diff options
Diffstat (limited to 'cpp/test/IceSSL/configuration/AllTests.cpp')
| -rw-r--r-- | cpp/test/IceSSL/configuration/AllTests.cpp | 632 |
1 files changed, 383 insertions, 249 deletions
diff --git a/cpp/test/IceSSL/configuration/AllTests.cpp b/cpp/test/IceSSL/configuration/AllTests.cpp index cfa6506493e..7261fdfbd8f 100644 --- a/cpp/test/IceSSL/configuration/AllTests.cpp +++ b/cpp/test/IceSSL/configuration/AllTests.cpp @@ -18,6 +18,15 @@ #ifdef __APPLE__ # include <sys/sysctl.h> +#if TARGET_OS_IPHONE != 0 +#include <IceSSL/Util.h> // For loadCertificateChain +#endif +#endif + +#ifdef ICE_CPP11_MAPPING +# define ICE_TARGET_EQUALS(A,B) Ice::targetEquals(A, B) +#else +# define ICE_TARGET_EQUALS(A,B) A == B #endif using namespace std; @@ -129,17 +138,17 @@ public: } CertDeleteCertificateFromStore(cert); } - _certs.clear(); + _certs.clear(); for(vector<HCERTSTORE>::const_iterator i = _stores.begin(); i != _stores.end(); ++i) { CertCloseStore(*i, 0); } - _stores.clear(); - if(_store) - { - CertCloseStore(_store, 0); - _store = 0; - } + _stores.clear(); + if(_store) + { + CertCloseStore(_store, 0); + _store = 0; + } } private: @@ -149,6 +158,83 @@ private: vector<PCCERT_CONTEXT> _certs; }; +#elif defined(__APPLE__) && TARGET_OS_IPHONE != 0 +class ImportCerts +{ +public: + + ImportCerts(const string& defaultDir, const char* certificates[]) + { + for(int i = 0; certificates[i] != 0; ++i) + { + string resolved; + if(IceSSL::checkPath(certificates[i], defaultDir, false, resolved)) + { + CFArrayRef certs = IceSSL::loadCertificateChain(resolved, "", "", "", "password", 0, 0); + SecIdentityRef identity = (SecIdentityRef)CFArrayGetValueAtIndex(certs, 0); + CFRetain(identity); + _identities.push_back(identity); + OSStatus err; + CFMutableDictionaryRef query; + + query = CFDictionaryCreateMutable(0, 1, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks); + CFDictionarySetValue(query, kSecValueRef, identity); + if((err = SecItemAdd(query, 0))) + { + cerr << "failed to add identity " << certificates[i] << ": " << err << endl; + } + CFRelease(query); + + // query = CFDictionaryCreateMutable(0, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks); + // CFDictionarySetValue(query, kSecClass, kSecClassCertificate); + // CFDictionarySetValue(query, kSecReturnRef, kCFBooleanTrue); + // CFDictionarySetValue(query, kSecMatchLimit, kSecMatchLimitAll); + // CFArrayRef array = 0; + // err = SecItemCopyMatching(query, (CFTypeRef*)&array); + // printf("Certificates\n"); + // for(int i = 0; i < CFArrayGetCount(array); ++i) + // { + // printf("Cert %d: %s\n", i, (new IceSSL::Certificate((SecCertificateRef)CFArrayGetValueAtIndex(array, i)))->toString().c_str()); + // } + // CFRelease(certs); + } + } + // Nothing to do. + } + + ~ImportCerts() + { + cleanup(); + } + + void cleanup() + { + CFMutableDictionaryRef query; + for(vector<SecIdentityRef>::const_iterator p = _identities.begin(); p != _identities.end(); ++p) + { + query = CFDictionaryCreateMutable(0, 1, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks); + CFDictionarySetValue(query, kSecClass, kSecClassIdentity); + CFDictionarySetValue(query, kSecValueRef, *p); + SecItemDelete(query); + CFRelease(query); + + SecCertificateRef cert; + SecIdentityCopyCertificate(*p, &cert); + query = CFDictionaryCreateMutable(0, 1, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks); + CFDictionarySetValue(query, kSecClass, kSecClassCertificate); + CFDictionarySetValue(query, kSecValueRef, cert); + SecItemDelete(query); + CFRelease(query); + + CFRelease(*p); + } + _identities.clear(); + } + +private: + + vector<SecIdentityRef> _identities; +}; #else class ImportCerts { @@ -189,7 +275,7 @@ private: string _password; int _count; }; -typedef IceUtil::Handle<PasswordPromptI> PasswordPromptIPtr; +ICE_DEFINE_PTR(PasswordPromptIPtr, PasswordPromptI); class CertificateVerifierI : public IceSSL::CertificateVerifier { @@ -205,6 +291,7 @@ public: { if(info->nativeCerts.size() > 0) { +#if !defined(__APPLE__) || TARGET_OS_IPHONE == 0 // // Subject alternative name // @@ -251,6 +338,7 @@ public: test(find(ipAddresses.begin(), ipAddresses.end(), "127.0.0.1") != ipAddresses.end()); test(find(emailAddresses.begin(), emailAddresses.end(), "issuer@zeroc.com") != emailAddresses.end()); } +#endif } _hadCert = info->nativeCerts.size() != 0; @@ -286,7 +374,7 @@ private: bool _invoked; bool _hadCert; }; -typedef IceUtil::Handle<CertificateVerifierI> CertificateVerifierIPtr; +ICE_DEFINE_PTR(CertificateVerifierIPtr, CertificateVerifierI); int keychainN = 0; @@ -314,7 +402,8 @@ createClientProps(const Ice::PropertiesPtr& defaultProps, const string& defaultD { result->setProperty("IceSSL.Password", "password"); } - //result->setProperty("IceSSL.Trace.Security", "1"); +// result->setProperty("IceSSL.Trace.Security", "1"); +// result->setProperty("Ice.Trace.Network", "1"); #ifdef ICE_USE_SECURE_TRANSPORT ostringstream keychainName; keychainName << "../certs/keychain/client" << keychainN++ << ".keychain"; @@ -346,7 +435,8 @@ createServerProps(const Ice::PropertiesPtr& defaultProps, const string& defaultD { result["IceSSL.Password"] = "password"; } - //result["IceSSL.Trace.Security"] = "1"; +// result["Ice.Trace.Network"] = "1"; +// result["IceSSL.Trace.Security"] = "1"; #ifdef ICE_USE_SECURE_TRANSPORT ostringstream keychainName; keychainName << "../certs/keychain/server" << keychainN << ".keychain"; @@ -428,9 +518,10 @@ void verify(const IceSSL::CertificatePtr& cert, const IceSSL::CertificatePtr& ca cerr << endl; } -void -allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, bool shutdown) +Test::ServerFactoryPrxPtr +allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12) { + bool elCapitanUpdate2OrLower = false; #ifdef __APPLE__ bool isElCapitan = false; vector<char> s(256); @@ -439,16 +530,27 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b if(ret == 0) { isElCapitan = string(&s[0]).find("15.") == 0; + if(isElCapitan) + { + size_t first = string(&s[0]).find_first_of("."); + size_t last = string(&s[0]).find_last_of("."); + int minorVersion = atoi(string(&s[0]).substr(first + 1, last - first - 1).c_str()); + elCapitanUpdate2OrLower = minorVersion <= 2; + } } #endif - string factoryRef = "factory:tcp -p 12010"; - ObjectPrx base = communicator->stringToProxy(factoryRef); + ObjectPrxPtr base = communicator->stringToProxy(factoryRef); test(base); - Test::ServerFactoryPrx factory = Test::ServerFactoryPrx::checkedCast(base); + Test::ServerFactoryPrxPtr factory = ICE_CHECKED_CAST(Test::ServerFactoryPrx, base); string defaultHost = communicator->getProperties()->getProperty("Ice.Default.Host"); +#if !defined(__APPLE__) || TARGET_OS_IPHONE == 0 string defaultDir = testDir + "/../certs"; +#else + string defaultDir = "certs"; +#endif + Ice::PropertiesPtr defaultProps = communicator->getProperties(); #ifdef _WIN32 string sep = ";"; @@ -464,7 +566,7 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12); initData.properties->setProperty("Ice.InitPlugins", "0"); CommunicatorPtr comm = initialize(initData); - ObjectPrx p = comm->stringToProxy("dummy:ssl -p 9999"); + ObjectPrxPtr p = comm->stringToProxy("dummy:ssl -p 9999"); try { p->ice_ping(); @@ -484,7 +586,7 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b // // Anonymous cipher are not supported with SChannel // -#ifndef ICE_USE_SCHANNEL +#if !defined(ICE_USE_SCHANNEL) { InitializationData initData; initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12); @@ -498,9 +600,9 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b