%%
%% %CopyrightBegin%
%%
%% Copyright Ericsson AB 2005-2013. All Rights Reserved.
%%
%% The contents of this file are subject to the Erlang Public License,
%% Version 1.1, (the "License"); you may not use this file except in
%% compliance with the License. You should have received a copy of the
%% Erlang Public License along with this software. If not, it can be
%% retrieved online at http://www.erlang.org/.
%%
%% Software distributed under the License is distributed on an "AS IS"
%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
%% the License for the specific language governing rights and limitations
%% under the License.
%%
%% %CopyrightEnd%
%%
%%
-module(csiv2_SUITE).
-include_lib("test_server/include/test_server.hrl").
-include_lib("orber/include/corba.hrl").
-include_lib("orber/COSS/CosNaming/CosNaming.hrl").
-include_lib("orber/src/orber_iiop.hrl").
-include_lib("orber/src/ifr_objects.hrl").
-include("idl_output/orber_test_server.hrl").
-include_lib("orber/COSS/CosNaming/CosNaming_NamingContextExt.hrl").
-include_lib("orber/COSS/CosNaming/CosNaming_NamingContext.hrl").
%%-include_lib("orber/src/OrberCSIv2.hrl").
-define(default_timeout, ?t:minutes(5)).
-define(match(ExpectedRes,Expr),
fun() ->
AcTuAlReS = (catch (Expr)),
case AcTuAlReS of
ExpectedRes ->
io:format("------ CORRECT RESULT ------~n~p~n",
[AcTuAlReS]),
AcTuAlReS;
_ ->
io:format("###### ERROR ERROR ######~nRESULT: ~p~n",
[AcTuAlReS]),
?line exit(AcTuAlReS)
end
end()).
-define(REQUEST_ID, 0).
-define(REPLY_FRAG_1, <<71,73,79,80,1,2,2,1,0,0,0,41,0,0,0,?REQUEST_ID,0,0,0,0,0,0,0,1,78,69,79,0,0,0,0,2,0,10,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0,0,0,4,49>>).
%% The fragments are identical for requests and replies.
-define(FRAG_2, <<71,73,79,80,1,2,2,7,0,0,0,5,0,0,0,?REQUEST_ID,50>>).
-define(FRAG_3, <<71,73,79,80,1,2,2,7,0,0,0,5,0,0,0,?REQUEST_ID,51>>).
-define(FRAG_4, <<71,73,79,80,1,2,0,7,0,0,0,5,0,0,0,?REQUEST_ID,0>>).
%% Should X509 DER generated by, for example, OpenSSL
-define(X509DER,
<<42>>).
%% Should X509 PEM generated by, for example, OpenSSL
-define(X509PEM,
<<42>>).
%% IOR exported by VB (CSIv2 activated).
-define(VB_IOR,
#'IOP_IOR'
{type_id = "IDL:omg.org/CosNotifyComm/SequencePushConsumer:1.0",
profiles =
[#'IOP_TaggedProfile'
{tag = ?TAG_INTERNET_IOP,
profile_data =
#'IIOP_ProfileBody_1_1'{
iiop_version = #'IIOP_Version'{major = 1,
minor = 2},
host = "127.0.0.1",
port = 0,
object_key = [0,86,66,1,0,0,0,24,47,70,77,65,95,67,73,82,80,77,65,78,95,80,79,65,95,83,69,67,85,82,69,0,0,0,0,4,0,0,4,186,0,0,2,10,81,218,65,185],
components =
[#'IOP_TaggedComponent'{tag = ?TAG_SSL_SEC_TRANS,
component_data = #'SSLIOP_SSL'{
target_supports = 102,
target_requires = 66,
port = 49934}},
#'IOP_TaggedComponent'{tag = ?TAG_CSI_SEC_MECH_LIST,
component_data =
#'CSIIOP_CompoundSecMechList'{stateful = true,
mechanism_list =
[#'CSIIOP_CompoundSecMech'
{target_requires = 66,
transport_mech = #'IOP_TaggedComponent'{
tag = ?TAG_TLS_SEC_TRANS,
component_data =
#'CSIIOP_TLS_SEC_TRANS'{
target_supports = 102,
target_requires = 66,
addresses =
[#'CSIIOP_TransportAddress'
{host_name = "127.0.0.1",
port = 49934}]}},
as_context_mech =
#'CSIIOP_AS_ContextSec'{
target_supports = 0,
target_requires = 0,
client_authentication_mech = [],
target_name = []},
sas_context_mech =
#'CSIIOP_SAS_ContextSec'{
target_supports = 1024,
target_requires = 0,
privilege_authorities =
[#'CSIIOP_ServiceConfiguration'
{syntax = 1447174401,
name = "Borland"}],
supported_naming_mechanisms = [[6,
6,
103,
129,
2,
1,
1,
1]],
supported_identity_types = 15}}]}},
#'IOP_TaggedComponent'
{tag = ?TAG_CODE_SETS,
component_data =
#'CONV_FRAME_CodeSetComponentInfo'{'ForCharData' =
#'CONV_FRAME_CodeSetComponent'{
native_code_set = 65537,
conversion_code_sets = [83951617]},
'ForWcharData' =
#'CONV_FRAME_CodeSetComponent'{
native_code_set = 65801,
conversion_code_sets = []}}},
#'IOP_TaggedComponent'{tag = ?TAG_ORB_TYPE,
component_data = 1447645952},
#'IOP_TaggedComponent'{tag = 1447645955,
component_data = [0,5,7,1,127]}]}}]}).
