diff options
23 files changed, 1361 insertions, 0 deletions
diff --git a/java/test/IceSSL/build.xml b/java/test/IceSSL/build.xml new file mode 100644 index 00000000000..bc38621a1ed --- /dev/null +++ b/java/test/IceSSL/build.xml @@ -0,0 +1,22 @@ +<!-- + ********************************************************************** + + Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved. + + This copy of Ice is licensed to you under the terms described in the + ICE_LICENSE file included in this distribution. + + ********************************************************************** +--> + +<project name="test_IceSSL" default="all" basedir="."> + + <target name="all"> + <ant dir="configuration"/> + </target> + + <target name="clean"> + <ant dir="configuration" target="clean"/> + </target> + +</project> diff --git a/java/test/IceSSL/certs/c_dsa_ca1.jks b/java/test/IceSSL/certs/c_dsa_ca1.jks Binary files differnew file mode 100644 index 00000000000..c1f056734a9 --- /dev/null +++ b/java/test/IceSSL/certs/c_dsa_ca1.jks diff --git a/java/test/IceSSL/certs/c_rsa_ca1.jks b/java/test/IceSSL/certs/c_rsa_ca1.jks Binary files differnew file mode 100644 index 00000000000..2eed285ce07 --- /dev/null +++ b/java/test/IceSSL/certs/c_rsa_ca1.jks diff --git a/java/test/IceSSL/certs/c_rsa_ca1_exp.jks b/java/test/IceSSL/certs/c_rsa_ca1_exp.jks Binary files differnew file mode 100644 index 00000000000..1a33866e373 --- /dev/null +++ b/java/test/IceSSL/certs/c_rsa_ca1_exp.jks diff --git a/java/test/IceSSL/certs/c_rsa_ca2.jks b/java/test/IceSSL/certs/c_rsa_ca2.jks Binary files differnew file mode 100644 index 00000000000..afc1997a2e1 --- /dev/null +++ b/java/test/IceSSL/certs/c_rsa_ca2.jks diff --git a/java/test/IceSSL/certs/cacert1.jks b/java/test/IceSSL/certs/cacert1.jks Binary files differnew file mode 100644 index 00000000000..83677f73a66 --- /dev/null +++ b/java/test/IceSSL/certs/cacert1.jks diff --git a/java/test/IceSSL/certs/cacert2.jks b/java/test/IceSSL/certs/cacert2.jks Binary files differnew file mode 100644 index 00000000000..70135a768d6 --- /dev/null +++ b/java/test/IceSSL/certs/cacert2.jks diff --git a/java/test/IceSSL/certs/cacerts.jks b/java/test/IceSSL/certs/cacerts.jks Binary files differnew file mode 100644 index 00000000000..8cd76706603 --- /dev/null +++ b/java/test/IceSSL/certs/cacerts.jks diff --git a/java/test/IceSSL/certs/makecerts.py b/java/test/IceSSL/certs/makecerts.py new file mode 100755 index 00000000000..42aac57f101 --- /dev/null +++ b/java/test/IceSSL/certs/makecerts.py @@ -0,0 +1,137 @@ +#!/usr/bin/env python +# ********************************************************************** +# +# Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved. +# +# This copy of Ice is licensed to you under the terms described in the +# ICE_LICENSE file included in this distribution. +# +# ********************************************************************** + +import os, sys, shutil + +# +# Show usage information. +# +def usage(): + print "Usage: " + sys.argv[0] + " [options]" + print + print "Options:" + print "-h Show this message." + print "-f Force an update to the Java files." + +# +# Check arguments +# +force = 0 +for x in sys.argv[1:]: + if x == "-h": + usage() + sys.exit(0) + elif x == "-f": + force = 1 + elif x.startswith("-"): + print sys.argv[0] + ": unknown option `" + x + "'" + print + usage() + sys.exit(1) + else: + usage() + sys.exit(1) + +if not os.environ.has_key("ICE_HOME"): + print sys.argv[0] + ": error: ICE_HOME is not defined" + sys.exit(1) + +cppcerts = os.path.join(os.environ["ICE_HOME"], "test", "IceSSL", "certs") + +certs = [\ + "c_dsa_nopass_ca1", \ + "c_rsa_nopass_ca1_exp", \ + "c_rsa_nopass_ca1", \ + "c_rsa_nopass_ca2", \ + "s_dsa_nopass_ca1", \ + "s_rsa_nopass_ca1_exp", \ + "s_rsa_nopass_ca1", \ + "s_rsa_nopass_ca2", \ +] + +# +# Create truststores from the CA certificates. +# +for x in ("cacert1", "cacert2"): + ts = x + ".jks" + os.system("openssl x509 -in " + os.path.join(cppcerts, x) + ".pem -outform DER -out " + x + ".der") + if force or not os.path.exists(ts): + if os.path.exists(ts): + os.remove(ts) + os.system("keytool -import -alias cacert -file " + x + ".der -keystore " + ts + \ + " -storepass password -noprompt") + print "Created " + ts + +# +# Create a truststore containing both CA certificates. +# +if force or not os.path.exists("cacerts.jks"): + if os.path.exists("cacerts.jks"): + os.remove("cacerts.jks") + os.system("keytool -import -alias cacert1 -file cacert1.der -keystore cacerts.jks -storepass password -noprompt") + os.system("keytool -import -alias cacert2 -file cacert2.der -keystore cacerts.jks -storepass password -noprompt") + print "Created cacerts.jks" + +# +# Convert key/certificate pairs into PKCS12 format and then import them +# into keystores. +# +for x in certs: + p12 = x.replace("nopass_", "") + ".p12" + ks = x.replace("nopass_", "") + ".jks" + if x.find("1") > 0: + cacert = "cacert1" + else: + cacert = "cacert2" + if force or not os.path.exists(ks): + if os.path.exists(ks): + os.remove(ks) + cert = os.path.join(cppcerts, x) + ca = os.path.join(cppcerts, cacert) + ".pem" + os.system("openssl pkcs12 -in " + cert + "_pub.pem -inkey " + cert + "_priv.pem -export -out " + p12 + \ + " -name cert -passout pass:password -certfile " + ca) + os.system("java -classpath ../../../certs ImportKey " + p12 + " cert " + cacert + ".der " + ks + " password") + os.remove(p12) + print "Created " + ks + +# +# Create a keystore that contains both RSA and DSS certificates. +# +ks = "s_rsa_dsa_ca1.jks" +if force or not os.path.exists(ks): + if os.path.exists(ks): + os.remove(ks) + cacert = "cacert1" + ca = os.path.join(cppcerts, cacert) + ".pem" + p12 = "s_dsa_nopass_ca1.p12" + cert = os.path.join(cppcerts, "s_dsa_nopass_ca1") + os.system("openssl pkcs12 -in " + cert + "_pub.pem -inkey " + cert + "_priv.pem -export -out " + p12 + \ + " -name dsacert -passout pass:password -certfile " + ca) + os.system("java -classpath ../../../certs ImportKey " + p12 + " dsacert " + cacert + ".der " + ks + " password") + os.remove(p12) + p12 = "s_rsa_nopass_ca1.p12" + cert = os.path.join(cppcerts, "s_rsa_nopass_ca1") + os.system("openssl pkcs12 -in " + cert + "_pub.pem -inkey " + cert + "_priv.pem -export -out " + p12 + \ + " -name rsacert -passout pass:password -certfile " + ca) + os.system("java -classpath ../../../certs ImportKey " + p12 + " rsacert " + cacert + ".der " + ks + " password") + os.remove(p12) + print "Created " + ks + +# +# Clean up. +# +for x in ("cacert1", "cacert2"): + cert = x + ".der" + if os.path.exists(cert): + os.remove(cert) +# +# Done. +# +print "Done." diff --git a/java/test/IceSSL/certs/s_dsa_ca1.jks b/java/test/IceSSL/certs/s_dsa_ca1.jks Binary files differnew file mode 100644 index 00000000000..6b47dc8ae61 --- /dev/null +++ b/java/test/IceSSL/certs/s_dsa_ca1.jks diff --git a/java/test/IceSSL/certs/s_rsa_ca1.jks b/java/test/IceSSL/certs/s_rsa_ca1.jks Binary files differnew file mode 100644 index 00000000000..2128ea702bd --- /dev/null +++ b/java/test/IceSSL/certs/s_rsa_ca1.jks diff --git a/java/test/IceSSL/certs/s_rsa_ca1_exp.jks b/java/test/IceSSL/certs/s_rsa_ca1_exp.jks Binary files differnew file mode 100644 index 00000000000..c26043dff35 --- /dev/null +++ b/java/test/IceSSL/certs/s_rsa_ca1_exp.jks diff --git a/java/test/IceSSL/certs/s_rsa_ca2.jks b/java/test/IceSSL/certs/s_rsa_ca2.jks Binary files differnew file mode 100644 index 00000000000..2f642151e48 --- /dev/null +++ b/java/test/IceSSL/certs/s_rsa_ca2.jks diff --git a/java/test/IceSSL/certs/s_rsa_dsa_ca1.jks b/java/test/IceSSL/certs/s_rsa_dsa_ca1.jks Binary files differnew file mode 100644 index 00000000000..58f8a99d0a0 --- /dev/null +++ b/java/test/IceSSL/certs/s_rsa_dsa_ca1.jks diff --git a/java/test/IceSSL/configuration/AllTests.java b/java/test/IceSSL/configuration/AllTests.java new file mode 100644 index 00000000000..3eb3266a703 --- /dev/null +++ b/java/test/IceSSL/configuration/AllTests.java @@ -0,0 +1,877 @@ +// ********************************************************************** +// +// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved. +// +// This copy of Ice is licensed to you under the terms described in the +// ICE_LICENSE file included in this distribution. +// +// ********************************************************************** + +// +// NOTE: This test is not interoperable with other language mappings. +// + +class CertificateVerifierI implements IceSSL.CertificateVerifier +{ + CertificateVerifierI() + { + reset(); + } + + public boolean + verify(IceSSL.VerifyInfo info) + { + _incoming = info.incoming; + _hadCert = info.certs != null; + _invoked = true; + return _returnValue; + } + + void + reset() + { + _returnValue = true; + _invoked = false; + _incoming = false; + _hadCert = false; + } + + void + returnValue(boolean b) + { + _returnValue = b; + } + + boolean + invoked() + { + return _invoked; + } + + boolean + incoming() + { + return _incoming; + } + + boolean + hadCert() + { + return _hadCert; + } + + private boolean _returnValue; + private boolean _invoked; + private boolean _incoming; + private boolean _hadCert; +} + +public class AllTests +{ + private static void + test(boolean b) + { + if(!b) + { + throw new RuntimeException(); + } + } + + private static Ice.InitializationData + createClientProps(String testDir, String defaultHost) + { + Ice.InitializationData result = new Ice.InitializationData(); + result.properties = Ice.Util.createProperties(); + result.properties.setProperty("Ice.Plugin.IceSSL", "IceSSL.PluginFactory"); + result.properties.setProperty("Ice.ThreadPerConnection", "1"); + result.properties.setProperty("Ice.RetryIntervals", "-1"); + if(defaultHost.length() > 0) + { + result.properties.setProperty("Ice.Default.Host", defaultHost); + } + return result; + } + + private static java.util.Map + createServerProps(String testDir, String defaultHost) + { + java.util.Map result = new java.util.HashMap(); + result.put("Ice.Plugin.IceSSL", "IceSSL.PluginFactory"); + result.put("Ice.ThreadPerConnection", "1"); + if(defaultHost.length() > 0) + { + result.put("Ice.Default.Host", defaultHost); + } + return result; + } + + public static void + allTests(Ice.Communicator communicator, String testDir) + { + final String factoryRef = "factory:tcp -p 12010 -t 10000"; + Ice.ObjectPrx b = communicator.stringToProxy(factoryRef); + test(b != null); + Test.ServerFactoryPrx factory = Test.ServerFactoryPrxHelper.checkedCast(b); + + final String defaultHost = communicator.getProperties().getProperty("Ice.Default.Host"); + final String defaultDir = testDir + "/../certs"; + + final String[] args = new String[0]; + + System.out.print("testing manual initialization... "); + System.out.flush(); + { + Ice.InitializationData initData = createClientProps(testDir, defaultHost); + initData.properties.setProperty("IceSSL.DelayInit", "1"); + Ice.Communicator comm = Ice.Util.initialize(args, initData); + Ice.ObjectPrx p = comm.stringToProxy("dummy:ssl -p 9999"); + try + { + p.ice_ping(); + test(false); + } + catch(Ice.PluginInitializationException ex) + { + // Expected. + } + catch(Ice.LocalException ex) + { + test(false); + } + comm.destroy(); + } + { + Ice.InitializationData initData = createClientProps(testDir, defaultHost); + initData.properties.setProperty("IceSSL.DelayInit", "1"); + initData.properties.setProperty("IceSSL.Client.Ciphers", "NONE (.