Adding as part of a rename.

author: Anthony Neal <aneal@zeroc.com> 2002-03-25 16:21:54 +0000
committer: Anthony Neal <aneal@zeroc.com> 2002-03-25 16:21:54 +0000
commit: 4dd2bc02815ac21aa820821beb177523c511633c (patch)
tree: 8643af73ef50e25d93b6eb5485639518839762cd /cpp
parent: Removing as part of a rename. (diff)
download: ice-4dd2bc02815ac21aa820821beb177523c511633c.tar.bz2
ice-4dd2bc02815ac21aa820821beb177523c511633c.tar.xz
ice-4dd2bc02815ac21aa820821beb177523c511633c.zip
3 files changed, 606 insertions, 0 deletions
diff --git a/cpp/test/IceSSL/certificateVerification/Client.cpp b/cpp/test/IceSSL/certificateVerification/Client.cpp
new file mode 100644
index 00000000000..5929d4d9b5a
--- /dev/null
+++ b/cpp/test/IceSSL/certificateVerification/Client.cpp
@@ -0,0 +1,216 @@
+// **********************************************************************
+//
+// Copyright (c) 2002
+// MutableRealms, Inc.
+// Huntsville, AL, USA
+//
+// All Rights Reserved
+//
+// **********************************************************************
+
+#include <Ice/Ice.h>
+#include <Ice/System.h>
+#include <Ice/SslException.h>
+#include <Ice/SslExtension.h>
+#include <TestCommon.h>
+#include <Pinger.h>
+
+using namespace std;
+
+int
+run(int argc, char* argv[], const Ice::CommunicatorPtr& communicator)
+{
+    string ref = "pinger:ssl -p 12345 -t 2000";
+
+    KeyManagerPrx km = KeyManagerPrx::checkedCast(communicator->stringToProxy("keyManager:tcp -p 12344 -t 2000"));
+
+    Ice::ByteSeq serverTrustedCert;
+    Ice::ByteSeq serverUntrustedCert;
+    Ice::ByteSeq clientTrustedKey;
+    Ice::ByteSeq clientTrustedCert;
+    Ice::ByteSeq clientUntrustedKey;
+    Ice::ByteSeq clientUntrustedCert;
+
+    km->getServerCerts(serverTrustedCert,serverUntrustedCert);
+    km->getTrustedClientKeys(clientTrustedKey,clientTrustedCert);
+    km->getUntrustedClientKeys(clientUntrustedKey,clientUntrustedCert);
+
+    IceSSL::SystemPtr sslSystem = communicator->getSslSystem();
+
+    Ice::PropertiesPtr properties = communicator->getProperties();
+
+    bool singleCertVerifier = false;
+    if (properties->getProperty("Ice.SSL.Client.CertificateVerifier") == "singleCert")
+    {
+        singleCertVerifier = true;
+    }
+
+/*
+
+// Note: This section is commented out because Ice is currently not destroying SslTransceivers
+//       properly, resulting in cached connections (which cause the expected failure sections
+//       to succeed, causing the test to fail).
+
+    if (!singleCertVerifier)
+    {
+        cout << "client and server trusted, client using stock certificate... ";
+
+        properties->setProperty("Ice.SSL.Client.CertPath","../certs");
+        properties->setProperty("Ice.SSL.Client.Config", "sslconfig_6.xml");
+        sslSystem->configure(IceSSL::Client);
+        sslSystem->addTrustedCertificate(IceSSL::Client, serverTrustedCert);
+        try
+        {
+            PingerPrx pinger = PingerPrx::checkedCast(communicator->stringToProxy(ref));
+            pinger->ping();
+            cout << "ok" << endl;
+        }
+        catch(const Ice::LocalException& localEx)
+        {
+            cout << localEx << endl;
+            km->shutdown();
+            test(false);
+        }
+    }
+*/
+
+    properties->setProperty("Ice.SSL.Client.CertPath","../certs");
+    properties->setProperty("Ice.SSL.Client.Config", "sslconfig_7.xml");
+
+    cout << "client and server do not trust each other... " << flush;
+
+    // Neither Client nor Server will trust.
