XSsl::SslV2); | |
96 | ||
97 | socket->connectToHostEncrypted("localhost", 8443); | |
98 | ||
99 | if (!socket->waitForEncrypted()) { | |
100 | setResult(0); | |
101 | } else { | |
102 | setResult(-1); | |
103 | printTestFailed("encrypted session was established, but should not"); | |
104 | } | |
105 | socket->disconnectFromHost(); | |
88 | if (!socket) { | |
89 | socket = new XSslSocket; | |
90 | ||
91 | socket->setPeerVerifyMode(XSslSocket::VerifyPeer); | |
92 | socket->setProtocol(XSsl::SslV2); | |
93 | ||
94 | connect(socket, &XSslSocket::encrypted, [=]() { | |
95 | printTestFailed("encrypted session was established, but should not"); | |
96 | }); | |
97 | } | |
98 | ||
99 | socket->connectToHostEncrypted("localhost", 8443); | |
106 | 100 | } |
107 | 101 | |
108 | 102 | void verifySslTestResult() |
143 | 137 | |
144 | 138 | void executeNextSslTest() |
145 | 139 | { |
146 | if (!socket) | |
147 | socket = new XSslSocket; | |
148 | ||
149 | socket->setPeerVerifyMode(XSslSocket::VerifyNone); | |
150 | socket->setProtocol(XSsl::TlsV1_1OrLater); | |
151 | ||
152 | socket->connectToHostEncrypted("localhost", 8443); | |
153 | ||
154 | if (!socket->waitForEncrypted()) { | |
155 | setResult(0); | |
156 | } else { | |
157 | setResult(-1); | |
158 | printTestFailed("encrypted session was established, but should not"); | |
159 | } | |
160 | socket->disconnectFromHost(); | |
140 | if (!socket) { | |
141 | socket = new XSslSocket; | |
142 | ||
143 | socket->setPeerVerifyMode(XSslSocket::VerifyNone); | |
144 | socket->setProtocol(XSsl::TlsV1_1OrLater); | |
145 | ||
146 | connect(socket, &XSslSocket::encrypted, [=]() { | |
147 | printTestFailed("encrypted session was established, but should not"); | |
148 | }); | |
149 | } | |
150 | ||
151 | socket->connectToHostEncrypted("localhost", 8443); | |
161 | 152 | } |
162 | 153 | |
163 | 154 | void verifySslTestResult() |
198 | 189 | |
199 | 190 | void executeNextSslTest() |
200 | 191 | { |
201 | if (!socket) | |
202 | socket = new XSslSocket; | |
203 | ||
204 | socket->setPeerVerifyMode(XSslSocket::VerifyNone); | |
205 | // AnyProtocol does not include SSLv2 | |
206 | socket->setProtocol(XSsl::SslV2); | |
207 | ||
208 | socket->connectToHostEncrypted("localhost", 8443); | |
209 | ||
210 | if (!socket->waitForEncrypted()) { | |
211 | setResult(-1); | |
212 | printTestFailed("can not establish encrypted connection"); | |
213 | } else { | |
214 | setResult(0); | |
215 | } | |
216 | socket->disconnectFromHost(); | |
192 | if (!socket) { | |
193 | socket = new XSslSocket; | |
194 | ||
195 | socket->setPeerVerifyMode(XSslSocket::VerifyNone); | |
196 | // AnyProtocol does not include SSLv2 | |
197 | socket->setProtocol(XSsl::SslV2); | |
198 | ||
199 | connect(socket, &XSslSocket::encrypted, [=]() { | |
200 | }); | |
201 | } | |
202 | ||
203 | socket->connectToHostEncrypted("localhost", 8443); | |
217 | 204 | } |
218 | 205 | |
219 | 206 | void verifySslTestResult() |
247 | 234 | int main(int argc, char *argv[]) |
248 | 235 | { |
249 | 236 | QCoreApplication a(argc, argv); |
250 | QThread thread; | |