*DH_anon.*)"); + Ice.Communicator comm = Ice.Util.initialize(args, initData); + IceSSL.Plugin plugin = (IceSSL.Plugin)comm.getPluginManager().getPlugin("IceSSL"); + test(plugin != null); + plugin.initialize(null, null); + Ice.ObjectPrx obj = comm.stringToProxy(factoryRef); + test(obj != null); + Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(obj); + java.util.Map d = createServerProps(testDir, defaultHost); + d.put("IceSSL.Server.Ciphers", "NONE (.*DH_anon.*)"); + d.put("IceSSL.Server.VerifyPeer", "0"); + Test.ServerPrx server = fact.createServer(d); + try + { + server.ice_ping(); + } + catch(Ice.LocalException ex) + { + test(false); + } + fact.destroyServer(server); + comm.destroy(); + } + System.out.println("ok"); + + System.out.print("testing certificate verification... "); + System.out.flush(); + { + // + // Test IceSSL.Server.VerifyPeer=0. Client does not have a certificate, + // but it still verifies the server's. + // + Ice.InitializationData initData = createClientProps(testDir, defaultHost); + initData.properties.setProperty("IceSSL.Client.DefaultDir", defaultDir); + initData.properties.setProperty("IceSSL.Client.Truststore", "cacert1.jks"); + Ice.Communicator comm = Ice.Util.initialize(args, initData); + Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); + test(fact != null); + java.util.Map d = createServerProps(testDir, defaultHost); + d.put("IceSSL.Server.DefaultDir", defaultDir); + d.put("IceSSL.Server.Keystore", "s_rsa_ca1.jks"); + d.put("IceSSL.Server.Password", "password"); + d.put("IceSSL.Server.Truststore", "cacert1.jks"); + d.put("IceSSL.Server.VerifyPeer", "0"); + Test.ServerPrx server = fact.createServer(d); + try + { + server.ice_ping(); + } + catch(Ice.LocalException ex) + { + test(false); + } + fact.destroyServer(server); + + // + // Test IceSSL.Server.VerifyPeer=1. Client does not have a certificate. + // + initData = createClientProps(testDir, defaultHost); + initData.properties.setProperty("IceSSL.Client.DefaultDir", defaultDir); + initData.properties.setProperty("IceSSL.Client.Truststore", "cacert1.jks"); + comm = Ice.Util.initialize(args, initData); + fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); + test(fact != null); + d = createServerProps(testDir, defaultHost); + d.put("IceSSL.Server.DefaultDir", defaultDir); + d.put("IceSSL.Server.Keystore", "s_rsa_ca1.jks"); + d.put("IceSSL.Server.Password", "password"); + d.put("IceSSL.Server.Truststore", "cacert1.jks"); + d.put("IceSSL.Server.VerifyPeer", "1"); + server = fact.createServer(d); + try + { + server.ice_ping(); + } + catch(Ice.LocalException ex) + { + test(false); + } + fact.destroyServer(server); + + // + // Test IceSSL.Server.VerifyPeer=2. This should fail because the client + // does not supply a certificate. + // + d = createServerProps(testDir, defaultHost); + d.put("IceSSL.Server.DefaultDir", defaultDir); + d.put("IceSSL.Server.Keystore", "s_rsa_ca1.jks"); + d.put("IceSSL.Server.Password", "password"); + d.put("IceSSL.Server.Truststore", "cacert1.jks"); + d.put("IceSSL.Server.VerifyPeer", "2"); + server = fact.createServer(d); + try + { + server.ice_ping(); + test(false); + } + catch(Ice.SecurityException ex) + { + // Expected. + } + catch(Ice.LocalException ex) + { + test(false); + } + fact.destroyServer(server); + + comm.destroy(); + + // + // Test IceSSL.Server.VerifyPeer=1. Client has a certificate. + // + initData.properties.setProperty("IceSSL.Client.DefaultDir", defaultDir); + initData.properties.setProperty("IceSSL.Client.Keystore", "c_rsa_ca1.jks"); + initData.properties.setProperty("IceSSL.Client.Password", "password"); + initData.properties.setProperty("IceSSL.Client.Truststore", "cacert1.jks"); + comm = Ice.Util.initialize(args, initData); + fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); + test(fact != null); + d = createServerProps(testDir, defaultHost); + d.put("IceSSL.Server.DefaultDir", defaultDir); + d.put("IceSSL.Server.Keystore", "s_rsa_ca1.jks"); + d.put("IceSSL.Server.Password", "password"); + d.put("IceSSL.Server.Truststore", "cacert1.jks"); + d.put("IceSSL.Server.VerifyPeer", "1"); + server = fact.createServer(d); + try + { + server.ice_ping(); + } + catch(Ice.LocalException ex) + { + test(false); + } + fact.destroyServer(server); + + // + // Test IceSSL.Server.VerifyPeer=2. Client has a certificate. + // + d = createServerProps(testDir, defaultHost); + d.put("IceSSL.Server.DefaultDir", defaultDir); + d.put("IceSSL.Server.Keystore", "s_rsa_ca1.jks"); + d.put("IceSSL.Server.Password", "password"); + d.put("IceSSL.Server.Truststore", "cacert1.jks"); + d.put("IceSSL.Server.VerifyPeer", "2"); + server = fact.createServer(d); + try + { + server.ice_ping(); + } + catch(Ice.LocalException ex) + { + test(false); + } + fact.destroyServer(server); + + comm.destroy(); + + // + // Test IceSSL.Server.VerifyPeer=1. This should fail because the + // client doesn't trust the server's CA. + // + initData = createClientProps(testDir, defaultHost); + initData.properties.setProperty("IceSSL.Client.DefaultDir", defaultDir); + initData.properties.setProperty("IceSSL.Client.Keystore", "c_rsa_ca2.jks"); + initData.properties.setProperty("IceSSL.Client.Password", "password"); + initData.properties.setProperty("IceSSL.Client.Truststore", "cacert2.jks"); + comm = Ice.Util.initialize(args, initData); + fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); + test(fact != null); + d = createServerProps(testDir, defaultHost); + d.put("IceSSL.Server.DefaultDir", defaultDir); + d.put("IceSSL.Server.Keystore", "s_rsa_ca1.jks"); + d.put("IceSSL.Server.Password", "password"); + d.put("IceSSL.Server.Truststore", "cacert1.jks"); + d.put("IceSSL.Server.VerifyPeer", "1"); + server = fact.createServer(d); + try + { + server.ice_ping(); + test(false); + } + catch(Ice.SecurityException ex) + { + // Expected. + } + catch(Ice.LocalException ex) + { + test(false); + } + fact.destroyServer(server); + + comm.destroy(); + + // + // Test IceSSL.Server.VerifyPeer=2. This should fail because the + // server doesn't trust the client's CA. + // + // NOTE: In C++ this test fails with VerifyPeer=1, but JSSE seems + // to allow the handshake to continue unless we set VerifyPeer=2. + // + initData.properties.setProperty("IceSSL.Client.DefaultDir", defaultDir); + initData.properties.setProperty("IceSSL.Client.Keystore", "c_rsa_ca2.jks"); + initData.properties.setProperty("IceSSL.Client.Password", "password"); + initData.properties.setProperty("IceSSL.Client.Truststore", "cacert1.jks"); + comm = Ice.Util.initialize(args, initData); + fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); + test(fact != null); + d = createServerProps(testDir, defaultHost); + d.put("IceSSL.Server.DefaultDir", defaultDir); + d.put("IceSSL.Server.Keystore", "s_rsa_ca1.jks"); + d.put("IceSSL.Server.Password", "password"); + d.put("IceSSL.Server.Truststore", "cacert1.jks"); + d.put("IceSSL.Server.VerifyPeer", "2"); + server = fact.createServer(d); + try + { + server.ice_ping(); + test(false); + } + catch(Ice.SecurityException ex) + { + // Expected. + } + catch(Ice.LocalException ex) + { + test(false); + } + fact.destroyServer(server); + comm.destroy(); + } + System.out.println("ok"); + + System.out.print("testing custom certificate verifier... "); + System.out.flush(); + { + // + // ADH is allowed but will not have a certificate. + // + Ice.InitializationData initData = createClientProps(testDir, defaultHost); + initData.properties.setProperty("IceSSL.Client.Ciphers", "NONE (.*DH_anon.*)"); + Ice.Communicator comm = Ice.Util.initialize(args, initData); + IceSSL.Plugin plugin = (IceSSL.Plugin)comm.getPluginManager().getPlugin("IceSSL"); + test(plugin != null); + CertificateVerifierI verifier = new CertificateVerifierI(); + plugin.setCertificateVerifier(verifier); + + Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); + test(fact != null); + java.util.Map d = createServerProps(testDir, defaultHost); + d.put("IceSSL.Server.Ciphers", "NONE (.*DH_anon.*)"); + d.put("IceSSL.Server.VerifyPeer", "0"); + Test.ServerPrx server = fact.createServer(d); + try + { + server.ice_ping(); + } + catch(Ice.LocalException ex) + { + test(false); + } + test(verifier.invoked()); + test(!verifier.incoming()); + test(!verifier.hadCert()); + + // + // Have the verifier return false. Close the connection explicitly + // to force a new connection to be established. + // + verifier.reset(); + verifier.returnValue(false); + server.ice_connection().close(false); + try + { + server.ice_ping(); + test(false); + } + catch(Ice.SecurityException ex) + { + // Expected. + } + catch(Ice.LocalException ex) + { + test(false); + } + test(verifier.invoked()); + test(!verifier.incoming()); + test(!verifier.hadCert()); + + fact.destroyServer(server); + comm.destroy(); + } + { + // + // Verify that a server certificate is present. + // + Ice.InitializationData initData = createClientProps(testDir, defaultHost); + initData.properties.setProperty("IceSSL.Client.DefaultDir", defaultDir); + initData.properties.setProperty("IceSSL.Client.Keystore", "c_rsa_ca1.jks"); + initData.properties.setProperty("IceSSL.Client.Password", "password"); + initData.properties.setProperty("IceSSL.Client.Truststore", "cacert1.jks"); + Ice.Communicator comm = Ice.Util.initialize(args, initData); + IceSSL.Plugin plugin = (IceSSL.Plugin)comm.getPluginManager().getPlugin("IceSSL"); + test(plugin != null); + CertificateVerifierI verifier = new CertificateVerifierI(); + plugin.setCertificateVerifier(verifier); + + Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); + test(fact != null); + java.util.Map d = createServerProps(testDir, defaultHost); + d.put("IceSSL.Server.DefaultDir", defaultDir); + d.put("IceSSL.Server.Keystore", "s_rsa_ca1.jks"); + d.put("IceSSL.Server.Password", "password"); + d.put("IceSSL.Server.Truststore", "cacert1.jks"); + d.put("IceSSL.Server.VerifyPeer", "2"); + Test.ServerPrx server = fact.createServer(d); + try + { + server.ice_ping(); + } + catch(Ice.LocalException ex) + { + test(false); + } + test(verifier.invoked()); + test(!verifier.incoming()); + test(verifier.hadCert()); + fact.destroyServer(server); + comm.destroy(); + } + System.out.println("ok"); + + System.out.print("testing protocols... "); + System.out.flush(); + { + // + // This should fail because the client and server have no protocol + // in common. + // + Ice.InitializationData initData = createClientProps(testDir, defaultHost); + initData.properties.setProperty("IceSSL.Client.DefaultDir", defaultDir); + initData.properties.setProperty("IceSSL.Client.Keystore", "c_rsa_ca1.jks"); + initData.properties.setProperty("IceSSL.Client.Password", "password"); + initData.properties.setProperty("IceSSL.Client.Truststore", "cacert1.jks"); + initData.properties.setProperty("IceSSL.Client.Protocols", "ssl3"); + Ice.Communicator comm = Ice.Util.initialize(args, initData); + Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); + test(fact != null); + java.util.Map d = createServerProps(testDir, defaultHost); + d.put("IceSSL.Server.DefaultDir", defaultDir); + d.put("IceSSL.Server.Keystore", "s_rsa_ca1.jks"); + d.put("IceSSL.Server.Password", "password"); + d.put("IceSSL.Server.Truststore", "cacert1.jks"); + d.put("IceSSL.Server.VerifyPeer", "2"); + d.put("IceSSL.Server.Protocols", "tls1"); + Test.ServerPrx server = fact.createServer(d); + try + { + server.ice_ping(); + test(false); + } + catch(Ice.SecurityException ex) + { + // Expected. + } + catch(Ice.LocalException ex) + { + test(false); + } + fact.destroyServer(server); + comm.destroy(); + + // + // This should succeed. + // + comm = Ice.Util.initialize(args, initData); + fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); + test(fact != null); + d = createServerProps(testDir, defaultHost); + d.put("IceSSL.Server.DefaultDir", defaultDir); + d.put("IceSSL.Server.Keystore", "s_rsa_ca1.jks"); + d.put("IceSSL.Server.Password", "password"); + d.put("IceSSL.Server.Truststore", "cacert1.jks"); + d.put("IceSSL.Server.VerifyPeer", "2"); + d.put("IceSSL.Server.Protocols", "tls1, ssl3"); + server = fact.createServer(d); + try + { + server.ice_ping(); + } + catch(Ice.LocalException ex) + { + test(false); + } + fact.destroyServer(server); + comm.destroy(); + } + System.out.println("ok"); + + System.out.print("testing expired certificates... "); + System.out.flush(); + { + // + // This should fail because the server's certificate is expired. + // + Ice.InitializationData initData = createClientProps(testDir, defaultHost); + initData.properties.setProperty("IceSSL.Client.DefaultDir", defaultDir); + initData.properties.setProperty("IceSSL.Client.Keystore", "c_rsa_ca1.jks"); + initData.properties.setProperty("IceSSL.Client.Password", "password"); + initData.properties.setProperty("IceSSL.Client.Truststore", "cacert1.jks"); + Ice.Communicator comm = Ice.Util.initialize(args, initData); + Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); + test(fact != null); + java.util.Map d = createServerProps(testDir, defaultHost); + d.put("IceSSL.Server.DefaultDir", defaultDir); + d.put("IceSSL.Server.Keystore", "s_rsa_ca1_exp.jks"); + d.put("IceSSL.Server.Password", "password"); + d.put("IceSSL.Server.Truststore", "cacert1.jks"); + d.put("IceSSL.Server.VerifyPeer", "2"); + Test.ServerPrx server = fact.createServer(d); + try + { + server.ice_ping(); + test(false); + } + catch(Ice.SecurityException ex) + { + // Expected. + } + catch(Ice.LocalException ex) + { + test(false); + } + fact.destroyServer(server); + comm.destroy(); + + // + // This should fail because the client's certificate is expired. + // + initData.properties.setProperty("IceSSL.Client.DefaultDir", defaultDir); + initData.properties.setProperty("IceSSL.Client.Keystore", "c_rsa_ca1_exp.jks"); + initData.properties.setProperty("IceSSL.Client.Password", "password"); + initData.properties.setProperty("IceSSL.Client.Truststore", "cacert1.jks"); + comm = Ice.Util.initialize(args, initData); + fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); + test(fact != null); + d = createServerProps(testDir, defaultHost); + d.put("IceSSL.Server.DefaultDir", defaultDir); + d.put("IceSSL.Server.Keystore", "s_rsa_ca1.jks"); + d.put("IceSSL.Server.Password", "password"); + d.put("IceSSL.Server.Truststore", "cacert1.jks"); + d.put("IceSSL.Server.VerifyPeer", "2"); + server = fact.createServer(d); + try + { + server.ice_ping(); + test(false); + } + catch(Ice.ConnectionLostException ex) + { + // Expected. + } + catch(Ice.SecurityException ex) + { + // Expected. + } + catch(Ice.LocalException ex) + { + test(false); + } + fact.destroyServer(server); + comm.destroy(); + } + System.out.println("ok"); + + System.out.print("testing multiple CA certificates... "); + System.out.flush(); + { + Ice.InitializationData initData = createClientProps(testDir, defaultHost); + initData.properties.setProperty("IceSSL.Client.DefaultDir", defaultDir); + initData.properties.setProperty("IceSSL.Client.Keystore", "c_rsa_ca1.jks"); + initData.properties.setProperty("IceSSL.Client.Password", "password"); + initData.properties.setProperty("IceSSL.Client.Truststore", "cacerts.jks"); + Ice.Communicator comm = Ice.Util.initialize(args, initData); + Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); + test(fact != null); + java.util.Map d = createServerProps(testDir, defaultHost); + d.put("IceSSL.Server.DefaultDir", defaultDir); + d.put("IceSSL.Server.Keystore", "s_rsa_ca2.jks"); + d.put("IceSSL.Server.Password", "password"); + d.put("IceSSL.Server.Truststore", "cacerts.jks"); + d.put("IceSSL.Server.VerifyPeer", "2"); + Test.ServerPrx server = fact.createServer(d); + try + { + server.ice_ping(); + } + catch(Ice.LocalException ex) + { + test(false); + } + fact.destroyServer(server); + comm.destroy(); + } + System.out.println("ok"); + + System.out.print("testing password failure... "); + System.out.flush(); + { + Ice.InitializationData initData = createClientProps(testDir, defaultHost); + initData.properties.setProperty("IceSSL.Client.DefaultDir", defaultDir); + initData.properties.setProperty("IceSSL.Client.Keystore", "c_rsa_ca1.jks"); + // Don't specify the password. + //initData.properties.setProperty("IceSSL.Client.Password", "password"); + try + { + Ice.Util.initialize(args, initData); + test(false); + } + catch(Ice.PluginInitializationException ex) + { + // Expected. + } + catch(Ice.LocalException ex) + { + test(false); + } + } + System.out.println("ok"); + + System.out.print("testing ciphers... "); + System.out.flush(); + { + // + // The server has a certificate but the client doesn't. They should + // negotiate to use ADH since we explicitly enable it. + // + Ice.InitializationData initData = createClientProps(testDir, defaultHost); + initData.properties.setProperty("IceSSL.Client.Ciphers", "NONE (.