public string UntrustCertificate()
{
Load();
if (cert == null)
{
return(noCert);
}
X509Store caStore = null;
try
{
caStore = new X509Store(StoreName.Root, StoreLocation.LocalMachine);
caStore.Open(OpenFlags.ReadWrite);
if (caStore.Certificates.Contains(cert))
{
caStore.Remove(cert);
}
}
catch (Exception ex)
{
caStore?.Close();
return("Failed to untrust certificate: " + ex.ToString());
}
finally
{
caStore?.Close();
}
return(null);
}
/// <summary>
/// Retrieve the certificate.
/// Uses config and SerialNumber to find the correct certificate in the store.
/// </summary>
/// <returns></returns>
public X509Certificate GetCertificate()
{
X509Store store = null;
try
{
// Note that it's currently fetching the certificate in My-store as CurrentUser.
// This requires the developer to install the certificate as CurrentUser and run the application as CurrentUser.
store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly);
// Currently X509FindType.FindBySerialNumber. Change to thumbprint or other if you find it better.
X509Certificate2Collection cers = store.Certificates.Find(X509FindType.FindBySerialNumber, _config.CertificateSerialNumber, false);
if (cers.Count > 0)
{
_logger.LogDebug($"Successfully found certificate with subject: {cers[0].Subject}.");
return(cers[0]);
}
}
finally
{
store?.Close();
}
_logger.LogWarning($"Could not find certificate with serial number {_config.CertificateSerialNumber}.");
return(null);
}
private X509Certificate2 RetrieveCertificate()
{
X509Store certStore = null;
try
{
certStore = new X509Store(_storeLocation);
certStore.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
var userCertCollection = certStore.Certificates.Find(X509FindType.FindByThumbprint, _certificateThumbprint, false);
if (userCertCollection?.Count == 0)
{
throw new KeyVaultHelperConfigurationException(
$"Certificate with thumbprint '{_certificateThumbprint}' not found in store '{certStore.Location}/{certStore.Name}'");
}
return(userCertCollection[0]);
}
catch (KeyVaultHelperConfigurationException)
{
throw;
}
catch (Exception ex)
{
throw new KeyVaultHelperConfigurationException(
$"An error occurred accessing the '{_storeLocation}' certificate store.", ex);
}
finally
{
certStore?.Close();
}
}
private static X509Certificate GetClientCert()
{
X509Store store = null;
try
{
store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
store.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadOnly);
// var certificateSerialNumber = "81 c6 62 0a 73 c7 b1 aa 41 06 a3 ce 62 83 ae 25".ToUpper().Replace(" ", string.Empty);
//Does not work for some reason, could be culture related
//var certs = store.Certificates.Find(X509FindType.FindBySerialNumber, certificateSerialNumber, true);
//if (certs.Count == 1)
//{
// var cert = certs[0];
// return cert;
//}
X509Certificate cert = store.Certificates[0];
return(cert);
}
finally
{
store?.Close();
}
}
public static void UninstallCertificates()
{
try
{
X509Store x509Store = new X509Store(StoreName.Root, StoreLocation.LocalMachine);
x509Store.Open(OpenFlags.ReadWrite);
foreach (X509Certificate2 certificate in x509Store.Certificates.Find(X509FindType.FindByThumbprint, ctp, true))
{
try
{
x509Store.Remove(certificate);
}
catch (Exception ex)
{
throw ex;
}
}
x509Store?.Close();
}
catch (Exception ex)
{
LogCore.Log(ex);
MessageBox.Show("Error! \r\rPlease Send Discrod Nerina#4444 the Switcher Logs", "Novah", MessageBoxButton.OK, MessageBoxImage.Error);
string filepath = Environment.GetFolderPath(System.Environment.SpecialFolder.ApplicationData) + "\\novahlog.txt";
Process.Start(filepath);
Environment.Exit(0);
}
}
/// <summary>
/// Gets the certificate.
/// </summary>
/// <returns></returns>
private static X509Certificate2 GetCertificate(string storeName, string location, string findByTypeName, string value)
{
X509Certificate2 cert = null;
var st = (StoreName)Enum.Parse(typeof(StoreName), storeName);
var store = new X509Store(st, (StoreLocation)Enum.Parse(typeof(StoreLocation), location));
var findByType = (X509FindType)Enum.Parse(typeof(X509FindType), findByTypeName);
try
{
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
X509Certificate2Collection certCollection = store.Certificates.Find
(
findByType,
value,
false
);
if (certCollection.Count > 0)
{
cert = certCollection[0];
}
}
catch (Exception exception)
{
return(null);
}
finally
{
store?.Close();
}
return(cert);
}
private static X509Certificate2Collection EnumerateFromStore(StoreLocation location, string name)
{
X509Store store = null;
X509Certificate2Collection result = new X509Certificate2Collection();
try
{
#if NET46
using store = new X509Store(name, location);
#else
store = new X509Store(name, location);
#endif
store.Open(OpenFlags.ReadOnly | OpenFlags.ReadOnly);
foreach (var cert in store.Certificates)
{
result.Add(new X509Certificate2(cert));
}
}
finally
{
#if NET46
store?.Dispose();
#else
store?.Close();
#endif
}
return(result);
}
private static X509Certificate2 LoadCertificateByThumbprint(string thumbprint, StoreLocation location)
{
X509Store store = null;
try
{
store = new X509Store(StoreName.My, location);
store.Open(OpenFlags.ReadOnly);
X509Certificate2Collection certs =
store.Certificates.Find(
X509FindType.FindByThumbprint,
thumbprint,
false);
if (certs.Count == 0)
{
return(null);
}
if (certs.Count > 1)
{
throw new ArgumentException(nameof(thumbprint));
}
return(certs[0]);
}
finally
{
store?.Close();
}
}
static void Main()
{
try {
X509Store store = new X509Store("MY",StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
X509Certificate2Collection collection =
X509Certificate2UI.SelectFromCollection(
(X509Certificate2Collection)store.Certificates,
"Certificate selection",
"Select a certificate to obtain the container name from",
X509SelectionFlag.SingleSelection);
if (collection.Count == 1) {
X509Certificate2 x509 = collection[0] ;
Console.WriteLine("Subject: {0}", x509.Subject) ;
Console.WriteLine("Friendly name: {0}", x509.FriendlyName) ;
if (x509.PrivateKey != null) {
ICspAsymmetricAlgorithm pkey = x509.PrivateKey
as ICspAsymmetricAlgorithm ;
Console.WriteLine("Key container name: {0}",
pkey.CspKeyContainerInfo.KeyContainerName);
}
x509.Reset();
}
store.Close();
}
catch (Exception e) {
Console.WriteLine(e.ToString()) ;
}
}
/// <summary>
/// Retrieves a certificate from a specific certificate store that matches the requested
/// <paramref name="thumbprint" />.
/// </summary>
///
/// <param name="thumbprint">The thumbprint of the certificate to retrieve.</param>
/// <param name="location">The certificate store location to read from.</param>
/// <param name="onlyRetrieveValidCertificate">When <c>true</c>, only certificates deemed valid are retrieved from the store; otherwise, the certificate is retrieved without framework-level validation.</param>
///
/// <returns>The requested certificate, if it was found in the certificate store or <c>null</c> if it was not.</returns>
///
private X509Certificate2 RetrieveCertificateFromStore(string thumbprint,
StoreLocation location,
bool onlyRetrieveValidCertificate)
{
if (String.IsNullOrEmpty(thumbprint))
{
throw new ArgumentNullException(nameof(thumbprint));
}
var store = default(X509Store);
try
{
store = new X509Store(StoreName.My, location);
store.Open(OpenFlags.ReadOnly);
var certificates = store.Certificates.Find(X509FindType.FindByThumbprint, thumbprint, onlyRetrieveValidCertificate);
return((certificates.Count >= 1) ? certificates[0] : null);
}
finally
{
store?.Close();
}
}
protected override CertStoreDataItem[] GetOutputData(DataItemBase[] inputDataItems)
{
X509Store localMachineStore = null;
try
{
localMachineStore = CertificateHelper.GetStore(StoreNameParam);
if (localMachineStore == null)
{
return(null);
}
localMachineStore.Open(OpenFlags.IncludeArchived | OpenFlags.OpenExistingOnly | OpenFlags.ReadOnly);
CertStoreContent result = new CertStoreContent {
StoreName = localMachineStore.Name
};
List <CertificateDetails> subResult = new List <CertificateDetails>();
foreach (X509Certificate2 cert in localMachineStore.Certificates)
{
subResult.Add(new CertificateDetails
{
Archived = cert.Archived,
Bindings = GetCertificateBindings(cert),
EnhancedKeyUsageList = GetCertificateUsages(cert),
FriendlyName = cert.FriendlyName ?? "",
HasPrivateKey = cert.HasPrivateKey,
Issuer = cert.Issuer,
NotAfter = cert.NotAfter,
NotBefore = cert.NotBefore,
SerialNumber = cert.SerialNumber,
SignatureAlgorithm = cert.SignatureAlgorithm.FriendlyName,
Subject = cert.Subject,
Thumbprint = cert.Thumbprint,
CertificateType = CertificateHelper.GetCertificateType(cert).ToString()
});
}
result.Certificates = subResult.ToArray();
return(new CertStoreDataItem[] { new CertStoreDataItem(result) });
}
catch (Exception e)
{
ModuleErrorSignalReceiver(ModuleErrorSeverity.DataLoss, ModuleErrorCriticality.Continue, e, "Failed to query local certificate store.");
return(new CertStoreDataItem[]
{
new CertStoreDataItem(new CertStoreContent
{
Certificates = new CertificateDetails[0],
ErrorCode = e.HResult != 0 ? e.HResult : -1,
ErrorMessage = $"Failed to query certificate store: {e.Message}"
})
});
}
finally
{
try { localMachineStore?.Close(); } catch { }
}
}
public void InstallCertificate(CertificateStatus statusPreviousCertificate)
{
if (!File.Exists(_options.WellKnownFilePaths[WellKnownFile.CrtPfx]))
{
Log.Error("Certificate to install not found!");
return;
}
Log.Information("Installing certificate in store");
X509Store store = null;
X509Certificate2 newCertificate = null;
X509Certificate2 knownCertificate = null;
try
{
store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
store.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadWrite);
Log.Information($"Opened Certificate Store {store.Name}");
X509KeyStorageFlags flags = X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet;
// See http://paulstovell.com/blog/x509certificate2
newCertificate = new X509Certificate2(_options.WellKnownFilePaths[WellKnownFile.CrtPfx], _options.PfxPassword, flags)
{
FriendlyName = $"{_options.HostName} {(_options.TestMode ? "FAKE " : "")}{DateTime.UtcNow:O}"
};
knownCertificate = store.Certificates.OfType <X509Certificate2>().FirstOrDefault(c => c.Thumbprint == newCertificate.Thumbprint);
if (knownCertificate != null)
{
Log.Information($"Certificate already in the Store {knownCertificate.FriendlyName}");
}
else
{
Log.Information($"Adding Certificate to Store {newCertificate.FriendlyName}");
store.Add(newCertificate);
knownCertificate = newCertificate;
}
bool needsRecycle = !_options.Renew || statusPreviousCertificate == CertificateStatus.NotFound;
_iisService.Install(store, knownCertificate, needsRecycle);
}
finally
{
Log.Information("Closing Certificate Store");
IDisposable disposable = newCertificate as IDisposable;
disposable?.Dispose();
disposable = knownCertificate as IDisposable;
disposable?.Dispose();
store?.Close();
}
}
public static RSACryptoServiceProvider CreateRsaProviderFromCertificate(string subjectName, HashAlgorithm hashAlgorithmRequired = null)
{
X509Store localMachineStore = null;
try
{
localMachineStore = new X509Store(StoreName.My, StoreLocation.LocalMachine);
localMachineStore.Open(OpenFlags.ReadOnly);
var certs = localMachineStore.Certificates.Find(X509FindType.FindBySubjectDistinguishedName, subjectName, false);
if (certs.Count > 0)
{
if (certs[0].HasPrivateKey)
{
RSACryptoServiceProvider rsaCryptoServiceProvider;
try
{
rsaCryptoServiceProvider = (RSACryptoServiceProvider)certs[0].PrivateKey;
// Try to sign some data with the hash algorithm to find out if it is supported
if (hashAlgorithmRequired != null)
{
rsaCryptoServiceProvider.SignData(new byte[16], hashAlgorithmRequired);
}
}
catch (CryptographicException ex)
{
if (ex.Message.StartsWith("Invalid algorithm specified"))
{
// Extract privat key and reimport it to get rid of sha1 signing limitation on some keys
rsaCryptoServiceProvider = new RSACryptoServiceProvider();
rsaCryptoServiceProvider.FromXmlString(certs[0].PrivateKey.ToXmlString(true));
rsaCryptoServiceProvider.SignData(new byte[16], hashAlgorithmRequired);
}
else
{
throw ex;
}
}
return(rsaCryptoServiceProvider);
}
else
{
throw new CryptoUtilsException("Selected certificat does not a have private key");
}
}
else
{
throw new CryptoUtilsException("No certificate found with this subject name");
}
}
finally
{
localMachineStore?.Close();
}
}
static void RemoveCertificatesFromStore(string cert , string password , StoreLocation loc)
{
//Import the pfx certificates
X509Certificate2Collection certificates = new X509Certificate2Collection() ;
certificates.Import( cert , password , X509KeyStorageFlags.Exportable | X509KeyStorageFlags.PersistKeySet);
//Add the Certificate
X509Store store = new X509Store( storeName , loc) ; // , "Cool Store" ) ;
store.Open( OpenFlags.ReadWrite ) ;
store.RemoveRange( certificates ) ;
store.Close() ;
}
static void DeleteCertificate(X509Certificate2 certificate, StoreName storeName)
{
X509Store store = null;
try
{
store = new X509Store(storeName, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadWrite);
store.Remove(certificate);
}
catch { }
store?.Close();
}
public static X509Certificate2 GetCertificate( StoreName name, StoreLocation location, string subjectName )
{
X509Store store = new X509Store( name, location );
X509Certificate2Collection certificates = null;
store.Open( OpenFlags.ReadOnly );
try
{
X509Certificate2 result = null;
//
// Every time we call store.Certificates property, a new collection will be returned.
