public static void AddDoesNotClone()
{
using (X509Certificate2 c1 = new X509Certificate2())
{
X509Certificate2Collection coll = new X509Certificate2Collection();
coll.Add(c1);
Assert.Same(c1, coll[0]);
}
}
public void UpgradeTls(TlsConfig tlsConfig)
{
if (tlsConfig == null)
{
throw new ArgumentNullException("tlsConfig");
}
lock (_readLocker)
{
lock (_writeLocker)
{
const bool leaveInnerStreamOpen = false;
var enabledSslProtocols = tlsConfig.GetEnabledSslProtocols();
string errorMessage = null;
var sslStream = new SslStream(
_networkStream,
leaveInnerStreamOpen,
(sender, certificate, chain, sslPolicyErrors) =>
ValidateCertificates(chain, sslPolicyErrors, tlsConfig, out errorMessage)
);
try
{
var certCollection = new X509Certificate2Collection();
if (tlsConfig.ClientCertificate != null)
{
certCollection.Add(tlsConfig.ClientCertificate);
}
sslStream.AuthenticateAsClient(_hostname, new X509Certificate2Collection(), enabledSslProtocols, tlsConfig.CheckCertificateRevocation);
}
catch (Exception ex)
{
throw new Exception(string.Format("{0} - {1}", ex.Message, errorMessage), ex);
}
_networkStream = sslStream;
}
}
}
/// <summary>
/// Gets the certificate corresponding to the specified URL from the cache of certificates. If the cache doesn't contain the certificate, it is downloaded and verified.
/// </summary>
/// <param name="certUrl">The URL pointing to the certificate.</param>
/// <returns>An <see cref="System.Security.Cryptography.X509Certificates.X509Certificate2"/> object containing the details of the certificate.</returns>
/// <exception cref="PayPal.PayPalException">Thrown if the downloaded certificate cannot be verified.</exception>
public X509Certificate2Collection GetCertificatesFromUrl(string certUrl)
{
// If we haven't already cached this URL, then download, verify, and cache it.
if (!certificates.ContainsKey(certUrl))
{
// Download the certificate.
string certData;
using (var webClient = new WebClient())
{
certData = webClient.DownloadString(certUrl);
}
// Load all the certificates.
// NOTE: The X509Certificate2Collection.Import() method only
// imports the first certifcate, even if a stream contains
// multiple certificates. For this reason, we'll load the
// certificates one-by-one, verifying as we go.
var results = certData.Split(new string[] { "-----BEGIN CERTIFICATE-----", "-----END CERTIFICATE-----" }, StringSplitOptions.RemoveEmptyEntries);
var collection = new X509Certificate2Collection();
foreach (var result in results)
{
var trimmed = result.Trim();
if (!string.IsNullOrEmpty(trimmed))
{
var certificate = new X509Certificate2(System.Text.Encoding.UTF8.GetBytes(trimmed));
// Verify the certificate before adding it to the collection.
if (certificate.Verify())
{
collection.Add(certificate);
}
else
{
throw new PayPalException("Unable to verify the certificate(s) found at " + certUrl);
}
}
}
certificates[certUrl] = collection;
}
return(certificates[certUrl]);
}
public void SelfSignedRootTest()
{
var chain = new X509Chain();
var trusted = new X509Certificate2Collection();
chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
Assert.IsFalse(chain.Build(Certificates.SignedBySelfSigned));
// TODO: use Core-compatible functions
//Assert.IsFalse(chain.VerifyWithExtraRoots(Certificates.SignedBySelfSigned, trusted));
trusted.Add(Certificates.SelfSigned);
//Assert.IsTrue(chain.VerifyWithExtraRoots(Certificates.SignedBySelfSigned, trusted));
Assert.IsFalse(chain.Build(Certificates.SignedBySelfSigned));
trusted.Clear();
//Assert.IsFalse(chain.VerifyWithExtraRoots(Certificates.SignedBySelfSigned, trusted));
Assert.IsFalse(chain.Build(Certificates.SignedBySelfSigned));
}
/// <summary>
/// Save a certificate and its chain of trust to a PFX file.
/// </summary>
/// <param name="filename">Filename to save to. Will be overwritten
/// if it already exists.</param>
/// <param name="password">Password which must be used when reading
/// the file later.</param>
/// <param name="certificate">The certificate to save</param>
/// <param name="chain">The full chain of trust to include in the file.
/// If <c>null</c>, then only the certificate itself is saved.</param>
internal static void SaveCertificateToPfxFile(string filename, string password,
X509Certificate2 certificate, X509Certificate2 signingCert,
X509Certificate2Collection chain)
{
var certCollection = new X509Certificate2Collection(certificate);
if (chain != null)
{
certCollection.AddRange(chain);
}
if (signingCert != null)
{
var signingCertWithoutPrivateKey = ExportCertificatePublicKey(signingCert);
certCollection.Add(signingCertWithoutPrivateKey);
}
var certBytes = certCollection.Export(X509ContentType.Pkcs12, password);
File.WriteAllBytes(filename, certBytes);
}
internal static EndpointIdentity CreateX509CertificateIdentity(X509Chain certificateChain)
{
if (certificateChain == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("certificateChain");
}
if (certificateChain.ChainElements.Count == 0)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(System.ServiceModel.SR.GetString("X509ChainIsEmpty"));
}
X509Certificate2 primaryCertificate = certificateChain.ChainElements[0].Certificate;
X509Certificate2Collection supportingCertificates = new X509Certificate2Collection();
for (int i = 1; i < certificateChain.ChainElements.Count; i++)
{
supportingCertificates.Add(certificateChain.ChainElements[i].Certificate);
}
return(new X509CertificateEndpointIdentity(primaryCertificate, supportingCertificates));
}
public static X509Certificate2Collection GetOriginatorCerts(this SafeCryptMsgHandle hCryptMsg)
{
int numCertificates = 0;
int cbNumCertificates = sizeof(int);
if (!Interop.Crypt32.CryptMsgGetParam(hCryptMsg, CryptMsgParamType.CMSG_CERT_COUNT_PARAM, 0, out numCertificates, ref cbNumCertificates))
{
throw Marshal.GetLastWin32Error().ToCryptographicException();
}
X509Certificate2Collection certs = new X509Certificate2Collection();
for (int index = 0; index < numCertificates; index++)
{
byte[] encodedCertificate = hCryptMsg.GetMsgParamAsByteArray(CryptMsgParamType.CMSG_CERT_PARAM, index);
X509Certificate2 cert = new X509Certificate2(encodedCertificate);
certs.Add(cert);
}
return(certs);
}
public void Vitalink_GetRevocation()
{
X509Certificate2 target = new X509Certificate2(@"files/vitalink.crt");
X509Certificate2Collection extraStore = new X509Certificate2Collection();
extraStore.Add(new X509Certificate2(@"files/eHealthIssuing.crt"));
IList <CertificateList> crls = new List <CertificateList>();
IList <BasicOcspResponse> ocsps = new List <BasicOcspResponse>();
Chain rsp = target.BuildChain(DateTime.UtcNow, extraStore, crls, ocsps);
Assert.Equal(0, rsp.ChainStatus.Count(x => x.Status != X509ChainStatusFlags.NoError));
Assert.Equal(3, rsp.ChainElements.Count);
Assert.Equal("CN=\"EHP=1990001916, VITALINKGATEWAY\", OU=eHealth-platform Belgium, OU=VLAAMS AGENTSCHAP ZORG EN GEZONDHEID, OU=\"EHP=1990001916\", OU=VITALINKGATEWAY, O=Federal Government, C=BE", rsp.ChainElements[0].Certificate.Subject);
Assert.Equal("CN=ZetesConfidens Private Trust PKI - eHealth issuing CA 001, SERIALNUMBER=001, O=ZETES SA, C=BE", rsp.ChainElements[1].Certificate.Subject);
Assert.Equal("CN=ZetesConfidens Private Trust PKI - root CA 001, SERIALNUMBER=001, O=ZETES SA, C=BE", rsp.ChainElements[2].Certificate.Subject);
Assert.Equal(0, crls.Count);
Assert.Equal(2, ocsps.Count);
}
public async Task TestNewEid_GetRevocationAsync()
{
X509Certificate2 target = new X509Certificate2(@"files/eid79021802145-2027.crt");
X509Certificate2Collection extraStore = new X509Certificate2Collection();
extraStore.Add(new X509Certificate2(@"files/Citizen201709.crt"));
IList <CertificateList> crls = new List <CertificateList>();
IList <BasicOcspResponse> ocsps = new List <BasicOcspResponse>();
Chain rsp = await target.BuildChainAsync(DateTime.UtcNow, extraStore, crls, ocsps);
Assert.Equal(0, rsp.ChainStatus.Count(x => x.Status != X509ChainStatusFlags.NoError));
Assert.Equal(3, rsp.ChainElements.Count);
Assert.Equal("SERIALNUMBER=79021802145, G=Bryan Eduard, SN=Brouckaert, CN=Bryan Brouckaert (Authentication), C=BE", rsp.ChainElements[0].Certificate.Subject);
Assert.Equal("SERIALNUMBER=201709, CN=Citizen CA, O=http://repository.eid.belgium.be/, C=BE", rsp.ChainElements[1].Certificate.Subject);
Assert.Equal("CN=Belgium Root CA4, C=BE", rsp.ChainElements[2].Certificate.Subject);
Assert.Equal(1, crls.Count);
Assert.Equal(1, ocsps.Count);
}
private void SetCertSet()
{
if (!cbJustOne.Checked)
{
lbCerts.SelectedIndex = -1;
}
certsToAuthWith.Clear();
if (cbJustOne.Checked && lbCerts.SelectedIndex > 0)
{
certsToAuthWith.Add(collection[lbCerts.SelectedIndex - 1]);
txtResponse.Text += $"\r\n{certsToAuthWith[0].SubjectName.Name} selected";
}
else
{
certsToAuthWith.AddRange(collection);
}
txtResponse.Text += $"\r\nAuthenticating with {certsToAuthWith.Count} cert(s)";
}
public void CloneTo(X509Certificate2Collection collection)
{
HashSet <X509Certificate2> dedupedCerts = new HashSet <X509Certificate2>();
using (SafeCFArrayHandle identities = Interop.AppleCrypto.KeychainEnumerateIdentities(_keychainHandle))
{
ReadCollection(identities, dedupedCerts);
}
using (SafeCFArrayHandle certs = Interop.AppleCrypto.KeychainEnumerateCerts(_keychainHandle))
{
ReadCollection(certs, dedupedCerts);
}
foreach (X509Certificate2 cert in dedupedCerts)
{
collection.Add(cert);
}
}
private static void GetEligibleCertificates(bool needPrivateKey, X509Store store, X509Certificate2Collection certs)
{
Oid accessManagerEku = new Oid(LithnetAccessManagerEku);
foreach (X509Certificate2 c in store.Certificates.Find(X509FindType.FindByTimeValid, DateTime.Now, false)
.OfType <X509Certificate2>().Where(t => !needPrivateKey || t.HasPrivateKey))
{
foreach (X509EnhancedKeyUsageExtension x in c.Extensions.OfType <X509EnhancedKeyUsageExtension>())
{
foreach (Oid o in x.EnhancedKeyUsages)
{
if (o.Value == accessManagerEku.Value)
{
certs.Add(c);
}
}
}
}
}
/// <inheritdoc/>
public Task <X509Certificate2Collection> FindByThumbprint(string thumbprint)
{
using (X509Store store = new X509Store(m_storeName, m_storeLocation))
{
store.Open(OpenFlags.ReadOnly);
X509Certificate2Collection collection = new X509Certificate2Collection();
foreach (X509Certificate2 certificate in store.Certificates)
{
if (certificate.Thumbprint == thumbprint)
{
collection.Add(certificate);
}
}
return(Task.FromResult(collection));
}
}
internal static bool VerifyDetachedSignature(
string detachedSignature,
string detachedSignatureAlgorithm,
string signedQueryString,
string certIdentifier
)
{
if (string.IsNullOrWhiteSpace(detachedSignature))
{
throw new ArgumentException("DetachedSignature not mentioned");
}
// Check that we have a signature algorithm, if not throw error
if (string.IsNullOrWhiteSpace(detachedSignatureAlgorithm))
{
throw new ArgumentException("DetachedSignature not mentioned");
}
X509Certificate2 samlEncryptionAndSigningKey = SignMessage.GetSamlEncryptionAndSigningKey(certIdentifier);
X509Certificate2Collection publicKeys = new X509Certificate2Collection();
publicKeys.Add(samlEncryptionAndSigningKey);
object hashAlgorithmProvider = GetAlgorithmProvider(detachedSignatureAlgorithm);
try
{
// Now verify
return(IsValidDetachedSignature(
signedQueryString,
hashAlgorithmProvider,
detachedSignature,
publicKeys));
}
finally
{
IDisposable hashAlgorithmProviderDisp = hashAlgorithmProvider as IDisposable;
if (hashAlgorithmProviderDisp != null)
{
hashAlgorithmProviderDisp.Dispose();
}
}
}
private IDataAdapter ConnectClient(IDataAdapter adapter, Logger logger, PropertyBag properties, string serverName)
{
SslStream sslStream = new SslStream(new DataAdapterToStream(adapter), false, ValidateRemoteClientConnection);
if (serverName == null)
{
// Just generate something
serverName = Interlocked.Increment(ref nameCounter).ToString();
}
X509Certificate2Collection clientCerts = new X509Certificate2Collection();