CommunicatorPtr comm = initialize(initData); PluginManagerPtr pm = comm->getPluginManager(); pm->initializePlugins(); - ObjectPrx obj = comm->stringToProxy(factoryRef); + ObjectPrxPtr obj = comm->stringToProxy(factoryRef); test(obj); - Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(obj); + Test::ServerFactoryPrxPtr fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, obj); Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12); # ifdef ICE_USE_OPENSSL d["IceSSL.Ciphers"] = anonCiphers; @@ -508,7 +610,7 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b d["IceSSL.Ciphers"] = "DH_anon_WITH_AES_256_CBC_SHA"; # endif d["IceSSL.VerifyPeer"] = "0"; - Test::ServerPrx server = fact->createServer(d); + Test::ServerPrxPtr server = fact->createServer(d); try { server->ice_ping(); @@ -533,16 +635,16 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "", ""); initData.properties->setProperty("IceSSL.VerifyPeer", "0"); CommunicatorPtr comm = initialize(initData); - Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + Test::ServerFactoryPrxPtr fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", ""); d["IceSSL.VerifyPeer"] = "0"; - Test::ServerPrx server = fact->createServer(d); + Test::ServerPrxPtr server = fact->createServer(d); try { server->noCert(); - test(!IceSSL::ConnectionInfoPtr::dynamicCast(server->ice_getConnection()->getInfo())->verified); + test(!ICE_DYNAMIC_CAST(IceSSL::ConnectionInfo, server->ice_getConnection()->getInfo())->verified); } catch(const LocalException& ex) { @@ -558,7 +660,7 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b // initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "", "cacert1"); comm = initialize(initData); - fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", ""); @@ -567,7 +669,7 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b try { server->noCert(); - test(IceSSL::ConnectionInfoPtr::dynamicCast(server->ice_getConnection()->getInfo())->verified); + test(ICE_DYNAMIC_CAST(IceSSL::ConnectionInfo, server->ice_getConnection()->getInfo())->verified); } catch(const LocalException&) { @@ -627,7 +729,7 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b // initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca1", "cacert1"); comm = initialize(initData); - fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1"); @@ -645,33 +747,41 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b // Validate some aspects of the Certificate class. // IceSSL::CertificatePtr serverCert = IceSSL::Certificate::load(defaultDir + "/s_rsa_ca1_pub.pem"); - test(IceSSL::Certificate::decode(serverCert->encode()) == serverCert); - test(serverCert == serverCert); + test(ICE_TARGET_EQUALS(IceSSL::Certificate::decode(serverCert->encode()), serverCert)); + test(ICE_TARGET_EQUALS(serverCert, serverCert)); +#if !defined(__APPLE__) || TARGET_OS_IPHONE == 0 test(serverCert->checkValidity()); test(!serverCert->checkValidity(IceUtil::Time::seconds(0))); +#endif IceSSL::CertificatePtr caCert = IceSSL::Certificate::load(defaultDir + "/cacert1.pem"); - test(caCert == caCert); + IceSSL::CertificatePtr caCert2 = IceSSL::Certificate::load(defaultDir + "/cacert2.pem"); + test(ICE_TARGET_EQUALS(caCert, caCert)); +#if !defined(__APPLE__) || TARGET_OS_IPHONE == 0 test(caCert->checkValidity()); test(!caCert->checkValidity(IceUtil::Time::seconds(0))); +#endif test(!serverCert->verify(serverCert)); test(serverCert->verify(caCert)); + test(!serverCert->verify(caCert2)); test(caCert->verify(caCert)); - info = IceSSL::NativeConnectionInfoPtr::dynamicCast(server->ice_getConnection()->getInfo()); + info = ICE_DYNAMIC_CAST(IceSSL::NativeConnectionInfo, server->ice_getConnection()->getInfo()); test(info->nativeCerts.size() == 2); test(info->verified); - test(caCert == info->nativeCerts[1]); - test(serverCert == info->nativeCerts[0]); + test(ICE_TARGET_EQUALS(caCert, info->nativeCerts[1])); + test(ICE_TARGET_EQUALS(serverCert, info->nativeCerts[0])); - test(serverCert != info->nativeCerts[1]); - test(caCert != info->nativeCerts[0]); + test(!(ICE_TARGET_EQUALS(serverCert, info->nativeCerts[1]))); + test(!(ICE_TARGET_EQUALS(caCert, info->nativeCerts[0]))); +#if !defined(__APPLE__) || TARGET_OS_IPHONE == 0 test(info->nativeCerts[0]->checkValidity() && info->nativeCerts[1]->checkValidity()); test(!info->nativeCerts[0]->checkValidity(IceUtil::Time::seconds(0)) && !info->nativeCerts[1]->checkValidity(IceUtil::Time::seconds(0))); +#endif test(info->nativeCerts[0]->verify(info->nativeCerts[1])); test(info->nativeCerts.size() == 2 && info->nativeCerts[0]->getSubjectDN() == serverCert->getSubjectDN() && @@ -710,7 +820,7 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "", ""); initData.properties->setProperty("IceSSL.VerifyPeer", "1"); comm = initialize(initData); - fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1"); d["IceSSL.VerifyPeer"] = "0"; @@ -739,7 +849,7 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca2", ""); initData.properties->setProperty("IceSSL.VerifyPeer", "0"); comm = initialize(initData); - fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", ""); d["IceSSL.VerifyPeer"] = "1"; @@ -766,7 +876,7 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b // initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "", "cacert2"); comm = initialize(initData); - fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "cacert2", ""); d["IceSSL.VerifyPeer"] = "0"; @@ -788,7 +898,7 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b // initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "", ""); comm = initialize(initData); - fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "cacert2", ""); d["IceSSL.VerifyPeer"] = "0"; @@ -814,7 +924,7 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b // initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca1", "cacert1"); comm = initialize(initData); - fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1"); d["IceSSL.CheckCertName"] = "1"; @@ -844,7 +954,7 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b initData.properties->setProperty("IceSSL.CheckCertName", "1"); comm = initialize(initData); - fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1"); server = fact->createServer(d); @@ -866,7 +976,7 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b initData.properties->setProperty("IceSSL.CheckCertName", "1"); comm = initialize(initData); - fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1_cn1", "cacert1"); server = fact->createServer(d); @@ -874,8 +984,9 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b { server->ice_ping(); } - catch(const LocalException&) + catch(const LocalException& ex) { + cerr << ex << endl; test(false); } fact->destroyServer(server); @@ -889,7 +1000,7 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b initData.properties->setProperty("IceSSL.CheckCertName", "1"); comm = initialize(initData); - fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1_cn2", "cacert1"); server = fact->createServer(d); @@ -918,7 +1029,7 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b initData.properties->setProperty("IceSSL.VerifyPeer", "0"); CommunicatorPtr comm = initialize(initData); - Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + Test::ServerFactoryPrxPtr fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); // @@ -928,10 +1039,10 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b // Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", ""); d["IceSSL.VerifyPeer"] = "0"; - Test::ServerPrx