diff options
| -rw-r--r-- | java-compat/test/src/main/java/test/IceSSL/configuration/AllTests.java | 235 | ||||
| -rw-r--r-- | java/test/src/main/java/test/IceSSL/configuration/AllTests.java | 236 |
2 files changed, 0 insertions, 471 deletions
diff --git a/java-compat/test/src/main/java/test/IceSSL/configuration/AllTests.java b/java-compat/test/src/main/java/test/IceSSL/configuration/AllTests.java index a97ba17bb91..8b86f673a4b 100644 --- a/java-compat/test/src/main/java/test/IceSSL/configuration/AllTests.java +++ b/java-compat/test/src/main/java/test/IceSSL/configuration/AllTests.java @@ -151,33 +151,6 @@ public class AllTests } comm.destroy(); } - { - Ice.InitializationData initData = createClientProps(defaultProperties, defaultDir, defaultHost); - initData.properties.setProperty("Ice.InitPlugins", "0"); - initData.properties.setProperty("IceSSL.Ciphers", "NONE (.*DH_anon.*AES.*)"); - initData.properties.setProperty("IceSSL.VerifyPeer", "0"); - Ice.Communicator comm = Ice.Util.initialize(args, initData); - Ice.PluginManager pm = comm.getPluginManager(); - pm.initializePlugins(); - Ice.ObjectPrx obj = comm.stringToProxy(factoryRef); - test(obj != null); - ServerFactoryPrx fact = ServerFactoryPrxHelper.checkedCast(obj); - java.util.Map<String, String> d = createServerProps(defaultProperties, defaultDir, defaultHost); - d.put("IceSSL.Ciphers", "NONE (.*DH_anon.*AES.*)"); - d.put("IceSSL.VerifyPeer", "0"); - ServerPrx server = fact.createServer(d); - try - { - server.ice_ping(); - } - catch(Ice.LocalException ex) - { - ex.printStackTrace(); - test(false); - } - fact.destroyServer(server); - comm.destroy(); - } out.println("ok"); out.print("testing certificate verification... "); @@ -405,37 +378,6 @@ public class AllTests comm.destroy(); // - // Test IceSSL.VerifyPeer=1. This should fail because the server - // does not supply a certificate. - // - initData = createClientProps(defaultProperties, defaultDir, defaultHost); - initData.properties.setProperty("IceSSL.Ciphers", "NONE (.*DH_anon.*AES.*)"); - initData.properties.setProperty("IceSSL.VerifyPeer", "1"); - comm = Ice.Util.initialize(args, initData); - fact = ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); - test(fact != null); - d = createServerProps(defaultProperties, defaultDir, defaultHost); - d.put("IceSSL.Ciphers", "NONE (.*DH_anon.*AES.*)"); - d.put("IceSSL.VerifyPeer", "0"); - server = fact.createServer(d); - try - { - server.ice_ping(); - test(false); - } - catch(Ice.SecurityException ex) - { - // Expected. - } - catch(Ice.LocalException ex) - { - ex.printStackTrace(); - test(false); - } - fact.destroyServer(server); - comm.destroy(); - - // // This should succeed because the self signed certificate used by the server is // trusted. // @@ -1063,68 +1005,6 @@ public class AllTests out.flush(); { // - // ADH is allowed but will not have a certificate. - // - initData = createClientProps(defaultProperties, defaultDir, defaultHost); - initData.properties.setProperty("IceSSL.Ciphers", "NONE (.*DH_anon.*AES.*)"); - initData.properties.setProperty("IceSSL.VerifyPeer", "0"); - Ice.Communicator comm = Ice.Util.initialize(args, initData); - IceSSL.Plugin plugin = (IceSSL.Plugin)comm.getPluginManager().getPlugin("IceSSL"); - test(plugin != null); - CertificateVerifierI verifier = new CertificateVerifierI(); - plugin.setCertificateVerifier(verifier); - - ServerFactoryPrx fact = ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); - test(fact != null); - d = createServerProps(defaultProperties, defaultDir, defaultHost); - d.put("IceSSL.Ciphers", "NONE (.