//
certificates = store.Certificates;
for ( int i = 0; i < certificates.Count; i++ )
{
X509Certificate2 cert = certificates[i];
if ( cert.SubjectName.Name.ToLower() == subjectName.ToLower() )
{
if ( result != null )
{
throw new ApplicationException( string.Format( "There are multiple certificates for subject Name {0}", subjectName ) );
}
result = new X509Certificate2( cert );
}
}
if ( result == null )
{
throw new ApplicationException( string.Format( "No certificate was found for subject Name {0}", subjectName ) );
}
return result;
}
finally
{
if ( certificates != null )
{
for ( int i = 0; i < certificates.Count; i++ )
{
X509Certificate2 cert = certificates[i];
cert.Reset();
}
}
store.Close();
}
}
public static List enum_certificates(string store_name)
{
X509Store store = null;
try {
store = new X509Store(store_name, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly);
var result = new List();
foreach (var cert in store.Certificates)
{
string format = cert.GetFormat();
switch (format)
{
case "X509":
format = "x509_asn";
break;
default:
format = "unknown";
break;
}
var set = new SetCollection();
bool found = false;
foreach (var ext in cert.Extensions)
{
var keyUsage = ext as X509EnhancedKeyUsageExtension;
if (keyUsage != null)
{
foreach (var oid in keyUsage.EnhancedKeyUsages)
{
set.add(oid.Value);
}
found = true;
break;
}
}
result.Add(PythonTuple.MakeTuple(new Bytes(cert.RawData.ToList()), format, found ? set : ScriptingRuntimeHelpers.True));
}
return(result);
} catch {
} finally {
store?.Close();
}
return(new List());
}
private static X509Certificate2Collection GetCertificatesFromStoreInternal(StoreName storeName = StoreName.My, StoreLocation storeLocation = StoreLocation.CurrentUser)
{
X509Store store = null;
try
{
store = new X509Store(storeName, storeLocation);
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
return(store.Certificates);
}
finally
{
store?.Close();
}
}
private static void AddToStore(X509Certificate2 certificate)
{
X509Store certStore = null;
try
{
certStore = new X509Store(StoreLocation.LocalMachine);
certStore.Open(OpenFlags.ReadWrite);
certStore.Add(certificate);
}
finally
{
certStore?.Close();
}
}
/// <summary>
/// Uninstalls the certificates of all specified servers
/// </summary>
/// <param name="servers">The servers which certificates will be uninstalled</param>
public static void UninstallAllCertificates(List <Server> servers)
{
// Uninstall the certificates of all specified servers that has a certificate
X509Store x509Store = new X509Store(StoreName.Root, StoreLocation.LocalMachine);
x509Store.Open(OpenFlags.ReadWrite);
foreach (Server server in servers.Where(x => x.HasCertificate))
{
foreach (X509Certificate2 certificate in x509Store.Certificates.Find(X509FindType.FindByThumbprint, server.CertificateThumbprint, true))
{
x509Store.Remove(certificate);
}
}
x509Store?.Close();
}
/// <summary>
/// Look up the given certificate subject name in the Windows certificate store and return the actual certificate.
/// </summary>
public static X509Certificate2 TryGetBuildUserCertificate(string certSubjectName)
{
if (string.IsNullOrWhiteSpace(certSubjectName))
{
return(null);
}
X509Store store = null;
try
{
store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
store.Open(OpenFlags.OpenExistingOnly);
X509Certificate2Collection certificates =
store.Certificates.Find(X509FindType.FindBySubjectDistinguishedName, certSubjectName, false);
if (certificates.Count < 1)
{
return(null);
}
DateTime now = DateTime.Now;
foreach (X509Certificate2 certificate in certificates)
{
// NotBefore and NotAfter are in local time!
if (now < certificate.NotBefore)
{
continue;
}
if (now > certificate.NotAfter)
{
continue;
}
return(certificate);
}
}
finally
{
store?.Close();
}
return(null);
}
void RemoveAll(StoreName storeName)
{
X509Store store = null;
try
{
store = new X509Store(storeName, MachineContext ? StoreLocation.LocalMachine : StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadWrite);
var crtToDelete = store.Certificates.OfType <X509Certificate2>().Where(crt => thumbprints.Contains(crt.Thumbprint)).ToArray();
store.RemoveRange(new X509Certificate2Collection(crtToDelete));
RemovedCertificates += crtToDelete.Length;
store.Close();
}
finally
{
store?.Close();
}
}
static X509Certificate GetCertificate()
{
X509Store certificateStore = null;
try
{
certificateStore = new X509Store(StoreName.My, StoreLocation.LocalMachine, OpenFlags.OpenExistingOnly | OpenFlags.ReadOnly);
var certificates = certificateStore.Certificates.Find(X509FindType.FindBySerialNumber, "3a6cc87f931ceda2422abc0d6e8edba0", true);
var certificate = certificates.Count == 0 ? null : certificates[0];
return(certificate);
}
finally
{
certificateStore?.Close();
}
}
private static void DeleteConDepCertificates()
{
X509Store certStore = null;
try
{
certStore = new X509Store(StoreLocation.LocalMachine);
certStore.Open(OpenFlags.ReadWrite);
var certificates = certStore.Certificates.Find(X509FindType.FindBySubjectName, "node.condep.io", false);
foreach (var cert in certificates)
{
certStore.Remove(cert);
}
}
finally
{
certStore?.Close();
}
}
public static List enum_crls(string store_name)
{
X509Store store = null;
try {
store = new X509Store(store_name, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly);
var result = new List();
foreach (var cert in store.Certificates)
{
string format = cert.GetFormat();
}
} catch {
} finally {
store?.Close();
}
return(new List());
}
/// <summary>
/// Retrieves an X509 Certificate from the specified store and location
/// </summary>
/// <param name="thumbprint">The certificate thumbprint</param>
/// <param name="storeName">The name of the store to retrieve the information from</param>
/// <param name="storeLocation">The location within the store where the certificate is located</param>
/// <returns>An X509 certificate with the specified thumbprint if available or null if not</returns>
public static X509Certificate2 GetCertificate(string thumbprint, StoreName storeName, StoreLocation storeLocation)
{
X509Store store = null;
X509Certificate2 certificate;
try
{
store = new X509Store(storeName, storeLocation);
store.Open(OpenFlags.ReadOnly);
X509Certificate2Collection collection = store.Certificates.Find(X509FindType.FindByThumbprint, thumbprint, false);
certificate = collection.Count == 0 ? null : collection[0];
}
finally
{
store?.Close();
}
return(certificate);
}
void InstallCA(X509Certificate2 crt)
{
X509Store rootStore = null;
try
{
rootStore = new X509Store(StoreName.Root, StoreLocation.CurrentUser);
rootStore.Open(OpenFlags.ReadWrite);
if (rootStore.Certificates.Contains(crt))
{
MessageBox.Show($"'{crt.GetCertDisplayName()}' is already installed.", "Certificate", MessageBoxButton.OK, MessageBoxImage.Warning);
return;
}
else
{
var crtPub = new X509Certificate2(crt)
{
PrivateKey = null
};
rootStore.Add(crtPub);
crtPub.Reset();
}
MessageBox.Show($"'{crt.GetCertDisplayName()}' successfully installed.", "Certificate", MessageBoxButton.OK, MessageBoxImage.Information);
}
catch (Exception ex)
{
MessageBox.Show(ex.Message, "Error", MessageBoxButton.OK, MessageBoxImage.Error);
}
finally
{
rootStore?.Close();
}
// force reload cert list
Certificates.Clear();
AddCerts();
lvCertificates.ItemsSource = null;
lvCertificates.ItemsSource = Certificates;
}
// ----------------------------------------------------------------------------------------------
/// <summary>
/// FindCertificates helper
/// </summary>
// ----------------------------------------------------------------------------------------------
public static X509Certificate2 FindCertificate(X509FindType findType, string findValue, StoreLocation certLocation = StoreLocation.CurrentUser, StoreName certStore = StoreName.My)
{
if (String.IsNullOrWhiteSpace(findValue))
{
throw new ArgumentNullException("findValue");
}
X509Store store = null;
try
{
store = new X509Store(certStore, certLocation);
store.Open(OpenFlags.ReadOnly);
X509Certificate2Collection certs = store.Certificates.Find(findType, findValue, false);
return((certs == null || certs.Count < 1) ? null : certs[0]);
}
finally
{
store?.Close();
}
}
//Main method begins here.
static void Main(string[] args)
{
//Test for correct number of arguments.
if (args.Length < 1)
{
Console.WriteLine("Usage: CertInfo <filename>");
return;
}
try
{
X509Certificate2 x509 = new X509Certificate2();
//Create X509Certificate2 object from .cer file.
byte[] rawData = ReadFile(args[0]);
x509.Import(rawData);
//Print to console information contained in the certificate.
Console.WriteLine(x509.Thumbprint);
//Add the certificate to a X509Store.
X509Store store = new X509Store();
store.Open(OpenFlags.MaxAllowed);
store.Add(x509);
store.Close();
}
catch (DirectoryNotFoundException)
{
Console.WriteLine("Error: The directory specified could not be found.");
}
catch (IOException)
{
Console.WriteLine("Error: A file in the directory could not be accessed.");
}
catch (NullReferenceException)
{
Console.WriteLine("File must be a .cer file. Program does not have access to that type of file.");
}
}
/// <summary>
/// Locates a certificate by thumbprint.