server = fact->createServer(d); + Test::ServerPrxPtr server = fact->createServer(d); try { - info = IceSSL::NativeConnectionInfoPtr::dynamicCast(server->ice_getConnection()->getInfo()); + info = ICE_DYNAMIC_CAST(IceSSL::NativeConnectionInfo, server->ice_getConnection()->getInfo()); test(info->nativeCerts.size() == 1); test(!info->verified); } @@ -951,7 +1062,7 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b server = fact->createServer(d); try { - info = IceSSL::NativeConnectionInfoPtr::dynamicCast(server->ice_getConnection()->getInfo()); + info = ICE_DYNAMIC_CAST(IceSSL::NativeConnectionInfo, server->ice_getConnection()->getInfo()); #ifdef ICE_USE_OPENSSL test(info->nativeCerts.size() == 2); // TODO: Fix OpenSSL #else @@ -979,7 +1090,7 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b server = fact->createServer(d); try { - info = IceSSL::NativeConnectionInfoPtr::dynamicCast(server->ice_getConnection()->getInfo()); + info = ICE_DYNAMIC_CAST(IceSSL::NativeConnectionInfo, server->ice_getConnection()->getInfo()); #ifdef ICE_USE_SCHANNEL test(info->nativeCerts.size() == 1); // SChannel never sends the root certificate #else @@ -1004,16 +1115,16 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b initData.properties->setProperty("IceSSL.VerifyPeer", "1"); comm = initialize(initData); - fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); { Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", ""); d["IceSSL.VerifyPeer"] = "0"; - Test::ServerPrx server = fact->createServer(d); + Test::ServerPrxPtr server = fact->createServer(d); try { - info = IceSSL::NativeConnectionInfoPtr::dynamicCast(server->ice_getConnection()->getInfo()); + info = ICE_DYNAMIC_CAST(IceSSL::NativeConnectionInfo, server->ice_getConnection()->getInfo()); test(info->nativeCerts.size() == 2); test(info->verified); } @@ -1035,16 +1146,16 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b initData.properties->setProperty("IceSSL.VerifyDepthMax", "2"); comm = initialize(initData); - fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); { Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_cai1", ""); d["IceSSL.VerifyPeer"] = "0"; - Test::ServerPrx server = fact->createServer(d); + Test::ServerPrxPtr server = fact->createServer(d); try { - IceSSL::NativeConnectionInfoPtr::dynamicCast(server->ice_getConnection()->getInfo()); + ICE_DYNAMIC_CAST(IceSSL::NativeConnectionInfo, server->ice_getConnection()->getInfo()); import.cleanup(); test(false); } @@ -1070,16 +1181,16 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b //initData.properties->setProperty("IceSSL.VerifyDepthMax", "3"); comm = initialize(initData); - fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); { Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_cai1", ""); d["IceSSL.VerifyPeer"] = "0"; - Test::ServerPrx server = fact->createServer(d); + Test::ServerPrxPtr server = fact->createServer(d); try { - info = IceSSL::NativeConnectionInfoPtr::dynamicCast(server->ice_getConnection()->getInfo()); + info = ICE_DYNAMIC_CAST(IceSSL::NativeConnectionInfo, server->ice_getConnection()->getInfo()); test(info->nativeCerts.size() == 3); test(info->verified); } @@ -1094,10 +1205,10 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b { Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_cai2", ""); d["IceSSL.VerifyPeer"] = "0"; - Test::ServerPrx server = fact->createServer(d); + Test::ServerPrxPtr server = fact->createServer(d); try { - IceSSL::NativeConnectionInfoPtr::dynamicCast(server->ice_getConnection()->getInfo()); + ICE_DYNAMIC_CAST(IceSSL::NativeConnectionInfo, server->ice_getConnection()->getInfo()); import.cleanup(); test(false); } @@ -1117,16 +1228,16 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b initData.properties->setProperty("IceSSL.VerifyDepthMax", "4"); comm = initialize(initData); - fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); { Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_cai2", ""); d["IceSSL.VerifyPeer"] = "0"; - Test::ServerPrx server = fact->createServer(d); + Test::ServerPrxPtr server = fact->createServer(d); try { - info = IceSSL::NativeConnectionInfoPtr::dynamicCast(server->ice_getConnection()->getInfo()); + info = ICE_DYNAMIC_CAST(IceSSL::NativeConnectionInfo, server->ice_getConnection()->getInfo()); test(info->nativeCerts.size() == 4); test(info->verified); } @@ -1148,13 +1259,13 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b initData.properties->setProperty("IceSSL.VerifyDepthMax", "4"); comm = initialize(initData); - fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); { Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_cai2", "cacert1"); d["IceSSL.VerifyPeer"] = "2"; - Test::ServerPrx server = fact->createServer(d); + Test::ServerPrxPtr server = fact->createServer(d); try { server->ice_getConnection(); @@ -1181,7 +1292,7 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_cai2", "cacert1"); d["IceSSL.VerifyPeer"] = "2"; d["IceSSL.VerifyDepthMax"] = "4"; - Test::ServerPrx server = fact->createServer(d); + Test::ServerPrxPtr server = fact->createServer(d); try { server->ice_getConnection(); @@ -1217,12 +1328,12 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b # endif initData.properties->setProperty("IceSSL.VerifyPeer", "0"); CommunicatorPtr comm = initialize(initData); - IceSSL::PluginPtr plugin = IceSSL::PluginPtr::dynamicCast(comm->getPluginManager()->getPlugin("IceSSL")); + IceSSL::PluginPtr plugin = ICE_DYNAMIC_CAST(IceSSL::Plugin, comm->getPluginManager()->getPlugin("IceSSL")); test(plugin); - CertificateVerifierIPtr verifier = new CertificateVerifierI; + CertificateVerifierIPtr verifier = ICE_MAKE_SHARED(CertificateVerifierI); plugin->setCertificateVerifier(verifier); - Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + Test::ServerFactoryPrxPtr fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12); # ifdef ICE_USE_OPENSSL @@ -1236,11 +1347,11 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b d["IceSSL.Ciphers"] = "(DH_anon*)"; # endif d["IceSSL.VerifyPeer"] = "0"; - Test::ServerPrx server = fact->createServer(d); + Test::ServerPrxPtr server = fact->createServer(d); try { server->checkCipher(cipherSub); - info = IceSSL::NativeConnectionInfoPtr::dynamicCast(server->ice_getConnection()->getInfo()); + info = ICE_DYNAMIC_CAST(IceSSL::NativeConnectionInfo, server->ice_getConnection()->getInfo()); test(info->cipher.compare(0, cipherSub.size(), cipherSub) == 0); } catch(const LocalException&) @@ -1285,16 +1396,16 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca1", "cacert1"); initData.properties->setProperty("IceSSL.VerifyPeer", "0"); CommunicatorPtr comm = initialize(initData); - IceSSL::PluginPtr plugin = IceSSL::PluginPtr::dynamicCast(comm->getPluginManager()->getPlugin("IceSSL")); + IceSSL::PluginPtr plugin = ICE_DYNAMIC_CAST(IceSSL::Plugin, comm->getPluginManager()->getPlugin("IceSSL")); test(plugin); - CertificateVerifierIPtr verifier = new CertificateVerifierI; + CertificateVerifierIPtr verifier = ICE_MAKE_SHARED(CertificateVerifierI); plugin->setCertificateVerifier(verifier); - Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + Test::ServerFactoryPrxPtr fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1"); d["IceSSL.VerifyPeer"] = "2"; - Test::ServerPrx server = fact->createServer(d); + Test::ServerPrxPtr server = fact->createServer(d); try { server->ice_ping(); @@ -1324,12 +1435,12 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b initData.properties->setProperty("IceSSL.Protocols", "tls1_1"); CommunicatorPtr