public static void RemoveClosedThrows()
{
using (X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser))
using (X509Certificate2 cert = new X509Certificate2(TestData.MsCertificate))
{
Assert.Throws <CryptographicException>(() => store.Remove(cert));
}
}
protected void RemoveCert(X509Certificate2 cert, StoreLocation location, StoreName name)
{
X509Store store = new X509Store(name, location);
store.Open(OpenFlags.ReadWrite);
store.Remove(cert);
store.Close();
}
public static void RemoveDevelopmentCertificate(X509Certificate2 certificate)
{
using (var store = new X509Store(StoreName.My, StoreLocation.CurrentUser))
{
store.Open(OpenFlags.ReadWrite);
store.Remove(certificate);
}
}
public static void RemoveCertificateFromStore(X509Certificate2 certificate, StoreName storeName = StoreName.My, StoreLocation locationName = StoreLocation.LocalMachine)
{
var store = new X509Store(storeName, locationName);
store.Open(OpenFlags.ReadWrite);
store.Remove(certificate);
store.Close();
}
public void Remove_OpenReadOnly_Unexisting()
{
X509Store xs = new X509Store(ReadOnlyStore);
xs.Open(OpenFlags.ReadOnly);
// note: cert1 wasn't present, remove "succeed"
xs.Remove(cert1);
}
private void UnregisterCertificate(X509Certificate2 certificate)
{
X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadWrite);
store.Remove(certificate);
store.Close();
}
public static void RemoveCertificateFromStore(X509Certificate2 certificate)
{
Validate.ValidateNullArgument(certificate, Resources.InvalidCertificate);
X509Store store = new X509Store(StoreName.My, System.Security.Cryptography.X509Certificates.StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadWrite);
store.Remove(certificate);
}
public static void UninstallCerts()
{
var validCert = new X509Certificate2("MyValidCert.p12");
var expiredCert = new X509Certificate2("MyExpiredCert.p12");
var store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
try
{
store.Open(OpenFlags.ReadWrite);
store.Remove(validCert);
store.Remove(expiredCert);
}
finally
{
store?.Dispose();
}
}
/// <summary>
/// Remove the generated certificate from the certificate store.
/// </summary>
public static void RemoveCertFromStore(X509Certificate2 cert, StoreLocation loc)
{
X509Store store = new X509Store(loc);
store.Open(OpenFlags.ReadWrite);
store.Remove(cert);
store.Close();
}
private static void Main(string[] args)
{
var commandLineParseResult = Parser.Default.ParseArguments <Options>(args);
var parsed = commandLineParseResult as Parsed <Options>;
if (parsed == null)
{
return; // not parsed
}
Options = parsed.Value;
Console.WriteLine("Remove Expired Certificates");
if (!Options.Live)
{
Console.WriteLine($"Live argument not set so not removing");
}
X509Store store;
try
{
store = new X509Store(Options.Store, StoreLocation.LocalMachine);
store.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadWrite);
}
catch (CryptographicException)
{
store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
store.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadWrite);
}
catch (Exception ex)
{
throw new Exception(ex.Message);
}
Console.WriteLine($" Opened Certificate Store \"{store.Name}\"");
try
{
var col = store.Certificates;
foreach (var cert in col)
{
if (Convert.ToDateTime(cert.GetExpirationDateString()) <= DateTime.Now)
{
Console.WriteLine($" Removing Certificate from Store {cert.FriendlyName}");
if (Options.Live)
{
store.Remove(cert);
}
}
}
Console.WriteLine($" Closing Certificate Store");
}
catch (Exception ex)
{
Console.WriteLine($"Error removing certificate: {ex.Message}");
}
store.Close();
}
private static void RemoveFromStore(string base64Encoded)
{
var certificate = new X509Certificate2(Convert.FromBase64String(base64Encoded), "");
var store = new X509Store(StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadWrite);
store.Remove(certificate);
store.Close();
}
public static void VerifyRemove()
{
using (var store = new X509Store(StoreName.My, StoreLocation.CurrentUser))
using (var cert = new X509Certificate2(TestData.PfxData, TestData.PfxDataPassword, X509KeyStorageFlags.Exportable))
{
store.Open(OpenFlags.ReadWrite);
// Defensive removal. Sort of circular, but it's the best we can do.
store.Remove(cert);
Assert.False(IsCertInStore(cert, store), "PtxData certificate was found on pre-condition");
store.Add(cert);
Assert.True(IsCertInStore(cert, store), "PtxData certificate was found after add");
store.Remove(cert);
Assert.False(IsCertInStore(cert, store), "PtxData certificate was found after remove");
}
}
public static void DeleteCertificatesIfExist(this X509Store store, string subject, StoreLocation storeLocation, StoreName storeName)
{
var certs = store.Certificates.Find(X509FindType.FindBySubjectName, subject, false);
foreach (var cert in certs)
{
store.Remove(cert);
}
}
public static void RemoveReadOnlyNonExistingDoesNotThrow()
{
using (X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser))
using (X509Certificate2 cert = new X509Certificate2(TestData.MsCertificate))
{
store.Open(OpenFlags.ReadOnly);
store.Remove(cert);
}
}
/// <summary>
/// Remove a publishsettings file from the store
/// </summary>
/// <param name="thumbprint">The management certificate thumbprint</param>
public static void RemoveFromStore(string thumbprint, StoreLocation location = StoreLocation.CurrentUser)
{
X509Certificate2 certificate = FromStore(thumbprint);
var store = new X509Store(StoreName.My, location);
store.Open(OpenFlags.ReadWrite);
store.Remove(certificate);
store.Close();
}
public static bool InstallCACertificates()
{
try
{
using (var certStore = new X509Store(StoreName.Root, StoreLocation.CurrentUser))
{
certStore.Open(OpenFlags.ReadWrite | OpenFlags.IncludeArchived);
if (!certStore.Certificates.Cast <X509Certificate2>().Any(le => le.Equals(CA)))
{
MessageBox.Show(Lang.CertificateInstall, Lang.Name, MessageBoxButtons.OK, MessageBoxIcon.Information);
certStore.Add(CA);
}
var oldCAList = certStore
.Certificates
.Cast <X509Certificate2>()
.Where(le =>
{
if (le.Equals(CA))
{
return(false);
}
var subjectLower = le.Subject.ToLower();
return(subjectLower.Contains("streaming") && subjectLower.Contains("respirator"));
})
.ToArray();
if (oldCAList.Length > 0)
{
MessageBox.Show(Lang.CertificateRemoveOld, Lang.Name, MessageBoxButtons.OK, MessageBoxIcon.Information);
foreach (var cert in oldCAList)
{
try
{
certStore.Remove(cert);
}
catch (Exception ex)
{
SentrySdk.CaptureException(ex);
}
}
}
}
}
catch (Exception ex)
{
SentrySdk.CaptureException(ex);
return(false);
}
return(true);
}
private void AddToCertStore(X509Certificate2 certificate, X509Store store)
{
store.Open(OpenFlags.ReadWrite);
store.Remove(certificate);
// It is installed into the LocalMachine/Personal/certificates store
// to see it has installed, open up mmc -> file/add remove snap-in -> choose certificates -> computer account
store.Add(certificate);
store.Close();
}
internal void RemoveUserCertitficate(
X509Certificate2 certificate)
{
using (TraceSources.IapDesktop.TraceMethod().WithoutParameters())
using (var store = new X509Store(StoreName.My, StoreLocation.CurrentUser))
{
store.Open(OpenFlags.ReadWrite);
store.Remove(certificate);
}
}
public void RemoveRootCert()
{
string file = "mytest.pfx"; // Contains name of certificate file
X509Store store = new X509Store(StoreName.Root);
store.Open(OpenFlags.ReadWrite);
// GOOD: removing a certificate from Root store
store.Remove(new X509Certificate2(X509Certificate2.CreateFromCertFile(file)));
store.Close();
}
public void Remove_Empty_Certificate()
{
X509Store xs = new X509Store("ReadWriteStore");
xs.Open(OpenFlags.ReadWrite);
// note: impossible to add cert_empty, so we add something else
// to be sure we'll follow the complete code path (loop) of removal
xs.Add(cert1);
xs.Remove(cert_empty);
}
public void Dispose()
{
using (_store)
{
_store.Remove(TrustedCert);
#if IS_DESKTOP
_store.Close();
#endif
}
}
public void Remove_OpenReadOnly_Existing()
{
X509Store xs = new X509Store("ReadWriteStore");
xs.Open(OpenFlags.ReadWrite);
xs.Add(cert1);
xs.Close();
xs.Open(OpenFlags.ReadOnly);
xs.Remove(cert1);
}
public static void RemoveDisposedIsIgnored()
{
using (X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser))
using (X509Certificate2 cert = new X509Certificate2(TestData.MsCertificate))
{
store.Open(OpenFlags.ReadWrite);
cert.Dispose();
store.Remove(cert);
}
}
public static void RemoveCertificateFromStore(X509Certificate2 certificate)
{
if (certificate != null)
{
X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadWrite);
store.Remove(certificate);
store.Close();
}
}
static void Clean()
{
Console.WriteLine("Cleaning...");
Fiddler.FiddlerApplication.Shutdown();
X509Store cert_store = new X509Store(StoreName.Root, StoreLocation.LocalMachine);
cert_store.Open(OpenFlags.ReadWrite);
cert_store.Remove(root_certificate);
Console.WriteLine("Clean finished.");
}
/// <summary>
/// 导入PFX格式证书
/// </summary>
/// <param name="certFilePath">path</param>
/// <param name="pd">密码</param>
public static void ImportPfxByPath(string certFilePath, string pd)
{
X509Certificate2 cert = new X509Certificate2(certFilePath, pd, X509KeyStorageFlags.MachineKeySet);
X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
store.Open(OpenFlags.MaxAllowed);
store.Remove(cert);
store.Add(cert);
store.Close();
}
public static void AddToStore_Exportable()
{
using (var store = new X509Store(StoreName.My, StoreLocation.CurrentUser))
using (var cert = new X509Certificate2(TestData.PfxData, TestData.PfxDataPassword, X509KeyStorageFlags.Exportable))
using (var certOnly = new X509Certificate2(cert.RawData))
{
store.Open(OpenFlags.ReadWrite);
// Defensive removal.