251 | 237 | TestsLauncher *testsLauncher; |
252 | 238 | |
253 | 239 | testsLauncher = new TestsLauncher(createAutotests()); |
254 | testsLauncher->moveToThread(&thread); | |
255 | QObject::connect(&thread, &QThread::finished, testsLauncher, &QObject::deleteLater); | |
256 | QObject::connect(&thread, &QThread::started, testsLauncher, &TestsLauncher::launchTests); | |
240 | ||
257 | 241 | QObject::connect(testsLauncher, &TestsLauncher::autotestsFinished, [=](){ |
258 | 242 | qApp->exit(testsLauncher->testsResult()); |
259 | 243 | }); |
260 | 244 | |
261 | thread.start(); | |
262 | ||
263 | int ret = a.exec(); | |
264 | ||
265 | thread.quit(); | |
266 | thread.wait(); | |
267 | ||
268 | return ret; | |
245 | testsLauncher->launchNextTest(); | |
246 | ||
247 | return a.exec(); | |
269 | 248 | } |
270 | 249 | |
271 | 250 | #include "tests_SslTestProtoSsl2.moc" |
34 | 34 | |
35 | 35 | void executeNextSslTest() |
36 | 36 | { |
37 | if (!socket) | |
38 | socket = new XSslSocket; | |
39 | ||
40 | socket->setPeerVerifyMode(XSslSocket::VerifyPeer); | |
41 | socket->setProtocol(XSsl::TlsV1_1OrLater); | |
42 | ||
43 | socket->connectToHostEncrypted("localhost", 8443); | |
44 | ||
45 | if (!socket->waitForEncrypted()) { | |
46 | setResult(0); | |
47 | } else { | |
48 | setResult(-1); | |
49 | printTestFailed("encrypted session was established, but should not"); | |
50 | } | |
51 | socket->disconnectFromHost(); | |
37 | if (!socket) { | |
38 | socket = new XSslSocket; | |
39 | ||
40 | socket->setPeerVerifyMode(XSslSocket::VerifyPeer); | |
41 | socket->setProtocol(XSsl::TlsV1_1OrLater); | |
42 | ||
43 | connect(socket, &XSslSocket::encrypted, [=]() { | |
44 | printTestFailed("encrypted session was established, but should not"); | |
45 | }); | |
46 | } | |
47 | ||
48 | socket->connectToHostEncrypted("localhost", 8443); | |
52 | 49 | } |
53 | 50 | |
54 | 51 | void verifySslTestResult() |
88 | 85 | |
89 | 86 | void executeNextSslTest() |
90 | 87 | { |
91 | if (!socket) | |
92 | socket = new XSslSocket; | |
93 | ||
94 | socket->setPeerVerifyMode(XSslSocket::VerifyPeer); | |
95 | socket->setProtocol(XSsl::SslV3); | |
96 | ||
97 | socket->connectToHostEncrypted("localhost", 8443); | |
98 | ||
99 | if (!socket->waitForEncrypted()) { | |
100 | setResult(0); | |
101 | } else { | |
102 | setResult(-1); | |
103 | printTestFailed("encrypted session was established, but should not"); | |
104 | } | |
105 | socket->disconnectFromHost(); | |
88 | if (!socket) { | |
89 | socket = new XSslSocket; | |
90 | ||
91 | socket->setPeerVerifyMode(XSslSocket::VerifyPeer); | |
92 | socket->setProtocol(XSsl::SslV3); | |
93 | ||
94 | connect(socket, &XSslSocket::encrypted, [=]() { | |
95 | printTestFailed("encrypted session was established, but should not"); | |
96 | }); | |
97 | } | |
98 | ||
99 | socket->connectToHostEncrypted("localhost", 8443); | |
106 | 100 | } |
107 | 101 | |
108 | 102 | void verifySslTestResult() |
143 | 137 | |
144 | 138 | void executeNextSslTest() |
145 | 139 | { |
146 | if (!socket) | |
147 | socket = new XSslSocket; | |
148 | ||
