diff options
| author | Benoit Foucher <benoit@zeroc.com> | 2015-04-28 19:27:04 +0200 |
|---|---|---|
| committer | Benoit Foucher <benoit@zeroc.com> | 2015-04-28 19:27:04 +0200 |
| commit | e6e102cc642e78cf9da55645c82f5bfe6eacb76d (patch) | |
| tree | ab5861ee9ad2a909fa0dc8f25b1b12e0dd1d6527 /csharp/test | |
| parent | Fixed ICE-6443 and other SSL fixes (diff) | |
| download | ice-e6e102cc642e78cf9da55645c82f5bfe6eacb76d.tar.bz2 ice-e6e102cc642e78cf9da55645c82f5bfe6eacb76d.tar.xz ice-e6e102cc642e78cf9da55645c82f5bfe6eacb76d.zip | |
Fixed previous commit which was incomplete
Diffstat (limited to 'csharp/test')
| -rw-r--r-- | csharp/test/Ice/info/AllTests.cs | 21 | ||||
| -rw-r--r-- | csharp/test/Ice/info/Makefile.mak | 2 | ||||
| -rw-r--r-- | csharp/test/Ice/info/TestI.cs | 9 | ||||
| -rwxr-xr-x | csharp/test/IceSSL/certs/makecerts.py | 8 | ||||
| -rw-r--r-- | csharp/test/IceSSL/configuration/AllTests.cs | 499 |
5 files changed, 335 insertions, 204 deletions
diff --git a/csharp/test/Ice/info/AllTests.cs b/csharp/test/Ice/info/AllTests.cs index 87019626c24..f2b3a21f714 100644 --- a/csharp/test/Ice/info/AllTests.cs +++ b/csharp/test/Ice/info/AllTests.cs @@ -69,7 +69,7 @@ public class AllTests : TestCommon.TestApp test(ipEndpoint.type() == Ice.TCPEndpointType.value && ipEndpoint is Ice.TCPEndpointInfo || ipEndpoint.type() == IceSSL.EndpointType.value && ipEndpoint is IceSSL.EndpointInfo || ipEndpoint.type() == Ice.WSEndpointType.value && ipEndpoint is Ice.WSEndpointInfo || - ipEndpoint.type() == Ice.WSSEndpointType.value && ipEndpoint is Ice.WSEndpointInfo); + ipEndpoint.type() == Ice.WSSEndpointType.value && ipEndpoint is IceSSL.WSSEndpointInfo); #endif Ice.UDPEndpointInfo udpEndpoint = (Ice.UDPEndpointInfo)endps[1].getInfo(); @@ -209,12 +209,19 @@ public class AllTests : TestCommon.TestApp if(@base.ice_getConnection().type().Equals("ws") || @base.ice_getConnection().type().Equals("wss")) { - test(info is Ice.WSConnectionInfo); - Ice.WSConnectionInfo wsinfo = (Ice.WSConnectionInfo)info; - test(wsinfo.headers["Upgrade"].Equals("websocket")); - test(wsinfo.headers["Connection"].Equals("Upgrade")); - test(wsinfo.headers["Sec-WebSocket-Protocol"].Equals("ice.zeroc.com")); - test(wsinfo.headers["Sec-WebSocket-Accept"] != null); + Dictionary<string, string> headers; + if(info is Ice.WSConnectionInfo) + { + headers = ((Ice.WSConnectionInfo)info).headers; + } + else + { + headers = ((IceSSL.WSSConnectionInfo)info).headers; + } + test(headers["Upgrade"].Equals("websocket")); + test(headers["Connection"].Equals("Upgrade")); + test(headers["Sec-WebSocket-Protocol"].Equals("ice.zeroc.com")); + test(headers["Sec-WebSocket-Accept"] != null); test(ctx["ws.Upgrade"].Equals("websocket")); test(ctx["ws.Connection"].Equals("Upgrade")); diff --git a/csharp/test/Ice/info/Makefile.mak b/csharp/test/Ice/info/Makefile.mak index b6dd92ff24f..49377776519 100644 --- a/csharp/test/Ice/info/Makefile.mak +++ b/csharp/test/Ice/info/Makefile.mak @@ -30,4 +30,4 @@ client.exe: $(C_SRCS) $(GEN_SRCS) $(MCS) $(MCSFLAGS) -out:$@ -r:"$(refdir)\Ice.dll" -r:"$(refdir)\IceSSL.dll" $(C_SRCS) $(GEN_SRCS) server.exe: $(S_SRCS) $(GEN_SRCS) - $(MCS) $(MCSFLAGS) -out:$@ -r:"$(refdir)\Ice.dll" $(S_SRCS) $(GEN_SRCS) + $(MCS) $(MCSFLAGS) -out:$@ -r:"$(refdir)\Ice.dll" -r:"$(refdir)\IceSSL.dll" $(S_SRCS) $(GEN_SRCS) diff --git a/csharp/test/Ice/info/TestI.cs b/csharp/test/Ice/info/TestI.cs index 3e15e9fecc1..d84e4bd64e0 100644 --- a/csharp/test/Ice/info/TestI.cs +++ b/csharp/test/Ice/info/TestI.cs @@ -63,6 +63,15 @@ public class TestI : TestIntfDisp_ } } + if(info is IceSSL.WSSConnectionInfo) + { + IceSSL.WSSConnectionInfo wssinfo = (IceSSL.WSSConnectionInfo)info; + foreach(KeyValuePair<string, string> e in wssinfo.headers) + { + ctx["ws." + e.Key] = e.Value; + } + } + return ctx; } } diff --git a/csharp/test/IceSSL/certs/makecerts.py b/csharp/test/IceSSL/certs/makecerts.py index 4e413e7a926..73a18296d47 100755 --- a/csharp/test/IceSSL/certs/makecerts.py +++ b/csharp/test/IceSSL/certs/makecerts.py @@ -66,6 +66,12 @@ cai2 = cai1.getIntermediateFactory("intermediate1") if force or not os.path.exists("cacert1.pem"): ca1.getCA().save("cacert1.pem") if force or not os.path.exists("cacert2.pem"): ca2.getCA().save("cacert2.pem") +if force or not os.path.exists("cacert1.der"): ca1.getCA().save("cacert1.der") +if force or not os.path.exists("cacerts.pem"): + pem = "" + with open("cacert1.pem", "r") as f: pem += f.read() + with open("cacert2.pem", "r") as f: pem += f.read() + with open("cacerts.pem", "w") as f: f.write(pem); certs = [ (ca1, "s_rsa_ca1", None, {}), @@ -88,7 +94,7 @@ certs = [ for (ca, alias, path, args) in certs: if not path: path = alias cert = ca.get(alias) - if force or not os.path.exists(path + ".p12"): + if force or not os.path.exists(path + ".p12"): cert.save(path + ".p12", **args) # Also export the ca2 self-signed certificate, it's used by the tests to test self-signed certificates diff --git a/csharp/test/IceSSL/configuration/AllTests.cs b/csharp/test/IceSSL/configuration/AllTests.cs index cd890b61f86..d81617df54c 100644 --- a/csharp/test/IceSSL/configuration/AllTests.cs +++ b/csharp/test/IceSSL/configuration/AllTests.cs @@ -89,7 +89,7 @@ public class AllTests } if(ca.Length > 0) { - d["IceSSL.CertAuthFile"] = ca + ".pem"; + d["IceSSL.CAs"] = ca + ".pem"; } d["IceSSL.Password"] = "password"; return d; @@ -105,7 +105,7 @@ public class AllTests } if(ca.Length > 0) { - initData.properties.setProperty("IceSSL.CertAuthFile", ca + ".pem"); + initData.properties.setProperty("IceSSL.CAs", ca + ".pem"); } initData.properties.setProperty("IceSSL.Password", "password"); return initData; @@ -208,7 +208,7 @@ public class AllTests coll.Add(cert); initData = createClientProps(defaultProperties, defaultDir, defaultHost); initData.properties.setProperty("Ice.InitPlugins", "0"); - initData.properties.setProperty("IceSSL.CertAuthFile", caCert1File); + initData.properties.setProperty("IceSSL.CAs", caCert1File); Ice.Communicator comm = Ice.Util.initialize(ref args, initData); Ice.PluginManager pm = comm.getPluginManager(); IceSSL.Plugin plugin = (IceSSL.Plugin)pm.getPlugin("IceSSL"); @@ -289,7 +289,7 @@ public class AllTests test(!((IceSSL.ConnectionInfo)server.ice_getConnection().getInfo()).verified); } catch(Ice.LocalException ex) - { + { Console.WriteLine(ex.ToString()); test(false); } @@ -314,7 +314,7 @@ public class AllTests test(((IceSSL.ConnectionInfo)server.ice_getConnection().getInfo()).verified); } catch(Ice.LocalException ex) - { + { Console.WriteLine(ex.ToString()); test(false); } @@ -336,7 +336,7 @@ public class AllTests server.noCert(); } catch(Ice.LocalException) - { + { test(false); } fact.destroyServer(server); @@ -652,260 +652,278 @@ public class AllTests Console.Out.Write("testing certificate chains... "); Console.Out.Flush(); { - IceSSL.NativeConnectionInfo info; - - initData = createClientProps(defaultProperties, defaultDir, defaultHost, "", ""); - initData.properties.setProperty("IceSSL.VerifyPeer", "0"); - Ice.Communicator comm = Ice.Util.initialize(initData); - - Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); - test(fact != null); - - // - // The client can't verify the server certificate but it should - // still provide it. "s_rsa_ca1" doesn't include the root so the - // cert size should be 