store.Remove(certOnly);
Assert.False(IsCertInStore(cert, store), "PtxData certificate was found on pre-condition");
store.Add(cert);
Assert.True(IsCertInStore(certOnly, store), "PtxData certificate was found after add");
// Cleanup
store.Remove(certOnly);
}
}
public void Remove()
{
StoreName storeName = (StoreName)Enum.Parse(typeof(StoreName), StoreName);
StoreLocation storeLocation = (StoreLocation)Enum.Parse(typeof(StoreLocation), StoreLocation);
X509Store store = new X509Store(storeName, storeLocation);
store.Open(OpenFlags.ReadWrite);
store.Remove(certificate);
store.Close();
}
public static void RemoveCert(
[Argument(Description = "The qualified host name used to created the certificate.")]
string name
)
{
if (name.StartsWith("CN=") == false)
{
name = String.Format("CN={0}", name);
}
StringBuilder sbknown = new StringBuilder();
X509Certificate2 found = null;
X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadWrite);
try
{
foreach (X509Certificate2 cert in store.Certificates)
{
if (cert.Subject == name)
{
found = cert;
}
sbknown.AppendLine(cert.Subject);
}
if (found != null)
{
Console.WriteLine("Removing the following certificate:");
Console.WriteLine();
SslCertValidator.DebugDumpCertificate(found, Console.Out);
Console.WriteLine();
Console.WriteLine("Are you sure you want to delete this? [y/n]");
if (Constants.IsUnitTest || 'y' == Console.ReadKey(true).KeyChar)
{
store.Remove(found);
Console.WriteLine("Removed.");
}
else
{
Console.WriteLine("Aborted.");
}
}
}
finally { store.Close(); }
if (found == null)
{
Console.WriteLine("Unable to locate '{0}' in:", name);
Console.WriteLine(sbknown.ToString());
}
}
public static void RemoveCerts()
{
X509Store certStore = new X509Store(StoreName.My, StoreLocation.CurrentUser);
certStore.Open(OpenFlags.ReadWrite);
var certs = certStore.Certificates.Find(X509FindType.FindByThumbprint,
testProfileData.Subscriptions.First().ManagementCertificate, false);
certStore.Remove(certs[0]);
certStore.Close();
}
public static int Main(string[] args)
{
X509Certificate2 cert = null ;
X509Store store = null ;
ArrayList al = new ArrayList() ;
try
{
cert = TestCert ;
store = new X509Store( StoreName.My , StoreLocation.CurrentUser ) ;
store.Open( OpenFlags.ReadWrite ) ;
store.Add( cert ) ;
Test( X509IncludeOption.ExcludeRoot ) ;
Test( X509IncludeOption.WholeChain ) ;
Test( X509IncludeOption.EndCertOnly ) ;
Test( (X509IncludeOption) 0xFFFF ) ;
Test2() ;
Test3() ;
Test4() ;
Test5() ;
Test6() ;
Test7() ;
store.Remove( cert ) ;
}
catch( Exception e )
{
rv = false ;
Console.WriteLine( e.ToString() ) ;
}
finally
{
store.Close() ;
}
Console.WriteLine( rv ? "Test passed" : "Test failed" ) ;
return rv ? 100 : 101 ;
}
static void Delete (ObjectType type, X509Store store, string hash, bool verbose)
{
switch (type) {
case ObjectType.Certificate:
foreach (X509Certificate x509 in store.Certificates) {
if (hash == CryptoConvert.ToHex (x509.Hash)) {
store.Remove (x509);
Console.WriteLine ("Certificate removed from store.");
return;
}
}
break;
case ObjectType.CRL:
foreach (X509Crl crl in store.Crls) {
if (hash == CryptoConvert.ToHex (crl.Hash)) {
store.Remove (crl);
Console.WriteLine ("CRL removed from store.");
return;
}
}
break;
default:
throw new NotSupportedException (type.ToString ());
}
}
public static void RemoveReadOnlyThrowsWhenFound()
{
// This test is unfortunate, in that it will mostly never test.
// In order to do so it would have to open the store ReadWrite, put in a known value,
// and call Remove on a ReadOnly copy.
//
// Just calling Remove on the first item found could also work (when the store isn't empty),
// but if it fails the cost is too high.
//
// So what's the purpose of this test, you ask? To record why we're not unit testing it.
// And someone could test it manually if they wanted.
using (X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser))
using (X509Certificate2 cert = new X509Certificate2(TestData.MsCertificate))
{
store.Open(OpenFlags.ReadOnly);
if (store.Certificates.Contains(cert))
{
Assert.ThrowsAny<CryptographicException>(() => store.Remove(cert));
}
}
}
public static void RemoveClosedThrows()
{
using (X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser))
using (X509Certificate2 cert = new X509Certificate2(TestData.MsCertificate))
{
Assert.ThrowsAny<CryptographicException>(() => store.Remove(cert));
}
}
public static Test.ServerFactoryPrx allTests(Ice.Communicator communicator, string testDir)
{
string factoryRef = "factory:tcp -p 12010";
Ice.ObjectPrx b = communicator.stringToProxy(factoryRef);
test(b != null);
Test.ServerFactoryPrx factory = Test.ServerFactoryPrxHelper.checkedCast(b);
string defaultHost = communicator.getProperties().getProperty("Ice.Default.Host");
string defaultDir = testDir + "/../certs";
Ice.Properties defaultProperties = communicator.getProperties();
//
// Load the CA certificates. We could use the IceSSL.ImportCert property, but
// it would be nice to remove the CA certificates when the test finishes, so
// this test manually installs the certificates in the LocalMachine:AuthRoot
// store.
//
// Note that the client and server are assumed to run on the same machine,
// so the certificates installed by the client are also available to the
// server.
//
string caCert1File = defaultDir + "/cacert1.pem";
string caCert2File = defaultDir + "/cacert2.pem";
X509Certificate2 caCert1 = new X509Certificate2(caCert1File);
X509Certificate2 caCert2 = new X509Certificate2(caCert2File);
X509Store store = new X509Store(StoreName.AuthRoot, StoreLocation.LocalMachine);
bool isAdministrator = false;
try
{
store.Open(OpenFlags.ReadWrite);
isAdministrator = true;
}
catch(CryptographicException)
{
store.Open(OpenFlags.ReadOnly);
Console.Out.WriteLine("warning: some test requires administrator privileges, run as Administrator to run all the tests.");
}
Ice.InitializationData initData;
Dictionary<string, string> d;
try
{
string[] args = new string[0];
Console.Out.Write("testing manual initialization... ");
Console.Out.Flush();
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost);
initData.properties.setProperty("Ice.InitPlugins", "0");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.ObjectPrx p = comm.stringToProxy("dummy:ssl -p 9999");
try
{
p.ice_ping();
test(false);
}
catch(Ice.PluginInitializationException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("Ice.InitPlugins", "0");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.PluginManager pm = comm.getPluginManager();
pm.initializePlugins();
Ice.ObjectPrx obj = comm.stringToProxy(factoryRef);
test(obj != null);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(obj);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
//
// Supply our own certificate.
//
X509Certificate2 cert = new X509Certificate2(defaultDir + "/c_rsa_ca1.p12", "password");
X509Certificate2Collection coll = new X509Certificate2Collection();
coll.Add(cert);
initData = createClientProps(defaultProperties, defaultDir, defaultHost);
initData.properties.setProperty("Ice.InitPlugins", "0");
initData.properties.setProperty("IceSSL.CAs", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.PluginManager pm = comm.getPluginManager();
IceSSL.Plugin plugin = (IceSSL.Plugin)pm.getPlugin("IceSSL");
test(plugin != null);
plugin.setCertificates(coll);
pm.initializePlugins();
Ice.ObjectPrx obj = comm.stringToProxy(factoryRef);
test(obj != null);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(obj);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.VerifyPeer"] = "2";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
//
// Supply our own CA certificate.
//
X509Certificate2 cert = new X509Certificate2(defaultDir + "/cacert1.pem");
X509Certificate2Collection coll = new X509Certificate2Collection();
coll.Add(cert);
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "");
initData.properties.setProperty("Ice.InitPlugins", "0");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.PluginManager pm = comm.getPluginManager();
IceSSL.Plugin plugin = (IceSSL.Plugin)pm.getPlugin("IceSSL");
test(plugin != null);
plugin.setCACertificates(coll);
pm.initializePlugins();
Ice.ObjectPrx obj = comm.stringToProxy(factoryRef);
test(obj != null);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(obj);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.VerifyPeer"] = "2";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing certificate verification... ");
Console.Out.Flush();
{
//
// Test IceSSL.VerifyPeer=0. Client does not have a certificate,
// and it doesn't trust the server certificate.
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "", "");
initData.properties.setProperty("IceSSL.VerifyPeer", "0");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "");
d["IceSSL.VerifyPeer"] = "0";
Test.ServerPrx server = fact.createServer(d);
try
{
server.noCert();
test(!((IceSSL.ConnectionInfo)server.ice_getConnection().getInfo()).verified);
}
catch(Ice.LocalException ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// Test IceSSL.VerifyPeer=0. Client does not have a certificate,
// but it still verifies the server's.
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "", "cacert1");
initData.properties.setProperty("IceSSL.VerifyPeer", "0");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "");
d["IceSSL.VerifyPeer"] = "0";
server = fact.createServer(d);
try
{
server.noCert();
test(((IceSSL.ConnectionInfo)server.ice_getConnection().getInfo()).verified);
}
catch(Ice.LocalException ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// Test IceSSL.VerifyPeer=1. Client does not have a certificate.
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "", "cacert1");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "");
d["IceSSL.VerifyPeer"] = "1";
server = fact.createServer(d);
try
{
server.noCert();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
//
// Test IceSSL.VerifyPeer=2. This should fail because the client
// does not supply a certificate.
//
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "");
d["IceSSL.VerifyPeer"] = "2";
server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.ConnectionLostException)
{
// Expected.
}
catch(Ice.LocalException ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// Test IceSSL.VerifyPeer=1. Client has a certificate.
//
// Provide "cacert1" to the client to verify the server
// certificate (without this the client connection wouln't be
// able to provide the certificate chain).
