public static void AddDoesNotClone() { using (X509Certificate2 c1 = new X509Certificate2()) { X509Certificate2Collection coll = new X509Certificate2Collection(); coll.Add(c1); Assert.Same(c1, coll[0]); } }
public void UpgradeTls(TlsConfig tlsConfig) { if (tlsConfig == null) { throw new ArgumentNullException("tlsConfig"); } lock (_readLocker) { lock (_writeLocker) { const bool leaveInnerStreamOpen = false; var enabledSslProtocols = tlsConfig.GetEnabledSslProtocols(); string errorMessage = null; var sslStream = new SslStream( _networkStream, leaveInnerStreamOpen, (sender, certificate, chain, sslPolicyErrors) => ValidateCertificates(chain, sslPolicyErrors, tlsConfig, out errorMessage) ); try { var certCollection = new X509Certificate2Collection(); if (tlsConfig.ClientCertificate != null) { certCollection.Add(tlsConfig.ClientCertificate); } sslStream.AuthenticateAsClient(_hostname, new X509Certificate2Collection(), enabledSslProtocols, tlsConfig.CheckCertificateRevocation); } catch (Exception ex) { throw new Exception(string.Format("{0} - {1}", ex.Message, errorMessage), ex); } _networkStream = sslStream; } } }
/// <summary> /// Gets the certificate corresponding to the specified URL from the cache of certificates. If the cache doesn't contain the certificate, it is downloaded and verified. /// </summary> /// <param name="certUrl">The URL pointing to the certificate.</param> /// <returns>An <see cref="System.Security.Cryptography.X509Certificates.X509Certificate2"/> object containing the details of the certificate.</returns> /// <exception cref="PayPal.PayPalException">Thrown if the downloaded certificate cannot be verified.</exception> public X509Certificate2Collection GetCertificatesFromUrl(string certUrl) { // If we haven't already cached this URL, then download, verify, and cache it. if (!certificates.ContainsKey(certUrl)) { // Download the certificate. string certData; using (var webClient = new WebClient()) { certData = webClient.DownloadString(certUrl); } // Load all the certificates. // NOTE: The X509Certificate2Collection.Import() method only // imports the first certifcate, even if a stream contains // multiple certificates. For this reason, we'll load the // certificates one-by-one, verifying as we go. var results = certData.Split(new string[] { "-----BEGIN CERTIFICATE-----", "-----END CERTIFICATE-----" }, StringSplitOptions.RemoveEmptyEntries); var collection = new X509Certificate2Collection(); foreach (var result in results) { var trimmed = result.Trim(); if (!string.IsNullOrEmpty(trimmed)) { var certificate = new X509Certificate2(System.Text.Encoding.UTF8.GetBytes(trimmed)); // Verify the certificate before adding it to the collection. if (certificate.Verify()) { collection.Add(certificate); } else { throw new PayPalException("Unable to verify the certificate(s) found at " + certUrl); } } } certificates[certUrl] = collection; } return(certificates[certUrl]); }
public void SelfSignedRootTest() { var chain = new X509Chain(); var trusted = new X509Certificate2Collection(); chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck; Assert.IsFalse(chain.Build(Certificates.SignedBySelfSigned)); // TODO: use Core-compatible functions //Assert.IsFalse(chain.VerifyWithExtraRoots(Certificates.SignedBySelfSigned, trusted)); trusted.Add(Certificates.SelfSigned); //Assert.IsTrue(chain.VerifyWithExtraRoots(Certificates.SignedBySelfSigned, trusted)); Assert.IsFalse(chain.Build(Certificates.SignedBySelfSigned)); trusted.Clear(); //Assert.IsFalse(chain.VerifyWithExtraRoots(Certificates.SignedBySelfSigned, trusted)); Assert.IsFalse(chain.Build(Certificates.SignedBySelfSigned)); }
/// <summary> /// Save a certificate and its chain of trust to a PFX file. /// </summary> /// <param name="filename">Filename to save to. Will be overwritten /// if it already exists.</param> /// <param name="password">Password which must be used when reading /// the file later.</param> /// <param name="certificate">The certificate to save</param> /// <param name="chain">The full chain of trust to include in the file. /// If <c>null</c>, then only the certificate itself is saved.</param> internal static void SaveCertificateToPfxFile(string filename, string password, X509Certificate2 certificate, X509Certificate2 signingCert, X509Certificate2Collection chain) { var certCollection = new X509Certificate2Collection(certificate); if (chain != null) { certCollection.AddRange(chain); } if (signingCert != null) { var signingCertWithoutPrivateKey = ExportCertificatePublicKey(signingCert); certCollection.Add(signingCertWithoutPrivateKey); } var certBytes = certCollection.Export(X509ContentType.Pkcs12, password); File.WriteAllBytes(filename, certBytes); }
internal static EndpointIdentity CreateX509CertificateIdentity(X509Chain certificateChain) { if (certificateChain == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("certificateChain"); } if (certificateChain.ChainElements.Count == 0) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(System.ServiceModel.SR.GetString("X509ChainIsEmpty")); } X509Certificate2 primaryCertificate = certificateChain.ChainElements[0].Certificate; X509Certificate2Collection supportingCertificates = new X509Certificate2Collection(); for (int i = 1; i < certificateChain.ChainElements.Count; i++) { supportingCertificates.Add(certificateChain.ChainElements[i].Certificate); } return(new X509CertificateEndpointIdentity(primaryCertificate, supportingCertificates)); }
public static X509Certificate2Collection GetOriginatorCerts(this SafeCryptMsgHandle hCryptMsg) { int numCertificates = 0; int cbNumCertificates = sizeof(int); if (!Interop.Crypt32.CryptMsgGetParam(hCryptMsg, CryptMsgParamType.CMSG_CERT_COUNT_PARAM, 0, out numCertificates, ref cbNumCertificates)) { throw Marshal.GetLastWin32Error().ToCryptographicException(); } X509Certificate2Collection certs = new X509Certificate2Collection(); for (int index = 0; index < numCertificates; index++) { byte[] encodedCertificate = hCryptMsg.GetMsgParamAsByteArray(CryptMsgParamType.CMSG_CERT_PARAM, index); X509Certificate2 cert = new X509Certificate2(encodedCertificate); certs.Add(cert); } return(certs); }
public void Vitalink_GetRevocation() { X509Certificate2 target = new X509Certificate2(@"files/vitalink.crt"); X509Certificate2Collection extraStore = new X509Certificate2Collection(); extraStore.Add(new X509Certificate2(@"files/eHealthIssuing.crt")); IList <CertificateList> crls = new List <CertificateList>(); IList <BasicOcspResponse> ocsps = new List <BasicOcspResponse>(); Chain rsp = target.BuildChain(DateTime.UtcNow, extraStore, crls, ocsps); Assert.Equal(0, rsp.ChainStatus.Count(x => x.Status != X509ChainStatusFlags.NoError)); Assert.Equal(3, rsp.ChainElements.Count); Assert.Equal("CN=\"EHP=1990001916, VITALINKGATEWAY\", OU=eHealth-platform Belgium, OU=VLAAMS AGENTSCHAP ZORG EN GEZONDHEID, OU=\"EHP=1990001916\", OU=VITALINKGATEWAY, O=Federal Government, C=BE", rsp.ChainElements[0].Certificate.Subject); Assert.Equal("CN=ZetesConfidens Private Trust PKI - eHealth issuing CA 001, SERIALNUMBER=001, O=ZETES SA, C=BE", rsp.ChainElements[1].Certificate.Subject); Assert.Equal("CN=ZetesConfidens Private Trust PKI - root CA 001, SERIALNUMBER=001, O=ZETES SA, C=BE", rsp.ChainElements[2].Certificate.Subject); Assert.Equal(0, crls.Count); Assert.Equal(2, ocsps.Count); }
public async Task TestNewEid_GetRevocationAsync() { X509Certificate2 target = new X509Certificate2(@"files/eid79021802145-2027.crt"); X509Certificate2Collection extraStore = new X509Certificate2Collection(); extraStore.Add(new X509Certificate2(@"files/Citizen201709.crt")); IList <CertificateList> crls = new List <CertificateList>(); IList <BasicOcspResponse> ocsps = new List <BasicOcspResponse>(); Chain rsp = await target.BuildChainAsync(DateTime.UtcNow, extraStore, crls, ocsps); Assert.Equal(0, rsp.ChainStatus.Count(x => x.Status != X509ChainStatusFlags.NoError)); Assert.Equal(3, rsp.ChainElements.Count); Assert.Equal("SERIALNUMBER=79021802145, G=Bryan Eduard, SN=Brouckaert, CN=Bryan Brouckaert (Authentication), C=BE", rsp.ChainElements[0].Certificate.Subject); Assert.Equal("SERIALNUMBER=201709, CN=Citizen CA, O=http://repository.eid.belgium.be/, C=BE", rsp.ChainElements[1].Certificate.Subject); Assert.Equal("CN=Belgium Root CA4, C=BE", rsp.ChainElements[2].Certificate.Subject); Assert.Equal(1, crls.Count); Assert.Equal(1, ocsps.Count); }
private void SetCertSet() { if (!cbJustOne.Checked) { lbCerts.SelectedIndex = -1; } certsToAuthWith.Clear(); if (cbJustOne.Checked && lbCerts.SelectedIndex > 0) { certsToAuthWith.Add(collection[lbCerts.SelectedIndex - 1]); txtResponse.Text += $"\r\n{certsToAuthWith[0].SubjectName.Name} selected"; } else { certsToAuthWith.AddRange(collection); } txtResponse.Text += $"\r\nAuthenticating with {certsToAuthWith.Count} cert(s)"; }
public void CloneTo(X509Certificate2Collection collection) { HashSet <X509Certificate2> dedupedCerts = new HashSet <X509Certificate2>(); using (SafeCFArrayHandle identities = Interop.AppleCrypto.KeychainEnumerateIdentities(_keychainHandle)) { ReadCollection(identities, dedupedCerts); } using (SafeCFArrayHandle certs = Interop.AppleCrypto.KeychainEnumerateCerts(_keychainHandle)) { ReadCollection(certs, dedupedCerts); } foreach (X509Certificate2 cert in dedupedCerts) { collection.Add(cert); } }
private static void GetEligibleCertificates(bool needPrivateKey, X509Store store, X509Certificate2Collection certs) { Oid accessManagerEku = new Oid(LithnetAccessManagerEku); foreach (X509Certificate2 c in store.Certificates.Find(X509FindType.FindByTimeValid, DateTime.Now, false) .OfType <X509Certificate2>().Where(t => !needPrivateKey || t.HasPrivateKey)) { foreach (X509EnhancedKeyUsageExtension x in c.Extensions.OfType <X509EnhancedKeyUsageExtension>()) { foreach (Oid o in x.EnhancedKeyUsages) { if (o.Value == accessManagerEku.Value) { certs.Add(c); } } } } }
/// <inheritdoc/> public Task <X509Certificate2Collection> FindByThumbprint(string thumbprint) { using (X509Store store = new X509Store(m_storeName, m_storeLocation)) { store.Open(OpenFlags.ReadOnly); X509Certificate2Collection collection = new X509Certificate2Collection(); foreach (X509Certificate2 certificate in store.Certificates) { if (certificate.Thumbprint == thumbprint) { collection.Add(certificate); } } return(Task.FromResult(collection)); } }
internal static bool VerifyDetachedSignature( string detachedSignature, string detachedSignatureAlgorithm, string signedQueryString, string certIdentifier ) { if (string.IsNullOrWhiteSpace(detachedSignature)) { throw new ArgumentException("DetachedSignature not mentioned"); } // Check that we have a signature algorithm, if not throw error if (string.IsNullOrWhiteSpace(detachedSignatureAlgorithm)) { throw new ArgumentException("DetachedSignature not mentioned"); } X509Certificate2 samlEncryptionAndSigningKey = SignMessage.GetSamlEncryptionAndSigningKey(certIdentifier); X509Certificate2Collection publicKeys = new X509Certificate2Collection(); publicKeys.Add(samlEncryptionAndSigningKey); object hashAlgorithmProvider = GetAlgorithmProvider(detachedSignatureAlgorithm); try { // Now verify return(IsValidDetachedSignature( signedQueryString, hashAlgorithmProvider, detachedSignature, publicKeys)); } finally { IDisposable hashAlgorithmProviderDisp = hashAlgorithmProvider as IDisposable; if (hashAlgorithmProviderDisp != null) { hashAlgorithmProviderDisp.Dispose(); } } }
private IDataAdapter ConnectClient(IDataAdapter adapter, Logger logger, PropertyBag properties, string serverName) { SslStream sslStream = new SslStream(new DataAdapterToStream(adapter), false, ValidateRemoteClientConnection); if (serverName == null) { // Just generate something serverName = Interlocked.Increment(ref nameCounter).ToString(); } X509Certificate2Collection clientCerts = new X509Certificate2Collection(); bool setReadTimeout = false; int oldTimeout = -1; foreach (X509CertificateContainer clientCert in _config.ClientCertificates) { clientCerts.Add(clientCert.Certificate); } try { oldTimeout = sslStream.ReadTimeout; sslStream.ReadTimeout = _config.Timeout; setReadTimeout = true; } catch (InvalidOperationException) { } sslStream.AuthenticateAsClient(serverName, clientCerts, SslProtocols.Tls, false); if (setReadTimeout) { sslStream.ReadTimeout = oldTimeout; } _remoteCert = sslStream.RemoteCertificate; PopulateSslMeta(properties.AddBag("SslClient"), sslStream); return(new StreamDataAdapter(sslStream, adapter.Description)); }
public X509Certificate2Collection GetCertificates() { X509Certificate2Collection collection = new X509Certificate2Collection(); CertificateStoreIdentifier id = new CertificateStoreIdentifier(); id.StoreType = this.StoreType; id.StorePath = this.StorePath; if (!String.IsNullOrEmpty(id.StorePath)) { try { ICertificateStore store = id.OpenStore(); try { collection = store.Enumerate(); } finally { store.Close(); } } catch (Exception) { Utils.Trace("Could not load certificates from store: {0}.", this.StorePath); } } foreach (CertificateIdentifier trustedCertificate in TrustedCertificates) { X509Certificate2 certificate = trustedCertificate.Find(); if (certificate != null) { collection.Add(certificate); } } return(collection); }
private X509Certificate2Collection LoadCertificates() { X509Certificate2Collection collection = new X509Certificate2Collection(); if (!String.IsNullOrEmpty(this.clientCertFilename)) { Tracer.Debug("Attempting to load Client Certificate from file := " + this.clientCertFilename); X509Certificate2 certificate = new X509Certificate2(this.clientCertFilename, this.clientCertPassword); Tracer.Debug("Loaded Client Certificate := " + certificate.ToString()); collection.Add(certificate); } else { string name = String.IsNullOrEmpty(this.keyStoreName) ? StoreName.My.ToString() : this.keyStoreName; StoreLocation location = StoreLocation.CurrentUser; if (!String.IsNullOrEmpty(this.keyStoreLocation)) { if (String.Compare(this.keyStoreLocation, "CurrentUser", true) == 0) { location = StoreLocation.CurrentUser; } else if (String.Compare(this.keyStoreLocation, "LocalMachine", true) == 0) { location = StoreLocation.LocalMachine; } else { throw new NMSException("Invlalid StoreLocation given on URI"); } } X509Store store = new X509Store(name, location); store.Open(OpenFlags.ReadOnly); collection = store.Certificates; store.Close(); } return(collection); }
private X509Certificate2Collection LoadCertificates() { var collection = new X509Certificate2Collection(); if (_stompConnectionSettings.TransportSettings.SslSettings.ClientCertFilename.IsNotEmpty()) { var certificate = new X509Certificate2(_stompConnectionSettings.TransportSettings.SslSettings.ClientCertFilename, _stompConnectionSettings.TransportSettings.SslSettings.ClientCertPassword); collection.Add(certificate); } else { var name = _stompConnectionSettings.TransportSettings.SslSettings.KeyStoreName.IsEmpty() ? StoreName.My.ToString() : _stompConnectionSettings.TransportSettings.SslSettings.KeyStoreName; var location = StoreLocation.CurrentUser; if (_stompConnectionSettings.TransportSettings.SslSettings.KeyStoreLocation.IsNotEmpty()) { if (String.Compare(_stompConnectionSettings.TransportSettings.SslSettings.KeyStoreLocation, "CurrentUser", StringComparison.OrdinalIgnoreCase) == 0) { location = StoreLocation.CurrentUser; } else if (String.Compare(_stompConnectionSettings.TransportSettings.SslSettings.KeyStoreLocation, "LocalMachine", StringComparison.OrdinalIgnoreCase) == 0) { location = StoreLocation.LocalMachine; } else { throw new StompException("Invalid StoreLocation given on URI"); } } using var store = new X509Store(name, location); store.Open(OpenFlags.ReadOnly); collection = store.Certificates; } return(collection); }
internal static X509Certificate2 GetEligibleClientCertificate(X509Certificate2Collection candidateCerts) { if (candidateCerts.Count == 0) { return(null); } // Build a new collection with certs that have a private key. We need to do this manually because there is // no X509FindType to match this criteria. // Find(...) returns a collection of clones instead of a filtered collection, so do this before calling // Find(...) to minimize the number of unnecessary allocations and finalizations. var eligibleCerts = new X509Certificate2Collection(); foreach (X509Certificate2 cert in candidateCerts) { if (cert.HasPrivateKey) { eligibleCerts.Add(cert); } } // Don't call Find(...) if we don't need to. if (eligibleCerts.Count == 0) { return(null); } // Reduce the set of certificates to match the proper 'Client Authentication' criteria. // Client EKU is probably more rare than the DigitalSignature KU. Filter by ClientAuthOid first to reduce // the candidate space as quickly as possible. eligibleCerts = eligibleCerts.Find(X509FindType.FindByApplicationPolicy, ClientAuthenticationOID, false); eligibleCerts = eligibleCerts.Find(X509FindType.FindByKeyUsage, X509KeyUsageFlags.DigitalSignature, false); if (eligibleCerts.Count > 0) { return(eligibleCerts[0]); } else { return(null); } }
public static X509Certificate2 SelectCertificate() { X509Store x509Store = new X509Store(); X509Certificate2Collection privateCollection = new X509Certificate2Collection(); try { x509Store.Open(OpenFlags.OpenExistingOnly); X509Certificate2Collection certificates = x509Store.Certificates; X509Certificate2Collection foundCollection = certificates.Find(X509FindType.FindByTimeValid, DateTime.Now, validOnly: false); LongRunningActionForm.PerformOperation("检查有效证书", showImmediately: true, delegate { X509Certificate2Enumerator enumerator = foundCollection.GetEnumerator(); while (enumerator.MoveNext()) { X509Certificate2 current = enumerator.Current; try { if (DecryptStringUsingCertificate(current, EncryptStringUsingCertificate(current, "test")) == "test") { privateCollection.Add(current); } } catch { } LongRunningActionForm.Instance.UpdateStatus(current.SimpleName()); } }); } finally { x509Store.Close(); } X509Certificate2Collection x509Certificate2Collection = X509Certificate2UI.SelectFromCollection(privateCollection, "选择证书", "选择用于安全密码存储的证书", X509SelectionFlag.SingleSelection, Program.TheForm.Handle); if (x509Certificate2Collection.Count != 1) { return(null); } return(x509Certificate2Collection[0]); }