comm = initialize(initData); - Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + Test::ServerFactoryPrxPtr fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1"); d["IceSSL.VerifyPeer"] = "0"; d["IceSSL.Protocols"] = "tls1_2"; - Test::ServerPrx server = fact->createServer(d); + Test::ServerPrxPtr server = fact->createServer(d); try { server->ice_ping(); @@ -1354,7 +1465,7 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b // This should succeed. // comm = initialize(initData); - fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1"); d["IceSSL.VerifyPeer"] = "0"; @@ -1389,11 +1500,11 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b initData.properties->setProperty("IceSSL.Protocols", "ssl3"); CommunicatorPtr comm = initialize(initData); - Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + Test::ServerFactoryPrxPtr fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1"); d["IceSSL.VerifyPeer"] = "0"; - Test::ServerPrx server = fact->createServer(d); + Test::ServerPrxPtr server = fact->createServer(d); try { server->ice_ping(); @@ -1415,9 +1526,9 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b comm->destroy(); } - // - // SSLv3 is now disabled by default with some SSL implementations. - // + // + // SSLv3 is now disabled by default with some SSL implementations. + // // // // // This should success because both have SSLv3 enabled // // @@ -1427,19 +1538,19 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b // initData.properties->setProperty("IceSSL.Protocols", "ssl3"); // CommunicatorPtr comm = initialize(initData); - // Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + // Test::ServerFactoryPrxPtr fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); // test(fact); // Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", ""); // d["IceSSL.VerifyPeer"] = "0"; // d["IceSSL.Protocols"] = "ssl3, tls, tls1_1, tls1_2"; - // Test::ServerPrx server = fact->createServer(d); + // Test::ServerPrxPtr server = fact->createServer(d); // try // { // server->ice_ping(); // } // catch(const LocalException& ex) // { - // test(false); + // test(false); // } // fact->destroyServer(server); // comm->destroy(); @@ -1462,14 +1573,14 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b initData.properties->setProperty("IceSSL.ProtocolVersionMax", "tls1"); initData.properties->setProperty("IceSSL.ProtocolVersionMin", "tls1"); CommunicatorPtr comm = initialize(initData); - Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + Test::ServerFactoryPrxPtr fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12); d["IceSSL.Ciphers"] = "(DH_anon*)"; d["IceSSL.VerifyPeer"] = "0"; d["IceSSL.ProtocolVersionMax"] = "tls1_2"; d["IceSSL.ProtocolVersionMin"] = "tls1_2"; - Test::ServerPrx server = fact->createServer(d); + Test::ServerPrxPtr server = fact->createServer(d); try { server->ice_ping(); @@ -1494,7 +1605,7 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b // This should succeed. // comm = initialize(initData); - fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); d = createServerProps(defaultProps, defaultDir, defaultHost, p12); d["IceSSL.Ciphers"] = "(DH_anon*)"; @@ -1525,11 +1636,11 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b initData.properties->setProperty("IceSSL.ProtocolVersionMax", "ssl3"); CommunicatorPtr comm = initialize(initData); - Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + Test::ServerFactoryPrxPtr fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1"); d["IceSSL.VerifyPeer"] = "0"; - Test::ServerPrx server = fact->createServer(d); + Test::ServerPrxPtr server = fact->createServer(d); try { server->ice_ping(); @@ -1562,20 +1673,23 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b initData.properties->setProperty("IceSSL.ProtocolVersionMax", "ssl3"); CommunicatorPtr comm = initialize(initData); - Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + Test::ServerFactoryPrxPtr fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1"); d["IceSSL.VerifyPeer"] = "0"; d["IceSSL.ProtocolVersionMin"] = "ssl3"; - Test::ServerPrx server = fact->createServer(d); + Test::ServerPrxPtr server = fact->createServer(d); try { - // OS X 10.11 versions prior to 10.11.2 will throw an exception as SSLv3 is totally disabled. server->ice_ping(); } catch(const LocalException&) { - test(false); + // OS X 10.11 versions prior to 10.11.2 will throw an exception as SSLv3 is totally disabled. + if(!elCapitanUpdate2OrLower) + { + test(false); + } } fact->destroyServer(server); comm->destroy(); @@ -1589,18 +1703,20 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b // // This should fail because the server's certificate is expired. // +#if !defined(__APPLE__) || TARGET_OS_IPHONE == 0 { IceSSL::CertificatePtr cert = IceSSL::Certificate::load(defaultDir + "/s_rsa_ca1_exp_pub.pem"); test(!cert->checkValidity()); } +#endif InitializationData initData; initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca1", "cacert1"); CommunicatorPtr comm = initialize(initData); - Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + Test::ServerFactoryPrxPtr fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1_exp", "cacert1"); - Test::ServerPrx server = fact->createServer(d); + Test::ServerPrxPtr server = fact->createServer(d); try { server->ice_ping(); @@ -1621,14 +1737,16 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b // // This should fail because the client's certificate is expired. // +#if !defined(__APPLE__) || TARGET_OS_IPHONE == 0 { IceSSL::CertificatePtr cert = IceSSL::Certificate::load(defaultDir + "/c_rsa_ca1_exp_pub.pem"); test(!cert->checkValidity()); } +#endif initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca1_exp", "cacert1"); comm = initialize(initData); - fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1"); server = fact->createServer(d); @@ -1662,11 +1780,11 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca1", ""); initData.properties->setProperty("IceSSL.CAs", defaultDir); CommunicatorPtr comm = initialize(initData); - Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + Test::ServerFactoryPrxPtr fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", ""); d["IceSSL.CAs"] = defaultDir; - Test::ServerPrx server = fact->createServer(d); + Test::ServerPrxPtr server = fact->createServer(d); try { server->ice_ping(); @@ -1687,11 +1805,11 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b InitializationData initData; initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca1", "cacerts"); CommunicatorPtr comm = initialize(initData); - Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + Test::ServerFactoryPrxPtr fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca2", "cacerts"); d["IceSSL.VerifyPeer"] = "2"; - Test::ServerPrx server = fact->createServer(d); + Test::ServerPrxPtr server = fact->createServer(d); try { server->ice_ping(); @@ -1712,12 +1830,12 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca1", ""); initData.properties->setProperty("IceSSL.CAs", "cacert1.der"); CommunicatorPtr comm = initialize(initData); - Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + Test::ServerFactoryPrxPtr fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", ""); d["IceSSL.VerifyPeer"] = "2"; d["IceSSL.CAs"] = "cacert1.der"; - Test::ServerPrx server = fact->createServer(d); + Test::ServerPrxPtr server = fact->createServer(d); try { server->ice_ping(); @@ -1751,16 +1869,16 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b