+    sslSystem->configure(IceSSL::Client);
+    sslSystem->addTrustedCertificate(IceSSL::Client, serverUntrustedCert);
+    if (singleCertVerifier)
+    {
+        IceSSL::SslExtensionPtr sslExtension = communicator->getSslExtension();
+        IceSSL::CertificateVerifierPtr certVerifier = sslExtension->getSingleCertVerifier(serverUntrustedCert);
+        sslSystem->setCertificateVerifier(IceSSL::Client, certVerifier);
+    }
+    sslSystem->setRSAKeys(IceSSL::Client, clientUntrustedKey, clientUntrustedCert);
+    try
+    {
+        PingerPrx pinger = PingerPrx::checkedCast(communicator->stringToProxy(ref));
+        pinger->ping();
+        km->shutdown();
+        test(false);
+    }
+    catch(const IceSSL::CertificateVerificationException&)
+    {
+	cout << "ok" << endl;
+    }
+    catch(const Ice::LocalException&)
+    {
+        km->shutdown();
+        test(false);
+    }
+
+    cout << "client trusted, server not trusted... " << flush;
+
+    // Client will not trust Server, but Server will trust Client.
+    sslSystem->setRSAKeys(IceSSL::Client, clientTrustedKey, clientTrustedCert);
+    try
+    {
+        PingerPrx pinger = PingerPrx::checkedCast(communicator->stringToProxy(ref));
+        pinger->ping();
+        km->shutdown();
+        test(false);
+    }
+    catch(const IceSSL::CertificateVerificationException&)
+    {
+	cout << "ok" << endl;
+    }
+    catch(const Ice::LocalException&)
+    {
+        km->shutdown();
+        test(false);
+    }
+
+    cout << "client trusts server, server does not trust client... " << flush;
+
+    // Client trusts, Server does not.
+    sslSystem->configure(IceSSL::Client);
+    sslSystem->addTrustedCertificate(IceSSL::Client, serverTrustedCert);
+    if (singleCertVerifier)
+    {
+        IceSSL::SslExtensionPtr sslExtension = communicator->getSslExtension();
+        IceSSL::CertificateVerifierPtr certVerifier = sslExtension->getSingleCertVerifier(serverTrustedCert);
+        sslSystem->setCertificateVerifier(IceSSL::Client, certVerifier);
+    }
+    sslSystem->setRSAKeys(IceSSL::Client, clientUntrustedKey, clientUntrustedCert);
+    try
+    {
+        PingerPrx pinger = PingerPrx::checkedCast(communicator->stringToProxy(ref));
+        pinger->ping();
+        km->shutdown();
+        test(false);
+    }
+    catch(const IceSSL::ProtocolException&)
+    {
+        // Note: We expect that the server will send an alert 48 back to the client,
+        //       generating this exception.
+	cout << "ok" << endl;
+    }
+    catch(const Ice::LocalException&)
+    {
+        km->shutdown();
+        test(false);
+    }
+
+    cout << "both client and server trust each other... " << flush;
+
+    // Both Client and Server trust.
+    sslSystem->setRSAKeys(IceSSL::Client, clientTrustedKey, clientTrustedCert);
+
+    try
+    {
+        PingerPrx pinger = PingerPrx::checkedCast(communicator->stringToProxy(ref));
+	pinger->ping();
+	cout << "ok" << endl;
+    }
+    catch(const Ice::LocalException&)
+    {
+        km->shutdown();
+        test(false);
+    }
+
+    cout << "shutting down... " << flush;
+    km->shutdown();
+    cout << "ok" << endl;
+
+    return EXIT_SUCCESS;
+}
+
+int
+main(int argc, char* argv[])
+{
+    int status;
+    Ice::CommunicatorPtr communicator;
+
+    try
+    {
+	communicator = Ice::initialize(argc, argv);
+	status = run(argc, argv, communicator);
+    }
+    catch(const Ice::Exception& ex)
+    {
+	cerr << ex << endl;
+	status = EXIT_FAILURE;
+    }
+
+    if (communicator)
+    {
+	try
+	{
+	    communicator->destroy();
+	}
+	catch(const Ice::Exception& ex)
+	{
+	    cerr << ex << endl;
+	    status = EXIT_FAILURE;
+	}
+    }
+
+    return status;
+}
diff --git a/cpp/test/IceSSL/certificateVerification/Server.cpp b/cpp/test/IceSSL/certificateVerification/Server.cpp
new file mode 100644
index 00000000000..7ff69f96663
--- /dev/null
+++ b/cpp/test/IceSSL/certificateVerification/Server.cpp
@@ -0,0 +1,206 @@
+// **********************************************************************
+//
+// Copyright (c) 2002
+// MutableRealms, Inc.
