Adding as part of a rename.

author: Anthony Neal <aneal@zeroc.com> 2002-03-25 16:21:54 +0000
committer: Anthony Neal <aneal@zeroc.com> 2002-03-25 16:21:54 +0000
commit: 4dd2bc02815ac21aa820821beb177523c511633c (patch)
tree: 8643af73ef50e25d93b6eb5485639518839762cd /cpp/test/IceSSL/certificateVerification/Client.cpp
parent: Removing as part of a rename. (diff)
download: ice-4dd2bc02815ac21aa820821beb177523c511633c.tar.bz2
ice-4dd2bc02815ac21aa820821beb177523c511633c.tar.xz
ice-4dd2bc02815ac21aa820821beb177523c511633c.zip
1 files changed, 216 insertions, 0 deletions
diff --git a/cpp/test/IceSSL/certificateVerification/Client.cpp b/cpp/test/IceSSL/certificateVerification/Client.cpp
new file mode 100644
index 00000000000..5929d4d9b5a
--- /dev/null
+++ b/cpp/test/IceSSL/certificateVerification/Client.cpp
@@ -0,0 +1,216 @@
+// **********************************************************************
+//
+// Copyright (c) 2002
+// MutableRealms, Inc.
+// Huntsville, AL, USA
+//
+// All Rights Reserved
+//
+// **********************************************************************
+
+#include <Ice/Ice.h>
+#include <Ice/System.h>
+#include <Ice/SslException.h>
+#include <Ice/SslExtension.h>
+#include <TestCommon.h>
+#include <Pinger.h>
+
+using namespace std;
+
+int
+run(int argc, char* argv[], const Ice::CommunicatorPtr& communicator)
+{
+    string ref = "pinger:ssl -p 12345 -t 2000";
+
+    KeyManagerPrx km = KeyManagerPrx::checkedCast(communicator->stringToProxy("keyManager:tcp -p 12344 -t 2000"));
+
+    Ice::ByteSeq serverTrustedCert;
+    Ice::ByteSeq serverUntrustedCert;
+    Ice::ByteSeq clientTrustedKey;
+    Ice::ByteSeq clientTrustedCert;
+    Ice::ByteSeq clientUntrustedKey;
+    Ice::ByteSeq clientUntrustedCert;
+
+    km->getServerCerts(serverTrustedCert,serverUntrustedCert);
+    km->getTrustedClientKeys(clientTrustedKey,clientTrustedCert);
+    km->getUntrustedClientKeys(clientUntrustedKey,clientUntrustedCert);
+
+    IceSSL::SystemPtr sslSystem = communicator->getSslSystem();
+
+    Ice::PropertiesPtr properties = communicator->getProperties();
+
+    bool singleCertVerifier = false;
+    if (properties->getProperty("Ice.SSL.Client.CertificateVerifier") == "singleCert")
+    {
+        singleCertVerifier = true;
+    }
+
+/*
+
+// Note: This section is commented out because Ice is currently not destroying SslTransceivers
+//       properly, resulting in cached connections (which cause the expected failure sections
+//       to succeed, causing the test to fail).
+
+    if (!singleCertVerifier)
+    {
+        cout << "client and server trusted, client using stock certificate... ";
+
+        properties->setProperty("Ice.SSL.Client.CertPath","../certs");
+        properties->setProperty("Ice.SSL.Client.Config", "sslconfig_6.xml");
+        sslSystem->configure(IceSSL::Client);
+        sslSystem->addTrustedCertificate(IceSSL::Client, serverTrustedCert);
+        try
+        {
+            PingerPrx pinger = PingerPrx::checkedCast(communicator->stringToProxy(ref));
+            pinger->ping();
+            cout << "ok" << endl;
+        }
+        catch(const Ice::LocalException& localEx)
+        {
+            cout << localEx << endl;
+            km->shutdown();
+            test(false);
+        }
+    }
+*/
+
+    properties->setProperty("Ice.SSL.Client.CertPath","../certs");
+    properties->setProperty("Ice.SSL.Client.Config", "sslconfig_7.xml");
+
+    cout << "client and server do not trust each other... " << flush;
+
+    // Neither Client nor Server will trust.
