@@ -618,6 +618,38 @@ def test_140_cas_remove_self_signed(self):
618618 for c in filtered :
619619 self .assertFalse (c .isSelfSigned ())
620620
621+ def test_150_verify_keychain (self ):
622+ """Test the verify keychain function"""
623+
624+ def testChain (path ):
625+
626+ # Test that a chain with an untrusted CA is not valid
627+ self .assertTrue (len (QgsAuthCertUtils .validateCertChain (QgsAuthCertUtils .certsFromFile (path ))) > 0 )
628+
629+ # Test that a chain with an untrusted CA is valid when the addRootCa argumentis true
630+ self .assertTrue (len (QgsAuthCertUtils .validateCertChain (QgsAuthCertUtils .certsFromFile (path ), None , True )) == 0 )
631+
632+ # Test that a chain with an untrusted CA is not valid when the addRootCa argumentis true
633+ # and a wrong domainis true
634+ self .assertTrue (len (QgsAuthCertUtils .validateCertChain (QgsAuthCertUtils .certsFromFile (path ), 'my.wrong.domain' , True )) > 0 )
635+
636+ testChain (PKIDATA + '/chain_subissuer-issuer-root.pem' )
637+ testChain (PKIDATA + '/localhost_ssl_w-chain.pem' )
638+
639+ path = PKIDATA + '/localhost_ssl_w-chain.pem'
640+
641+ # Test that a chain with an untrusted CA is not valid when the addRootCa argumentis true
642+ # and a wrong domain is set
643+ self .assertTrue (len (QgsAuthCertUtils .validateCertChain (QgsAuthCertUtils .certsFromFile (path ), 'my.wrong.domain' , True )) > 0 )
644+
645+ # Test that a chain with an untrusted CA is not valid when the addRootCa argumentis true
646+ # and a right domain is set
647+ self .assertTrue (len (QgsAuthCertUtils .validateCertChain (QgsAuthCertUtils .certsFromFile (path ), 'localhost' , True )) == 0 )
648+
649+ # Test that a chain with an untrusted CA is not valid when the addRootCa argument is false
650+ # and a right domain is set
651+ self .assertTrue (len (QgsAuthCertUtils .validateCertChain (QgsAuthCertUtils .certsFromFile (path ), 'localhost' , False )) > 0 )
652+
621653
622654if __name__ == '__main__' :
623655 unittest .main ()
0 commit comments