internal static X509Certificate2Collection GetRemoteCertificatesFromStoreContext(IntPtr certContext) { X509Certificate2Collection result = new X509Certificate2Collection(); if (certContext == IntPtr.Zero) { return(result); } Interop.Crypt32.CERT_CONTEXT context; unsafe { context = *(Interop.Crypt32.CERT_CONTEXT *)certContext; } if (context.hCertStore != IntPtr.Zero) { Interop.Crypt32.CERT_CONTEXT *last = null; while (true) { Interop.Crypt32.CERT_CONTEXT *next = Interop.Crypt32.CertEnumCertificatesInStore(context.hCertStore, last); if (next == null) { break; } var cert = new X509Certificate2(new IntPtr(next)); if (NetEventSource.IsEnabled) { NetEventSource.Info(certContext, $"Adding remote certificate:{cert}"); } result.Add(cert); last = next; } } return(result); }
private PushEasyResult CreateClientAndStream(PushEasyConfiguration configuration, int port, out TcpClient client, out SslStream stream) { client = null; stream = null; // create certificate from path with password var certificate = new X509Certificate2(File.ReadAllBytes(configuration.APNSCertificatePath), configuration.APNSCertificatePassword, X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable); // need a collection for some calls var certificates = new X509Certificate2Collection(); certificates.Add(certificate); var host = !configuration.UseSandbox ? _hostLive : _hostSandbox; // connect to apple client = new TcpClient(); client.Connect(host, port); client.Client.SetSocketOption(SocketOptionLevel.Socket, SocketOptionName.KeepAlive, true); // open stream to write/read stream = new SslStream(client.GetStream(), false, (object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors policyErrors) => { return(true); }, (sender, targetHost, localCerts, remoteCert, acceptableIssuers) => certificate); try { stream.AuthenticateAsClient(host, certificates, System.Security.Authentication.SslProtocols.Tls, false); } catch (Exception ex) { return(new PushEasyResult(PushEasyResult.Results.Error, PushEasyResult.Errors.Connection, "Could not create SslStream. Error: " + ex.ToString())); } if (!stream.IsMutuallyAuthenticated) { return(new PushEasyResult(PushEasyResult.Results.Error, PushEasyResult.Errors.Connection, "Stream is not mutally authenticated.")); } if (!stream.CanWrite) { return(new PushEasyResult(PushEasyResult.Results.Error, PushEasyResult.Errors.Connection, "Cannot write to stream.")); } return(null); }
/// <summary cref="ICertificateStore.Enumerate()" /> public async Task <X509Certificate2Collection> Enumerate() { X509Certificate2Collection certificates = new X509Certificate2Collection(); // get the certificates. IReadOnlyList <Certificate> list = await CertificateStores.FindAllAsync(); for (int ii = 0; ii < list.Count; ii++) { // add the certificate. IBuffer buffer = list[ii].GetCertificateBlob(); byte[] cert = new byte[buffer.Length]; CryptographicBuffer.CopyToByteArray(buffer, out cert); X509Certificate2 certificate = new X509Certificate2(cert); certificates.Add(certificate); } return(certificates); }
protected override MonoNewTlsStream Start(Socket socket, TlsSettings settings) { Debug("Connected."); var clientCerts = new X509Certificate2Collection(); if (Parameters.ClientCertificate != null) { var clientCert = (ClientCertificate)Parameters.ClientCertificate; clientCerts.Add(clientCert.Certificate); } var targetHost = "Hamiller-Tube.local"; var stream = new NetworkStream(socket); return(MonoNewTlsStreamFactory.CreateClient( stream, false, RemoteValidationCallback, null, EncryptionPolicy.RequireEncryption, settings, targetHost, clientCerts, SslProtocols.Tls12, false)); }
public void Open() { client.Connect(configuration.GetHost()); sslStream = new SslStream(client.GetStream()) { ReadTimeout = configuration.Timeout, WriteTimeout = configuration.Timeout }; var x509CertificateCollection = new X509Certificate2Collection(); if (!string.IsNullOrWhiteSpace(configuration.CertificatePath)) { var certificate = new X509Certificate2(configuration.CertificatePath); x509CertificateCollection.Add(certificate); } sslStream.AuthenticateAsClient(configuration.GetServerNameInCertificate(), x509CertificateCollection, SslProtocols.Default, true); }
public void ToX509CollectionTest() { X509Certificate2Collection expected = new X509Certificate2Collection(); List <Certificate> certs = new List <Certificate>(MAXDOMAINCOUNT); for (int i = 0; i < MAXDOMAINCOUNT; i++) { for (int t = 1; t <= MAXCERTPEROWNER; t++) { expected.Add(GetDisposableTestCertFromPfx(i + 1, t)); certs.Add(GetCertificateFromTestCertPfx(i + 1, t)); } } X509Certificate2Collection actual = Certificate.ToX509Collection(certs.ToArray()); Assert.Equal(expected, actual); Assert.Null(Record.Exception(() => actual.Close(true))); }
private void btnCombineCertFiles_Click(object sender, EventArgs e) { var certPassword = txtCertPassword.Text; Properties.Settings.Default.CertPassword = certPassword; Properties.Settings.Default.Save(); var certs = new X509Certificate2Collection(); foreach (var certFile in txtCertFiles.Text.Split("\r\n".ToCharArray())) { certs.Add(new X509Certificate2(certFile, certPassword, X509KeyStorageFlags.Exportable)); } var oneBigPfx = certs.Export(X509ContentType.Pfx, certPassword); File.WriteAllBytes(txtOutputFile.Text, oneBigPfx); MessageBox.Show("Combination has been done!", "Done", MessageBoxButtons.OK); }
/// <summary> /// Returns a subset of this collection whose elements match the supplied <paramref name="match"/> function. /// </summary> /// <param name="certs">The source collection.</param> /// <param name="match">The predicate for which all elements that return <c>will</c> be selected.</param> /// <returns>The collection of matched elements, or <c>null</c> if no matched elements are found.</returns> public static X509Certificate2Collection Where(this X509Certificate2Collection certs, Func <X509Certificate2, bool> match) { X509Certificate2Collection matchingCerts = null; if (certs.IsNullOrEmpty()) { return(null); } foreach (X509Certificate2 cert in certs) { if (match(cert)) { matchingCerts = matchingCerts ?? new X509Certificate2Collection(); matchingCerts.Add(cert); } } return(matchingCerts); }
public void CertificateIsValid(IEnumerable <Task> tasks) { InstallParam p = new InstallParam("somename", "somevalue"); tasks.First().LocalParams.Add(p); CertificateValidator val = Substitute.ForPartsOf <CertificateValidator>(); val.WhenForAnyArgs(a => a.FindCertificates(null)).DoNotCallBase(); X509Certificate2Collection collection = new X509Certificate2Collection(); collection.Add(new X509Certificate2()); val.FindCertificates(null).ReturnsForAnyArgs(collection); val.Data["StoreName"] = "Root"; val.Data["ParamNames"] = p.Name; val.WhenForAnyArgs(a => a.ValidateChain(null, null)).DoNotCallBase(); val.ValidateChain(null, null).ReturnsForAnyArgs(true); Assert.DoesNotContain(val.Evaluate(tasks), r => r.State == Sitecore9Installer.Validation.ValidatorState.Error); val.Received().ValidateCertificate(collection[0]); }
private byte[] CertificateToPfx(string password, X509Certificate2 certificate, X509Certificate2 signingCertificate, X509Certificate2Collection chain) { var certCollection = new X509Certificate2Collection(certificate); if (chain != null) { certCollection.AddRange(chain); } if (signingCertificate != null) { var signingCertWithoutPrivateKey = ExportCertificatePublicKey(signingCertificate); certCollection.Add(signingCertWithoutPrivateKey); } return(certCollection.Export(X509ContentType.Pkcs12, password)); }
// Private method for selecting a suitable digital certificate containing a DSA key private X509Certificate2 selectCert(string prompt) { try { // Open the store for the current user - we need readonly access for existing certificates X509Store store = new X509Store("MY", StoreLocation.CurrentUser); store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly); // Narrow down the selection to certs that are valid now X509Certificate2Collection collection = store.Certificates; X509Certificate2Collection fcollection = collection.Find(X509FindType.FindByTimeValid, DateTime.Now, false); // Narrow down the selection to certs that contain DSA keys X509Certificate2Collection dcollection = new X509Certificate2Collection(); foreach (X509Certificate2 c in fcollection) { // Funky ASN notation for DSA key pair if (c.GetKeyAlgorithm().Equals("1.2.840.10040.4.1")) { dcollection.Add(c); } } // Show dialog to user X509Certificate2Collection scollection = X509Certificate2UI.SelectFromCollection(dcollection, Application.ProductName, prompt, X509SelectionFlag.SingleSelection); // Close the store store.Close(); // Return the selected certificate or null if ((scollection != null) && (scollection.Count == 1)) { return(scollection[0]); } } catch (System.Exception x) { Debug.WriteLine(x); } return(null); }
public static Test.ServerFactoryPrx allTests(Ice.Communicator communicator, string testDir) { string factoryRef = "factory:tcp -p 12010"; Ice.ObjectPrx b = communicator.stringToProxy(factoryRef); test(b != null); Test.ServerFactoryPrx factory = Test.ServerFactoryPrxHelper.checkedCast(b); string defaultHost = communicator.getProperties().getProperty("Ice.Default.Host"); string defaultDir = testDir + "/../certs"; Ice.Properties defaultProperties = communicator.getProperties(); // // Load the CA certificates. We could use the IceSSL.ImportCert property, but // it would be nice to remove the CA certificates when the test finishes, so // this test manually installs the certificates in the LocalMachine:AuthRoot // store. // // Note that the client and server are assumed to run on the same machine, // so the certificates installed by the client are also available to the // server. // string caCert1File = defaultDir + "/cacert1.pem"; string caCert2File = defaultDir + "/cacert2.pem"; X509Certificate2 caCert1 = new X509Certificate2(caCert1File); X509Certificate2 caCert2 = new X509Certificate2(caCert2File); X509Store store = new X509Store(StoreName.AuthRoot, StoreLocation.LocalMachine); try { store.Open(OpenFlags.ReadWrite); } catch(CryptographicException) { Console.Out.WriteLine("This test requires administrator privileges."); return factory; } try { string[] args = new string[0]; Console.Out.Write("testing manual initialization... "); Console.Out.Flush(); { Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("Ice.InitPlugins", "0"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Ice.ObjectPrx p = comm.stringToProxy("dummy:ssl -p 9999"); try { p.ice_ping(); test(false); } catch(Ice.PluginInitializationException) { // Expected. } catch(Ice.LocalException) { test(false); } comm.destroy(); } { Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("Ice.InitPlugins", "0"); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Ice.PluginManager pm = comm.getPluginManager(); pm.initializePlugins(); Ice.ObjectPrx obj = comm.stringToProxy(factoryRef); test(obj != null); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(obj); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; store.Add(caCert1); Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); store.Remove(caCert1); comm.destroy(); } { // // Supply our own certificate. // X509Certificate2 cert = new X509Certificate2(defaultDir + "/c_rsa_nopass_ca1.pfx", "password"); X509Certificate2Collection coll = new X509Certificate2Collection(); coll.Add(cert); Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("Ice.InitPlugins", "0"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Ice.PluginManager pm = comm.getPluginManager(); IceSSL.Plugin plugin = (IceSSL.Plugin)pm.getPlugin("IceSSL"); test(plugin != null); plugin.setCertificates(coll); pm.initializePlugins(); Ice.ObjectPrx obj = comm.stringToProxy(factoryRef); test(obj != null); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(obj); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.VerifyPeer"] = "2"; store.Add(caCert1); Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); store.Remove(caCert1); comm.destroy(); } Console.Out.WriteLine("ok"); Console.Out.Write("testing certificate verification... "); Console.Out.Flush(); { // // Test IceSSL.VerifyPeer=1. Client does not have a certificate. // Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); test(fact != null); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.VerifyPeer"] = "1"; store.Add(caCert1); Test.ServerPrx server = fact.createServer(d); try { server.noCert(); } catch(Ice.LocalException) { test(false); } // // Validate that we can get the connection info. // try { IceSSL.NativeConnectionInfo info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo(); test(info.certs != null); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); store.Remove(caCert1); // // Test IceSSL.VerifyPeer=2. This should fail because the client // does not supply a certificate. // d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.VerifyPeer"] = "2"; store.Add(caCert1); server = fact.createServer(d); try { server.ice_ping(); test(false); } catch(Ice.ConnectionLostException) { // Expected. } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); store.Remove(caCert1); comm.destroy(); // // Test IceSSL.VerifyPeer=1. Client has a certificate. // initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); comm = Ice.Util.initialize(ref args, initData); fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); test(fact != null); d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.VerifyPeer"] = "1"; store.Add(caCert1); server = fact.createServer(d); try { X509Certificate2 clientCert = new X509Certificate2(defaultDir + "/c_rsa_nopass_ca1.pfx", "password"); server.checkCert(clientCert.Subject, clientCert.Issuer); X509Certificate2 serverCert = new X509Certificate2(defaultDir + "/s_rsa_nopass_ca1.pfx", "password"); X509Certificate2 caCert = new X509Certificate2(defaultDir + "/cacert1.pem"); IceSSL.NativeConnectionInfo info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo(); test(caCert.Equals(info.nativeCerts[1])); test(serverCert.Equals(info.nativeCerts[0])); } catch(Exception) { test(false); } fact.destroyServer(server); store.Remove(caCert1); // // Test IceSSL.VerifyPeer=2. Client has a certificate. // d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.VerifyPeer"] = "2"; store.Add(caCert1); server = fact.createServer(d); try { X509Certificate2 clientCert = new X509Certificate2(defaultDir + "/c_rsa_nopass_ca1.pfx", "password"); server.checkCert(clientCert.Subject, clientCert.Issuer); } catch(Exception) { test(false); } fact.destroyServer(server); store.Remove(caCert1); comm.destroy(); // // Test IceSSL.VerifyPeer=1. This should fail because the // client doesn't trust the server's CA. // initData = createClientProps(defaultProperties, testDir, defaultHost); comm = Ice.Util.initialize(ref args, initData); fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); test(fact != null); d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.VerifyPeer"] = "1"; // Don't add the CA certificate. //store.Add(caCert1); server = fact.createServer(d); try { server.ice_ping(); test(false); } catch(Ice.SecurityException) { // Expected. } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); comm.destroy(); // // Verify that IceSSL.CheckCertName has no effect in a server. // initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); comm = Ice.Util.initialize(ref args, initData); fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); test(fact != null); d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.CheckCertName"] = "1"; store.Add(caCert1); server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); store.Remove(caCert1); comm.destroy(); // // NOTE: We can't test IceSSL.CheckCertName here because the common name (CN) field of // the server's certificate has the value "Server" and we can't use "Server" as a host // name in an endpoint (it almost certainly wouldn't resolve correctly). // // // Test IceSSL.CheckCertName. The test certificates for the server contain "127.0.0.1" // as the common name or as a subject alternative name, so we only perform this test when // the default host is "127.0.0.1". // if(defaultHost.Equals("127.0.0.1")) { // // Test subject alternative name. // { initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); initData.properties.setProperty("IceSSL.CheckCertName", "1"); comm = Ice.Util.initialize(ref args, initData); fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); test(fact != null); d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.CheckCertName"] = "1"; store.Add(caCert1); server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); store.Remove(caCert1); comm.destroy(); } // // Test common name. // { initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); initData.properties.setProperty("IceSSL.CheckCertName", "1"); comm = Ice.Util.initialize(ref args, initData); fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); test(fact != null); d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1_cn1.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.CheckCertName"] = "1"; store.Add(caCert1); server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); store.Remove(caCert1); comm.destroy(); } // // Test common name again. The certificate used in this test has "127.0.0.11" as its // common name, therefore the address "127.0.0.1" must NOT match. // { initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); initData.properties.setProperty("IceSSL.CheckCertName", "1"); comm = Ice.Util.initialize(ref args, initData); fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); test(fact != null); d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1_cn2.