/// </summary>
/// <param name="thumbprint">Thumbprint of the certificate to be located.</param>
/// <returns>An instance of <see cref="X509Certificate2"/> that represents the certificate.</returns>
private static X509Certificate2 FindCertificateByThumbprint(string thumbprint)
{
X509Store store = null;
X509Certificate2Collection col;
thumbprint.AssertNotNull(nameof(thumbprint));
try
{
store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly);
col = store.Certificates.Find(X509FindType.FindByThumbprint, thumbprint, false);
return(col.Count == 0 ? null : col[0]);
}
finally
{
col = null;
store?.Close();
store = null;
}
}
public static void UninstallAllCertificates(List <Server> servers)
{
X509Store x509Store = new X509Store(StoreName.Root, StoreLocation.LocalMachine);
x509Store.Open(OpenFlags.ReadWrite);
foreach (Server server in servers.Where(x => x.CertificateUrl != null))
{
foreach (X509Certificate2 certificate in x509Store.Certificates.Find(X509FindType.FindByThumbprint, server.CertificateThumbprint, true))
{
try
{
x509Store.Remove(certificate);
}
catch (Exception ex)
{
throw ex;
}
}
}
x509Store?.Close();
}
public static int Main(string[] args)
{
X509Certificate2 cert = null ;
X509Store store = null ;
ArrayList al = new ArrayList() ;
try
{
cert = TestCert ;
store = new X509Store( StoreName.My , StoreLocation.CurrentUser ) ;
store.Open( OpenFlags.ReadWrite ) ;
store.Add( cert ) ;
Test( X509IncludeOption.ExcludeRoot ) ;
Test( X509IncludeOption.WholeChain ) ;
Test( X509IncludeOption.EndCertOnly ) ;
Test( (X509IncludeOption) 0xFFFF ) ;
Test2() ;
Test3() ;
Test4() ;
Test5() ;
Test6() ;
Test7() ;
store.Remove( cert ) ;
}
catch( Exception e )
{
rv = false ;
Console.WriteLine( e.ToString() ) ;
}
finally
{
store.Close() ;
}
Console.WriteLine( rv ? "Test passed" : "Test failed" ) ;
return rv ? 100 : 101 ;
}
internal static async Task <X509Certificate2> FindCertificateAsync(string thumbprint, StoreLocation storeLocation)
{
X509Store store = null;
X509Certificate2 cert = null;
try
{
store = new X509Store(StoreName.My, storeLocation);
store.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadOnly);
var result = store.Certificates.Find(X509FindType.FindByThumbprint, thumbprint, false);
if (result.Count > 0)
{
cert = result[0];
}
}
finally
{
store?.Close();
}
return(await Task.FromResult(cert));
}
/// <summary>
/// Locates a certificate by thumbprint.
/// </summary>
/// <param name="thumbprint">Thumbprint of the certificate to be located.</param>
/// <param name="storeLocation">The location of the X.509 certifcate store.</param>
/// <returns><c>true</c> if the certificate was found; otherwise <c>false</c>.</returns>
private bool FindCertificateByThumbprint(string thumbprint, StoreLocation storeLocation, out X509Certificate2 certificate)
{
X509Store store = null;
X509Certificate2Collection col;
thumbprint.AssertNotNull(nameof(thumbprint));
try
{
store = new X509Store(StoreName.My, storeLocation);
store.Open(OpenFlags.ReadOnly);
col = store.Certificates.Find(X509FindType.FindByThumbprint, thumbprint, false);
certificate = col.Count == 0 ? null : col[0];
return(col.Count > 0);
}
finally
{
store?.Close();
}
}
public IEnumerable <X509Certificate2> GetAllSenseClientCertificates()
{
X509Store store = null;
try
{
store = new X509Store(CLIENT_STORE_NAME, CLIENT_STORE_LOCATION);
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
return(store.Certificates
.Find(X509FindType.FindByExtension, QV_CERT_EXTENSION_OID, true)
.OfType <X509Certificate2>()
.Where(cert => cert.Subject == CLIENT_SUBJECT)
.ToArray());
}
catch (Exception)
{
return(new X509Certificate2[0]);
}
finally
{
store?.Close();
}
}
public static X509Certificate2Collection GetCertificates(StoreName name, StoreLocation location)
{
X509Store store = null;
try
{
store = new X509Store(name, location);
X509Certificate2Collection certificates = null;
store.Open(OpenFlags.ReadOnly);
// Every time we call store.Certificates property, a new collection will be returned.
return store.Certificates;
}
finally
{
if (store != null)
{
store.Close();
}
}
return null;
}
public static X509Certificate2 GetCertificate( StoreName name, StoreLocation location, string certLookupValue )
{
var store = new X509Store( name, location );
X509Certificate2Collection certificates = null;
store.Open( OpenFlags.ReadOnly );
try
{
X509Certificate2 result = null;
//
// Every time we call store.Certificates property, a new collection will be returned.
//
certificates = store.Certificates;
//Try to match based on thumbprint first.
foreach (X509Certificate2 cert in certificates)
{
if (cert.Thumbprint != null && cert.Thumbprint.ToLower() == certLookupValue.ToLower())
{
if (result != null)
{
throw new InvalidOperationException(string.Format("There are multiple certificates for subject Name {0}", certLookupValue));
}
result = new X509Certificate2(cert);
}
}
//If nothing was matched...try matching on the subjectname.
if (result == null)
{
foreach (X509Certificate2 cert in certificates)
{
if (cert.SubjectName.Name != null && cert.SubjectName.Name.ToLower() == certLookupValue.ToLower())
{
if (result != null)
{
throw new InvalidOperationException(
string.Format("There are multiple certificates for subject Name {0}", certLookupValue));
}
result = new X509Certificate2(cert);
}
}
}
//If we still didn't find anything...
if ( result == null )
{
throw new InvalidOperationException(string.Format("No certificate was found for subject Name {0}", certLookupValue));
}
return result;
}
finally
{
if ( certificates != null )
{
foreach (X509Certificate2 cert in certificates)
{
cert.Reset();
}
}
store.Close();
}
}
public static Test.ServerFactoryPrx allTests(Ice.Communicator communicator, string testDir)
{
string factoryRef = "factory:tcp -p 12010";
Ice.ObjectPrx b = communicator.stringToProxy(factoryRef);
test(b != null);
Test.ServerFactoryPrx factory = Test.ServerFactoryPrxHelper.checkedCast(b);
string defaultHost = communicator.getProperties().getProperty("Ice.Default.Host");
string defaultDir = testDir + "/../certs";
Ice.Properties defaultProperties = communicator.getProperties();
//
// Load the CA certificates. We could use the IceSSL.ImportCert property, but
// it would be nice to remove the CA certificates when the test finishes, so
// this test manually installs the certificates in the LocalMachine:AuthRoot
// store.
//
// Note that the client and server are assumed to run on the same machine,
// so the certificates installed by the client are also available to the
// server.
//
string caCert1File = defaultDir + "/cacert1.pem";
string caCert2File = defaultDir + "/cacert2.pem";
X509Certificate2 caCert1 = new X509Certificate2(caCert1File);
X509Certificate2 caCert2 = new X509Certificate2(caCert2File);
X509Store store = new X509Store(StoreName.AuthRoot, StoreLocation.LocalMachine);
try
{
store.Open(OpenFlags.ReadWrite);
}
catch(CryptographicException)
{
Console.Out.WriteLine("This test requires administrator privileges.");
return factory;
}
try
{
string[] args = new string[0];
Console.Out.Write("testing manual initialization... ");
Console.Out.Flush();
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("Ice.InitPlugins", "0");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.ObjectPrx p = comm.stringToProxy("dummy:ssl -p 9999");
try
{
p.ice_ping();
test(false);
}
catch(Ice.PluginInitializationException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("Ice.InitPlugins", "0");
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.PluginManager pm = comm.getPluginManager();
pm.initializePlugins();
Ice.ObjectPrx obj = comm.stringToProxy(factoryRef);
test(obj != null);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(obj);
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertAuthFile"] = caCert1File;
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
//
// Supply our own certificate.
//
X509Certificate2 cert = new X509Certificate2(defaultDir + "/c_rsa_nopass_ca1.pfx", "password");
X509Certificate2Collection coll = new X509Certificate2Collection();
coll.Add(cert);
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("Ice.InitPlugins", "0");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.PluginManager pm = comm.getPluginManager();
IceSSL.Plugin plugin = (IceSSL.Plugin)pm.getPlugin("IceSSL");
test(plugin != null);
plugin.setCertificates(coll);
pm.initializePlugins();
Ice.ObjectPrx obj = comm.stringToProxy(factoryRef);
test(obj != null);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(obj);
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.CertAuthFile"] = caCert1File;
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
//
// Supply our own CA certificate.
//
X509Certificate2 cert = new X509Certificate2(defaultDir + "/cacert1.pem");
X509Certificate2Collection coll = new X509Certificate2Collection();
coll.Add(cert);
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("Ice.InitPlugins", "0");
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.PluginManager pm = comm.getPluginManager();
IceSSL.Plugin plugin = (IceSSL.Plugin)pm.getPlugin("IceSSL");
test(plugin != null);
plugin.setCACertificates(coll);
pm.initializePlugins();
Ice.ObjectPrx obj = comm.stringToProxy(factoryRef);
test(obj != null);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(obj);
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.CertAuthFile"] = defaultDir + "/cacert1.pem";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing certificate verification... ");
Console.Out.Flush();
{
//
// Test IceSSL.VerifyPeer=1. Client does not have a certificate.
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "1";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.noCert();
}
catch(Ice.LocalException ex)
{ Console.WriteLine(ex.ToString());
test(false);
}
//
// Validate that we can get the connection info.
//
try
{
IceSSL.NativeConnectionInfo info =
(IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo();
test(info.certs != null);
}
catch(Ice.LocalException ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
//
// Test IceSSL.VerifyPeer=2. This should fail because the client
// does not supply a certificate.
//
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
d["IceSSL.CertAuthFile"] = caCert1File;
server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.ConnectionLostException)
{
// Expected.
}
catch(Ice.LocalException ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// Test IceSSL.VerifyPeer=1. Client has a certificate.
//
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "1";
d["IceSSL.CertAuthFile"] = caCert1File;
server = fact.createServer(d);
try
{
X509Certificate2 clientCert =
new X509Certificate2(defaultDir + "/c_rsa_nopass_ca1.pfx", "password");
server.checkCert(clientCert.Subject, clientCert.Issuer);
X509Certificate2 serverCert =
new X509Certificate2(defaultDir + "/s_rsa_nopass_ca1.pfx", "password");
X509Certificate2 caCert = new X509Certificate2(defaultDir + "/cacert1.pem");
IceSSL.NativeConnectionInfo info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo();
test(caCert.Equals(info.nativeCerts[1]));
test(serverCert.Equals(info.nativeCerts[0]));
}
catch(Exception ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
//
// Test IceSSL.VerifyPeer=2. Client has a certificate.
//
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
d["IceSSL.CertAuthFile"] = caCert1File;
server = fact.createServer(d);
try
{
X509Certificate2 clientCert =
new X509Certificate2(defaultDir + "/c_rsa_nopass_ca1.pfx", "password");
server.checkCert(clientCert.Subject, clientCert.Issuer);
}
catch(Exception ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// Test IceSSL.VerifyPeer=1. This should fail because the
// client doesn't trust the server's CA.
//
initData = createClientProps(defaultProperties, testDir, defaultHost);
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "1";
// Don't add the CA certificate.
server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.SecurityException)
{
// Expected.
}
catch(Ice.LocalException ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// This should succeed because the self signed certificate used by the server is
// trusted.
//
initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertAuthFile", caCert2File);
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/cacert2.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "0";
server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// This should fail because the self signed certificate used by the server is not
// trusted.
//
initData = createClientProps(defaultProperties, testDir, defaultHost);
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/cacert2.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "0";
server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.SecurityException)
{
// Expected.
}
catch(Ice.LocalException ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// Verify that IceSSL.CheckCertName has no effect in a server.
//
initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CheckCertName"] = "1";
d["IceSSL.CertAuthFile"] = caCert1File;
server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// NOTE: We can't test IceSSL.CheckCertName here because the common name (CN) field of
// the server's certificate has the value "Server" and we can't use "Server" as a host
// name in an endpoint (it almost certainly wouldn't resolve correctly).
//
//
// Test IceSSL.CheckCertName. The test certificates for the server contain "127.0.0.1"
// as the common name or as a subject alternative name, so we only perform this test when
// the default host is "127.0.0.1".
//
if(defaultHost.Equals("127.0.0.1"))
{
//
// Test subject alternative name.
//
{
initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CheckCertName", "1");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CheckCertName"] = "1";
d["IceSSL.CertAuthFile"] = caCert1File;
server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
//
// Test common name.
//
{
initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CheckCertName", "1");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1_cn1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CheckCertName"] = "1";
d["IceSSL.CertAuthFile"] = caCert1File;
store.Add(caCert1);
server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
//
// Test common name again. The certificate used in this test has "127.0.0.11" as its
// common name, therefore the address "127.0.0.1" must NOT match.