*DH_anon.*)"); + Ice.Communicator comm = Ice.Util.initialize(args, initData); + Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); + test(fact != null); + java.util.Map d = createServerProps(testDir, defaultHost); + d.put("IceSSL.Server.DefaultDir", defaultDir); + d.put("IceSSL.Server.Keystore", "s_rsa_ca1.jks"); + d.put("IceSSL.Server.Password", "password"); + d.put("IceSSL.Server.Truststore", "cacert1.jks"); + d.put("IceSSL.Server.Ciphers", "ALL"); + d.put("IceSSL.Server.VerifyPeer", "1"); + Test.ServerPrx server = fact.createServer(d); + try + { + server.ice_ping(); + } + catch(Ice.LocalException ex) + { + test(false); + } + fact.destroyServer(server); + comm.destroy(); + } + { + // + // Configure a server with RSA and DSA certificates. + // + // First try a client with a DSA certificate. + // + Ice.InitializationData initData = createClientProps(testDir, defaultHost); + initData.properties.setProperty("IceSSL.Client.DefaultDir", defaultDir); + initData.properties.setProperty("IceSSL.Client.Keystore", "c_dsa_ca1.jks"); + initData.properties.setProperty("IceSSL.Client.Password", "password"); + initData.properties.setProperty("IceSSL.Client.Truststore", "cacert1.jks"); + Ice.Communicator comm = Ice.Util.initialize(args, initData); + Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); + test(fact != null); + java.util.Map d = createServerProps(testDir, defaultHost); + d.put("IceSSL.Server.DefaultDir", defaultDir); + d.put("IceSSL.Server.Keystore", "s_rsa_dsa_ca1.jks"); + d.put("IceSSL.Server.Password", "password"); + d.put("IceSSL.Server.Truststore", "cacert1.jks"); + d.put("IceSSL.Server.VerifyPeer", "1"); + Test.ServerPrx server = fact.createServer(d); + try + { + server.ice_ping(); + } + catch(Ice.LocalException ex) + { + test(false); + } + fact.destroyServer(server); + comm.destroy(); + + // + // Next try a client with an RSA certificate. + // + initData = createClientProps(testDir, defaultHost); + initData.properties.setProperty("IceSSL.Client.DefaultDir", defaultDir); + initData.properties.setProperty("IceSSL.Client.Keystore", "c_rsa_ca1.jks"); + initData.properties.setProperty("IceSSL.Client.Password", "password"); + initData.properties.setProperty("IceSSL.Client.Truststore", "cacert1.jks"); + comm = Ice.Util.initialize(args, initData); + fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); + test(fact != null); + d = createServerProps(testDir, defaultHost); + d.put("IceSSL.Server.DefaultDir", defaultDir); + d.put("IceSSL.Server.Keystore", "s_rsa_dsa_ca1.jks"); + d.put("IceSSL.Server.Password", "password"); + d.put("IceSSL.Server.Truststore", "cacert1.jks"); + d.put("IceSSL.Server.VerifyPeer", "1"); + server = fact.createServer(d); + try + { + server.ice_ping(); + } + catch(Ice.LocalException ex) + { + test(false); + } + fact.destroyServer(server); + comm.destroy(); + + // + // Next try a client with ADH. This should fail. + // + initData = createClientProps(testDir, defaultHost); + initData.properties.setProperty("IceSSL.Client.Ciphers", "NONE (.*DH_anon.*)"); + comm = Ice.Util.initialize(args, initData); + fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); + test(fact != null); + d = createServerProps(testDir, defaultHost); + d.put("IceSSL.Server.DefaultDir", defaultDir); + d.put("IceSSL.Server.Keystore", "s_rsa_dsa_ca1.jks"); + d.put("IceSSL.Server.Password", "password"); + d.put("IceSSL.Server.Truststore", "cacert1.jks"); + d.put("IceSSL.Server.VerifyPeer", "1"); + server = fact.createServer(d); + try + { + server.ice_ping(); + test(false); + } + catch(Ice.SecurityException ex) + { + // Expected. + } + catch(Ice.LocalException ex) + { + test(false); + } + fact.destroyServer(server); + comm.destroy(); + } + { + // + // Configure a server with RSA and a client with DSA. This should fail. + // + Ice.InitializationData initData = createClientProps(testDir, defaultHost); + initData.properties.setProperty("IceSSL.Client.DefaultDir", defaultDir); + initData.properties.setProperty("IceSSL.Client.Keystore", "c_dsa_ca1.jks"); + initData.properties.setProperty("IceSSL.Client.Password", "password"); + initData.properties.setProperty("IceSSL.Client.Truststore", "cacert1.jks"); + initData.properties.setProperty("IceSSL.Client.Ciphers", "NONE (.*DSS.*)"); + Ice.Communicator comm = Ice.Util.initialize(args, initData); + Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); + test(fact != null); + java.util.Map d = createServerProps(testDir, defaultHost); + d.put("IceSSL.Server.DefaultDir", defaultDir); + d.put("IceSSL.Server.Keystore", "s_rsa_ca1.jks"); + d.put("IceSSL.Server.Password", "password"); + d.put("IceSSL.Server.Truststore", "cacert1.jks"); + d.put("IceSSL.Server.VerifyPeer", "2"); + Test.ServerPrx server = fact.createServer(d); + try + { + server.ice_ping(); + test(false); + } + catch(Ice.SecurityException ex) + { + // Expected. + } + catch(Ice.LocalException ex) + { + test(false); + } + fact.destroyServer(server); + comm.destroy(); + } + { + // + // Configure the server with both RSA and DSA certificates, but use the + // Alias property to select the RSA certificate. This should fail. + // + Ice.InitializationData initData = createClientProps(testDir, defaultHost); + initData.properties.setProperty("IceSSL.Client.DefaultDir", defaultDir); + initData.properties.setProperty("IceSSL.Client.Keystore", "c_dsa_ca1.jks"); + initData.properties.setProperty("IceSSL.Client.Password", "password"); + initData.properties.setProperty("IceSSL.Client.Truststore", "cacert1.jks"); + initData.properties.setProperty("IceSSL.Client.Ciphers", "NONE (.