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.CheckCertName"] = "1"; store.Add(caCert1); server = fact.createServer(d); try { server.ice_ping(); test(false); } catch(Ice.LocalException) { // Expected. } fact.destroyServer(server); store.Remove(caCert1); comm.destroy(); } } } Console.Out.WriteLine("ok"); Console.Out.Write("testing custom certificate verifier... "); Console.Out.Flush(); { // // Verify that a server certificate is present. // Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); IceSSL.Plugin plugin = (IceSSL.Plugin)comm.getPluginManager().getPlugin("IceSSL"); test(plugin != null); CertificateVerifierI verifier = new CertificateVerifierI(); plugin.setCertificateVerifier(verifier); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); test(fact != null); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.VerifyPeer"] = "2"; store.Add(caCert1); Test.ServerPrx server = fact.createServer(d); try { IceSSL.NativeConnectionInfo info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo(); server.checkCipher(info.cipher); } catch(Ice.LocalException) { test(false); } test(verifier.invoked()); test(verifier.hadCert()); // // Have the verifier return false. Close the connection explicitly // to force a new connection to be established. // verifier.reset(); verifier.returnValue(false); server.ice_getConnection().close(false); try { server.ice_ping(); test(false); } catch(Ice.SecurityException) { // Expected. } catch(Ice.LocalException) { test(false); } test(verifier.invoked()); test(verifier.hadCert()); fact.destroyServer(server); store.Remove(caCert1); comm.destroy(); } { // // Verify that verifier is installed via property. // Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); initData.properties.setProperty("IceSSL.CertVerifier", "CertificateVerifierI"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); IceSSL.Plugin plugin = (IceSSL.Plugin)comm.getPluginManager().getPlugin("IceSSL"); test(plugin != null); test(plugin.getCertificateVerifier() != null); comm.destroy(); } Console.Out.WriteLine("ok"); Console.Out.Write("testing protocols... "); Console.Out.Flush(); { // // This should fail because the client and server have no protocol // in common. // Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); initData.properties.setProperty("IceSSL.Protocols", "ssl3"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); test(fact != null); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.VerifyPeer"] = "2"; d["IceSSL.Protocols"] = "tls1"; store.Add(caCert1); Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); test(false); } catch(Ice.ConnectionLostException) { // Expected. } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); store.Remove(caCert1); comm.destroy(); // // This should succeed. // comm = Ice.Util.initialize(ref args, initData); fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); test(fact != null); d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.VerifyPeer"] = "2"; d["IceSSL.Protocols"] = "tls1, ssl3"; store.Add(caCert1); server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); store.Remove(caCert1); comm.destroy(); } Console.Out.WriteLine("ok"); Console.Out.Write("testing expired certificates... "); Console.Out.Flush(); { // // This should fail because the server's certificate is expired. // Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); test(fact != null); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1_exp.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.VerifyPeer"] = "2"; store.Add(caCert1); Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); test(false); } catch(Ice.SecurityException) { // Expected. } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); store.Remove(caCert1); comm.destroy(); // // This should fail because the client's certificate is expired. // initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1_exp.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); comm = Ice.Util.initialize(ref args, initData); fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); test(fact != null); d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.VerifyPeer"] = "2"; store.Add(caCert1); server = fact.createServer(d); try { server.ice_ping(); test(false); } catch(Ice.ConnectionLostException) { // Expected. } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); store.Remove(caCert1); comm.destroy(); } Console.Out.WriteLine("ok"); Console.Out.Write("testing multiple CA certificates... "); Console.Out.Flush(); { Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); test(fact != null); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca2.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.VerifyPeer"] = "2"; store.Add(caCert1); store.Add(caCert2); Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); store.Remove(caCert1); store.Remove(caCert2); comm.destroy(); } Console.Out.WriteLine("ok"); Console.Out.Write("testing passwords... "); Console.Out.Flush(); { // // Test password failure. // Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); // Don't specify the password. //props.setProperty("IceSSL.Password", "password"); try { Ice.Util.initialize(ref args, initData); test(false); } catch(Ice.PluginInitializationException) { // Expected. } catch(Ice.LocalException) { test(false); } } { // // Test password failure with callback. // Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("Ice.InitPlugins", "0"); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Ice.PluginManager pm = comm.getPluginManager(); IceSSL.Plugin plugin = (IceSSL.Plugin)pm.getPlugin("IceSSL"); test(plugin != null); PasswordCallbackI cb = new PasswordCallbackI("bogus"); plugin.setPasswordCallback(cb); try { pm.initializePlugins(); test(false); } catch(Ice.PluginInitializationException) { // Expected. } catch(Ice.LocalException) { test(false); } comm.destroy(); } { // // Test installation of password callback. // Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("Ice.InitPlugins", "0"); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Ice.PluginManager pm = comm.getPluginManager(); IceSSL.Plugin plugin = (IceSSL.Plugin)pm.getPlugin("IceSSL"); test(plugin != null); PasswordCallbackI cb = new PasswordCallbackI(); plugin.setPasswordCallback(cb); test(plugin.getPasswordCallback() == cb); try { pm.initializePlugins(); } catch(Ice.LocalException) { test(false); } comm.destroy(); } { // // Test password callback property. // Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.PasswordCallback", "PasswordCallbackI"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Ice.PluginManager pm = comm.getPluginManager(); IceSSL.Plugin plugin = (IceSSL.Plugin)pm.getPlugin("IceSSL"); test(plugin != null); test(plugin.getPasswordCallback() != null); comm.destroy(); } Console.Out.WriteLine("ok"); Console.Out.Write("testing IceSSL.TrustOnly... "); Console.Out.Flush(); { Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); initData.properties.setProperty("IceSSL.TrustOnly", "C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Server"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; store.Add(caCert1); Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); store.Remove(caCert1); comm.destroy(); } { Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); initData.properties.setProperty("IceSSL.TrustOnly", "!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Server"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; store.Add(caCert1); Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); test(false); } catch(Ice.LocalException) { } fact.destroyServer(server); store.Remove(caCert1); comm.destroy(); } { Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); initData.properties.setProperty("IceSSL.TrustOnly", "C=US, ST=Florida, O=\"ZeroC, Inc.\",OU=Ice, [email protected], CN=Server"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; store.Add(caCert1); Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); store.Remove(caCert1); comm.destroy(); } { Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.TrustOnly"] = "C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client"; store.Add(caCert1); Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); store.Remove(caCert1); comm.destroy(); } { Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.TrustOnly"] = "!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client"; store.Add(caCert1); Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); test(false); } catch(Ice.LocalException) { } fact.destroyServer(server); store.Remove(caCert1); comm.destroy(); } { Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); initData.properties.setProperty("IceSSL.TrustOnly", "CN=Server"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; store.Add(caCert1); Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); store.Remove(caCert1); comm.destroy(); } { Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); initData.properties.setProperty("IceSSL.TrustOnly", "!CN=Server"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; store.Add(caCert1); Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); test(false); } catch(Ice.LocalException) { } fact.destroyServer(server); store.Remove(caCert1); comm.destroy(); } { Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.TrustOnly"] = "CN=Client"; store.Add(caCert1); Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); store.Remove(caCert1); comm.destroy(); } { Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.TrustOnly"] = "!CN=Client"; store.Add(caCert1); Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); test(false); } catch(Ice.LocalException) { } fact.destroyServer(server); store.Remove(caCert1); comm.destroy(); } { Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); initData.properties.setProperty("IceSSL.TrustOnly", "CN=Client"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; store.Add(caCert1); Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); test(false); } catch(Ice.LocalException) { } fact.destroyServer(server); store.Remove(caCert1); comm.destroy(); } { Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.TrustOnly"] = "CN=Server"; store.Add(caCert1); Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); test(false); } catch(Ice.LocalException) { } fact.destroyServer(server); store.Remove(caCert1); comm.destroy(); } { Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); initData.properties.setProperty("IceSSL.TrustOnly", "C=Canada,CN=Server"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; store.Add(caCert1); Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); test(false); } catch(Ice.LocalException) { } fact.destroyServer(server); store.Remove(caCert1); comm.destroy(); } { Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); initData.properties.setProperty("IceSSL.TrustOnly", "!C=Canada,CN=Server"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; store.Add(caCert1); Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); store.Remove(caCert1); comm.destroy(); } { Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); initData.properties.setProperty("IceSSL.TrustOnly", "C=Canada;CN=Server"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; store.Add(caCert1); Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); store.Remove(caCert1); comm.destroy(); } { Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); initData.properties.setProperty("IceSSL.TrustOnly", "!C=Canada;!CN=Server"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; store.Add(caCert1); Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); test(false); } catch(Ice.LocalException) { } fact.destroyServer(server); store.Remove(caCert1); comm.destroy(); } { Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); initData.properties.setProperty("IceSSL.TrustOnly", "!CN=Server1"); // Should not match "Server" Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; store.Add(caCert1); Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); store.Remove(caCert1); comm.destroy(); } { Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.TrustOnly"] = "!CN=Client1"; // Should not match "Client" store.Add(caCert1); Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); store.Remove(caCert1); comm.destroy(); } { // // Rejection takes precedence (client). // Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); initData.properties.setProperty("IceSSL.TrustOnly", "ST=Florida;!CN=Server;C=US"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; store.Add(caCert1); Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); test(false); } catch(Ice.LocalException) { } fact.destroyServer(server); store.Remove(caCert1); comm.destroy(); } { // // Rejection takes precedence (server). // Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.TrustOnly"] = "C=US;!CN=Client;ST=Florida"; store.Add(caCert1); Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); test(false); } catch(Ice.LocalException) { } fact.destroyServer(server); store.Remove(caCert1); comm.destroy(); } Console.Out.WriteLine("ok"); Console.Out.Write("testing IceSSL.TrustOnly.Client... "); Console.Out.Flush(); { Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); initData.properties.setProperty("IceSSL.TrustOnly.Client", "C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Server"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; // Should have no effect. d["IceSSL.TrustOnly.Client"] = "C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Server"; store.Add(caCert1); Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); store.Remove(caCert1); comm.destroy(); } { Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); initData.properties.setProperty("IceSSL.TrustOnly.Client", "!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Server"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; store.Add(caCert1); Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); test(false); } catch(Ice.LocalException) { } fact.destroyServer(server); store.Remove(caCert1); comm.destroy(); } { Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; // Should have no effect. d["IceSSL.TrustOnly.Client"] = "!CN=Client"; store.Add(caCert1); Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); store.Remove(caCert1); comm.destroy(); } { Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); initData.properties.setProperty("IceSSL.TrustOnly.Client", "CN=Client"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; store.Add(caCert1); Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); test(false); } catch(Ice.LocalException) { } fact.destroyServer(server); store.Remove(caCert1); comm.destroy(); } { Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); initData.properties.setProperty("IceSSL.TrustOnly.Client", "!CN=Client"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; store.Add(caCert1); Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); store.Remove(caCert1); comm.destroy(); } Console.Out.WriteLine("ok"); Console.Out.Write("testing IceSSL.TrustOnly.Server... "); Console.Out.Flush(); { Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); // Should have no effect. initData.properties.setProperty("IceSSL.TrustOnly.Server", "C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.TrustOnly.Server"] = "C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client"; store.Add(caCert1); Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); store.Remove(caCert1); comm.destroy(); } { Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.TrustOnly.Server"] = "!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client"; store.Add(caCert1); Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); test(false); } catch(Ice.LocalException) { } fact.destroyServer(server); store.Remove(caCert1); comm.destroy(); } { Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); // Should have no effect. initData.properties.setProperty("IceSSL.TrustOnly.Server", "!CN=Server"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; store.Add(caCert1); Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); store.Remove(caCert1); comm.destroy(); } { Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.TrustOnly.Server"] = "CN=Server"; store.Add(caCert1); Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); test(false); } catch(Ice.LocalException) { } fact.destroyServer(server); store.Remove(caCert1); comm.destroy(); } { Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.TrustOnly.Server"] = "!CN=Client"; store.Add(caCert1); Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); test(false); } catch(Ice.LocalException) { } fact.destroyServer(server); store.Remove(caCert1); comm.destroy(); } Console.Out.WriteLine("ok"); Console.Out.Write("testing IceSSL.TrustOnly.Server.<AdapterName>... "); Console.Out.Flush(); { Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.TrustOnly.Server"] = "CN=bogus"; d["IceSSL.TrustOnly.Server.ServerAdapter"] = "C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client"; store.Add(caCert1); Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); store.Remove(caCert1); comm.destroy(); } { Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.TrustOnly.Server.ServerAdapter"] = "!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client"; store.Add(caCert1); Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); test(false); } catch(Ice.LocalException) { } fact.destroyServer(server); store.Remove(caCert1); comm.destroy(); } { Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.TrustOnly.Server.ServerAdapter"] = "CN=bogus"; store.Add(caCert1); Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); test(false); } catch(Ice.LocalException) { } fact.destroyServer(server); store.Remove(caCert1); comm.destroy(); } { Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.TrustOnly.Server.ServerAdapter"] = "!CN=bogus"; store.Add(caCert1); Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); store.Remove(caCert1); comm.destroy(); } Console.Out.WriteLine("ok"); Console.Out.Write("testing IceSSL.KeySet... "); Console.Out.Flush(); { Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.DefaultDir", defaultDir); initData.properties.setProperty("IceSSL.ImportCert.LocalMachine.Root", "cacert1.pem"); initData.properties.setProperty("IceSSL.CertFile", "c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); initData.properties.setProperty("IceSSL.KeySet", "MachineKeySet"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.DefaultDir"] = defaultDir; d["IceSSL.ImportCert.LocalMachine.Root"] = "cacert1.pem"; d["IceSSL.KeySet"] = "MachineKeySet"; d["IceSSL.CertFile"] = "s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); comm.destroy(); X509Store certStore = new X509Store("Root", StoreLocation.LocalMachine); certStore.Open(OpenFlags.ReadWrite); certStore.Remove(new X509Certificate2(defaultDir + "/cacert1.pem")); } { Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.DefaultDir", defaultDir); initData.properties.setProperty("IceSSL.ImportCert.CurrentUser.Root", "cacert1.pem"); initData.properties.setProperty("IceSSL.CertFile", "c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); initData.properties.setProperty("IceSSL.KeySet", "UserKeySet"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.DefaultDir"] = defaultDir; d["IceSSL.ImportCert.CurrentUser.Root"] = "cacert1.pem"; d["IceSSL.KeySet"] = "UserKeySet"; d["IceSSL.CertFile"] = "s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); comm.destroy(); X509Store certStore = new X509Store("Root", StoreLocation.CurrentUser); certStore.Open(OpenFlags.ReadWrite); certStore.Remove(new X509Certificate2(defaultDir + "/cacert1.pem")); } Console.Out.WriteLine("ok"); } finally { store.Remove(caCert1); store.Remove(caCert2); store.Close(); } return factory; }