%% Common basic types
-define(OID, {2,23,130,1,1,1}).
-define(OCTET_STR, [1,2,3,4]).
-define(BIT_STR, [0,1,0,1,1]).
-define(BOOLEAN, false).
-define(ANY, [19,5,111,116,112,67,65]).
-ifdef(false).
%% PKIX1Explicit88
-define(AlgorithmIdentifier,
#'AlgorithmIdentifier'{algorithm = ?OID,
parameters = ?ANY}).
-define(Validity, #'Validity'{notBefore = {utcTime, "19820102070533.8"},
notAfter = {generalTime, "19820102070533.8"}}).
-define(SubjectPublicKeyInfo,
#'SubjectPublicKeyInfo'{algorithm = ?AlgorithmIdentifier,
subjectPublicKey = ?BIT_STR}).
-define(AttributeTypeAndValue,
#'AttributeTypeAndValue'{type = ?OID,
value = <<19,11,69,114,105,99,115,115,111,110,32,65,66>>}).
-define(RelativeDistinguishedName, [?AttributeTypeAndValue]).
-define(RDNSequence, [?RelativeDistinguishedName]).
-define(Name, {rdnSequence, ?RDNSequence}).
-define(Version, v3).
-define(CertificateSerialNumber, 1).
-define(UniqueIdentifier, ?BIT_STR).
-define(Extension, #'Extension'{extnID = ?OID,
critical = ?BOOLEAN,
extnValue = ?OCTET_STR}).
-define(Extensions, [?Extension]).
-define(TBSCertificate,
#'TBSCertificate'{version = ?Version,
serialNumber = ?CertificateSerialNumber,
signature = ?AlgorithmIdentifier,
issuer = ?Name,
validity = ?Validity,
subject = ?Name,
subjectPublicKeyInfo = ?SubjectPublicKeyInfo,
issuerUniqueID = ?UniqueIdentifier,
subjectUniqueID = ?UniqueIdentifier,
extensions = ?Extensions}).
-define(Certificate, #'Certificate'{tbsCertificate = ?TBSCertificate,
signatureAlgorithm = ?AlgorithmIdentifier,
signature = ?BIT_STR}).
%% PKIX1Implicit88
-define(GeneralName, {registeredID, ?OID}).
-define(GeneralNames, [?GeneralName]).
%% PKIXAttributeCertificate
-define(AttCertValidityPeriod,
#'AttCertValidityPeriod'{notBeforeTime = "19820102070533.8",
notAfterTime = "19820102070533.8"}).
-define(Attribute, #'Attribute'{type = ?OID,
values = []}).
-define(Attributes, [?Attribute]).
-define(IssuerSerial, #'IssuerSerial'{issuer = ?GeneralNames,
serial = ?CertificateSerialNumber,
issuerUID = ?UniqueIdentifier}).
-define(DigestedObjectType, publicKey). %% Enum
-define(ObjectDigestInfo,
#'ObjectDigestInfo'{digestedObjectType = ?DigestedObjectType,
otherObjectTypeID = ?OID,
digestAlgorithm = ?AlgorithmIdentifier,
objectDigest = ?BIT_STR}).
-define(V2Form, #'V2Form'{issuerName = ?GeneralNames,
baseCertificateID = ?IssuerSerial,
objectDigestInfo = ?ObjectDigestInfo}).
-define(AttCertVersion, v2).
-define(Holder, #'Holder'{baseCertificateID = ?IssuerSerial,
entityName = ?GeneralNames,
objectDigestInfo = ?ObjectDigestInfo}).