1. - // - d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", ""); - d["IceSSL.VerifyPeer"] = "0"; - Test.ServerPrx server = fact.createServer(d); - try - { - info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo(); - test(info.nativeCerts.Length == 1); - test(!info.verified); - } - catch(Ice.LocalException) - { - test(false); - } - fact.destroyServer(server); - - // - // Setting the CA for the server shouldn't change anything, it - // shouldn't modify the cert chain sent to the client. - // - d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1"); - d["IceSSL.VerifyPeer"] = "0"; - server = fact.createServer(d); - try - { - info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo(); - test(info.nativeCerts.Length == 1); - test(!info.verified); - } - catch(Ice.LocalException) + X509Store certStore = new X509Store("My", StoreLocation.CurrentUser); + certStore.Open(OpenFlags.ReadWrite); + X509Certificate2Collection certs = new X509Certificate2Collection(); + certs.Import(defaultDir + "/s_rsa_cai2.p12", "password", X509KeyStorageFlags.DefaultKeySet); + foreach(X509Certificate2 cert in certs) { - test(false); + certStore.Add(cert); } - fact.destroyServer(server); - - // - // The client can't verify the server certificate but should - // still provide it. "s_rsa_wroot_ca1" includes the root so - // the cert size should be 2. - // - d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_wroot_ca1", ""); - d["IceSSL.VerifyPeer"] = "0";; - server = fact.createServer(d); try { - info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo(); - test(info.nativeCerts.Length == 1); // Like the SChannel transport, .NET never sends the root. - } - catch(Ice.LocalException) - { - test(false); - } - fact.destroyServer(server); - comm.destroy(); + IceSSL.NativeConnectionInfo info; - // - // Now the client verifies the server certificate - // - initData = createClientProps(defaultProperties, defaultDir, defaultHost, "", "cacert1"); - initData.properties.setProperty("IceSSL.VerifyPeer", "1"); - comm = Ice.Util.initialize(initData); + initData = createClientProps(defaultProperties, defaultDir, defaultHost, "", ""); + initData.properties.setProperty("IceSSL.VerifyPeer", "0"); + Ice.Communicator comm = Ice.Util.initialize(initData); - fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); - test(fact != null); + Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); + test(fact != null); - { + // + // The client can't verify the server certificate but it should + // still provide it. "s_rsa_ca1" doesn't include the root so the + // cert size should be 1. + // d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", ""); - d["IceSSL.VerifyPeer"] = "0";; - server = fact.createServer(d); + d["IceSSL.VerifyPeer"] = "0"; + Test.ServerPrx server = fact.createServer(d); try { info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo(); - test(info.nativeCerts.Length == 2); - test(info.verified); + test(info.nativeCerts.Length == 1); + test(!info.verified); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); - } - - // - // Try certificate with one intermediate and VerifyDepthMax=2 - // - initData = createClientProps(defaultProperties, defaultDir, defaultHost, "", "cacert1"); - initData.properties.setProperty("IceSSL.VerifyPeer", "1"); - initData.properties.setProperty("IceSSL.VerifyDepthMax", "2"); - comm = Ice.Util.initialize(initData); - fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); - test(fact != null); - - { - d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_cai1", ""); - d["IceSSL.VerifyPeer"] = "0";; + // + // Setting the CA for the server shouldn't change anything, it + // shouldn't modify the cert chain sent to the