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.VerifyPeer"] = "1";
server = fact.createServer(d);
try
{
X509Certificate2 clientCert =
new X509Certificate2(defaultDir + "/c_rsa_ca1.p12", "password");
server.checkCert(clientCert.Subject, clientCert.Issuer);
X509Certificate2 serverCert =
new X509Certificate2(defaultDir + "/s_rsa_ca1.p12", "password");
X509Certificate2 caCert = new X509Certificate2(defaultDir + "/cacert1.pem");
IceSSL.NativeConnectionInfo info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo();
test(info.nativeCerts.Length == 2);
test(info.verified);
test(caCert.Equals(info.nativeCerts[1]));
test(serverCert.Equals(info.nativeCerts[0]));
}
catch(Exception ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
//
// Test IceSSL.VerifyPeer=2. Client has a certificate.
//
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.VerifyPeer"] = "2";
server = fact.createServer(d);
try
{
X509Certificate2 clientCert = new X509Certificate2(defaultDir + "/c_rsa_ca1.p12", "password");
server.checkCert(clientCert.Subject, clientCert.Issuer);
}
catch(Exception ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// Test IceSSL.VerifyPeer=1. This should fail because the
// client doesn't trust the server's CA.
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "", "");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "");
d["IceSSL.VerifyPeer"] = "0";
server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.SecurityException)
{
// Expected.
}
catch(Ice.LocalException ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// Test IceSSL.VerifyPeer=1. This should fail because the
// server doesn't trust the client's CA.
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca2", "");
initData.properties.setProperty("IceSSL.VerifyPeer", "0");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "");
d["IceSSL.VerifyPeer"] = "1";
server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.SecurityException)
{
// Expected.
}
catch(Ice.ConnectionLostException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// This should succeed because the self signed certificate used by the server is
// trusted.
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "", "cacert2");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "cacert2", "");
d["IceSSL.VerifyPeer"] = "0";
server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// This should l because the self signed certificate used by the server is not
// trusted.
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost);
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "cacert2", "");
d["IceSSL.VerifyPeer"] = "0";
server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.SecurityException)
{
// Expected.
}
catch(Ice.LocalException ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// Verify that IceSSL.CheckCertName has no effect in a server.
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.CheckCertName"] = "1";
server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// NOTE: We can't test IceSSL.CheckCertName here because the common name (CN) field of
// the server's certificate has the value "Server" and we can't use "Server" as a host
// name in an endpoint (it almost certainly wouldn't resolve correctly).
//
//
// Test IceSSL.CheckCertName. The test certificates for the server contain "127.0.0.1"
// as the common name or as a subject alternative name, so we only perform this test when
// the default host is "127.0.0.1".
//
if(defaultHost.Equals("127.0.0.1"))
{
//
// Test subject alternative name.
//
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.CheckCertName", "1");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.CheckCertName"] = "1";
server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
//
// Test common name.
//
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.CheckCertName", "1");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1_cn1", "cacert1");
d["IceSSL.CheckCertName"] = "1";
server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
//
// Test common name again. The certificate used in this test has "127.0.0.11" as its
// common name, therefore the address "127.0.0.1" must NOT match.
//
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.CheckCertName", "1");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1_cn2", "cacert1");
d["IceSSL.CheckCertName"] = "1";
server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
// Expected.
}
fact.destroyServer(server);
comm.destroy();
}
}
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing certificate chains... ");
Console.Out.Flush();
{
X509Store certStore = new X509Store("My", StoreLocation.CurrentUser);
certStore.Open(OpenFlags.ReadWrite);
X509Certificate2Collection certs = new X509Certificate2Collection();
certs.Import(defaultDir + "/s_rsa_cai2.p12", "password", X509KeyStorageFlags.DefaultKeySet);
foreach(X509Certificate2 cert in certs)
{
certStore.Add(cert);
}
try
{
IceSSL.NativeConnectionInfo info;
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "", "");
initData.properties.setProperty("IceSSL.VerifyPeer", "0");
Ice.Communicator comm = Ice.Util.initialize(initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
//
// The client can't verify the server certificate but it should
// still provide it. "s_rsa_ca1" doesn't include the root so the
// cert size should be 1.
//
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "");
d["IceSSL.VerifyPeer"] = "0";
Test.ServerPrx server = fact.createServer(d);
try
{
info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo();
test(info.nativeCerts.Length == 1);
test(!info.verified);
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
//
// Setting the CA for the server shouldn't change anything, it
// shouldn't modify the cert chain sent to the client.
//
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.VerifyPeer"] = "0";
server = fact.createServer(d);
try
{
info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo();
test(info.nativeCerts.Length == 1);
test(!info.verified);
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
//
// The client can't verify the server certificate but should
// still provide it. "s_rsa_wroot_ca1" includes the root so
// the cert size should be 2.
//
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_wroot_ca1", "");
d["IceSSL.VerifyPeer"] = "0";;
server = fact.createServer(d);
try
{
info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo();
test(info.nativeCerts.Length == 1); // Like the SChannel transport, .NET never sends the root.
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// Now the client verifies the server certificate
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "", "cacert1");
initData.properties.setProperty("IceSSL.VerifyPeer", "1");
comm = Ice.Util.initialize(initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
{
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "");
d["IceSSL.VerifyPeer"] = "0";;
server = fact.createServer(d);
try
{
info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo();
test(info.nativeCerts.Length == 2);
test(info.verified);
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
}
//
// Try certificate with one intermediate and VerifyDepthMax=2
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "", "cacert1");
initData.properties.setProperty("IceSSL.VerifyPeer", "1");
initData.properties.setProperty("IceSSL.VerifyDepthMax", "2");
comm = Ice.Util.initialize(initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
{
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_cai1", "");
d["IceSSL.VerifyPeer"] = "0";;
server = fact.createServer(d);
try
{
server.ice_getConnection().getInfo();
test(false);
}
catch(Ice.SecurityException)
{
// Chain length too long
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
}
comm.destroy();
//
// Set VerifyDepthMax to 3 (the default)
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "", "cacert1");
initData.properties.setProperty("IceSSL.VerifyPeer", "1");
//initData.properties.setProperty("IceSSL.VerifyDepthMax", "3");
comm = Ice.Util.initialize(initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
{
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_cai1", "");
d["IceSSL.VerifyPeer"] = "0";;
server = fact.createServer(d);
try
{
info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo();
test(info.nativeCerts.Length == 3);
test(info.verified);
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
}
{
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_cai2", "");
d["IceSSL.VerifyPeer"] = "0";;
server = fact.createServer(d);
try
{
server.ice_getConnection().getInfo();
test(false);
}
catch(Ice.SecurityException)
{
// Chain length too long
}
fact.destroyServer(server);
}
comm.destroy();
//
// Increase VerifyDepthMax to 4
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "", "cacert1");
initData.properties.setProperty("IceSSL.VerifyPeer", "1");
initData.properties.setProperty("IceSSL.VerifyDepthMax", "4");
comm = Ice.Util.initialize(initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
{
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_cai2", "");
d["IceSSL.VerifyPeer"] = "0";;
server = fact.createServer(d);
try
{
info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo();
test(info.nativeCerts.Length == 4);
test(info.verified);
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
}
comm.destroy();
//
// Increase VerifyDepthMax to 4
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_cai2", "cacert1");
initData.properties.setProperty("IceSSL.VerifyPeer", "1");
initData.properties.setProperty("IceSSL.VerifyDepthMax", "4");
comm = Ice.Util.initialize(initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
{
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_cai2", "cacert1");
d["IceSSL.VerifyPeer"] = "2";
server = fact.createServer(d);
try
{
server.ice_getConnection();
test(false);
}
catch(Ice.ProtocolException)
{
// Expected
}
catch(Ice.ConnectionLostException)
{
// Expected
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
}
{
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_cai2", "cacert1");
d["IceSSL.VerifyPeer"] = "2";
d["IceSSL.VerifyDepthMax"] = "4";
server = fact.createServer(d);
try
{
server.ice_getConnection();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
}
comm.destroy();
}
finally
{
foreach(X509Certificate2 cert in certs)
{
certStore.Remove(cert);
}
}
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing custom certificate verifier... ");
Console.Out.Flush();
{
//
// Verify that a server certificate is present.
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
IceSSL.Plugin plugin = (IceSSL.Plugin)comm.getPluginManager().getPlugin("IceSSL");
test(plugin != null);
CertificateVerifierI verifier = new CertificateVerifierI();
plugin.setCertificateVerifier(verifier);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.VerifyPeer"] = "2";
Test.ServerPrx server = fact.createServer(d);
try
{
IceSSL.NativeConnectionInfo info =
(IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo();
server.checkCipher(info.cipher);
}
catch(Ice.LocalException)
{
test(false);
}
test(verifier.invoked());
test(verifier.hadCert());
//
// Have the verifier return false. Close the connection explicitly
// to force a new connection to be established.
//
verifier.reset();
verifier.returnValue(false);
server.ice_getConnection().close(false);
try
{
server.ice_ping();
test(false);
}
catch(Ice.SecurityException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
test(verifier.invoked());
test(verifier.hadCert());
fact.destroyServer(server);
comm.destroy();
}
{
//
// Verify that verifier is installed via property.
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "");
initData.properties.setProperty("IceSSL.CertVerifier", "CertificateVerifierI");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
IceSSL.Plugin plugin = (IceSSL.Plugin)comm.getPluginManager().getPlugin("IceSSL");
test(plugin != null);
test(plugin.getCertificateVerifier() != null);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing protocols... ");
Console.Out.Flush();
{
//
// This should fail because the client and server have no protocol
// in common.
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.Protocols", "ssl3");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.VerifyPeer"] = "2";
d["IceSSL.Protocols"] = "tls1";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.ConnectionLostException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// This should succeed.
//
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.VerifyPeer"] = "2";
d["IceSSL.Protocols"] = "tls1, ssl3";
server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// This should succeed with .NET 4.5 or greater and fails otherwise
//
bool is45OrGreater = false;
try
{
Enum.Parse(typeof(System.Security.Authentication.SslProtocols), "Tls12");
is45OrGreater = true;
}
catch(Exception)
{
}
try
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.Protocols", "tls1_2");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.VerifyPeer"] = "2";
d["IceSSL.Protocols"] = "tls1_2";
server = fact.createServer(d);
server.ice_ping();
fact.destroyServer(server);
comm.destroy();
}
catch(Ice.PluginInitializationException)
{
// Expected with .NET < 4.5
test(!is45OrGreater);
}
catch(Ice.LocalException)
{
test(false);
}
}
{
//
// This should fail because the client ony enables SSLv3 and the server
// uses the default protocol set that disables SSLv3
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.Protocols", "ssl3");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.VerifyPeer"] = "2";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.ConnectionLostException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// This should success because the client and the server enables SSLv3
//
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.VerifyPeer"] = "2";
d["IceSSL.Protocols"] = "ssl3, tls1_0, tls1_1, tls1_2";
server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing expired certificates... ");
Console.Out.Flush();
{
//
// This should fail because the server's certificate is expired.