bool setReadTimeout = false;
int oldTimeout = -1;
foreach (X509CertificateContainer clientCert in _config.ClientCertificates)
{
clientCerts.Add(clientCert.Certificate);
}
try
{
oldTimeout = sslStream.ReadTimeout;
sslStream.ReadTimeout = _config.Timeout;
setReadTimeout = true;
}
catch (InvalidOperationException)
{
}
sslStream.AuthenticateAsClient(serverName, clientCerts, SslProtocols.Tls, false);
if (setReadTimeout)
{
sslStream.ReadTimeout = oldTimeout;
}
_remoteCert = sslStream.RemoteCertificate;
PopulateSslMeta(properties.AddBag("SslClient"), sslStream);
return(new StreamDataAdapter(sslStream, adapter.Description));
}
public X509Certificate2Collection GetCertificates()
{
X509Certificate2Collection collection = new X509Certificate2Collection();
CertificateStoreIdentifier id = new CertificateStoreIdentifier();
id.StoreType = this.StoreType;
id.StorePath = this.StorePath;
if (!String.IsNullOrEmpty(id.StorePath))
{
try
{
ICertificateStore store = id.OpenStore();
try
{
collection = store.Enumerate();
}
finally
{
store.Close();
}
}
catch (Exception)
{
Utils.Trace("Could not load certificates from store: {0}.", this.StorePath);
}
}
foreach (CertificateIdentifier trustedCertificate in TrustedCertificates)
{
X509Certificate2 certificate = trustedCertificate.Find();
if (certificate != null)
{
collection.Add(certificate);
}
}
return(collection);
}
private X509Certificate2Collection LoadCertificates()
{
X509Certificate2Collection collection = new X509Certificate2Collection();
if (!String.IsNullOrEmpty(this.clientCertFilename))
{
Tracer.Debug("Attempting to load Client Certificate from file := " + this.clientCertFilename);
X509Certificate2 certificate = new X509Certificate2(this.clientCertFilename, this.clientCertPassword);
Tracer.Debug("Loaded Client Certificate := " + certificate.ToString());
collection.Add(certificate);
}
else
{
string name = String.IsNullOrEmpty(this.keyStoreName) ? StoreName.My.ToString() : this.keyStoreName;
StoreLocation location = StoreLocation.CurrentUser;
if (!String.IsNullOrEmpty(this.keyStoreLocation))
{
if (String.Compare(this.keyStoreLocation, "CurrentUser", true) == 0)
{
location = StoreLocation.CurrentUser;
}
else if (String.Compare(this.keyStoreLocation, "LocalMachine", true) == 0)
{
location = StoreLocation.LocalMachine;
}
else
{
throw new NMSException("Invlalid StoreLocation given on URI");
}
}
X509Store store = new X509Store(name, location);
store.Open(OpenFlags.ReadOnly);
collection = store.Certificates;
store.Close();
}
return(collection);
}
private X509Certificate2Collection LoadCertificates()
{
var collection = new X509Certificate2Collection();
if (_stompConnectionSettings.TransportSettings.SslSettings.ClientCertFilename.IsNotEmpty())
{
var certificate = new X509Certificate2(_stompConnectionSettings.TransportSettings.SslSettings.ClientCertFilename,
_stompConnectionSettings.TransportSettings.SslSettings.ClientCertPassword);
collection.Add(certificate);
}
else
{
var name = _stompConnectionSettings.TransportSettings.SslSettings.KeyStoreName.IsEmpty()
? StoreName.My.ToString()
: _stompConnectionSettings.TransportSettings.SslSettings.KeyStoreName;
var location = StoreLocation.CurrentUser;
if (_stompConnectionSettings.TransportSettings.SslSettings.KeyStoreLocation.IsNotEmpty())
{
if (String.Compare(_stompConnectionSettings.TransportSettings.SslSettings.KeyStoreLocation, "CurrentUser", StringComparison.OrdinalIgnoreCase) == 0)
{
location = StoreLocation.CurrentUser;
}
else if (String.Compare(_stompConnectionSettings.TransportSettings.SslSettings.KeyStoreLocation, "LocalMachine", StringComparison.OrdinalIgnoreCase) == 0)
{
location = StoreLocation.LocalMachine;
}
else
{
throw new StompException("Invalid StoreLocation given on URI");
}
}
using var store = new X509Store(name, location);
store.Open(OpenFlags.ReadOnly);
collection = store.Certificates;
}
return(collection);
}
internal static X509Certificate2 GetEligibleClientCertificate(X509Certificate2Collection candidateCerts)
{
if (candidateCerts.Count == 0)
{
return(null);
}
// Build a new collection with certs that have a private key. We need to do this manually because there is
// no X509FindType to match this criteria.
// Find(...) returns a collection of clones instead of a filtered collection, so do this before calling
// Find(...) to minimize the number of unnecessary allocations and finalizations.
var eligibleCerts = new X509Certificate2Collection();
foreach (X509Certificate2 cert in candidateCerts)
{
if (cert.HasPrivateKey)
{
eligibleCerts.Add(cert);
}
}
// Don't call Find(...) if we don't need to.
if (eligibleCerts.Count == 0)
{
return(null);
}
// Reduce the set of certificates to match the proper 'Client Authentication' criteria.
// Client EKU is probably more rare than the DigitalSignature KU. Filter by ClientAuthOid first to reduce
// the candidate space as quickly as possible.
eligibleCerts = eligibleCerts.Find(X509FindType.FindByApplicationPolicy, ClientAuthenticationOID, false);
eligibleCerts = eligibleCerts.Find(X509FindType.FindByKeyUsage, X509KeyUsageFlags.DigitalSignature, false);
if (eligibleCerts.Count > 0)
{
return(eligibleCerts[0]);
}
else
{
return(null);
}
}
public static X509Certificate2 SelectCertificate()
{
X509Store x509Store = new X509Store();
X509Certificate2Collection privateCollection = new X509Certificate2Collection();
try
{
x509Store.Open(OpenFlags.OpenExistingOnly);
X509Certificate2Collection certificates = x509Store.Certificates;
X509Certificate2Collection foundCollection = certificates.Find(X509FindType.FindByTimeValid, DateTime.Now, validOnly: false);
LongRunningActionForm.PerformOperation("检查有效证书", showImmediately: true, delegate
{
X509Certificate2Enumerator enumerator = foundCollection.GetEnumerator();
while (enumerator.MoveNext())
{
X509Certificate2 current = enumerator.Current;
try
{
if (DecryptStringUsingCertificate(current, EncryptStringUsingCertificate(current, "test")) == "test")
{
privateCollection.Add(current);
}
}
catch
{
}
LongRunningActionForm.Instance.UpdateStatus(current.SimpleName());
}
});
}
finally
{
x509Store.Close();
}
X509Certificate2Collection x509Certificate2Collection = X509Certificate2UI.SelectFromCollection(privateCollection, "选择证书", "选择用于安全密码存储的证书", X509SelectionFlag.SingleSelection, Program.TheForm.Handle);
if (x509Certificate2Collection.Count != 1)
{
return(null);
}
return(x509Certificate2Collection[0]);
}
internal static X509Certificate2Collection GetRemoteCertificatesFromStoreContext(IntPtr certContext)
{
X509Certificate2Collection result = new X509Certificate2Collection();
if (certContext == IntPtr.Zero)
{
return(result);
}
Interop.Crypt32.CERT_CONTEXT context;
unsafe
{
context = *(Interop.Crypt32.CERT_CONTEXT *)certContext;
}
if (context.hCertStore != IntPtr.Zero)
{
Interop.Crypt32.CERT_CONTEXT *last = null;
while (true)
{
Interop.Crypt32.CERT_CONTEXT *next =
Interop.Crypt32.CertEnumCertificatesInStore(context.hCertStore, last);
if (next == null)
{
break;
}
var cert = new X509Certificate2(new IntPtr(next));
if (NetEventSource.IsEnabled)
{
NetEventSource.Info(certContext, $"Adding remote certificate:{cert}");
}
result.Add(cert);
last = next;
}
}
return(result);
}
private PushEasyResult CreateClientAndStream(PushEasyConfiguration configuration, int port, out TcpClient client, out SslStream stream)
{
client = null;
stream = null;
// create certificate from path with password
var certificate = new X509Certificate2(File.ReadAllBytes(configuration.APNSCertificatePath), configuration.APNSCertificatePassword, X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable);
// need a collection for some calls
var certificates = new X509Certificate2Collection();
certificates.Add(certificate);
var host = !configuration.UseSandbox ? _hostLive : _hostSandbox;
// connect to apple
client = new TcpClient();
client.Connect(host, port);
client.Client.SetSocketOption(SocketOptionLevel.Socket, SocketOptionName.KeepAlive, true);
// open stream to write/read
stream = new SslStream(client.GetStream(), false, (object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors policyErrors) => { return(true); }, (sender, targetHost, localCerts, remoteCert, acceptableIssuers) => certificate);
try
{
stream.AuthenticateAsClient(host, certificates, System.Security.Authentication.SslProtocols.Tls, false);
}
catch (Exception ex)
{
return(new PushEasyResult(PushEasyResult.Results.Error, PushEasyResult.Errors.Connection, "Could not create SslStream. Error: " + ex.ToString()));
}
if (!stream.IsMutuallyAuthenticated)
{
return(new PushEasyResult(PushEasyResult.Results.Error, PushEasyResult.Errors.Connection, "Stream is not mutally authenticated."));
}
if (!stream.CanWrite)
{
return(new PushEasyResult(PushEasyResult.Results.Error, PushEasyResult.Errors.Connection, "Cannot write to stream."));
}
return(null);
}
/// <summary cref="ICertificateStore.Enumerate()" />
public async Task <X509Certificate2Collection> Enumerate()
{
X509Certificate2Collection certificates = new X509Certificate2Collection();
// get the certificates.
IReadOnlyList <Certificate> list = await CertificateStores.FindAllAsync();
for (int ii = 0; ii < list.Count; ii++)
{
// add the certificate.
IBuffer buffer = list[ii].GetCertificateBlob();
byte[] cert = new byte[buffer.Length];
CryptographicBuffer.CopyToByteArray(buffer, out cert);
X509Certificate2 certificate = new X509Certificate2(cert);
certificates.Add(certificate);
}
return(certificates);
}
protected override MonoNewTlsStream Start(Socket socket, TlsSettings settings)
{
Debug("Connected.");
var clientCerts = new X509Certificate2Collection();
if (Parameters.ClientCertificate != null)
{
var clientCert = (ClientCertificate)Parameters.ClientCertificate;
clientCerts.Add(clientCert.Certificate);
}
var targetHost = "Hamiller-Tube.local";
var stream = new NetworkStream(socket);
return(MonoNewTlsStreamFactory.CreateClient(
stream, false, RemoteValidationCallback, null, EncryptionPolicy.RequireEncryption, settings,
targetHost, clientCerts, SslProtocols.Tls12, false));
}
public void Open()
{
client.Connect(configuration.GetHost());
sslStream = new SslStream(client.GetStream())
{
ReadTimeout = configuration.Timeout,
WriteTimeout = configuration.Timeout
};
var x509CertificateCollection = new X509Certificate2Collection();
if (!string.IsNullOrWhiteSpace(configuration.CertificatePath))
{
var certificate = new X509Certificate2(configuration.CertificatePath);
x509CertificateCollection.Add(certificate);
}
sslStream.AuthenticateAsClient(configuration.GetServerNameInCertificate(), x509CertificateCollection,
SslProtocols.Default, true);
}
public void ToX509CollectionTest()
{
X509Certificate2Collection expected = new X509Certificate2Collection();
List <Certificate> certs = new List <Certificate>(MAXDOMAINCOUNT);
for (int i = 0; i < MAXDOMAINCOUNT; i++)
{
for (int t = 1; t <= MAXCERTPEROWNER; t++)
{
expected.Add(GetDisposableTestCertFromPfx(i + 1, t));
certs.Add(GetCertificateFromTestCertPfx(i + 1, t));
}
}
X509Certificate2Collection actual = Certificate.ToX509Collection(certs.ToArray());
Assert.Equal(expected, actual);
Assert.Null(Record.Exception(() => actual.Close(true)));
}
private void btnCombineCertFiles_Click(object sender, EventArgs e)
{
var certPassword = txtCertPassword.Text;
Properties.Settings.Default.CertPassword = certPassword;
Properties.Settings.Default.Save();
var certs = new X509Certificate2Collection();
foreach (var certFile in txtCertFiles.Text.Split("\r\n".ToCharArray()))
{
certs.Add(new X509Certificate2(certFile, certPassword, X509KeyStorageFlags.Exportable));
}
var oneBigPfx = certs.Export(X509ContentType.Pfx, certPassword);
File.WriteAllBytes(txtOutputFile.Text, oneBigPfx);
MessageBox.Show("Combination has been done!", "Done", MessageBoxButtons.OK);
}
/// <summary>
/// Returns a subset of this collection whose elements match the supplied <paramref name="match"/> function.
