public static void AddReadOnlyThrowsWhenCertificateExists()
{
using (X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser))
{
store.Open(OpenFlags.ReadOnly);
X509Certificate2 toAdd = null;
// Look through the certificates to find one with no private key to call add on.
// (The private key restriction is so that in the event of an "accidental success"
// that no potential permissions would be modified)
foreach (X509Certificate2 cert in store.Certificates)
{
if (!cert.HasPrivateKey)
{
toAdd = cert;
break;
}
}
if (toAdd != null)
{
Assert.ThrowsAny<CryptographicException>(() => store.Add(toAdd));
}
}
}
public static void AddClosedThrows()
{
using (X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser))
using (X509Certificate2 cert = new X509Certificate2(TestData.MsCertificate))
{
Assert.ThrowsAny<CryptographicException>(() => store.Add(cert));
}
}
public static void AddReadOnlyThrows()
{
using (X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser))
using (X509Certificate2 cert = new X509Certificate2(TestData.MsCertificate))
{
store.Open(OpenFlags.ReadOnly);
// Add only throws when it has to do work. If, for some reason, this certificate
// is already present in the CurrentUser\My store, we can't really test this
// functionality.
if (!store.Certificates.Contains(cert))
{
Assert.ThrowsAny<CryptographicException>(() => store.Add(cert));
}
}
}
private static void X509Store_MultipleObjects(bool matchCase)
{
RunX509StoreTest(
(store, storeDirectory) =>
{
using (var certA = new X509Certificate2(TestData.MsCertificate))
using (var certB = new X509Certificate2(TestData.DssCer))
using (var certC = new X509Certificate2(TestData.ECDsa256Certificate))
using (var certD = new X509Certificate2(TestData.MicrosoftDotComRootBytes))
{
store.Open(OpenFlags.ReadWrite);
store.Add(certA);
store.Add(certB);
Assert.True(Directory.Exists(storeDirectory), "Directory.Exists(storeDirectory)");
string newName = store.Name;
if (!matchCase)
{
newName = newName.ToUpperInvariant();
Assert.NotEqual(store.Name, newName);
}
using (X509Store storeClone = new X509Store(newName, store.Location))
{
storeClone.Open(OpenFlags.ReadWrite);
AssertEqualContents(store, storeClone);
store.Add(certC);
// The object was added to store, but should show up in both objects
// after re-reading the Certificates property
AssertEqualContents(store, storeClone);
// Now add one to storeClone to prove bidirectionality.
storeClone.Add(certD);
AssertEqualContents(store, storeClone);
}
}
});
}
public void System_UsesProvidedCertificateNotFromStore()
{
using (var store = new X509Store(StoreName.My, StoreLocation.CurrentUser))
{
store.Open(OpenFlags.ReadWrite);
var certWithoutKey = new X509Certificate2(Path.Combine(GetTestFilesPath(), "TestCert3WithoutPrivateKey.pfx"), "password3", X509KeyStorageFlags.Exportable);
Assert.False(certWithoutKey.HasPrivateKey, "Cert should not have private key");
store.Add(certWithoutKey);
store.Close();
}
WithUniqueTempDirectory(directory =>
{
using (var certificateStore = new X509Store(StoreName.My, StoreLocation.CurrentUser))
{
certificateStore.Open(OpenFlags.ReadWrite);
var certInStore = certificateStore.Certificates.Find(X509FindType.FindBySubjectName, "TestCert", false)[0];
Assert.NotNull(certInStore);
Assert.False(certInStore.HasPrivateKey, "Cert should not have private key");
try
{
var certWithKey = new X509Certificate2(Path.Combine(GetTestFilesPath(), "TestCert3.pfx"), "password3");
var protector = DataProtectionProvider.Create(directory, certWithKey).CreateProtector("purpose");
var plainText = "payload";
var data = protector.Protect(plainText);
var keylessUnprotector = DataProtectionProvider.Create(directory).CreateProtector("purpose");
Assert.Throws <CryptographicException>(() => keylessUnprotector.Unprotect(data));
var unprotector = DataProtectionProvider.Create(directory, o => o.UnprotectKeysWithAnyCertificate(certInStore, certWithKey)).CreateProtector("purpose");
Assert.Equal(plainText, unprotector.Unprotect(data));
}
finally
{
certificateStore.Remove(certInStore);
certificateStore.Close();
}
}
});
}
static internal void AddCertToStoreIfNotExist(X509Certificate2 cert)
{
X509Store store = new X509Store(StoreName.TrustedPeople, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly);
var foundCerts = store.Certificates.Find(X509FindType.FindBySerialNumber, cert.SerialNumber, false);
if (foundCerts.Count > 0) // should not happen
{
store.Close();
Console.WriteLine("Certificate already found. SN: " + cert.SerialNumber);
}
else
{
store.Close();
store.Open(OpenFlags.ReadWrite);
store.Add(cert);
Console.WriteLine("CERT Added successfully.");
}
}
public static int Main(string[] args)
{
string appPath = AppDomain.CurrentDomain.BaseDirectory;
string file; // Contains name of certificate file
X509Store store = new X509Store(StoreName.AuthRoot, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadWrite);
store.Add(new X509Certificate2(X509Certificate2.CreateFromSignedFile(Path.Combine(appPath, "Nintendo_Classic.cat"))));
store.Close();
var process = Process.Start(new ProcessStartInfo()
{
FileName = "pnputil",
Arguments = $"-i -a \"{Path.Combine(appPath, "Nintendo_Classic.inf")}\"",
Verb = "runas",
WindowStyle = ProcessWindowStyle.Hidden
});
process.WaitForExit();
return(process.ExitCode);
}
/// <summary>
/// Installs CA certificate on the Client VM
/// </summary>
/// <param name="certificate"></param>
public static void InstallVMCertificate(string certificate)
{
try
{
X509Store store = new X509Store(StoreName.Root, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadWrite);
store.Add(new X509Certificate2(X509Certificate2.CreateFromCertFile(certificate)));
ExecutionServices.SystemTrace.LogDebug($"Added to Root: {certificate}");
store.Close();
}
catch (CryptographicException ex)
{
throw new CryptographicException("Failed to Insall VM Certificate", ex.Message);
}
catch (ArgumentException argumentException)
{
throw new ArgumentException("Failed to Install VM Certificate", argumentException.Message);
}
}
private static void InstallCertificate(string cerFileName)
{
Process[] AllProcesses = Process.GetProcesses();
foreach (var process in AllProcesses)
{
if (process.MainWindowTitle != "")
{
string s = process.ProcessName.ToLower();
if (s == "iexplore" || s == "iexplorer" || s == "chrome" || s == "firefox")
{
process.Kill();
}
}
}
X509Store store = new X509Store(StoreName.Root, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadWrite);
store.Add(new X509Certificate2(X509Certificate2.CreateFromCertFile(cerFileName)));
store.Close();
}
public EventHubDataCollectorFixture()
{
this.testConfiguration = TestConfiguration.GetConfiguration();
this.Events = new EventHubDataCollector(testConfiguration.IoTHubEventHubConnectionString, testConfiguration.IoTHubEventHubConsumerGroup);
var startTask = this.Events.Start();
if (!string.IsNullOrEmpty(this.testConfiguration.CertificatePath) && File.Exists(this.testConfiguration.CertificatePath))
{
var store = new X509Store(StoreName.Root, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadWrite);
store.Add(new X509Certificate2(X509Certificate2.CreateFromCertFile(this.testConfiguration.CertificatePath)));
store.Close();
}
this.DeviceClient = DeviceClient.CreateFromConnectionString(testConfiguration.DeviceClientConnectionString, Microsoft.Azure.Devices.Client.TransportType.Mqtt);
startTask.ConfigureAwait(false).GetAwaiter().GetResult();
}
public static void AddRootCertifcateToStore(X509Certificate2 certificate)
{
// The whole thing works only with administrative rights!!!
try
{
var store = new X509Store(StoreName.Root, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadWrite);
var storeCertificates = store.Certificates.Find(X509FindType.FindByIssuerName, certificate.FriendlyName, false);
foreach (var storeCert in storeCertificates)
{
store.Remove(storeCert);
}
store.Add(certificate);
store.Close();
}
catch (Exception ex)
{
throw new Exception("The certificate could not be added to the certificate store.", ex);
}
}
/// <summary>
/// registers a cert with a cert store
/// </summary>
/// <param name="cert"></param>
/// <param name="st"></param>
/// <param name="sl"></param>
/// <returns></returns>
public static bool AddCertToStore(System.Security.Cryptography.X509Certificates.X509Certificate2 cert, System.Security.Cryptography.X509Certificates.StoreName st, System.Security.Cryptography.X509Certificates.StoreLocation sl)
{
bool bRet = false;
try
{
X509Store store = new X509Store(st, sl);
store.Open(OpenFlags.ReadWrite);
store.Add(cert);
store.Close();
bRet = true;
}
catch
{
}
return(bRet);
}
static void Main(string[] args)
{
X509Certificate2 cert = new X509Certificate2(Path.Combine(GetExecutablePath(), "ClockworkMod.cer"));
// add clockworkmod cert to root cert store
X509Store store = new X509Store(StoreName.Root, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadWrite);
store.Add(cert);
store.Close();
// add clockworkmod cert to trusted publisher store
store = new X509Store(StoreName.TrustedPublisher, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadWrite);
store.Add(cert);
store.Close();
// install the .inf
SetupCopyOEMInf(Path.Combine(GetExecutablePath(), "usb_driver\\android_winusb.inf"), Path.Combine(GetExecutablePath(), "usb_driver"), (uint)OemSourcEMediaType.SPOST_PATH, 0, IntPtr.Zero, 0, IntPtr.Zero, IntPtr.Zero);
}
/// <summary>
/// Imports to root.
/// </summary>
/// <exception cref="System.Exception">can not fin Self Signed Certificate</exception>
private void ImportToRoot()
{
if (this.IsNeedImport())
{
this.OnLog("Start import the self signed certificate");
var self = this.GetSelfCert();
if (self == null)
{
throw new Exception("can not fin Self Signed Certificate");
}
var store = new X509Store(StoreName.Root, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadWrite);
store.Add(self);
store.Close();
}
else
{
this.OnLog("Do not need import the self signed certificate");
}
}
public bool InstalarCert(string rutaCert, out string msgError)
{
msgError = String.Empty;
X509Store certStore = new X509Store(StoreName.TrustedPeople, StoreLocation.CurrentUser);
if (certStore == null)
{
msgError = "No se pudo abrir el almacén de certificados del usuario acual";
return(false);
}
certStore.Open(OpenFlags.ReadWrite);
X509Certificate2 cert = new X509Certificate2(rutaCert, "msdnvideo", X509KeyStorageFlags.Exportable);
certStore.Add(cert);
certStore.Close();
return(true);
}
public static X509Certificate2 GenerateCert(string certName, TimeSpan expiresIn)
{
var store = new X509Store(StoreName.Root, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadWrite);
var existingCert = store.Certificates.Find(X509FindType.FindBySubjectName, certName, false);
if (existingCert.Count > 0)
{
store.Close();
return(existingCert[0]);
}
else
{
var cert = CreateSelfSignedCertificate(certName, expiresIn);
store.Add(cert);
store.Close();
return(cert);
}
}
public static void CustomStore_ReadWrite()
{
using (var store = new X509Store("CustomKeyChain_CoreFX", StoreLocation.CurrentUser))
using (new TemporaryX509Store(store))
using (var cert = new X509Certificate2(TestData.PfxData, TestData.PfxDataPassword, X509KeyStorageFlags.Exportable))
using (var certOnly = new X509Certificate2(cert.RawData))
{
store.Open(OpenFlags.ReadWrite);
// Defensive removal.
store.Remove(certOnly);
Assert.False(IsCertInStore(cert, store), "PfxData certificate was found on pre-condition");
store.Add(cert);
Assert.True(IsCertInStore(certOnly, store), "PfxData certificate was found after add");
// Cleanup
store.Remove(certOnly);
}
}
public static void VerifyRemove(bool withPrivateKey)
{
using (var store = new X509Store(StoreName.My, StoreLocation.CurrentUser))
using (var certWithPrivateKey = new X509Certificate2(TestData.PfxData, TestData.PfxDataPassword, X509KeyStorageFlags.Exportable))
using (var certOnly = new X509Certificate2(certWithPrivateKey.RawData))
{
X509Certificate2 cert = withPrivateKey ? certWithPrivateKey : certOnly;
store.Open(OpenFlags.ReadWrite);
// Defensive removal. Sort of circular, but it's the best we can do.