+    sslSystem->configure(IceSSL::Client);
+    sslSystem->addTrustedCertificate(IceSSL::Client, serverUntrustedCert);
+    if (singleCertVerifier)
+    {
+        IceSSL::SslExtensionPtr sslExtension = communicator->getSslExtension();
+        IceSSL::CertificateVerifierPtr certVerifier = sslExtension->getSingleCertVerifier(serverUntrustedCert);
+        sslSystem->setCertificateVerifier(IceSSL::Client, certVerifier);
+    }
+    sslSystem->setRSAKeys(IceSSL::Client, clientUntrustedKey, clientUntrustedCert);
+    try
+    {
+        PingerPrx pinger = PingerPrx::checkedCast(communicator->stringToProxy(ref));
+        pinger->ping();
+        km->shutdown();
+        test(false);
+    }
+    catch(const IceSSL::CertificateVerificationException&)
+    {
+	cout << "ok" << endl;
+    }
+    catch(const Ice::LocalException&)
+    {
+        km->shutdown();
+        test(false);
+    }
+
+    cout << "client trusted, server not trusted... " << flush;
+
+    // Client will not trust Server, but Server will trust Client.
+    sslSystem->setRSAKeys(IceSSL::Client, clientTrustedKey, clientTrustedCert);
+    try
+    {
+        PingerPrx pinger = PingerPrx::checkedCast(communicator->stringToProxy(ref));
+        pinger->ping();
+        km->shutdown();
+        test(false);
+    }
+    catch(const IceSSL::CertificateVerificationException&)
+    {
+	cout << "ok" << endl;
+    }
+    catch(const Ice::LocalException&)
+    {
+        km->shutdown();
+        test(false);
+    }
+
+    cout << "client trusts server, server does not trust client... " << flush;
+
+    // Client trusts, Server does not.
+    sslSystem->configure(IceSSL::Client);
+    sslSystem->addTrustedCertificate(IceSSL::Client, serverTrustedCert);
+    if (singleCertVerifier)
+    {
+        IceSSL::SslExtensionPtr sslExtension = communicator->getSslExtension();
+        IceSSL::CertificateVerifierPtr certVerifier = sslExtension->getSingleCertVerifier(serverTrustedCert);
+        sslSystem->setCertificateVerifier(IceSSL::Client, certVerifier);
+    }
+    sslSystem->setRSAKeys(IceSSL::Client, clientUntrustedKey, clientUntrustedCert);
+    try
+    {
+        PingerPrx pinger = PingerPrx::checkedCast(communicator->stringToProxy(ref));
+        pinger->ping();
+        km->shutdown();
+        test(false);
+    }
+    catch(const IceSSL::ProtocolException&)
+    {
+        // Note: We expect that the server will send an alert 48 back to the client,
+        //       generating this exception.
+	cout << "ok" << endl;
+    }
+    catch(const Ice::LocalException&)
+    {
+        km->shutdown();
+        test(false);
+    }
+
+    cout << "both client and server trust each other... " << flush;
+
+    // Both Client and Server trust.
+    sslSystem->setRSAKeys(IceSSL::Client, clientTrustedKey, clientTrustedCert);
+
+    try
+    {
+        PingerPrx pinger = PingerPrx::checkedCast(communicator->stringToProxy(ref));
+	pinger->ping();
+	cout << "ok" << endl;
+    }
+    catch(const Ice::LocalException&)
+    {
+        km->shutdown();
+        test(false);
+    }
+
+    cout << "shutting down... " << flush;
+    km->shutdown();
+    cout << "ok" << endl;
+
+    return EXIT_SUCCESS;
+}
+
+int
+main(int argc, char* argv[])
+{
+    int status;
+    Ice::CommunicatorPtr communicator;
+
+    try
+    {
+	communicator = Ice::initialize(argc, argv);
+	status = run(argc, argv, communicator);
+    }
+    catch(const Ice::Exception& ex)
+    {
+	cerr << ex << endl;
+	status = EXIT_FAILURE;
+    }
+
+    if (communicator)
+    {
+	try
+	{
+	    communicator->destroy();
+	}
+	catch(const Ice::Exception& ex)
+	{
+	    cerr << ex << endl;
+	    status = EXIT_FAILURE;
+	}
+    }
+
+    return status;
+}
author	Anthony Neal <aneal@zeroc.com>	2002-03-25 16:21:54 +0000
committer	Anthony Neal <aneal@zeroc.com>	2002-03-25 16:21:54 +0000
commit	4dd2bc02815ac21aa820821beb177523c511633c (patch)
tree	8643af73ef50e25d93b6eb5485639518839762cd /cpp/test/IceSSL/certificateVerification/Client.cpp
parent	Removing as part of a rename. (diff)
download	ice-4dd2bc02815ac21aa820821beb177523c511633c.tar.bz2 ice-4dd2bc02815ac21aa820821beb177523c511633c.tar.xz ice-4dd2bc02815ac21aa820821beb177523c511633c.zip