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1_exp", "cacert1");
d["IceSSL.VerifyPeer"] = "2";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.SecurityException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// This should fail because the client's certificate is expired.
//
initData.properties.setProperty("IceSSL.CertFile", "c_rsa_ca1_exp.p12");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.VerifyPeer"] = "2";
server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.ConnectionLostException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
Console.Out.WriteLine("ok");
if(isAdministrator)
{
Console.Out.Write("testing multiple CA certificates... ");
Console.Out.Flush();
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca2", "");
d["IceSSL.VerifyPeer"] = "2";
store.Add(caCert1);
store.Add(caCert2);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
store.Remove(caCert2);
comm.destroy();
}
Console.Out.WriteLine("ok");
}
Console.Out.Write("testing multiple CA certificates... ");
Console.Out.Flush();
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacerts");
Ice.Communicator comm = Ice.Util.initialize(initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca2", "cacerts");
d["IceSSL.VerifyPeer"] = "2";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing DER CA certificate... ");
Console.Out.Flush();
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "");
initData.properties.setProperty("IceSSL.CAs", "cacert1.der");
Ice.Communicator comm = Ice.Util.initialize(initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "");
d["IceSSL.VerifyPeer"] = "2";
d["IceSSL.CAs"] = "cacert1.der";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing passwords... ");
Console.Out.Flush();
{
//
// Test password failure.
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "");
// Don't specify the password.
initData.properties.setProperty("IceSSL.Password", "");
try
{
Ice.Util.initialize(ref args, initData);
test(false);
}
catch(Ice.PluginInitializationException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
}
{
//
// Test password failure with callback.
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "");
initData.properties.setProperty("Ice.InitPlugins", "0");
// Don't specify the password.
initData.properties.setProperty("IceSSL.Password", "");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.PluginManager pm = comm.getPluginManager();
IceSSL.Plugin plugin = (IceSSL.Plugin)pm.getPlugin("IceSSL");
test(plugin != null);
PasswordCallbackI cb = new PasswordCallbackI("bogus");
plugin.setPasswordCallback(cb);
try
{
pm.initializePlugins();
test(false);
}
catch(Ice.PluginInitializationException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
comm.destroy();
}
{
//
// Test installation of password callback.
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "");
initData.properties.setProperty("Ice.InitPlugins", "0");
// Don't specify the password.
initData.properties.setProperty("IceSSL.Password", "");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.PluginManager pm = comm.getPluginManager();
IceSSL.Plugin plugin = (IceSSL.Plugin)pm.getPlugin("IceSSL");
test(plugin != null);
PasswordCallbackI cb = new PasswordCallbackI();
plugin.setPasswordCallback(cb);
test(plugin.getPasswordCallback() == cb);
try
{
pm.initializePlugins();
}
catch(Ice.LocalException)
{
test(false);
}
comm.destroy();
}
{
//
// Test password callback property.
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "");
initData.properties.setProperty("IceSSL.PasswordCallback", "PasswordCallbackI");
// Don't specify the password.
initData.properties.setProperty("IceSSL.Password", "");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.PluginManager pm = comm.getPluginManager();
IceSSL.Plugin plugin = (IceSSL.Plugin)pm.getPlugin("IceSSL");
test(plugin != null);
test(plugin.getPasswordCallback() != null);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing IceSSL.TrustOnly... ");
Console.Out.Flush();
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.TrustOnly",
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.TrustOnly",
"!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.TrustOnly",
"C=US, ST=Florida, O=\"ZeroC, Inc.\",OU=Ice, [email protected], CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.TrustOnly"] =
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.TrustOnly"] =
"!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.TrustOnly", "CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.TrustOnly", "!CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.TrustOnly"] = "CN=Client";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.TrustOnly"] = "!CN=Client";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.TrustOnly", "CN=Client");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.TrustOnly"] = "CN=Server";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.TrustOnly", "C=Canada,CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.TrustOnly", "!C=Canada,CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.TrustOnly", "C=Canada;CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.TrustOnly", "!C=Canada;!CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.TrustOnly", "!CN=Server1"); // Should not match "Server"
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.TrustOnly"] = "!CN=Client1"; // Should not match "Client"
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
//
// Rejection takes precedence (client).
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.TrustOnly", "ST=Florida;!CN=Server;C=US");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
//
// Rejection takes precedence (server).
//
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.TrustOnly"] = "C=US;!CN=Client;ST=Florida";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing IceSSL.TrustOnly.Client... ");
Console.Out.Flush();
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.TrustOnly.Client",
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
// Should have no effect.
d["IceSSL.TrustOnly.Client"] =
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Server";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.TrustOnly.Client",
"!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
// Should have no effect.
d["IceSSL.TrustOnly.Client"] = "!CN=Client";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.TrustOnly.Client", "CN=Client");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
initData.properties.setProperty("IceSSL.TrustOnly.Client", "!CN=Client");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing IceSSL.TrustOnly.Server... ");
Console.Out.Flush();
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
// Should have no effect.
initData.properties.setProperty("IceSSL.TrustOnly.Server",
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.TrustOnly.Server"] =
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.TrustOnly.Server"] =
"!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
// Should have no effect.
initData.properties.setProperty("IceSSL.TrustOnly.Server", "!CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.TrustOnly.Server"] = "CN=Server";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.TrustOnly.Server"] = "!CN=Client";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing IceSSL.TrustOnly.Server.<AdapterName>... ");
Console.Out.Flush();
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.TrustOnly.Server"] = "CN=bogus";
d["IceSSL.TrustOnly.Server.ServerAdapter"] =
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.TrustOnly.Server.ServerAdapter"] =
"!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.TrustOnly.Server.ServerAdapter"] = "CN=bogus";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1");
d["IceSSL.TrustOnly.Server.ServerAdapter"] = "!CN=bogus";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
Console.Out.WriteLine("ok");
if(isAdministrator)
{
Console.Out.Write("testing IceSSL.KeySet... ");
Console.Out.Flush();
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost);
initData.properties.setProperty("IceSSL.DefaultDir", defaultDir);
initData.properties.setProperty("IceSSL.ImportCert.LocalMachine.Root", "cacert1.pem");
initData.properties.setProperty("IceSSL.CertFile", "c_rsa_ca1.p12");
initData.properties.setProperty("IceSSL.KeySet", "MachineKeySet");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost);
d["IceSSL.ImportCert.LocalMachine.Root"] = "cacert1.pem";
d["IceSSL.KeySet"] = "MachineKeySet";
d["IceSSL.CertFile"] = "s_rsa_ca1.p12";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
X509Store certStore = new X509Store("Root", StoreLocation.LocalMachine);
certStore.Open(OpenFlags.ReadWrite);
}
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "");
initData.properties.setProperty("IceSSL.ImportCert.CurrentUser.Root", "cacert1.pem");
initData.properties.setProperty("IceSSL.KeySet", "UserKeySet");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "");
d["IceSSL.ImportCert.CurrentUser.Root"] = "cacert1.pem";
d["IceSSL.KeySet"] = "UserKeySet";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
X509Store certStore = new X509Store("Root", StoreLocation.CurrentUser);
certStore.Open(OpenFlags.ReadWrite);
}
Console.Out.WriteLine("ok");
}
Console.Out.Write("testing IceSSL.FindCerts properties... ");
Console.Out.Flush();
{
string[] clientFindCertProperties = new string[]
{
"SUBJECTDN:'CN=Client, OU=Ice, O=\"ZeroC, Inc.\", L=Jupiter, S=Florida, C=US, [email protected]'",
"ISSUER:'ZeroC, Inc.' SUBJECT:Client SERIAL:02",
"ISSUERDN:'CN=ZeroC Test CA 1, OU=Ice, O=\"ZeroC, Inc.\",L=Jupiter, S=Florida, C=US,[email protected]' SUBJECT:Client",
"THUMBPRINT:'82 30 1E 35 9E 39 C1 D0 63 0D 67 3D 12 DD D4 96 90 1E EF 54'",
"SUBJECTKEYID:'FC 5D 4F AB F0 6C 03 11 B8 F3 68 CF 89 54 92 3F F9 79 2A 06'"
};
string[] serverFindCertProperties = new string[]
{
"SUBJECTDN:'CN=Server, OU=Ice, O=\"ZeroC, Inc.\", L=Jupiter, S=Florida, C=US, [email protected]'",
"ISSUER:'ZeroC, Inc.' SUBJECT:Server SERIAL:01",
"ISSUERDN:'CN=ZeroC Test CA 1, OU=Ice, O=\"ZeroC, Inc.\", L=Jupiter, S=Florida, C=US,[email protected]' SUBJECT:Server",
"THUMBPRINT:'C0 01 FF 9C C9 DA C8 0D 34 F6 2F DE 09 FB 28 0D 69 AB 78 BA'",
"SUBJECTKEYID:'47 84 AE F9 F2 85 3D 99 30 6A 03 38 41 1A B9 EB C3 9C B5 4D'"
};
string[] failFindCertProperties = new string[]
{
"nolabel",
"unknownlabel:foo",
"LABEL:",
"SUBJECTDN:'CN = Client, E = [email protected], OU = Ice, O = \"ZeroC, Inc.\", S = Florida, C = US'",
"ISSUER:'ZeroC, Inc.' SUBJECT:Client SERIAL:'02 02'",
"ISSUERDN:'[email protected], CN=ZeroC Test CA 1, OU=Ice, O=\"ZeroC, Inc.\"," +
" L=Jupiter, S=Florida, C=ES' SUBJECT:Client",
"THUMBPRINT:'27 e0 18 c9 23 12 6c f0 5c da fa 36 5a 4c 63 5a e2 53 07 ff'",
"SUBJECTKEYID:'a6 42 aa 17 04 41 86 56 67 e4 04 64 59 34 30 c7 4c 6b ef ff'"
};
string[] certificates = new string[] {"/s_rsa_ca1.p12", "/c_rsa_ca1.p12"};
X509Store certStore = new X509Store("My", StoreLocation.CurrentUser);
certStore.Open(OpenFlags.ReadWrite);
try
{
foreach(string cert in certificates)
{
certStore.Add(new X509Certificate2(defaultDir + cert, "password"));
}
for(int i = 0; i < clientFindCertProperties.Length; ++i)
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost, "", "cacert1");
initData.properties.setProperty("IceSSL.CertStore", "My");
initData.properties.setProperty("IceSSL.CertStoreLocation", "CurrentUser");
initData.properties.setProperty("IceSSL.FindCert", clientFindCertProperties[i]);
//
// Use TrustOnly to ensure the peer has pick the expected certificate.