//
{
initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CheckCertName", "1");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1_cn2.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CheckCertName"] = "1";
d["IceSSL.CertAuthFile"] = caCert1File;
server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
// Expected.
}
fact.destroyServer(server);
comm.destroy();
}
}
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing custom certificate verifier... ");
Console.Out.Flush();
{
//
// Verify that a server certificate is present.
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
IceSSL.Plugin plugin = (IceSSL.Plugin)comm.getPluginManager().getPlugin("IceSSL");
test(plugin != null);
CertificateVerifierI verifier = new CertificateVerifierI();
plugin.setCertificateVerifier(verifier);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
IceSSL.NativeConnectionInfo info =
(IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo();
server.checkCipher(info.cipher);
}
catch(Ice.LocalException)
{
test(false);
}
test(verifier.invoked());
test(verifier.hadCert());
//
// Have the verifier return false. Close the connection explicitly
// to force a new connection to be established.
//
verifier.reset();
verifier.returnValue(false);
server.ice_getConnection().close(false);
try
{
server.ice_ping();
test(false);
}
catch(Ice.SecurityException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
test(verifier.invoked());
test(verifier.hadCert());
fact.destroyServer(server);
comm.destroy();
}
{
//
// Verify that verifier is installed via property.
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertVerifier", "CertificateVerifierI");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
IceSSL.Plugin plugin = (IceSSL.Plugin)comm.getPluginManager().getPlugin("IceSSL");
test(plugin != null);
test(plugin.getCertificateVerifier() != null);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing protocols... ");
Console.Out.Flush();
{
//
// This should fail because the client and server have no protocol
// in common.
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.Protocols", "ssl3");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
d["IceSSL.Protocols"] = "tls1";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.ConnectionLostException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// This should succeed.
//
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
d["IceSSL.Protocols"] = "tls1, ssl3";
d["IceSSL.CertAuthFile"] = caCert1File;
server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// This should succeed with .NET 4.5 or greater and fails otherwise
//
bool is45OrGreater = false;
try
{
Enum.Parse(typeof(System.Security.Authentication.SslProtocols), "Tls12");
is45OrGreater = true;
}
catch(Exception)
{
}
try
{
initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.Protocols", "tls1_2");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
d["IceSSL.Protocols"] = "tls1_2";
d["IceSSL.CertAuthFile"] = caCert1File;
server = fact.createServer(d);
server.ice_ping();
fact.destroyServer(server);
comm.destroy();
}
catch(Ice.PluginInitializationException)
{
// Expected with .NET < 4.5
test(!is45OrGreater);
}
catch(Ice.LocalException)
{
test(false);
}
}
{
//
// This should fail because the client ony enables SSLv3 and the server
// uses the default protocol set that disables SSLv3
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.Protocols", "ssl3");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.ConnectionLostException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// This should success because the client and the server enables SSLv3
//
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
d["IceSSL.Protocols"] = "ssl3, tls1_0, tls1_1, tls1_2";
d["IceSSL.CertAuthFile"] = caCert1File;
server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing expired certificates... ");
Console.Out.Flush();
{
//
// This should fail because the server's certificate is expired.
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1_exp.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.SecurityException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// This should fail because the client's certificate is expired.
//
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1_exp.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
d["IceSSL.CertAuthFile"] = caCert1File;
server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.ConnectionLostException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing multiple CA certificates... ");
Console.Out.Flush();
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca2.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
store.Add(caCert1);
store.Add(caCert2);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
store.Remove(caCert2);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing passwords... ");
Console.Out.Flush();
{
//
// Test password failure.
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
// Don't specify the password.
//props.setProperty("IceSSL.Password", "password");
try
{
Ice.Util.initialize(ref args, initData);
test(false);
}
catch(Ice.PluginInitializationException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
}
{
//
// Test password failure with callback.
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("Ice.InitPlugins", "0");
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.PluginManager pm = comm.getPluginManager();
IceSSL.Plugin plugin = (IceSSL.Plugin)pm.getPlugin("IceSSL");
test(plugin != null);
PasswordCallbackI cb = new PasswordCallbackI("bogus");
plugin.setPasswordCallback(cb);
try
{
pm.initializePlugins();
test(false);
}
catch(Ice.PluginInitializationException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
comm.destroy();
}
{
//
// Test installation of password callback.
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("Ice.InitPlugins", "0");
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.PluginManager pm = comm.getPluginManager();
IceSSL.Plugin plugin = (IceSSL.Plugin)pm.getPlugin("IceSSL");
test(plugin != null);
PasswordCallbackI cb = new PasswordCallbackI();
plugin.setPasswordCallback(cb);
test(plugin.getPasswordCallback() == cb);
try
{
pm.initializePlugins();
}
catch(Ice.LocalException)
{
test(false);
}
comm.destroy();
}
{
//
// Test password callback property.
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.PasswordCallback", "PasswordCallbackI");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.PluginManager pm = comm.getPluginManager();
IceSSL.Plugin plugin = (IceSSL.Plugin)pm.getPlugin("IceSSL");
test(plugin != null);
test(plugin.getPasswordCallback() != null);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing IceSSL.TrustOnly... ");
Console.Out.Flush();
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly",
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Server");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly",
"!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Server");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly",
"C=US, ST=Florida, O=\"ZeroC, Inc.\",OU=Ice, [email protected], CN=Server");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly"] =
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly"] =
"!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly", "CN=Server");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly", "!CN=Server");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly"] = "CN=Client";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly"] = "!CN=Client";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly", "CN=Client");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly"] = "CN=Server";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly", "C=Canada,CN=Server");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly", "!C=Canada,CN=Server");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly", "C=Canada;CN=Server");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly", "!C=Canada;!CN=Server");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly", "!CN=Server1"); // Should not match "Server"
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly"] = "!CN=Client1"; // Should not match "Client"
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
//
// Rejection takes precedence (client).
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly", "ST=Florida;!CN=Server;C=US");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
//
// Rejection takes precedence (server).
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly"] = "C=US;!CN=Client;ST=Florida";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing IceSSL.TrustOnly.Client... ");
Console.Out.Flush();
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly.Client",
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Server");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
// Should have no effect.
d["IceSSL.TrustOnly.Client"] =
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Server";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly.Client",
"!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Server");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
// Should have no effect.
d["IceSSL.TrustOnly.Client"] = "!CN=Client";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly.Client", "CN=Client");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly.Client", "!CN=Client");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing IceSSL.TrustOnly.Server... ");
Console.Out.Flush();
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
// Should have no effect.
initData.properties.setProperty("IceSSL.TrustOnly.Server",
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly.Server"] =
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly.Server"] =
"!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
// Should have no effect.
initData.properties.setProperty("IceSSL.TrustOnly.Server", "!CN=Server");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly.Server"] = "CN=Server";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly.Server"] = "!CN=Client";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing IceSSL.TrustOnly.Server.<AdapterName>... ");
Console.Out.Flush();
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly.Server"] = "CN=bogus";
d["IceSSL.TrustOnly.Server.ServerAdapter"] =
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly.Server.ServerAdapter"] =
"!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly.Server.ServerAdapter"] = "CN=bogus";
d["IceSSL.CertAuthFile"] = caCert1File;
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly.Server.ServerAdapter"] = "!CN=bogus";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing IceSSL.KeySet... ");
Console.Out.Flush();
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.DefaultDir", defaultDir);
initData.properties.setProperty("IceSSL.ImportCert.LocalMachine.Root", "cacert1.pem");
initData.properties.setProperty("IceSSL.CertFile", "c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.KeySet", "MachineKeySet");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.DefaultDir"] = defaultDir;
d["IceSSL.ImportCert.LocalMachine.Root"] = "cacert1.pem";
d["IceSSL.KeySet"] = "MachineKeySet";
d["IceSSL.CertFile"] = "s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
X509Store certStore = new X509Store("Root", StoreLocation.LocalMachine);
certStore.Open(OpenFlags.ReadWrite);
certStore.Remove(new X509Certificate2(defaultDir + "/cacert1.pem"));
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.DefaultDir", defaultDir);
initData.properties.setProperty("IceSSL.ImportCert.CurrentUser.Root", "cacert1.pem");
initData.properties.setProperty("IceSSL.CertFile", "c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.KeySet", "UserKeySet");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.DefaultDir"] = defaultDir;
d["IceSSL.ImportCert.CurrentUser.Root"] = "cacert1.pem";
d["IceSSL.KeySet"] = "UserKeySet";
d["IceSSL.CertFile"] = "s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
X509Store certStore = new X509Store("Root", StoreLocation.CurrentUser);
certStore.Open(OpenFlags.ReadWrite);
certStore.Remove(new X509Certificate2(defaultDir + "/cacert1.pem"));
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing IceSSL.FindCerts properties... ");
Console.Out.Flush();
{
string[] clientFindCertProperties = new string[]
{
"SUBJECTDN:'CN=Client, [email protected], OU=Ice, O=\"ZeroC, Inc.\", S=Florida, C=US'",
"ISSUER:'ZeroC, Inc.' SUBJECT:Client SERIAL:02",
"ISSUERDN:'[email protected], CN=ZeroC Test CA 1, OU=Ice, O=\"ZeroC, Inc.\"," +
" L=Palm Beach Gardens, S=Florida, C=US' SUBJECT:Client",
"THUMBPRINT:'54 26 20 f0 93 a9 b6 bc 2a 8c 83 ef 14 d4 49 18 a3 18 67 46'",
"SUBJECTKEYID:'58 77 81 07 55 2a 0c 10 19 88 13 47 6f 27 6e 21 75 5f 85 ca'"
};
string[] serverFindCertProperties = new string[]
{
"SUBJECTDN:'CN=Server, [email protected], OU=Ice, O=\"ZeroC, Inc.\", S=Florida, C=US'",
"ISSUER:'ZeroC, Inc.' SUBJECT:Server SERIAL:01",
"ISSUERDN:'[email protected], CN=ZeroC Test CA 1, OU=Ice, O=\"ZeroC, Inc.\"," +
" L=Palm Beach Gardens, S=Florida, C=US' SUBJECT:Server",
"THUMBPRINT:'27 e0 18 c9 23 12 6c f0 5c da fa 36 5a 4c 63 5a e2 53 07 1a'",
"SUBJECTKEYID:'a6 42 aa 17 04 41 86 56 67 e4 04 64 59 34 30 c7 4c 6b ef a4'"
};
string[] failFindCertProperties = new string[]
{
"SUBJECTDN:'CN = Client, E = [email protected], OU = Ice, O = \"ZeroC, Inc.\", S = Florida, C = US'",
"ISSUER:'ZeroC, Inc.' SUBJECT:Client SERIAL:'02 02'",
"ISSUERDN:'[email protected], CN=ZeroC Test CA 1, OU=Ice, O=\"ZeroC, Inc.\"," +
" L=Palm Beach Gardens, S=Florida, C=ES' SUBJECT:Client",
"THUMBPRINT:'27 e0 18 c9 23 12 6c f0 5c da fa 36 5a 4c 63 5a e2 53 07 ff'",
"SUBJECTKEYID:'a6 42 aa 17 04 41 86 56 67 e4 04 64 59 34 30 c7 4c 6b ef ff'"
};
string[] certificates = new string[] {"/s_rsa_nopass_ca1.pfx", "/c_rsa_nopass_ca1.pfx"};
X509Store certStore = new X509Store("My", StoreLocation.CurrentUser);
certStore.Open(OpenFlags.ReadWrite);
try
{
foreach(string cert in certificates)
{
certStore.Add(new X509Certificate2(defaultDir + cert, "password"));
}
for(int i = 0; i < clientFindCertProperties.Length; ++i)
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.DefaultDir", defaultDir);
initData.properties.setProperty("IceSSL.CertAuthFile", "cacert1.pem");
initData.properties.setProperty("IceSSL.FindCert.CurrentUser.My", clientFindCertProperties[i]);
//
// Use TrustOnly to ensure the peer has pick the expected certificate.
//
initData.properties.setProperty("IceSSL.TrustOnly", "CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.DefaultDir"] = defaultDir;
d["IceSSL.CertAuthFile"] = "cacert1.pem";
d["IceSSL.FindCert.CurrentUser.My"] = serverFindCertProperties[i];
//
// Use TrustOnly to ensure the peer has pick the expected certificate.