public static Test.ServerFactoryPrx allTests(Ice.Communicator communicator, string testDir) { string factoryRef = "factory:tcp -p 12010"; Ice.ObjectPrx b = communicator.stringToProxy(factoryRef); test(b != null); Test.ServerFactoryPrx factory = Test.ServerFactoryPrxHelper.checkedCast(b); string defaultHost = communicator.getProperties().getProperty("Ice.Default.Host"); string defaultDir = testDir + "/../certs"; Ice.Properties defaultProperties = communicator.getProperties(); // // Load the CA certificates. We could use the IceSSL.ImportCert property, but // it would be nice to remove the CA certificates when the test finishes, so // this test manually installs the certificates in the LocalMachine:AuthRoot // store. // // Note that the client and server are assumed to run on the same machine, // so the certificates installed by the client are also available to the // server. // string caCert1File = defaultDir + "/cacert1.pem"; string caCert2File = defaultDir + "/cacert2.pem"; X509Certificate2 caCert1 = new X509Certificate2(caCert1File); X509Certificate2 caCert2 = new X509Certificate2(caCert2File); X509Store store = new X509Store(StoreName.AuthRoot, StoreLocation.LocalMachine); try { store.Open(OpenFlags.ReadWrite); } catch(CryptographicException) { Console.Out.WriteLine("This test requires administrator privileges."); return factory; } try { string[] args = new string[0]; Console.Out.Write("testing manual initialization... "); Console.Out.Flush(); { Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("Ice.InitPlugins", "0"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Ice.ObjectPrx p = comm.stringToProxy("dummy:ssl -p 9999"); try { p.ice_ping(); test(false); } catch(Ice.PluginInitializationException) { // Expected. } catch(Ice.LocalException) { test(false); } comm.destroy(); } { Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("Ice.InitPlugins", "0"); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Ice.PluginManager pm = comm.getPluginManager(); pm.initializePlugins(); Ice.ObjectPrx obj = comm.stringToProxy(factoryRef); test(obj != null); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(obj); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertAuthFile"] = caCert1File; d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); comm.destroy(); } { // // Supply our own certificate. // X509Certificate2 cert = new X509Certificate2(defaultDir + "/c_rsa_nopass_ca1.pfx", "password"); X509Certificate2Collection coll = new X509Certificate2Collection(); coll.Add(cert); Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("Ice.InitPlugins", "0"); initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Ice.PluginManager pm = comm.getPluginManager(); IceSSL.Plugin plugin = (IceSSL.Plugin)pm.getPlugin("IceSSL"); test(plugin != null); plugin.setCertificates(coll); pm.initializePlugins(); Ice.ObjectPrx obj = comm.stringToProxy(factoryRef); test(obj != null); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(obj); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.CertAuthFile"] = caCert1File; d["IceSSL.Password"] = "******"; d["IceSSL.VerifyPeer"] = "2"; Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); comm.destroy(); } { // // Supply our own CA certificate. // X509Certificate2 cert = new X509Certificate2(defaultDir + "/cacert1.pem"); X509Certificate2Collection coll = new X509Certificate2Collection(); coll.Add(cert); Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("Ice.InitPlugins", "0"); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Ice.PluginManager pm = comm.getPluginManager(); IceSSL.Plugin plugin = (IceSSL.Plugin)pm.getPlugin("IceSSL"); test(plugin != null); plugin.setCACertificates(coll); pm.initializePlugins(); Ice.ObjectPrx obj = comm.stringToProxy(factoryRef); test(obj != null); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(obj); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.CertAuthFile"] = defaultDir + "/cacert1.pem"; d["IceSSL.Password"] = "******"; d["IceSSL.VerifyPeer"] = "2"; Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException ex) { Console.WriteLine(ex.ToString()); test(false); } fact.destroyServer(server); comm.destroy(); } Console.Out.WriteLine("ok"); Console.Out.Write("testing certificate verification... "); Console.Out.Flush(); { // // Test IceSSL.VerifyPeer=1. Client does not have a certificate. // Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); test(fact != null); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.VerifyPeer"] = "1"; d["IceSSL.CertAuthFile"] = caCert1File; Test.ServerPrx server = fact.createServer(d); try { server.noCert(); } catch(Ice.LocalException ex) { Console.WriteLine(ex.ToString()); test(false); } // // Validate that we can get the connection info. // try { IceSSL.NativeConnectionInfo info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo(); test(info.certs != null); } catch(Ice.LocalException ex) { Console.WriteLine(ex.ToString()); test(false); } fact.destroyServer(server); // // Test IceSSL.VerifyPeer=2. This should fail because the client // does not supply a certificate. // d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.VerifyPeer"] = "2"; d["IceSSL.CertAuthFile"] = caCert1File; server = fact.createServer(d); try { server.ice_ping(); test(false); } catch(Ice.ConnectionLostException) { // Expected. } catch(Ice.LocalException ex) { Console.WriteLine(ex.ToString()); test(false); } fact.destroyServer(server); comm.destroy(); // // Test IceSSL.VerifyPeer=1. Client has a certificate. // initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); comm = Ice.Util.initialize(ref args, initData); fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); test(fact != null); d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.VerifyPeer"] = "1"; d["IceSSL.CertAuthFile"] = caCert1File; server = fact.createServer(d); try { X509Certificate2 clientCert = new X509Certificate2(defaultDir + "/c_rsa_nopass_ca1.pfx", "password"); server.checkCert(clientCert.Subject, clientCert.Issuer); X509Certificate2 serverCert = new X509Certificate2(defaultDir + "/s_rsa_nopass_ca1.pfx", "password"); X509Certificate2 caCert = new X509Certificate2(defaultDir + "/cacert1.pem"); IceSSL.NativeConnectionInfo info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo(); test(caCert.Equals(info.nativeCerts[1])); test(serverCert.Equals(info.nativeCerts[0])); } catch(Exception ex) { Console.WriteLine(ex.ToString()); test(false); } fact.destroyServer(server); // // Test IceSSL.VerifyPeer=2. Client has a certificate. // d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.VerifyPeer"] = "2"; d["IceSSL.CertAuthFile"] = caCert1File; server = fact.createServer(d); try { X509Certificate2 clientCert = new X509Certificate2(defaultDir + "/c_rsa_nopass_ca1.pfx", "password"); server.checkCert(clientCert.Subject, clientCert.Issuer); } catch(Exception ex) { Console.WriteLine(ex.ToString()); test(false); } fact.destroyServer(server); comm.destroy(); // // Test IceSSL.VerifyPeer=1. This should fail because the // client doesn't trust the server's CA. // initData = createClientProps(defaultProperties, testDir, defaultHost); comm = Ice.Util.initialize(ref args, initData); fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); test(fact != null); d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.VerifyPeer"] = "1"; // Don't add the CA certificate. server = fact.createServer(d); try { server.ice_ping(); test(false); } catch(Ice.SecurityException) { // Expected. } catch(Ice.LocalException ex) { Console.WriteLine(ex.ToString()); test(false); } fact.destroyServer(server); comm.destroy(); // // This should succeed because the self signed certificate used by the server is // trusted. // initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertAuthFile", caCert2File); comm = Ice.Util.initialize(ref args, initData); fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); test(fact != null); d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/cacert2.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.VerifyPeer"] = "0"; server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException ex) { Console.WriteLine(ex.ToString()); test(false); } fact.destroyServer(server); comm.destroy(); // // This should fail because the self signed certificate used by the server is not // trusted. // initData = createClientProps(defaultProperties, testDir, defaultHost); comm = Ice.Util.initialize(ref args, initData); fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); test(fact != null); d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/cacert2.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.VerifyPeer"] = "0"; server = fact.createServer(d); try { server.ice_ping(); test(false); } catch(Ice.SecurityException) { // Expected. } catch(Ice.LocalException ex) { Console.WriteLine(ex.ToString()); test(false); } fact.destroyServer(server); comm.destroy(); // // Verify that IceSSL.CheckCertName has no effect in a server. // initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File); comm = Ice.Util.initialize(ref args, initData); fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); test(fact != null); d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.CheckCertName"] = "1"; d["IceSSL.CertAuthFile"] = caCert1File; server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException ex) { Console.WriteLine(ex.ToString()); test(false); } fact.destroyServer(server); comm.destroy(); // // NOTE: We can't test IceSSL.CheckCertName here because the common name (CN) field of // the server's certificate has the value "Server" and we can't use "Server" as a host // name in an endpoint (it almost certainly wouldn't resolve correctly). // // // Test IceSSL.CheckCertName. The test certificates for the server contain "127.0.0.1" // as the common name or as a subject alternative name, so we only perform this test when // the default host is "127.0.0.1". // if(defaultHost.Equals("127.0.0.1")) { // // Test subject alternative name. // { initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); initData.properties.setProperty("IceSSL.CheckCertName", "1"); initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File); comm = Ice.Util.initialize(ref args, initData); fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); test(fact != null); d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.CheckCertName"] = "1"; d["IceSSL.CertAuthFile"] = caCert1File; server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); comm.destroy(); } // // Test common name. // { initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); initData.properties.setProperty("IceSSL.CheckCertName", "1"); initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File); comm = Ice.Util.initialize(ref args, initData); fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); test(fact != null); d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1_cn1.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.CheckCertName"] = "1"; d["IceSSL.CertAuthFile"] = caCert1File; store.Add(caCert1); server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); comm.destroy(); } // // Test common name again. The certificate used in this test has "127.0.0.11" as its // common name, therefore the address "127.0.0.1" must NOT match. // { initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); initData.properties.setProperty("IceSSL.CheckCertName", "1"); initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File); comm = Ice.Util.initialize(ref args, initData); fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); test(fact != null); d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1_cn2.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.CheckCertName"] = "1"; d["IceSSL.CertAuthFile"] = caCert1File; server = fact.createServer(d); try { server.ice_ping(); test(false); } catch(Ice.LocalException) { // Expected. } fact.destroyServer(server); comm.destroy(); } } } Console.Out.WriteLine("ok"); Console.Out.Write("testing custom certificate verifier... "); Console.Out.Flush(); { // // Verify that a server certificate is present. // Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); IceSSL.Plugin plugin = (IceSSL.Plugin)comm.getPluginManager().getPlugin("IceSSL"); test(plugin != null); CertificateVerifierI verifier = new CertificateVerifierI(); plugin.setCertificateVerifier(verifier); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); test(fact != null); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.VerifyPeer"] = "2"; d["IceSSL.CertAuthFile"] = caCert1File; Test.ServerPrx server = fact.createServer(d); try { IceSSL.NativeConnectionInfo info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo(); server.checkCipher(info.cipher); } catch(Ice.LocalException) { test(false); } test(verifier.invoked()); test(verifier.hadCert()); // // Have the verifier return false. Close the connection explicitly // to force a new connection to be established. // verifier.reset(); verifier.returnValue(false); server.ice_getConnection().close(false); try { server.ice_ping(); test(false); } catch(Ice.SecurityException) { // Expected. } catch(Ice.LocalException) { test(false); } test(verifier.invoked()); test(verifier.hadCert()); fact.destroyServer(server); comm.destroy(); } { // // Verify that verifier is installed via property. // Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); initData.properties.setProperty("IceSSL.CertVerifier", "CertificateVerifierI"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); IceSSL.Plugin plugin = (IceSSL.Plugin)comm.getPluginManager().getPlugin("IceSSL"); test(plugin != null); test(plugin.getCertificateVerifier() != null); comm.destroy(); } Console.Out.WriteLine("ok"); Console.Out.Write("testing protocols... "); Console.Out.Flush(); { // // This should fail because the client and server have no protocol // in common. // Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); initData.properties.setProperty("IceSSL.Protocols", "ssl3"); initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); test(fact != null); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.VerifyPeer"] = "2"; d["IceSSL.Protocols"] = "tls1"; d["IceSSL.CertAuthFile"] = caCert1File; Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); test(false); } catch(Ice.ConnectionLostException) { // Expected. } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); comm.destroy(); // // This should succeed. // comm = Ice.Util.initialize(ref args, initData); fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); test(fact != null); d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.VerifyPeer"] = "2"; d["IceSSL.Protocols"] = "tls1, ssl3"; d["IceSSL.CertAuthFile"] = caCert1File; server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); comm.destroy(); // // This should succeed with .NET 4.5 or greater and fails otherwise // bool is45OrGreater = false; try { Enum.Parse(typeof(System.Security.Authentication.SslProtocols), "Tls12"); is45OrGreater = true; } catch(Exception) { } try { initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); initData.properties.setProperty("IceSSL.Protocols", "tls1_2"); initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File); comm = Ice.Util.initialize(ref args, initData); fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); test(fact != null); d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.VerifyPeer"] = "2"; d["IceSSL.Protocols"] = "tls1_2"; d["IceSSL.CertAuthFile"] = caCert1File; server = fact.createServer(d); server.ice_ping(); fact.destroyServer(server); comm.destroy(); } catch(Ice.PluginInitializationException) { // Expected with .NET < 4.5 test(!is45OrGreater); } catch(Ice.LocalException) { test(false); } } { // // This should fail because the client ony enables SSLv3 and the server // uses the default protocol set that disables SSLv3 // Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); initData.properties.setProperty("IceSSL.Protocols", "ssl3"); initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); test(fact != null); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.VerifyPeer"] = "2"; d["IceSSL.CertAuthFile"] = caCert1File; Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); test(false); } catch(Ice.ConnectionLostException) { // Expected. } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); comm.destroy(); // // This should success because the client and the server enables SSLv3 // comm = Ice.Util.initialize(ref args, initData); fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); test(fact != null); d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.VerifyPeer"] = "2"; d["IceSSL.Protocols"] = "ssl3, tls1_0, tls1_1, tls1_2"; d["IceSSL.CertAuthFile"] = caCert1File; server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); comm.destroy(); } Console.Out.WriteLine("ok"); Console.Out.Write("testing expired certificates... "); Console.Out.Flush(); { // // This should fail because the server's certificate is expired. // Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); test(fact != null); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1_exp.