//
initData.properties.setProperty("IceSSL.TrustOnly", "CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
d = createServerProps(defaultProperties, defaultDir, defaultHost, "", "cacert1");
// Use deprecated property here to test it
d["IceSSL.FindCert.CurrentUser.My"] = serverFindCertProperties[i];
//
// Use TrustOnly to ensure the peer has pick the expected certificate.
//
d["IceSSL.TrustOnly"] = "CN=Client";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
//
// These must fail because the search criteria does not match any certificates.
//
foreach(string s in failFindCertProperties)
{
try
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost);
initData.properties.setProperty("IceSSL.FindCert", s);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
test(false);
}
catch(Ice.PluginInitializationException)
{
// Expected
}
catch(Ice.LocalException)
{
test(false);
}
}
}
finally
{
foreach(string cert in certificates)
{
certStore.Remove(new X509Certificate2(defaultDir + cert, "password"));
}
certStore.Close();
}
//
// These must fail because we have already remove the certificates.
//
foreach(string s in clientFindCertProperties)
{
try
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost);
initData.properties.setProperty("IceSSL.FindCert.CurrentUser.My", s);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
test(false);
}
catch(Ice.PluginInitializationException)
{
// Expected
}
catch(Ice.LocalException)
{
test(false);
}
}
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing system CAs... ");
Console.Out.Flush();
{
initData = createClientProps(defaultProperties, defaultDir, defaultHost);
initData.properties.setProperty("IceSSL.VerifyDepthMax", "4");
initData.properties.setProperty("Ice.Override.Timeout", "5000"); // 5s timeout
Ice.Communicator comm = Ice.Util.initialize(initData);
Ice.ObjectPrx p = comm.stringToProxy("dummy:wss -h demo.zeroc.com -p 5064");
try
{
p.ice_ping();
test(false);
}
catch(Ice.SecurityException)
{
// Expected, by default we don't check for system CAs.
}
catch(Ice.LocalException)
{
test(false);
}
initData = createClientProps(defaultProperties, defaultDir, defaultHost);
initData.properties.setProperty("IceSSL.VerifyDepthMax", "4");
initData.properties.setProperty("Ice.Override.Timeout", "5000"); // 5s timeout
initData.properties.setProperty("IceSSL.UsePlatformCAs", "1");
comm = Ice.Util.initialize(initData);
p = comm.stringToProxy("dummy:wss -h demo.zeroc.com -p 5064");
IceSSL.WSSConnectionInfo info;
try
{
info = (IceSSL.WSSConnectionInfo)p.ice_getConnection().getInfo();
test(info.verified);
}
catch(Ice.LocalException)
{
test(false);
}
comm.destroy();
}
Console.Out.WriteLine("ok");
}
finally
{
if(isAdministrator)
{
store.Remove(caCert1);
store.Remove(caCert2);
}
store.Close();
}
return factory;
}
public static Test.ServerFactoryPrx allTests(Ice.Communicator communicator, string testDir)
{
string factoryRef = "factory:tcp -p 12010";
Ice.ObjectPrx b = communicator.stringToProxy(factoryRef);
test(b != null);
Test.ServerFactoryPrx factory = Test.ServerFactoryPrxHelper.checkedCast(b);
string defaultHost = communicator.getProperties().getProperty("Ice.Default.Host");
string defaultDir = testDir + "/../certs";
Ice.Properties defaultProperties = communicator.getProperties();
//
// Load the CA certificates. We could use the IceSSL.ImportCert property, but
// it would be nice to remove the CA certificates when the test finishes, so
// this test manually installs the certificates in the LocalMachine:AuthRoot
// store.
//
// Note that the client and server are assumed to run on the same machine,
// so the certificates installed by the client are also available to the
// server.
//
string caCert1File = defaultDir + "/cacert1.pem";
string caCert2File = defaultDir + "/cacert2.pem";
X509Certificate2 caCert1 = new X509Certificate2(caCert1File);
X509Certificate2 caCert2 = new X509Certificate2(caCert2File);
X509Store store = new X509Store(StoreName.AuthRoot, StoreLocation.LocalMachine);
try
{
store.Open(OpenFlags.ReadWrite);
}
catch(CryptographicException)
{
Console.Out.WriteLine("This test requires administrator privileges.");
return factory;
}
try
{
string[] args = new string[0];
Console.Out.Write("testing manual initialization... ");
Console.Out.Flush();
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("Ice.InitPlugins", "0");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.ObjectPrx p = comm.stringToProxy("dummy:ssl -p 9999");
try
{
p.ice_ping();
test(false);
}
catch(Ice.PluginInitializationException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("Ice.InitPlugins", "0");
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.PluginManager pm = comm.getPluginManager();
pm.initializePlugins();
Ice.ObjectPrx obj = comm.stringToProxy(factoryRef);
test(obj != null);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(obj);
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertAuthFile"] = caCert1File;
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
//
// Supply our own certificate.
//
X509Certificate2 cert = new X509Certificate2(defaultDir + "/c_rsa_nopass_ca1.pfx", "password");
X509Certificate2Collection coll = new X509Certificate2Collection();
coll.Add(cert);
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("Ice.InitPlugins", "0");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.PluginManager pm = comm.getPluginManager();
IceSSL.Plugin plugin = (IceSSL.Plugin)pm.getPlugin("IceSSL");
test(plugin != null);
plugin.setCertificates(coll);
pm.initializePlugins();
Ice.ObjectPrx obj = comm.stringToProxy(factoryRef);
test(obj != null);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(obj);
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.CertAuthFile"] = caCert1File;
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
//
// Supply our own CA certificate.
//
X509Certificate2 cert = new X509Certificate2(defaultDir + "/cacert1.pem");
X509Certificate2Collection coll = new X509Certificate2Collection();
coll.Add(cert);
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("Ice.InitPlugins", "0");
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.PluginManager pm = comm.getPluginManager();
IceSSL.Plugin plugin = (IceSSL.Plugin)pm.getPlugin("IceSSL");
test(plugin != null);
plugin.setCACertificates(coll);
pm.initializePlugins();
Ice.ObjectPrx obj = comm.stringToProxy(factoryRef);
test(obj != null);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(obj);
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.CertAuthFile"] = defaultDir + "/cacert1.pem";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing certificate verification... ");
Console.Out.Flush();
{
//
// Test IceSSL.VerifyPeer=1. Client does not have a certificate.
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "1";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.noCert();
}
catch(Ice.LocalException ex)
{ Console.WriteLine(ex.ToString());
test(false);
}
//
// Validate that we can get the connection info.
//
try
{
IceSSL.NativeConnectionInfo info =
(IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo();
test(info.certs != null);
}
catch(Ice.LocalException ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
//
// Test IceSSL.VerifyPeer=2. This should fail because the client
// does not supply a certificate.
//
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
d["IceSSL.CertAuthFile"] = caCert1File;
server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.ConnectionLostException)
{
// Expected.
}
catch(Ice.LocalException ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// Test IceSSL.VerifyPeer=1. Client has a certificate.
//
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "1";
d["IceSSL.CertAuthFile"] = caCert1File;
server = fact.createServer(d);
try
{
X509Certificate2 clientCert =
new X509Certificate2(defaultDir + "/c_rsa_nopass_ca1.pfx", "password");
server.checkCert(clientCert.Subject, clientCert.Issuer);
X509Certificate2 serverCert =
new X509Certificate2(defaultDir + "/s_rsa_nopass_ca1.pfx", "password");
X509Certificate2 caCert = new X509Certificate2(defaultDir + "/cacert1.pem");
IceSSL.NativeConnectionInfo info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo();
test(caCert.Equals(info.nativeCerts[1]));
test(serverCert.Equals(info.nativeCerts[0]));
}
catch(Exception ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
//
// Test IceSSL.VerifyPeer=2. Client has a certificate.
//
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
d["IceSSL.CertAuthFile"] = caCert1File;
server = fact.createServer(d);
try
{
X509Certificate2 clientCert =
new X509Certificate2(defaultDir + "/c_rsa_nopass_ca1.pfx", "password");
server.checkCert(clientCert.Subject, clientCert.Issuer);
}
catch(Exception ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// Test IceSSL.VerifyPeer=1. This should fail because the
// client doesn't trust the server's CA.
//
initData = createClientProps(defaultProperties, testDir, defaultHost);
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "1";
// Don't add the CA certificate.
server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.SecurityException)
{
// Expected.
}
catch(Ice.LocalException ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// This should succeed because the self signed certificate used by the server is
// trusted.
//
initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertAuthFile", caCert2File);
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/cacert2.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "0";
server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// This should fail because the self signed certificate used by the server is not
// trusted.
//
initData = createClientProps(defaultProperties, testDir, defaultHost);
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/cacert2.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "0";
server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.SecurityException)
{
// Expected.
}
catch(Ice.LocalException ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// Verify that IceSSL.CheckCertName has no effect in a server.
//
initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CheckCertName"] = "1";
d["IceSSL.CertAuthFile"] = caCert1File;
server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException ex)
{
Console.WriteLine(ex.ToString());
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// NOTE: We can't test IceSSL.CheckCertName here because the common name (CN) field of
// the server's certificate has the value "Server" and we can't use "Server" as a host
// name in an endpoint (it almost certainly wouldn't resolve correctly).
//
//
// Test IceSSL.CheckCertName. The test certificates for the server contain "127.0.0.1"
// as the common name or as a subject alternative name, so we only perform this test when
// the default host is "127.0.0.1".
//
if(defaultHost.Equals("127.0.0.1"))
{
//
// Test subject alternative name.
//
{
initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CheckCertName", "1");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CheckCertName"] = "1";
d["IceSSL.CertAuthFile"] = caCert1File;
server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
//
// Test common name.
//
{
initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CheckCertName", "1");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1_cn1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CheckCertName"] = "1";
d["IceSSL.CertAuthFile"] = caCert1File;
store.Add(caCert1);
server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
//
// Test common name again. The certificate used in this test has "127.0.0.11" as its
// common name, therefore the address "127.0.0.1" must NOT match.