*DH_anon.*AES.*)"); - d.put("IceSSL.VerifyPeer", "0"); - ServerPrx server = fact.createServer(d); - try - { - String cipherSub = "DH_anon"; - server.checkCipher(cipherSub); - IceSSL.ConnectionInfo info = (IceSSL.ConnectionInfo)server.ice_getConnection().getInfo(); - test(info.cipher.indexOf(cipherSub) >= 0); - } - catch(Ice.LocalException ex) - { - ex.printStackTrace(); - test(false); - } - test(verifier.invoked()); - test(!verifier.hadCert()); - - // - // Have the verifier return false. Close the connection explicitly - // to force a new connection to be established. - // - verifier.reset(); - verifier.returnValue(false); - server.ice_getConnection().close(Ice.ConnectionClose.GracefullyWithWait); - try - { - server.ice_ping(); - test(false); - } - catch(Ice.SecurityException ex) - { - // Expected. - } - catch(Ice.LocalException ex) - { - ex.printStackTrace(); - test(false); - } - test(verifier.invoked()); - test(!verifier.hadCert()); - - fact.destroyServer(server); - comm.destroy(); - } - - { - // // Verify that a server certificate is present. // initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1"); @@ -1493,33 +1373,6 @@ public class AllTests out.flush(); { // - // The server has a certificate but the client doesn't. They should - // negotiate to use ADH since we explicitly enable it. - // - initData = createClientProps(defaultProperties, defaultDir, defaultHost); - initData.properties.setProperty("IceSSL.Ciphers", "NONE (.*DH_anon.*AES.*)"); - initData.properties.setProperty("IceSSL.VerifyPeer", "0"); - Ice.Communicator comm = Ice.Util.initialize(args, initData); - ServerFactoryPrx fact = ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); - test(fact != null); - d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_ca1", "cacert1"); - d.put("IceSSL.Ciphers", "ALL"); - d.put("IceSSL.VerifyPeer", "1"); - ServerPrx server = fact.createServer(d); - try - { - server.ice_ping(); - } - catch(Ice.LocalException ex) - { - ex.printStackTrace(); - test(false); - } - fact.destroyServer(server); - comm.destroy(); - } - { - // // Configure a server with RSA and DSA certificates. // // First try a client with a DSA certificate. @@ -1564,38 +1417,6 @@ public class AllTests } fact.destroyServer(server); comm.destroy(); - - // - // Next try a client with ADH. This should fail. - // - initData = createClientProps(defaultProperties, defaultDir, defaultHost); - initData.properties.setProperty("IceSSL.Ciphers", "NONE (.*DH_anon.*AES.*)"); - comm = Ice.Util.initialize(args, initData); - fact = ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); - test(fact != null); - d = createServerProps(defaultProperties, defaultDir, defaultHost, "s_rsa_dsa_ca1", "cacert1"); - d.put("IceSSL.VerifyPeer", "1"); - server = fact.createServer(d); - try - { - server.ice_ping(); - test(false); - } - catch(Ice.SecurityException ex) - { - // Expected. - } - catch(Ice.ConnectionLostException ex) - { - // Expected for thread pool. - } - catch(Ice.LocalException ex) - { - ex.printStackTrace(); - test(false); - } - fact.destroyServer(server); - comm.destroy(); } { // @@ -2058,62 +1879,6 @@ public class AllTests } { // - // Test rejection when client does not supply a certificate. - // - initData = createClientProps(defaultProperties, defaultDir, defaultHost); - initData.properties.setProperty("IceSSL.Ciphers", "NONE (.