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.VerifyPeer"] = "2"; d["IceSSL.CertAuthFile"] = caCert1File; Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); test(false); } catch(Ice.SecurityException) { // Expected. } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); comm.destroy(); // // This should fail because the client's certificate is expired. // initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1_exp.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File); comm = Ice.Util.initialize(ref args, initData); fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); test(fact != null); d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.VerifyPeer"] = "2"; d["IceSSL.CertAuthFile"] = caCert1File; server = fact.createServer(d); try { server.ice_ping(); test(false); } catch(Ice.ConnectionLostException) { // Expected. } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); comm.destroy(); } Console.Out.WriteLine("ok"); Console.Out.Write("testing multiple CA certificates... "); Console.Out.Flush(); { Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); test(fact != null); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca2.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.VerifyPeer"] = "2"; store.Add(caCert1); store.Add(caCert2); Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); store.Remove(caCert1); store.Remove(caCert2); comm.destroy(); } Console.Out.WriteLine("ok"); Console.Out.Write("testing passwords... "); Console.Out.Flush(); { // // Test password failure. // Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); // Don't specify the password. //props.setProperty("IceSSL.Password", "password"); try { Ice.Util.initialize(ref args, initData); test(false); } catch(Ice.PluginInitializationException) { // Expected. } catch(Ice.LocalException) { test(false); } } { // // Test password failure with callback. // Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("Ice.InitPlugins", "0"); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Ice.PluginManager pm = comm.getPluginManager(); IceSSL.Plugin plugin = (IceSSL.Plugin)pm.getPlugin("IceSSL"); test(plugin != null); PasswordCallbackI cb = new PasswordCallbackI("bogus"); plugin.setPasswordCallback(cb); try { pm.initializePlugins(); test(false); } catch(Ice.PluginInitializationException) { // Expected. } catch(Ice.LocalException) { test(false); } comm.destroy(); } { // // Test installation of password callback. // Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("Ice.InitPlugins", "0"); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Ice.PluginManager pm = comm.getPluginManager(); IceSSL.Plugin plugin = (IceSSL.Plugin)pm.getPlugin("IceSSL"); test(plugin != null); PasswordCallbackI cb = new PasswordCallbackI(); plugin.setPasswordCallback(cb); test(plugin.getPasswordCallback() == cb); try { pm.initializePlugins(); } catch(Ice.LocalException) { test(false); } comm.destroy(); } { // // Test password callback property. // Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.PasswordCallback", "PasswordCallbackI"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Ice.PluginManager pm = comm.getPluginManager(); IceSSL.Plugin plugin = (IceSSL.Plugin)pm.getPlugin("IceSSL"); test(plugin != null); test(plugin.getPasswordCallback() != null); comm.destroy(); } Console.Out.WriteLine("ok"); Console.Out.Write("testing IceSSL.TrustOnly... "); Console.Out.Flush(); { Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); initData.properties.setProperty("IceSSL.TrustOnly", "C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Server"); initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.CertAuthFile"] = caCert1File; Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); comm.destroy(); } { Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); initData.properties.setProperty("IceSSL.TrustOnly", "!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Server"); initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.CertAuthFile"] = caCert1File; Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); test(false); } catch(Ice.LocalException) { } fact.destroyServer(server); comm.destroy(); } { Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); initData.properties.setProperty("IceSSL.TrustOnly", "C=US, ST=Florida, O=\"ZeroC, Inc.\",OU=Ice, [email protected], CN=Server"); initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.CertAuthFile"] = caCert1File; Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); comm.destroy(); } { Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.TrustOnly"] = "C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client"; d["IceSSL.CertAuthFile"] = caCert1File; Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); comm.destroy(); } { Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.TrustOnly"] = "!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client"; d["IceSSL.CertAuthFile"] = caCert1File; Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); test(false); } catch(Ice.LocalException) { } fact.destroyServer(server); comm.destroy(); } { Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); initData.properties.setProperty("IceSSL.TrustOnly", "CN=Server"); initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.CertAuthFile"] = caCert1File; Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); comm.destroy(); } { Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); initData.properties.setProperty("IceSSL.TrustOnly", "!CN=Server"); initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.CertAuthFile"] = caCert1File; Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); test(false); } catch(Ice.LocalException) { } fact.destroyServer(server); comm.destroy(); } { Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.TrustOnly"] = "CN=Client"; d["IceSSL.CertAuthFile"] = caCert1File; Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); comm.destroy(); } { Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.TrustOnly"] = "!CN=Client"; d["IceSSL.CertAuthFile"] = caCert1File; Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); test(false); } catch(Ice.LocalException) { } fact.destroyServer(server); comm.destroy(); } { Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); initData.properties.setProperty("IceSSL.TrustOnly", "CN=Client"); initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.CertAuthFile"] = caCert1File; Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); test(false); } catch(Ice.LocalException) { } fact.destroyServer(server); store.Remove(caCert1); comm.destroy(); } { Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.TrustOnly"] = "CN=Server"; d["IceSSL.CertAuthFile"] = caCert1File; Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); test(false); } catch(Ice.LocalException) { } fact.destroyServer(server); comm.destroy(); } { Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); initData.properties.setProperty("IceSSL.TrustOnly", "C=Canada,CN=Server"); initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.CertAuthFile"] = caCert1File; Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); test(false); } catch(Ice.LocalException) { } fact.destroyServer(server); comm.destroy(); } { Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); initData.properties.setProperty("IceSSL.TrustOnly", "!C=Canada,CN=Server"); initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.CertAuthFile"] = caCert1File; Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); comm.destroy(); } { Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); initData.properties.setProperty("IceSSL.TrustOnly", "C=Canada;CN=Server"); initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.CertAuthFile"] = caCert1File; Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); comm.destroy(); } { Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); initData.properties.setProperty("IceSSL.TrustOnly", "!C=Canada;!CN=Server"); initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.CertAuthFile"] = caCert1File; Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); test(false); } catch(Ice.LocalException) { } fact.destroyServer(server); comm.destroy(); } { Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); initData.properties.setProperty("IceSSL.TrustOnly", "!CN=Server1"); // Should not match "Server" initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.CertAuthFile"] = caCert1File; Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); comm.destroy(); } { Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.TrustOnly"] = "!CN=Client1"; // Should not match "Client" d["IceSSL.CertAuthFile"] = caCert1File; Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); comm.destroy(); } { // // Rejection takes precedence (client). // Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); initData.properties.setProperty("IceSSL.TrustOnly", "ST=Florida;!CN=Server;C=US"); initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.CertAuthFile"] = caCert1File; Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); test(false); } catch(Ice.LocalException) { } fact.destroyServer(server); comm.destroy(); } { // // Rejection takes precedence (server). // Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.TrustOnly"] = "C=US;!CN=Client;ST=Florida"; d["IceSSL.CertAuthFile"] = caCert1File; Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); test(false); } catch(Ice.LocalException) { } fact.destroyServer(server); comm.destroy(); } Console.Out.WriteLine("ok"); Console.Out.Write("testing IceSSL.TrustOnly.Client... "); Console.Out.Flush(); { Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); initData.properties.setProperty("IceSSL.TrustOnly.Client", "C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Server"); initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; // Should have no effect. d["IceSSL.TrustOnly.Client"] = "C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Server"; d["IceSSL.CertAuthFile"] = caCert1File; Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); comm.destroy(); } { Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); initData.properties.setProperty("IceSSL.TrustOnly.Client", "!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Server"); initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.CertAuthFile"] = caCert1File; Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); test(false); } catch(Ice.LocalException) { } fact.destroyServer(server); comm.destroy(); } { Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; // Should have no effect. d["IceSSL.TrustOnly.Client"] = "!CN=Client"; d["IceSSL.CertAuthFile"] = caCert1File; Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); comm.destroy(); } { Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); initData.properties.setProperty("IceSSL.TrustOnly.Client", "CN=Client"); initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.CertAuthFile"] = caCert1File; Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); test(false); } catch(Ice.LocalException) { } fact.destroyServer(server); comm.destroy(); } { Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); initData.properties.setProperty("IceSSL.TrustOnly.Client", "!CN=Client"); initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.CertAuthFile"] = caCert1File; Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); comm.destroy(); } Console.Out.WriteLine("ok"); Console.Out.Write("testing IceSSL.TrustOnly.Server... "); Console.Out.Flush(); { Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); // Should have no effect. initData.properties.setProperty("IceSSL.TrustOnly.Server", "C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client"); initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.TrustOnly.Server"] = "C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client"; d["IceSSL.CertAuthFile"] = caCert1File; Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); comm.destroy(); } { Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.TrustOnly.Server"] = "!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client"; d["IceSSL.CertAuthFile"] = caCert1File; Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); test(false); } catch(Ice.LocalException) { } fact.destroyServer(server); comm.destroy(); } { Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); // Should have no effect. initData.properties.setProperty("IceSSL.TrustOnly.Server", "!CN=Server"); initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.CertAuthFile"] = caCert1File; Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); comm.destroy(); } { Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.TrustOnly.Server"] = "CN=Server"; d["IceSSL.CertAuthFile"] = caCert1File; Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); test(false); } catch(Ice.LocalException) { } fact.destroyServer(server); comm.destroy(); } { Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.TrustOnly.Server"] = "!CN=Client"; d["IceSSL.CertAuthFile"] = caCert1File; Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); test(false); } catch(Ice.LocalException) { } fact.destroyServer(server); comm.destroy(); } Console.Out.WriteLine("ok"); Console.Out.Write("testing IceSSL.TrustOnly.Server.<AdapterName>... "); Console.Out.Flush(); { Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.TrustOnly.Server"] = "CN=bogus"; d["IceSSL.TrustOnly.Server.ServerAdapter"] = "C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client"; d["IceSSL.CertAuthFile"] = caCert1File; Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); comm.destroy(); } { Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.TrustOnly.Server.ServerAdapter"] = "!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client"; d["IceSSL.CertAuthFile"] = caCert1File; Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); test(false); } catch(Ice.LocalException) { } fact.destroyServer(server); comm.destroy(); } { Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.TrustOnly.Server.ServerAdapter"] = "CN=bogus"; d["IceSSL.CertAuthFile"] = caCert1File; store.Add(caCert1); Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); test(false); } catch(Ice.LocalException) { } fact.destroyServer(server); comm.destroy(); } { Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; d["IceSSL.TrustOnly.Server.ServerAdapter"] = "!CN=bogus"; d["IceSSL.CertAuthFile"] = caCert1File; Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); comm.destroy(); } Console.Out.WriteLine("ok"); Console.Out.Write("testing IceSSL.KeySet... "); Console.Out.Flush(); { Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.DefaultDir", defaultDir); initData.properties.setProperty("IceSSL.ImportCert.LocalMachine.Root", "cacert1.pem"); initData.properties.setProperty("IceSSL.CertFile", "c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); initData.properties.setProperty("IceSSL.KeySet", "MachineKeySet"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.DefaultDir"] = defaultDir; d["IceSSL.ImportCert.LocalMachine.Root"] = "cacert1.pem"; d["IceSSL.KeySet"] = "MachineKeySet"; d["IceSSL.CertFile"] = "s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); comm.destroy(); X509Store certStore = new X509Store("Root", StoreLocation.LocalMachine); certStore.Open(OpenFlags.ReadWrite); certStore.Remove(new X509Certificate2(defaultDir + "/cacert1.pem")); } { Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.DefaultDir", defaultDir); initData.properties.setProperty("IceSSL.ImportCert.CurrentUser.Root", "cacert1.pem"); initData.properties.setProperty("IceSSL.CertFile", "c_rsa_nopass_ca1.pfx"); initData.properties.setProperty("IceSSL.Password", "password"); initData.properties.setProperty("IceSSL.KeySet", "UserKeySet"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.DefaultDir"] = defaultDir; d["IceSSL.ImportCert.CurrentUser.Root"] = "cacert1.pem"; d["IceSSL.KeySet"] = "UserKeySet"; d["IceSSL.CertFile"] = "s_rsa_nopass_ca1.pfx"; d["IceSSL.Password"] = "******"; Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); comm.destroy(); X509Store certStore = new X509Store("Root", StoreLocation.CurrentUser); certStore.Open(OpenFlags.ReadWrite); certStore.Remove(new X509Certificate2(defaultDir + "/cacert1.pem")); } Console.Out.WriteLine("ok"); Console.Out.Write("testing IceSSL.FindCerts properties... "); Console.Out.Flush(); { string[] clientFindCertProperties = new string[] { "SUBJECTDN:'CN=Client, [email protected], OU=Ice, O=\"ZeroC, Inc.\", S=Florida, C=US'", "ISSUER:'ZeroC, Inc.' SUBJECT:Client SERIAL:02", "ISSUERDN:'[email protected], CN=ZeroC Test CA 1, OU=Ice, O=\"ZeroC, Inc.\"," + " L=Palm Beach Gardens, S=Florida, C=US' SUBJECT:Client", "THUMBPRINT:'54 26 20 f0 93 a9 b6 bc 2a 8c 83 ef 14 d4 49 18 a3 18 67 46'", "SUBJECTKEYID:'58 77 81 07 55 2a 0c 10 19 88 13 47 6f 27 6e 21 75 5f 85 ca'" }; string[] serverFindCertProperties = new string[] { "SUBJECTDN:'CN=Server, [email protected], OU=Ice, O=\"ZeroC, Inc.\", S=Florida, C=US'", "ISSUER:'ZeroC, Inc.' SUBJECT:Server SERIAL:01", "ISSUERDN:'[email protected], CN=ZeroC Test CA 1, OU=Ice, O=\"ZeroC, Inc.\"," + " L=Palm Beach Gardens, S=Florida, C=US' SUBJECT:Server", "THUMBPRINT:'27 e0 18 c9 23 12 6c f0 5c da fa 36 5a 4c 63 5a e2 53 07 1a'", "SUBJECTKEYID:'a6 42 aa 17 04 41 86 56 67 e4 04 64 59 34 30 c7 4c 6b ef a4'" }; string[] failFindCertProperties = new string[] { "SUBJECTDN:'CN = Client, E = [email protected], OU = Ice, O = \"ZeroC, Inc.\", S = Florida, C = US'", "ISSUER:'ZeroC, Inc.' SUBJECT:Client SERIAL:'02 02'", "ISSUERDN:'[email protected], CN=ZeroC Test CA 1, OU=Ice, O=\"ZeroC, Inc.\"," + " L=Palm Beach Gardens, S=Florida, C=ES' SUBJECT:Client", "THUMBPRINT:'27 e0 18 c9 23 12 6c f0 5c da fa 36 5a 4c 63 5a e2 53 07 ff'", "SUBJECTKEYID:'a6 42 aa 17 04 41 86 56 67 e4 04 64 59 34 30 c7 4c 6b ef ff'" }; string[] certificates = new string[] {"/s_rsa_nopass_ca1.pfx", "/c_rsa_nopass_ca1.pfx"}; X509Store certStore = new X509Store("My", StoreLocation.CurrentUser); certStore.Open(OpenFlags.ReadWrite); try { foreach(string cert in certificates) { certStore.Add(new X509Certificate2(defaultDir + cert, "password")); } for(int i = 0; i < clientFindCertProperties.Length; ++i) { Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.DefaultDir", defaultDir); initData.properties.setProperty("IceSSL.CertAuthFile", "cacert1.pem"); initData.properties.setProperty("IceSSL.FindCert.CurrentUser.My", clientFindCertProperties[i]); // // Use TrustOnly to ensure the peer has pick the expected certificate. // initData.properties.setProperty("IceSSL.TrustOnly", "CN=Server"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost); d["IceSSL.DefaultDir"] = defaultDir; d["IceSSL.CertAuthFile"] = "cacert1.pem"; d["IceSSL.FindCert.CurrentUser.My"] = serverFindCertProperties[i]; // // Use TrustOnly to ensure the peer has pick the expected certificate. // d["IceSSL.TrustOnly"] = "CN=Client"; Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); comm.destroy(); } // // These must fail because the search criteria does not match any certificates. // foreach(string s in failFindCertProperties) { try { Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.FindCert.CurrentUser.My", s); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); test(false); } catch(Ice.PluginInitializationException) { // Expected } catch(Ice.LocalException) { test(false); } } } finally { foreach(string cert in certificates) { certStore.Remove(new X509Certificate2(defaultDir + cert, "password")); } certStore.Close(); } // // These must fail because we have already remove the certificates. // foreach(string s in clientFindCertProperties) { try { Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost); initData.properties.setProperty("IceSSL.FindCert.CurrentUser.My", s); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); test(false); } catch(Ice.PluginInitializationException) { // Expected } catch(Ice.LocalException) { test(false); } } } Console.Out.WriteLine("ok"); } finally { store.Remove(caCert1); store.Remove(caCert2); store.Close(); } return factory; }