//
{
initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CheckCertName", "1");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1_cn2.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CheckCertName"] = "1";
d["IceSSL.CertAuthFile"] = caCert1File;
server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
// Expected.
}
fact.destroyServer(server);
comm.destroy();
}
}
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing custom certificate verifier... ");
Console.Out.Flush();
{
//
// Verify that a server certificate is present.
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
IceSSL.Plugin plugin = (IceSSL.Plugin)comm.getPluginManager().getPlugin("IceSSL");
test(plugin != null);
CertificateVerifierI verifier = new CertificateVerifierI();
plugin.setCertificateVerifier(verifier);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
IceSSL.NativeConnectionInfo info =
(IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo();
server.checkCipher(info.cipher);
}
catch(Ice.LocalException)
{
test(false);
}
test(verifier.invoked());
test(verifier.hadCert());
//
// Have the verifier return false. Close the connection explicitly
// to force a new connection to be established.
//
verifier.reset();
verifier.returnValue(false);
server.ice_getConnection().close(false);
try
{
server.ice_ping();
test(false);
}
catch(Ice.SecurityException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
test(verifier.invoked());
test(verifier.hadCert());
fact.destroyServer(server);
comm.destroy();
}
{
//
// Verify that verifier is installed via property.
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertVerifier", "CertificateVerifierI");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
IceSSL.Plugin plugin = (IceSSL.Plugin)comm.getPluginManager().getPlugin("IceSSL");
test(plugin != null);
test(plugin.getCertificateVerifier() != null);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing protocols... ");
Console.Out.Flush();
{
//
// This should fail because the client and server have no protocol
// in common.
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.Protocols", "ssl3");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
d["IceSSL.Protocols"] = "tls1";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.ConnectionLostException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// This should succeed.
//
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
d["IceSSL.Protocols"] = "tls1, ssl3";
d["IceSSL.CertAuthFile"] = caCert1File;
server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// This should succeed with .NET 4.5 or greater and fails otherwise
//
bool is45OrGreater = false;
try
{
Enum.Parse(typeof(System.Security.Authentication.SslProtocols), "Tls12");
is45OrGreater = true;
}
catch(Exception)
{
}
try
{
initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.Protocols", "tls1_2");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
d["IceSSL.Protocols"] = "tls1_2";
d["IceSSL.CertAuthFile"] = caCert1File;
server = fact.createServer(d);
server.ice_ping();
fact.destroyServer(server);
comm.destroy();
}
catch(Ice.PluginInitializationException)
{
// Expected with .NET < 4.5
test(!is45OrGreater);
}
catch(Ice.LocalException)
{
test(false);
}
}
{
//
// This should fail because the client ony enables SSLv3 and the server
// uses the default protocol set that disables SSLv3
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.Protocols", "ssl3");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.ConnectionLostException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// This should success because the client and the server enables SSLv3
//
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
d["IceSSL.Protocols"] = "ssl3, tls1_0, tls1_1, tls1_2";
d["IceSSL.CertAuthFile"] = caCert1File;
server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing expired certificates... ");
Console.Out.Flush();
{
//
// This should fail because the server's certificate is expired.
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1_exp.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.SecurityException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// This should fail because the client's certificate is expired.
//
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1_exp.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
d["IceSSL.CertAuthFile"] = caCert1File;
server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.ConnectionLostException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing multiple CA certificates... ");
Console.Out.Flush();
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca2.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
store.Add(caCert1);
store.Add(caCert2);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
store.Remove(caCert2);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing passwords... ");
Console.Out.Flush();
{
//
// Test password failure.
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
// Don't specify the password.
//props.setProperty("IceSSL.Password", "password");
try
{
Ice.Util.initialize(ref args, initData);
test(false);
}
catch(Ice.PluginInitializationException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
}
{
//
// Test password failure with callback.
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("Ice.InitPlugins", "0");
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.PluginManager pm = comm.getPluginManager();
IceSSL.Plugin plugin = (IceSSL.Plugin)pm.getPlugin("IceSSL");
test(plugin != null);
PasswordCallbackI cb = new PasswordCallbackI("bogus");
plugin.setPasswordCallback(cb);
try
{
pm.initializePlugins();
test(false);
}
catch(Ice.PluginInitializationException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
comm.destroy();
}
{
//
// Test installation of password callback.
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("Ice.InitPlugins", "0");
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.PluginManager pm = comm.getPluginManager();
IceSSL.Plugin plugin = (IceSSL.Plugin)pm.getPlugin("IceSSL");
test(plugin != null);
PasswordCallbackI cb = new PasswordCallbackI();
plugin.setPasswordCallback(cb);
test(plugin.getPasswordCallback() == cb);
try
{
pm.initializePlugins();
}
catch(Ice.LocalException)
{
test(false);
}
comm.destroy();
}
{
//
// Test password callback property.
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.PasswordCallback", "PasswordCallbackI");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.PluginManager pm = comm.getPluginManager();
IceSSL.Plugin plugin = (IceSSL.Plugin)pm.getPlugin("IceSSL");
test(plugin != null);
test(plugin.getPasswordCallback() != null);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing IceSSL.TrustOnly... ");
Console.Out.Flush();
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly",
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Server");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly",
"!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Server");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly",
"C=US, ST=Florida, O=\"ZeroC, Inc.\",OU=Ice, [email protected], CN=Server");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly"] =
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly"] =
"!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly", "CN=Server");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly", "!CN=Server");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly"] = "CN=Client";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly"] = "!CN=Client";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly", "CN=Client");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly"] = "CN=Server";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly", "C=Canada,CN=Server");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly", "!C=Canada,CN=Server");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly", "C=Canada;CN=Server");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly", "!C=Canada;!CN=Server");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly", "!CN=Server1"); // Should not match "Server"
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly"] = "!CN=Client1"; // Should not match "Client"
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
//
// Rejection takes precedence (client).
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly", "ST=Florida;!CN=Server;C=US");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
//
// Rejection takes precedence (server).
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly"] = "C=US;!CN=Client;ST=Florida";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing IceSSL.TrustOnly.Client... ");
Console.Out.Flush();
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly.Client",
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Server");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
// Should have no effect.
d["IceSSL.TrustOnly.Client"] =
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Server";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly.Client",
"!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Server");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
// Should have no effect.
d["IceSSL.TrustOnly.Client"] = "!CN=Client";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly.Client", "CN=Client");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly.Client", "!CN=Client");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing IceSSL.TrustOnly.Server... ");
Console.Out.Flush();
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
// Should have no effect.
initData.properties.setProperty("IceSSL.TrustOnly.Server",
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly.Server"] =
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly.Server"] =
"!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
// Should have no effect.
initData.properties.setProperty("IceSSL.TrustOnly.Server", "!CN=Server");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly.Server"] = "CN=Server";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly.Server"] = "!CN=Client";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing IceSSL.TrustOnly.Server.<AdapterName>... ");
Console.Out.Flush();
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly.Server"] = "CN=bogus";
d["IceSSL.TrustOnly.Server.ServerAdapter"] =
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly.Server.ServerAdapter"] =
"!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly.Server.ServerAdapter"] = "CN=bogus";
d["IceSSL.CertAuthFile"] = caCert1File;
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly.Server.ServerAdapter"] = "!CN=bogus";
d["IceSSL.CertAuthFile"] = caCert1File;
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing IceSSL.KeySet... ");
Console.Out.Flush();
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.DefaultDir", defaultDir);
initData.properties.setProperty("IceSSL.ImportCert.LocalMachine.Root", "cacert1.pem");
initData.properties.setProperty("IceSSL.CertFile", "c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.KeySet", "MachineKeySet");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.DefaultDir"] = defaultDir;
d["IceSSL.ImportCert.LocalMachine.Root"] = "cacert1.pem";
d["IceSSL.KeySet"] = "MachineKeySet";
d["IceSSL.CertFile"] = "s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
X509Store certStore = new X509Store("Root", StoreLocation.LocalMachine);
certStore.Open(OpenFlags.ReadWrite);
certStore.Remove(new X509Certificate2(defaultDir + "/cacert1.pem"));
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.DefaultDir", defaultDir);
initData.properties.setProperty("IceSSL.ImportCert.CurrentUser.Root", "cacert1.pem");
initData.properties.setProperty("IceSSL.CertFile", "c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.KeySet", "UserKeySet");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.DefaultDir"] = defaultDir;
d["IceSSL.ImportCert.CurrentUser.Root"] = "cacert1.pem";
d["IceSSL.KeySet"] = "UserKeySet";
d["IceSSL.CertFile"] = "s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
X509Store certStore = new X509Store("Root", StoreLocation.CurrentUser);
certStore.Open(OpenFlags.ReadWrite);
certStore.Remove(new X509Certificate2(defaultDir + "/cacert1.pem"));
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing IceSSL.FindCerts properties... ");
Console.Out.Flush();
{
string[] clientFindCertProperties = new string[]
{
"SUBJECTDN:'CN=Client, [email protected], OU=Ice, O=\"ZeroC, Inc.\", S=Florida, C=US'",
"ISSUER:'ZeroC, Inc.' SUBJECT:Client SERIAL:02",
"ISSUERDN:'[email protected], CN=ZeroC Test CA 1, OU=Ice, O=\"ZeroC, Inc.\"," +
" L=Palm Beach Gardens, S=Florida, C=US' SUBJECT:Client",
"THUMBPRINT:'54 26 20 f0 93 a9 b6 bc 2a 8c 83 ef 14 d4 49 18 a3 18 67 46'",
"SUBJECTKEYID:'58 77 81 07 55 2a 0c 10 19 88 13 47 6f 27 6e 21 75 5f 85 ca'"
};
string[] serverFindCertProperties = new string[]
{
"SUBJECTDN:'CN=Server, [email protected], OU=Ice, O=\"ZeroC, Inc.\", S=Florida, C=US'",
"ISSUER:'ZeroC, Inc.' SUBJECT:Server SERIAL:01",
"ISSUERDN:'[email protected], CN=ZeroC Test CA 1, OU=Ice, O=\"ZeroC, Inc.\"," +
" L=Palm Beach Gardens, S=Florida, C=US' SUBJECT:Server",
"THUMBPRINT:'27 e0 18 c9 23 12 6c f0 5c da fa 36 5a 4c 63 5a e2 53 07 1a'",
"SUBJECTKEYID:'a6 42 aa 17 04 41 86 56 67 e4 04 64 59 34 30 c7 4c 6b ef a4'"
};
string[] failFindCertProperties = new string[]
{
"SUBJECTDN:'CN = Client, E = [email protected], OU = Ice, O = \"ZeroC, Inc.\", S = Florida, C = US'",
"ISSUER:'ZeroC, Inc.' SUBJECT:Client SERIAL:'02 02'",
"ISSUERDN:'[email protected], CN=ZeroC Test CA 1, OU=Ice, O=\"ZeroC, Inc.\"," +
" L=Palm Beach Gardens, S=Florida, C=ES' SUBJECT:Client",
"THUMBPRINT:'27 e0 18 c9 23 12 6c f0 5c da fa 36 5a 4c 63 5a e2 53 07 ff'",
"SUBJECTKEYID:'a6 42 aa 17 04 41 86 56 67 e4 04 64 59 34 30 c7 4c 6b ef ff'"
};
string[] certificates = new string[] {"/s_rsa_nopass_ca1.pfx", "/c_rsa_nopass_ca1.pfx"};
X509Store certStore = new X509Store("My", StoreLocation.CurrentUser);
certStore.Open(OpenFlags.ReadWrite);
try
{
foreach(string cert in certificates)
{
certStore.Add(new X509Certificate2(defaultDir + cert, "password"));
}
for(int i = 0; i < clientFindCertProperties.Length; ++i)
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.DefaultDir", defaultDir);
initData.properties.setProperty("IceSSL.CertAuthFile", "cacert1.pem");
initData.properties.setProperty("IceSSL.FindCert.CurrentUser.My", clientFindCertProperties[i]);
//
// Use TrustOnly to ensure the peer has pick the expected certificate.