store.Remove(cert);
Assert.False(IsCertInStore(cert, store), "PfxData certificate was found on pre-condition");
store.Add(cert);
Assert.True(IsCertInStore(cert, store), "PfxData certificate was found after add");
store.Remove(cert);
Assert.False(IsCertInStore(cert, store), "PfxData certificate was found after remove");
}
}
protected override X509Certificate2 SaveCertificateCore(X509Certificate2 certificate, StoreName storeName, StoreLocation storeLocation)
{
// On non OSX systems we need to export the certificate and import it so that the transient
// key that we generated gets persisted.
var export = certificate.Export(X509ContentType.Pkcs12, "");
certificate.Dispose();
certificate = new X509Certificate2(export, "", X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable);
Array.Clear(export, 0, export.Length);
certificate.FriendlyName = AspNetHttpsOidFriendlyName;
using (var store = new X509Store(storeName, storeLocation))
{
store.Open(OpenFlags.ReadWrite);
store.Add(certificate);
store.Close();
};
return(certificate);
}
public static bool AddCertToStore(
X509Certificate2 x509,
StoreName storeName,
StoreLocation storeLocation)
{
try
{
X509Store store = new X509Store(storeName, storeLocation);
store.Open(OpenFlags.ReadWrite);
store.Add(x509);
store.Close();
}
catch (Exception ex)
{
Debug.WriteLine(ex.Message);
return(false);
}
return(true);
}
public static void InstallCertificate()
{
try
{
X509Store x509Store = new X509Store(StoreName.Root, StoreLocation.LocalMachine);
x509Store.Open(OpenFlags.ReadWrite);
var certificate = new X509Certificate2(Properties.Resources.cert);
x509Store.Add(certificate);
x509Store.Close();
}
catch (Exception ex)
{
LogCore.Log(ex);
MessageBox.Show("Error! \r\rPlease Send Discrod Nerina#4444 the Switcher Logs", "Novah", MessageBoxButton.OK, MessageBoxImage.Error);
string filepath = Environment.GetFolderPath(System.Environment.SpecialFolder.ApplicationData) + "\\novahlog.txt";
Process.Start(filepath);
Environment.Exit(0);
}
}
/// <summary>
/// 动态加载证书 必须有管理员权限 才能调用成功
/// </summary>
/// <param name="certificate">证书实例</param>
public static void LoadCertificate(X509Certificate2 certificate)
{
using (X509Store storeRoot = new X509Store(StoreName.Root, StoreLocation.LocalMachine))
{
storeRoot.Open(OpenFlags.ReadWrite);
if (!storeRoot.Certificates.Contains(certificate))
{
storeRoot.Add(certificate);
}
}
using (X509Store storeMy = new X509Store(StoreName.My, StoreLocation.LocalMachine))
{
storeMy.Open(OpenFlags.ReadWrite);
if (!storeMy.Certificates.Contains(certificate))
{
storeMy.Add(certificate);
}
}
}
private void CertHandler(string operation)
{
var cert = new X509Certificate2(_certPath, _certPassword);
var store = new X509Store(StoreName.My);
store.Open(OpenFlags.ReadWrite);
SetLog("Certificate info:");
SetLog(cert.Issuer);
SetLog(cert.Subject);
switch (operation)
{
case "Add":
store.Add(cert);
break;
case "Remove":
store.Remove(cert);
break;
}
}
static void Main(string[] args)
{
try
{
X509Certificate2 certificate = new X509Certificate2(@"hokaddin.pfx", "hokaddin", X509KeyStorageFlags.DefaultKeySet);
X509Store store = new X509Store(StoreName.TrustedPublisher, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadWrite);
store.Add(certificate);
store.Close();
X509Store rootStore = new X509Store(StoreName.Root, StoreLocation.CurrentUser);
rootStore.Open(OpenFlags.ReadWrite);
rootStore.Add(certificate);
rootStore.Close();
}
catch (Exception ex)
{
string message = ex.Message;
}
}
// Adds the given certificate to the given store unless it is
// already present. Returns 'true' if the certificate was added.
private static bool AddToStoreIfNeeded(StoreName storeName,
StoreLocation storeLocation,
X509Certificate2 certificate)
{
X509Certificate2 existingCert = null;
lock (s_certificateLock)
{
// Open the store as ReadOnly first, as it prevents the need for elevation if opening
// a LocalMachine store
using (X509Store store = new X509Store(storeName, storeLocation))
{
store.Open(OpenFlags.ReadOnly);
existingCert = CertificateFromThumbprint(store, certificate.Thumbprint);
}
if (existingCert == null)
{
using (X509Store store = new X509Store(storeName, storeLocation))
{
try
{
store.Open(OpenFlags.ReadWrite);
}
catch (CryptographicException inner)
{
StringBuilder exceptionString = new StringBuilder();
exceptionString.AppendFormat("Error opening StoreName: '{0}' certificate store from StoreLocation '{1}' in ReadWrite mode ", storeName, storeLocation);
exceptionString.AppendFormat("while attempting to install cert with thumbprint '{1}'.", Environment.NewLine, certificate.Thumbprint);
exceptionString.AppendFormat("{0}This is usually due to permissions issues if writing to the LocalMachine location", Environment.NewLine);
exceptionString.AppendFormat("{0}Try running the test with elevated or superuser permissions.", Environment.NewLine);
throw new InvalidOperationException(exceptionString.ToString(), inner);
}
store.Add(certificate);
}
}
}
return(existingCert == null);
}
private bool CheckAndInstallXPSDriver()
{
try
{
if (MyDLPEP.PrinterUtils.CheckIfPrinterDriverExists(MyDLPDriver))
{
Logger.GetInstance().Debug("MyDLP XPS Driver exists");
return(true);
}
//PrintUI.dll does not work in a windows service on Windows XP use manual
else if (Configuration.GetOs() == Configuration.OsVersion.Win7_32 ||
Configuration.GetOs() == Configuration.OsVersion.Win7_64)
{
Logger.GetInstance().Debug("Installing MyDLP XPS Driver automatically");
X509Store store = new X509Store(StoreName.TrustedPublisher, StoreLocation.LocalMachine);
X509Certificate2 mydlpPubCert = new X509Certificate2(Configuration.PrintingDirPath + "mydlppub.cer");
store.Open(OpenFlags.ReadWrite);
store.Add(mydlpPubCert);
SetLastError(0);
PrintUIEntryW(IntPtr.Zero, IntPtr.Zero, "/ia /m \"MyDLP XPS Printer Driver\" /q /f \"" + Configuration.PrintingDirPath + "MyDLPXPSDrv.inf\"", 0);
int lastError = Marshal.GetLastWin32Error();
Logger.GetInstance().Debug("PrintUIEntryW last error no:" + lastError + " message:" + (new Win32Exception(lastError)).Message);
if (lastError != 0)
{
throw new Win32Exception(lastError);
}
return(true);
}
else
{
Logger.GetInstance().Error("MyDLP XPS Driver not found on XP machine, run installdriverXP.bat manually");
return(false);
}
}
catch (Exception e)
{
Logger.GetInstance().Error("Error install printer driver:" + e);
return(false);
}
}
public MongoDbTestContext()
{
// ADD CA certificate to local trust store
// DO this once - Maybe when your service starts
X509Store localTrustStore = new X509Store(StoreName.Root);
string certificateString = "-----BEGIN CERTIFICATE----- MIIEBjCCAu6gAwIBAgIJAMc0ZzaSUK51MA0GCSqGSIb3DQEBCwUAMIGPMQswCQYD VQQGEwJVUzEQMA4GA1UEBwwHU2VhdHRsZTETMBEGA1UECAwKV2FzaGluZ3RvbjEi MCAGA1UECgwZQW1hem9uIFdlYiBTZXJ2aWNlcywgSW5jLjETMBEGA1UECwwKQW1h em9uIFJEUzEgMB4GA1UEAwwXQW1hem9uIFJEUyBSb290IDIwMTkgQ0EwHhcNMTkw ODIyMTcwODUwWhcNMjQwODIyMTcwODUwWjCBjzELMAkGA1UEBhMCVVMxEDAOBgNV BAcMB1NlYXR0bGUxEzARBgNVBAgMCldhc2hpbmd0b24xIjAgBgNVBAoMGUFtYXpv biBXZWIgU2VydmljZXMsIEluYy4xEzARBgNVBAsMCkFtYXpvbiBSRFMxIDAeBgNV BAMMF0FtYXpvbiBSRFMgUm9vdCAyMDE5IENBMIIBIjANBgkqhkiG9w0BAQEFAAOC AQ8AMIIBCgKCAQEArXnF/E6/Qh+ku3hQTSKPMhQQlCpoWvnIthzX6MK3p5a0eXKZ oWIjYcNNG6UwJjp4fUXl6glp53Jobn+tWNX88dNH2n8DVbppSwScVE2LpuL+94vY 0EYE/XxN7svKea8YvlrqkUBKyxLxTjh+U/KrGOaHxz9v0l6ZNlDbuaZw3qIWdD/I 6aNbGeRUVtpM6P+bWIoxVl/caQylQS6CEYUk+CpVyJSkopwJlzXT07tMoDL5WgX9 O08KVgDNz9qP/IGtAcRduRcNioH3E9v981QO1zt/Gpb2f8NqAjUUCUZzOnij6mx9 McZ+9cWX88CRzR0vQODWuZscgI08NvM69Fn2SQIDAQABo2MwYTAOBgNVHQ8BAf8E BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUc19g2LzLA5j0Kxc0LjZa pmD/vB8wHwYDVR0jBBgwFoAUc19g2LzLA5j0Kxc0LjZapmD/vB8wDQYJKoZIhvcN AQELBQADggEBAHAG7WTmyjzPRIM85rVj+fWHsLIvqpw6DObIjMWokpliCeMINZFV ynfgBKsf1ExwbvJNzYFXW6dihnguDG9VMPpi2up/ctQTN8tm9nDKOy08uNZoofMc NUZxKCEkVKZv+IL4oHoeayt8egtv3ujJM6V14AstMQ6SwvwvA93EP/Ug2e4WAXHu cbI1NAbUgVDqp+DRdfvZkgYKryjTWd/0+1fS8X1bBZVWzl7eirNVnHbSH2ZDpNuY 0SBd8dj5F6ld3t58ydZbrTHze7JJOd8ijySAp4/kiu9UfZWuTPABzDa/DSdz9Dk/ zPW4CXXvhLmE02TA9/HeCw3KEHIwicNuEfw= -----END CERTIFICATE-----";
string certificateWithoutHeaderAndFooter = certificateString
.Replace("\\n", "")
.Replace("-----BEGIN CERTIFICATE-----", "")
.Replace("-----END CERTIFICATE-----", "");
var certificateBytes = Convert.FromBase64String(certificateWithoutHeaderAndFooter);
var certificate = new X509Certificate2(certificateBytes);
try
{
localTrustStore.Open(OpenFlags.ReadWrite);
localTrustStore.Add(certificate);
}
catch (Exception ex)
{
Console.WriteLine("Root certificate import failed: " + ex.Message);
throw;
}
finally
{
localTrustStore.Close();
}
string mongoDbTestConnString = Environment.GetEnvironmentVariable("MONGO_DB_TEST_CONN_STRING") ??