*DH_anon.*AES.*)"); - initData.properties.setProperty("IceSSL.VerifyPeer", "0"); - Ice.Communicator comm = Ice.Util.initialize(args, initData); - - ServerFactoryPrx fact = ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); - test(fact != null); - d = createServerProps(defaultProperties, defaultDir, defaultHost); - d.put("IceSSL.TrustOnly", - "C=US, ST=Florida, O=ZeroC\\, Inc., OU=Ice, emailAddress=info@zeroc.com, CN=Client"); - d.put("IceSSL.Ciphers", "NONE (.*DH_anon.*AES.*)"); - d.put("IceSSL.VerifyPeer", "0"); - ServerPrx server = fact.createServer(d); - try - { - server.ice_ping(); - test(false); - } - catch(Ice.LocalException ex) - { - } - fact.destroyServer(server); - comm.destroy(); - } - { - // - // Test rejection when client does not supply a certificate. - // - initData = createClientProps(defaultProperties, defaultDir, defaultHost); - initData.properties.setProperty("IceSSL.Ciphers", "NONE (.*DH_anon.*AES.*)"); - initData.properties.setProperty("IceSSL.VerifyPeer", "0"); - Ice.Communicator comm = Ice.Util.initialize(args, initData); - - ServerFactoryPrx fact = ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef)); - test(fact != null); - d = createServerProps(defaultProperties, defaultDir, defaultHost); - d.put("IceSSL.TrustOnly", - "!C=US, ST=Florida, O=ZeroC\\, Inc., OU=Ice, emailAddress=info@zeroc.com, CN=Client"); - d.put("IceSSL.Ciphers", "NONE (.*DH_anon.*AES.*)"); - d.put("IceSSL.VerifyPeer", "0"); - ServerPrx server = fact.createServer(d); - try - { - server.ice_ping(); - test(false); - } - catch(Ice.LocalException ex) - { - } - fact.destroyServer(server); - comm.destroy(); - } - { - // // Rejection takes precedence (client). // initData = createClientProps(defaultProperties, defaultDir, defaultHost, "c_rsa_ca1", "cacert1"); diff --git a/java/test/src/main/java/test/IceSSL/configuration/AllTests.java b/java/test/src/main/java/test/IceSSL/configuration/AllTests.java index 7479c74b1d1..88df06e6959 100644 --- a/java/test/src/main/java/test/IceSSL/configuration/AllTests.java +++ b/java/test/src/main/java/test/IceSSL/configuration/AllTests.java @@ -146,33 +146,6 @@ public class AllTests } comm.destroy(); } - { - InitializationData initData = createClientProps(defaultProperties); - initData.properties.setProperty("Ice.InitPlugins", "0"); - initData.properties.setProperty("IceSSL.Ciphers", "NONE (.*DH_anon.*AES.*)"); - initData.properties.setProperty("IceSSL.VerifyPeer", "0"); - Communicator comm = Util.initialize(args, initData); - com.zeroc.Ice.PluginManager pm = comm.getPluginManager(); - pm.initializePlugins(); - com.zeroc.Ice.ObjectPrx obj = comm.stringToProxy(factoryRef); - test(obj != null); - ServerFactoryPrx fact = ServerFactoryPrx.checkedCast(obj); - java.util.Map<String, String> d = createServerProps(defaultProperties); - d.put("IceSSL.Ciphers", "NONE (.*DH_anon.*AES.*)"); - d.put("IceSSL.VerifyPeer", "0"); - ServerPrx server = fact.createServer(d); - try - { - server.ice_ping(); - } - catch(com.zeroc.Ice.LocalException ex) - { - ex.printStackTrace(); - test(false); - } - fact.destroyServer(server); - comm.destroy(); - } out.println("ok"); out.print("testing certificate verification... "); @@ -402,37 +375,6 @@ public class AllTests comm.destroy(); // - // Test IceSSL.VerifyPeer=1. This should fail because the server - // does not supply a certificate. - // - initData = createClientProps(defaultProperties); - initData.properties.setProperty("IceSSL.Ciphers", "NONE (.