/// </summary>
/// <param name="certs">The source collection.</param>
/// <param name="match">The predicate for which all elements that return <c>will</c> be selected.</param>
/// <returns>The collection of matched elements, or <c>null</c> if no matched elements are found.</returns>
public static X509Certificate2Collection Where(this X509Certificate2Collection certs, Func <X509Certificate2, bool> match)
{
X509Certificate2Collection matchingCerts = null;
if (certs.IsNullOrEmpty())
{
return(null);
}
foreach (X509Certificate2 cert in certs)
{
if (match(cert))
{
matchingCerts = matchingCerts ?? new X509Certificate2Collection();
matchingCerts.Add(cert);
}
}
return(matchingCerts);
}
public void CertificateIsValid(IEnumerable <Task> tasks)
{
InstallParam p = new InstallParam("somename", "somevalue");
tasks.First().LocalParams.Add(p);
CertificateValidator val = Substitute.ForPartsOf <CertificateValidator>();
val.WhenForAnyArgs(a => a.FindCertificates(null)).DoNotCallBase();
X509Certificate2Collection collection = new X509Certificate2Collection();
collection.Add(new X509Certificate2());
val.FindCertificates(null).ReturnsForAnyArgs(collection);
val.Data["StoreName"] = "Root";
val.Data["ParamNames"] = p.Name;
val.WhenForAnyArgs(a => a.ValidateChain(null, null)).DoNotCallBase();
val.ValidateChain(null, null).ReturnsForAnyArgs(true);
Assert.DoesNotContain(val.Evaluate(tasks), r => r.State == Sitecore9Installer.Validation.ValidatorState.Error);
val.Received().ValidateCertificate(collection[0]);
}
private byte[] CertificateToPfx(string password,
X509Certificate2 certificate,
X509Certificate2 signingCertificate,
X509Certificate2Collection chain)
{
var certCollection = new X509Certificate2Collection(certificate);
if (chain != null)
{
certCollection.AddRange(chain);
}
if (signingCertificate != null)
{
var signingCertWithoutPrivateKey = ExportCertificatePublicKey(signingCertificate);
certCollection.Add(signingCertWithoutPrivateKey);
}
return(certCollection.Export(X509ContentType.Pkcs12, password));
}
// Private method for selecting a suitable digital certificate containing a DSA key
private X509Certificate2 selectCert(string prompt)
{
try
{
// Open the store for the current user - we need readonly access for existing certificates
X509Store store = new X509Store("MY", StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
// Narrow down the selection to certs that are valid now
X509Certificate2Collection collection = store.Certificates;
X509Certificate2Collection fcollection = collection.Find(X509FindType.FindByTimeValid, DateTime.Now, false);
// Narrow down the selection to certs that contain DSA keys
X509Certificate2Collection dcollection = new X509Certificate2Collection();
foreach (X509Certificate2 c in fcollection)
{
// Funky ASN notation for DSA key pair
if (c.GetKeyAlgorithm().Equals("1.2.840.10040.4.1"))
{
dcollection.Add(c);
}
}
// Show dialog to user
X509Certificate2Collection scollection = X509Certificate2UI.SelectFromCollection(dcollection, Application.ProductName, prompt, X509SelectionFlag.SingleSelection);
// Close the store
store.Close();
// Return the selected certificate or null
if ((scollection != null) && (scollection.Count == 1))
{
return(scollection[0]);
}
}
catch (System.Exception x)
{
Debug.WriteLine(x);
}
return(null);
}
public static Test.ServerFactoryPrx allTests(Ice.Communicator communicator, string testDir)
{
string factoryRef = "factory:tcp -p 12010";
Ice.ObjectPrx b = communicator.stringToProxy(factoryRef);
test(b != null);
Test.ServerFactoryPrx factory = Test.ServerFactoryPrxHelper.checkedCast(b);
string defaultHost = communicator.getProperties().getProperty("Ice.Default.Host");
string defaultDir = testDir + "/../certs";
Ice.Properties defaultProperties = communicator.getProperties();
//
// Load the CA certificates. We could use the IceSSL.ImportCert property, but
// it would be nice to remove the CA certificates when the test finishes, so
// this test manually installs the certificates in the LocalMachine:AuthRoot
// store.
//
// Note that the client and server are assumed to run on the same machine,
// so the certificates installed by the client are also available to the
// server.
//
string caCert1File = defaultDir + "/cacert1.pem";
string caCert2File = defaultDir + "/cacert2.pem";
X509Certificate2 caCert1 = new X509Certificate2(caCert1File);
X509Certificate2 caCert2 = new X509Certificate2(caCert2File);
X509Store store = new X509Store(StoreName.AuthRoot, StoreLocation.LocalMachine);
try
{
store.Open(OpenFlags.ReadWrite);
}
catch(CryptographicException)
{
Console.Out.WriteLine("This test requires administrator privileges.");
return factory;
}
try
{
string[] args = new string[0];
Console.Out.Write("testing manual initialization... ");
Console.Out.Flush();
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("Ice.InitPlugins", "0");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.ObjectPrx p = comm.stringToProxy("dummy:ssl -p 9999");
try
{
p.ice_ping();
test(false);
}
catch(Ice.PluginInitializationException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("Ice.InitPlugins", "0");
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.PluginManager pm = comm.getPluginManager();
pm.initializePlugins();
Ice.ObjectPrx obj = comm.stringToProxy(factoryRef);
test(obj != null);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(obj);
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
//
// Supply our own certificate.
//
X509Certificate2 cert = new X509Certificate2(defaultDir + "/c_rsa_nopass_ca1.pfx", "password");
X509Certificate2Collection coll = new X509Certificate2Collection();
coll.Add(cert);
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("Ice.InitPlugins", "0");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.PluginManager pm = comm.getPluginManager();
IceSSL.Plugin plugin = (IceSSL.Plugin)pm.getPlugin("IceSSL");
test(plugin != null);
plugin.setCertificates(coll);
pm.initializePlugins();
Ice.ObjectPrx obj = comm.stringToProxy(factoryRef);
test(obj != null);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(obj);
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing certificate verification... ");
Console.Out.Flush();
{
//
// Test IceSSL.VerifyPeer=1. Client does not have a certificate.
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "1";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.noCert();
}
catch(Ice.LocalException)
{
test(false);
}
//
// Validate that we can get the connection info.
//
try
{
IceSSL.NativeConnectionInfo info =
(IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo();
test(info.certs != null);
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
//
// Test IceSSL.VerifyPeer=2. This should fail because the client
// does not supply a certificate.
//
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
store.Add(caCert1);
server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.ConnectionLostException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
//
// Test IceSSL.VerifyPeer=1. Client has a certificate.
//
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "1";
store.Add(caCert1);
server = fact.createServer(d);
try
{
X509Certificate2 clientCert =
new X509Certificate2(defaultDir + "/c_rsa_nopass_ca1.pfx", "password");
server.checkCert(clientCert.Subject, clientCert.Issuer);
X509Certificate2 serverCert =
new X509Certificate2(defaultDir + "/s_rsa_nopass_ca1.pfx", "password");
X509Certificate2 caCert = new X509Certificate2(defaultDir + "/cacert1.pem");
IceSSL.NativeConnectionInfo info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo();
test(caCert.Equals(info.nativeCerts[1]));
test(serverCert.Equals(info.nativeCerts[0]));
}
catch(Exception)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
//
// Test IceSSL.VerifyPeer=2. Client has a certificate.
//
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
store.Add(caCert1);
server = fact.createServer(d);
try
{
X509Certificate2 clientCert =
new X509Certificate2(defaultDir + "/c_rsa_nopass_ca1.pfx", "password");
server.checkCert(clientCert.Subject, clientCert.Issuer);
}
catch(Exception)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
//
// Test IceSSL.VerifyPeer=1. This should fail because the
// client doesn't trust the server's CA.
//
initData = createClientProps(defaultProperties, testDir, defaultHost);
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "1";
// Don't add the CA certificate.
//store.Add(caCert1);
server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.SecurityException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// Verify that IceSSL.CheckCertName has no effect in a server.
//
initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CheckCertName"] = "1";
store.Add(caCert1);
server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
//
// NOTE: We can't test IceSSL.CheckCertName here because the common name (CN) field of
// the server's certificate has the value "Server" and we can't use "Server" as a host
// name in an endpoint (it almost certainly wouldn't resolve correctly).
//
//
// Test IceSSL.CheckCertName. The test certificates for the server contain "127.0.0.1"
// as the common name or as a subject alternative name, so we only perform this test when
// the default host is "127.0.0.1".
//
if(defaultHost.Equals("127.0.0.1"))
{
//
// Test subject alternative name.
//
{
initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CheckCertName", "1");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CheckCertName"] = "1";
store.Add(caCert1);
server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
//
// Test common name.
//
{
initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CheckCertName", "1");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1_cn1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CheckCertName"] = "1";
store.Add(caCert1);
server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
//
// Test common name again. The certificate used in this test has "127.0.0.11" as its
// common name, therefore the address "127.0.0.1" must NOT match.
//
{
initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CheckCertName", "1");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1_cn2.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CheckCertName"] = "1";
store.Add(caCert1);
server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
// Expected.
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
}
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing custom certificate verifier... ");
Console.Out.Flush();
{
//
// Verify that a server certificate is present.
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
IceSSL.Plugin plugin = (IceSSL.Plugin)comm.getPluginManager().getPlugin("IceSSL");
test(plugin != null);
CertificateVerifierI verifier = new CertificateVerifierI();
plugin.setCertificateVerifier(verifier);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
IceSSL.NativeConnectionInfo info =
(IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo();
server.checkCipher(info.cipher);
}
catch(Ice.LocalException)
{
test(false);
}
test(verifier.invoked());
test(verifier.hadCert());
//
// Have the verifier return false. Close the connection explicitly
// to force a new connection to be established.
//
verifier.reset();
verifier.returnValue(false);
server.ice_getConnection().close(false);
try
{
server.ice_ping();
test(false);
}
catch(Ice.SecurityException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
test(verifier.invoked());
test(verifier.hadCert());
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
//
// Verify that verifier is installed via property.
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertVerifier", "CertificateVerifierI");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
IceSSL.Plugin plugin = (IceSSL.Plugin)comm.getPluginManager().getPlugin("IceSSL");
test(plugin != null);
test(plugin.getCertificateVerifier() != null);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing protocols... ");
Console.Out.Flush();
{
//
// This should fail because the client and server have no protocol
// in common.
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.Protocols", "ssl3");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
d["IceSSL.Protocols"] = "tls1";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.ConnectionLostException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
//
// This should succeed.
//
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
d["IceSSL.Protocols"] = "tls1, ssl3";
store.Add(caCert1);
server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing expired certificates... ");
Console.Out.Flush();
{
//
// This should fail because the server's certificate is expired.
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1_exp.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.SecurityException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
//
// This should fail because the client's certificate is expired.