initData.properties->setProperty("Ice.InitPlugins", "0"); CommunicatorPtr comm = initialize(initData); PluginManagerPtr pm = comm->getPluginManager(); - IceSSL::PluginPtr plugin = IceSSL::PluginPtr::dynamicCast(pm->getPlugin("IceSSL")); + IceSSL::PluginPtr plugin = ICE_DYNAMIC_CAST(IceSSL::Plugin, pm->getPlugin("IceSSL")); test(plugin); - PasswordPromptIPtr prompt = new PasswordPromptI("client"); + PasswordPromptIPtr prompt = ICE_MAKE_SHARED(PasswordPromptI, "client"); plugin->setPasswordPrompt(prompt); pm->initializePlugins(); test(prompt->count() == 1); - Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + Test::ServerFactoryPrxPtr fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1"); - Test::ServerPrx server = fact->createServer(d); + Test::ServerPrxPtr server = fact->createServer(d); try { server->ice_ping(); @@ -1782,9 +1900,9 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b initData.properties->setProperty("Ice.InitPlugins", "0"); comm = initialize(initData); pm = comm->getPluginManager(); - plugin = IceSSL::PluginPtr::dynamicCast(pm->getPlugin("IceSSL")); + plugin = ICE_DYNAMIC_CAST(IceSSL::Plugin, pm->getPlugin("IceSSL")); test(plugin); - prompt = new PasswordPromptI("invalid"); + prompt = ICE_MAKE_SHARED(PasswordPromptI, "invalid"); plugin->setPasswordPrompt(prompt); try { @@ -1822,7 +1940,7 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b initData.properties->setProperty("IceSSL.Ciphers", "(DH_anon*)"); # endif CommunicatorPtr comm = initialize(initData); - Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + Test::ServerFactoryPrxPtr fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1"); # ifdef ICE_USE_OPENSSL @@ -1836,11 +1954,11 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b d["IceSSL.Ciphers"] = "(RSA_*) (DH_anon*)"; # endif d["IceSSL.VerifyPeer"] = "1"; - Test::ServerPrx server = fact->createServer(d); + Test::ServerPrxPtr server = fact->createServer(d); try { server->checkCipher(cipherSub); - info = IceSSL::NativeConnectionInfoPtr::dynamicCast(server->ice_getConnection()->getInfo()); + info = ICE_DYNAMIC_CAST(IceSSL::NativeConnectionInfo, server->ice_getConnection()->getInfo()); test(info->cipher.compare(0, cipherSub.size(), cipherSub) == 0); } catch(const LocalException& ex) @@ -1859,43 +1977,48 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b } // - // This should fail because we disabled all anonymous ciphers and the server doesn't - // provide a certificate. - // - InitializationData initData; - initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12); + // El Capitan SSLHandshake segfaults with this test, Apple bug #22148512 + // This is fixed in 10.11.3 + if(!elCapitanUpdate2OrLower) + { + // + // This should fail because we disabled all anonymous ciphers and the server doesn't + // provide a certificate. + // + InitializationData initData; + initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12); # ifdef ICE_USE_OPENSSL - initData.properties->setProperty("IceSSL.Ciphers", "ALL:!ADH"); + initData.properties->setProperty("IceSSL.Ciphers", "ALL:!ADH"); # else - initData.properties->setProperty("IceSSL.Ciphers", "ALL !(DH_anon*)"); + initData.properties->setProperty("IceSSL.Ciphers", "ALL !(DH_anon*)"); # endif - CommunicatorPtr comm = initialize(initData); - Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); - test(fact); - Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12); - d["IceSSL.VerifyPeer"] = "0"; - Test::ServerPrx server = fact->createServer(d); - try - { - server->ice_ping(); - test(false); - } - catch(const ProtocolException&) - { - // Expected - } - catch(const ConnectionLostException&) - { - // Expected - } - catch(const LocalException& ex) - { - cerr << ex << endl; - test(false); + CommunicatorPtr comm = initialize(initData); + Test::ServerFactoryPrxPtr fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); + test(fact); + Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12); + d["IceSSL.VerifyPeer"] = "0"; + Test::ServerPrxPtr server = fact->createServer(d); + try + { + server->ice_ping(); + test(false); + } + catch(const ProtocolException&) + { + // Expected + } + catch(const ConnectionLostException&) + { + // Expected + } + catch(const LocalException& ex) + { + cerr << ex << endl; + test(false); + } + fact->destroyServer(server); + comm->destroy(); } - fact->destroyServer(server); - comm->destroy(); - # ifdef ICE_USE_SECURE_TRANSPORT { // @@ -1927,13 +2050,13 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12); initData.properties->setProperty("IceSSL.Ciphers", "(DH_anon*)"); CommunicatorPtr comm = initialize(initData); - Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + Test::ServerFactoryPrxPtr fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12); d["IceSSL.Ciphers"] = "(DH_anon*)"; d["IceSSL.DHParams"] = "dh_params512.der"; d["IceSSL.VerifyPeer"] = "0"; - Test::ServerPrx server = fact->createServer(d); + Test::ServerPrxPtr server = fact->createServer(d); try { server->checkCipher("DH_anon"); @@ -1958,13 +2081,13 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12); initData.properties->setProperty("IceSSL.Ciphers", "(DH_anon*)"); CommunicatorPtr comm = initialize(initData); - Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + Test::ServerFactoryPrxPtr fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12); d["IceSSL.Ciphers"] = "(DH_anon*)"; d["IceSSL.DHParams"] = "dh_params1024.der"; d["IceSSL.VerifyPeer"] = "0"; - Test::ServerPrx server = fact->createServer(d); + Test::ServerPrxPtr server = fact->createServer(d); try { server->checkCipher("DH_anon"); @@ -1988,17 +2111,17 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b initData.properties->setProperty("IceSSL.Ciphers", "3DES"); CommunicatorPtr comm = initialize(initData); - Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + Test::ServerFactoryPrxPtr fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1"); d["IceSSL.Ciphers"] = "3DES AES_256"; - Test::ServerPrx server = fact->createServer(d); + Test::ServerPrxPtr server = fact->createServer(d); try { server->checkCipher("3DES"); - info = IceSSL::NativeConnectionInfoPtr::dynamicCast(server->ice_getConnection()->getInfo()); + info = ICE_DYNAMIC_CAST(IceSSL::NativeConnectionInfo, server->ice_getConnection()->getInfo()); test(info->cipher.compare(0, 4, "3DES") == 0); } catch(const LocalException& ex) @@ -2018,12 +2141,12 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b initData.properties->setProperty("IceSSL.Ciphers", "3DES"); CommunicatorPtr comm = initialize(initData); - Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + Test::ServerFactoryPrxPtr fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1"); d["IceSSL.Ciphers"] = "AES_256"; - Test::ServerPrx server = fact->createServer(d); + Test::ServerPrxPtr server = fact->createServer(d); try { server->checkCipher("3DES"); @@ -2065,13 +2188,13 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_dsa_ca1", "cacert1"); initData.properties->setProperty("IceSSL.Ciphers", "DHE:DSS"); CommunicatorPtr comm = initialize(initData); - Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + Test::ServerFactoryPrxPtr fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_dsa_ca1", "cacert1"); d["IceSSL.Ciphers"] = "DHE:DSS"; d["IceSSL.VerifyPeer"] = "1"; - Test::ServerPrx server = fact->createServer(d); + Test::ServerPrxPtr server = fact->createServer(d); try { server->ice_ping(); @@ -2087,7 +2210,7 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b // initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca1", "cacert1"); comm = initialize(initData); - fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "", "cacert1"); if(p12) @@ -2124,7 +2247,7 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12); initData.properties->setProperty("IceSSL.Ciphers", "ADH"); comm = initialize(initData); - fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "", "cacert1"); d["IceSSL.CertFile"] = "s_rsa_ca1_pub.pem" + sep + "s_dsa_ca1_pub.pem"; @@ -2159,12 +2282,12 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b initData.properties->setProperty("IceSSL.Ciphers", "DSS"); CommunicatorPtr comm = initialize(initData); - Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + Test::ServerFactoryPrxPtr fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1"); d["IceSSL.VerifyPeer"] = "2"; - Test::ServerPrx server = fact->createServer(d); + Test::ServerPrxPtr server = fact->createServer(d); try { server->ice_ping(); @@ -2191,17 +2314,22 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b cout << "ok" << endl; cout << "testing IceSSL.TrustOnly... " << flush; + // + // iOS support only provides access to the CN of the certificate so we + // can't check for other attributes + // { InitializationData initData; initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca1", "cacert1"); + initData.properties->setProperty("IceSSL.TrustOnly", "CN=Server"); initData.properties->setProperty("IceSSL.TrustOnly", "C=US, ST=Florida, O=ZeroC\\, Inc.," "OU=Ice, emailAddress=info@zeroc.com, CN=Server"); CommunicatorPtr comm = initialize(initData); - Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + Test::ServerFactoryPrxPtr fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1"); - Test::ServerPrx server = fact->createServer(d); + Test::ServerPrxPtr server = fact->createServer(d); try { server->ice_ping(); @@ -2221,10 +2349,10 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b "OU=Ice, emailAddress=info@zeroc.com, CN=Server"); CommunicatorPtr comm = initialize(initData); - Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + Test::ServerFactoryPrxPtr fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1"); - Test::ServerPrx server = fact->createServer(d); + Test::ServerPrxPtr server = fact->createServer(d); try { server->ice_ping(); @@ -2243,10 +2371,10 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b "OU=Ice, emailAddress=info@zeroc.com, CN=Server"); CommunicatorPtr comm = initialize(initData); - Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + Test::ServerFactoryPrxPtr fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1"); - Test::ServerPrx server = fact->createServer(d); + Test::ServerPrxPtr server = fact->createServer(d); try { server->ice_ping(); @@ -2263,11 +2391,11 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca1", "cacert1"); CommunicatorPtr comm = initialize(initData); - Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + Test::ServerFactoryPrxPtr fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1"); d["IceSSL.TrustOnly"] = "C=US, ST=Florida, O=ZeroC\\, Inc., OU=Ice, emailAddress=info@zeroc.com,CN=Client"; - Test::ServerPrx server = fact->createServer(d); + Test::ServerPrxPtr server = fact->createServer(d); try { server->ice_ping(); @@ -2284,11 +2412,11 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca1", "cacert1"); CommunicatorPtr comm = initialize(initData); - Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + Test::ServerFactoryPrxPtr fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1"); d["IceSSL.TrustOnly"] = "!C=US, ST=Florida, O=ZeroC\\, Inc., OU=Ice, emailAddress=info@zeroc.com, CN=Client"; - Test::ServerPrx server = fact->createServer(d); + Test::ServerPrxPtr server = fact->createServer(d); try { server->ice_ping(); @@ -2306,10 +2434,10 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b initData.properties->setProperty("IceSSL.TrustOnly", "CN=Server"); CommunicatorPtr comm = initialize(initData); - Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + Test::ServerFactoryPrxPtr fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1"); - Test::ServerPrx server = fact->createServer(d); + Test::ServerPrxPtr server = fact->createServer(d); try { server->ice_ping(); @@ -2327,10 +2455,10 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b initData.properties->setProperty("IceSSL.TrustOnly", "!CN=Server"); CommunicatorPtr comm = initialize(initData); - Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + Test::ServerFactoryPrxPtr fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1"); - Test::ServerPrx server = fact->createServer(d); + Test::ServerPrxPtr server = fact->createServer(d); try { server->ice_ping(); @@ -2347,11 +2475,11 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca1", "cacert1"); CommunicatorPtr comm = initialize(initData); - Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + Test::ServerFactoryPrxPtr fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1"); d["IceSSL.TrustOnly"] = "CN=Client"; - Test::ServerPrx server = fact->createServer(d); + Test::ServerPrxPtr server = fact->createServer(d); try { server->ice_ping(); @@ -2368,11 +2496,11 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca1", "cacert1"); CommunicatorPtr comm = initialize(initData); - Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + Test::ServerFactoryPrxPtr fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1"); d["IceSSL.TrustOnly"] = "!CN=Client"; - Test::ServerPrx server = fact->createServer(d); + Test::ServerPrxPtr server = fact->createServer(d); try { server->ice_ping(); @@ -2390,10 +2518,10 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b initData.properties->setProperty("IceSSL.TrustOnly", "CN=Client"); CommunicatorPtr comm = initialize(initData); - Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + Test::ServerFactoryPrxPtr fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1"); - Test::ServerPrx server = fact->createServer(d); + Test::ServerPrxPtr server = fact->createServer(d); try { server->ice_ping(); @@ -2410,11 +2538,11 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca1", "cacert1"); CommunicatorPtr comm = initialize(initData); - Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + Test::ServerFactoryPrxPtr fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1"); d["IceSSL.TrustOnly"] = "CN=Server"; - Test::ServerPrx server = fact->createServer(d); + Test::ServerPrxPtr server = fact->createServer(d); try { server->ice_ping(); @@ -2432,10 +2560,10 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b initData.properties->setProperty("IceSSL.TrustOnly", "C=Canada,CN=Server"); CommunicatorPtr comm = initialize(initData); - Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + Test::ServerFactoryPrxPtr fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1"); - Test::ServerPrx server = fact->createServer(d); + Test::ServerPrxPtr server = fact->createServer(d); try { server->ice_ping(); @@ -2453,10 +2581,10 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b initData.properties->setProperty("IceSSL.TrustOnly", "!C=Canada,CN=Server"); CommunicatorPtr comm = initialize(initData); - Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + Test::ServerFactoryPrxPtr fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1"); - Test::ServerPrx server = fact->createServer(d); + Test::ServerPrxPtr server = fact->createServer(d); try { server->ice_ping(); @@ -2474,10 +2602,10 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b initData.properties->setProperty("IceSSL.TrustOnly", "C=Canada;CN=Server"); CommunicatorPtr