//
d["IceSSL.TrustOnly"] = "CN=Client";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
//
// These must fail because the search criteria does not match any certificates.
//
foreach(string s in failFindCertProperties)
{
try
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.FindCert.CurrentUser.My", s);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
test(false);
}
catch(Ice.PluginInitializationException)
{
// Expected
}
catch(Ice.LocalException)
{
test(false);
}
}
}
finally
{
foreach(string cert in certificates)
{
certStore.Remove(new X509Certificate2(defaultDir + cert, "password"));
}
certStore.Close();
}
//
// These must fail because we have already remove the certificates.
//
foreach(string s in clientFindCertProperties)
{
try
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.FindCert.CurrentUser.My", s);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
test(false);
}
catch(Ice.PluginInitializationException)
{
// Expected
}
catch(Ice.LocalException)
{
test(false);
}
}
}
Console.Out.WriteLine("ok");
}
finally
{
store.Remove(caCert1);
store.Remove(caCert2);
store.Close();
}
return factory;
}
//BUSCA CERTIFICADOS INSTALADOS SE INFORMADO UMA SERIE BUSCA A MESMA
//SE NÃO ABRE CAIXA DE DIALOGOS DE CERTIFICADO
public static X509Certificate2 SelecionarCertificado(string CerSerie)
{
X509Certificate2 certificate = new X509Certificate2();
try {
X509Certificate2Collection certificatesSel = null;
X509Store store = new X509Store("MY", StoreLocation.CurrentUser);
store.Open(OpenFlags.OpenExistingOnly);
X509Certificate2Collection certificates = store.Certificates.Find(X509FindType.FindByTimeValid, DateTime.Now, true).Find(X509FindType.FindByKeyUsage, X509KeyUsageFlags.DigitalSignature, true);
if ((string.IsNullOrEmpty(CerSerie))) {
certificatesSel = X509Certificate2UI.SelectFromCollection(certificates, "Certificados Digitais", "Selecione o Certificado Digital para uso no aplicativo", X509SelectionFlag.SingleSelection);
if ((certificatesSel.Count == 0)) {
certificate.Reset();
throw new Exception("Nenhum certificado digital foi selecionado ou o certificado selecionado está com problemas.");
} else {
certificate = certificatesSel[0];
}
} else {
certificatesSel = certificates.Find(X509FindType.FindBySerialNumber, CerSerie, true);
if ((certificatesSel.Count == 0)) {
certificate.Reset();
throw new Exception("Certificado digital não encontrado");
} else {
certificate = certificatesSel[0];
}
}
store.Close();
return certificate;
} catch (Exception exception) {
throw new Exception(exception.Message);
}
}
static X509Certificate2Collection Print(StoreLocation loc)
{
Console.WriteLine( String.Empty ) ;
Console.WriteLine( "Certificates returned from: " + loc.ToString() + "\\" + storeName ) ;
X509Store store = new X509Store( storeName , loc) ;
store.Open( OpenFlags.ReadOnly ) ;
X509Certificate2Collection certs = store.Certificates ;
foreach( X509Certificate2 cert in certs )
{
Console.WriteLine( cert.Thumbprint ) ;
}
store.Close() ;
return certs ;
}
public static Test.ServerFactoryPrx allTests(Ice.Communicator communicator, string testDir)
{
string factoryRef = "factory:tcp -p 12010";
Ice.ObjectPrx b = communicator.stringToProxy(factoryRef);
test(b != null);
Test.ServerFactoryPrx factory = Test.ServerFactoryPrxHelper.checkedCast(b);
string defaultHost = communicator.getProperties().getProperty("Ice.Default.Host");
string defaultDir = testDir + "/../certs";
Ice.Properties defaultProperties = communicator.getProperties();
//
// Load the CA certificates. We could use the IceSSL.ImportCert property, but
// it would be nice to remove the CA certificates when the test finishes, so
// this test manually installs the certificates in the LocalMachine:AuthRoot
// store.
//
// Note that the client and server are assumed to run on the same machine,
// so the certificates installed by the client are also available to the
// server.
//
string caCert1File = defaultDir + "/cacert1.pem";
string caCert2File = defaultDir + "/cacert2.pem";
X509Certificate2 caCert1 = new X509Certificate2(caCert1File);
X509Certificate2 caCert2 = new X509Certificate2(caCert2File);
X509Store store = new X509Store(StoreName.AuthRoot, StoreLocation.LocalMachine);
try
{
store.Open(OpenFlags.ReadWrite);
}
catch(CryptographicException)
{
Console.Out.WriteLine("This test requires administrator privileges.");
return factory;
}
try
{
string[] args = new string[0];
Console.Out.Write("testing manual initialization... ");
Console.Out.Flush();
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("Ice.InitPlugins", "0");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.ObjectPrx p = comm.stringToProxy("dummy:ssl -p 9999");
try
{
p.ice_ping();
test(false);
}
catch(Ice.PluginInitializationException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("Ice.InitPlugins", "0");
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.PluginManager pm = comm.getPluginManager();
pm.initializePlugins();
Ice.ObjectPrx obj = comm.stringToProxy(factoryRef);
test(obj != null);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(obj);
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
//
// Supply our own certificate.
//
X509Certificate2 cert = new X509Certificate2(defaultDir + "/c_rsa_nopass_ca1.pfx", "password");
X509Certificate2Collection coll = new X509Certificate2Collection();
coll.Add(cert);
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("Ice.InitPlugins", "0");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.PluginManager pm = comm.getPluginManager();
IceSSL.Plugin plugin = (IceSSL.Plugin)pm.getPlugin("IceSSL");
test(plugin != null);
plugin.setCertificates(coll);
pm.initializePlugins();
Ice.ObjectPrx obj = comm.stringToProxy(factoryRef);
test(obj != null);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(obj);
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing certificate verification... ");
Console.Out.Flush();
{
//
// Test IceSSL.VerifyPeer=1. Client does not have a certificate.
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "1";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.noCert();
}
catch(Ice.LocalException)
{
test(false);
}
//
// Validate that we can get the connection info.
//
try
{
IceSSL.NativeConnectionInfo info =
(IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo();
test(info.certs != null);
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
//
// Test IceSSL.VerifyPeer=2. This should fail because the client
// does not supply a certificate.
//
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
store.Add(caCert1);
server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.ConnectionLostException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
//
// Test IceSSL.VerifyPeer=1. Client has a certificate.
//
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "1";
store.Add(caCert1);
server = fact.createServer(d);
try
{
X509Certificate2 clientCert =
new X509Certificate2(defaultDir + "/c_rsa_nopass_ca1.pfx", "password");
server.checkCert(clientCert.Subject, clientCert.Issuer);
X509Certificate2 serverCert =
new X509Certificate2(defaultDir + "/s_rsa_nopass_ca1.pfx", "password");
X509Certificate2 caCert = new X509Certificate2(defaultDir + "/cacert1.pem");
IceSSL.NativeConnectionInfo info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo();
test(caCert.Equals(info.nativeCerts[1]));
test(serverCert.Equals(info.nativeCerts[0]));
}
catch(Exception)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
//
// Test IceSSL.VerifyPeer=2. Client has a certificate.
//
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
store.Add(caCert1);
server = fact.createServer(d);
try
{
X509Certificate2 clientCert =
new X509Certificate2(defaultDir + "/c_rsa_nopass_ca1.pfx", "password");
server.checkCert(clientCert.Subject, clientCert.Issuer);
}
catch(Exception)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
//
// Test IceSSL.VerifyPeer=1. This should fail because the
// client doesn't trust the server's CA.
//
initData = createClientProps(defaultProperties, testDir, defaultHost);
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "1";
// Don't add the CA certificate.
//store.Add(caCert1);
server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.SecurityException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// Verify that IceSSL.CheckCertName has no effect in a server.
//
initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CheckCertName"] = "1";
store.Add(caCert1);
server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
//
// NOTE: We can't test IceSSL.CheckCertName here because the common name (CN) field of
// the server's certificate has the value "Server" and we can't use "Server" as a host
// name in an endpoint (it almost certainly wouldn't resolve correctly).
//
//
// Test IceSSL.CheckCertName. The test certificates for the server contain "127.0.0.1"
// as the common name or as a subject alternative name, so we only perform this test when
// the default host is "127.0.0.1".
//
if(defaultHost.Equals("127.0.0.1"))
{
//
// Test subject alternative name.
//
{
initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CheckCertName", "1");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CheckCertName"] = "1";
store.Add(caCert1);
server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
//
// Test common name.
//
{
initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CheckCertName", "1");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1_cn1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CheckCertName"] = "1";
store.Add(caCert1);
server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
//
// Test common name again. The certificate used in this test has "127.0.0.11" as its
// common name, therefore the address "127.0.0.1" must NOT match.
//
{
initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CheckCertName", "1");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1_cn2.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CheckCertName"] = "1";
store.Add(caCert1);
server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
// Expected.
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
}
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing custom certificate verifier... ");
Console.Out.Flush();
{
//
// Verify that a server certificate is present.
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
IceSSL.Plugin plugin = (IceSSL.Plugin)comm.getPluginManager().getPlugin("IceSSL");
test(plugin != null);
CertificateVerifierI verifier = new CertificateVerifierI();
plugin.setCertificateVerifier(verifier);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
IceSSL.NativeConnectionInfo info =
(IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo();
server.checkCipher(info.cipher);
}
catch(Ice.LocalException)
{
test(false);
}
test(verifier.invoked());
test(verifier.hadCert());
//
// Have the verifier return false. Close the connection explicitly
// to force a new connection to be established.
//
verifier.reset();
verifier.returnValue(false);
server.ice_getConnection().close(false);
try
{
server.ice_ping();
test(false);
}
catch(Ice.SecurityException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
test(verifier.invoked());
test(verifier.hadCert());
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
//
// Verify that verifier is installed via property.
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertVerifier", "CertificateVerifierI");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
IceSSL.Plugin plugin = (IceSSL.Plugin)comm.getPluginManager().getPlugin("IceSSL");
test(plugin != null);
test(plugin.getCertificateVerifier() != null);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing protocols... ");
Console.Out.Flush();
{
//
// This should fail because the client and server have no protocol
// in common.
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.Protocols", "ssl3");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
d["IceSSL.Protocols"] = "tls1";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.ConnectionLostException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
//
// This should succeed.
//
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
d["IceSSL.Protocols"] = "tls1, ssl3";
store.Add(caCert1);
server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing expired certificates... ");
Console.Out.Flush();
{
//
// This should fail because the server's certificate is expired.
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1_exp.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.SecurityException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
//
// This should fail because the client's certificate is expired.
//
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1_exp.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
store.Add(caCert1);
server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.ConnectionLostException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing multiple CA certificates... ");
Console.Out.Flush();
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca2.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
store.Add(caCert1);
store.Add(caCert2);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
store.Remove(caCert2);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing passwords... ");
Console.Out.Flush();
{
//
// Test password failure.
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
// Don't specify the password.
//props.setProperty("IceSSL.Password", "password");
try
{
Ice.Util.initialize(ref args, initData);
test(false);
}
catch(Ice.PluginInitializationException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
}
{
//
// Test password failure with callback.
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("Ice.InitPlugins", "0");
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.PluginManager pm = comm.getPluginManager();
IceSSL.Plugin plugin = (IceSSL.Plugin)pm.getPlugin("IceSSL");
test(plugin != null);
PasswordCallbackI cb = new PasswordCallbackI("bogus");
plugin.setPasswordCallback(cb);
try
{
pm.initializePlugins();
test(false);
}
catch(Ice.PluginInitializationException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
comm.destroy();
}
{
//
// Test installation of password callback.
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("Ice.InitPlugins", "0");
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.PluginManager pm = comm.getPluginManager();
IceSSL.Plugin plugin = (IceSSL.Plugin)pm.getPlugin("IceSSL");
test(plugin != null);
PasswordCallbackI cb = new PasswordCallbackI();
plugin.setPasswordCallback(cb);
test(plugin.getPasswordCallback() == cb);
try
{
pm.initializePlugins();
}
catch(Ice.LocalException)
{
test(false);
}
comm.destroy();
}
{
//
// Test password callback property.