//
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1_exp.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
store.Add(caCert1);
server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.ConnectionLostException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing multiple CA certificates... ");
Console.Out.Flush();
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca2.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
store.Add(caCert1);
store.Add(caCert2);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
store.Remove(caCert2);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing passwords... ");
Console.Out.Flush();
{
//
// Test password failure.
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
// Don't specify the password.
//props.setProperty("IceSSL.Password", "password");
try
{
Ice.Util.initialize(ref args, initData);
test(false);
}
catch(Ice.PluginInitializationException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
}
{
//
// Test password failure with callback.
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("Ice.InitPlugins", "0");
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.PluginManager pm = comm.getPluginManager();
IceSSL.Plugin plugin = (IceSSL.Plugin)pm.getPlugin("IceSSL");
test(plugin != null);
PasswordCallbackI cb = new PasswordCallbackI("bogus");
plugin.setPasswordCallback(cb);
try
{
pm.initializePlugins();
test(false);
}
catch(Ice.PluginInitializationException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
comm.destroy();
}
{
//
// Test installation of password callback.
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("Ice.InitPlugins", "0");
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.PluginManager pm = comm.getPluginManager();
IceSSL.Plugin plugin = (IceSSL.Plugin)pm.getPlugin("IceSSL");
test(plugin != null);
PasswordCallbackI cb = new PasswordCallbackI();
plugin.setPasswordCallback(cb);
test(plugin.getPasswordCallback() == cb);
try
{
pm.initializePlugins();
}
catch(Ice.LocalException)
{
test(false);
}
comm.destroy();
}
{
//
// Test password callback property.
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.PasswordCallback", "PasswordCallbackI");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.PluginManager pm = comm.getPluginManager();
IceSSL.Plugin plugin = (IceSSL.Plugin)pm.getPlugin("IceSSL");
test(plugin != null);
test(plugin.getPasswordCallback() != null);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing IceSSL.TrustOnly... ");
Console.Out.Flush();
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly",
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly",
"!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly",
"C=US, ST=Florida, O=\"ZeroC, Inc.\",OU=Ice, [email protected], CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly"] =
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly"] =
"!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly", "CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly", "!CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly"] = "CN=Client";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly"] = "!CN=Client";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly", "CN=Client");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly"] = "CN=Server";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly", "C=Canada,CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly", "!C=Canada,CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly", "C=Canada;CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly", "!C=Canada;!CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly", "!CN=Server1"); // Should not match "Server"
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly"] = "!CN=Client1"; // Should not match "Client"
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
//
// Rejection takes precedence (client).
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly", "ST=Florida;!CN=Server;C=US");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
//
// Rejection takes precedence (server).
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly"] = "C=US;!CN=Client;ST=Florida";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing IceSSL.TrustOnly.Client... ");
Console.Out.Flush();
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly.Client",
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
// Should have no effect.
d["IceSSL.TrustOnly.Client"] =
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Server";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly.Client",
"!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
// Should have no effect.
d["IceSSL.TrustOnly.Client"] = "!CN=Client";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly.Client", "CN=Client");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly.Client", "!CN=Client");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing IceSSL.TrustOnly.Server... ");
Console.Out.Flush();
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
// Should have no effect.
initData.properties.setProperty("IceSSL.TrustOnly.Server",
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly.Server"] =
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly.Server"] =
"!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
// Should have no effect.
initData.properties.setProperty("IceSSL.TrustOnly.Server", "!CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly.Server"] = "CN=Server";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly.Server"] = "!CN=Client";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing IceSSL.TrustOnly.Server.<AdapterName>... ");
Console.Out.Flush();
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly.Server"] = "CN=bogus";
d["IceSSL.TrustOnly.Server.ServerAdapter"] =
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly.Server.ServerAdapter"] =
"!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly.Server.ServerAdapter"] = "CN=bogus";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly.Server.ServerAdapter"] = "!CN=bogus";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing IceSSL.KeySet... ");
Console.Out.Flush();
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.DefaultDir", defaultDir);
initData.properties.setProperty("IceSSL.ImportCert.LocalMachine.Root", "cacert1.pem");
initData.properties.setProperty("IceSSL.CertFile", "c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.KeySet", "MachineKeySet");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.DefaultDir"] = defaultDir;
d["IceSSL.ImportCert.LocalMachine.Root"] = "cacert1.pem";
d["IceSSL.KeySet"] = "MachineKeySet";
d["IceSSL.CertFile"] = "s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
X509Store certStore = new X509Store("Root", StoreLocation.LocalMachine);
certStore.Open(OpenFlags.ReadWrite);
certStore.Remove(new X509Certificate2(defaultDir + "/cacert1.pem"));
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.DefaultDir", defaultDir);
initData.properties.setProperty("IceSSL.ImportCert.CurrentUser.Root", "cacert1.pem");
initData.properties.setProperty("IceSSL.CertFile", "c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.KeySet", "UserKeySet");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.DefaultDir"] = defaultDir;
d["IceSSL.ImportCert.CurrentUser.Root"] = "cacert1.pem";
d["IceSSL.KeySet"] = "UserKeySet";
d["IceSSL.CertFile"] = "s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
X509Store certStore = new X509Store("Root", StoreLocation.CurrentUser);
certStore.Open(OpenFlags.ReadWrite);
certStore.Remove(new X509Certificate2(defaultDir + "/cacert1.pem"));
}
Console.Out.WriteLine("ok");
}
finally
{
store.Remove(caCert1);
store.Remove(caCert2);
store.Close();
}
return factory;
}
public static Test.ServerFactoryPrx allTests(Ice.Communicator communicator, string testDir)
{
string factoryRef = "factory:tcp -p 12010";
Ice.ObjectPrx b = communicator.stringToProxy(factoryRef);
test(b != null);
Test.ServerFactoryPrx factory = Test.ServerFactoryPrxHelper.checkedCast(b);
string defaultHost = communicator.getProperties().getProperty("Ice.Default.Host");
string defaultDir = testDir + "/../certs";
Ice.Properties defaultProperties = communicator.getProperties();
//
// Load the CA certificates. We could use the IceSSL.ImportCert property, but
// it would be nice to remove the CA certificates when the test finishes, so
// this test manually installs the certificates in the LocalMachine:AuthRoot
// store.
//
// Note that the client and server are assumed to run on the same machine,
// so the certificates installed by the client are also available to the
// server.
//
string caCert1File = defaultDir + "/cacert1.pem";
string caCert2File = defaultDir + "/cacert2.pem";
X509Certificate2 caCert1 = new X509Certificate2(caCert1File);
X509Certificate2 caCert2 = new X509Certificate2(caCert2File);
X509Store store = new X509Store(StoreName.AuthRoot, StoreLocation.LocalMachine);
try
{
store.Open(OpenFlags.ReadWrite);
}
catch(CryptographicException)
{
Console.Out.WriteLine("This test requires administrator privileges.");
return factory;
}
try
{
string[] args = new string[0];
Console.Out.Write("testing manual initialization... ");
Console.Out.Flush();
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("Ice.InitPlugins", "0");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.ObjectPrx p = comm.stringToProxy("dummy:ssl -p 9999");
try
{
p.ice_ping();
test(false);
}
catch(Ice.PluginInitializationException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("Ice.InitPlugins", "0");
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.PluginManager pm = comm.getPluginManager();
pm.initializePlugins();
Ice.ObjectPrx obj = comm.stringToProxy(factoryRef);
test(obj != null);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(obj);
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertAuthFile"] = caCert1File;
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
//
// Supply our own certificate.
//
X509Certificate2 cert = new X509Certificate2(defaultDir + "/c_rsa_nopass_ca1.pfx", "password");
X509Certificate2Collection coll = new X509Certificate2Collection();
coll.Add(cert);
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("Ice.InitPlugins", "0");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.PluginManager pm = comm.getPluginManager();
IceSSL.Plugin plugin = (IceSSL.Plugin)pm.getPlugin("IceSSL");
test(plugin != null);
plugin.setCertificates(coll);
pm.initializePlugins();
Ice.ObjectPrx obj = comm.stringToProxy(factoryRef);
test(obj != null);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(obj);
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.CertAuthFile"] = caCert1File;
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
//
// Supply our own CA certificate.
//
X509Certificate2 cert = new X509Certificate2(defaultDir + "/cacert1.pem");
X509Certificate2Collection coll = new X509Certificate2Collection();
coll.Add(cert);
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("Ice.InitPlugins", "0");
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.PluginManager pm = comm.getPluginManager();
IceSSL.Plugin plugin = (IceSSL.Plugin)pm.getPlugin("IceSSL");
test(plugin != null);
plugin.setCACertificates(coll);
pm.initializePlugins();
Ice.ObjectPrx obj = comm.stringToProxy(factoryRef);
test(obj != null);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(obj);
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.CertAuthFile"] = defaultDir + "/cacert1.pem";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing certificate verification... ");
Console.Out.Flush();
{
//
// Test IceSSL.VerifyPeer=1. Client does not have a certificate.
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "1";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.noCert();
}
catch(Ice.LocalException ex)
{ Console.WriteLine(ex.ToString());
test(false);
}
//
// Validate that we can get the connection info.
//
try
{
IceSSL.NativeConnectionInfo info =
(IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo();
test(info.certs != null);
}
catch(Ice.LocalException ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
//
// Test IceSSL.VerifyPeer=2. This should fail because the client
// does not supply a certificate.
//
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
d["IceSSL.CertAuthFile"] = caCert1File;
server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.ConnectionLostException)
{
// Expected.
}
catch(Ice.LocalException ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// Test IceSSL.VerifyPeer=1. Client has a certificate.
//
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "1";
d["IceSSL.CertAuthFile"] = caCert1File;
server = fact.createServer(d);
try
{
X509Certificate2 clientCert =
new X509Certificate2(defaultDir + "/c_rsa_nopass_ca1.pfx", "password");
server.checkCert(clientCert.Subject, clientCert.Issuer);
X509Certificate2 serverCert =
new X509Certificate2(defaultDir + "/s_rsa_nopass_ca1.pfx", "password");
X509Certificate2 caCert = new X509Certificate2(defaultDir + "/cacert1.pem");
IceSSL.NativeConnectionInfo info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo();
test(caCert.Equals(info.nativeCerts[1]));
test(serverCert.Equals(info.nativeCerts[0]));
}
catch(Exception ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
//
// Test IceSSL.VerifyPeer=2. Client has a certificate.
//
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
d["IceSSL.CertAuthFile"] = caCert1File;
server = fact.createServer(d);
try
{
X509Certificate2 clientCert =
new X509Certificate2(defaultDir + "/c_rsa_nopass_ca1.pfx", "password");
server.checkCert(clientCert.Subject, clientCert.Issuer);
}
catch(Exception ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// Test IceSSL.VerifyPeer=1. This should fail because the
// client doesn't trust the server's CA.
//
initData = createClientProps(defaultProperties, testDir, defaultHost);
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "1";
// Don't add the CA certificate.
server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.SecurityException)
{
// Expected.
}
catch(Ice.LocalException ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// This should succeed because the self signed certificate used by the server is
// trusted.
//
initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertAuthFile", caCert2File);
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/cacert2.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "0";
server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// This should fail because the self signed certificate used by the server is not
// trusted.
//
initData = createClientProps(defaultProperties, testDir, defaultHost);
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/cacert2.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "0";
server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.SecurityException)
{
// Expected.
}
catch(Ice.LocalException ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// Verify that IceSSL.CheckCertName has no effect in a server.
//
initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CheckCertName"] = "1";
d["IceSSL.CertAuthFile"] = caCert1File;
server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// NOTE: We can't test IceSSL.CheckCertName here because the common name (CN) field of
// the server's certificate has the value "Server" and we can't use "Server" as a host
// name in an endpoint (it almost certainly wouldn't resolve correctly).
//
//
// Test IceSSL.CheckCertName. The test certificates for the server contain "127.0.0.1"
// as the common name or as a subject alternative name, so we only perform this test when
// the default host is "127.0.0.1".
//
if(defaultHost.Equals("127.0.0.1"))
{
//
// Test subject alternative name.
//
{
initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CheckCertName", "1");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CheckCertName"] = "1";
d["IceSSL.CertAuthFile"] = caCert1File;
server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
//
// Test common name.
//
{
initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CheckCertName", "1");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1_cn1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CheckCertName"] = "1";
d["IceSSL.CertAuthFile"] = caCert1File;
store.Add(caCert1);
server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
//
// Test common name again. The certificate used in this test has "127.0.0.11" as its
// common name, therefore the address "127.0.0.1" must NOT match.