comm = initialize(initData); - Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + Test::ServerFactoryPrxPtr fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1"); - Test::ServerPrx server = fact->createServer(d); + Test::ServerPrxPtr server = fact->createServer(d); try { server->ice_ping(); @@ -2495,10 +2623,10 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b initData.properties->setProperty("IceSSL.TrustOnly", "!C=Canada;!CN=Server"); CommunicatorPtr comm = initialize(initData); - Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + Test::ServerFactoryPrxPtr fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1"); - Test::ServerPrx server = fact->createServer(d); + Test::ServerPrxPtr server = fact->createServer(d); try { server->ice_ping(); @@ -2516,10 +2644,10 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b initData.properties->setProperty("IceSSL.TrustOnly", "!CN=Server1"); // Should not match "Server" CommunicatorPtr comm = initialize(initData); - Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + Test::ServerFactoryPrxPtr fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1"); - Test::ServerPrx server = fact->createServer(d); + Test::ServerPrxPtr server = fact->createServer(d); try { server->ice_ping(); @@ -2536,11 +2664,11 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca1", "cacert1"); CommunicatorPtr comm = initialize(initData); - Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + Test::ServerFactoryPrxPtr fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1"); d["IceSSL.TrustOnly"] = "!CN=Client1"; // Should not match "Client" - Test::ServerPrx server = fact->createServer(d); + Test::ServerPrxPtr server = fact->createServer(d); try { server->ice_ping(); @@ -2562,12 +2690,12 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b initData.properties->setProperty("IceSSL.VerifyPeer", "0"); CommunicatorPtr comm = initialize(initData); - Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + Test::ServerFactoryPrxPtr fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1"); d["IceSSL.VerifyPeer"] = "0"; - d["IceSSL.TrustOnly"] = "C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, emailAddress=info@zeroc.com, CN=Client"; - Test::ServerPrx server = fact->createServer(d); + d["IceSSL.TrustOnly"] = "CN=Client"; + Test::ServerPrxPtr server = fact->createServer(d); try { server->ice_ping(); @@ -2588,12 +2716,12 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b initData.properties->setProperty("IceSSL.VerifyPeer", "0"); CommunicatorPtr comm = initialize(initData); - Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + Test::ServerFactoryPrxPtr fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1"); - d["IceSSL.TrustOnly"] = "!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, emailAddress=info@zeroc.com, CN=Client"; + d["IceSSL.TrustOnly"] = "!CN=Client"; d["IceSSL.VerifyPeer"] = "0"; - Test::ServerPrx server = fact->createServer(d); + Test::ServerPrxPtr server = fact->createServer(d); try { server->ice_ping(); @@ -2614,10 +2742,10 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b initData.properties->setProperty("IceSSL.TrustOnly", "ST=Florida;!CN=Server;C=US"); CommunicatorPtr comm = initialize(initData); - Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + Test::ServerFactoryPrxPtr fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1"); - Test::ServerPrx server = fact->createServer(d); + Test::ServerPrxPtr server = fact->createServer(d); try { server->ice_ping(); @@ -2637,11 +2765,11 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca1", "cacert1"); CommunicatorPtr comm = initialize(initData); - Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + Test::ServerFactoryPrxPtr fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1"); d["IceSSL.TrustOnly"] = "C=US;!CN=Client;ST=Florida"; - Test::ServerPrx server = fact->createServer(d); + Test::ServerPrxPtr server = fact->createServer(d); try { server->ice_ping(); @@ -2663,14 +2791,14 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b "OU=Ice, emailAddress=info@zeroc.com, CN=Server"); CommunicatorPtr comm = initialize(initData); - Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + Test::ServerFactoryPrxPtr fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1"); // Should have no effect. d["IceSSL.TrustOnly.Client"] = "C=US, ST=Florida, O=ZeroC\\, Inc., OU=Ice, emailAddress=info@zeroc.com," "CN=Server"; - Test::ServerPrx server = fact->createServer(d); + Test::ServerPrxPtr server = fact->createServer(d); try { server->ice_ping(); @@ -2689,10 +2817,10 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b "OU=Ice, emailAddress=info@zeroc.com, CN=Server"); CommunicatorPtr comm = initialize(initData); - Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + Test::ServerFactoryPrxPtr fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1"); - Test::ServerPrx server = fact->createServer(d); + Test::ServerPrxPtr server = fact->createServer(d); try { server->ice_ping(); @@ -2709,12 +2837,12 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca1", "cacert1"); CommunicatorPtr comm = initialize(initData); - Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + Test::ServerFactoryPrxPtr fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1"); // Should have no effect. d["IceSSL.TrustOnly.Client"] = "!CN=Client"; - Test::ServerPrx server = fact->createServer(d); + Test::ServerPrxPtr server = fact->createServer(d); try { server->ice_ping(); @@ -2732,10 +2860,10 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b initData.properties->setProperty("IceSSL.TrustOnly.Client", "CN=Client"); CommunicatorPtr comm = initialize(initData); - Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + Test::ServerFactoryPrxPtr fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1"); - Test::ServerPrx server = fact->createServer(d); + Test::ServerPrxPtr server = fact->createServer(d); try { server->ice_ping(); @@ -2753,10 +2881,10 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b initData.properties->setProperty("IceSSL.TrustOnly.Client", "!CN=Client"); CommunicatorPtr comm = initialize(initData); - Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + Test::ServerFactoryPrxPtr fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1"); - Test::ServerPrx server = fact->createServer(d); + Test::ServerPrxPtr server = fact->createServer(d); try { server->ice_ping(); @@ -2779,13 +2907,13 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b "emailAddress=info@zeroc.com,CN=Client"); CommunicatorPtr comm = initialize(initData); - Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + Test::ServerFactoryPrxPtr fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1"); d["IceSSL.TrustOnly.Server"] = "C=US, ST=Florida, O=ZeroC\\, Inc., OU=Ice, emailAddress=info@zeroc.com," "CN=Client"; - Test::ServerPrx server = fact->createServer(d); + Test::ServerPrxPtr server = fact->createServer(d); try { server->ice_ping(); @@ -2802,12 +2930,12 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca1", "cacert1"); CommunicatorPtr comm = initialize(initData); - Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + Test::ServerFactoryPrxPtr fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1"); d["IceSSL.TrustOnly.Server"] = "!C=US, ST=Florida, O=ZeroC\\, Inc., OU=Ice, emailAddress=info@zeroc.com, CN=Client"; - Test::ServerPrx server = fact->createServer(d); + Test::ServerPrxPtr server = fact->createServer(d); try { server->ice_ping(); @@ -2826,10 +2954,10 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b initData.properties->setProperty("IceSSL.TrustOnly.Server", "!CN=Server"); CommunicatorPtr comm = initialize(initData); - Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + Test::ServerFactoryPrxPtr fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1"); - Test::ServerPrx server = fact->createServer(d); + Test::ServerPrxPtr server = fact->createServer(d); try { server->ice_ping(); @@ -2846,11 +2974,11 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca1", "cacert1"); CommunicatorPtr comm = initialize(initData); - Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + Test::ServerFactoryPrxPtr fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1"); d["IceSSL.TrustOnly.Server"] = "CN=Server"; - Test::ServerPrx server = fact->createServer(d); + Test::ServerPrxPtr server = fact->createServer(d); try { server->ice_ping(); @@ -2867,11 +2995,11 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca1", "cacert1"); CommunicatorPtr comm = initialize(initData); - Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + Test::ServerFactoryPrxPtr fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1"); d["IceSSL.TrustOnly.Server"] = "!CN=Client"; - Test::ServerPrx server = fact->createServer(d); + Test::ServerPrxPtr server = fact->createServer(d); try { server->ice_ping(); @@ -2891,13 +3019,13 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca1", "cacert1"); CommunicatorPtr comm = initialize(initData); - Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + Test::ServerFactoryPrxPtr fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1"); d["IceSSL.TrustOnly.Server.ServerAdapter"] = "C=US, ST=Florida, O=ZeroC\\, Inc., OU=Ice, emailAddress=info@zeroc.com,CN=Client"; d["IceSSL.TrustOnly.Server"] = "CN=bogus"; - Test::ServerPrx server = fact->createServer(d); + Test::ServerPrxPtr server = fact->createServer(d); try { server->ice_ping(); @@ -2914,12 +3042,12 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca1", "cacert1"); CommunicatorPtr comm = initialize(initData); - Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + Test::ServerFactoryPrxPtr fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1"); d["IceSSL.TrustOnly.Server.ServerAdapter"] = "!C=US, ST=Florida, O=ZeroC\\, Inc., OU=Ice, emailAddress=info@zeroc.com, CN=Client"; - Test::ServerPrx server = fact->createServer(d); + Test::ServerPrxPtr server = fact->createServer(d); try { server->ice_ping(); @@ -2936,11 +3064,11 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca1", "cacert1"); CommunicatorPtr comm = initialize(initData); - Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + Test::ServerFactoryPrxPtr fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1"); d["IceSSL.TrustOnly.Server.ServerAdapter"] = "CN=bogus"; - Test::ServerPrx server = fact->createServer(d); + Test::ServerPrxPtr server = fact->createServer(d); try { server->ice_ping(); @@ -2957,11 +3085,11 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca1", "cacert1"); CommunicatorPtr comm = initialize(initData); - Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + Test::ServerFactoryPrxPtr fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1"); d["IceSSL.TrustOnly.Server.ServerAdapter"] = "!CN=bogus"; - Test::ServerPrx server = fact->createServer(d); + Test::ServerPrxPtr server = fact->createServer(d); try { server->ice_ping(); @@ -3030,7 +3158,7 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b CommunicatorPtr comm = initialize(initData); - Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + Test::ServerFactoryPrxPtr fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1"); d["IceSSL.CAs"] = "cacert1.pem"; @@ -3040,7 +3168,7 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b // d["IceSSL.TrustOnly"] = "CN=Client"; - Test::ServerPrx server = fact->createServer(d); + Test::ServerPrxPtr server = fact->createServer(d); try { server->ice_ping(); @@ -3114,7 +3242,7 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b cout << "testing IceSSL.FindCert... " << flush; const char* clientFindCertProperties[] = { - "SUBJECT:Client", +// "SUBJECT:Client", "LABEL:'Client'", "SUBJECTKEYID:'FC 5D 4F AB F0 6C 03 11 B8 F3 68 CF 89 54 92 3F F9 79 2A 06'", "SERIAL:02", @@ -3124,7 +3252,10 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b const char* serverFindCertProperties[] = { +#if !defined(__APPLE__) || TARGET_OS_IPHONE == 0 + // iOS match on Subject DN isn't supported by SecItemCopyMatch "SUBJECT:Server", +#endif "LABEL:'Server'", "SUBJECTKEYID:'47 84 AE F9 F2 85 3D 99 30 6A 03 38 41 1A B9 EB C3 9C B5 4D'", "SERIAL:01", @@ -3137,7 +3268,10 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b "nolabel", "unknownlabel:foo", "LABEL:", +#if !defined(__APPLE__) || TARGET_OS_IPHONE == 0 + // iOS match on Subject DN isn't supported by SecItemCopyMatch "SUBJECT:ServerX", +#endif "LABEL:'ServerX'", "SUBJECTKEYID:'a6 42 aa 17 04 41 86 56 67 e4 04 64 59 34 30 c7 4c 6b ef ff'", "SERIAL:04", @@ -3145,6 +3279,9 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b 0 }; + const char* certificates[] = {"/s_rsa_ca1.p12", "/c_rsa_ca1.p12", 0}; + ImportCerts import(defaultDir, certificates); + for(int i = 0; clientFindCertProperties[i] != 0; i++) { InitializationData initData; @@ -3160,19 +3297,20 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b CommunicatorPtr comm = initialize(initData); - Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef)); + Test::ServerFactoryPrxPtr fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12); d["IceSSL.CAs"] = "cacert1.pem"; d["IceSSL.Keychain"] = "../certs/Find.keychain"; d["IceSSL.KeychainPassword"] = "password"; d["IceSSL.FindCert"] = serverFindCertProperties[i]; + // // Use TrustOnly to ensure the peer has pick the expected certificate. // d["IceSSL.TrustOnly"] = "CN=Client"; - Test::ServerPrx server = fact->createServer(d); + Test::ServerPrxPtr server = fact->createServer(d); try { server->ice_ping(); @@ -3196,6 +3334,7 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b try { CommunicatorPtr comm = initialize(initData); + printf("failed %s", failFindCertProperties[i]); test(false); } catch(const PluginInitializationException&) @@ -3222,7 +3361,7 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b initData.properties->setProperty("IceSSL.VerifyDepthMax", "4"); initData.properties->setProperty("Ice.Override.Timeout", "5000"); // 5s timeout CommunicatorPtr comm = initialize(initData); - Ice::ObjectPrx p = comm->stringToProxy("dummy:wss -h demo.zeroc.com -p 5064"); + Ice::ObjectPrxPtr p = comm->stringToProxy("dummy:wss -h demo.zeroc.com -p 5064"); try { p->ice_ping(); @@ -3245,24 +3384,19 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b comm = initialize(initData); p = comm->stringToProxy("dummy:wss -h demo.zeroc.com -p 5064"); - IceSSL::WSSConnectionInfoPtr info; try { - info = IceSSL::WSSConnectionInfoPtr::dynamicCast(p->ice_getConnection()->getInfo()); - test(info->verified); + Ice::WSConnectionInfoPtr info = ICE_DYNAMIC_CAST(Ice::WSConnectionInfo, p->ice_getConnection()->getInfo()); + IceSSL::ConnectionInfoPtr sslInfo = ICE_DYNAMIC_CAST(IceSSL::ConnectionInfo, info->underlying); + test(sslInfo->verified); } catch(const Ice::LocalException& ex) { - cerr << ex << endl; - test(false); + cerr << "warning: unable to connect to demo.zeroc.com to check system CA:\n" << ex << endl; } comm->destroy(); } cout << "ok" << endl; #endif - - if(shutdown) - { - factory->shutdown(); - } + return factory; } |