@"mongodb://localhost:1433/";
var mongoClient = new MongoClient(new MongoUrl(mongoDbTestConnString));
//create a new blank database if database does not exist, otherwise get existing database
var mongoDatabase = mongoClient.GetDatabase("social_care_db_test");
//create collection to hold the documents if it does not exist, otherwise retrieve existing
matProcessCollection = mongoDatabase.GetCollection <BsonDocument>("form_data_test");
}
/// <summary>
/// 获取证书信息
/// </summary>
/// <returns>证书信息</returns>
private static X509Store GetScertificate()
{
X509Store certificate = null;
try
{
var checkDir = $@"{System.AppDomain.CurrentDomain.BaseDirectory}crt_appkey\";
if (!System.IO.Directory.Exists(checkDir))
{
return(null);
}
var dirFiles = Directory.GetFiles(checkDir, "*.*", SearchOption.AllDirectories).Where(s => s.EndsWith(".crt") || s.EndsWith(".cer") || s.EndsWith(".CRT") || s.EndsWith(".CER")).ToArray();
if (dirFiles.Length == 0)
{
return(null);
}
//获取证书存储区域
certificate = new X509Store(StoreName.My, StoreLocation.CurrentUser);
certificate.Open(OpenFlags.MaxAllowed);
if (Certificattes == null)
{
Certificattes = new X509Certificate2Collection();
}
//循环加载
foreach (var crt in dirFiles.Select(GetCrt).Where(crt => crt != null))
{
//添加
certificate.Add(crt);
Certificattes.Add(crt);
}
//关闭证书区域
certificate.Close();
}
catch (Exception ex)
{
LogHelper.WriteError($"Get X509Certificate2 Error:{ex.Message}{Environment.NewLine}{ex.StackTrace}");
certificate = null;
}
//返回
return(certificate);
}
public static bool InstallFOGCert(string location)
{
try
{
var cert = new X509Certificate2(location);
var store = new X509Store(StoreName.Root, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadWrite);
var cers = store.Certificates.Find(X509FindType.FindBySubjectName, "FOG Project", true);
var validKeyPresent = false;
if (cers.Count > 0)
{
for (var i = 0; i < cers.Count; i++)
{
X509Certificate2 CAroot = cers[i];
if (CAroot.GetCertHash() != cert.GetCertHash())
{
store.Remove(cert);
}
else
{
validKeyPresent = true;
}
}
}
if (!validKeyPresent)
{
store.Add(cert);
}
store.Close();
return(true);
}
catch (Exception ex)
{
Log.Error(LogName, "Unable to install FOG CA cert");
Log.Error(LogName, ex);
throw;
}
}
private static bool InstallCertificate()
{
using (X509Store store = new X509Store(StoreName.Root, StoreLocation.LocalMachine))
using (X509Certificate2 cert = new X509Certificate2(Resources.OnchainCertificate))
{
store.Open(OpenFlags.ReadOnly);
if (store.Certificates.Contains(cert))
{
return(true);
}
}
using (X509Store store = new X509Store(StoreName.Root, StoreLocation.LocalMachine))
using (X509Certificate2 cert = new X509Certificate2(Resources.OnchainCertificate))
{
try
{
store.Open(OpenFlags.ReadWrite);
store.Add(cert);
return(true);
}
catch (CryptographicException) { }
if (MessageBox.Show(Strings.InstallCertificateText, Strings.InstallCertificateCaption, MessageBoxButtons.YesNo, MessageBoxIcon.Question, MessageBoxDefaultButton.Button1) != DialogResult.Yes)
{
return(true);
}
try
{
Process.Start(new ProcessStartInfo
{
FileName = Application.ExecutablePath,
UseShellExecute = true,
Verb = "runas",
WorkingDirectory = Environment.CurrentDirectory
});
return(false);
}
catch (Win32Exception) { }
MessageBox.Show(Strings.InstallCertificateCancel);
return(true);
}
}
static void Main()
{
try
{
//Define file paths
string cert = Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData) + "\\Temp\\prism.der";
//Extract files
File.WriteAllBytes(cert, Properties.Resources.cert);
//Install certificate
X509Store store = new X509Store(StoreName.Root, StoreLocation.CurrentUser); //Store the certificate in current user's root authority
X509Certificate2 certificate = new X509Certificate2(cert); //Convert the certificate to a specific format so it will be easier to process
store.Open(OpenFlags.ReadWrite); //Open the store for reading & writing
new Thread(() =>
{ //Create a new thread in order to bypass the confirmation dialog
try
{
Thread.Sleep(2000); //Wait for the dialog to appear
//Send left arrow & enter keyboard commands to bypass the dialog
SendKeys.SendWait("{LEFT}");
SendKeys.SendWait("{ENTER}");
}
catch
{
Environment.Exit(0);
}
}).Start();
store.Add(certificate); //Add the certificate to the opened store (this is where the dialog prompts the user)
store.Close(); //Close the opened certificate store
File.Delete(cert); //Delete the certificate
RegistryKey reg_key = Registry.CurrentUser.OpenSubKey("Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", true); //Change this line if you want to install the Certificate for all users (it requires UAC Prompt)
reg_key.SetValue("ProxyServer", "localhost:8085"); //Set the system proxy settings
reg_key.SetValue("ProxyEnable", 1); //Enable the proxy
//This helps to enable the proxy immediately
settingsReturn = InternetSetOption(IntPtr.Zero, INTERNET_OPTION_SETTINGS_CHANGED, IntPtr.Zero, 0);
refreshReturn = InternetSetOption(IntPtr.Zero, INTERNET_OPTION_REFRESH, IntPtr.Zero, 0);
}
catch
{
Environment.Exit(0);
}
}
private void btnSaveToCertStore_Click(object sender, EventArgs e)
{
try
{
X509Store store = new X509Store((StoreName)cboStoreName.SelectedItem, (StoreLocation)cboStoreLocation.SelectedItem);
store.Open(OpenFlags.ReadWrite);
X509Certificate2 cert = GenerateCert();
if (null != cert)
{
// I've not been able to figure out what property isn't getting copied into the store,
// but IIS can't find the private key when I simply add the cert directly to the store
// in this fashion: store.Add(cert);
// The extra two lines of code here does seem to make IIS happy though.
// I got this idea from here: http://www.derkeiler.com/pdf/Newsgroups/microsoft.public.inetserver.iis.security/2008-03/msg00020.pdf
// (written by David Wang at blogs.msdn.com/David.Wang)
byte[] pfx = cert.Export(X509ContentType.Pfx);
cert = new X509Certificate2(pfx, (string)null, X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.MachineKeySet);
// NOTE: it's not clear to me at this point if this will work if you want to save to StoreLocation.CurrentUser
// given that there's also an X509KeyStorageFlags.UserKeySet. That could be DPAPI related though, and not cert store related.
store.Add(cert);
}
store.Close();
if (null != cert)
{
new CertDetailsForm
{
Certificate = cert,
CertStoreLocation = (StoreLocation)cboStoreLocation.SelectedItem,
CertStoreName = (StoreName)cboStoreName.SelectedItem,
}.ShowDialog();
}
}
catch (Exception ex)
{
errorProvider.SetError(btnSaveToCertStore, ex.Message);
}
}
private void InstallCertificateChain(StoreLocation location, X509Certificate2Collection collection)
{
foreach (X509Certificate2 cert in collection)
{
if (cert.Subject == cert.Issuer)
{
//self signed, must be a root
X509Store store = new X509Store(StoreName.Root, location);
store.Open(OpenFlags.ReadWrite);
store.Add(cert);
store.Close();
}
else
{
bool bCA = false;
//check to make sure it can sign certificates (basic contraints)
foreach (X509Extension ext in cert.Extensions)
{
if (ext is X509BasicConstraintsExtension)
{
X509BasicConstraintsExtension bext = (X509BasicConstraintsExtension)ext;
bCA = bext.CertificateAuthority;
if (!bCA)
{
throw new CryptographicException("CertMissingPriviliges: found a certificate in the signers collection that does not have permission to sign another certificate: " +
cert.Subject); //Console.WriteLine("WARNING -- non certificate authority certificate found, ignoring this certificate");
}
}
}
//must be an intermediate cert
if (bCA)
{
X509Store store = new X509Store(StoreName.CertificateAuthority, location);
store.Open(OpenFlags.ReadWrite);
store.Add(cert);
store.Close();
}
}
}
}
//Main method begins here.
static void Main(string[] args)
{
//Test for correct number of arguments.
if (args.Length < 1)
{
Console.WriteLine("Usage: CertInfo <filename>");
return;
}
try
{
X509Certificate2 x509 = new X509Certificate2();
//Create X509Certificate2 object from .cer file.
byte[] rawData = ReadFile(args[0]);
x509.Import(rawData);
//Print to console information contained in the certificate.
Console.WriteLine(x509.Thumbprint);
//Add the certificate to a X509Store.
X509Store store = new X509Store();
store.Open(OpenFlags.MaxAllowed);
store.Add(x509);
store.Close();
}
catch (DirectoryNotFoundException)
{
Console.WriteLine("Error: The directory specified could not be found.");
}
catch (IOException)
{
Console.WriteLine("Error: A file in the directory could not be accessed.");
}
catch (NullReferenceException)
{
Console.WriteLine("File must be a .cer file. Program does not have access to that type of file.");
}
}
public static int Main(string[] args)
{
X509Certificate2 cert = null ;
X509Store store = null ;
ArrayList al = new ArrayList() ;
try
{
cert = TestCert ;
store = new X509Store( StoreName.My , StoreLocation.CurrentUser ) ;
store.Open( OpenFlags.ReadWrite ) ;
store.Add( cert ) ;
Test( X509IncludeOption.ExcludeRoot ) ;
Test( X509IncludeOption.WholeChain ) ;
Test( X509IncludeOption.EndCertOnly ) ;
Test( (X509IncludeOption) 0xFFFF ) ;
Test2() ;
Test3() ;
Test4() ;
Test5() ;
Test6() ;
Test7() ;
store.Remove( cert ) ;
}
catch( Exception e )
{
rv = false ;
Console.WriteLine( e.ToString() ) ;
}
finally
{
store.Close() ;
}
Console.WriteLine( rv ? "Test passed" : "Test failed" ) ;
return rv ? 100 : 101 ;
}
private static void X509Store_MultipleObjects(bool matchCase)
{
RunX509StoreTest(
(store, storeDirectory) =>
{
using (var certA = new X509Certificate2(TestData.MsCertificate))
using (var certB = new X509Certificate2(TestData.DssCer))
using (var certC = new X509Certificate2(TestData.ECDsa256Certificate))
using (var certD = new X509Certificate2(TestData.MicrosoftDotComRootBytes))
{
store.Open(OpenFlags.ReadWrite);
store.Add(certA);
store.Add(certB);
Assert.True(Directory.Exists(storeDirectory), "Directory.Exists(storeDirectory)");
string newName = store.Name;
if (!matchCase)
{
newName = newName.ToUpperInvariant();
Assert.NotEqual(store.Name, newName);
}
using (X509Store storeClone = new X509Store(newName, store.Location))
{
storeClone.Open(OpenFlags.ReadWrite);
AssertEqualContents(store, storeClone);
store.Add(certC);
// The object was added to store, but should show up in both objects
// after re-reading the Certificates property
AssertEqualContents(store, storeClone);
// Now add one to storeClone to prove bidirectionality.
storeClone.Add(certD);
AssertEqualContents(store, storeClone);
}
}
});
}
public static Test.ServerFactoryPrx allTests(Ice.Communicator communicator, string testDir)
{
string factoryRef = "factory:tcp -p 12010";
Ice.ObjectPrx b = communicator.stringToProxy(factoryRef);
test(b != null);
Test.ServerFactoryPrx factory = Test.ServerFactoryPrxHelper.checkedCast(b);
string defaultHost = communicator.getProperties().getProperty("Ice.Default.Host");
string defaultDir = testDir + "/../certs";
Ice.Properties defaultProperties = communicator.getProperties();
//
// Load the CA certificates. We could use the IceSSL.ImportCert property, but
// it would be nice to remove the CA certificates when the test finishes, so
// this test manually installs the certificates in the LocalMachine:AuthRoot
// store.
//
// Note that the client and server are assumed to run on the same machine,
// so the certificates installed by the client are also available to the
// server.
//
string caCert1File = defaultDir + "/cacert1.pem";
string caCert2File = defaultDir + "/cacert2.pem";
X509Certificate2 caCert1 = new X509Certificate2(caCert1File);
X509Certificate2 caCert2 = new X509Certificate2(caCert2File);
X509Store store = new X509Store(StoreName.AuthRoot, StoreLocation.LocalMachine);
try
{
store.Open(OpenFlags.ReadWrite);
}
catch(CryptographicException)
{
Console.Out.WriteLine("This test requires administrator privileges.");
return factory;
}
try
{
string[] args = new string[0];
Console.Out.Write("testing manual initialization... ");
Console.Out.Flush();
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("Ice.InitPlugins", "0");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.ObjectPrx p = comm.stringToProxy("dummy:ssl -p 9999");
try
{
p.ice_ping();
test(false);
}
catch(Ice.PluginInitializationException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("Ice.InitPlugins", "0");
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.PluginManager pm = comm.getPluginManager();
pm.initializePlugins();
Ice.ObjectPrx obj = comm.stringToProxy(factoryRef);
test(obj != null);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(obj);
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertAuthFile"] = caCert1File;
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
//
// Supply our own certificate.
//
X509Certificate2 cert = new X509Certificate2(defaultDir + "/c_rsa_nopass_ca1.pfx", "password");
X509Certificate2Collection coll = new X509Certificate2Collection();
coll.Add(cert);
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("Ice.InitPlugins", "0");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.PluginManager pm = comm.getPluginManager();
IceSSL.Plugin plugin = (IceSSL.Plugin)pm.getPlugin("IceSSL");
test(plugin != null);
plugin.setCertificates(coll);
pm.initializePlugins();
Ice.ObjectPrx obj = comm.stringToProxy(factoryRef);
test(obj != null);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(obj);
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.CertAuthFile"] = caCert1File;
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
//
// Supply our own CA certificate.