149 | socket->setPeerVerifyMode(XSslSocket::VerifyNone); | |
150 | socket->setProtocol(XSsl::TlsV1_1OrLater); | |
151 | ||
152 | socket->connectToHostEncrypted("localhost", 8443); | |
153 | ||
154 | if (!socket->waitForEncrypted()) { | |
155 | setResult(0); | |
156 | } else { | |
157 | setResult(-1); | |
158 | printTestFailed("encrypted session was established, but should not"); | |
159 | } | |
160 | socket->disconnectFromHost(); | |
140 | if (!socket) { | |
141 | socket = new XSslSocket; | |
142 | ||
143 | socket->setPeerVerifyMode(XSslSocket::VerifyNone); | |
144 | socket->setProtocol(XSsl::TlsV1_1OrLater); | |
145 | ||
146 | connect(socket, &XSslSocket::encrypted, [=]() { | |
147 | printTestFailed("encrypted session was established, but should not"); | |
148 | }); | |
149 | } | |
150 | ||
151 | socket->connectToHostEncrypted("localhost", 8443); | |
161 | 152 | } |
162 | 153 | |
163 | 154 | void verifySslTestResult() |
198 | 189 | |
199 | 190 | void executeNextSslTest() |
200 | 191 | { |
201 | if (!socket) | |
202 | socket = new XSslSocket; | |
203 | ||
204 | socket->setPeerVerifyMode(XSslSocket::VerifyNone); | |
205 | socket->setProtocol(XSsl::SslV3); | |
206 | ||
207 | socket->connectToHostEncrypted("localhost", 8443); | |
208 | ||
209 | if (!socket->waitForEncrypted()) { | |
210 | setResult(-1); | |
211 | printTestFailed("can not establish encrypted connection"); | |
212 | } else { | |
213 | setResult(0); | |
214 | } | |
215 | socket->disconnectFromHost(); | |
192 | if (!socket) { | |
193 | socket = new XSslSocket; | |
194 | ||
195 | socket->setPeerVerifyMode(XSslSocket::VerifyNone); | |
196 | socket->setProtocol(XSsl::SslV3); | |
197 | ||
198 | connect(socket, &XSslSocket::encrypted, [=]() { | |
199 | }); | |
200 | } | |
201 | ||
202 | socket->connectToHostEncrypted("localhost", 8443); | |
216 | 203 | } |
217 | 204 | |
218 | 205 | void verifySslTestResult() |
247 | 234 | int main(int argc, char *argv[]) |
248 | 235 | { |
249 | 236 | QCoreApplication a(argc, argv); |
250 | QThread thread; | |
251 | 237 | TestsLauncher *testsLauncher; |
252 | 238 | |
253 | 239 | testsLauncher = new TestsLauncher(createAutotests()); |
254 | testsLauncher->moveToThread(&thread); | |
255 | QObject::connect(&thread, &QThread::finished, testsLauncher, &QObject::deleteLater); | |
256 | QObject::connect(&thread, &QThread::started, testsLauncher, &TestsLauncher::launchTests); | |
240 | ||
257 | 241 | QObject::connect(testsLauncher, &TestsLauncher::autotestsFinished, [=](){ |
258 | 242 | qApp->exit(testsLauncher->testsResult()); |
259 | 243 | }); |
260 | 244 | |
261 | thread.start(); | |
262 | ||
263 | int ret = a.exec(); | |
264 | ||
265 | thread.quit(); | |
266 | thread.wait(); | |
267 | ||
268 | return ret; | |
245 | testsLauncher->launchNextTest(); | |
246 | ||
247 | return a.exec(); | |
269 | 248 | } |
270 | 249 | |
271 | 250 | #include "tests_SslTestProtoSsl3.moc" |
34 | 34 | |
35 | 35 | void executeNextSslTest() |
36 | 36 | { |
37 | if (!socket) | |
37 | if (!socket) { | |
38 | 38 | socket = new XSslSocket; |
39 | 39 | |