-define(AttCertIssuer, {v2Form, ?V2Form}).
-define(AttributeCertificateInfo,
#'AttributeCertificateInfo'{version = ?AttCertVersion,
holder = ?Holder,
issuer = ?AttCertIssuer,
signature = ?AlgorithmIdentifier,
serialNumber = ?CertificateSerialNumber,
attrCertValidityPeriod = ?AttCertValidityPeriod,
attributes = ?Attributes,
issuerUniqueID = ?UniqueIdentifier,
extensions = ?Extensions}).
-define(AttributeCertificate,
#'AttributeCertificate'{acinfo = ?AttributeCertificateInfo,
signatureAlgorithm = ?AlgorithmIdentifier,
signatureValue = ?BIT_STR}).
%% OrberCSIv2
-define(AttributeCertChain,
#'AttributeCertChain'{attributeCert = ?AttributeCertificate,
certificateChain = ?CertificateChain}).
-define(CertificateChain, [?Certificate]).
-define(VerifyingCertChain, [?Certificate]).
-endif.
%%-----------------------------------------------------------------
%% External exports
%%-----------------------------------------------------------------
-export([all/0, suite/0,groups/0,init_per_group/2,end_per_group/2, cases/0,
init_per_suite/1, end_per_suite/1,
init_per_testcase/2, end_per_testcase/2,
% code_CertificateChain_api/1,
% code_AttributeCertChain_api/1,
% code_VerifyingCertChain_api/1,
% code_AttributeCertificate_api/1,
% code_Certificate_api/1,
% code_TBSCertificate_api/1,
% code_CertificateSerialNumber_api/1,
% code_Version_api/1,
% code_AlgorithmIdentifier_api/1,
% code_Name_api/1,
% code_RDNSequence_api/1,
% code_RelativeDistinguishedName_api/1,
% code_AttributeTypeAndValue_api/1,
% code_Attribute_api/1,
% code_Validity_api/1,
% code_SubjectPublicKeyInfo_api/1,
% code_UniqueIdentifier_api/1,
% code_Extensions_api/1,
% code_Extension_api/1,
% code_AttributeCertificateInfo_api/1,
% code_AttCertVersion_api/1,
% code_Holder_api/1,
% code_AttCertIssuer_api/1,
% code_AttCertValidityPeriod_api/1,
% code_V2Form_api/1,
% code_IssuerSerial_api/1,
% code_ObjectDigestInfo_api/1,
% code_OpenSSL509_api/1,
ssl_server_peercert_api/1,
ssl_client_peercert_api/1]).
%%-----------------------------------------------------------------
%% Internal exports
%%-----------------------------------------------------------------
-export([fake_server_ORB/5]).
%%-----------------------------------------------------------------
%% Func: all/1
%% Args:
%% Returns:
%%-----------------------------------------------------------------
suite() -> [{ct_hooks,[ts_install_cth]}].
all() ->
cases().
groups() ->
[].
init_per_group(_GroupName, Config) ->
Config.
end_per_group(_GroupName, Config) ->
Config.
%% NOTE - the fragment test cases must bu first since we explicitly set a request
%% id. Otherwise, the request-id counter would be increased and we cannot know
%% what it is.
cases() ->
[ssl_server_peercert_api, ssl_client_peercert_api].
%%-----------------------------------------------------------------
%% Init and cleanup functions.
%%-----------------------------------------------------------------
init_per_testcase(_Case, Config) ->
Path = code:which(?MODULE),
code:add_pathz(filename:join(filename:dirname(Path), "idl_output")),
Dog=test_server:timetrap(?default_timeout),
orber:jump_start(0),
oe_orber_test_server:oe_register(),
[{watchdog, Dog}|Config].
end_per_testcase(_Case, Config) ->
oe_orber_test_server:oe_unregister(),
orber:jump_stop(),
Path = code:which(?MODULE),
code:del_path(filename:join(filename:dirname(Path), "idl_output")),
Dog = ?config(watchdog, Config),
test_server:timetrap_cancel(Dog),
ok.
init_per_suite(Config) ->
try crypto:start() of
ok ->
case orber_test_lib:ssl_version() of
no_ssl ->
{skip, "SSL is not installed!"};
_ ->
Config
end
catch _:_ ->
{skip, "Crypto did not start"}
end.
end_per_suite(Config) ->
application:stop(crypto),
Config.
%%-----------------------------------------------------------------
%% API tests for ORB to ORB, no security
%%-----------------------------------------------------------------
%%-----------------------------------------------------------------
%% Encode and decode ASN.1 X509
%%-----------------------------------------------------------------
-ifdef(false).