client. + // + d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1"); + d["IceSSL.VerifyPeer"] = "0"; server = fact.createServer(d); try { - server.ice_getConnection().getInfo(); - test(false); - } - catch(Ice.SecurityException) - { - // Chain length too long + info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo(); + test(info.nativeCerts.Length == 1); + test(!info.verified); } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); - } - comm.destroy(); - - // - // Set VerifyDepthMax to 3 (the default) - // - initData = createClientProps(defaultProperties, defaultDir, defaultHost, "", "cacert1"); - initData.properties.setProperty("IceSSL.VerifyPeer", "1"); - //initData.properties.setProperty("IceSSL.VerifyDepthMax", "3"); - comm = Ice.Util.initialize(initData); - fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); - test(fact != null); - - { - d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_cai1", ""); + // + // The client can't verify the server certificate but should + // still provide it. "s_rsa_wroot_ca1" includes the root so + // the cert size should be 2. + // + d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_wroot_ca1", ""); d["IceSSL.VerifyPeer"] = "0";; server = fact.createServer(d); try { info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo(); - test(info.nativeCerts.Length == 3); - test(info.verified); + test(info.nativeCerts.Length == 1); // Like the SChannel transport, .NET never sends the root. } catch(Ice.LocalException) { test(false); } fact.destroyServer(server); - } + comm.destroy(); + + // + // Now the client verifies the server certificate + // + initData = createClientProps(defaultProperties, defaultDir, defaultHost, "", "cacert1"); + initData.properties.setProperty("IceSSL.VerifyPeer", "1"); + comm = Ice.Util.initialize(initData); + + fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); + test(fact != null); - { - d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_cai2", ""); - d["IceSSL.VerifyPeer"] = "0";; - server = fact.createServer(d); - try { - server.ice_getConnection().getInfo(); - test(false); + d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", ""); + d["IceSSL.VerifyPeer"] = "0";; + server = fact.createServer(d); + try + { + info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo(); + test(info.nativeCerts.Length == 2); + test(info.verified); + } + catch(Ice.LocalException) + { + test(false); + } + fact.destroyServer(server); } - catch(Ice.SecurityException) + + // + // Try certificate with one intermediate and VerifyDepthMax=2 + // + initData = createClientProps(defaultProperties, defaultDir, defaultHost, "", "cacert1"); + initData.properties.setProperty("IceSSL.VerifyPeer", "1"); + initData.properties.setProperty("IceSSL.VerifyDepthMax", "2"); + comm = Ice.Util.initialize(initData); + + fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); + test(fact != null); + { - // Chain length too long + d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_cai1", ""); + d["IceSSL.VerifyPeer"] = "0";; + server = fact.createServer(d); + try + { + server.ice_getConnection().getInfo(); + test(false); + } + catch(Ice.SecurityException) + { + // Chain length too long + } + catch(Ice.LocalException) + { + test(false); + } + fact.destroyServer(server); } - fact.destroyServer(server); - } - comm.destroy(); + comm.destroy(); - // - // Increase VerifyDepthMax to 4 - // - initData = createClientProps(defaultProperties, defaultDir, defaultHost, "", "cacert1"); - initData.properties.setProperty("IceSSL.VerifyPeer", "1"); - initData.properties.setProperty("IceSSL.VerifyDepthMax", "4"); - comm = Ice.Util.initialize(initData); + // + // Set VerifyDepthMax to 3 (the default) + // + initData = createClientProps(defaultProperties, defaultDir, defaultHost, "", "cacert1"); + initData.properties.setProperty("IceSSL.VerifyPeer", "1"); + //initData.properties.setProperty("IceSSL.VerifyDepthMax", "3"); + comm = Ice.Util.initialize(initData); - fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); - test(fact != null); + fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); + test(fact != null); - { - d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_cai2", ""); - d["IceSSL.VerifyPeer"] = "0";; - server = fact.createServer(d); - try { - info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo(); - test(info.nativeCerts.Length == 4); - test(info.verified); + d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_cai1", ""); + d["IceSSL.VerifyPeer"] = "0";; + server = fact.createServer(d); + try + { + info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo(); + test(info.nativeCerts.Length == 3); + test(info.verified); + } + catch(Ice.LocalException) + { + test(false); + } + fact.destroyServer(server); } - catch(Ice.LocalException) + { - test(false); + d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_cai2", ""); + d["IceSSL.VerifyPeer"] = "0";; + server = fact.createServer(d); + try + { + server.ice_getConnection().getInfo(); + test(false); + } + catch(Ice.SecurityException) + { + // Chain length too long + } + fact.destroyServer(server); } - fact.destroyServer(server); - } - - comm.destroy(); + comm.destroy(); - // - // Increase VerifyDepthMax to 4 - // - initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_cai2", "cacert1"); - initData.properties.setProperty("IceSSL.VerifyPeer", "1"); - initData.properties.setProperty("IceSSL.VerifyDepthMax", "4"); - comm = Ice.Util.initialize(initData); + // + // Increase VerifyDepthMax to 4 + // + initData = createClientProps(defaultProperties, defaultDir, defaultHost, "", "cacert1"); + initData.properties.setProperty("IceSSL.VerifyPeer", "1"); + initData.properties.setProperty("IceSSL.VerifyDepthMax", "4"); + comm = Ice.Util.initialize(initData); - fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); - test(fact != null); + fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); + test(fact != null); - { - d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_cai2", "cacert1"); - d["IceSSL.VerifyPeer"] = "2"; - server = fact.createServer(d); - try { - server.ice_getConnection(); - test(false); - } - catch(Ice.ProtocolException) - { - // Expected + d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_cai2", ""); + d["IceSSL.VerifyPeer"] = "0";; + server = fact.createServer(d); + try + { + info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo(); + test(info.nativeCerts.Length == 4); + test(info.verified); + } + catch(Ice.LocalException) + { + test(false); + } + fact.destroyServer(server); } - catch(Ice.ConnectionLostException) + + comm.destroy(); + + // + // Increase VerifyDepthMax to 4 + // + initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_cai2", "cacert1"); + initData.properties.setProperty("IceSSL.VerifyPeer", "1"); + initData.properties.setProperty("IceSSL.VerifyDepthMax", "4"); + comm = Ice.Util.initialize(initData); + + fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); + test(fact != null); + { - // Expected + d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_cai2", "cacert1"); + d["IceSSL.VerifyPeer"] = "2"; + server = fact.createServer(d); + try + { + server.ice_getConnection(); + test(false); + } + catch(Ice.ProtocolException) + { + // Expected + } + catch(Ice.ConnectionLostException) + { + // Expected + } + catch(Ice.LocalException) + { + test(false); + } + fact.destroyServer(server); } - catch(Ice.LocalException) + { - test(false); + d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_cai2", "cacert1"); + d["IceSSL.VerifyPeer"] = "2"; + d["IceSSL.VerifyDepthMax"] = "4"; + server = fact.createServer(d); + try + { + server.ice_getConnection(); + } + catch(Ice.LocalException) + { + test(false); + } + fact.destroyServer(server); } - fact.destroyServer(server); - } + comm.destroy(); + } + finally { - d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_cai2", "cacert1"); - d["IceSSL.VerifyPeer"] = "2"; - d["IceSSL.VerifyDepthMax"] = "4"; - server = fact.createServer(d); - try - { - server.ice_getConnection(); - } - catch(Ice.LocalException) + foreach(X509Certificate2 cert in certs) { - test(false); + certStore.Remove(cert); } - fact.destroyServer(server); } - - comm.destroy(); } Console.Out.WriteLine("ok"); @@ -1210,6 +1228,55 @@ public class AllTests } Console.Out.WriteLine("ok"); } + + Console.Out.Write("testing multiple CA certificates... "); + Console.Out.Flush(); + { + initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacerts"); + Ice.Communicator comm = Ice.Util.initialize(initData); + Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); + test(fact != null); + d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca2", "cacerts"); + d["IceSSL.VerifyPeer"] = "2"; + Test.ServerPrx server = fact.createServer(d); + try + { + server.ice_ping(); + } + catch(Ice.LocalException) + { + test(false); + } + fact.destroyServer(server); + comm.destroy(); + } + Console.Out.WriteLine("ok"); + + Console.Out.Write("testing DER CA certificate... "); + Console.Out.Flush(); + { + initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", ""); + initData.properties.setProperty("IceSSL.CAs", "cacert1.der"); + Ice.Communicator comm = Ice.Util.initialize(initData); + Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); + test(fact != null); + d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", ""); + d["IceSSL.VerifyPeer"] = "2"; + d["IceSSL.CAs"] = "cacert1.der"; + Test.ServerPrx server = fact.createServer(d); + try + { + server.ice_ping(); + } + catch(Ice.LocalException) + { + test(false); + } + fact.destroyServer(server); + comm.destroy(); + } + Console.Out.WriteLine("ok"); + Console.Out.Write("testing passwords... "); Console.Out.Flush(); { @@ -2165,6 +2232,48 @@ public class AllTests } } Console.Out.WriteLine("ok"); + + Console.Out.Write("testing system CAs... "); + Console.Out.Flush(); + { + initData = createClientProps(defaultProperties, defaultDir, defaultHost); + initData.properties.setProperty("IceSSL.VerifyDepthMax", "4"); + initData.properties.setProperty("Ice.Override.Timeout", "5000"); // 5s timeout + Ice.Communicator comm = Ice.Util.initialize(initData); + Ice.ObjectPrx p = comm.stringToProxy("dummy:wss -h demo.zeroc.com -p 5064"); + try + { + p.ice_ping(); + test(false); + } + catch(Ice.SecurityException) + { + // Expected, by default we don't check for system CAs. + } + catch(Ice.LocalException) + { + test(false); + } + + initData = createClientProps(defaultProperties, defaultDir, defaultHost); + initData.properties.setProperty("IceSSL.VerifyDepthMax", "4"); + initData.properties.setProperty("Ice.Override.Timeout", "5000"); // 5s timeout + initData.properties.setProperty("IceSSL.UsePlatformCAs", "1"); + comm = Ice.Util.initialize(initData); + p = comm.stringToProxy("dummy:wss -h demo.zeroc.com -p 5064"); + IceSSL.WSSConnectionInfo info; + try + { + info = (IceSSL.WSSConnectionInfo)p.ice_getConnection().getInfo(); + test(info.verified); + } + catch(Ice.LocalException) + { + test(false); + } + comm.destroy(); + } + Console.Out.WriteLine("ok"); } finally { |