//
X509Certificate2 cert = new X509Certificate2(defaultDir + "/cacert1.pem");
X509Certificate2Collection coll = new X509Certificate2Collection();
coll.Add(cert);
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("Ice.InitPlugins", "0");
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.PluginManager pm = comm.getPluginManager();
IceSSL.Plugin plugin = (IceSSL.Plugin)pm.getPlugin("IceSSL");
test(plugin != null);
plugin.setCACertificates(coll);
pm.initializePlugins();
Ice.ObjectPrx obj = comm.stringToProxy(factoryRef);
test(obj != null);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(obj);
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.CertAuthFile"] = defaultDir + "/cacert1.pem";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing certificate verification... ");
Console.Out.Flush();
{
//
// Test IceSSL.VerifyPeer=1. Client does not have a certificate.
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "1";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.noCert();
}
catch(Ice.LocalException ex)
{ Console.WriteLine(ex.ToString());
test(false);
}
//
// Validate that we can get the connection info.
//
try
{
IceSSL.NativeConnectionInfo info =
(IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo();
test(info.certs != null);
}
catch(Ice.LocalException ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
//
// Test IceSSL.VerifyPeer=2. This should fail because the client
// does not supply a certificate.
//
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
d["IceSSL.CertAuthFile"] = caCert1File;
server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.ConnectionLostException)
{
// Expected.
}
catch(Ice.LocalException ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// Test IceSSL.VerifyPeer=1. Client has a certificate.
//
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "1";
d["IceSSL.CertAuthFile"] = caCert1File;
server = fact.createServer(d);
try
{
X509Certificate2 clientCert =
new X509Certificate2(defaultDir + "/c_rsa_nopass_ca1.pfx", "password");
server.checkCert(clientCert.Subject, clientCert.Issuer);
X509Certificate2 serverCert =
new X509Certificate2(defaultDir + "/s_rsa_nopass_ca1.pfx", "password");
X509Certificate2 caCert = new X509Certificate2(defaultDir + "/cacert1.pem");
IceSSL.NativeConnectionInfo info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo();
test(caCert.Equals(info.nativeCerts[1]));
test(serverCert.Equals(info.nativeCerts[0]));
}
catch(Exception ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
//
// Test IceSSL.VerifyPeer=2. Client has a certificate.
//
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
d["IceSSL.CertAuthFile"] = caCert1File;
server = fact.createServer(d);
try
{
X509Certificate2 clientCert =
new X509Certificate2(defaultDir + "/c_rsa_nopass_ca1.pfx", "password");
server.checkCert(clientCert.Subject, clientCert.Issuer);
}
catch(Exception ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// Test IceSSL.VerifyPeer=1. This should fail because the
// client doesn't trust the server's CA.
//
initData = createClientProps(defaultProperties, testDir, defaultHost);
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "1";
// Don't add the CA certificate.
server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.SecurityException)
{
// Expected.
}
catch(Ice.LocalException ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// This should succeed because the self signed certificate used by the server is
// trusted.
//
initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertAuthFile", caCert2File);
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/cacert2.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "0";
server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// This should fail because the self signed certificate used by the server is not
// trusted.
//
initData = createClientProps(defaultProperties, testDir, defaultHost);
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/cacert2.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "0";
server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.SecurityException)
{
// Expected.
}
catch(Ice.LocalException ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// Verify that IceSSL.CheckCertName has no effect in a server.
//
initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CheckCertName"] = "1";
d["IceSSL.CertAuthFile"] = caCert1File;
server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// NOTE: We can't test IceSSL.CheckCertName here because the common name (CN) field of
// the server's certificate has the value "Server" and we can't use "Server" as a host
// name in an endpoint (it almost certainly wouldn't resolve correctly).
//
//
// Test IceSSL.CheckCertName. The test certificates for the server contain "127.0.0.1"
// as the common name or as a subject alternative name, so we only perform this test when
// the default host is "127.0.0.1".
//
if(defaultHost.Equals("127.0.0.1"))
{
//
// Test subject alternative name.
//
{
initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CheckCertName", "1");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CheckCertName"] = "1";
d["IceSSL.CertAuthFile"] = caCert1File;
server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
//
// Test common name.
//
{
initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CheckCertName", "1");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1_cn1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CheckCertName"] = "1";
d["IceSSL.CertAuthFile"] = caCert1File;
store.Add(caCert1);
server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
//
// Test common name again. The certificate used in this test has "127.0.0.11" as its
// common name, therefore the address "127.0.0.1" must NOT match.
//
{
initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CheckCertName", "1");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1_cn2.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CheckCertName"] = "1";
d["IceSSL.CertAuthFile"] = caCert1File;
server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
// Expected.
}
fact.destroyServer(server);
comm.destroy();
}
}
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing custom certificate verifier... ");
Console.Out.Flush();
{
//
// Verify that a server certificate is present.
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
IceSSL.Plugin plugin = (IceSSL.Plugin)comm.getPluginManager().getPlugin("IceSSL");
test(plugin != null);
CertificateVerifierI verifier = new CertificateVerifierI();
plugin.setCertificateVerifier(verifier);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
IceSSL.NativeConnectionInfo info =
(IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo();
server.checkCipher(info.cipher);
}
catch(Ice.LocalException)
{
test(false);
}
test(verifier.invoked());
test(verifier.hadCert());
//
// Have the verifier return false. Close the connection explicitly
// to force a new connection to be established.
//
verifier.reset();
verifier.returnValue(false);
server.ice_getConnection().close(false);
try
{
server.ice_ping();
test(false);
}
catch(Ice.SecurityException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
test(verifier.invoked());
test(verifier.hadCert());
fact.destroyServer(server);
comm.destroy();
}
{
//
// Verify that verifier is installed via property.
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertVerifier", "CertificateVerifierI");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
IceSSL.Plugin plugin = (IceSSL.Plugin)comm.getPluginManager().getPlugin("IceSSL");
test(plugin != null);
test(plugin.getCertificateVerifier() != null);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing protocols... ");
Console.Out.Flush();
{
//
// This should fail because the client and server have no protocol
// in common.
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.Protocols", "ssl3");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
d["IceSSL.Protocols"] = "tls1";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.ConnectionLostException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// This should succeed.
//
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
d["IceSSL.Protocols"] = "tls1, ssl3";
d["IceSSL.CertAuthFile"] = caCert1File;
server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// This should succeed with .NET 4.5 or greater and fails otherwise
//
bool is45OrGreater = false;
try
{
Enum.Parse(typeof(System.Security.Authentication.SslProtocols), "Tls12");
is45OrGreater = true;
}
catch(Exception)
{
}
try
{
initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.Protocols", "tls1_2");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
d["IceSSL.Protocols"] = "tls1_2";
d["IceSSL.CertAuthFile"] = caCert1File;
server = fact.createServer(d);
server.ice_ping();
fact.destroyServer(server);
comm.destroy();
}
catch(Ice.PluginInitializationException)
{
// Expected with .NET < 4.5
test(!is45OrGreater);
}
catch(Ice.LocalException)
{
test(false);
}
}
{
//
// This should fail because the client ony enables SSLv3 and the server
// uses the default protocol set that disables SSLv3
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.Protocols", "ssl3");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.ConnectionLostException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// This should success because the client and the server enables SSLv3
//
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
d["IceSSL.Protocols"] = "ssl3, tls1_0, tls1_1, tls1_2";
d["IceSSL.CertAuthFile"] = caCert1File;
server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing expired certificates... ");
Console.Out.Flush();
{
//
// This should fail because the server's certificate is expired.
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1_exp.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.SecurityException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// This should fail because the client's certificate is expired.
//
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1_exp.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
d["IceSSL.CertAuthFile"] = caCert1File;
server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.ConnectionLostException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing multiple CA certificates... ");
Console.Out.Flush();
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca2.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
store.Add(caCert1);
store.Add(caCert2);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
store.Remove(caCert2);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing passwords... ");
Console.Out.Flush();
{
//
// Test password failure.
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
// Don't specify the password.
//props.setProperty("IceSSL.Password", "password");
try
{
Ice.Util.initialize(ref args, initData);
test(false);
}
catch(Ice.PluginInitializationException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
}
{
//
// Test password failure with callback.
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("Ice.InitPlugins", "0");
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.PluginManager pm = comm.getPluginManager();
IceSSL.Plugin plugin = (IceSSL.Plugin)pm.getPlugin("IceSSL");
test(plugin != null);
PasswordCallbackI cb = new PasswordCallbackI("bogus");
plugin.setPasswordCallback(cb);
try
{
pm.initializePlugins();
test(false);
}
catch(Ice.PluginInitializationException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
comm.destroy();
}
{
//
// Test installation of password callback.
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("Ice.InitPlugins", "0");
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.PluginManager pm = comm.getPluginManager();
IceSSL.Plugin plugin = (IceSSL.Plugin)pm.getPlugin("IceSSL");
test(plugin != null);
PasswordCallbackI cb = new PasswordCallbackI();
plugin.setPasswordCallback(cb);
test(plugin.getPasswordCallback() == cb);
try
{
pm.initializePlugins();
}
catch(Ice.LocalException)
{
test(false);
}
comm.destroy();
}
{
//
// Test password callback property.
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.PasswordCallback", "PasswordCallbackI");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.PluginManager pm = comm.getPluginManager();
IceSSL.Plugin plugin = (IceSSL.Plugin)pm.getPlugin("IceSSL");
test(plugin != null);
test(plugin.getPasswordCallback() != null);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing IceSSL.TrustOnly... ");
Console.Out.Flush();
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly",
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Server");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly",
"!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Server");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly",
"C=US, ST=Florida, O=\"ZeroC, Inc.\",OU=Ice, [email protected], CN=Server");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly"] =
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly"] =
"!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly", "CN=Server");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly", "!CN=Server");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly"] = "CN=Client";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly"] = "!CN=Client";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly", "CN=Client");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly"] = "CN=Server";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly", "C=Canada,CN=Server");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly", "!C=Canada,CN=Server");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly", "C=Canada;CN=Server");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly", "!C=Canada;!CN=Server");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly", "!CN=Server1"); // Should not match "Server"
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly"] = "!CN=Client1"; // Should not match "Client"
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
//
// Rejection takes precedence (client).
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly", "ST=Florida;!CN=Server;C=US");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
//
// Rejection takes precedence (server).
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly"] = "C=US;!CN=Client;ST=Florida";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing IceSSL.TrustOnly.Client... ");
Console.Out.Flush();
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly.Client",
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Server");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
// Should have no effect.
d["IceSSL.TrustOnly.Client"] =
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Server";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly.Client",
"!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Server");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
// Should have no effect.
d["IceSSL.TrustOnly.Client"] = "!CN=Client";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly.Client", "CN=Client");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly.Client", "!CN=Client");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing IceSSL.TrustOnly.Server... ");
Console.Out.Flush();
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
// Should have no effect.
initData.properties.setProperty("IceSSL.TrustOnly.Server",
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly.Server"] =
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly.Server"] =
"!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
// Should have no effect.