//
{
initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CheckCertName", "1");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1_cn2.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CheckCertName"] = "1";
d["IceSSL.CertAuthFile"] = caCert1File;
server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
// Expected.
}
fact.destroyServer(server);
comm.destroy();
}
}
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing custom certificate verifier... ");
Console.Out.Flush();
{
//
// Verify that a server certificate is present.
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
IceSSL.Plugin plugin = (IceSSL.Plugin)comm.getPluginManager().getPlugin("IceSSL");
test(plugin != null);
CertificateVerifierI verifier = new CertificateVerifierI();
plugin.setCertificateVerifier(verifier);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
IceSSL.NativeConnectionInfo info =
(IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo();
server.checkCipher(info.cipher);
}
catch(Ice.LocalException)
{
test(false);
}
test(verifier.invoked());
test(verifier.hadCert());
//
// Have the verifier return false. Close the connection explicitly
// to force a new connection to be established.
//
verifier.reset();
verifier.returnValue(false);
server.ice_getConnection().close(false);
try
{
server.ice_ping();
test(false);
}
catch(Ice.SecurityException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
test(verifier.invoked());
test(verifier.hadCert());
fact.destroyServer(server);
comm.destroy();
}
{
//
// Verify that verifier is installed via property.
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertVerifier", "CertificateVerifierI");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
IceSSL.Plugin plugin = (IceSSL.Plugin)comm.getPluginManager().getPlugin("IceSSL");
test(plugin != null);
test(plugin.getCertificateVerifier() != null);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing protocols... ");
Console.Out.Flush();
{
//
// This should fail because the client and server have no protocol
// in common.
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.Protocols", "ssl3");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
d["IceSSL.Protocols"] = "tls1";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.ConnectionLostException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// This should succeed.
//
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
d["IceSSL.Protocols"] = "tls1, ssl3";
d["IceSSL.CertAuthFile"] = caCert1File;
server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// This should succeed with .NET 4.5 or greater and fails otherwise
//
bool is45OrGreater = false;
try
{
Enum.Parse(typeof(System.Security.Authentication.SslProtocols), "Tls12");
is45OrGreater = true;
}
catch(Exception)
{
}
try
{
initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.Protocols", "tls1_2");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
d["IceSSL.Protocols"] = "tls1_2";
d["IceSSL.CertAuthFile"] = caCert1File;
server = fact.createServer(d);
server.ice_ping();
fact.destroyServer(server);
comm.destroy();
}
catch(Ice.PluginInitializationException)
{
// Expected with .NET < 4.5
test(!is45OrGreater);
}
catch(Ice.LocalException)
{
test(false);
}
}
{
//
// This should fail because the client ony enables SSLv3 and the server
// uses the default protocol set that disables SSLv3
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.Protocols", "ssl3");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.ConnectionLostException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// This should success because the client and the server enables SSLv3
//
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
d["IceSSL.Protocols"] = "ssl3, tls1_0, tls1_1, tls1_2";
d["IceSSL.CertAuthFile"] = caCert1File;
server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing expired certificates... ");
Console.Out.Flush();
{
//
// This should fail because the server's certificate is expired.
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1_exp.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.SecurityException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// This should fail because the client's certificate is expired.
//
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1_exp.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
d["IceSSL.CertAuthFile"] = caCert1File;
server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.ConnectionLostException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing multiple CA certificates... ");
Console.Out.Flush();
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca2.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
store.Add(caCert1);
store.Add(caCert2);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
store.Remove(caCert2);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing passwords... ");
Console.Out.Flush();
{
//
// Test password failure.
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
// Don't specify the password.
//props.setProperty("IceSSL.Password", "password");
try
{
Ice.Util.initialize(ref args, initData);
test(false);
}
catch(Ice.PluginInitializationException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
}
{
//
// Test password failure with callback.
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("Ice.InitPlugins", "0");
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.PluginManager pm = comm.getPluginManager();
IceSSL.Plugin plugin = (IceSSL.Plugin)pm.getPlugin("IceSSL");
test(plugin != null);
PasswordCallbackI cb = new PasswordCallbackI("bogus");
plugin.setPasswordCallback(cb);
try
{
pm.initializePlugins();
test(false);
}
catch(Ice.PluginInitializationException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
comm.destroy();
}
{
//
// Test installation of password callback.
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("Ice.InitPlugins", "0");
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.PluginManager pm = comm.getPluginManager();
IceSSL.Plugin plugin = (IceSSL.Plugin)pm.getPlugin("IceSSL");
test(plugin != null);
PasswordCallbackI cb = new PasswordCallbackI();
plugin.setPasswordCallback(cb);
test(plugin.getPasswordCallback() == cb);
try
{
pm.initializePlugins();
}
catch(Ice.LocalException)
{
test(false);
}
comm.destroy();
}
{
//
// Test password callback property.
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.PasswordCallback", "PasswordCallbackI");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.PluginManager pm = comm.getPluginManager();
IceSSL.Plugin plugin = (IceSSL.Plugin)pm.getPlugin("IceSSL");
test(plugin != null);
test(plugin.getPasswordCallback() != null);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing IceSSL.TrustOnly... ");
Console.Out.Flush();
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly",
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Server");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly",
"!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Server");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly",
"C=US, ST=Florida, O=\"ZeroC, Inc.\",OU=Ice, [email protected], CN=Server");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly"] =
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly"] =
"!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly", "CN=Server");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly", "!CN=Server");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly"] = "CN=Client";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly"] = "!CN=Client";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly", "CN=Client");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly"] = "CN=Server";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly", "C=Canada,CN=Server");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly", "!C=Canada,CN=Server");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly", "C=Canada;CN=Server");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly", "!C=Canada;!CN=Server");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly", "!CN=Server1"); // Should not match "Server"
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly"] = "!CN=Client1"; // Should not match "Client"
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
//
// Rejection takes precedence (client).
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly", "ST=Florida;!CN=Server;C=US");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
//
// Rejection takes precedence (server).
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly"] = "C=US;!CN=Client;ST=Florida";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing IceSSL.TrustOnly.Client... ");
Console.Out.Flush();
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly.Client",
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Server");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
// Should have no effect.
d["IceSSL.TrustOnly.Client"] =
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Server";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly.Client",
"!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Server");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
// Should have no effect.
d["IceSSL.TrustOnly.Client"] = "!CN=Client";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly.Client", "CN=Client");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly.Client", "!CN=Client");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing IceSSL.TrustOnly.Server... ");
Console.Out.Flush();
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
// Should have no effect.
initData.properties.setProperty("IceSSL.TrustOnly.Server",
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly.Server"] =
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly.Server"] =
"!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
// Should have no effect.
initData.properties.setProperty("IceSSL.TrustOnly.Server", "!CN=Server");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly.Server"] = "CN=Server";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly.Server"] = "!CN=Client";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing IceSSL.TrustOnly.Server.<AdapterName>... ");
Console.Out.Flush();
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly.Server"] = "CN=bogus";
d["IceSSL.TrustOnly.Server.ServerAdapter"] =
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly.Server.ServerAdapter"] =
"!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly.Server.ServerAdapter"] = "CN=bogus";
d["IceSSL.CertAuthFile"] = caCert1File;
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly.Server.ServerAdapter"] = "!CN=bogus";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing IceSSL.KeySet... ");
Console.Out.Flush();
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.DefaultDir", defaultDir);
initData.properties.setProperty("IceSSL.ImportCert.LocalMachine.Root", "cacert1.pem");
initData.properties.setProperty("IceSSL.CertFile", "c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.KeySet", "MachineKeySet");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.DefaultDir"] = defaultDir;
d["IceSSL.ImportCert.LocalMachine.Root"] = "cacert1.pem";
d["IceSSL.KeySet"] = "MachineKeySet";
d["IceSSL.CertFile"] = "s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
X509Store certStore = new X509Store("Root", StoreLocation.LocalMachine);
certStore.Open(OpenFlags.ReadWrite);
certStore.Remove(new X509Certificate2(defaultDir + "/cacert1.pem"));
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.DefaultDir", defaultDir);
initData.properties.setProperty("IceSSL.ImportCert.CurrentUser.Root", "cacert1.pem");
initData.properties.setProperty("IceSSL.CertFile", "c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.KeySet", "UserKeySet");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.DefaultDir"] = defaultDir;
d["IceSSL.ImportCert.CurrentUser.Root"] = "cacert1.pem";
d["IceSSL.KeySet"] = "UserKeySet";
d["IceSSL.CertFile"] = "s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
X509Store certStore = new X509Store("Root", StoreLocation.CurrentUser);
certStore.Open(OpenFlags.ReadWrite);
certStore.Remove(new X509Certificate2(defaultDir + "/cacert1.pem"));
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing IceSSL.FindCerts properties... ");
Console.Out.Flush();
{
string[] clientFindCertProperties = new string[]
{
"SUBJECTDN:'CN=Client, [email protected], OU=Ice, O=\"ZeroC, Inc.\", S=Florida, C=US'",
"ISSUER:'ZeroC, Inc.' SUBJECT:Client SERIAL:02",
"ISSUERDN:'[email protected], CN=ZeroC Test CA 1, OU=Ice, O=\"ZeroC, Inc.\"," +
" L=Palm Beach Gardens, S=Florida, C=US' SUBJECT:Client",
"THUMBPRINT:'54 26 20 f0 93 a9 b6 bc 2a 8c 83 ef 14 d4 49 18 a3 18 67 46'",
"SUBJECTKEYID:'58 77 81 07 55 2a 0c 10 19 88 13 47 6f 27 6e 21 75 5f 85 ca'"
};
string[] serverFindCertProperties = new string[]
{
"SUBJECTDN:'CN=Server, [email protected], OU=Ice, O=\"ZeroC, Inc.\", S=Florida, C=US'",
"ISSUER:'ZeroC, Inc.' SUBJECT:Server SERIAL:01",
"ISSUERDN:'[email protected], CN=ZeroC Test CA 1, OU=Ice, O=\"ZeroC, Inc.\"," +
" L=Palm Beach Gardens, S=Florida, C=US' SUBJECT:Server",
"THUMBPRINT:'27 e0 18 c9 23 12 6c f0 5c da fa 36 5a 4c 63 5a e2 53 07 1a'",
"SUBJECTKEYID:'a6 42 aa 17 04 41 86 56 67 e4 04 64 59 34 30 c7 4c 6b ef a4'"
};
string[] failFindCertProperties = new string[]
{
"SUBJECTDN:'CN = Client, E = [email protected], OU = Ice, O = \"ZeroC, Inc.\", S = Florida, C = US'",
"ISSUER:'ZeroC, Inc.' SUBJECT:Client SERIAL:'02 02'",
"ISSUERDN:'[email protected], CN=ZeroC Test CA 1, OU=Ice, O=\"ZeroC, Inc.\"," +
" L=Palm Beach Gardens, S=Florida, C=ES' SUBJECT:Client",
"THUMBPRINT:'27 e0 18 c9 23 12 6c f0 5c da fa 36 5a 4c 63 5a e2 53 07 ff'",
"SUBJECTKEYID:'a6 42 aa 17 04 41 86 56 67 e4 04 64 59 34 30 c7 4c 6b ef ff'"
};
string[] certificates = new string[] {"/s_rsa_nopass_ca1.pfx", "/c_rsa_nopass_ca1.pfx"};
X509Store certStore = new X509Store("My", StoreLocation.CurrentUser);
certStore.Open(OpenFlags.ReadWrite);
try
{
foreach(string cert in certificates)
{
certStore.Add(new X509Certificate2(defaultDir + cert, "password"));
}
for(int i = 0; i < clientFindCertProperties.Length; ++i)
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.DefaultDir", defaultDir);
initData.properties.setProperty("IceSSL.CertAuthFile", "cacert1.pem");
initData.properties.setProperty("IceSSL.FindCert.CurrentUser.My", clientFindCertProperties[i]);
//
// Use TrustOnly to ensure the peer has pick the expected certificate.
//
initData.properties.setProperty("IceSSL.TrustOnly", "CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.DefaultDir"] = defaultDir;
d["IceSSL.CertAuthFile"] = "cacert1.pem";
d["IceSSL.FindCert.CurrentUser.My"] = serverFindCertProperties[i];
//
// Use TrustOnly to ensure the peer has pick the expected certificate.
