ICE-5625 tests for C++/JAVA/.NET

author: Jose <jose@zeroc.com> 2014-08-11 18:17:39 +0200
committer: Jose <jose@zeroc.com> 2014-08-11 18:17:39 +0200
commit: 07654a075bb24782714b687c27ce570bed48c18d (patch)
tree: ec52f798a09bf8ed6627c08434df9ab65f38fadd /cpp
parent: SChannel minor fix for Java compativilty. (diff)
download: ice-07654a075bb24782714b687c27ce570bed48c18d.tar.bz2
ice-07654a075bb24782714b687c27ce570bed48c18d.tar.xz
ice-07654a075bb24782714b687c27ce570bed48c18d.zip
3 files changed, 83 insertions, 0 deletions
diff --git a/cpp/test/IceSSL/certs/cacert2.pfx b/cpp/test/IceSSL/certs/cacert2.pfx
new file mode 100644
index 00000000000..1c6ab273b9e
--- /dev/null
+++ b/cpp/test/IceSSL/certs/cacert2.pfx
diff --git a/cpp/test/IceSSL/certs/makecerts b/cpp/test/IceSSL/certs/makecerts
index 87993784581..1c6344a9dfb 100755
--- a/cpp/test/IceSSL/certs/makecerts
+++ b/cpp/test/IceSSL/certs/makecerts
@@ -37,6 +37,8 @@ if ! [ -f cakey1.pem ]; then
     openssl req -config test_ca2.cnf -x509 -days 3650 -newkey rsa:1024 -keyout cakey2.pem -out cacert2.pem \
         -outform PEM -nodes
 
+    openssl pkcs12 -in cacert2.pem -inkey cakey2.pem -export -out cacert2.pfx -passout pass:password
+    
     #
     # In order for OpenSSL to locate CA certificates dynamically at run time, the
     # directory containing the certificates must be indexed. Typically this is
@@ -55,6 +57,8 @@ if ! [ -f cakey1.pem ]; then
     #
     cp cacert1.pem `openssl x509 -subject_hash_old -noout -in cacert1.pem`.0
     cp cacert2.pem `openssl x509 -subject_hash_old -noout -in cacert2.pem`.0
+    
+    
 
     #
     # Create a server certificate and key (no password).
diff --git a/cpp/test/IceSSL/configuration/AllTests.cpp b/cpp/test/IceSSL/configuration/AllTests.cpp
index 3fc3dac0a4a..371ade399cb 100644
--- a/cpp/test/IceSSL/configuration/AllTests.cpp
+++ b/cpp/test/IceSSL/configuration/AllTests.cpp
@@ -646,6 +646,85 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool pfx, b
         comm->destroy();
 
         //
+        // This should succeed because the self signed certificate used by the server is
+        // trusted. The IceSSL.DefaultDir setting in the client allows OpenSSL to find 
+        // the server's CA certificate.
+        //
+        initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, pfx);
+        comm = initialize(initData);
+        fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
+        test(fact);
+        d = createServerProps(defaultProperties, defaultDir, defaultHost, pfx);
+        if(pfx)
+        {
+            d["IceSSL.CertFile"] = defaultDir + "/cacert2.pfx";
+        }
+        else
+        {
+            d["IceSSL.CertFile"] = defaultDir + "/cacert2.pem";
+            d["IceSSL.KeyFile"] = defaultDir + "/cakey2.pem";
+        }
+        d["IceSSL.VerifyPeer"] = "0";
+        server = fact->createServer(d);
+        try
+        {
+            server->ice_ping();
+        }
+        catch(const LocalException&)
+        {
+            test(false);
+        }
+        fact->destroyServer(server);
+
+        comm->destroy();
+        
+        //
+        // This should fail because the self signed certificate used by the server is not
+        // trusted.  The IceSSL.DefaultDir setting in the client allows OpenSSL to find 
+        // the server's CA certificate. We have to disable IceSSL.DefaultDir in the client 
+        // so that it can't find the server's CA certificate.
+        //
+        initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, pfx);
+        initData.properties->setProperty("IceSSL.DefaultDir", "");
+        comm = initialize(initData);
+        fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
+        test(fact);
+        d = createServerProps(defaultProperties, defaultDir, defaultHost, pfx);
+        if(pfx)
+        {
+            d["IceSSL.CertFile"] = defaultDir + "/cacert2.pfx";
+        }
+        else
+        {
+            d["IceSSL.CertFile"] = defaultDir + "/cacert2.pem";
+            d["IceSSL.KeyFile"] = defaultDir + "/cakey2.pem";
+        }
+        d["IceSSL.VerifyPeer"] = "0";
+        server = fact->createServer(d);
+        try
+        {
+            server->ice_ping();
+            test(false);
+        }
+        catch(const ProtocolException&)
+        {
+            // Expected.
+        }
+#ifdef _WIN32
+        catch(const ConnectionLostException&)
+        {
+            // Expected.
+        }
+#endif
+        catch(const LocalException&)
+        {
+            test(false);
+        }
+        fact->destroyServer(server);
+
+        comm->destroy();
+
+        //
         // Verify that IceSSL.CheckCertName has no effect in a server.
         //
         initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, pfx);
author	Jose <jose@zeroc.com>	2014-08-11 18:17:39 +0200
committer	Jose <jose@zeroc.com>	2014-08-11 18:17:39 +0200
commit	07654a075bb24782714b687c27ce570bed48c18d (patch)
tree	ec52f798a09bf8ed6627c08434df9ab65f38fadd /cpp
parent	SChannel minor fix for Java compativilty. (diff)
download	ice-07654a075bb24782714b687c27ce570bed48c18d.tar.bz2 ice-07654a075bb24782714b687c27ce570bed48c18d.tar.xz ice-07654a075bb24782714b687c27ce570bed48c18d.zip