%% OrberCSIv2
code_CertificateChain_api(doc) -> ["Code CertificateChain"];
code_CertificateChain_api(suite) -> [];
code_CertificateChain_api(_Config) ->
{ok, Enc} =
?match({ok, _},
'OrberCSIv2':encode('CertificateChain', ?CertificateChain)),
?match({ok, [#'Certificate'{}]},
'OrberCSIv2':decode('CertificateChain', list_to_binary(Enc))),
ok.
code_AttributeCertChain_api(doc) -> ["Code AttributeCertChain"];
code_AttributeCertChain_api(suite) -> [];
code_AttributeCertChain_api(_Config) ->
{ok, Enc} =
?match({ok, _},
'OrberCSIv2':encode('AttributeCertChain', ?AttributeCertChain)),
?match({ok, #'AttributeCertChain'{}},
'OrberCSIv2':decode('AttributeCertChain', list_to_binary(Enc))),
ok.
code_VerifyingCertChain_api(doc) -> ["Code VerifyingCertChain"];
code_VerifyingCertChain_api(suite) -> [];
code_VerifyingCertChain_api(_Config) ->
{ok, Enc} =
?match({ok, _},
'OrberCSIv2':encode('VerifyingCertChain', ?VerifyingCertChain)),
?match({ok, [#'Certificate'{}]},
'OrberCSIv2':decode('VerifyingCertChain', list_to_binary(Enc))),
ok.
%% PKIXAttributeCertificate
code_AttributeCertificate_api(doc) -> ["Code AttributeCertificate"];
code_AttributeCertificate_api(suite) -> [];
code_AttributeCertificate_api(_Config) ->
{ok, Enc} =
?match({ok, _},
'OrberCSIv2':encode('AttributeCertificate', ?AttributeCertificate)),
?match({ok, #'AttributeCertificate'{}},
'OrberCSIv2':decode('AttributeCertificate', list_to_binary(Enc))),
ok.
code_AttributeCertificateInfo_api(doc) -> ["Code AttributeCertificateInfo"];
code_AttributeCertificateInfo_api(suite) -> [];
code_AttributeCertificateInfo_api(_Config) ->
{ok, Enc} =
?match({ok, _},
'OrberCSIv2':encode('AttributeCertificateInfo', ?AttributeCertificateInfo)),
?match({ok, #'AttributeCertificateInfo'{}},
'OrberCSIv2':decode('AttributeCertificateInfo', list_to_binary(Enc))),
ok.
code_AttCertVersion_api(doc) -> ["Code AttCertVersion"];
code_AttCertVersion_api(suite) -> [];
code_AttCertVersion_api(_Config) ->
{ok, Enc} =
?match({ok, _},
'OrberCSIv2':encode('AttCertVersion', ?AttCertVersion)),
?match({ok, ?AttCertVersion},
'OrberCSIv2':decode('AttCertVersion', list_to_binary(Enc))),
ok.
code_Holder_api(doc) -> ["Code Holder"];
code_Holder_api(suite) -> [];
code_Holder_api(_Config) ->
{ok, Enc} =
?match({ok, _},
'OrberCSIv2':encode('Holder', ?Holder)),
?match({ok, #'Holder'{}},
'OrberCSIv2':decode('Holder', list_to_binary(Enc))),
ok.
code_AttCertIssuer_api(doc) -> ["Code AttCertIssuer"];
code_AttCertIssuer_api(suite) -> [];
code_AttCertIssuer_api(_Config) ->
{ok, Enc} =
?match({ok, _},
'OrberCSIv2':encode('AttCertIssuer', ?AttCertIssuer)),
?match({ok, {v2Form, _}},
'OrberCSIv2':decode('AttCertIssuer', list_to_binary(Enc))),
ok.
code_AttCertValidityPeriod_api(doc) -> ["Code AttCertValidityPeriod"];
code_AttCertValidityPeriod_api(suite) -> [];
code_AttCertValidityPeriod_api(_Config) ->
{ok, Enc} =
?match({ok, _}, 'OrberCSIv2':encode('AttCertValidityPeriod', ?AttCertValidityPeriod)),
?match({ok, #'AttCertValidityPeriod'{}},
'OrberCSIv2':decode('AttCertValidityPeriod', list_to_binary(Enc))),
ok.
code_V2Form_api(doc) -> ["Code V2Form"];
code_V2Form_api(suite) -> [];
code_V2Form_api(_Config) ->
{ok, Enc} =
?match({ok, _},
'OrberCSIv2':encode('V2Form', ?V2Form)),
?match({ok, #'V2Form'{}},
'OrberCSIv2':decode('V2Form', list_to_binary(Enc))),
ok.