+// Huntsville, AL, USA
+//
+// All Rights Reserved
+//
+// **********************************************************************
+
+#include <Ice/Ice.h>
+#include <Ice/RSACertificateGen.h>
+#include <Ice/RSAKeyPair.h>
+#include <Ice/SslExtension.h>
+#include <Ice/System.h>
+#include <Pinger.h>
+
+using namespace std;
+
+
+class KeyManagerI : public KeyManager
+{
+
+public:
+    KeyManagerI(const IceSSL::OpenSSL::RSAKeyPairPtr&, const IceSSL::OpenSSL::RSAKeyPairPtr&,
+                const IceSSL::OpenSSL::RSAKeyPairPtr&, const IceSSL::OpenSSL::RSAKeyPairPtr&,
+                const Ice::CommunicatorPtr&);
+
+    virtual void getServerCerts(Ice::ByteSeq&, Ice::ByteSeq&, const ::Ice::Current&);
+    virtual void getTrustedClientKeys(Ice::ByteSeq&, Ice::ByteSeq&, const ::Ice::Current&);
+    virtual void getUntrustedClientKeys(Ice::ByteSeq&, Ice::ByteSeq&, const ::Ice::Current&);
+    virtual void shutdown(const ::Ice::Current&);
+
+protected:
+    IceSSL::OpenSSL::RSAKeyPairPtr _serverTrusted;
+    IceSSL::OpenSSL::RSAKeyPairPtr _serverUntrusted;
+    IceSSL::OpenSSL::RSAKeyPairPtr _clientTrusted;
+    IceSSL::OpenSSL::RSAKeyPairPtr _clientUntrusted;
+    Ice::CommunicatorPtr _communicator;
+};
+
+KeyManagerI::KeyManagerI(const IceSSL::OpenSSL::RSAKeyPairPtr& serverTrusted,
+                         const IceSSL::OpenSSL::RSAKeyPairPtr& serverUntrusted,
+                         const IceSSL::OpenSSL::RSAKeyPairPtr& clientTrusted,
+                         const IceSSL::OpenSSL::RSAKeyPairPtr& clientUntrusted,
+                         const Ice::CommunicatorPtr& communicator) :
+            _serverTrusted(serverTrusted), _serverUntrusted(serverUntrusted),
+            _clientTrusted(clientTrusted), _clientUntrusted(clientUntrusted),
+            _communicator(communicator)
+{
+}
+
+void
+KeyManagerI::getServerCerts(Ice::ByteSeq& trusted, Ice::ByteSeq& untrusted, const ::Ice::Current&)
+{
+    _serverTrusted->certToByteSeq(trusted);
+    _serverUntrusted->certToByteSeq(untrusted);
+}
+
+void
+KeyManagerI::getTrustedClientKeys(Ice::ByteSeq& key, Ice::ByteSeq& cert, const ::Ice::Current&)
+{
+    _clientTrusted->keyToByteSeq(key);
+    _clientTrusted->certToByteSeq(cert);
+}
+
+void
+KeyManagerI::getUntrustedClientKeys(Ice::ByteSeq& key, Ice::ByteSeq& cert, const ::Ice::Current&)
+{
+    _clientUntrusted->keyToByteSeq(key);
+    _clientUntrusted->certToByteSeq(cert);
+}
+
+void
+KeyManagerI::shutdown(const ::Ice::Current&)
+{
+    _communicator->shutdown();
+}
+
+class PingerI : public Pinger
+{
+
+public:
+    PingerI();
+    virtual void ping(const ::Ice::Current&);
+};
+
+PingerI::PingerI()
+{
+}
+
+void
+PingerI::ping(const ::Ice::Current&)
+{
+}
+
+int
+run(int argc, char* argv[], const Ice::CommunicatorPtr& communicator)
+{
+    Ice::PropertiesPtr properties = communicator->getProperties();
+
+    properties->setProperty("Ice.ConnectionWarnings", "0");
+    properties->setProperty("Ice.SSL.Client.CertPath","../certs");
+    properties->setProperty("Ice.SSL.Client.Config", "sslconfig_8.xml");
+
+    IceSSL::SystemPtr sslSystem = communicator->getSslSystem();
+    sslSystem->configure(IceSSL::Server);
+
+    IceSSL::OpenSSL::RSACertificateGen certGen;
+
+    IceSSL::OpenSSL::RSACertificateGenContext certGenContext;
+
+    // Base setup.