public static void X509Certificate2CollectionRemoveRangeCollection() { using (X509Certificate2 c1 = new X509Certificate2()) using (X509Certificate2 c2 = new X509Certificate2(TestData.PfxData, TestData.PfxDataPassword)) using (X509Certificate c3 = new X509Certificate()) { X509Certificate2[] array = new X509Certificate2[] { c1, c2 }; X509Certificate2Collection cc = new X509Certificate2Collection(array); cc.RemoveRange(new X509Certificate2Collection { c1, c2 }); Assert.Equal(0, cc.Count); cc = new X509Certificate2Collection(array); cc.RemoveRange(new X509Certificate2Collection { c2, c1 }); Assert.Equal(0, cc.Count); cc = new X509Certificate2Collection(array); cc.RemoveRange(new X509Certificate2Collection { c1 }); Assert.Equal(1, cc.Count); Assert.Same(c2, cc[0]); cc = new X509Certificate2Collection(array); X509Certificate2Collection collection = new X509Certificate2Collection(); collection.Add(c1); collection.Add(c2); ((IList)collection).Add(c3); // Add non-X509Certificate2 object Assert.Throws<InvalidCastException>(() => cc.RemoveRange(collection)); Assert.Equal(2, cc.Count); Assert.Same(c1, cc[0]); Assert.Same(c2, cc[1]); cc = new X509Certificate2Collection(array); collection = new X509Certificate2Collection(); collection.Add(c1); ((IList)collection).Add(c3); // Add non-X509Certificate2 object collection.Add(c2); Assert.Throws<InvalidCastException>(() => cc.RemoveRange(collection)); Assert.Equal(2, cc.Count); Assert.Same(c2, cc[0]); Assert.Same(c1, cc[1]); } }
public static Test.ServerFactoryPrx allTests(Ice.Communicator communicator, string testDir) { string factoryRef = "factory:tcp -p 12010"; Ice.ObjectPrx b = communicator.stringToProxy(factoryRef); test(b != null); Test.ServerFactoryPrx factory = Test.ServerFactoryPrxHelper.checkedCast(b); string defaultHost = communicator.getProperties().getProperty("Ice.Default.Host"); string defaultDir = testDir + "/../certs"; Ice.Properties defaultProperties = communicator.getProperties(); // // Load the CA certificates. We could use the IceSSL.ImportCert property, but // it would be nice to remove the CA certificates when the test finishes, so // this test manually installs the certificates in the LocalMachine:AuthRoot // store. // // Note that the client and server are assumed to run on the same machine, // so the certificates installed by the client are also available to the // server. // string caCert1File = defaultDir + "/cacert1.pem"; string caCert2File = defaultDir + "/cacert2.pem"; X509Certificate2 caCert1 = new X509Certificate2(caCert1File); X509Certificate2 caCert2 = new X509Certificate2(caCert2File); X509Store store = new X509Store(StoreName.AuthRoot, StoreLocation.LocalMachine); bool isAdministrator = false; try { store.Open(OpenFlags.ReadWrite); isAdministrator = true; } catch(CryptographicException) { store.Open(OpenFlags.ReadOnly); Console.Out.WriteLine("warning: some test requires administrator privileges, run as Administrator to run all the tests."); } Ice.InitializationData initData; Dictionary<string, string> d; try { string[] args = new string[0]; Console.Out.Write("testing manual initialization... "); Console.Out.Flush(); { initData = createClientProps(defaultProperties, defaultDir, defaultHost); initData.properties.setProperty("Ice.InitPlugins", "0"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Ice.ObjectPrx p = comm.stringToProxy("dummy:ssl -p 9999"); try { p.ice_ping(); test(false); } catch(Ice.PluginInitializationException) { // Expected. } catch(Ice.LocalException) { test(false); } comm.destroy(); } { initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1"); initData.properties.setProperty("Ice.InitPlugins", "0"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Ice.PluginManager pm = comm.getPluginManager(); pm.initializePlugins(); Ice.ObjectPrx obj = comm.stringToProxy(factoryRef); test(obj != null); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(obj); d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1"); Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); comm.destroy(); } { // // Supply our own certificate. // X509Certificate2 cert = new X509Certificate2(defaultDir + "/c_rsa_ca1.p12", "password"); X509Certificate2Collection coll = new X509Certificate2Collection(); coll.Add(cert); initData = createClientProps(defaultProperties, defaultDir, defaultHost); initData.properties.setProperty("Ice.InitPlugins", "0"); initData.properties.setProperty("IceSSL.CAs", caCert1File); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Ice.PluginManager pm = comm.getPluginManager(); IceSSL.Plugin plugin = (IceSSL.Plugin)pm.getPlugin("IceSSL"); test(plugin != null); plugin.setCertificates(coll); pm.initializePlugins(); Ice.ObjectPrx obj = comm.stringToProxy(factoryRef); test(obj != null); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(obj); d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1"); d["IceSSL.VerifyPeer"] = "2"; Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); comm.destroy(); } { // // Supply our own CA certificate. // X509Certificate2 cert = new X509Certificate2(defaultDir + "/cacert1.pem"); X509Certificate2Collection coll = new X509Certificate2Collection(); coll.Add(cert); initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", ""); initData.properties.setProperty("Ice.InitPlugins", "0"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Ice.PluginManager pm = comm.getPluginManager(); IceSSL.Plugin plugin = (IceSSL.Plugin)pm.getPlugin("IceSSL"); test(plugin != null); plugin.setCACertificates(coll); pm.initializePlugins(); Ice.ObjectPrx obj = comm.stringToProxy(factoryRef); test(obj != null); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(obj); d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1"); d["IceSSL.VerifyPeer"] = "2"; Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException ex) { Console.WriteLine(ex.ToString()); test(false); } fact.destroyServer(server); comm.destroy(); } Console.Out.WriteLine("ok"); Console.Out.Write("testing certificate verification... "); Console.Out.Flush(); { // // Test IceSSL.VerifyPeer=0. Client does not have a certificate, // and it doesn't trust the server certificate. // initData = createClientProps(defaultProperties, defaultDir, defaultHost, "", ""); initData.properties.setProperty("IceSSL.VerifyPeer", "0"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); test(fact != null); d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", ""); d["IceSSL.VerifyPeer"] = "0"; Test.ServerPrx server = fact.createServer(d); try { server.noCert(); test(!((IceSSL.ConnectionInfo)server.ice_getConnection().getInfo()).verified); } catch(Ice.LocalException ex) { Console.WriteLine(ex.ToString()); test(false); } fact.destroyServer(server); comm.destroy(); // // Test IceSSL.VerifyPeer=0. Client does not have a certificate, // but it still verifies the server's. // initData = createClientProps(defaultProperties, defaultDir, defaultHost, "", "cacert1"); initData.properties.setProperty("IceSSL.VerifyPeer", "0"); comm = Ice.Util.initialize(ref args, initData); fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); test(fact != null); d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", ""); d["IceSSL.VerifyPeer"] = "0"; server = fact.createServer(d); try { server.noCert(); test(((IceSSL.ConnectionInfo)server.ice_getConnection().getInfo()).verified); } catch(Ice.LocalException ex) { Console.WriteLine(ex.ToString()); test(false); } fact.destroyServer(server); comm.destroy(); // // Test IceSSL.VerifyPeer=1. Client does not have a certificate. // initData = createClientProps(defaultProperties, defaultDir, defaultHost, "", "cacert1"); comm = Ice.Util.initialize(ref args, initData); fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); test(fact != null); d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", ""); d["IceSSL.VerifyPeer"] = "1"; server = fact.createServer(d); try { server.noCert(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); // // Test IceSSL.VerifyPeer=2. This should fail because the client // does not supply a certificate. // d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", ""); d["IceSSL.VerifyPeer"] = "2"; server = fact.createServer(d); try { server.ice_ping(); test(false); } catch(Ice.ConnectionLostException) { // Expected. } catch(Ice.LocalException ex) { Console.WriteLine(ex.ToString()); test(false); } fact.destroyServer(server); comm.destroy(); // // Test IceSSL.VerifyPeer=1. Client has a certificate. // // Provide "cacert1" to the client to verify the server // certificate (without this the client connection wouln't be // able to provide the certificate chain). // initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1"); comm = Ice.Util.initialize(ref args, initData); fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); test(fact != null); d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1"); d["IceSSL.VerifyPeer"] = "1"; server = fact.createServer(d); try { X509Certificate2 clientCert = new X509Certificate2(defaultDir + "/c_rsa_ca1.p12", "password"); server.checkCert(clientCert.Subject, clientCert.Issuer); X509Certificate2 serverCert = new X509Certificate2(defaultDir + "/s_rsa_ca1.p12", "password"); X509Certificate2 caCert = new X509Certificate2(defaultDir + "/cacert1.pem"); IceSSL.NativeConnectionInfo info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo(); test(info.nativeCerts.Length == 2); test(info.verified); test(caCert.Equals(info.nativeCerts[1])); test(serverCert.Equals(info.nativeCerts[0])); } catch(Exception ex) { Console.WriteLine(ex.ToString()); test(false); } fact.destroyServer(server); // // Test IceSSL.VerifyPeer=2. Client has a certificate. // d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1"); d["IceSSL.VerifyPeer"] = "2"; server = fact.createServer(d); try { X509Certificate2 clientCert = new X509Certificate2(defaultDir + "/c_rsa_ca1.p12", "password"); server.checkCert(clientCert.Subject, clientCert.Issuer); } catch(Exception ex) { Console.WriteLine(ex.ToString()); test(false); } fact.destroyServer(server); comm.destroy(); // // Test IceSSL.VerifyPeer=1. This should fail because the // client doesn't trust the server's CA. // initData = createClientProps(defaultProperties, defaultDir, defaultHost, "", ""); comm = Ice.Util.initialize(ref args, initData); fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); test(fact != null); d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", ""); d["IceSSL.VerifyPeer"] = "0"; server = fact.createServer(d); try { server.ice_ping(); test(false); } catch(Ice.SecurityException) { // Expected. } catch(Ice.LocalException ex) { Console.WriteLine(ex.ToString()); test(false); } fact.destroyServer(server); comm.destroy(); // // Test IceSSL.VerifyPeer=1. This should fail because the // server doesn't trust the client's CA. // initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca2", ""); initData.properties.setProperty("IceSSL.VerifyPeer", "0"); comm = Ice.Util.initialize(ref args, initData); fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); test(fact != null); d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", ""); d["IceSSL.VerifyPeer"] = "1"; server = fact.createServer(d); try { server.ice_ping(); test(false); } catch(Ice.SecurityException) { // Expected. } catch(Ice.ConnectionLostException) { // Expected. } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); comm.destroy(); // // This should succeed because the self signed certificate used by the server is // trusted. // initData = createClientProps(defaultProperties, defaultDir, defaultHost, "", "cacert2"); comm = Ice.Util.initialize(ref args, initData); fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); test(fact != null); d = createServerProps(defaultProperties, defaultDir, defaultHost, "cacert2", ""); d["IceSSL.VerifyPeer"] = "0"; server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException ex) { Console.WriteLine(ex.ToString()); test(false); } fact.destroyServer(server); comm.destroy(); // // This should l because the self signed certificate used by the server is not // trusted. // initData = createClientProps(defaultProperties, defaultDir, defaultHost); comm = Ice.Util.initialize(ref args, initData); fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); test(fact != null); d = createServerProps(defaultProperties, defaultDir, defaultHost, "cacert2", ""); d["IceSSL.VerifyPeer"] = "0"; server = fact.createServer(d); try { server.ice_ping(); test(false); } catch(Ice.SecurityException) { // Expected. } catch(Ice.LocalException ex) { Console.WriteLine(ex.ToString()); test(false); } fact.destroyServer(server); comm.destroy(); // // Verify that IceSSL.CheckCertName has no effect in a server. // initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1"); comm = Ice.Util.initialize(ref args, initData); fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); test(fact != null); d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1"); d["IceSSL.CheckCertName"] = "1"; server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException ex) { Console.WriteLine(ex.ToString()); test(false); } fact.destroyServer(server); comm.destroy(); // // NOTE: We can't test IceSSL.CheckCertName here because the common name (CN) field of // the server's certificate has the value "Server" and we can't use "Server" as a host // name in an endpoint (it almost certainly wouldn't resolve correctly). // // // Test IceSSL.CheckCertName. The test certificates for the server contain "127.0.0.1" // as the common name or as a subject alternative name, so we only perform this test when // the default host is "127.0.0.1". // if(defaultHost.Equals("127.0.0.1")) { // // Test subject alternative name. // { initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1"); initData.properties.setProperty("IceSSL.CheckCertName", "1"); comm = Ice.Util.initialize(ref args, initData); fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); test(fact != null); d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1"); d["IceSSL.CheckCertName"] = "1"; server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); comm.destroy(); } // // Test common name. // { initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1"); initData.properties.setProperty("IceSSL.CheckCertName", "1"); comm = Ice.Util.initialize(ref args, initData); fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); test(fact != null); d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1_cn1", "cacert1"); d["IceSSL.CheckCertName"] = "1"; server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); comm.destroy(); } // // Test common name again. The certificate used in this test has "127.0.0.11" as its // common name, therefore the address "127.0.0.1" must NOT match. // { initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1"); initData.properties.setProperty("IceSSL.CheckCertName", "1"); comm = Ice.Util.initialize(ref args, initData); fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); test(fact != null); d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1_cn2", "cacert1"); d["IceSSL.CheckCertName"] = "1"; server = fact.createServer(d); try { server.ice_ping(); test(false); } catch(Ice.LocalException) { // Expected. } fact.destroyServer(server); comm.destroy(); } } } Console.Out.WriteLine("ok"); Console.Out.Write("testing certificate chains... "); Console.Out.Flush(); { X509Store certStore = new X509Store("My", StoreLocation.CurrentUser); certStore.Open(OpenFlags.ReadWrite); X509Certificate2Collection certs = new X509Certificate2Collection(); certs.Import(defaultDir + "/s_rsa_cai2.p12", "password", X509KeyStorageFlags.DefaultKeySet); foreach(X509Certificate2 cert in certs) { certStore.Add(cert); } try { IceSSL.NativeConnectionInfo info; initData = createClientProps(defaultProperties, defaultDir, defaultHost, "", ""); initData.properties.setProperty("IceSSL.VerifyPeer", "0"); Ice.Communicator comm = Ice.Util.initialize(initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); test(fact != null); // // The client can't verify the server certificate but it should // still provide it. "s_rsa_ca1" doesn't include the root so the // cert size should be 1. // d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", ""); d["IceSSL.VerifyPeer"] = "0"; Test.ServerPrx server = fact.createServer(d); try { info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo(); test(info.nativeCerts.Length == 