*DH_anon.*AES.*)"); - initData.properties.setProperty("IceSSL.VerifyPeer", "1"); - comm = Util.initialize(args, initData); - fact = ServerFactoryPrx.checkedCast(comm.stringToProxy(factoryRef)); - test(fact != null); - d = createServerProps(defaultProperties); - d.put("IceSSL.Ciphers", "NONE (.*DH_anon.*AES.*)"); - d.put("IceSSL.VerifyPeer", "0"); - server = fact.createServer(d); - try - { - server.ice_ping(); - test(false); - } - catch(com.zeroc.Ice.SecurityException ex) - { - // Expected. - } - catch(com.zeroc.Ice.LocalException ex) - { - ex.printStackTrace(); - test(false); - } - fact.destroyServer(server); - comm.destroy(); - - // // This should succeed because the self signed certificate used by the server is // trusted. // @@ -1060,69 +1002,6 @@ public class AllTests out.flush(); { // - // ADH is allowed but will not have a certificate. - // - initData = createClientProps(defaultProperties); - initData.properties.setProperty("IceSSL.Ciphers", "NONE (.*DH_anon.*AES.*)"); - initData.properties.setProperty("IceSSL.VerifyPeer", "0"); - Communicator comm = Util.initialize(args, initData); - com.zeroc.IceSSL.Plugin plugin = (com.zeroc.IceSSL.Plugin)comm.getPluginManager().getPlugin("IceSSL"); - test(plugin != null); - CertificateVerifierI verifier = new CertificateVerifierI(); - plugin.setCertificateVerifier(verifier); - - ServerFactoryPrx fact = ServerFactoryPrx.checkedCast(comm.stringToProxy(factoryRef)); - test(fact != null); - d = createServerProps(defaultProperties); - d.put("IceSSL.Ciphers", "NONE (.*DH_anon.*AES.*)"); - d.put("IceSSL.VerifyPeer", "0"); - ServerPrx server = fact.createServer(d); - try - { - String cipherSub = "DH_anon"; - server.checkCipher(cipherSub); - com.zeroc.IceSSL.ConnectionInfo info = - (com.zeroc.IceSSL.ConnectionInfo)server.ice_getConnection().getInfo(); - test(info.cipher.indexOf(cipherSub) >= 0); - } - catch(com.zeroc.Ice.LocalException ex) - { - ex.printStackTrace(); - test(false); - } - test(verifier.invoked()); - test(!verifier.hadCert()); - - // - // Have the verifier return false. Close the connection explicitly - // to force a new connection to be established. - // - verifier.reset(); - verifier.returnValue(false); - server.ice_getConnection().close(com.zeroc.Ice.ConnectionClose.GracefullyWithWait); - try - { - server.ice_ping(); - test(false); - } - catch(com.zeroc.Ice.SecurityException ex) - { - // Expected. - } - catch(com.zeroc.Ice.LocalException ex) - { - ex.printStackTrace(); - test(false); - } - test(verifier.invoked()); - test(!verifier.hadCert()); - - fact.destroyServer(server); - comm.destroy(); - } - - { - // // Verify that a server certificate is present. // initData = createClientProps(defaultProperties, "c_rsa_ca1", "cacert1"); @@ -1493,33 +1372,6 @@ public class AllTests out.flush(); { // - // The server has a certificate but the client doesn't. They should - // negotiate to use ADH since we explicitly enable it. - // - initData = createClientProps(defaultProperties); - initData.properties.setProperty("IceSSL.Ciphers", "NONE (.*DH_anon.*AES.