initData.properties.setProperty("IceSSL.TrustOnly.Server", "!CN=Server");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly.Server"] = "CN=Server";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly.Server"] = "!CN=Client";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing IceSSL.TrustOnly.Server.<AdapterName>... ");
Console.Out.Flush();
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly.Server"] = "CN=bogus";
d["IceSSL.TrustOnly.Server.ServerAdapter"] =
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly.Server.ServerAdapter"] =
"!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly.Server.ServerAdapter"] = "CN=bogus";
d["IceSSL.CertAuthFile"] = caCert1File;
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly.Server.ServerAdapter"] = "!CN=bogus";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing IceSSL.KeySet... ");
Console.Out.Flush();
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.DefaultDir", defaultDir);
initData.properties.setProperty("IceSSL.ImportCert.LocalMachine.Root", "cacert1.pem");
initData.properties.setProperty("IceSSL.CertFile", "c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.KeySet", "MachineKeySet");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.DefaultDir"] = defaultDir;
d["IceSSL.ImportCert.LocalMachine.Root"] = "cacert1.pem";
d["IceSSL.KeySet"] = "MachineKeySet";
d["IceSSL.CertFile"] = "s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
X509Store certStore = new X509Store("Root", StoreLocation.LocalMachine);
certStore.Open(OpenFlags.ReadWrite);
certStore.Remove(new X509Certificate2(defaultDir + "/cacert1.pem"));
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.DefaultDir", defaultDir);
initData.properties.setProperty("IceSSL.ImportCert.CurrentUser.Root", "cacert1.pem");
initData.properties.setProperty("IceSSL.CertFile", "c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.KeySet", "UserKeySet");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.DefaultDir"] = defaultDir;
d["IceSSL.ImportCert.CurrentUser.Root"] = "cacert1.pem";
d["IceSSL.KeySet"] = "UserKeySet";
d["IceSSL.CertFile"] = "s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
X509Store certStore = new X509Store("Root", StoreLocation.CurrentUser);
certStore.Open(OpenFlags.ReadWrite);
certStore.Remove(new X509Certificate2(defaultDir + "/cacert1.pem"));
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing IceSSL.FindCerts properties... ");
Console.Out.Flush();
{
string[] clientFindCertProperties = new string[]
{
"SUBJECTDN:'CN=Client, [email protected], OU=Ice, O=\"ZeroC, Inc.\", S=Florida, C=US'",
"ISSUER:'ZeroC, Inc.' SUBJECT:Client SERIAL:02",
"ISSUERDN:'[email protected], CN=ZeroC Test CA 1, OU=Ice, O=\"ZeroC, Inc.\"," +
" L=Palm Beach Gardens, S=Florida, C=US' SUBJECT:Client",
"THUMBPRINT:'54 26 20 f0 93 a9 b6 bc 2a 8c 83 ef 14 d4 49 18 a3 18 67 46'",
"SUBJECTKEYID:'58 77 81 07 55 2a 0c 10 19 88 13 47 6f 27 6e 21 75 5f 85 ca'"
};
string[] serverFindCertProperties = new string[]
{
"SUBJECTDN:'CN=Server, [email protected], OU=Ice, O=\"ZeroC, Inc.\", S=Florida, C=US'",
"ISSUER:'ZeroC, Inc.' SUBJECT:Server SERIAL:01",
"ISSUERDN:'[email protected], CN=ZeroC Test CA 1, OU=Ice, O=\"ZeroC, Inc.\"," +
" L=Palm Beach Gardens, S=Florida, C=US' SUBJECT:Server",
"THUMBPRINT:'27 e0 18 c9 23 12 6c f0 5c da fa 36 5a 4c 63 5a e2 53 07 1a'",
"SUBJECTKEYID:'a6 42 aa 17 04 41 86 56 67 e4 04 64 59 34 30 c7 4c 6b ef a4'"
};
string[] failFindCertProperties = new string[]
{
"SUBJECTDN:'CN = Client, E = [email protected], OU = Ice, O = \"ZeroC, Inc.\", S = Florida, C = US'",
"ISSUER:'ZeroC, Inc.' SUBJECT:Client SERIAL:'02 02'",
"ISSUERDN:'[email protected], CN=ZeroC Test CA 1, OU=Ice, O=\"ZeroC, Inc.\"," +
" L=Palm Beach Gardens, S=Florida, C=ES' SUBJECT:Client",
"THUMBPRINT:'27 e0 18 c9 23 12 6c f0 5c da fa 36 5a 4c 63 5a e2 53 07 ff'",
"SUBJECTKEYID:'a6 42 aa 17 04 41 86 56 67 e4 04 64 59 34 30 c7 4c 6b ef ff'"
};
string[] certificates = new string[] {"/s_rsa_nopass_ca1.pfx", "/c_rsa_nopass_ca1.pfx"};
X509Store certStore = new X509Store("My", StoreLocation.CurrentUser);
certStore.Open(OpenFlags.ReadWrite);
try
{
foreach(string cert in certificates)
{
certStore.Add(new X509Certificate2(defaultDir + cert, "password"));
}
for(int i = 0; i < clientFindCertProperties.Length; ++i)
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.DefaultDir", defaultDir);
initData.properties.setProperty("IceSSL.CertAuthFile", "cacert1.pem");
initData.properties.setProperty("IceSSL.FindCert.CurrentUser.My", clientFindCertProperties[i]);
//
// Use TrustOnly to ensure the peer has pick the expected certificate.
//
initData.properties.setProperty("IceSSL.TrustOnly", "CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.DefaultDir"] = defaultDir;
d["IceSSL.CertAuthFile"] = "cacert1.pem";
d["IceSSL.FindCert.CurrentUser.My"] = serverFindCertProperties[i];
//
// Use TrustOnly to ensure the peer has pick the expected certificate.
//
d["IceSSL.TrustOnly"] = "CN=Client";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
//
// These must fail because the search criteria does not match any certificates.
//
foreach(string s in failFindCertProperties)
{
try
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.FindCert.CurrentUser.My", s);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
test(false);
}
catch(Ice.PluginInitializationException)
{
// Expected
}
catch(Ice.LocalException)
{
test(false);
}
}
}
finally
{
foreach(string cert in certificates)
{
certStore.Remove(new X509Certificate2(defaultDir + cert, "password"));
}
certStore.Close();
}
//
// These must fail because we have already remove the certificates.
//
foreach(string s in clientFindCertProperties)
{
try
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.FindCert.CurrentUser.My", s);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
test(false);
}
catch(Ice.PluginInitializationException)
{
// Expected
}
catch(Ice.LocalException)
{
test(false);
}
}
}
Console.Out.WriteLine("ok");
}
finally
{
store.Remove(caCert1);
store.Remove(caCert2);
store.Close();
}
return factory;
}
public static void BuildChain_MicrosoftDotCom_WithRootCertInUserAndSystemRootCertStores()
{
// Verifies that when the same root cert is placed in both a user and machine root certificate store,
// any certs chain building to that root cert will build correctly
//
// We use a copy of the microsoft.com SSL certs and root certs to validate that the chain can build
// successfully
bool shouldInstallCertToUserStore = true;
bool installedCertToUserStore = false;
using (var microsoftDotCom = new X509Certificate2(TestData.MicrosoftDotComSslCertBytes))
using (var microsoftDotComRoot = new X509Certificate2(TestData.MicrosoftDotComRootBytes))
{
// Check that microsoft.com's root certificate IS installed in the machine root store as a sanity step
using (var machineRootStore = new X509Store(StoreName.Root, StoreLocation.LocalMachine))
{
machineRootStore.Open(OpenFlags.ReadOnly);
bool foundCert = false;
foreach (var machineCert in machineRootStore.Certificates)
{
if (machineCert.Equals(microsoftDotComRoot))
{
foundCert = true;
}
machineCert.Dispose();
}
Assert.True(foundCert, string.Format("Did not find expected certificate with thumbprint '{0}' in the machine root store", microsoftDotComRoot.Thumbprint));
}
// Concievably at this point there could still be something wrong and we still don't chain build correctly - if that's
// the case, then there's likely something wrong with the machine. Validating that happy path is out of scope
// of this particular test.
// Check that microsoft.com's root certificate is NOT installed on in the user cert store as a sanity step
// We won't try to install the microsoft.com root cert into the user root store if it's already there
using (var userRootStore = new X509Store(StoreName.Root, StoreLocation.CurrentUser))
{
userRootStore.Open(OpenFlags.ReadOnly);
foreach (var userCert in userRootStore.Certificates)
{
bool foundCert = false;
if (userCert.Equals(microsoftDotComRoot))
{
foundCert = true;
}
userCert.Dispose();
if (foundCert)
{
shouldInstallCertToUserStore = false;
}
}
}
using (var userRootStore = new X509Store(StoreName.Root, StoreLocation.CurrentUser))
using (var chainHolder = new ChainHolder())
{
try
{
if (shouldInstallCertToUserStore)
{
userRootStore.Open(OpenFlags.ReadWrite);
userRootStore.Add(microsoftDotComRoot); // throws CryptographicException
installedCertToUserStore = true;
}
X509Chain chainValidator = chainHolder.Chain;
chainValidator.ChainPolicy.VerificationTime = new DateTime(2015, 10, 15, 12, 01, 01, DateTimeKind.Local);
chainValidator.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
bool chainBuildResult = chainValidator.Build(microsoftDotCom);
StringBuilder builder = new StringBuilder();
foreach (var status in chainValidator.ChainStatus)
{
builder.AppendFormat("{0} {1}{2}", status.Status, status.StatusInformation, Environment.NewLine);
}
Assert.True(chainBuildResult,
string.Format("Certificate chain build failed. ChainStatus is:{0}{1}", Environment.NewLine, builder.ToString()));
}
finally
{
if (installedCertToUserStore)
{
userRootStore.Remove(microsoftDotComRoot);
}
}
}
}
}
public static Test.ServerFactoryPrx allTests(Ice.Communicator communicator, string testDir)
{
string factoryRef = "factory:tcp -p 12010";
Ice.ObjectPrx b = communicator.stringToProxy(factoryRef);
test(b != null);
Test.ServerFactoryPrx factory = Test.ServerFactoryPrxHelper.checkedCast(b);
string defaultHost = communicator.getProperties().getProperty("Ice.Default.Host");
string defaultDir = testDir + "/../certs";
Ice.Properties defaultProperties = communicator.getProperties();
//
// Load the CA certificates. We could use the IceSSL.ImportCert property, but
// it would be nice to remove the CA certificates when the test finishes, so
// this test manually installs the certificates in the LocalMachine:AuthRoot
// store.
//
// Note that the client and server are assumed to run on the same machine,
// so the certificates installed by the client are also available to the
// server.
//
string caCert1File = defaultDir + "/cacert1.pem";
string caCert2File = defaultDir + "/cacert2.pem";
X509Certificate2 caCert1 = new X509Certificate2(caCert1File);
X509Certificate2 caCert2 = new X509Certificate2(caCert2File);
X509Store store = new X509Store(StoreName.AuthRoot, StoreLocation.LocalMachine);
try
{
store.Open(OpenFlags.ReadWrite);
}
catch(CryptographicException)
{
Console.Out.WriteLine("This test requires administrator privileges.");
return factory;
}
try
{
string[] args = new string[0];
Console.Out.Write("testing manual initialization... ");
Console.Out.Flush();
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("Ice.InitPlugins", "0");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.ObjectPrx p = comm.stringToProxy("dummy:ssl -p 9999");
try
{
p.ice_ping();
test(false);
}
catch(Ice.PluginInitializationException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("Ice.InitPlugins", "0");
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.PluginManager pm = comm.getPluginManager();
pm.initializePlugins();
Ice.ObjectPrx obj = comm.stringToProxy(factoryRef);
test(obj != null);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(obj);
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
//
// Supply our own certificate.
//
X509Certificate2 cert = new X509Certificate2(defaultDir + "/c_rsa_nopass_ca1.pfx", "password");
X509Certificate2Collection coll = new X509Certificate2Collection();
coll.Add(cert);
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("Ice.InitPlugins", "0");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.PluginManager pm = comm.getPluginManager();
IceSSL.Plugin plugin = (IceSSL.Plugin)pm.getPlugin("IceSSL");
test(plugin != null);
plugin.setCertificates(coll);
pm.initializePlugins();
Ice.ObjectPrx obj = comm.stringToProxy(factoryRef);
test(obj != null);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(obj);
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing certificate verification... ");
Console.Out.Flush();
{
//
// Test IceSSL.VerifyPeer=1. Client does not have a certificate.
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "1";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.noCert();
}
catch(Ice.LocalException)
{
test(false);
}
//
// Validate that we can get the connection info.
//
try
{
IceSSL.NativeConnectionInfo info =
(IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo();
test(info.certs != null);
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
//
// Test IceSSL.VerifyPeer=2. This should fail because the client
// does not supply a certificate.
//
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
store.Add(caCert1);
server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.ConnectionLostException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
//
// Test IceSSL.VerifyPeer=1. Client has a certificate.
//
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "1";
store.Add(caCert1);
server = fact.createServer(d);
try
{
X509Certificate2 clientCert =
new X509Certificate2(defaultDir + "/c_rsa_nopass_ca1.pfx", "password");
server.checkCert(clientCert.Subject, clientCert.Issuer);
X509Certificate2 serverCert =
new X509Certificate2(defaultDir + "/s_rsa_nopass_ca1.pfx", "password");
X509Certificate2 caCert = new X509Certificate2(defaultDir + "/cacert1.pem");
IceSSL.NativeConnectionInfo info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo();
test(caCert.Equals(info.nativeCerts[1]));
test(serverCert.Equals(info.nativeCerts[0]));
}
catch(Exception)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
//
// Test IceSSL.VerifyPeer=2. Client has a certificate.
//
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
store.Add(caCert1);
server = fact.createServer(d);
try
{
X509Certificate2 clientCert =
new X509Certificate2(defaultDir + "/c_rsa_nopass_ca1.pfx", "password");
server.checkCert(clientCert.Subject, clientCert.Issuer);
}
catch(Exception)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
//
// Test IceSSL.VerifyPeer=1. This should fail because the
// client doesn't trust the server's CA.
//
initData = createClientProps(defaultProperties, testDir, defaultHost);
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "1";
// Don't add the CA certificate.