//
d["IceSSL.TrustOnly"] = "CN=Client";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
//
// These must fail because the search criteria does not match any certificates.
//
foreach(string s in failFindCertProperties)
{
try
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.FindCert.CurrentUser.My", s);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
test(false);
}
catch(Ice.PluginInitializationException)
{
// Expected
}
catch(Ice.LocalException)
{
test(false);
}
}
}
finally
{
foreach(string cert in certificates)
{
certStore.Remove(new X509Certificate2(defaultDir + cert, "password"));
}
certStore.Close();
}
//
// These must fail because we have already remove the certificates.
//
foreach(string s in clientFindCertProperties)
{
try
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.FindCert.CurrentUser.My", s);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
test(false);
}
catch(Ice.PluginInitializationException)
{
// Expected
}
catch(Ice.LocalException)
{
test(false);
}
}
}
Console.Out.WriteLine("ok");
}
finally
{
store.Remove(caCert1);
store.Remove(caCert2);
store.Close();
}
return factory;
}
public static void X509Certificate2CollectionRemoveRangeCollection()
{
using (X509Certificate2 c1 = new X509Certificate2())
using (X509Certificate2 c2 = new X509Certificate2(TestData.PfxData, TestData.PfxDataPassword))
using (X509Certificate c3 = new X509Certificate())
{
X509Certificate2[] array = new X509Certificate2[] { c1, c2 };
X509Certificate2Collection cc = new X509Certificate2Collection(array);
cc.RemoveRange(new X509Certificate2Collection { c1, c2 });
Assert.Equal(0, cc.Count);
cc = new X509Certificate2Collection(array);
cc.RemoveRange(new X509Certificate2Collection { c2, c1 });
Assert.Equal(0, cc.Count);
cc = new X509Certificate2Collection(array);
cc.RemoveRange(new X509Certificate2Collection { c1 });
Assert.Equal(1, cc.Count);
Assert.Same(c2, cc[0]);
cc = new X509Certificate2Collection(array);
X509Certificate2Collection collection = new X509Certificate2Collection();
collection.Add(c1);
collection.Add(c2);
((IList)collection).Add(c3); // Add non-X509Certificate2 object
Assert.Throws<InvalidCastException>(() => cc.RemoveRange(collection));
Assert.Equal(2, cc.Count);
Assert.Same(c1, cc[0]);
Assert.Same(c2, cc[1]);
cc = new X509Certificate2Collection(array);
collection = new X509Certificate2Collection();
collection.Add(c1);
((IList)collection).Add(c3); // Add non-X509Certificate2 object
collection.Add(c2);
Assert.Throws<InvalidCastException>(() => cc.RemoveRange(collection));
Assert.Equal(2, cc.Count);
Assert.Same(c2, cc[0]);
Assert.Same(c1, cc[1]);
}
}
public static Test.ServerFactoryPrx allTests(Ice.Communicator communicator, string testDir)
{
string factoryRef = "factory:tcp -p 12010";
Ice.ObjectPrx b = communicator.stringToProxy(factoryRef);
test(b != null);
Test.ServerFactoryPrx factory = Test.ServerFactoryPrxHelper.checkedCast(b);
string defaultHost = communicator.getProperties().getProperty("Ice.Default.Host");
string defaultDir = testDir + "/../certs";
Ice.Properties defaultProperties = communicator.getProperties();
//
// Load the CA certificates. We could use the IceSSL.ImportCert property, but
// it would be nice to remove the CA certificates when the test finishes, so
// this test manually installs the certificates in the LocalMachine:AuthRoot
// store.
//
// Note that the client and server are assumed to run on the same machine,
// so the certificates installed by the client are also available to the
// server.
//
string caCert1File = defaultDir + "/cacert1.pem";
string caCert2File = defaultDir + "/cacert2.pem";
X509Certificate2 caCert1 = new X509Certificate2(caCert1File);
X509Certificate2 caCert2 = new X509Certificate2(caCert2File);
X509Store store = new X509Store(StoreName.AuthRoot, StoreLocation.LocalMachine);
bool isAdministrator = false;
try
{
store.Open(OpenFlags.ReadWrite);
isAdministrator = true;
}
catch(CryptographicException)
{
store.Open(OpenFlags.ReadOnly);
Console.Out.WriteLine("warning: some test requires administrator privileges, run as Administrator to run all the tests.");
}
Ice.InitializationData initData;
Dictionary<string, string> d;
try
{
string[] args = new string[0];
Console.Out.Write("testing manual initialization... ");
Console.Out.Flush();
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost);
initData.properties.setProperty("Ice.InitPlugins", "0");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.ObjectPrx p = comm.stringToProxy("dummy:ssl -p 9999");
try
{
p.ice_ping();
test(false);
}
catch(Ice.PluginInitializationException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("Ice.InitPlugins", "0");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.PluginManager pm = comm.getPluginManager();
pm.initializePlugins();
Ice.ObjectPrx obj = comm.stringToProxy(factoryRef);
test(obj != null);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(obj);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
//
// Supply our own certificate.
//
X509Certificate2 cert = new X509Certificate2(defaultDir + "/c_rsa_ca1.p12", "password");
X509Certificate2Collection coll = new X509Certificate2Collection();
coll.Add(cert);
initData = createClientProps(defaultProperties, defaultDir, defaultHost);
initData.properties.setProperty("Ice.InitPlugins", "0");
initData.properties.setProperty("IceSSL.CAs", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.PluginManager pm = comm.getPluginManager();
IceSSL.Plugin plugin = (IceSSL.Plugin)pm.getPlugin("IceSSL");
test(plugin != null);
plugin.setCertificates(coll);
pm.initializePlugins();
Ice.ObjectPrx obj = comm.stringToProxy(factoryRef);
test(obj != null);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(obj);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.VerifyPeer"] = "2";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
//
// Supply our own CA certificate.
//
X509Certificate2 cert = new X509Certificate2(defaultDir + "/cacert1.pem");
X509Certificate2Collection coll = new X509Certificate2Collection();
coll.Add(cert);
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "");
initData.properties.setProperty("Ice.InitPlugins", "0");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.PluginManager pm = comm.getPluginManager();
IceSSL.Plugin plugin = (IceSSL.Plugin)pm.getPlugin("IceSSL");
test(plugin != null);
plugin.setCACertificates(coll);
pm.initializePlugins();
Ice.ObjectPrx obj = comm.stringToProxy(factoryRef);
test(obj != null);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(obj);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.VerifyPeer"] = "2";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing certificate verification... ");
Console.Out.Flush();
{
//
// Test IceSSL.VerifyPeer=0. Client does not have a certificate,
// and it doesn't trust the server certificate.
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "", "");
initData.properties.setProperty("IceSSL.VerifyPeer", "0");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "");
d["IceSSL.VerifyPeer"] = "0";
Test.ServerPrx server = fact.createServer(d);
try
{
server.noCert();
test(!((IceSSL.ConnectionInfo)server.ice_getConnection().getInfo()).verified);
}
catch(Ice.LocalException ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// Test IceSSL.VerifyPeer=0. Client does not have a certificate,
// but it still verifies the server's.
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "", "cacert1");
initData.properties.setProperty("IceSSL.VerifyPeer", "0");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "");
d["IceSSL.VerifyPeer"] = "0";
server = fact.createServer(d);
try
{
server.noCert();
test(((IceSSL.ConnectionInfo)server.ice_getConnection().getInfo()).verified);
}
catch(Ice.LocalException ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// Test IceSSL.VerifyPeer=1. Client does not have a certificate.
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "", "cacert1");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "");
d["IceSSL.VerifyPeer"] = "1";
server = fact.createServer(d);
try
{
server.noCert();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
//
// Test IceSSL.VerifyPeer=2. This should fail because the client
// does not supply a certificate.
//
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "");
d["IceSSL.VerifyPeer"] = "2";
server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.ConnectionLostException)
{
// Expected.
}
catch(Ice.LocalException ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// Test IceSSL.VerifyPeer=1. Client has a certificate.
//
// Provide "cacert1" to the client to verify the server
// certificate (without this the client connection wouln't be
// able to provide the certificate chain).
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.VerifyPeer"] = "1";
server = fact.createServer(d);
try
{
X509Certificate2 clientCert =
new X509Certificate2(defaultDir + "/c_rsa_ca1.p12", "password");
server.checkCert(clientCert.Subject, clientCert.Issuer);
X509Certificate2 serverCert =
new X509Certificate2(defaultDir + "/s_rsa_ca1.p12", "password");
X509Certificate2 caCert = new X509Certificate2(defaultDir + "/cacert1.pem");
IceSSL.NativeConnectionInfo info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo();
test(info.nativeCerts.Length == 2);
test(info.verified);
test(caCert.Equals(info.nativeCerts[1]));
test(serverCert.Equals(info.nativeCerts[0]));
}
catch(Exception ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
//
// Test IceSSL.VerifyPeer=2. Client has a certificate.
//
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.VerifyPeer"] = "2";
server = fact.createServer(d);
try
{
X509Certificate2 clientCert = new X509Certificate2(defaultDir + "/c_rsa_ca1.p12", "password");
server.checkCert(clientCert.Subject, clientCert.Issuer);
}
catch(Exception ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// Test IceSSL.VerifyPeer=1. This should fail because the
// client doesn't trust the server's CA.
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "", "");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "");
d["IceSSL.VerifyPeer"] = "0";
server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.SecurityException)
{
// Expected.
}
catch(Ice.LocalException ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// Test IceSSL.VerifyPeer=1. This should fail because the
// server doesn't trust the client's CA.
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca2", "");
initData.properties.setProperty("IceSSL.VerifyPeer", "0");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "");
d["IceSSL.VerifyPeer"] = "1";
server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.SecurityException)
{
// Expected.
}
catch(Ice.ConnectionLostException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// This should succeed because the self signed certificate used by the server is
// trusted.
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "", "cacert2");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "cacert2", "");
d["IceSSL.VerifyPeer"] = "0";
server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// This should l because the self signed certificate used by the server is not
// trusted.
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost);
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "cacert2", "");
d["IceSSL.VerifyPeer"] = "0";
server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.SecurityException)
{
// Expected.
}
catch(Ice.LocalException ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// Verify that IceSSL.CheckCertName has no effect in a server.
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.CheckCertName"] = "1";
server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// NOTE: We can't test IceSSL.CheckCertName here because the common name (CN) field of
// the server's certificate has the value "Server" and we can't use "Server" as a host
// name in an endpoint (it almost certainly wouldn't resolve correctly).
//
//
// Test IceSSL.CheckCertName. The test certificates for the server contain "127.0.0.1"
// as the common name or as a subject alternative name, so we only perform this test when
// the default host is "127.0.0.1".
//
if(defaultHost.Equals("127.0.0.1"))
{
//
// Test subject alternative name.
//
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.CheckCertName", "1");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.CheckCertName"] = "1";
server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
//
// Test common name.
//
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.CheckCertName", "1");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1_cn1", "cacert1");
d["IceSSL.CheckCertName"] = "1";
server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
//
// Test common name again. The certificate used in this test has "127.0.0.11" as its
// common name, therefore the address "127.0.0.1" must NOT match.
//
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.CheckCertName", "1");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1_cn2", "cacert1");
d["IceSSL.CheckCertName"] = "1";
server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
// Expected.
}
fact.destroyServer(server);
comm.destroy();
}
}
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing certificate chains... ");
Console.Out.Flush();
{
X509Store certStore = new X509Store("My", StoreLocation.CurrentUser);
certStore.Open(OpenFlags.ReadWrite);
X509Certificate2Collection certs = new X509Certificate2Collection();
certs.Import(defaultDir + "/s_rsa_cai2.p12", "password", X509KeyStorageFlags.DefaultKeySet);
foreach(X509Certificate2 cert in certs)
{
certStore.Add(cert);
}
try
{
IceSSL.NativeConnectionInfo info;
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "", "");
initData.properties.setProperty("IceSSL.VerifyPeer", "0");
Ice.Communicator comm = Ice.Util.initialize(initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
//
// The client can't verify the server certificate but it should
// still provide it. "s_rsa_ca1" doesn't include the root so the
// cert size should be 1.
//
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "");
d["IceSSL.VerifyPeer"] = "0";
Test.ServerPrx server = fact.createServer(d);
try
{
info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo();
test(info.nativeCerts.Length == 1);
test(!info.verified);
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
//
// Setting the CA for the server shouldn't change anything, it
// shouldn't modify the cert chain sent to the client.