*DSS.*)"); + Ice.Communicator comm = Ice.Util.initialize(args, initData); + Test.ServerFactoryPrx fact = Test.ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); + test(fact != null); + java.util.Map d = createServerProps(testDir, defaultHost); + d.put("IceSSL.Server.DefaultDir", defaultDir); + d.put("IceSSL.Server.Keystore", "s_rsa_dsa_ca1.jks"); + d.put("IceSSL.Server.Alias", "rsacert"); + d.put("IceSSL.Server.Password", "password"); + d.put("IceSSL.Server.Truststore", "cacert1.jks"); + d.put("IceSSL.Server.VerifyPeer", "2"); + Test.ServerPrx server = fact.createServer(d); + try + { + server.ice_ping(); + test(false); + } + catch(Ice.SecurityException ex) + { + // Expected. + } + catch(Ice.LocalException ex) + { + test(false); + } + fact.destroyServer(server); + comm.destroy(); + } + System.out.println("ok"); + + factory.shutdown(); + } +} diff --git a/java/test/IceSSL/configuration/Client.java b/java/test/IceSSL/configuration/Client.java new file mode 100644 index 00000000000..3f2f8eca703 --- /dev/null +++ b/java/test/IceSSL/configuration/Client.java @@ -0,0 +1,59 @@ +// ********************************************************************** +// +// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved. +// +// This copy of Ice is licensed to you under the terms described in the +// ICE_LICENSE file included in this distribution. +// +// ********************************************************************** + +public class Client +{ + private static int + run(String[] args, Ice.Communicator communicator) + { + if(args.length < 1) + { + System.out.println("Usage: client testdir"); + return 1; + } + + AllTests.allTests(communicator, args[0]); + + return 0; + } + + public static void main(String[] args) + { + int status = 0; + Ice.Communicator communicator = null; + + try + { + Ice.StringSeqHolder argsH = new Ice.StringSeqHolder(args); + communicator = Ice.Util.initialize(argsH); + status = run(argsH.value, communicator); + } + catch(Ice.LocalException ex) + { + ex.printStackTrace(); + status = 1; + } + + if(communicator != null) + { + try + { + communicator.destroy(); + } + catch(Ice.LocalException ex) + { + ex.printStackTrace(); + status = 1; + } + } + + System.gc(); + System.exit(status); + } +} diff --git a/java/test/IceSSL/configuration/Server.java b/java/test/IceSSL/configuration/Server.java new file mode 100644 index 00000000000..4cad38214ac --- /dev/null +++ b/java/test/IceSSL/configuration/Server.java @@ -0,0 +1,58 @@ +// ********************************************************************** +// +// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved. +// +// This copy of Ice is licensed to you under the terms described in the +// ICE_LICENSE file included in this distribution. +// +// ********************************************************************** + +public class Server +{ + private static int + run(String[] args, Ice.Communicator communicator) + { + communicator.getProperties().setProperty("TestAdapter.Endpoints", "tcp -p 12010"); + Ice.ObjectAdapter adapter = communicator.createObjectAdapter("TestAdapter"); + Ice.Identity id = Ice.Util.stringToIdentity("factory"); + adapter.add(new ServerFactoryI(), id); + adapter.activate(); + + communicator.waitForShutdown(); + return 0; + } + + public static void + main(String[] args) + { + int status = 0; + Ice.Communicator communicator = null; + + try + { + Ice.StringSeqHolder argsH = new Ice.StringSeqHolder(args); + communicator = Ice.Util.initialize(argsH); + status = run(argsH.value, communicator); + } + catch(Ice.LocalException ex) + { + ex.printStackTrace(); + status = 1; + } + + if(communicator != null) + { + try + { + communicator.destroy(); + } + catch(Ice.LocalException ex) + { + ex.printStackTrace(); + status = 1; + } + } + + System.exit(status); + } +} diff --git a/java/test/IceSSL/configuration/ServerFactoryI.java b/java/test/IceSSL/configuration/ServerFactoryI.java new file mode 100644 index 00000000000..560ecd0cc47 --- /dev/null +++ b/java/test/IceSSL/configuration/ServerFactoryI.java @@ -0,0 +1,64 @@ +// ********************************************************************** +// +// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved. +// +// This copy of Ice is licensed to you under the terms described in the +// ICE_LICENSE file included in this distribution. +// +// ********************************************************************** + +class ServerFactoryI extends Test._ServerFactoryDisp +{ + private static void + test(boolean b) + { + if(!b) + { + throw new RuntimeException(); + } + } + + public Test.ServerPrx + createServer(java.util.Map props, Ice.Current current) + { + Ice.InitializationData initData = new Ice.InitializationData(); + initData.properties = Ice.Util.createProperties(); + java.util.Iterator i = props.entrySet().iterator(); + while(i.hasNext()) + { + java.util.Map.Entry e = (java.util.Map.Entry)i.next(); + initData.properties.setProperty((String)e.getKey(), (String)e.getValue()); + } + + String[] args = new String[0]; + Ice.Communicator communicator = Ice.Util.initialize(args, initData); + Ice.ObjectAdapter adapter = communicator.createObjectAdapterWithEndpoints("ServerAdapter", "ssl"); + ServerI server = new ServerI(communicator); + Ice.ObjectPrx obj = adapter.addWithUUID(server); + _servers.put(obj.ice_getIdentity(), server); + adapter.activate(); + + return Test.ServerPrxHelper.uncheckedCast(obj); + } + + public void + destroyServer(Test.ServerPrx srv, Ice.Current current) + { + Ice.Identity