//store.Add(caCert1);
server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.SecurityException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// Verify that IceSSL.CheckCertName has no effect in a server.
//
initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CheckCertName"] = "1";
store.Add(caCert1);
server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
//
// NOTE: We can't test IceSSL.CheckCertName here because the common name (CN) field of
// the server's certificate has the value "Server" and we can't use "Server" as a host
// name in an endpoint (it almost certainly wouldn't resolve correctly).
//
//
// Test IceSSL.CheckCertName. The test certificates for the server contain "127.0.0.1"
// as the common name or as a subject alternative name, so we only perform this test when
// the default host is "127.0.0.1".
//
if(defaultHost.Equals("127.0.0.1"))
{
//
// Test subject alternative name.
//
{
initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CheckCertName", "1");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CheckCertName"] = "1";
store.Add(caCert1);
server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
//
// Test common name.
//
{
initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CheckCertName", "1");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1_cn1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CheckCertName"] = "1";
store.Add(caCert1);
server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
//
// Test common name again. The certificate used in this test has "127.0.0.11" as its
// common name, therefore the address "127.0.0.1" must NOT match.
//
{
initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CheckCertName", "1");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1_cn2.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CheckCertName"] = "1";
store.Add(caCert1);
server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
// Expected.
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
}
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing custom certificate verifier... ");
Console.Out.Flush();
{
//
// Verify that a server certificate is present.
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
IceSSL.Plugin plugin = (IceSSL.Plugin)comm.getPluginManager().getPlugin("IceSSL");
test(plugin != null);
CertificateVerifierI verifier = new CertificateVerifierI();
plugin.setCertificateVerifier(verifier);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
IceSSL.NativeConnectionInfo info =
(IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo();
server.checkCipher(info.cipher);
}
catch(Ice.LocalException)
{
test(false);
}
test(verifier.invoked());
test(verifier.hadCert());
//
// Have the verifier return false. Close the connection explicitly
// to force a new connection to be established.
//
verifier.reset();
verifier.returnValue(false);
server.ice_getConnection().close(false);
try
{
server.ice_ping();
test(false);
}
catch(Ice.SecurityException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
test(verifier.invoked());
test(verifier.hadCert());
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
//
// Verify that verifier is installed via property.
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertVerifier", "CertificateVerifierI");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
IceSSL.Plugin plugin = (IceSSL.Plugin)comm.getPluginManager().getPlugin("IceSSL");
test(plugin != null);
test(plugin.getCertificateVerifier() != null);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing protocols... ");
Console.Out.Flush();
{
//
// This should fail because the client and server have no protocol
// in common.
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.Protocols", "ssl3");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
d["IceSSL.Protocols"] = "tls1";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.ConnectionLostException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
//
// This should succeed.
//
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
d["IceSSL.Protocols"] = "tls1, ssl3";
store.Add(caCert1);
server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing expired certificates... ");
Console.Out.Flush();
{
//
// This should fail because the server's certificate is expired.
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1_exp.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.SecurityException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
//
// This should fail because the client's certificate is expired.
//
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1_exp.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
store.Add(caCert1);
server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.ConnectionLostException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing multiple CA certificates... ");
Console.Out.Flush();
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca2.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
store.Add(caCert1);
store.Add(caCert2);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
store.Remove(caCert2);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing passwords... ");
Console.Out.Flush();
{
//
// Test password failure.
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
// Don't specify the password.
//props.setProperty("IceSSL.Password", "password");
try
{
Ice.Util.initialize(ref args, initData);
test(false);
}
catch(Ice.PluginInitializationException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
}
{
//
// Test password failure with callback.
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("Ice.InitPlugins", "0");
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.PluginManager pm = comm.getPluginManager();
IceSSL.Plugin plugin = (IceSSL.Plugin)pm.getPlugin("IceSSL");
test(plugin != null);
PasswordCallbackI cb = new PasswordCallbackI("bogus");
plugin.setPasswordCallback(cb);
try
{
pm.initializePlugins();
test(false);
}
catch(Ice.PluginInitializationException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
comm.destroy();
}
{
//
// Test installation of password callback.
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("Ice.InitPlugins", "0");
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.PluginManager pm = comm.getPluginManager();
IceSSL.Plugin plugin = (IceSSL.Plugin)pm.getPlugin("IceSSL");
test(plugin != null);
PasswordCallbackI cb = new PasswordCallbackI();
plugin.setPasswordCallback(cb);
test(plugin.getPasswordCallback() == cb);
try
{
pm.initializePlugins();
}
catch(Ice.LocalException)
{
test(false);
}
comm.destroy();
}
{
//
// Test password callback property.
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.PasswordCallback", "PasswordCallbackI");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.PluginManager pm = comm.getPluginManager();
IceSSL.Plugin plugin = (IceSSL.Plugin)pm.getPlugin("IceSSL");
test(plugin != null);
test(plugin.getPasswordCallback() != null);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing IceSSL.TrustOnly... ");
Console.Out.Flush();
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly",
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly",
"!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly",
"C=US, ST=Florida, O=\"ZeroC, Inc.\",OU=Ice, [email protected], CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly"] =
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly"] =
"!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly", "CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly", "!CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly"] = "CN=Client";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly"] = "!CN=Client";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly", "CN=Client");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly"] = "CN=Server";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly", "C=Canada,CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly", "!C=Canada,CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly", "C=Canada;CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly", "!C=Canada;!CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly", "!CN=Server1"); // Should not match "Server"
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly"] = "!CN=Client1"; // Should not match "Client"
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
//
// Rejection takes precedence (client).
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly", "ST=Florida;!CN=Server;C=US");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
//
// Rejection takes precedence (server).
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly"] = "C=US;!CN=Client;ST=Florida";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing IceSSL.TrustOnly.Client... ");
Console.Out.Flush();
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly.Client",
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
// Should have no effect.
d["IceSSL.TrustOnly.Client"] =
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Server";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly.Client",
"!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
// Should have no effect.
d["IceSSL.TrustOnly.Client"] = "!CN=Client";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly.Client", "CN=Client");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly.Client", "!CN=Client");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing IceSSL.TrustOnly.Server... ");
Console.Out.Flush();
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
// Should have no effect.
initData.properties.setProperty("IceSSL.TrustOnly.Server",
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly.Server"] =
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly.Server"] =
"!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
// Should have no effect.
initData.properties.setProperty("IceSSL.TrustOnly.Server", "!CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly.Server"] = "CN=Server";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly.Server"] = "!CN=Client";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing IceSSL.TrustOnly.Server.<AdapterName>... ");
Console.Out.Flush();
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly.Server"] = "CN=bogus";
d["IceSSL.TrustOnly.Server.ServerAdapter"] =
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly.Server.ServerAdapter"] =
"!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly.Server.ServerAdapter"] = "CN=bogus";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly.Server.ServerAdapter"] = "!CN=bogus";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing IceSSL.KeySet... ");
Console.Out.Flush();
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.DefaultDir", defaultDir);
initData.properties.setProperty("IceSSL.ImportCert.LocalMachine.Root", "cacert1.pem");
initData.properties.setProperty("IceSSL.CertFile", "c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.KeySet", "MachineKeySet");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.DefaultDir"] = defaultDir;
d["IceSSL.ImportCert.LocalMachine.Root"] = "cacert1.pem";
d["IceSSL.KeySet"] = "MachineKeySet";
d["IceSSL.CertFile"] = "s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
X509Store certStore = new X509Store("Root", StoreLocation.LocalMachine);
certStore.Open(OpenFlags.ReadWrite);
certStore.Remove(new X509Certificate2(defaultDir + "/cacert1.pem"));
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.DefaultDir", defaultDir);
initData.properties.setProperty("IceSSL.ImportCert.CurrentUser.Root", "cacert1.pem");
initData.properties.setProperty("IceSSL.CertFile", "c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.KeySet", "UserKeySet");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.DefaultDir"] = defaultDir;
d["IceSSL.ImportCert.CurrentUser.Root"] = "cacert1.pem";
d["IceSSL.KeySet"] = "UserKeySet";
d["IceSSL.CertFile"] = "s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
X509Store certStore = new X509Store("Root", StoreLocation.CurrentUser);
certStore.Open(OpenFlags.ReadWrite);
certStore.Remove(new X509Certificate2(defaultDir + "/cacert1.pem"));
}
Console.Out.WriteLine("ok");
}
finally
{
store.Remove(caCert1);
store.Remove(caCert2);
store.Close();
}
return factory;
}
public static Test.ServerFactoryPrx allTests(Ice.Communicator communicator, string testDir)
{
string factoryRef = "factory:tcp -p 12010";
Ice.ObjectPrx b = communicator.stringToProxy(factoryRef);
test(b != null);
Test.ServerFactoryPrx factory = Test.ServerFactoryPrxHelper.checkedCast(b);
string defaultHost = communicator.getProperties().getProperty("Ice.Default.Host");
string defaultDir = testDir + "/../certs";
Ice.Properties defaultProperties = communicator.getProperties();
//
// Load the CA certificates. We could use the IceSSL.ImportCert property, but
// it would be nice to remove the CA certificates when the test finishes, so
// this test manually installs the certificates in the LocalMachine:AuthRoot
// store.
//
// Note that the client and server are assumed to run on the same machine,
// so the certificates installed by the client are also available to the
// server.
//
string caCert1File = defaultDir + "/cacert1.pem";
string caCert2File = defaultDir + "/cacert2.pem";
X509Certificate2 caCert1 = new X509Certificate2(caCert1File);
X509Certificate2 caCert2 = new X509Certificate2(caCert2File);
X509Store store = new X509Store(StoreName.AuthRoot, StoreLocation.LocalMachine);
bool isAdministrator = false;
try
{
store.Open(OpenFlags.ReadWrite);
isAdministrator = true;
}
catch(CryptographicException)
{
store.Open(OpenFlags.ReadOnly);
Console.Out.WriteLine("warning: some test requires administrator privileges, run as Administrator to run all the tests.");
}
Ice.InitializationData initData;
Dictionary<string, string> d;
try
{
string[] args = new string[0];
Console.Out.Write("testing manual initialization... ");
Console.Out.Flush();
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost);
initData.properties.setProperty("Ice.InitPlugins", "0");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.ObjectPrx p = comm.stringToProxy("dummy:ssl -p 9999");
try
{
p.ice_ping();
test(false);
}
catch(Ice.PluginInitializationException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("Ice.InitPlugins", "0");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.PluginManager pm = comm.getPluginManager();
pm.initializePlugins();
Ice.ObjectPrx obj = comm.stringToProxy(factoryRef);
test(obj != null);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(obj);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
//
// Supply our own certificate.
//
X509Certificate2 cert = new X509Certificate2(defaultDir + "/c_rsa_ca1.p12", "password");
X509Certificate2Collection coll = new X509Certificate2Collection();
coll.Add(cert);
initData = createClientProps(defaultProperties, defaultDir, defaultHost);
initData.properties.setProperty("Ice.InitPlugins", "0");
initData.properties.setProperty("IceSSL.CAs", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.PluginManager pm = comm.getPluginManager();
IceSSL.Plugin plugin = (IceSSL.Plugin)pm.getPlugin("IceSSL");
test(plugin != null);
plugin.setCertificates(coll);
pm.initializePlugins();
Ice.ObjectPrx obj = comm.stringToProxy(factoryRef);
test(obj != null);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(obj);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.VerifyPeer"] = "2";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
//
// Supply our own CA certificate.
//
X509Certificate2 cert = new X509Certificate2(defaultDir + "/cacert1.pem");
X509Certificate2Collection coll = new X509Certificate2Collection();
coll.Add(cert);
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "");
initData.properties.setProperty("Ice.InitPlugins", "0");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.PluginManager pm = comm.getPluginManager();
IceSSL.Plugin plugin = (IceSSL.Plugin)pm.getPlugin("IceSSL");
test(plugin != null);
plugin.setCACertificates(coll);
pm.initializePlugins();
Ice.ObjectPrx obj = comm.stringToProxy(factoryRef);
test(obj != null);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(obj);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.VerifyPeer"] = "2";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing certificate verification... ");
Console.Out.Flush();
{
//
// Test IceSSL.VerifyPeer=0. Client does not have a certificate,
// and it doesn't trust the server certificate.
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "", "");
initData.properties.setProperty("IceSSL.VerifyPeer", "0");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "");
d["IceSSL.VerifyPeer"] = "0";
Test.ServerPrx server = fact.createServer(d);
try
{
server.noCert();
test(!((IceSSL.ConnectionInfo)server.ice_getConnection().getInfo()).verified);
}
catch(Ice.LocalException ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// Test IceSSL.VerifyPeer=0. Client does not have a certificate,
// but it still verifies the server's.