40 | socket->setPeerVerifyMode(XSslSocket::VerifyPeer); | |
41 | socket->setProtocol(XSsl::TlsV1_1OrLater); | |
40 | socket->setPeerVerifyMode(XSslSocket::VerifyPeer); | |
41 | socket->setProtocol(XSsl::TlsV1_1OrLater); | |
42 | ||
43 | connect(socket, &XSslSocket::encrypted, [=]() { | |
44 | printTestFailed("encrypted session was established, but should not"); | |
45 | }); | |
46 | } | |
42 | 47 | |
43 | 48 | socket->connectToHostEncrypted("localhost", 8443); |
44 | ||
45 | if (!socket->waitForEncrypted()) { | |
46 | setResult(0); | |
47 | } else { | |
48 | setResult(-1); | |
49 | printTestFailed("encrypted session was established, but should not"); | |
50 | } | |
51 | socket->disconnectFromHost(); | |
52 | 49 | } |
53 | 50 | |
54 | 51 | void verifySslTestResult() |
89 | 86 | |
90 | 87 | void executeNextSslTest() |
91 | 88 | { |
92 | if (!socket) | |
89 | if (!socket) { | |
93 | 90 | socket = new XSslSocket; |
94 | 91 | |
95 | socket->setPeerVerifyMode(XSslSocket::VerifyPeer); | |
96 | socket->setProtocol(XSsl::TlsV1_0); | |
92 | socket->setPeerVerifyMode(XSslSocket::VerifyPeer); | |
93 | socket->setProtocol(XSsl::TlsV1_0); | |
94 | ||
95 | connect(socket, &XSslSocket::encrypted, [=]() { | |
96 | printTestFailed("encrypted session was established, but should not"); | |
97 | }); | |
98 | } | |
97 | 99 | |
98 | 100 | socket->connectToHostEncrypted("localhost", 8443); |
99 | ||
100 | if (!socket->waitForEncrypted()) { | |
101 | setResult(0); | |
102 | } else { | |
103 | setResult(-1); | |
104 | printTestFailed("encrypted session was established, but should not"); | |
105 | } | |
106 | socket->disconnectFromHost(); | |
107 | 101 | } |
108 | 102 | |
109 | 103 | void verifySslTestResult() |
135 | 129 | int main(int argc, char *argv[]) |
136 | 130 | { |
137 | 131 | QCoreApplication a(argc, argv); |
138 | QThread thread; | |
139 | 132 | TestsLauncher *testsLauncher; |
140 | 133 | |
141 | 134 | testsLauncher = new TestsLauncher(createAutotests()); |
142 | testsLauncher->moveToThread(&thread); | |
143 | QObject::connect(&thread, &QThread::finished, testsLauncher, &QObject::deleteLater); | |
144 | QObject::connect(&thread, &QThread::started, testsLauncher, &TestsLauncher::launchTests); | |
135 | ||
145 | 136 | QObject::connect(testsLauncher, &TestsLauncher::autotestsFinished, [=](){ |
146 | 137 | qApp->exit(testsLauncher->testsResult()); |
147 | 138 | }); |
148 | 139 | |
149 | thread.start(); | |
140 | testsLauncher->launchNextTest(); | |
150 | 141 | |
151 | int ret = a.exec(); | |
152 | ||
153 | thread.quit(); | |
154 | thread.wait(); | |
155 | ||
156 | return ret; | |
142 | return a.exec(); | |
157 | 143 | } |
158 | 144 | |
159 | 145 | #include "tests_SslTestProtoTls10.moc" |
369 | 369 | // |
370 | 370 | // Sign the cert |
371 | 371 | // |
372 | d->errnumber = gnutls_x509_crt_privkey_sign(d->crt, cacrt, abstractKey, GNUTLS_DIG_SHA1, 0); | |
372 | d->errnumber = gnutls_x509_crt_privkey_sign(d->crt, cacrt, abstractKey, GNUTLS_DIG_SHA256, 0); | |
373 | 373 | |
374 | 374 | gnutls_x509_crt_deinit(cacrt); |
375 | 375 | gnutls_x509_privkey_deinit(key); |