+    certGenContext.setCountry("US");
+    certGenContext.setStateProvince("DC");
+    certGenContext.setLocality("Washington");
+    certGenContext.setOrganization("Some Company Inc.");
+    certGenContext.setOrgainizationalUnit("Sales");
+    certGenContext.setBitStrength(1024);
+    certGenContext.setSecondsValid(IceSSL::OpenSSL::RSACertificateGenContext::hoursToSeconds(1));
+
+    IceSSL::OpenSSL::RSAKeyPairPtr serverTrusted;
+    IceSSL::OpenSSL::RSAKeyPairPtr serverUntrusted;
+    IceSSL::OpenSSL::RSAKeyPairPtr clientTrusted;
+    IceSSL::OpenSSL::RSAKeyPairPtr clientUntrusted;
+
+    certGenContext.setCommonName("Server Trusted");
+    serverTrusted = certGen.generate(certGenContext);
+
+    certGenContext.setCommonName("Server Untrusted");
+    serverUntrusted = certGen.generate(certGenContext);
+
+    certGenContext.setCommonName("Client Trusted");
+    clientTrusted = certGen.generate(certGenContext);
+
+    certGenContext.setCommonName("Client Untrusted");
+    clientUntrusted = certGen.generate(certGenContext);
+
+    Ice::ObjectPtr object = new KeyManagerI(serverTrusted, serverUntrusted,
+                                            clientTrusted, clientUntrusted,
+                                            communicator);
+
+    Ice::ByteSeq trustedCertificate;
+    Ice::ByteSeq serverCertificate;
+    Ice::ByteSeq serverKey;
+
+    clientTrusted->certToByteSeq(trustedCertificate);
+    serverTrusted->certToByteSeq(serverCertificate);
+    serverTrusted->keyToByteSeq(serverKey);
+
+    sslSystem->addTrustedCertificate(IceSSL::Server, trustedCertificate);
+    sslSystem->setRSAKeys(IceSSL::Server, serverKey, serverCertificate);
+
+    if (properties->getProperty("Ice.SSL.Server.CertificateVerifier") == "singleCert")
+    {
+        IceSSL::SslExtensionPtr sslExtension = communicator->getSslExtension();
+        IceSSL::CertificateVerifierPtr certVerifier = sslExtension->getSingleCertVerifier(trustedCertificate);
+        sslSystem->setCertificateVerifier(IceSSL::Server, certVerifier);
+    }
+
+    string kmEndpts = "tcp -p 12344 -t 2000";
+    Ice::ObjectAdapterPtr kmAdapter = communicator->createObjectAdapterWithEndpoints("KeyManagerAdapter", kmEndpts);
+    kmAdapter->add(object, Ice::stringToIdentity("keyManager"));
+    kmAdapter->activate();
+
+    string endpts = "ssl -p 12345 -t 2000";
+    Ice::ObjectAdapterPtr adapter = communicator->createObjectAdapterWithEndpoints("PingerAdapter", endpts);
+    adapter->add(new PingerI(), Ice::stringToIdentity("pinger"));
+    adapter->activate();
+    communicator->waitForShutdown();
+    return EXIT_SUCCESS;
+}
+
+int
+main(int argc, char* argv[])
+{
+    int status;
+    Ice::CommunicatorPtr communicator;
+
+    try
+    {
+	communicator = Ice::initialize(argc, argv);
+	status = run(argc, argv, communicator);
+
+    }
+    catch(const Ice::Exception& ex)
+    {
+	cerr << ex << endl;
+	status = EXIT_FAILURE;
+    }
+
+    if (communicator)
+    {
+	try
+	{
+	    communicator->destroy();
+	}
+	catch(const Ice::Exception& ex)
+	{
+	    cerr << ex << endl;
+	    status = EXIT_FAILURE;
+	}
+    }
+
+    return status;
+}
diff --git a/cpp/test/IceSSL/certificateVerifier/CertificateVerifier.cpp b/cpp/test/IceSSL/certificateVerifier/CertificateVerifier.cpp
new file mode 100644
index 00000000000..12b31e945f1
--- /dev/null
+++ b/cpp/test/IceSSL/certificateVerifier/CertificateVerifier.cpp
@@ -0,0 +1,184 @@
+// **********************************************************************
+//
+// Copyright (c) 2002
+// MutableRealms, Inc.
+// Huntsville, AL, USA
+//
+// All Rights Reserved
+//
+// **********************************************************************
+
+#include <Ice/Ice.h>
+#include <TestCommon.h>
+#include <Ice/CertificateVerifier.h>
+#include <Ice/CertificateVerifierOpenSSL.h>
+#include <Ice/SslException.h>
+#include <Ice/System.h>
+
+using namespace std;
+using namespace Ice;
+
+//
+// Certificate Verifier definitions
+//
+
+class BadCertificateVerifier : virtual public ::IceSSL::CertificateVerifier
+{
+public:
+};
+
+class GoodCertificateVerifier : virtual public ::IceSSL::OpenSSL::CertificateVerifier
+{
+public:
+    virtual int verify(int, X509_STORE_CTX*, SSL*);
+};
+
+int
+GoodCertificateVerifier::verify(int preVerifyOk, X509_STORE_CTX* certificateStore, SSL* sslConnection)
+{
+    return preVerifyOk;
+}
+
+//
+// certificateVerifierClient definition
+//
+
+void
+testExpectCertificateVerifierTypeException(const IceSSL::SystemPtr& system,
+                                           IceSSL::ContextType context,
+                                           const IceSSL::CertificateVerifierPtr& verifier)
+{
+    try
+    {
+        system->setCertificateVerifier(context, verifier);
+        test(false);
+    }
+    catch (const IceSSL::CertificateVerifierTypeException&)
+    {
+        std::cout << "ok" << std::endl;
+    }
+    catch (const Ice::LocalException&)
+    {
+        //
+        // Any other exception is bad.