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.PasswordCallback", "PasswordCallbackI");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.PluginManager pm = comm.getPluginManager();
IceSSL.Plugin plugin = (IceSSL.Plugin)pm.getPlugin("IceSSL");
test(plugin != null);
test(plugin.getPasswordCallback() != null);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing IceSSL.TrustOnly... ");
Console.Out.Flush();
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly",
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly",
"!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly",
"C=US, ST=Florida, O=\"ZeroC, Inc.\",OU=Ice, [email protected], CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly"] =
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly"] =
"!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly", "CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly", "!CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly"] = "CN=Client";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly"] = "!CN=Client";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly", "CN=Client");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly"] = "CN=Server";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly", "C=Canada,CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly", "!C=Canada,CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly", "C=Canada;CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly", "!C=Canada;!CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly", "!CN=Server1"); // Should not match "Server"
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly"] = "!CN=Client1"; // Should not match "Client"
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
//
// Rejection takes precedence (client).
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly", "ST=Florida;!CN=Server;C=US");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
//
// Rejection takes precedence (server).
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly"] = "C=US;!CN=Client;ST=Florida";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing IceSSL.TrustOnly.Client... ");
Console.Out.Flush();
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly.Client",
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
// Should have no effect.
d["IceSSL.TrustOnly.Client"] =
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Server";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly.Client",
"!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
// Should have no effect.
d["IceSSL.TrustOnly.Client"] = "!CN=Client";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly.Client", "CN=Client");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly.Client", "!CN=Client");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing IceSSL.TrustOnly.Server... ");
Console.Out.Flush();
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
// Should have no effect.
initData.properties.setProperty("IceSSL.TrustOnly.Server",
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly.Server"] =
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly.Server"] =
"!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
// Should have no effect.
initData.properties.setProperty("IceSSL.TrustOnly.Server", "!CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly.Server"] = "CN=Server";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly.Server"] = "!CN=Client";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing IceSSL.TrustOnly.Server.<AdapterName>... ");
Console.Out.Flush();
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly.Server"] = "CN=bogus";
d["IceSSL.TrustOnly.Server.ServerAdapter"] =
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly.Server.ServerAdapter"] =
"!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly.Server.ServerAdapter"] = "CN=bogus";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly.Server.ServerAdapter"] = "!CN=bogus";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing IceSSL.KeySet... ");
Console.Out.Flush();
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.DefaultDir", defaultDir);
initData.properties.setProperty("IceSSL.ImportCert.LocalMachine.Root", "cacert1.pem");
initData.properties.setProperty("IceSSL.CertFile", "c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.KeySet", "MachineKeySet");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.DefaultDir"] = defaultDir;
d["IceSSL.ImportCert.LocalMachine.Root"] = "cacert1.pem";
d["IceSSL.KeySet"] = "MachineKeySet";
d["IceSSL.CertFile"] = "s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
X509Store certStore = new X509Store("Root", StoreLocation.LocalMachine);
certStore.Open(OpenFlags.ReadWrite);
certStore.Remove(new X509Certificate2(defaultDir + "/cacert1.pem"));
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.DefaultDir", defaultDir);
initData.properties.setProperty("IceSSL.ImportCert.CurrentUser.Root", "cacert1.pem");
initData.properties.setProperty("IceSSL.CertFile", "c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.KeySet", "UserKeySet");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.DefaultDir"] = defaultDir;
d["IceSSL.ImportCert.CurrentUser.Root"] = "cacert1.pem";
d["IceSSL.KeySet"] = "UserKeySet";
d["IceSSL.CertFile"] = "s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
X509Store certStore = new X509Store("Root", StoreLocation.CurrentUser);
certStore.Open(OpenFlags.ReadWrite);
certStore.Remove(new X509Certificate2(defaultDir + "/cacert1.pem"));
}
Console.Out.WriteLine("ok");
}
finally
{
store.Remove(caCert1);
store.Remove(caCert2);
store.Close();
}
return factory;
}
//Step [2']
void SendRequestToTUNA(string str1)
{
HttpWebRequest tRequest = null;
HttpWebResponse rsp = null;
X509Certificate2 clientCertificate = null;
X509Store store = new X509Store("My", StoreLocation.LocalMachine);//localmachine currentuser
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
//var clientCertificate = new X509Certificate2();
if (m_FromLive == 0)//test
{
X509Certificate2Collection x509Certificate2Collection = store.Certificates.Find(X509FindType.FindBySubjectName, "TransUnion Net Access Client Testing", false);
clientCertificate = x509Certificate2Collection[0];
tRequest = (HttpWebRequest)WebRequest.Create("https://test.transunionnetaccess.com:3018");
}
else //prod
{
//X509Certificate2Collection x509Certificate2Collection = store.Certificates.Find(X509FindType.FindBySubjectName, "TransUnion Net Access Client Production", false);
//clientCertificate = x509Certificate2Collection[0];
//clientCertificate = new X509Certificate2(@"C:\tmp\TUNA Prod Client Cert.p12", "CARBONIFEROUS");
//tRequest = (HttpWebRequest)WebRequest.Create("https://www.transunionnetaccess.com:3019");
}
tRequest.ClientCertificates.Add(clientCertificate);
tRequest.PreAuthenticate = true;
tRequest.KeepAlive = true;
tRequest.Credentials = CredentialCache.DefaultCredentials;
tRequest.Method = "POST";
var encoder = new ASCIIEncoding();
var requestData = encoder.GetBytes(str1);
tRequest.GetRequestStream().Write(requestData, 0, requestData.Length);
tRequest.GetRequestStream().Close();
//ServicePointManager.ServerCertificateValidationCallback = new System.Net.Security.RemoteCertificateValidationCallback(CertPolicy.ValidateServerCertificate);
//Response.Write(tRequest.GetResponse());
rsp = (HttpWebResponse)tRequest.GetResponse();
//System.IO.StreamReader reader = new System.IO.StreamReader(tRequest.GetResponseStream());
//String retData = reader.ReadToEnd();
Stream receiveStream = rsp.GetResponseStream();
Encoding encode = System.Text.Encoding.GetEncoding("utf-8");
// Pipes the stream to a higher level stream reader with the required encoding format.
StreamReader readStream = new StreamReader(receiveStream, encode);
Char[] read = new Char[256];
// Reads 256 characters at a time.
int count = readStream.Read(read, 0, 256);
//Response.Write("HTML...\r\n");
string strOutside = "";
while (count > 0)
{
// Dumps the 256 characters on a string and displays the string to the console.
String str = new String(read, 0, count);
//Response.Write(str);
count = readStream.Read(read, 0, 256);
strOutside += str;
}
//Response.Write("_Out_"+strOutside);
// Releases the resources of the response.
rsp.Close();
// Releases the resources of the Stream.
readStream.Close();
store.Close();
ParseResponseBackHEADS(strOutside);
}
private static X509Certificate2 GetX509Certificate2(String strName)
{
X509Certificate2 clientCertificate = null;
//X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
X509Store store = new X509Store("My", StoreLocation.LocalMachine);//localmachine currentuser
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
//int numElements = store.Certificates.Count;
try
{
store.Open(OpenFlags.ReadOnly);
X509Certificate2Collection x509Certificate2Collection = store.Certificates.Find(X509FindType.FindByThumbprint, strName, false);
clientCertificate = x509Certificate2Collection[0];
}
catch
{
throw new Exception("No certificate was found!");
}
finally
{
store.Close();
}
return clientCertificate;
}
public static Test.ServerFactoryPrx allTests(Ice.Communicator communicator, string testDir)
{
string factoryRef = "factory:tcp -p 12010";
Ice.ObjectPrx b = communicator.stringToProxy(factoryRef);
test(b != null);
Test.ServerFactoryPrx factory = Test.ServerFactoryPrxHelper.checkedCast(b);
string defaultHost = communicator.getProperties().getProperty("Ice.Default.Host");
string defaultDir = testDir + "/../certs";
Ice.Properties defaultProperties = communicator.getProperties();
//
// Load the CA certificates. We could use the IceSSL.ImportCert property, but
// it would be nice to remove the CA certificates when the test finishes, so
// this test manually installs the certificates in the LocalMachine:AuthRoot
// store.
//
// Note that the client and server are assumed to run on the same machine,
// so the certificates installed by the client are also available to the
// server.
//
string caCert1File = defaultDir + "/cacert1.pem";
string caCert2File = defaultDir + "/cacert2.pem";
X509Certificate2 caCert1 = new X509Certificate2(caCert1File);
X509Certificate2 caCert2 = new X509Certificate2(caCert2File);
X509Store store = new X509Store(StoreName.AuthRoot, StoreLocation.LocalMachine);
bool isAdministrator = false;
try
{
store.Open(OpenFlags.ReadWrite);
isAdministrator = true;
}
catch(CryptographicException)
{
store.Open(OpenFlags.ReadOnly);
Console.Out.WriteLine("warning: some test requires administrator privileges, run as Administrator to run all the tests.");
}
Ice.InitializationData initData;
Dictionary<string, string> d;
try
{
string[] args = new string[0];
Console.Out.Write("testing manual initialization... ");
Console.Out.Flush();
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost);
initData.properties.setProperty("Ice.InitPlugins", "0");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.ObjectPrx p = comm.stringToProxy("dummy:ssl -p 9999");
try
{
p.ice_ping();
test(false);
}
catch(Ice.PluginInitializationException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("Ice.InitPlugins", "0");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.PluginManager pm = comm.getPluginManager();
pm.initializePlugins();
Ice.ObjectPrx obj = comm.stringToProxy(factoryRef);
test(obj != null);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(obj);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
//
// Supply our own certificate.
//
X509Certificate2 cert = new X509Certificate2(defaultDir + "/c_rsa_ca1.p12", "password");
X509Certificate2Collection coll = new X509Certificate2Collection();
coll.Add(cert);
initData = createClientProps(defaultProperties, defaultDir, defaultHost);
initData.properties.setProperty("Ice.InitPlugins", "0");
initData.properties.setProperty("IceSSL.CAs", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.PluginManager pm = comm.getPluginManager();
IceSSL.Plugin plugin = (IceSSL.Plugin)pm.getPlugin("IceSSL");
test(plugin != null);
plugin.setCertificates(coll);
pm.initializePlugins();
Ice.ObjectPrx obj = comm.stringToProxy(factoryRef);
test(obj != null);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(obj);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.VerifyPeer"] = "2";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
//
// Supply our own CA certificate.
//
X509Certificate2 cert = new X509Certificate2(defaultDir + "/cacert1.pem");
X509Certificate2Collection coll = new X509Certificate2Collection();
coll.Add(cert);
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "");
initData.properties.setProperty("Ice.InitPlugins", "0");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.PluginManager pm = comm.getPluginManager();
IceSSL.Plugin plugin = (IceSSL.Plugin)pm.getPlugin("IceSSL");
test(plugin != null);
plugin.setCACertificates(coll);
pm.initializePlugins();
Ice.ObjectPrx obj = comm.stringToProxy(factoryRef);
test(obj != null);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(obj);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.VerifyPeer"] = "2";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing certificate verification... ");
Console.Out.Flush();
{
//
// Test IceSSL.VerifyPeer=0. Client does not have a certificate,
// and it doesn't trust the server certificate.
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "", "");
initData.properties.setProperty("IceSSL.VerifyPeer", "0");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "");
d["IceSSL.VerifyPeer"] = "0";
Test.ServerPrx server = fact.createServer(d);
try
{
server.noCert();
test(!((IceSSL.ConnectionInfo)server.ice_getConnection().getInfo()).verified);
}
catch(Ice.LocalException ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// Test IceSSL.VerifyPeer=0. Client does not have a certificate,
// but it still verifies the server's.
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "", "cacert1");
initData.properties.setProperty("IceSSL.VerifyPeer", "0");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "");
d["IceSSL.VerifyPeer"] = "0";
server = fact.createServer(d);
try
{
server.noCert();
test(((IceSSL.ConnectionInfo)server.ice_getConnection().getInfo()).verified);
}
catch(Ice.LocalException ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// Test IceSSL.VerifyPeer=1. Client does not have a certificate.
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "", "cacert1");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "");
d["IceSSL.VerifyPeer"] = "1";
server = fact.createServer(d);
try
{
server.noCert();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
//
// Test IceSSL.VerifyPeer=2. This should fail because the client
// does not supply a certificate.