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "", "cacert1");
initData.properties.setProperty("IceSSL.VerifyPeer", "0");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "");
d["IceSSL.VerifyPeer"] = "0";
server = fact.createServer(d);
try
{
server.noCert();
test(((IceSSL.ConnectionInfo)server.ice_getConnection().getInfo()).verified);
}
catch(Ice.LocalException ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// Test IceSSL.VerifyPeer=1. Client does not have a certificate.
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "", "cacert1");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "");
d["IceSSL.VerifyPeer"] = "1";
server = fact.createServer(d);
try
{
server.noCert();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
//
// Test IceSSL.VerifyPeer=2. This should fail because the client
// does not supply a certificate.
//
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "");
d["IceSSL.VerifyPeer"] = "2";
server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.ConnectionLostException)
{
// Expected.
}
catch(Ice.LocalException ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// Test IceSSL.VerifyPeer=1. Client has a certificate.
//
// Provide "cacert1" to the client to verify the server
// certificate (without this the client connection wouln't be
// able to provide the certificate chain).
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.VerifyPeer"] = "1";
server = fact.createServer(d);
try
{
X509Certificate2 clientCert =
new X509Certificate2(defaultDir + "/c_rsa_ca1.p12", "password");
server.checkCert(clientCert.Subject, clientCert.Issuer);
X509Certificate2 serverCert =
new X509Certificate2(defaultDir + "/s_rsa_ca1.p12", "password");
X509Certificate2 caCert = new X509Certificate2(defaultDir + "/cacert1.pem");
IceSSL.NativeConnectionInfo info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo();
test(info.nativeCerts.Length == 2);
test(info.verified);
test(caCert.Equals(info.nativeCerts[1]));
test(serverCert.Equals(info.nativeCerts[0]));
}
catch(Exception ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
//
// Test IceSSL.VerifyPeer=2. Client has a certificate.
//
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.VerifyPeer"] = "2";
server = fact.createServer(d);
try
{
X509Certificate2 clientCert = new X509Certificate2(defaultDir + "/c_rsa_ca1.p12", "password");
server.checkCert(clientCert.Subject, clientCert.Issuer);
}
catch(Exception ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// Test IceSSL.VerifyPeer=1. This should fail because the
// client doesn't trust the server's CA.
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "", "");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "");
d["IceSSL.VerifyPeer"] = "0";
server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.SecurityException)
{
// Expected.
}
catch(Ice.LocalException ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// Test IceSSL.VerifyPeer=1. This should fail because the
// server doesn't trust the client's CA.
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca2", "");
initData.properties.setProperty("IceSSL.VerifyPeer", "0");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "");
d["IceSSL.VerifyPeer"] = "1";
server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.SecurityException)
{
// Expected.
}
catch(Ice.ConnectionLostException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// This should succeed because the self signed certificate used by the server is
// trusted.
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "", "cacert2");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "cacert2", "");
d["IceSSL.VerifyPeer"] = "0";
server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// This should l because the self signed certificate used by the server is not
// trusted.
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost);
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "cacert2", "");
d["IceSSL.VerifyPeer"] = "0";
server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.SecurityException)
{
// Expected.
}
catch(Ice.LocalException ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// Verify that IceSSL.CheckCertName has no effect in a server.
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.CheckCertName"] = "1";
server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// NOTE: We can't test IceSSL.CheckCertName here because the common name (CN) field of
// the server's certificate has the value "Server" and we can't use "Server" as a host
// name in an endpoint (it almost certainly wouldn't resolve correctly).
//
//
// Test IceSSL.CheckCertName. The test certificates for the server contain "127.0.0.1"
// as the common name or as a subject alternative name, so we only perform this test when
// the default host is "127.0.0.1".
//
if(defaultHost.Equals("127.0.0.1"))
{
//
// Test subject alternative name.
//
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.CheckCertName", "1");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.CheckCertName"] = "1";
server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
//
// Test common name.
//
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.CheckCertName", "1");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1_cn1", "cacert1");
d["IceSSL.CheckCertName"] = "1";
server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
//
// Test common name again. The certificate used in this test has "127.0.0.11" as its
// common name, therefore the address "127.0.0.1" must NOT match.
//
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.CheckCertName", "1");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1_cn2", "cacert1");
d["IceSSL.CheckCertName"] = "1";
server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
// Expected.
}
fact.destroyServer(server);
comm.destroy();
}
}
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing certificate chains... ");
Console.Out.Flush();
{
X509Store certStore = new X509Store("My", StoreLocation.CurrentUser);
certStore.Open(OpenFlags.ReadWrite);
X509Certificate2Collection certs = new X509Certificate2Collection();
certs.Import(defaultDir + "/s_rsa_cai2.p12", "password", X509KeyStorageFlags.DefaultKeySet);
foreach(X509Certificate2 cert in certs)
{
certStore.Add(cert);
}
try
{
IceSSL.NativeConnectionInfo info;
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "", "");
initData.properties.setProperty("IceSSL.VerifyPeer", "0");
Ice.Communicator comm = Ice.Util.initialize(initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
//
// The client can't verify the server certificate but it should
// still provide it. "s_rsa_ca1" doesn't include the root so the
// cert size should be 1.
//
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "");
d["IceSSL.VerifyPeer"] = "0";
Test.ServerPrx server = fact.createServer(d);
try
{
info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo();
test(info.nativeCerts.Length == 1);
test(!info.verified);
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
//
// Setting the CA for the server shouldn't change anything, it
// shouldn't modify the cert chain sent to the client.
//
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.VerifyPeer"] = "0";
server = fact.createServer(d);
try
{
info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo();
test(info.nativeCerts.Length == 1);
test(!info.verified);
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
//
// The client can't verify the server certificate but should
// still provide it. "s_rsa_wroot_ca1" includes the root so
// the cert size should be 2.
//
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_wroot_ca1", "");
d["IceSSL.VerifyPeer"] = "0";;
server = fact.createServer(d);
try
{
info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo();
test(info.nativeCerts.Length == 1); // Like the SChannel transport, .NET never sends the root.
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// Now the client verifies the server certificate
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "", "cacert1");
initData.properties.setProperty("IceSSL.VerifyPeer", "1");
comm = Ice.Util.initialize(initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
{
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "");
d["IceSSL.VerifyPeer"] = "0";;
server = fact.createServer(d);
try
{
info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo();
test(info.nativeCerts.Length == 2);
test(info.verified);
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
}
//
// Try certificate with one intermediate and VerifyDepthMax=2
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "", "cacert1");
initData.properties.setProperty("IceSSL.VerifyPeer", "1");
initData.properties.setProperty("IceSSL.VerifyDepthMax", "2");
comm = Ice.Util.initialize(initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
{
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_cai1", "");
d["IceSSL.VerifyPeer"] = "0";;
server = fact.createServer(d);
try
{
server.ice_getConnection().getInfo();
test(false);
}
catch(Ice.SecurityException)
{
// Chain length too long
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
}
comm.destroy();
//
// Set VerifyDepthMax to 3 (the default)
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "", "cacert1");
initData.properties.setProperty("IceSSL.VerifyPeer", "1");
//initData.properties.setProperty("IceSSL.VerifyDepthMax", "3");
comm = Ice.Util.initialize(initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
{
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_cai1", "");
d["IceSSL.VerifyPeer"] = "0";;
server = fact.createServer(d);
try
{
info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo();
test(info.nativeCerts.Length == 3);
test(info.verified);
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
}
{
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_cai2", "");
d["IceSSL.VerifyPeer"] = "0";;
server = fact.createServer(d);
try
{
server.ice_getConnection().getInfo();
test(false);
}
catch(Ice.SecurityException)
{
// Chain length too long
}
fact.destroyServer(server);
}
comm.destroy();
//
// Increase VerifyDepthMax to 4
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "", "cacert1");
initData.properties.setProperty("IceSSL.VerifyPeer", "1");
initData.properties.setProperty("IceSSL.VerifyDepthMax", "4");
comm = Ice.Util.initialize(initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
{
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_cai2", "");
d["IceSSL.VerifyPeer"] = "0";;
server = fact.createServer(d);
try
{
info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo();
test(info.nativeCerts.Length == 4);
test(info.verified);
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
}
comm.destroy();
//
// Increase VerifyDepthMax to 4
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_cai2", "cacert1");
initData.properties.setProperty("IceSSL.VerifyPeer", "1");
initData.properties.setProperty("IceSSL.VerifyDepthMax", "4");
comm = Ice.Util.initialize(initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
{
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_cai2", "cacert1");
d["IceSSL.VerifyPeer"] = "2";
server = fact.createServer(d);
try
{
server.ice_getConnection();
test(false);
}
catch(Ice.ProtocolException)
{
// Expected
}
catch(Ice.ConnectionLostException)
{
// Expected
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
}
{
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_cai2", "cacert1");
d["IceSSL.VerifyPeer"] = "2";
d["IceSSL.VerifyDepthMax"] = "4";
server = fact.createServer(d);
try
{
server.ice_getConnection();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
}
comm.destroy();
}
finally
{
foreach(X509Certificate2 cert in certs)
{
certStore.Remove(cert);
}
}
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing custom certificate verifier... ");
Console.Out.Flush();
{
//
// Verify that a server certificate is present.
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
IceSSL.Plugin plugin = (IceSSL.Plugin)comm.getPluginManager().getPlugin("IceSSL");
test(plugin != null);
CertificateVerifierI verifier = new CertificateVerifierI();
plugin.setCertificateVerifier(verifier);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.VerifyPeer"] = "2";
Test.ServerPrx server = fact.createServer(d);
try
{
IceSSL.NativeConnectionInfo info =
(IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo();
server.checkCipher(info.cipher);
}
catch(Ice.LocalException)
{
test(false);
}
test(verifier.invoked());
test(verifier.hadCert());
//
// Have the verifier return false. Close the connection explicitly
// to force a new connection to be established.
//
verifier.reset();
verifier.returnValue(false);
server.ice_getConnection().close(false);
try
{
server.ice_ping();
test(false);
}
catch(Ice.SecurityException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
test(verifier.invoked());
test(verifier.hadCert());
fact.destroyServer(server);
comm.destroy();
}
{
//
// Verify that verifier is installed via property.
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "");
initData.properties.setProperty("IceSSL.CertVerifier", "CertificateVerifierI");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
IceSSL.Plugin plugin = (IceSSL.Plugin)comm.getPluginManager().getPlugin("IceSSL");
test(plugin != null);
test(plugin.getCertificateVerifier() != null);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing protocols... ");
Console.Out.Flush();
{
//
// This should fail because the client and server have no protocol
// in common.
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.Protocols", "ssl3");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.VerifyPeer"] = "2";
d["IceSSL.Protocols"] = "tls1";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.ConnectionLostException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// This should succeed.
//
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.VerifyPeer"] = "2";
d["IceSSL.Protocols"] = "tls1, ssl3";
server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// This should succeed with .NET 4.5 or greater and fails otherwise
//
bool is45OrGreater = false;
try
{
Enum.Parse(typeof(System.Security.Authentication.SslProtocols), "Tls12");
is45OrGreater = true;
}
catch(Exception)
{
}
try
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.Protocols", "tls1_2");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.VerifyPeer"] = "2";
d["IceSSL.Protocols"] = "tls1_2";
server = fact.createServer(d);
server.ice_ping();
fact.destroyServer(server);
comm.destroy();
}
catch(Ice.PluginInitializationException)
{
// Expected with .NET < 4.5
test(!is45OrGreater);
}
catch(Ice.LocalException)
{
test(false);
}
}
{
//
// This should fail because the client ony enables SSLv3 and the server
// uses the default protocol set that disables SSLv3
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.Protocols", "ssl3");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.VerifyPeer"] = "2";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.ConnectionLostException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// This should success because the client and the server enables SSLv3
//
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.VerifyPeer"] = "2";
d["IceSSL.Protocols"] = "ssl3, tls1_0, tls1_1, tls1_2";
server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing expired certificates... ");
Console.Out.Flush();
{
//
// This should fail because the server's certificate is expired.
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1_exp", "cacert1");
d["IceSSL.VerifyPeer"] = "2";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.SecurityException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// This should fail because the client's certificate is expired.