*)"); - initData.properties.setProperty("IceSSL.VerifyPeer", "0"); - Communicator comm = Util.initialize(args, initData); - ServerFactoryPrx fact = ServerFactoryPrx.checkedCast(comm.stringToProxy(factoryRef)); - test(fact != null); - d = createServerProps(defaultProperties, "s_rsa_ca1", "cacert1"); - d.put("IceSSL.Ciphers", "ALL"); - d.put("IceSSL.VerifyPeer", "1"); - ServerPrx server = fact.createServer(d); - try - { - server.ice_ping(); - } - catch(com.zeroc.Ice.LocalException ex) - { - ex.printStackTrace(); - test(false); - } - fact.destroyServer(server); - comm.destroy(); - } - { - // // Configure a server with RSA and DSA certificates. // // First try a client with a DSA certificate. @@ -1564,38 +1416,6 @@ public class AllTests } fact.destroyServer(server); comm.destroy(); - - // - // Next try a client with ADH. This should fail. - // - initData = createClientProps(defaultProperties); - initData.properties.setProperty("IceSSL.Ciphers", "NONE (.*DH_anon.*AES.*)"); - comm = Util.initialize(args, initData); - fact = ServerFactoryPrx.checkedCast(comm.stringToProxy(factoryRef)); - test(fact != null); - d = createServerProps(defaultProperties, "s_rsa_dsa_ca1", "cacert1"); - d.put("IceSSL.VerifyPeer", "1"); - server = fact.createServer(d); - try - { - server.ice_ping(); - test(false); - } - catch(com.zeroc.Ice.SecurityException ex) - { - // Expected. - } - catch(com.zeroc.Ice.ConnectionLostException ex) - { - // Expected for thread pool. - } - catch(com.zeroc.Ice.LocalException ex) - { - ex.printStackTrace(); - test(false); - } - fact.destroyServer(server); - comm.destroy(); } { // @@ -2059,62 +1879,6 @@ public class AllTests } { // - // Test rejection when client does not supply a certificate. - // - initData = createClientProps(defaultProperties); - initData.properties.setProperty("IceSSL.Ciphers", "NONE (.*DH_anon.*AES.*)"); - initData.properties.setProperty("IceSSL.VerifyPeer", "0"); - Communicator comm = Util.initialize(args, initData); - - ServerFactoryPrx fact = ServerFactoryPrx.checkedCast(comm.stringToProxy(factoryRef)); - test(fact != null); - d = createServerProps(defaultProperties); - d.put("IceSSL.TrustOnly", - "C=US, ST=Florida, O=ZeroC\\, Inc., OU=Ice, emailAddress=info@zeroc.com, CN=Client"); - d.put("IceSSL.Ciphers", "NONE (.*DH_anon.*AES.*)"); - d.put("IceSSL.VerifyPeer", "0"); - ServerPrx server = fact.createServer(d); - try - { - server.ice_ping(); - test(false); - } - catch(com.zeroc.Ice.LocalException ex) - { - } - fact.destroyServer(server); - comm.destroy(); - } - { - // - // Test rejection when client does not supply a certificate. - // - initData = createClientProps(defaultProperties); - initData.properties.setProperty("IceSSL.Ciphers", "NONE (.*DH_anon.*AES.*)"); - initData.properties.setProperty("IceSSL.VerifyPeer", "0"); - Communicator comm = Util.initialize(args, initData); - - ServerFactoryPrx fact = ServerFactoryPrx.checkedCast(comm.stringToProxy(factoryRef)); - test(fact != null); - d = createServerProps(defaultProperties); - d.put("IceSSL.TrustOnly", - "!C=US, ST=Florida, O=ZeroC\\, Inc., OU=Ice, emailAddress=info@zeroc.com, CN=Client"); - d.put("IceSSL.Ciphers", "NONE (.*DH_anon.*AES.*)"); - d.put("IceSSL.VerifyPeer", "0"); - ServerPrx server = fact.createServer(d); - try - { - server.ice_ping(); - test(false); - } - catch(com.zeroc.Ice.LocalException ex) - { - } - fact.destroyServer(server); - comm.destroy(); - } - { - // // Rejection takes precedence (client). // initData = createClientProps(defaultProperties, "c_rsa_ca1", "cacert1"); |