//
initData.properties.setProperty("IceSSL.TrustOnly", "CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.DefaultDir"] = defaultDir;
d["IceSSL.CertAuthFile"] = "cacert1.pem";
d["IceSSL.FindCert.CurrentUser.My"] = serverFindCertProperties[i];
//
// Use TrustOnly to ensure the peer has pick the expected certificate.
//
d["IceSSL.TrustOnly"] = "CN=Client";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
}
//
// These must fail because the search criteria does not match any certificates.
//
foreach(string s in failFindCertProperties)
{
try
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.FindCert.CurrentUser.My", s);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
test(false);
}
catch(Ice.PluginInitializationException)
{
// Expected
}
catch(Ice.LocalException)
{
test(false);
}
}
}
finally
{
foreach(string cert in certificates)
{
certStore.Remove(new X509Certificate2(defaultDir + cert, "password"));
}
certStore.Close();
}
//
// These must fail because we have already remove the certificates.
//
foreach(string s in clientFindCertProperties)
{
try
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.FindCert.CurrentUser.My", s);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
test(false);
}
catch(Ice.PluginInitializationException)
{
// Expected
}
catch(Ice.LocalException)
{
test(false);
}
}
}
Console.Out.WriteLine("ok");
}
finally
{
store.Remove(caCert1);
store.Remove(caCert2);
store.Close();
}
return factory;
}
public static void BuildChain_MicrosoftDotCom_WithRootCertInUserAndSystemRootCertStores()
{
// Verifies that when the same root cert is placed in both a user and machine root certificate store,
// any certs chain building to that root cert will build correctly
//
// We use a copy of the microsoft.com SSL certs and root certs to validate that the chain can build
// successfully
bool shouldInstallCertToUserStore = true;
bool installedCertToUserStore = false;
using (var microsoftDotCom = new X509Certificate2(TestData.MicrosoftDotComSslCertBytes))
using (var microsoftDotComRoot = new X509Certificate2(TestData.MicrosoftDotComRootBytes))
{
// Check that microsoft.com's root certificate IS installed in the machine root store as a sanity step
using (var machineRootStore = new X509Store(StoreName.Root, StoreLocation.LocalMachine))
{
machineRootStore.Open(OpenFlags.ReadOnly);
bool foundCert = false;
foreach (var machineCert in machineRootStore.Certificates)
{
if (machineCert.Equals(microsoftDotComRoot))
{
foundCert = true;
}
machineCert.Dispose();
}
Assert.True(foundCert, string.Format("Did not find expected certificate with thumbprint '{0}' in the machine root store", microsoftDotComRoot.Thumbprint));
}
// Concievably at this point there could still be something wrong and we still don't chain build correctly - if that's
// the case, then there's likely something wrong with the machine. Validating that happy path is out of scope
// of this particular test.
// Check that microsoft.com's root certificate is NOT installed on in the user cert store as a sanity step
// We won't try to install the microsoft.com root cert into the user root store if it's already there
using (var userRootStore = new X509Store(StoreName.Root, StoreLocation.CurrentUser))
{
userRootStore.Open(OpenFlags.ReadOnly);
foreach (var userCert in userRootStore.Certificates)
{
bool foundCert = false;
if (userCert.Equals(microsoftDotComRoot))
{
foundCert = true;
}
userCert.Dispose();
if (foundCert)
{
shouldInstallCertToUserStore = false;
}
}
}
using (var userRootStore = new X509Store(StoreName.Root, StoreLocation.CurrentUser))
using (var chainHolder = new ChainHolder())
{
try
{
if (shouldInstallCertToUserStore)
{
userRootStore.Open(OpenFlags.ReadWrite);
userRootStore.Add(microsoftDotComRoot); // throws CryptographicException
installedCertToUserStore = true;
}
X509Chain chainValidator = chainHolder.Chain;
chainValidator.ChainPolicy.VerificationTime = new DateTime(2015, 10, 15, 12, 01, 01, DateTimeKind.Local);
chainValidator.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
bool chainBuildResult = chainValidator.Build(microsoftDotCom);
StringBuilder builder = new StringBuilder();
foreach (var status in chainValidator.ChainStatus)
{
builder.AppendFormat("{0} {1}{2}", status.Status, status.StatusInformation, Environment.NewLine);
}
Assert.True(chainBuildResult,
string.Format("Certificate chain build failed. ChainStatus is:{0}{1}", Environment.NewLine, builder.ToString()));
}
finally
{
if (installedCertToUserStore)
{
userRootStore.Remove(microsoftDotComRoot);
}
}
}
}
}
public static Test.ServerFactoryPrx allTests(Ice.Communicator communicator, string testDir)
{
string factoryRef = "factory:tcp -p 12010";
Ice.ObjectPrx b = communicator.stringToProxy(factoryRef);
test(b != null);
Test.ServerFactoryPrx factory = Test.ServerFactoryPrxHelper.checkedCast(b);
string defaultHost = communicator.getProperties().getProperty("Ice.Default.Host");
string defaultDir = testDir + "/../certs";
Ice.Properties defaultProperties = communicator.getProperties();
//
// Load the CA certificates. We could use the IceSSL.ImportCert property, but
// it would be nice to remove the CA certificates when the test finishes, so
// this test manually installs the certificates in the LocalMachine:AuthRoot
// store.
//
// Note that the client and server are assumed to run on the same machine,
// so the certificates installed by the client are also available to the
// server.
//
string caCert1File = defaultDir + "/cacert1.pem";
string caCert2File = defaultDir + "/cacert2.pem";
X509Certificate2 caCert1 = new X509Certificate2(caCert1File);
X509Certificate2 caCert2 = new X509Certificate2(caCert2File);
X509Store store = new X509Store(StoreName.AuthRoot, StoreLocation.LocalMachine);
try
{
store.Open(OpenFlags.ReadWrite);
}
catch(CryptographicException)
{
Console.Out.WriteLine("This test requires administrator privileges.");
return factory;
}
try
{
string[] args = new string[0];
Console.Out.Write("testing manual initialization... ");
Console.Out.Flush();
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("Ice.InitPlugins", "0");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.ObjectPrx p = comm.stringToProxy("dummy:ssl -p 9999");
try
{
p.ice_ping();
test(false);
}
catch(Ice.PluginInitializationException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("Ice.InitPlugins", "0");
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.PluginManager pm = comm.getPluginManager();
pm.initializePlugins();
Ice.ObjectPrx obj = comm.stringToProxy(factoryRef);
test(obj != null);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(obj);
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
//
// Supply our own certificate.
//
X509Certificate2 cert = new X509Certificate2(defaultDir + "/c_rsa_nopass_ca1.pfx", "password");
X509Certificate2Collection coll = new X509Certificate2Collection();
coll.Add(cert);
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("Ice.InitPlugins", "0");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.PluginManager pm = comm.getPluginManager();
IceSSL.Plugin plugin = (IceSSL.Plugin)pm.getPlugin("IceSSL");
test(plugin != null);
plugin.setCertificates(coll);
pm.initializePlugins();
Ice.ObjectPrx obj = comm.stringToProxy(factoryRef);
test(obj != null);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(obj);
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing certificate verification... ");
Console.Out.Flush();
{
//
// Test IceSSL.VerifyPeer=1. Client does not have a certificate.
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "1";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.noCert();
}
catch(Ice.LocalException)
{
test(false);
}
//
// Validate that we can get the connection info.
//
try
{
IceSSL.NativeConnectionInfo info =
(IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo();
test(info.certs != null);
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
//
// Test IceSSL.VerifyPeer=2. This should fail because the client
// does not supply a certificate.
//
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
store.Add(caCert1);
server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.ConnectionLostException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
//
// Test IceSSL.VerifyPeer=1. Client has a certificate.
//
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "1";
store.Add(caCert1);
server = fact.createServer(d);
try
{
X509Certificate2 clientCert =
new X509Certificate2(defaultDir + "/c_rsa_nopass_ca1.pfx", "password");
server.checkCert(clientCert.Subject, clientCert.Issuer);
X509Certificate2 serverCert =
new X509Certificate2(defaultDir + "/s_rsa_nopass_ca1.pfx", "password");
X509Certificate2 caCert = new X509Certificate2(defaultDir + "/cacert1.pem");
IceSSL.NativeConnectionInfo info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo();
test(caCert.Equals(info.nativeCerts[1]));
test(serverCert.Equals(info.nativeCerts[0]));
}
catch(Exception)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
//
// Test IceSSL.VerifyPeer=2. Client has a certificate.