//
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.VerifyPeer"] = "0";
server = fact.createServer(d);
try
{
info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo();
test(info.nativeCerts.Length == 1);
test(!info.verified);
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
//
// The client can't verify the server certificate but should
// still provide it. "s_rsa_wroot_ca1" includes the root so
// the cert size should be 2.
//
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_wroot_ca1", "");
d["IceSSL.VerifyPeer"] = "0";;
server = fact.createServer(d);
try
{
info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo();
test(info.nativeCerts.Length == 1); // Like the SChannel transport, .NET never sends the root.
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// Now the client verifies the server certificate
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "", "cacert1");
initData.properties.setProperty("IceSSL.VerifyPeer", "1");
comm = Ice.Util.initialize(initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
{
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "");
d["IceSSL.VerifyPeer"] = "0";;
server = fact.createServer(d);
try
{
info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo();
test(info.nativeCerts.Length == 2);
test(info.verified);
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
}
//
// Try certificate with one intermediate and VerifyDepthMax=2
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "", "cacert1");
initData.properties.setProperty("IceSSL.VerifyPeer", "1");
initData.properties.setProperty("IceSSL.VerifyDepthMax", "2");
comm = Ice.Util.initialize(initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
{
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_cai1", "");
d["IceSSL.VerifyPeer"] = "0";;
server = fact.createServer(d);
try
{
server.ice_getConnection().getInfo();
test(false);
}
catch(Ice.SecurityException)
{
// Chain length too long
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
}
comm.destroy();
//
// Set VerifyDepthMax to 3 (the default)
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "", "cacert1");
initData.properties.setProperty("IceSSL.VerifyPeer", "1");
//initData.properties.setProperty("IceSSL.VerifyDepthMax", "3");
comm = Ice.Util.initialize(initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
{
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_cai1", "");
d["IceSSL.VerifyPeer"] = "0";;
server = fact.createServer(d);
try
{
info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo();
test(info.nativeCerts.Length == 3);
test(info.verified);
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
}
{
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_cai2", "");
d["IceSSL.VerifyPeer"] = "0";;
server = fact.createServer(d);
try
{
server.ice_getConnection().getInfo();
test(false);
}
catch(Ice.SecurityException)
{
// Chain length too long
}
fact.destroyServer(server);
}
comm.destroy();
//
// Increase VerifyDepthMax to 4
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "", "cacert1");
initData.properties.setProperty("IceSSL.VerifyPeer", "1");
initData.properties.setProperty("IceSSL.VerifyDepthMax", "4");
comm = Ice.Util.initialize(initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
{
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_cai2", "");
d["IceSSL.VerifyPeer"] = "0";;
server = fact.createServer(d);
try
{
info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo();
test(info.nativeCerts.Length == 4);
test(info.verified);
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
}
comm.destroy();
//
// Increase VerifyDepthMax to 4
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_cai2", "cacert1");
initData.properties.setProperty("IceSSL.VerifyPeer", "1");
initData.properties.setProperty("IceSSL.VerifyDepthMax", "4");
comm = Ice.Util.initialize(initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
{
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_cai2", "cacert1");
d["IceSSL.VerifyPeer"] = "2";
server = fact.createServer(d);
try
{
server.ice_getConnection();
test(false);
}
catch(Ice.ProtocolException)
{
// Expected
}
catch(Ice.ConnectionLostException)
{
// Expected
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
}
{
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_cai2", "cacert1");
d["IceSSL.VerifyPeer"] = "2";
d["IceSSL.VerifyDepthMax"] = "4";
server = fact.createServer(d);
try
{
server.ice_getConnection();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
}
comm.destroy();
}
finally
{
foreach(X509Certificate2 cert in certs)
{
certStore.Remove(cert);
}
}
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing custom certificate verifier... ");
Console.Out.Flush();
{
//
// Verify that a server certificate is present.
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
IceSSL.Plugin plugin = (IceSSL.Plugin)comm.getPluginManager().getPlugin("IceSSL");
test(plugin != null);
CertificateVerifierI verifier = new CertificateVerifierI();
plugin.setCertificateVerifier(verifier);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.VerifyPeer"] = "2";
Test.ServerPrx server = fact.createServer(d);
try
{
IceSSL.NativeConnectionInfo info =
(IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo();
server.checkCipher(info.cipher);
}
catch(Ice.LocalException)
{
test(false);
}
test(verifier.invoked());
test(verifier.hadCert());
//
// Have the verifier return false. Close the connection explicitly
// to force a new connection to be established.
//
verifier.reset();
verifier.returnValue(false);
server.ice_getConnection().close(false);
try
{
server.ice_ping();
test(false);
}
catch(Ice.SecurityException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
test(verifier.invoked());
test(verifier.hadCert());
fact.destroyServer(server);
comm.destroy();
}
{
//
// Verify that verifier is installed via property.
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "");
initData.properties.setProperty("IceSSL.CertVerifier", "CertificateVerifierI");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
IceSSL.Plugin plugin = (IceSSL.Plugin)comm.getPluginManager().getPlugin("IceSSL");
test(plugin != null);
test(plugin.getCertificateVerifier() != null);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing protocols... ");
Console.Out.Flush();
{
//
// This should fail because the client and server have no protocol
// in common.
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.Protocols", "ssl3");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.VerifyPeer"] = "2";
d["IceSSL.Protocols"] = "tls1";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.ConnectionLostException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// This should succeed.
//
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.VerifyPeer"] = "2";
d["IceSSL.Protocols"] = "tls1, ssl3";
server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// This should succeed with .NET 4.5 or greater and fails otherwise
//
bool is45OrGreater = false;
try
{
Enum.Parse(typeof(System.Security.Authentication.SslProtocols), "Tls12");
is45OrGreater = true;
}
catch(Exception)
{
}
try
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.Protocols", "tls1_2");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.VerifyPeer"] = "2";
d["IceSSL.Protocols"] = "tls1_2";
server = fact.createServer(d);
server.ice_ping();
fact.destroyServer(server);
comm.destroy();
}
catch(Ice.PluginInitializationException)
{
// Expected with .NET < 4.5
test(!is45OrGreater);
}
catch(Ice.LocalException)
{
test(false);
}
}
{
//
// This should fail because the client ony enables SSLv3 and the server
// uses the default protocol set that disables SSLv3
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.Protocols", "ssl3");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.VerifyPeer"] = "2";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.ConnectionLostException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// This should success because the client and the server enables SSLv3
//
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.VerifyPeer"] = "2";
d["IceSSL.Protocols"] = "ssl3, tls1_0, tls1_1, tls1_2";
server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing expired certificates... ");
Console.Out.Flush();
{
//
// This should fail because the server's certificate is expired.
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1_exp", "cacert1");
d["IceSSL.VerifyPeer"] = "2";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.SecurityException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// This should fail because the client's certificate is expired.
//
initData.properties.setProperty("IceSSL.CertFile", "c_rsa_ca1_exp.p12");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.VerifyPeer"] = "2";
server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.ConnectionLostException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
Console.Out.WriteLine("ok");
if(isAdministrator)
{
Console.Out.Write("testing multiple CA certificates... ");
Console.Out.Flush();
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca2", "");
d["IceSSL.VerifyPeer"] = "2";
store.Add(caCert1);
store.Add(caCert2);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
store.Remove(caCert2);
comm.destroy();
}
Console.Out.WriteLine("ok");
}
Console.Out.Write("testing multiple CA certificates... ");
Console.Out.Flush();
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacerts");
Ice.Communicator comm = Ice.Util.initialize(initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca2", "cacerts");
d["IceSSL.VerifyPeer"] = "2";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing DER CA certificate... ");
Console.Out.Flush();
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "");
initData.properties.setProperty("IceSSL.CAs", "cacert1.der");
Ice.Communicator comm = Ice.Util.initialize(initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "");
d["IceSSL.VerifyPeer"] = "2";
d["IceSSL.CAs"] = "cacert1.der";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing passwords... ");
Console.Out.Flush();
{
//
// Test password failure.
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "");
// Don't specify the password.
initData.properties.setProperty("IceSSL.Password", "");
try
{
Ice.Util.initialize(ref args, initData);
test(false);
}
catch(Ice.PluginInitializationException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
}
{
//
// Test password failure with callback.
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "");
initData.properties.setProperty("Ice.InitPlugins", "0");
// Don't specify the password.
initData.properties.setProperty("IceSSL.Password", "");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.PluginManager pm = comm.getPluginManager();
IceSSL.Plugin plugin = (IceSSL.Plugin)pm.getPlugin("IceSSL");
test(plugin != null);
PasswordCallbackI cb = new PasswordCallbackI("bogus");
plugin.setPasswordCallback(cb);
try
{
pm.initializePlugins();
test(false);
}
catch(Ice.PluginInitializationException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
comm.destroy();
}
{
//
// Test installation of password callback.
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "");
initData.properties.setProperty("Ice.InitPlugins", "0");
// Don't specify the password.
initData.properties.setProperty("IceSSL.Password", "");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.PluginManager pm = comm.getPluginManager();
IceSSL.Plugin plugin = (IceSSL.Plugin)pm.getPlugin("IceSSL");
test(plugin != null);
PasswordCallbackI cb = new PasswordCallbackI();
plugin.setPasswordCallback(cb);
test(plugin.getPasswordCallback() == cb);
try
{
pm.initializePlugins();
}
catch(Ice.LocalException)
{
test(false);
}
comm.destroy();
}
{
//
// Test password callback property.
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "");
initData.properties.setProperty("IceSSL.PasswordCallback", "PasswordCallbackI");
// Don't specify the password.
initData.properties.setProperty("IceSSL.Password", "");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.PluginManager pm = comm.getPluginManager();
IceSSL.Plugin plugin = (IceSSL.Plugin)pm.getPlugin("IceSSL");
test(plugin != null);
test(plugin.getPasswordCallback() != null);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing IceSSL.TrustOnly... ");
Console.Out.Flush();
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.TrustOnly",
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.TrustOnly",
"!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.TrustOnly",
"C=US, ST=Florida, O=\"ZeroC, Inc.\",OU=Ice, [email protected], CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.TrustOnly"] =
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.TrustOnly"] =
"!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.TrustOnly", "CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.TrustOnly", "!CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.TrustOnly"] = "CN=Client";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.TrustOnly"] = "!CN=Client";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.TrustOnly", "CN=Client");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.TrustOnly"] = "CN=Server";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.TrustOnly", "C=Canada,CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.TrustOnly", "!C=Canada,CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.TrustOnly", "C=Canada;CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.TrustOnly", "!C=Canada;!CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.TrustOnly", "!CN=Server1"); // Should not match "Server"
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.TrustOnly"] = "!CN=Client1"; // Should not match "Client"
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
//
// Rejection takes precedence (client).
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.TrustOnly", "ST=Florida;!CN=Server;C=US");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
//
// Rejection takes precedence (server).