key = srv.ice_getIdentity(); + if(_servers.containsKey(key)) + { + ServerI server = (ServerI)_servers.get(key); + server.destroy(); + _servers.remove(key); + } + } + + public void + shutdown(Ice.Current current) + { + test(_servers.size() == 0); + current.adapter.getCommunicator().shutdown(); + } + + private java.util.HashMap _servers = new java.util.HashMap(); +} diff --git a/java/test/IceSSL/configuration/ServerI.java b/java/test/IceSSL/configuration/ServerI.java new file mode 100644 index 00000000000..b600f9c3a3e --- /dev/null +++ b/java/test/IceSSL/configuration/ServerI.java @@ -0,0 +1,24 @@ +// ********************************************************************** +// +// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved. +// +// This copy of Ice is licensed to you under the terms described in the +// ICE_LICENSE file included in this distribution. +// +// ********************************************************************** + +class ServerI extends Test._ServerDisp +{ + ServerI(Ice.Communicator communicator) + { + _communicator = communicator; + } + + public void + destroy() + { + _communicator.destroy(); + } + + private Ice.Communicator _communicator; +} diff --git a/java/test/IceSSL/configuration/Test.ice b/java/test/IceSSL/configuration/Test.ice new file mode 100644 index 00000000000..f5e6b6992bc --- /dev/null +++ b/java/test/IceSSL/configuration/Test.ice @@ -0,0 +1,31 @@ +// ********************************************************************** +// +// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved. +// +// This copy of Ice is licensed to you under the terms described in the +// ICE_LICENSE file included in this distribution. +// +// ********************************************************************** + +#ifndef TEST_ICE +#define TEST_ICE + +module Test +{ + +interface Server +{ +}; + +dictionary<string, string> Properties; + +interface ServerFactory +{ + Server* createServer(Properties props); + void destroyServer(Server* srv); + void shutdown(); +}; + +}; + +#endif diff --git a/java/test/IceSSL/configuration/build.xml b/java/test/IceSSL/configuration/build.xml new file mode 100644 index 00000000000..1e2a63de954 --- /dev/null +++ b/java/test/IceSSL/configuration/build.xml @@ -0,0 +1,58 @@ +<!-- + ********************************************************************** + + Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved. + + This copy of Ice is licensed to you under the terms described in the + ICE_LICENSE file included in this distribution. + + ********************************************************************** +--> + +<!DOCTYPE project [ +<!ENTITY common SYSTEM "file:../../../config/common.xml"> +]> + +<project name="test_IceSSL_configuration" default="all" basedir="."> + + <!-- set global properties for this build --> + <property name="top.dir" value="../../.."/> + + <!-- Include common definitions --> + &common; + + <property name="class.dir" value="classes"/> + <property name="generated.dir" value="generated"/> + + <target name="init" depends="config-init"> + <!-- Create the time stamp --> + <tstamp/> + </target> + + <target name="generate" depends="init"> + <!-- Create the output directory for generated code --> + <mkdir dir="${generated.dir}"/> + <slice2java outputdir="${generated.dir}"> + <fileset dir="." includes="Test.ice"/> + <includepath> + <pathelement path="${slice.dir}" /> + </includepath> + </slice2java> + </target> + + <target name="compile" depends="generate"> + <mkdir dir="${class.dir}"/> + <javac srcdir="${generated.dir}" destdir="${class.dir}" + source="1.4" classpath="${lib.dir}" debug="${debug}"/> + <javac srcdir="." destdir="${class.dir}" source="1.4" + classpath="${lib.dir}" excludes="generated/**" debug="${debug}"/> + </target> + + <target name="all" depends="compile"/> + + <target name="clean"> + <delete dir="${generated.dir}"/> + <delete dir="${class.dir}"/> + </target> + +</project> diff --git a/java/test/IceSSL/configuration/run.py b/java/test/IceSSL/configuration/run.py new file mode 100755 index 00000000000..b826a7390f5 --- /dev/null +++ b/java/test/IceSSL/configuration/run.py @@ -0,0 +1,29 @@ +#!/usr/bin/env python +# ********************************************************************** +# +# Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved. +# +# This copy of Ice is licensed to you under the terms described in the +# ICE_LICENSE file included in this distribution. +# +# ********************************************************************** + +import os, sys + +for toplevel in [".", "..", "../..", "../../..", "../../../.."]: + toplevel = os.path.normpath(toplevel) + if os.path.exists(os.path.join(toplevel, "config", "TestUtil.py")): + break +else: + raise "can't find toplevel directory!" + +sys.path.append(os.path.join(toplevel, "config")) +import TestUtil + +name = os.path.join("IceSSL", "configuration") +testdir = os.path.join(toplevel, "test", name) + +classpath = os.getenv("CLASSPATH", "") +os.environ["CLASSPATH"] = os.path.join(testdir, "classes") + TestUtil.sep + classpath +TestUtil.clientServerTestWithOptions("", " " + testdir) +sys.exit(0) diff --git a/java/test/build.xml b/java/test/build.xml index 719dbe27981..58387a6b2ee 100644 --- a/java/test/build.xml +++ b/java/test/build.xml @@ -17,6 +17,7 @@ <ant dir="Freeze"/> <ant dir="Glacier2"/> <ant dir="IceGrid"/> + <ant dir="IceSSL"/> </target> <target name="clean"> @@ -25,6 +26,7 @@ <ant dir="Freeze" target="clean"/> <ant dir="Glacier2" target="clean"/> <ant dir="IceGrid" target="clean"/> + <ant dir="IceSSL" target="clean"/> </target> </project> |