//
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
store.Add(caCert1);
server = fact.createServer(d);
try
{
X509Certificate2 clientCert =
new X509Certificate2(defaultDir + "/c_rsa_nopass_ca1.pfx", "password");
server.checkCert(clientCert.Subject, clientCert.Issuer);
}
catch(Exception)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
//
// Test IceSSL.VerifyPeer=1. This should fail because the
// client doesn't trust the server's CA.
//
initData = createClientProps(defaultProperties, testDir, defaultHost);
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "1";
// Don't add the CA certificate.
//store.Add(caCert1);
server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.SecurityException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
//
// Verify that IceSSL.CheckCertName has no effect in a server.
//
initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CheckCertName"] = "1";
store.Add(caCert1);
server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
//
// NOTE: We can't test IceSSL.CheckCertName here because the common name (CN) field of
// the server's certificate has the value "Server" and we can't use "Server" as a host
// name in an endpoint (it almost certainly wouldn't resolve correctly).
//
//
// Test IceSSL.CheckCertName. The test certificates for the server contain "127.0.0.1"
// as the common name or as a subject alternative name, so we only perform this test when
// the default host is "127.0.0.1".
//
if(defaultHost.Equals("127.0.0.1"))
{
//
// Test subject alternative name.
//
{
initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CheckCertName", "1");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CheckCertName"] = "1";
store.Add(caCert1);
server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
//
// Test common name.
//
{
initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CheckCertName", "1");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1_cn1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CheckCertName"] = "1";
store.Add(caCert1);
server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
//
// Test common name again. The certificate used in this test has "127.0.0.11" as its
// common name, therefore the address "127.0.0.1" must NOT match.
//
{
initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CheckCertName", "1");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1_cn2.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.CheckCertName"] = "1";
store.Add(caCert1);
server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
// Expected.
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
}
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing custom certificate verifier... ");
Console.Out.Flush();
{
//
// Verify that a server certificate is present.
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
IceSSL.Plugin plugin = (IceSSL.Plugin)comm.getPluginManager().getPlugin("IceSSL");
test(plugin != null);
CertificateVerifierI verifier = new CertificateVerifierI();
plugin.setCertificateVerifier(verifier);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
IceSSL.NativeConnectionInfo info =
(IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo();
server.checkCipher(info.cipher);
}
catch(Ice.LocalException)
{
test(false);
}
test(verifier.invoked());
test(verifier.hadCert());
//
// Have the verifier return false. Close the connection explicitly
// to force a new connection to be established.
//
verifier.reset();
verifier.returnValue(false);
server.ice_getConnection().close(false);
try
{
server.ice_ping();
test(false);
}
catch(Ice.SecurityException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
test(verifier.invoked());
test(verifier.hadCert());
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
//
// Verify that verifier is installed via property.
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.CertVerifier", "CertificateVerifierI");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
IceSSL.Plugin plugin = (IceSSL.Plugin)comm.getPluginManager().getPlugin("IceSSL");
test(plugin != null);
test(plugin.getCertificateVerifier() != null);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing protocols... ");
Console.Out.Flush();
{
//
// This should fail because the client and server have no protocol
// in common.
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.Protocols", "ssl3");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
d["IceSSL.Protocols"] = "tls1";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.ConnectionLostException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
//
// This should succeed.
//
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
d["IceSSL.Protocols"] = "tls1, ssl3";
store.Add(caCert1);
server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing expired certificates... ");
Console.Out.Flush();
{
//
// This should fail because the server's certificate is expired.
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1_exp.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.SecurityException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
//
// This should fail because the client's certificate is expired.
//
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1_exp.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
comm = Ice.Util.initialize(ref args, initData);
fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
store.Add(caCert1);
server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.ConnectionLostException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing multiple CA certificates... ");
Console.Out.Flush();
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
test(fact != null);
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca2.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.VerifyPeer"] = "2";
store.Add(caCert1);
store.Add(caCert2);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
store.Remove(caCert2);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing passwords... ");
Console.Out.Flush();
{
//
// Test password failure.
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
// Don't specify the password.
//props.setProperty("IceSSL.Password", "password");
try
{
Ice.Util.initialize(ref args, initData);
test(false);
}
catch(Ice.PluginInitializationException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
}
{
//
// Test password failure with callback.
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("Ice.InitPlugins", "0");
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.PluginManager pm = comm.getPluginManager();
IceSSL.Plugin plugin = (IceSSL.Plugin)pm.getPlugin("IceSSL");
test(plugin != null);
PasswordCallbackI cb = new PasswordCallbackI("bogus");
plugin.setPasswordCallback(cb);
try
{
pm.initializePlugins();
test(false);
}
catch(Ice.PluginInitializationException)
{
// Expected.
}
catch(Ice.LocalException)
{
test(false);
}
comm.destroy();
}
{
//
// Test installation of password callback.
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("Ice.InitPlugins", "0");
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.PluginManager pm = comm.getPluginManager();
IceSSL.Plugin plugin = (IceSSL.Plugin)pm.getPlugin("IceSSL");
test(plugin != null);
PasswordCallbackI cb = new PasswordCallbackI();
plugin.setPasswordCallback(cb);
test(plugin.getPasswordCallback() == cb);
try
{
pm.initializePlugins();
}
catch(Ice.LocalException)
{
test(false);
}
comm.destroy();
}
{
//
// Test password callback property.
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.PasswordCallback", "PasswordCallbackI");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Ice.PluginManager pm = comm.getPluginManager();
IceSSL.Plugin plugin = (IceSSL.Plugin)pm.getPlugin("IceSSL");
test(plugin != null);
test(plugin.getPasswordCallback() != null);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing IceSSL.TrustOnly... ");
Console.Out.Flush();
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly",
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly",
"!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly",
"C=US, ST=Florida, O=\"ZeroC, Inc.\",OU=Ice, [email protected], CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly"] =
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly"] =
"!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly", "CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly", "!CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly"] = "CN=Client";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly"] = "!CN=Client";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly", "CN=Client");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly"] = "CN=Server";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly", "C=Canada,CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly", "!C=Canada,CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly", "C=Canada;CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly", "!C=Canada;!CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly", "!CN=Server1"); // Should not match "Server"
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly"] = "!CN=Client1"; // Should not match "Client"
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
//
// Rejection takes precedence (client).
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly", "ST=Florida;!CN=Server;C=US");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
//
// Rejection takes precedence (server).
//
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly"] = "C=US;!CN=Client;ST=Florida";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing IceSSL.TrustOnly.Client... ");
Console.Out.Flush();
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly.Client",
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
// Should have no effect.
d["IceSSL.TrustOnly.Client"] =
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Server";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly.Client",
"!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
// Should have no effect.
d["IceSSL.TrustOnly.Client"] = "!CN=Client";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly.Client", "CN=Client");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.TrustOnly.Client", "!CN=Client");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing IceSSL.TrustOnly.Server... ");
Console.Out.Flush();
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
// Should have no effect.
initData.properties.setProperty("IceSSL.TrustOnly.Server",
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly.Server"] =
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly.Server"] =
"!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
// Should have no effect.
initData.properties.setProperty("IceSSL.TrustOnly.Server", "!CN=Server");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly.Server"] = "CN=Server";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly.Server"] = "!CN=Client";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing IceSSL.TrustOnly.Server.<AdapterName>... ");
Console.Out.Flush();
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly.Server"] = "CN=bogus";
d["IceSSL.TrustOnly.Server.ServerAdapter"] =
"C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly.Server.ServerAdapter"] =
"!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, [email protected], CN=Client";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly.Server.ServerAdapter"] = "CN=bogus";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
test(false);
}
catch(Ice.LocalException)
{
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.CertFile", defaultDir + "/c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.CertFile"] = defaultDir + "/s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
d["IceSSL.TrustOnly.Server.ServerAdapter"] = "!CN=bogus";
store.Add(caCert1);
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
store.Remove(caCert1);
comm.destroy();
}
Console.Out.WriteLine("ok");
Console.Out.Write("testing IceSSL.KeySet... ");
Console.Out.Flush();
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.DefaultDir", defaultDir);
initData.properties.setProperty("IceSSL.ImportCert.LocalMachine.Root", "cacert1.pem");
initData.properties.setProperty("IceSSL.CertFile", "c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.KeySet", "MachineKeySet");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.DefaultDir"] = defaultDir;
d["IceSSL.ImportCert.LocalMachine.Root"] = "cacert1.pem";
d["IceSSL.KeySet"] = "MachineKeySet";
d["IceSSL.CertFile"] = "s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
X509Store certStore = new X509Store("Root", StoreLocation.LocalMachine);
certStore.Open(OpenFlags.ReadWrite);
certStore.Remove(new X509Certificate2(defaultDir + "/cacert1.pem"));
}
{
Ice.InitializationData initData = createClientProps(defaultProperties, testDir, defaultHost);
initData.properties.setProperty("IceSSL.DefaultDir", defaultDir);
initData.properties.setProperty("IceSSL.ImportCert.CurrentUser.Root", "cacert1.pem");
initData.properties.setProperty("IceSSL.CertFile", "c_rsa_nopass_ca1.pfx");
initData.properties.setProperty("IceSSL.Password", "password");
initData.properties.setProperty("IceSSL.KeySet", "UserKeySet");
Ice.Communicator comm = Ice.Util.initialize(ref args, initData);
Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
Dictionary<string, string> d = createServerProps(defaultProperties, testDir, defaultHost);
d["IceSSL.DefaultDir"] = defaultDir;
d["IceSSL.ImportCert.CurrentUser.Root"] = "cacert1.pem";
d["IceSSL.KeySet"] = "UserKeySet";
d["IceSSL.CertFile"] = "s_rsa_nopass_ca1.pfx";
d["IceSSL.Password"] = "******";
Test.ServerPrx server = fact.createServer(d);
try
{
server.ice_ping();
}
catch(Ice.LocalException)
{
test(false);
}
fact.destroyServer(server);
comm.destroy();
X509Store certStore = new X509Store("Root", StoreLocation.CurrentUser);
certStore.Open(OpenFlags.ReadWrite);
certStore.Remove(new X509Certificate2(defaultDir + "/cacert1.pem"));
}
Console.Out.WriteLine("ok");
}
finally
{
store.Remove(caCert1);
store.Remove(caCert2);
store.Close();
}
return factory;
}