//
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "");
d["IceSSL.VerifyPeer"] = "2";
server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.ConnectionLostException)
{
// Expected.
}
catch(Ice.LocalException ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// Test IceSSL.VerifyPeer=1. Client has a certificate.
//
// Provide "cacert1" to the client to verify the server
// certificate (without this the client connection wouln't be
// able to provide the certificate chain).
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.VerifyPeer"] = "1";
server = fact.createServer(d);
try
{
X509Certificate2 clientCert =
new X509Certificate2(defaultDir + "/c_rsa_ca1.p12", "password");
server.checkCert(clientCert.Subject, clientCert.Issuer);
X509Certificate2 serverCert =
new X509Certificate2(defaultDir + "/s_rsa_ca1.p12", "password");
X509Certificate2 caCert = new X509Certificate2(defaultDir + "/cacert1.pem");
IceSSL.NativeConnectionInfo info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo();
test(info.nativeCerts.Length == 2);
test(info.verified);
test(caCert.Equals(info.nativeCerts[1]));
test(serverCert.Equals(info.nativeCerts[0]));
}
catch(Exception ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
//
// Test IceSSL.VerifyPeer=2. Client has a certificate.
//
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.VerifyPeer"] = "2";
server = fact.createServer(d);
try
{
X509Certificate2 clientCert = new X509Certificate2(defaultDir + "/c_rsa_ca1.p12", "password");
server.checkCert(clientCert.Subject, clientCert.Issuer);
}
catch(Exception ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// Test IceSSL.VerifyPeer=1. This should fail because the
// client doesn't trust the server's CA.
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "", "");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "");
d["IceSSL.VerifyPeer"] = "0";
server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.SecurityException)
{
// Expected.
}
catch(Ice.LocalException ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// Test IceSSL.VerifyPeer=1. This should fail because the
// server doesn't trust the client's CA.
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca2", "");
initData.properties.setProperty("IceSSL.VerifyPeer", "0");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "");
d["IceSSL.VerifyPeer"] = "1";
server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.SecurityException)
{
// Expected.
}
catch(Ice.ConnectionLostException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// This should succeed because the self signed certificate used by the server is
// trusted.
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "", "cacert2");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "cacert2", "");
d["IceSSL.VerifyPeer"] = "0";
server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// This should l because the self signed certificate used by the server is not
// trusted.
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost);
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "cacert2", "");
d["IceSSL.VerifyPeer"] = "0";
server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.SecurityException)
{
// Expected.
}
catch(Ice.LocalException ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// Verify that IceSSL.CheckCertName has no effect in a server.
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.CheckCertName"] = "1";
server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// NOTE: We can't test IceSSL.CheckCertName here because the common name (CN) field of
// the server's certificate has the value "Server" and we can't use "Server" as a host
// name in an endpoint (it almost certainly wouldn't resolve correctly).
//
//
// Test IceSSL.CheckCertName. The test certificates for the server contain "127.0.0.1"
// as the common name or as a subject alternative name, so we only perform this test when
// the default host is "127.0.0.1".
//
if(defaultHost.Equals("127.0.0.1"))
{
//
// Test subject alternative name.
//
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.CheckCertName", "1");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.CheckCertName"] = "1";
server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
//
// Test common name.
//
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.CheckCertName", "1");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1_cn1", "cacert1");
d["IceSSL.CheckCertName"] = "1";
server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
//
// Test common name again. The certificate used in this test has "127.0.0.11" as its
// common name, therefore the address "127.0.0.1" must NOT match.
//
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.CheckCertName", "1");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1_cn2", "cacert1");
d["IceSSL.CheckCertName"] = "1";
server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
// Expected.
}
fact.destroyServer(server);
comm.destroy();
}
}
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing certificate chains... ");
Console.Out.Flush();
{
X509Store certStore = new X509Store("My", StoreLocation.CurrentUser);
certStore.Open(OpenFlags.ReadWrite);
X509Certificate2Collection certs = new X509Certificate2Collection();
certs.Import(defaultDir + "/s_rsa_cai2.p12", "password", X509KeyStorageFlags.DefaultKeySet);
foreach(X509Certificate2 cert in certs)
{
certStore.Add(cert);
}
try
{
IceSSL.NativeConnectionInfo info;
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "", "");
initData.properties.setProperty("IceSSL.VerifyPeer", "0");
Ice.Communicator comm = Ice.Util.initialize(initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
//
// The client can't verify the server certificate but it should
// still provide it. "s_rsa_ca1" doesn't include the root so the
// cert size should be 1.
//
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "");
d["IceSSL.VerifyPeer"] = "0";
Test.ServerPrx server = fact.createServer(d);
try
{
info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo();
test(info.nativeCerts.Length == 1);
test(!info.verified);
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
//
// Setting the CA for the server shouldn't change anything, it
// shouldn't modify the cert chain sent to the client.
//
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.VerifyPeer"] = "0";
server = fact.createServer(d);
try
{
info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo();
test(info.nativeCerts.Length == 1);
test(!info.verified);
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
//
// The client can't verify the server certificate but should
// still provide it. "s_rsa_wroot_ca1" includes the root so
// the cert size should be 2.
//
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_wroot_ca1", "");
d["IceSSL.VerifyPeer"] = "0";;
server = fact.createServer(d);
try
{
info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo();
test(info.nativeCerts.Length == 1); // Like the SChannel transport, .NET never sends the root.
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// Now the client verifies the server certificate
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "", "cacert1");
initData.properties.setProperty("IceSSL.VerifyPeer", "1");
comm = Ice.Util.initialize(initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
{
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "");
d["IceSSL.VerifyPeer"] = "0";;
server = fact.createServer(d);
try
{
info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo();
test(info.nativeCerts.Length == 2);
test(info.verified);
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
}
//
// Try certificate with one intermediate and VerifyDepthMax=2
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "", "cacert1");
initData.properties.setProperty("IceSSL.VerifyPeer", "1");
initData.properties.setProperty("IceSSL.VerifyDepthMax", "2");
comm = Ice.Util.initialize(initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
{
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_cai1", "");
d["IceSSL.VerifyPeer"] = "0";;
server = fact.createServer(d);
try
{
server.ice_getConnection().getInfo();
test(false);
}
catch(Ice.SecurityException)
{
// Chain length too long
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
}
comm.destroy();
//
// Set VerifyDepthMax to 3 (the default)
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "", "cacert1");
initData.properties.setProperty("IceSSL.VerifyPeer", "1");
//initData.properties.setProperty("IceSSL.VerifyDepthMax", "3");
comm = Ice.Util.initialize(initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
{
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_cai1", "");
d["IceSSL.VerifyPeer"] = "0";;
server = fact.createServer(d);
try
{
info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo();
test(info.nativeCerts.Length == 3);
test(info.verified);
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
}
{
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_cai2", "");
d["IceSSL.VerifyPeer"] = "0";;
server = fact.createServer(d);
try
{
server.ice_getConnection().getInfo();
test(false);
}
catch(Ice.SecurityException)
{
// Chain length too long
}
fact.destroyServer(server);
}
comm.destroy();
//
// Increase VerifyDepthMax to 4
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "", "cacert1");
initData.properties.setProperty("IceSSL.VerifyPeer", "1");
initData.properties.setProperty("IceSSL.VerifyDepthMax", "4");
comm = Ice.Util.initialize(initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
{
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_cai2", "");
d["IceSSL.VerifyPeer"] = "0";;
server = fact.createServer(d);
try
{
info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo();
test(info.nativeCerts.Length == 4);
test(info.verified);
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
}
comm.destroy();
//
// Increase VerifyDepthMax to 4
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_cai2", "cacert1");
initData.properties.setProperty("IceSSL.VerifyPeer", "1");
initData.properties.setProperty("IceSSL.VerifyDepthMax", "4");
comm = Ice.Util.initialize(initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
{
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_cai2", "cacert1");
d["IceSSL.VerifyPeer"] = "2";
server = fact.createServer(d);
try
{
server.ice_getConnection();
test(false);
}
catch(Ice.ProtocolException)
{
// Expected
}
catch(Ice.ConnectionLostException)
{
// Expected
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
}
{
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_cai2", "cacert1");
d["IceSSL.VerifyPeer"] = "2";
d["IceSSL.VerifyDepthMax"] = "4";
server = fact.createServer(d);
try
{
server.ice_getConnection();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
}
comm.destroy();
}
finally
{
foreach(X509Certificate2 cert in certs)
{
certStore.Remove(cert);
}
}
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing custom certificate verifier... ");
Console.Out.Flush();
{
//
// Verify that a server certificate is present.
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
IceSSL.Plugin plugin = (IceSSL.Plugin)comm.getPluginManager().getPlugin("IceSSL");
test(plugin != null);
CertificateVerifierI verifier = new CertificateVerifierI();
plugin.setCertificateVerifier(verifier);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.VerifyPeer"] = "2";
Test.ServerPrx server = fact.createServer(d);
try
{
IceSSL.NativeConnectionInfo info =
(IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo();
server.checkCipher(info.cipher);
}
catch(Ice.LocalException)
{
test(false);
}
test(verifier.invoked());
test(verifier.hadCert());
//
// Have the verifier return false. Close the connection explicitly
// to force a new connection to be established.
//
verifier.reset();
verifier.returnValue(false);
server.ice_getConnection().close(false);
try
{
server.ice_ping();
test(false);
}
catch(Ice.SecurityException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
test(verifier.invoked());
test(verifier.hadCert());
fact.destroyServer(server);
comm.destroy();
}
{
//
// Verify that verifier is installed via property.
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "");
initData.properties.setProperty("IceSSL.CertVerifier", "CertificateVerifierI");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
IceSSL.Plugin plugin = (IceSSL.Plugin)comm.getPluginManager().getPlugin("IceSSL");
test(plugin != null);
test(plugin.getCertificateVerifier() != null);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing protocols... ");
Console.Out.Flush();
{
//
// This should fail because the client and server have no protocol
// in common.
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.Protocols", "ssl3");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.VerifyPeer"] = "2";
d["IceSSL.Protocols"] = "tls1";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.ConnectionLostException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// This should succeed.
//
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.VerifyPeer"] = "2";
d["IceSSL.Protocols"] = "tls1, ssl3";
server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// This should succeed with .NET 4.5 or greater and fails otherwise
//
bool is45OrGreater = false;
try
{
Enum.Parse(typeof(System.Security.Authentication.SslProtocols), "Tls12");
is45OrGreater = true;
}
catch(Exception)
{
}
try
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.Protocols", "tls1_2");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.VerifyPeer"] = "2";
d["IceSSL.Protocols"] = "tls1_2";
server = fact.createServer(d);
server.ice_ping();
fact.destroyServer(server);
comm.destroy();
}
catch(Ice.PluginInitializationException)
{
// Expected with .NET < 4.5
test(!is45OrGreater);
}
catch(Ice.LocalException)
{
test(false);
}
}
{
//
// This should fail because the client ony enables SSLv3 and the server
// uses the default protocol set that disables SSLv3
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.Protocols", "ssl3");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.VerifyPeer"] = "2";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.ConnectionLostException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// This should success because the client and the server enables SSLv3
//
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.VerifyPeer"] = "2";
d["IceSSL.Protocols"] = "ssl3, tls1_0, tls1_1, tls1_2";
server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing expired certificates... ");
Console.Out.Flush();
{
//
// This should fail because the server's certificate is expired.
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1_exp", "cacert1");
d["IceSSL.VerifyPeer"] = "2";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.SecurityException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// This should fail because the client's certificate is expired.
//
initData.properties.setProperty("IceSSL.CertFile", "c_rsa_ca1_exp.p12");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.VerifyPeer"] = "2";
server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.ConnectionLostException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
Console.Out.WriteLine("ok");
if(isAdministrator)
{
Console.Out.Write("testing multiple CA certificates... ");
Console.Out.Flush();
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca2", "");
d["IceSSL.VerifyPeer"] = "2";
store.Add(caCert1);
store.Add(caCert2);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
store.Remove(caCert2);
comm.destroy();
}
Console.Out.WriteLine("ok");
}
Console.Out.Write("testing multiple CA certificates... ");
Console.Out.Flush();
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacerts");
Ice.Communicator comm = Ice.Util.initialize(initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca2", "cacerts");
d["IceSSL.VerifyPeer"] = "2";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing DER CA certificate... ");
Console.Out.Flush();
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "");
initData.properties.setProperty("IceSSL.CAs", "cacert1.der");
Ice.Communicator comm = Ice.Util.initialize(initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "");
d["IceSSL.VerifyPeer"] = "2";
d["IceSSL.CAs"] = "cacert1.der";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing passwords... ");
Console.Out.Flush();
{
//
// Test password failure.