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.TrustOnly"] = "C=US;!CN=Client;ST=Florida";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing IceSSL.TrustOnly.Client... ");
Console.Out.Flush();
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.TrustOnly.Client",
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
// Should have no effect.
d["IceSSL.TrustOnly.Client"] =
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Server";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.TrustOnly.Client",
"!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
// Should have no effect.
d["IceSSL.TrustOnly.Client"] = "!CN=Client";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.TrustOnly.Client", "CN=Client");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.TrustOnly.Client", "!CN=Client");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing IceSSL.TrustOnly.Server... ");
Console.Out.Flush();
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
// Should have no effect.
initData.properties.setProperty("IceSSL.TrustOnly.Server",
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.TrustOnly.Server"] =
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.TrustOnly.Server"] =
"!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
// Should have no effect.
initData.properties.setProperty("IceSSL.TrustOnly.Server", "!CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.TrustOnly.Server"] = "CN=Server";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.TrustOnly.Server"] = "!CN=Client";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing IceSSL.TrustOnly.Server.<AdapterName>... ");
Console.Out.Flush();
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.TrustOnly.Server"] = "CN=bogus";
d["IceSSL.TrustOnly.Server.ServerAdapter"] =
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.TrustOnly.Server.ServerAdapter"] =
"!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.TrustOnly.Server.ServerAdapter"] = "CN=bogus";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.TrustOnly.Server.ServerAdapter"] = "!CN=bogus";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
Console.Out.WriteLine("ok");
if(isAdministrator)
{
Console.Out.Write("testing IceSSL.KeySet... ");
Console.Out.Flush();
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost);
initData.properties.setProperty("IceSSL.DefaultDir", defaultDir);
initData.properties.setProperty("IceSSL.ImportCert.LocalMachine.Root", "cacert1.pem");
initData.properties.setProperty("IceSSL.CertFile", "c_rsa_ca1.p12");
initData.properties.setProperty("IceSSL.KeySet", "MachineKeySet");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost);
d["IceSSL.ImportCert.LocalMachine.Root"] = "cacert1.pem";
d["IceSSL.KeySet"] = "MachineKeySet";
d["IceSSL.CertFile"] = "s_rsa_ca1.p12";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
X509Store certStore = new X509Store("Root", StoreLocation.LocalMachine);
certStore.Open(OpenFlags.ReadWrite);
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "");
initData.properties.setProperty("IceSSL.ImportCert.CurrentUser.Root", "cacert1.pem");
initData.properties.setProperty("IceSSL.KeySet", "UserKeySet");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "");
d["IceSSL.ImportCert.CurrentUser.Root"] = "cacert1.pem";
d["IceSSL.KeySet"] = "UserKeySet";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
X509Store certStore = new X509Store("Root", StoreLocation.CurrentUser);
certStore.Open(OpenFlags.ReadWrite);
}
Console.Out.WriteLine("ok");
}
Console.Out.Write("testing IceSSL.FindCerts properties... ");
Console.Out.Flush();
{
string[] clientFindCertProperties = new string[]
{
"SUBJECTDN:'CN=Client, OU=Ice, O=\"ZeroC, Inc.\", L=Jupiter, S=Florida, C=US, [email protected]'",
"ISSUER:'ZeroC, Inc.' SUBJECT:Client SERIAL:02",
"ISSUERDN:'CN=ZeroC Test CA 1, OU=Ice, O=\"ZeroC, Inc.\",L=Jupiter, S=Florida, C=US,[email protected]' SUBJECT:Client",
"THUMBPRINT:'82 30 1E 35 9E 39 C1 D0 63 0D 67 3D 12 DD D4 96 90 1E EF 54'",
"SUBJECTKEYID:'FC 5D 4F AB F0 6C 03 11 B8 F3 68 CF 89 54 92 3F F9 79 2A 06'"
};
string[] serverFindCertProperties = new string[]
{
"SUBJECTDN:'CN=Server, OU=Ice, O=\"ZeroC, Inc.\", L=Jupiter, S=Florida, C=US, [email protected]'",
"ISSUER:'ZeroC, Inc.' SUBJECT:Server SERIAL:01",
"ISSUERDN:'CN=ZeroC Test CA 1, OU=Ice, O=\"ZeroC, Inc.\", L=Jupiter, S=Florida, C=US,[email protected]' SUBJECT:Server",
"THUMBPRINT:'C0 01 FF 9C C9 DA C8 0D 34 F6 2F DE 09 FB 28 0D 69 AB 78 BA'",
"SUBJECTKEYID:'47 84 AE F9 F2 85 3D 99 30 6A 03 38 41 1A B9 EB C3 9C B5 4D'"
};
string[] failFindCertProperties = new string[]
{
"nolabel",
"unknownlabel:foo",
"LABEL:",
"SUBJECTDN:'CN = Client, E = [email protected], OU = Ice, O = \"ZeroC, Inc.\", S = Florida, C = US'",
"ISSUER:'ZeroC, Inc.' SUBJECT:Client SERIAL:'02 02'",
"ISSUERDN:'[email protected], CN=ZeroC Test CA 1, OU=Ice, O=\"ZeroC, Inc.\"," +
" L=Jupiter, S=Florida, C=ES' SUBJECT:Client",
"THUMBPRINT:'27 e0 18 c9 23 12 6c f0 5c da fa 36 5a 4c 63 5a e2 53 07 ff'",
"SUBJECTKEYID:'a6 42 aa 17 04 41 86 56 67 e4 04 64 59 34 30 c7 4c 6b ef ff'"
};
string[] certificates = new string[] {"/s_rsa_ca1.p12", "/c_rsa_ca1.p12"};
X509Store certStore = new X509Store("My", StoreLocation.CurrentUser);
certStore.Open(OpenFlags.ReadWrite);
try
{
foreach(string cert in certificates)
{
certStore.Add(new X509Certificate2(defaultDir + cert, "password"));
}
for(int i = 0; i < clientFindCertProperties.Length; ++i)
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "", "cacert1");
initData.properties.setProperty("IceSSL.CertStore", "My");
initData.properties.setProperty("IceSSL.CertStoreLocation", "CurrentUser");
initData.properties.setProperty("IceSSL.FindCert", clientFindCertProperties[i]);
//
// Use TrustOnly to ensure the peer has pick the expected certificate.
//
initData.properties.setProperty("IceSSL.TrustOnly", "CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "", "cacert1");
// Use deprecated property here to test it
d["IceSSL.FindCert.CurrentUser.My"] = serverFindCertProperties[i];
//
// Use TrustOnly to ensure the peer has pick the expected certificate.
//
d["IceSSL.TrustOnly"] = "CN=Client";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
//
// These must fail because the search criteria does not match any certificates.
//
foreach(string s in failFindCertProperties)
{
try
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost);
initData.properties.setProperty("IceSSL.FindCert", s);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
test(false);
}
catch(Ice.PluginInitializationException)
{
// Expected
}
catch(Ice.LocalException)
{
test(false);
}
}
}
finally
{
foreach(string cert in certificates)
{
certStore.Remove(new X509Certificate2(defaultDir + cert, "password"));
}
certStore.Close();
}
//
// These must fail because we have already remove the certificates.
//
foreach(string s in clientFindCertProperties)
{
try
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost);
initData.properties.setProperty("IceSSL.FindCert.CurrentUser.My", s);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
test(false);
}
catch(Ice.PluginInitializationException)
{
// Expected
}
catch(Ice.LocalException)
{
test(false);
}
}
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing system CAs... ");
Console.Out.Flush();
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost);
initData.properties.setProperty("IceSSL.VerifyDepthMax", "4");
initData.properties.setProperty("Ice.Override.Timeout", "5000"); // 5s timeout
Ice.Communicator comm = Ice.Util.initialize(initData);
Ice.ObjectPrx p = comm.stringToProxy("dummy:wss -h demo.zeroc.com -p 5064");
try
{
p.ice_ping();
test(false);
}
catch(Ice.SecurityException)
{
// Expected, by default we don't check for system CAs.
}
catch(Ice.LocalException)
{
test(false);
}
initData = createClientProps(defaultProperties, defaultDir, defaultHost);
initData.properties.setProperty("IceSSL.VerifyDepthMax", "4");
initData.properties.setProperty("Ice.Override.Timeout", "5000"); // 5s timeout
initData.properties.setProperty("IceSSL.UsePlatformCAs", "1");
comm = Ice.Util.initialize(initData);
p = comm.stringToProxy("dummy:wss -h demo.zeroc.com -p 5064");
IceSSL.WSSConnectionInfo info;
try
{
info = (IceSSL.WSSConnectionInfo)p.ice_getConnection().getInfo();
test(info.verified);
}
catch(Ice.LocalException)
{
test(false);
}
comm.destroy();
}
Console.Out.WriteLine("ok");
}
finally
{
if(isAdministrator)
{
store.Remove(caCert1);
store.Remove(caCert2);
}
store.Close();
}
return factory;
}
public static void X509Certificate2CollectionRemoveRangeCollection()
{
using (X509Certificate2 c1 = new X509Certificate2(TestData.MsCertificate))
using (X509Certificate2 c2 = new X509Certificate2(TestData.DssCer))
using (X509Certificate2 c1Clone = new X509Certificate2(TestData.MsCertificate))
using (X509Certificate c3 = new X509Certificate())
{
X509Certificate2[] array = new X509Certificate2[] { c1, c2 };
X509Certificate2Collection cc = new X509Certificate2Collection(array);
cc.RemoveRange(new X509Certificate2Collection { c1, c2 });
Assert.Equal(0, cc.Count);
cc = new X509Certificate2Collection(array);
cc.RemoveRange(new X509Certificate2Collection { c2, c1 });
Assert.Equal(0, cc.Count);
cc = new X509Certificate2Collection(array);
cc.RemoveRange(new X509Certificate2Collection { c1 });
Assert.Equal(1, cc.Count);
Assert.Same(c2, cc[0]);
cc = new X509Certificate2Collection(array);
X509Certificate2Collection collection = new X509Certificate2Collection();
collection.Add(c1);
collection.Add(c2);
((IList)collection).Add(c3); // Add non-X509Certificate2 object
Assert.Throws<InvalidCastException>(() => cc.RemoveRange(collection));
Assert.Equal(2, cc.Count);
Assert.Same(c1, cc[0]);
Assert.Same(c2, cc[1]);
cc = new X509Certificate2Collection(array);
collection = new X509Certificate2Collection();
collection.Add(c1);
((IList)collection).Add(c3); // Add non-X509Certificate2 object
collection.Add(c2);
Assert.Throws<InvalidCastException>(() => cc.RemoveRange(collection));
Assert.Equal(2, cc.Count);
Assert.Same(c2, cc[0]);
Assert.Same(c1, cc[1]);
// Remove c1Clone (success)
// Remove c1 (exception)
// Add c1Clone back
// End state: { c1, c2 } => { c2, c1Clone }
cc = new X509Certificate2Collection(array);
collection = new X509Certificate2Collection
{
c1Clone,
c1,
c2,
};
Assert.Throws<ArgumentException>(() => cc.RemoveRange(collection));
Assert.Equal(2, cc.Count);
Assert.Same(c2, cc[0]);
Assert.Same(c1Clone, cc[1]);
}
}
public static void X509Certificate2CollectionEnumeratorModification()
{
using (X509Certificate2 c1 = new X509Certificate2())
using (X509Certificate2 c2 = new X509Certificate2())
using (X509Certificate2 c3 = new X509Certificate2())
{
X509Certificate2Collection cc = new X509Certificate2Collection(new X509Certificate2[] { c1, c2, c3 });
X509Certificate2Enumerator e = cc.GetEnumerator();
cc.Add(c1);
// Collection changed.
Assert.Throws<InvalidOperationException>(() => e.MoveNext());
Assert.Throws<InvalidOperationException>(() => e.Reset());
}
}
public static void X509Certificate2CollectionThrowsArgumentNullException()
{
using (X509Certificate2 certificate = new X509Certificate2())
{
Assert.Throws<ArgumentNullException>(() => new X509Certificate2Collection((X509Certificate2[])null));
Assert.Throws<ArgumentNullException>(() => new X509Certificate2Collection((X509Certificate2Collection)null));
X509Certificate2Collection collection = new X509Certificate2Collection { certificate };
Assert.Throws<ArgumentNullException>(() => collection[0] = null);
Assert.Throws<ArgumentNullException>(() => collection.Add((X509Certificate)null));
Assert.Throws<ArgumentNullException>(() => collection.Add((X509Certificate2)null));
Assert.Throws<ArgumentNullException>(() => collection.AddRange((X509Certificate[])null));
Assert.Throws<ArgumentNullException>(() => collection.AddRange((X509CertificateCollection)null));
Assert.Throws<ArgumentNullException>(() => collection.AddRange((X509Certificate2[])null));
Assert.Throws<ArgumentNullException>(() => collection.AddRange((X509Certificate2Collection)null));
Assert.Throws<ArgumentNullException>(() => collection.CopyTo(null, 0));
Assert.Throws<ArgumentNullException>(() => collection.Insert(0, (X509Certificate)null));
Assert.Throws<ArgumentNullException>(() => collection.Insert(0, (X509Certificate2)null));
Assert.Throws<ArgumentNullException>(() => collection.Remove((X509Certificate)null));
Assert.Throws<ArgumentNullException>(() => collection.Remove((X509Certificate2)null));
Assert.Throws<ArgumentNullException>(() => collection.RemoveRange((X509Certificate2[])null));
Assert.Throws<ArgumentNullException>(() => collection.RemoveRange((X509Certificate2Collection)null));
Assert.Throws<ArgumentNullException>(() => collection.Import((byte[])null));
Assert.Throws<ArgumentNullException>(() => collection.Import((string)null));
IList ilist = (IList)collection;
Assert.Throws<ArgumentNullException>(() => ilist[0] = null);
Assert.Throws<ArgumentNullException>(() => ilist.Add(null));
Assert.Throws<ArgumentNullException>(() => ilist.CopyTo(null, 0));
Assert.Throws<ArgumentNullException>(() => ilist.Insert(0, null));
Assert.Throws<ArgumentNullException>(() => ilist.Remove(null));
}
}