//
initData.properties.setProperty("IceSSL.CertFile", "c_rsa_ca1_exp.p12");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.VerifyPeer"] = "2";
server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.ConnectionLostException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
Console.Out.WriteLine("ok");
if(isAdministrator)
{
Console.Out.Write("testing multiple CA certificates... ");
Console.Out.Flush();
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca2", "");
d["IceSSL.VerifyPeer"] = "2";
store.Add(caCert1);
store.Add(caCert2);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
store.Remove(caCert2);
comm.destroy();
}
Console.Out.WriteLine("ok");
}
Console.Out.Write("testing multiple CA certificates... ");
Console.Out.Flush();
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacerts");
Ice.Communicator comm = Ice.Util.initialize(initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca2", "cacerts");
d["IceSSL.VerifyPeer"] = "2";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing DER CA certificate... ");
Console.Out.Flush();
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "");
initData.properties.setProperty("IceSSL.CAs", "cacert1.der");
Ice.Communicator comm = Ice.Util.initialize(initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "");
d["IceSSL.VerifyPeer"] = "2";
d["IceSSL.CAs"] = "cacert1.der";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing passwords... ");
Console.Out.Flush();
{
//
// Test password failure.
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "");
// Don't specify the password.
initData.properties.setProperty("IceSSL.Password", "");
try
{
Ice.Util.initialize(ref args, initData);
test(false);
}
catch(Ice.PluginInitializationException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
}
{
//
// Test password failure with callback.
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "");
initData.properties.setProperty("Ice.InitPlugins", "0");
// Don't specify the password.
initData.properties.setProperty("IceSSL.Password", "");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.PluginManager pm = comm.getPluginManager();
IceSSL.Plugin plugin = (IceSSL.Plugin)pm.getPlugin("IceSSL");
test(plugin != null);
PasswordCallbackI cb = new PasswordCallbackI("bogus");
plugin.setPasswordCallback(cb);
try
{
pm.initializePlugins();
test(false);
}
catch(Ice.PluginInitializationException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
comm.destroy();
}
{
//
// Test installation of password callback.
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "");
initData.properties.setProperty("Ice.InitPlugins", "0");
// Don't specify the password.
initData.properties.setProperty("IceSSL.Password", "");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.PluginManager pm = comm.getPluginManager();
IceSSL.Plugin plugin = (IceSSL.Plugin)pm.getPlugin("IceSSL");
test(plugin != null);
PasswordCallbackI cb = new PasswordCallbackI();
plugin.setPasswordCallback(cb);
test(plugin.getPasswordCallback() == cb);
try
{
pm.initializePlugins();
}
catch(Ice.LocalException)
{
test(false);
}
comm.destroy();
}
{
//
// Test password callback property.
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "");
initData.properties.setProperty("IceSSL.PasswordCallback", "PasswordCallbackI");
// Don't specify the password.
initData.properties.setProperty("IceSSL.Password", "");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.PluginManager pm = comm.getPluginManager();
IceSSL.Plugin plugin = (IceSSL.Plugin)pm.getPlugin("IceSSL");
test(plugin != null);
test(plugin.getPasswordCallback() != null);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing IceSSL.TrustOnly... ");
Console.Out.Flush();
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.TrustOnly",
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.TrustOnly",
"!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.TrustOnly",
"C=US, ST=Florida, O=\"ZeroC, Inc.\",OU=Ice, [email protected], CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.TrustOnly"] =
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.TrustOnly"] =
"!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.TrustOnly", "CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.TrustOnly", "!CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.TrustOnly"] = "CN=Client";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.TrustOnly"] = "!CN=Client";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.TrustOnly", "CN=Client");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.TrustOnly"] = "CN=Server";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.TrustOnly", "C=Canada,CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.TrustOnly", "!C=Canada,CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.TrustOnly", "C=Canada;CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.TrustOnly", "!C=Canada;!CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.TrustOnly", "!CN=Server1"); // Should not match "Server"
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.TrustOnly"] = "!CN=Client1"; // Should not match "Client"
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
//
// Rejection takes precedence (client).
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.TrustOnly", "ST=Florida;!CN=Server;C=US");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
//
// Rejection takes precedence (server).
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.TrustOnly"] = "C=US;!CN=Client;ST=Florida";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing IceSSL.TrustOnly.Client... ");
Console.Out.Flush();
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.TrustOnly.Client",
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
// Should have no effect.
d["IceSSL.TrustOnly.Client"] =
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Server";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.TrustOnly.Client",
"!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
// Should have no effect.
d["IceSSL.TrustOnly.Client"] = "!CN=Client";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.TrustOnly.Client", "CN=Client");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.TrustOnly.Client", "!CN=Client");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing IceSSL.TrustOnly.Server... ");
Console.Out.Flush();
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
// Should have no effect.
initData.properties.setProperty("IceSSL.TrustOnly.Server",
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.TrustOnly.Server"] =
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.TrustOnly.Server"] =
"!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
// Should have no effect.
initData.properties.setProperty("IceSSL.TrustOnly.Server", "!CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.TrustOnly.Server"] = "CN=Server";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.TrustOnly.Server"] = "!CN=Client";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing IceSSL.TrustOnly.Server.<AdapterName>... ");
Console.Out.Flush();
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.TrustOnly.Server"] = "CN=bogus";
d["IceSSL.TrustOnly.Server.ServerAdapter"] =
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.TrustOnly.Server.ServerAdapter"] =
"!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.TrustOnly.Server.ServerAdapter"] = "CN=bogus";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.TrustOnly.Server.ServerAdapter"] = "!CN=bogus";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
Console.Out.WriteLine("ok");
if(isAdministrator)
{
Console.Out.Write("testing IceSSL.KeySet... ");
Console.Out.Flush();
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost);
initData.properties.setProperty("IceSSL.DefaultDir", defaultDir);
initData.properties.setProperty("IceSSL.ImportCert.LocalMachine.Root", "cacert1.pem");
initData.properties.setProperty("IceSSL.CertFile", "c_rsa_ca1.p12");
initData.properties.setProperty("IceSSL.KeySet", "MachineKeySet");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost);
d["IceSSL.ImportCert.LocalMachine.Root"] = "cacert1.pem";
d["IceSSL.KeySet"] = "MachineKeySet";
d["IceSSL.CertFile"] = "s_rsa_ca1.p12";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
X509Store certStore = new X509Store("Root", StoreLocation.LocalMachine);
certStore.Open(OpenFlags.ReadWrite);
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "");
initData.properties.setProperty("IceSSL.ImportCert.CurrentUser.Root", "cacert1.pem");
initData.properties.setProperty("IceSSL.KeySet", "UserKeySet");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "");
d["IceSSL.ImportCert.CurrentUser.Root"] = "cacert1.pem";
d["IceSSL.KeySet"] = "UserKeySet";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
X509Store certStore = new X509Store("Root", StoreLocation.CurrentUser);
certStore.Open(OpenFlags.ReadWrite);
}
Console.Out.WriteLine("ok");
}
Console.Out.Write("testing IceSSL.FindCerts properties... ");
Console.Out.Flush();
{
string[] clientFindCertProperties = new string[]
{
"SUBJECTDN:'CN=Client, OU=Ice, O=\"ZeroC, Inc.\", L=Jupiter, S=Florida, C=US, [email protected]'",
"ISSUER:'ZeroC, Inc.' SUBJECT:Client SERIAL:02",
"ISSUERDN:'CN=ZeroC Test CA 1, OU=Ice, O=\"ZeroC, Inc.\",L=Jupiter, S=Florida, C=US,[email protected]' SUBJECT:Client",
"THUMBPRINT:'82 30 1E 35 9E 39 C1 D0 63 0D 67 3D 12 DD D4 96 90 1E EF 54'",
"SUBJECTKEYID:'FC 5D 4F AB F0 6C 03 11 B8 F3 68 CF 89 54 92 3F F9 79 2A 06'"
};
string[] serverFindCertProperties = new string[]
{
"SUBJECTDN:'CN=Server, OU=Ice, O=\"ZeroC, Inc.\", L=Jupiter, S=Florida, C=US, [email protected]'",
"ISSUER:'ZeroC, Inc.' SUBJECT:Server SERIAL:01",
"ISSUERDN:'CN=ZeroC Test CA 1, OU=Ice, O=\"ZeroC, Inc.\", L=Jupiter, S=Florida, C=US,[email protected]' SUBJECT:Server",
"THUMBPRINT:'C0 01 FF 9C C9 DA C8 0D 34 F6 2F DE 09 FB 28 0D 69 AB 78 BA'",
"SUBJECTKEYID:'47 84 AE F9 F2 85 3D 99 30 6A 03 38 41 1A B9 EB C3 9C B5 4D'"
};
string[] failFindCertProperties = new string[]
{
"nolabel",
"unknownlabel:foo",
"LABEL:",
"SUBJECTDN:'CN = Client, E = [email protected], OU = Ice, O = \"ZeroC, Inc.\", S = Florida, C = US'",
"ISSUER:'ZeroC, Inc.' SUBJECT:Client SERIAL:'02 02'",
"ISSUERDN:'[email protected], CN=ZeroC Test CA 1, OU=Ice, O=\"ZeroC, Inc.\"," +
" L=Jupiter, S=Florida, C=ES' SUBJECT:Client",
"THUMBPRINT:'27 e0 18 c9 23 12 6c f0 5c da fa 36 5a 4c 63 5a e2 53 07 ff'",
"SUBJECTKEYID:'a6 42 aa 17 04 41 86 56 67 e4 04 64 59 34 30 c7 4c 6b ef ff'"
};
string[] certificates = new string[] {"/s_rsa_ca1.p12", "/c_rsa_ca1.p12"};
X509Store certStore = new X509Store("My", StoreLocation.CurrentUser);
certStore.Open(OpenFlags.ReadWrite);
try
{
foreach(string cert in certificates)
{
certStore.Add(new X509Certificate2(defaultDir + cert, "password"));
}
for(int i = 0; i < clientFindCertProperties.Length; ++i)
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "", "cacert1");
initData.properties.setProperty("IceSSL.CertStore", "My");
initData.properties.setProperty("IceSSL.CertStoreLocation", "CurrentUser");
initData.properties.setProperty("IceSSL.FindCert", clientFindCertProperties[i]);
//
// Use TrustOnly to ensure the peer has pick the expected certificate.
//
initData.properties.setProperty("IceSSL.TrustOnly", "CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "", "cacert1");
// Use deprecated property here to test it
d["IceSSL.FindCert.CurrentUser.My"] = serverFindCertProperties[i];
//
// Use TrustOnly to ensure the peer has pick the expected certificate.
//
d["IceSSL.TrustOnly"] = "CN=Client";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
//
// These must fail because the search criteria does not match any certificates.
//
foreach(string s in failFindCertProperties)
{
try
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost);
initData.properties.setProperty("IceSSL.FindCert", s);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
test(false);
}
catch(Ice.PluginInitializationException)
{
// Expected
}
catch(Ice.LocalException)
{
test(false);
}
}
}
finally
{
foreach(string cert in certificates)
{
certStore.Remove(new X509Certificate2(defaultDir + cert, "password"));
}
certStore.Close();
}
//
// These must fail because we have already remove the certificates.
//
foreach(string s in clientFindCertProperties)
{
try
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost);
initData.properties.setProperty("IceSSL.FindCert.CurrentUser.My", s);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
test(false);
}
catch(Ice.PluginInitializationException)
{
// Expected
}
catch(Ice.LocalException)
{
test(false);
}
}
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing system CAs... ");
Console.Out.Flush();
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost);
initData.properties.setProperty("IceSSL.VerifyDepthMax", "4");
initData.properties.setProperty("Ice.Override.Timeout", "5000"); // 5s timeout
Ice.Communicator comm = Ice.Util.initialize(initData);
Ice.ObjectPrx p = comm.stringToProxy("dummy:wss -h demo.zeroc.com -p 5064");
try
{
p.ice_ping();
test(false);
}
catch(Ice.SecurityException)
{
// Expected, by default we don't check for system CAs.
}
catch(Ice.LocalException)
{
test(false);
}
initData = createClientProps(defaultProperties, defaultDir, defaultHost);
initData.properties.setProperty("IceSSL.VerifyDepthMax", "4");
initData.properties.setProperty("Ice.Override.Timeout", "5000"); // 5s timeout
initData.properties.setProperty("IceSSL.UsePlatformCAs", "1");
comm = Ice.Util.initialize(initData);
p = comm.stringToProxy("dummy:wss -h demo.zeroc.com -p 5064");
IceSSL.WSSConnectionInfo info;
try
{
info = (IceSSL.WSSConnectionInfo)p.ice_getConnection().getInfo();
test(info.verified);
}
catch(Ice.LocalException)
{
test(false);
}
comm.destroy();
}
Console.Out.WriteLine("ok");
}
finally
{
if(isAdministrator)
{
store.Remove(caCert1);
store.Remove(caCert2);
}
store.Close();
}
return factory;
}