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "");
// Don't specify the password.
initData.properties.setProperty("IceSSL.Password", "");
try
{
Ice.Util.initialize(ref args, initData);
test(false);
}
catch(Ice.PluginInitializationException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
}
{
//
// Test password failure with callback.
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "");
initData.properties.setProperty("Ice.InitPlugins", "0");
// Don't specify the password.
initData.properties.setProperty("IceSSL.Password", "");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.PluginManager pm = comm.getPluginManager();
IceSSL.Plugin plugin = (IceSSL.Plugin)pm.getPlugin("IceSSL");
test(plugin != null);
PasswordCallbackI cb = new PasswordCallbackI("bogus");
plugin.setPasswordCallback(cb);
try
{
pm.initializePlugins();
test(false);
}
catch(Ice.PluginInitializationException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
comm.destroy();
}
{
//
// Test installation of password callback.
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "");
initData.properties.setProperty("Ice.InitPlugins", "0");
// Don't specify the password.
initData.properties.setProperty("IceSSL.Password", "");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.PluginManager pm = comm.getPluginManager();
IceSSL.Plugin plugin = (IceSSL.Plugin)pm.getPlugin("IceSSL");
test(plugin != null);
PasswordCallbackI cb = new PasswordCallbackI();
plugin.setPasswordCallback(cb);
test(plugin.getPasswordCallback() == cb);
try
{
pm.initializePlugins();
}
catch(Ice.LocalException)
{
test(false);
}
comm.destroy();
}
{
//
// Test password callback property.
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "");
initData.properties.setProperty("IceSSL.PasswordCallback", "PasswordCallbackI");
// Don't specify the password.
initData.properties.setProperty("IceSSL.Password", "");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.PluginManager pm = comm.getPluginManager();
IceSSL.Plugin plugin = (IceSSL.Plugin)pm.getPlugin("IceSSL");
test(plugin != null);
test(plugin.getPasswordCallback() != null);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing IceSSL.TrustOnly... ");
Console.Out.Flush();
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.TrustOnly",
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.TrustOnly",
"!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.TrustOnly",
"C=US, ST=Florida, O=\"ZeroC, Inc.\",OU=Ice, [email protected], CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.TrustOnly"] =
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.TrustOnly"] =
"!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.TrustOnly", "CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.TrustOnly", "!CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.TrustOnly"] = "CN=Client";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.TrustOnly"] = "!CN=Client";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.TrustOnly", "CN=Client");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.TrustOnly"] = "CN=Server";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.TrustOnly", "C=Canada,CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.TrustOnly", "!C=Canada,CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.TrustOnly", "C=Canada;CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.TrustOnly", "!C=Canada;!CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.TrustOnly", "!CN=Server1"); // Should not match "Server"
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.TrustOnly"] = "!CN=Client1"; // Should not match "Client"
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
//
// Rejection takes precedence (client).
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.TrustOnly", "ST=Florida;!CN=Server;C=US");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
//
// Rejection takes precedence (server).
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.TrustOnly"] = "C=US;!CN=Client;ST=Florida";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing IceSSL.TrustOnly.Client... ");
Console.Out.Flush();
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.TrustOnly.Client",
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
// Should have no effect.
d["IceSSL.TrustOnly.Client"] =
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Server";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.TrustOnly.Client",
"!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
// Should have no effect.
d["IceSSL.TrustOnly.Client"] = "!CN=Client";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.TrustOnly.Client", "CN=Client");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.TrustOnly.Client", "!CN=Client");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing IceSSL.TrustOnly.Server... ");
Console.Out.Flush();
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
// Should have no effect.
initData.properties.setProperty("IceSSL.TrustOnly.Server",
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.TrustOnly.Server"] =
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.TrustOnly.Server"] =
"!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
// Should have no effect.
initData.properties.setProperty("IceSSL.TrustOnly.Server", "!CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.TrustOnly.Server"] = "CN=Server";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.TrustOnly.Server"] = "!CN=Client";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing IceSSL.TrustOnly.Server.<AdapterName>... ");
Console.Out.Flush();
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.TrustOnly.Server"] = "CN=bogus";
d["IceSSL.TrustOnly.Server.ServerAdapter"] =
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.TrustOnly.Server.ServerAdapter"] =
"!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.TrustOnly.Server.ServerAdapter"] = "CN=bogus";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.TrustOnly.Server.ServerAdapter"] = "!CN=bogus";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
Console.Out.WriteLine("ok");
if(isAdministrator)
{
Console.Out.Write("testing IceSSL.KeySet... ");
Console.Out.Flush();
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost);
initData.properties.setProperty("IceSSL.DefaultDir", defaultDir);
initData.properties.setProperty("IceSSL.ImportCert.LocalMachine.Root", "cacert1.pem");
initData.properties.setProperty("IceSSL.CertFile", "c_rsa_ca1.p12");
initData.properties.setProperty("IceSSL.KeySet", "MachineKeySet");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost);
d["IceSSL.ImportCert.LocalMachine.Root"] = "cacert1.pem";
d["IceSSL.KeySet"] = "MachineKeySet";
d["IceSSL.CertFile"] = "s_rsa_ca1.p12";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
X509Store certStore = new X509Store("Root", StoreLocation.LocalMachine);
certStore.Open(OpenFlags.ReadWrite);
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "");
initData.properties.setProperty("IceSSL.ImportCert.CurrentUser.Root", "cacert1.pem");
initData.properties.setProperty("IceSSL.KeySet", "UserKeySet");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "");
d["IceSSL.ImportCert.CurrentUser.Root"] = "cacert1.pem";
d["IceSSL.KeySet"] = "UserKeySet";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
X509Store certStore = new X509Store("Root", StoreLocation.CurrentUser);
certStore.Open(OpenFlags.ReadWrite);
}
Console.Out.WriteLine("ok");
}
Console.Out.Write("testing IceSSL.FindCerts properties... ");
Console.Out.Flush();
{
string[] clientFindCertProperties = new string[]
{
"SUBJECTDN:'CN=Client, OU=Ice, O=\"ZeroC, Inc.\", L=Jupiter, S=Florida, C=US, [email protected]'",
"ISSUER:'ZeroC, Inc.' SUBJECT:Client SERIAL:02",
"ISSUERDN:'CN=ZeroC Test CA 1, OU=Ice, O=\"ZeroC, Inc.\",L=Jupiter, S=Florida, C=US,[email protected]' SUBJECT:Client",
"THUMBPRINT:'82 30 1E 35 9E 39 C1 D0 63 0D 67 3D 12 DD D4 96 90 1E EF 54'",
"SUBJECTKEYID:'FC 5D 4F AB F0 6C 03 11 B8 F3 68 CF 89 54 92 3F F9 79 2A 06'"
};
string[] serverFindCertProperties = new string[]
{
"SUBJECTDN:'CN=Server, OU=Ice, O=\"ZeroC, Inc.\", L=Jupiter, S=Florida, C=US, [email protected]'",
"ISSUER:'ZeroC, Inc.' SUBJECT:Server SERIAL:01",
"ISSUERDN:'CN=ZeroC Test CA 1, OU=Ice, O=\"ZeroC, Inc.\", L=Jupiter, S=Florida, C=US,[email protected]' SUBJECT:Server",
"THUMBPRINT:'C0 01 FF 9C C9 DA C8 0D 34 F6 2F DE 09 FB 28 0D 69 AB 78 BA'",
"SUBJECTKEYID:'47 84 AE F9 F2 85 3D 99 30 6A 03 38 41 1A B9 EB C3 9C B5 4D'"
};
string[] failFindCertProperties = new string[]
{
"nolabel",
"unknownlabel:foo",
"LABEL:",
"SUBJECTDN:'CN = Client, E = [email protected], OU = Ice, O = \"ZeroC, Inc.\", S = Florida, C = US'",
"ISSUER:'ZeroC, Inc.' SUBJECT:Client SERIAL:'02 02'",
"ISSUERDN:'[email protected], CN=ZeroC Test CA 1, OU=Ice, O=\"ZeroC, Inc.\"," +
" L=Jupiter, S=Florida, C=ES' SUBJECT:Client",
"THUMBPRINT:'27 e0 18 c9 23 12 6c f0 5c da fa 36 5a 4c 63 5a e2 53 07 ff'",
"SUBJECTKEYID:'a6 42 aa 17 04 41 86 56 67 e4 04 64 59 34 30 c7 4c 6b ef ff'"
};
string[] certificates = new string[] {"/s_rsa_ca1.p12", "/c_rsa_ca1.p12"};
X509Store certStore = new X509Store("My", StoreLocation.CurrentUser);
certStore.Open(OpenFlags.ReadWrite);
try
{
foreach(string cert in certificates)
{
certStore.Add(new X509Certificate2(defaultDir + cert, "password"));
}
for(int i = 0; i < clientFindCertProperties.Length; ++i)
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "", "cacert1");
initData.properties.setProperty("IceSSL.CertStore", "My");
initData.properties.setProperty("IceSSL.CertStoreLocation", "CurrentUser");
initData.properties.setProperty("IceSSL.FindCert", clientFindCertProperties[i]);
//
// Use TrustOnly to ensure the peer has pick the expected certificate.
//
initData.properties.setProperty("IceSSL.TrustOnly", "CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "", "cacert1");
// Use deprecated property here to test it
d["IceSSL.FindCert.CurrentUser.My"] = serverFindCertProperties[i];
//
// Use TrustOnly to ensure the peer has pick the expected certificate.
//
d["IceSSL.TrustOnly"] = "CN=Client";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
//
// These must fail because the search criteria does not match any certificates.
//
foreach(string s in failFindCertProperties)
{
try
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost);
initData.properties.setProperty("IceSSL.FindCert", s);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
test(false);
}
catch(Ice.PluginInitializationException)
{
// Expected
}
catch(Ice.LocalException)
{
test(false);
}
}
}
finally
{
foreach(string cert in certificates)
{
certStore.Remove(new X509Certificate2(defaultDir + cert, "password"));
}
certStore.Close();
}
//
// These must fail because we have already remove the certificates.
//
foreach(string s in clientFindCertProperties)
{
try
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost);
initData.properties.setProperty("IceSSL.FindCert.CurrentUser.My", s);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
test(false);
}
catch(Ice.PluginInitializationException)
{
// Expected
}
catch(Ice.LocalException)
{
test(false);
}
}
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing system CAs... ");
Console.Out.Flush();
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost);
initData.properties.setProperty("IceSSL.VerifyDepthMax", "4");
initData.properties.setProperty("Ice.Override.Timeout", "5000"); // 5s timeout
Ice.Communicator comm = Ice.Util.initialize(initData);
Ice.ObjectPrx p = comm.stringToProxy("dummy:wss -h demo.zeroc.com -p 5064");
try
{
p.ice_ping();
test(false);
}
catch(Ice.SecurityException)
{
// Expected, by default we don't check for system CAs.
}
catch(Ice.LocalException)
{
test(false);
}
initData = createClientProps(defaultProperties, defaultDir, defaultHost);
initData.properties.setProperty("IceSSL.VerifyDepthMax", "4");
initData.properties.setProperty("Ice.Override.Timeout", "5000"); // 5s timeout
initData.properties.setProperty("IceSSL.UsePlatformCAs", "1");
comm = Ice.Util.initialize(initData);
p = comm.stringToProxy("dummy:wss -h demo.zeroc.com -p 5064");
IceSSL.WSSConnectionInfo info;
try
{
info = (IceSSL.WSSConnectionInfo)p.ice_getConnection().getInfo();
test(info.verified);
}
catch(Ice.LocalException)
{
test(false);
}
comm.destroy();
}
Console.Out.WriteLine("ok");
}
finally
{
if(isAdministrator)
{
store.Remove(caCert1);
store.Remove(caCert2);
}
store.Close();
}
return factory;
}