1); test(!info.verified); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); // // Setting the CA for the server shouldn't change anything, it // shouldn't modify the cert chain sent to the client. // d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1"); d["IceSSL.VerifyPeer"] = "0"; server = fact.createServer(d); try { info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo(); test(info.nativeCerts.Length == 1); test(!info.verified); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); // // The client can't verify the server certificate but should // still provide it. "s_rsa_wroot_ca1" includes the root so // the cert size should be 2. // d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_wroot_ca1", ""); d["IceSSL.VerifyPeer"] = "0";; server = fact.createServer(d); try { info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo(); test(info.nativeCerts.Length == 1); // Like the SChannel transport, .NET never sends the root. } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); comm.destroy(); // // Now the client verifies the server certificate // initData = createClientProps(defaultProperties, defaultDir, defaultHost, "", "cacert1"); initData.properties.setProperty("IceSSL.VerifyPeer", "1"); comm = Ice.Util.initialize(initData); fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); test(fact != null); { d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", ""); d["IceSSL.VerifyPeer"] = "0";; server = fact.createServer(d); try { info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo(); test(info.nativeCerts.Length == 2); test(info.verified); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); } // // Try certificate with one intermediate and VerifyDepthMax=2 // initData = createClientProps(defaultProperties, defaultDir, defaultHost, "", "cacert1"); initData.properties.setProperty("IceSSL.VerifyPeer", "1"); initData.properties.setProperty("IceSSL.VerifyDepthMax", "2"); comm = Ice.Util.initialize(initData); fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); test(fact != null); { d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_cai1", ""); d["IceSSL.VerifyPeer"] = "0";; server = fact.createServer(d); try { server.ice_getConnection().getInfo(); test(false); } catch(Ice.SecurityException) { // Chain length too long } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); } comm.destroy(); // // Set VerifyDepthMax to 3 (the default) // initData = createClientProps(defaultProperties, defaultDir, defaultHost, "", "cacert1"); initData.properties.setProperty("IceSSL.VerifyPeer", "1"); //initData.properties.setProperty("IceSSL.VerifyDepthMax", "3"); comm = Ice.Util.initialize(initData); fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); test(fact != null); { d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_cai1", ""); d["IceSSL.VerifyPeer"] = "0";; server = fact.createServer(d); try { info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo(); test(info.nativeCerts.Length == 3); test(info.verified); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); } { d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_cai2", ""); d["IceSSL.VerifyPeer"] = "0";; server = fact.createServer(d); try { server.ice_getConnection().getInfo(); test(false); } catch(Ice.SecurityException) { // Chain length too long } fact.destroyServer(server); } comm.destroy(); // // Increase VerifyDepthMax to 4 // initData = createClientProps(defaultProperties, defaultDir, defaultHost, "", "cacert1"); initData.properties.setProperty("IceSSL.VerifyPeer", "1"); initData.properties.setProperty("IceSSL.VerifyDepthMax", "4"); comm = Ice.Util.initialize(initData); fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); test(fact != null); { d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_cai2", ""); d["IceSSL.VerifyPeer"] = "0";; server = fact.createServer(d); try { info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo(); test(info.nativeCerts.Length == 4); test(info.verified); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); } comm.destroy(); // // Increase VerifyDepthMax to 4 // initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_cai2", "cacert1"); initData.properties.setProperty("IceSSL.VerifyPeer", "1"); initData.properties.setProperty("IceSSL.VerifyDepthMax", "4"); comm = Ice.Util.initialize(initData); fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); test(fact != null); { d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_cai2", "cacert1"); d["IceSSL.VerifyPeer"] = "2"; server = fact.createServer(d); try { server.ice_getConnection(); test(false); } catch(Ice.ProtocolException) { // Expected } catch(Ice.ConnectionLostException) { // Expected } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); } { d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_cai2", "cacert1"); d["IceSSL.VerifyPeer"] = "2"; d["IceSSL.VerifyDepthMax"] = "4"; server = fact.createServer(d); try { server.ice_getConnection(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); } comm.destroy(); } finally { foreach(X509Certificate2 cert in certs) { certStore.Remove(cert); } } } Console.Out.WriteLine("ok"); Console.Out.Write("testing custom certificate verifier... "); Console.Out.Flush(); { // // Verify that a server certificate is present. // initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); IceSSL.Plugin plugin = (IceSSL.Plugin)comm.getPluginManager().getPlugin("IceSSL"); test(plugin != null); CertificateVerifierI verifier = new CertificateVerifierI(); plugin.setCertificateVerifier(verifier); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); test(fact != null); d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1"); d["IceSSL.VerifyPeer"] = "2"; Test.ServerPrx server = fact.createServer(d); try { IceSSL.NativeConnectionInfo info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo(); server.checkCipher(info.cipher); } catch(Ice.LocalException) { test(false); } test(verifier.invoked()); test(verifier.hadCert()); // // Have the verifier return false. Close the connection explicitly // to force a new connection to be established. // verifier.reset(); verifier.returnValue(false); server.ice_getConnection().close(false); try { server.ice_ping(); test(false); } catch(Ice.SecurityException) { // Expected. } catch(Ice.LocalException) { test(false); } test(verifier.invoked()); test(verifier.hadCert()); fact.destroyServer(server); comm.destroy(); } { // // Verify that verifier is installed via property. // initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", ""); initData.properties.setProperty("IceSSL.CertVerifier", "CertificateVerifierI"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); IceSSL.Plugin plugin = (IceSSL.Plugin)comm.getPluginManager().getPlugin("IceSSL"); test(plugin != null); test(plugin.getCertificateVerifier() != null); comm.destroy(); } Console.Out.WriteLine("ok"); Console.Out.Write("testing protocols... "); Console.Out.Flush(); { // // This should fail because the client and server have no protocol // in common. // initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1"); initData.properties.setProperty("IceSSL.Protocols", "ssl3"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); test(fact != null); d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1"); d["IceSSL.VerifyPeer"] = "2"; d["IceSSL.Protocols"] = "tls1"; Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); test(false); } catch(Ice.ConnectionLostException) { // Expected. } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); comm.destroy(); // // This should succeed. // comm = Ice.Util.initialize(ref args, initData); fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); test(fact != null); d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1"); d["IceSSL.VerifyPeer"] = "2"; d["IceSSL.Protocols"] = "tls1, ssl3"; server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); comm.destroy(); // // This should succeed with .NET 4.5 or greater and fails otherwise // bool is45OrGreater = false; try { Enum.Parse(typeof(System.Security.Authentication.SslProtocols), "Tls12"); is45OrGreater = true; } catch(Exception) { } try { initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1"); initData.properties.setProperty("IceSSL.Protocols", "tls1_2"); comm = Ice.Util.initialize(ref args, initData); fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); test(fact != null); d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1"); d["IceSSL.VerifyPeer"] = "2"; d["IceSSL.Protocols"] = "tls1_2"; server = fact.createServer(d); server.ice_ping(); fact.destroyServer(server); comm.destroy(); } catch(Ice.PluginInitializationException) { // Expected with .NET < 4.5 test(!is45OrGreater); } catch(Ice.LocalException) { test(false); } } { // // This should fail because the client ony enables SSLv3 and the server // uses the default protocol set that disables SSLv3 // initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1"); initData.properties.setProperty("IceSSL.Protocols", "ssl3"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); test(fact != null); d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1"); d["IceSSL.VerifyPeer"] = "2"; Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); test(false); } catch(Ice.ConnectionLostException) { // Expected. } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); comm.destroy(); // // This should success because the client and the server enables SSLv3 // comm = Ice.Util.initialize(ref args, initData); fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); test(fact != null); d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1"); d["IceSSL.VerifyPeer"] = "2"; d["IceSSL.Protocols"] = "ssl3, tls1_0, tls1_1, tls1_2"; server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); comm.destroy(); } Console.Out.WriteLine("ok"); Console.Out.Write("testing expired certificates... "); Console.Out.Flush(); { // // This should fail because the server's certificate is expired. // initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); test(fact != null); d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1_exp", "cacert1"); d["IceSSL.VerifyPeer"] = "2"; Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); test(false); } catch(Ice.SecurityException) { // Expected. } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); comm.destroy(); // // This should fail because the client's certificate is expired. // initData.properties.setProperty("IceSSL.CertFile", "c_rsa_ca1_exp.p12"); comm = Ice.Util.initialize(ref args, initData); fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); test(fact != null); d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1"); d["IceSSL.VerifyPeer"] = "2"; server = fact.createServer(d); try { server.ice_ping(); test(false); } catch(Ice.ConnectionLostException) { // Expected. } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); comm.destroy(); } Console.Out.WriteLine("ok"); if(isAdministrator) { Console.Out.Write("testing multiple CA certificates... "); Console.Out.Flush(); { initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", ""); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); test(fact != null); d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca2", ""); d["IceSSL.VerifyPeer"] = "2"; store.Add(caCert1); store.Add(caCert2); Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); store.Remove(caCert1); store.Remove(caCert2); comm.destroy(); } Console.Out.WriteLine("ok"); } Console.Out.Write("testing multiple CA certificates... "); Console.Out.Flush(); { initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacerts"); Ice.Communicator comm = Ice.Util.initialize(initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); test(fact != null); d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca2", "cacerts"); d["IceSSL.VerifyPeer"] = "2"; Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); comm.destroy(); } Console.Out.WriteLine("ok"); Console.Out.Write("testing DER CA certificate... "); Console.Out.Flush(); { initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", ""); initData.properties.setProperty("IceSSL.CAs", "cacert1.der"); Ice.Communicator comm = Ice.Util.initialize(initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); test(fact != null); d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", ""); d["IceSSL.VerifyPeer"] = "2"; d["IceSSL.CAs"] = "cacert1.der"; Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); comm.destroy(); } Console.Out.WriteLine("ok"); Console.Out.Write("testing passwords... "); Console.Out.Flush(); { // // Test password failure. // initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", ""); // Don't specify the password. initData.properties.setProperty("IceSSL.Password", ""); try { Ice.Util.initialize(ref args, initData); test(false); } catch(Ice.PluginInitializationException) { // Expected. } catch(Ice.LocalException) { test(false); } } { // // Test password failure with callback. // initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", ""); initData.properties.setProperty("Ice.InitPlugins", "0"); // Don't specify the password. initData.properties.setProperty("IceSSL.Password", ""); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Ice.PluginManager pm = comm.getPluginManager(); IceSSL.Plugin plugin = (IceSSL.Plugin)pm.getPlugin("IceSSL"); test(plugin != null); PasswordCallbackI cb = new PasswordCallbackI("bogus"); plugin.setPasswordCallback(cb); try { pm.initializePlugins(); test(false); } catch(Ice.PluginInitializationException) { // Expected. } catch(Ice.LocalException) { test(false); } comm.destroy(); } { // // Test installation of password callback. // initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", ""); initData.properties.setProperty("Ice.InitPlugins", "0"); // Don't specify the password. initData.properties.setProperty("IceSSL.Password", ""); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Ice.PluginManager pm = comm.getPluginManager(); IceSSL.Plugin plugin = (IceSSL.Plugin)pm.getPlugin("IceSSL"); test(plugin != null); PasswordCallbackI cb = new PasswordCallbackI(); plugin.setPasswordCallback(cb); test(plugin.getPasswordCallback() == cb); try { pm.initializePlugins(); } catch(Ice.LocalException) { test(false); } comm.destroy(); } { // // Test password callback property. // initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", ""); initData.properties.setProperty("IceSSL.PasswordCallback", "PasswordCallbackI"); // Don't specify the password. initData.properties.setProperty("IceSSL.Password", ""); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Ice.PluginManager pm = comm.getPluginManager(); IceSSL.Plugin plugin = (IceSSL.Plugin)pm.getPlugin("IceSSL"); test(plugin != null); test(plugin.getPasswordCallback() != null); comm.destroy(); } Console.Out.WriteLine("ok"); Console.Out.Write("testing IceSSL.TrustOnly... "); Console.Out.Flush(); { initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1"); initData.properties.setProperty("IceSSL.TrustOnly", "C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Server"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1"); Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); comm.destroy(); } { initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1"); initData.properties.setProperty("IceSSL.TrustOnly", "!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Server"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1"); Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); test(false); } catch(Ice.LocalException) { } fact.destroyServer(server); comm.destroy(); } { initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1"); initData.properties.setProperty("IceSSL.TrustOnly", "C=US, ST=Florida, O=\"ZeroC, Inc.\",OU=Ice, [email protected], CN=Server"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1"); Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); comm.destroy(); } { initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1"); d["IceSSL.TrustOnly"] = "C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client"; Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); comm.destroy(); } { initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1"); d["IceSSL.TrustOnly"] = "!