+        //
+
+        test(false);
+    }
+    catch (...)
+    {
+        //
+        // Unknown exceptions are always bad.
+        //
+
+        test(false);
+    }
+}
+
+void
+testExpectNoException(const IceSSL::SystemPtr& system,
+                      IceSSL::ContextType context,
+                      const IceSSL::CertificateVerifierPtr& verifier)
+{
+    try
+    {
+        system->setCertificateVerifier(context, verifier);
+        std::cout << "ok" << std::endl;
+    }
+    catch (const Ice::LocalException&)
+    {
+        //
+        // Any other exception is bad.
+        //
+
+        test(false);
+    }
+    catch (...)
+    {
+        //
+        // Unknown exceptions are always bad.
+        //
+
+        test(false);
+    }
+}
+
+int
+run(int argc, char* argv[], const Ice::CommunicatorPtr& communicator)
+{
+    IceSSL::SystemPtr system = communicator->getSslSystem();
+
+    ::IceSSL::CertificateVerifierPtr badVerifier  = new BadCertificateVerifier();
+    ::IceSSL::CertificateVerifierPtr goodVerifier = new GoodCertificateVerifier();
+
+    //
+    // Testing IceSSL::Client context type.
+    //
+
+    std::cout << "Setting Certificate Verifiers on Client context." << std::endl;
+
+    std::cout << "Setting verifier of wrong type... " << std::flush;
+    testExpectCertificateVerifierTypeException(system, IceSSL::Client, badVerifier);
+
+    std::cout << "Setting verifier of correct type... " << std::flush;
+    testExpectNoException(system, IceSSL::Client, goodVerifier);
+
+    //
+    // Testing IceSSL::Server context type.
+    //
+
+    std::cout << "Setting Certificate Verifiers on Server context." << std::endl;
+
+    std::cout << "Setting verifier of wrong type... " << std::flush;
+    testExpectCertificateVerifierTypeException(system, IceSSL::Server, badVerifier);
+
+    std::cout << "Setting verifier of correct type... " << std::flush;
+    testExpectNoException(system, IceSSL::Server, goodVerifier);
+
+    //
+    // Testing IceSSL::ClientServer context type.
+    //
+
+    std::cout << "Setting Certificate Verifiers on Client and Server contexts." << std::endl;
+
+    std::cout << "Setting verifier of wrong type... " << std::flush;
+    testExpectCertificateVerifierTypeException(system, IceSSL::ClientServer, badVerifier);
+
+    std::cout << "Setting verifier of correct type... " << std::flush;
+    testExpectNoException(system, IceSSL::ClientServer, goodVerifier);
+
+    return EXIT_SUCCESS;
+}
+
+int
+main(int argc, char* argv[])
+{
+    int status;
+    Ice::CommunicatorPtr communicator;
+
+    try
+    {
+	communicator = Ice::initialize(argc, argv);
+	status = run(argc, argv, communicator);
+    }
+    catch(const Ice::Exception& ex)
+    {
+	cerr << ex << endl;
+	status = EXIT_FAILURE;
+    }
+
+    if (communicator)
+    {
+	try
+	{
+	    communicator->destroy();
+	}
+	catch(const Ice::Exception& ex)
+	{
+	    cerr << ex << endl;
+	    status = EXIT_FAILURE;
+	}
+    }
+
+    return status;
+}
author	Anthony Neal <aneal@zeroc.com>	2002-03-25 16:21:54 +0000
committer	Anthony Neal <aneal@zeroc.com>	2002-03-25 16:21:54 +0000
commit	4dd2bc02815ac21aa820821beb177523c511633c (patch)
tree	8643af73ef50e25d93b6eb5485639518839762cd /cpp
parent	Removing as part of a rename. (diff)
download	ice-4dd2bc02815ac21aa820821beb177523c511633c.tar.bz2 ice-4dd2bc02815ac21aa820821beb177523c511633c.tar.xz ice-4dd2bc02815ac21aa820821beb177523c511633c.zip