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client"; Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); test(false); } catch(Ice.LocalException) { } fact.destroyServer(server); comm.destroy(); } { initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1"); initData.properties.setProperty("IceSSL.TrustOnly", "CN=Server"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1"); Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); comm.destroy(); } { initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1"); initData.properties.setProperty("IceSSL.TrustOnly", "!CN=Server"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1"); Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); test(false); } catch(Ice.LocalException) { } fact.destroyServer(server); comm.destroy(); } { initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1"); d["IceSSL.TrustOnly"] = "CN=Client"; Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); comm.destroy(); } { initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1"); d["IceSSL.TrustOnly"] = "!CN=Client"; Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); test(false); } catch(Ice.LocalException) { } fact.destroyServer(server); comm.destroy(); } { initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1"); initData.properties.setProperty("IceSSL.TrustOnly", "CN=Client"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1"); Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); test(false); } catch(Ice.LocalException) { } fact.destroyServer(server); comm.destroy(); } { initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1"); d["IceSSL.TrustOnly"] = "CN=Server"; Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); test(false); } catch(Ice.LocalException) { } fact.destroyServer(server); comm.destroy(); } { initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1"); initData.properties.setProperty("IceSSL.TrustOnly", "C=Canada,CN=Server"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1"); Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); test(false); } catch(Ice.LocalException) { } fact.destroyServer(server); comm.destroy(); } { initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1"); initData.properties.setProperty("IceSSL.TrustOnly", "!C=Canada,CN=Server"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1"); Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); comm.destroy(); } { initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1"); initData.properties.setProperty("IceSSL.TrustOnly", "C=Canada;CN=Server"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1"); Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); comm.destroy(); } { initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1"); initData.properties.setProperty("IceSSL.TrustOnly", "!C=Canada;!CN=Server"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1"); Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); test(false); } catch(Ice.LocalException) { } fact.destroyServer(server); comm.destroy(); } { initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1"); initData.properties.setProperty("IceSSL.TrustOnly", "!CN=Server1"); // Should not match "Server" Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1"); Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); comm.destroy(); } { initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1"); d["IceSSL.TrustOnly"] = "!CN=Client1"; // Should not match "Client" Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); comm.destroy(); } { // // Rejection takes precedence (client). // initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1"); initData.properties.setProperty("IceSSL.TrustOnly", "ST=Florida;!CN=Server;C=US"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1"); Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); test(false); } catch(Ice.LocalException) { } fact.destroyServer(server); comm.destroy(); } { // // Rejection takes precedence (server). // initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1"); d["IceSSL.TrustOnly"] = "C=US;!CN=Client;ST=Florida"; Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); test(false); } catch(Ice.LocalException) { } fact.destroyServer(server); comm.destroy(); } Console.Out.WriteLine("ok"); Console.Out.Write("testing IceSSL.TrustOnly.Client... "); Console.Out.Flush(); { initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1"); initData.properties.setProperty("IceSSL.TrustOnly.Client", "C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Server"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1"); // Should have no effect. d["IceSSL.TrustOnly.Client"] = "C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Server"; Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); comm.destroy(); } { initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1"); initData.properties.setProperty("IceSSL.TrustOnly.Client", "!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Server"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1"); Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); test(false); } catch(Ice.LocalException) { } fact.destroyServer(server); comm.destroy(); } { initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1"); // Should have no effect. d["IceSSL.TrustOnly.Client"] = "!CN=Client"; Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); comm.destroy(); } { initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1"); initData.properties.setProperty("IceSSL.TrustOnly.Client", "CN=Client"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1"); Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); test(false); } catch(Ice.LocalException) { } fact.destroyServer(server); comm.destroy(); } { initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1"); initData.properties.setProperty("IceSSL.TrustOnly.Client", "!CN=Client"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1"); Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); comm.destroy(); } Console.Out.WriteLine("ok"); Console.Out.Write("testing IceSSL.TrustOnly.Server... "); Console.Out.Flush(); { initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1"); // Should have no effect. initData.properties.setProperty("IceSSL.TrustOnly.Server", "C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1"); d["IceSSL.TrustOnly.Server"] = "C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client"; Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); comm.destroy(); } { initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1"); d["IceSSL.TrustOnly.Server"] = "!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client"; Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); test(false); } catch(Ice.LocalException) { } fact.destroyServer(server); comm.destroy(); } { initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1"); // Should have no effect. initData.properties.setProperty("IceSSL.TrustOnly.Server", "!CN=Server"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1"); Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); comm.destroy(); } { initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1"); d["IceSSL.TrustOnly.Server"] = "CN=Server"; Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); test(false); } catch(Ice.LocalException) { } fact.destroyServer(server); comm.destroy(); } { initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1"); d["IceSSL.TrustOnly.Server"] = "!CN=Client"; Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); test(false); } catch(Ice.LocalException) { } fact.destroyServer(server); comm.destroy(); } Console.Out.WriteLine("ok"); Console.Out.Write("testing IceSSL.TrustOnly.Server.<AdapterName>... "); Console.Out.Flush(); { initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1"); d["IceSSL.TrustOnly.Server"] = "CN=bogus"; d["IceSSL.TrustOnly.Server.ServerAdapter"] = "C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client"; Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); comm.destroy(); } { initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1"); d["IceSSL.TrustOnly.Server.ServerAdapter"] = "!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client"; Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); test(false); } catch(Ice.LocalException) { } fact.destroyServer(server); comm.destroy(); } { initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1"); d["IceSSL.TrustOnly.Server.ServerAdapter"] = "CN=bogus"; Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); test(false); } catch(Ice.LocalException) { } fact.destroyServer(server); comm.destroy(); } { initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1"); d["IceSSL.TrustOnly.Server.ServerAdapter"] = "!CN=bogus"; Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); comm.destroy(); } Console.Out.WriteLine("ok"); if(isAdministrator) { Console.Out.Write("testing IceSSL.KeySet... "); Console.Out.Flush(); { initData = createClientProps(defaultProperties, defaultDir, defaultHost); initData.properties.setProperty("IceSSL.DefaultDir", defaultDir); initData.properties.setProperty("IceSSL.ImportCert.LocalMachine.Root", "cacert1.pem"); initData.properties.setProperty("IceSSL.CertFile", "c_rsa_ca1.p12"); initData.properties.setProperty("IceSSL.KeySet", "MachineKeySet"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); d = createServerProps(defaultProperties, defaultDir, defaultHost); d["IceSSL.ImportCert.LocalMachine.Root"] = "cacert1.pem"; d["IceSSL.KeySet"] = "MachineKeySet"; d["IceSSL.CertFile"] = "s_rsa_ca1.p12"; Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); comm.destroy(); X509Store certStore = new X509Store("Root", StoreLocation.LocalMachine); certStore.Open(OpenFlags.ReadWrite); } { initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", ""); initData.properties.setProperty("IceSSL.ImportCert.CurrentUser.Root", "cacert1.pem"); initData.properties.setProperty("IceSSL.KeySet", "UserKeySet"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", ""); d["IceSSL.ImportCert.CurrentUser.Root"] = "cacert1.pem"; d["IceSSL.KeySet"] = "UserKeySet"; Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); comm.destroy(); X509Store certStore = new X509Store("Root", StoreLocation.CurrentUser); certStore.Open(OpenFlags.ReadWrite); } Console.Out.WriteLine("ok"); } Console.Out.Write("testing IceSSL.FindCerts properties... "); Console.Out.Flush(); { string[] clientFindCertProperties = new string[] { "SUBJECTDN:'CN=Client, OU=Ice, O=\"ZeroC, Inc.\", L=Jupiter, S=Florida, C=US, [email protected]'", "ISSUER:'ZeroC, Inc.' SUBJECT:Client SERIAL:02", "ISSUERDN:'CN=ZeroC Test CA 1, OU=Ice, O=\"ZeroC, Inc.\",L=Jupiter, S=Florida, C=US,[email protected]' SUBJECT:Client", "THUMBPRINT:'82 30 1E 35 9E 39 C1 D0 63 0D 67 3D 12 DD D4 96 90 1E EF 54'", "SUBJECTKEYID:'FC 5D 4F AB F0 6C 03 11 B8 F3 68 CF 89 54 92 3F F9 79 2A 06'" }; string[] serverFindCertProperties = new string[] { "SUBJECTDN:'CN=Server, OU=Ice, O=\"ZeroC, Inc.\", L=Jupiter, S=Florida, C=US, [email protected]'", "ISSUER:'ZeroC, Inc.' SUBJECT:Server SERIAL:01", "ISSUERDN:'CN=ZeroC Test CA 1, OU=Ice, O=\"ZeroC, Inc.\", L=Jupiter, S=Florida, C=US,[email protected]' SUBJECT:Server", "THUMBPRINT:'C0 01 FF 9C C9 DA C8 0D 34 F6 2F DE 09 FB 28 0D 69 AB 78 BA'", "SUBJECTKEYID:'47 84 AE F9 F2 85 3D 99 30 6A 03 38 41 1A B9 EB C3 9C B5 4D'" }; string[] failFindCertProperties = new string[] { "nolabel", "unknownlabel:foo", "LABEL:", "SUBJECTDN:'CN = Client, E = [email protected], OU = Ice, O = \"ZeroC, Inc.\", S = Florida, C = US'", "ISSUER:'ZeroC, Inc.' SUBJECT:Client SERIAL:'02 02'", "ISSUERDN:'[email protected], CN=ZeroC Test CA 1, OU=Ice, O=\"ZeroC, Inc.\"," + " L=Jupiter, S=Florida, C=ES' SUBJECT:Client", "THUMBPRINT:'27 e0 18 c9 23 12 6c f0 5c da fa 36 5a 4c 63 5a e2 53 07 ff'", "SUBJECTKEYID:'a6 42 aa 17 04 41 86 56 67 e4 04 64 59 34 30 c7 4c 6b ef ff'" }; string[] certificates = new string[] {"/s_rsa_ca1.p12", "/c_rsa_ca1.p12"}; X509Store certStore = new X509Store("My", StoreLocation.CurrentUser); certStore.Open(OpenFlags.ReadWrite); try { foreach(string cert in certificates) { certStore.Add(new X509Certificate2(defaultDir + cert, "password")); } for(int i = 0; i < clientFindCertProperties.Length; ++i) { initData = createClientProps(defaultProperties, defaultDir, defaultHost, "", "cacert1"); initData.properties.setProperty("IceSSL.CertStore", "My"); initData.properties.setProperty("IceSSL.CertStoreLocation", "CurrentUser"); initData.properties.setProperty("IceSSL.FindCert", clientFindCertProperties[i]); // // Use TrustOnly to ensure the peer has pick the expected certificate. // initData.properties.setProperty("IceSSL.TrustOnly", "CN=Server"); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); d = createServerProps(defaultProperties, defaultDir, defaultHost, "", "cacert1"); // Use deprecated property here to test it d["IceSSL.FindCert.CurrentUser.My"] = serverFindCertProperties[i]; // // Use TrustOnly to ensure the peer has pick the expected certificate. // d["IceSSL.TrustOnly"] = "CN=Client"; Test.ServerPrx server = fact.createServer(d); try { server.ice_ping(); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); comm.destroy(); } // // These must fail because the search criteria does not match any certificates. // foreach(string s in failFindCertProperties) { try { initData = createClientProps(defaultProperties, defaultDir, defaultHost); initData.properties.setProperty("IceSSL.FindCert", s); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); test(false); } catch(Ice.PluginInitializationException) { // Expected } catch(Ice.LocalException) { test(false); } } } finally { foreach(string cert in certificates) { certStore.Remove(new X509Certificate2(defaultDir + cert, "password")); } certStore.Close(); } // // These must fail because we have already remove the certificates. // foreach(string s in clientFindCertProperties) { try { initData = createClientProps(defaultProperties, defaultDir, defaultHost); initData.properties.setProperty("IceSSL.FindCert.CurrentUser.My", s); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); test(false); } catch(Ice.PluginInitializationException) { // Expected } catch(Ice.LocalException) { test(false); } } } Console.Out.WriteLine("ok"); Console.Out.Write("testing system CAs... "); Console.Out.Flush(); { initData = createClientProps(defaultProperties, defaultDir, defaultHost); initData.properties.setProperty("IceSSL.VerifyDepthMax", "4"); initData.properties.setProperty("Ice.Override.Timeout", "5000"); // 5s timeout Ice.Communicator comm = Ice.Util.initialize(initData); Ice.ObjectPrx p = comm.stringToProxy("dummy:wss -h demo.zeroc.com -p 5064"); try { p.ice_ping(); test(false); } catch(Ice.SecurityException) { // Expected, by default we don't check for system CAs. } catch(Ice.LocalException) { test(false); } initData = createClientProps(defaultProperties, defaultDir, defaultHost); initData.properties.setProperty("IceSSL.VerifyDepthMax", "4"); initData.properties.setProperty("Ice.Override.Timeout", "5000"); // 5s timeout initData.properties.setProperty("IceSSL.UsePlatformCAs", "1"); comm = Ice.Util.initialize(initData); p = comm.stringToProxy("dummy:wss -h demo.zeroc.com -p 5064"); IceSSL.WSSConnectionInfo info; try { info = (IceSSL.WSSConnectionInfo)p.ice_getConnection().getInfo(); test(info.verified); } catch(Ice.LocalException) { test(false); } comm.destroy(); } Console.Out.WriteLine("ok"); } finally { if(isAdministrator) { store.Remove(caCert1); store.Remove(caCert2); } store.Close(); } return factory; }
public static void X509Certificate2CollectionRemoveRangeCollection() { using (X509Certificate2 c1 = new X509Certificate2(TestData.MsCertificate)) using (X509Certificate2 c2 = new X509Certificate2(TestData.DssCer)) using (X509Certificate2 c1Clone = new X509Certificate2(TestData.MsCertificate)) using (X509Certificate c3 = new X509Certificate()) { X509Certificate2[] array = new X509Certificate2[] { c1, c2 }; X509Certificate2Collection cc = new X509Certificate2Collection(array); cc.RemoveRange(new X509Certificate2Collection { c1, c2 }); Assert.Equal(0, cc.Count); cc = new X509Certificate2Collection(array); cc.RemoveRange(new X509Certificate2Collection { c2, c1 }); Assert.Equal(0, cc.Count); cc = new X509Certificate2Collection(array); cc.RemoveRange(new X509Certificate2Collection { c1 }); Assert.Equal(1, cc.Count); Assert.Same(c2, cc[0]); cc = new X509Certificate2Collection(array); X509Certificate2Collection collection = new X509Certificate2Collection(); collection.Add(c1); collection.Add(c2); ((IList)collection).Add(c3); // Add non-X509Certificate2 object Assert.Throws<InvalidCastException>(() => cc.RemoveRange(collection)); Assert.Equal(2, cc.Count); Assert.Same(c1, cc[0]); Assert.Same(c2, cc[1]); cc = new X509Certificate2Collection(array); collection = new X509Certificate2Collection(); collection.Add(c1); ((IList)collection).Add(c3); // Add non-X509Certificate2 object collection.Add(c2); Assert.Throws<InvalidCastException>(() => cc.RemoveRange(collection)); Assert.Equal(2, cc.Count); Assert.Same(c2, cc[0]); Assert.Same(c1, cc[1]); // Remove c1Clone (success) // Remove c1 (exception) // Add c1Clone back // End state: { c1, c2 } => { c2, c1Clone } cc = new X509Certificate2Collection(array); collection = new X509Certificate2Collection { c1Clone, c1, c2, }; Assert.Throws<ArgumentException>(() => cc.RemoveRange(collection)); Assert.Equal(2, cc.Count); Assert.Same(c2, cc[0]); Assert.Same(c1Clone, cc[1]); } }
public static void X509Certificate2CollectionEnumeratorModification() { using (X509Certificate2 c1 = new X509Certificate2()) using (X509Certificate2 c2 = new X509Certificate2()) using (X509Certificate2 c3 = new X509Certificate2()) { X509Certificate2Collection cc = new X509Certificate2Collection(new X509Certificate2[] { c1, c2, c3 }); X509Certificate2Enumerator e = cc.GetEnumerator(); cc.Add(c1); // Collection changed. Assert.Throws<InvalidOperationException>(() => e.MoveNext()); Assert.Throws<InvalidOperationException>(() => e.Reset()); } }
public static void X509Certificate2CollectionThrowsArgumentNullException() { using (X509Certificate2 certificate = new X509Certificate2()) { Assert.Throws<ArgumentNullException>(() => new X509Certificate2Collection((X509Certificate2[])null)); Assert.Throws<ArgumentNullException>(() => new X509Certificate2Collection((X509Certificate2Collection)null)); X509Certificate2Collection collection = new X509Certificate2Collection { certificate }; Assert.Throws<ArgumentNullException>(() => collection[0] = null); Assert.Throws<ArgumentNullException>(() => collection.Add((X509Certificate)null)); Assert.Throws<ArgumentNullException>(() => collection.Add((X509Certificate2)null)); Assert.Throws<ArgumentNullException>(() => collection.AddRange((X509Certificate[])null)); Assert.Throws<ArgumentNullException>(() => collection.AddRange((X509CertificateCollection)null)); Assert.Throws<ArgumentNullException>(() => collection.AddRange((X509Certificate2[])null)); Assert.Throws<ArgumentNullException>(() => collection.AddRange((X509Certificate2Collection)null)); Assert.Throws<ArgumentNullException>(() => collection.CopyTo(null, 0)); Assert.Throws<ArgumentNullException>(() => collection.Insert(0, (X509Certificate)null)); Assert.Throws<ArgumentNullException>(() => collection.Insert(0, (X509Certificate2)null)); Assert.Throws<ArgumentNullException>(() => collection.Remove((X509Certificate)null)); Assert.Throws<ArgumentNullException>(() => collection.Remove((X509Certificate2)null)); Assert.Throws<ArgumentNullException>(() => collection.RemoveRange((X509Certificate2[])null)); Assert.Throws<ArgumentNullException>(() => collection.RemoveRange((X509Certificate2Collection)null)); Assert.Throws<ArgumentNullException>(() => collection.Import((byte[])null)); Assert.Throws<ArgumentNullException>(() => collection.Import((string)null)); IList ilist = (IList)collection; Assert.Throws<ArgumentNullException>(() => ilist[0] = null); Assert.Throws<ArgumentNullException>(() => ilist.Add(null)); Assert.Throws<ArgumentNullException>(() => ilist.CopyTo(null, 0)); Assert.Throws<ArgumentNullException>(() => ilist.Insert(0, null)); Assert.Throws<ArgumentNullException>(() => ilist.Remove(null)); } }