code_IssuerSerial_api(doc) -> ["Code IssuerSerial"];
code_IssuerSerial_api(suite) -> [];
code_IssuerSerial_api(_Config) ->
{ok, Enc} =
?match({ok, _},
'OrberCSIv2':encode('IssuerSerial', ?IssuerSerial)),
?match({ok, #'IssuerSerial'{}},
'OrberCSIv2':decode('IssuerSerial', list_to_binary(Enc))),
ok.
code_ObjectDigestInfo_api(doc) -> ["Code ObjectDigestInfo"];
code_ObjectDigestInfo_api(suite) -> [];
code_ObjectDigestInfo_api(_Config) ->
{ok, Enc} =
?match({ok, _},
'OrberCSIv2':encode('ObjectDigestInfo', ?ObjectDigestInfo)),
?match({ok, #'ObjectDigestInfo'{}},
'OrberCSIv2':decode('ObjectDigestInfo', list_to_binary(Enc))),
ok.
%% PKIX1Explicit88
code_Certificate_api(doc) -> ["Code Certificate"];
code_Certificate_api(suite) -> [];
code_Certificate_api(_Config) ->
{ok, Enc} =
?match({ok, _},
'OrberCSIv2':encode('Certificate', ?Certificate)),
?match({ok, #'Certificate'{}},
'OrberCSIv2':decode('Certificate', list_to_binary(Enc))),
ok.
code_TBSCertificate_api(doc) -> ["Code TBSCertificate"];
code_TBSCertificate_api(suite) -> [];
code_TBSCertificate_api(_Config) ->
{ok, Enc} =
?match({ok, _},
'OrberCSIv2':encode('TBSCertificate', ?TBSCertificate)),
?match({ok, #'TBSCertificate'{}},
'OrberCSIv2':decode('TBSCertificate', list_to_binary(Enc))),
ok.
code_CertificateSerialNumber_api(doc) -> ["Code CertificateSerialNumber"];
code_CertificateSerialNumber_api(suite) -> [];
code_CertificateSerialNumber_api(_Config) ->
{ok, Enc} =
?match({ok, _},
'OrberCSIv2':encode('CertificateSerialNumber', ?CertificateSerialNumber)),
?match({ok, ?CertificateSerialNumber},
'OrberCSIv2':decode('CertificateSerialNumber', list_to_binary(Enc))),
ok.
code_Version_api(doc) -> ["Code Version"];
code_Version_api(suite) -> [];
code_Version_api(_Config) ->
{ok, Enc} =
?match({ok, _}, 'OrberCSIv2':encode('Version', ?Version)),
?match({ok, ?Version}, 'OrberCSIv2':decode('Version', list_to_binary(Enc))),
ok.
code_AlgorithmIdentifier_api(doc) -> ["Code AlgorithmIdentifier"];
code_AlgorithmIdentifier_api(suite) -> [];
code_AlgorithmIdentifier_api(_Config) ->
{ok, Enc} =
?match({ok, _}, 'OrberCSIv2':encode('AlgorithmIdentifier', ?AlgorithmIdentifier)),
?match({ok, #'AlgorithmIdentifier'{}},
'OrberCSIv2':decode('AlgorithmIdentifier', list_to_binary(Enc))),
ok.
code_Name_api(doc) -> ["Code Name"];
code_Name_api(suite) -> [];
code_Name_api(_Config) ->
{ok, Enc} =
?match({ok, _}, 'OrberCSIv2':encode('Name', ?Name)),
?match({ok, {rdnSequence,_}},
'OrberCSIv2':decode('Name', list_to_binary(Enc))),
ok.
code_RDNSequence_api(doc) -> ["Code RDNSequence"];
code_RDNSequence_api(suite) -> [];
code_RDNSequence_api(_Config) ->
{ok, Enc} =
?match({ok, _}, 'OrberCSIv2':encode('RDNSequence', ?RDNSequence)),
?match({ok, [[#'AttributeTypeAndValue'{}]]},
'OrberCSIv2':decode('RDNSequence', list_to_binary(Enc))),
ok.
code_RelativeDistinguishedName_api(doc) -> ["Code RelativeDistinguishedName"];
code_RelativeDistinguishedName_api(suite) -> [];
code_RelativeDistinguishedName_api(_Config) ->
{ok, Enc} =
?match({ok, _}, 'OrberCSIv2':encode('RelativeDistinguishedName', ?RelativeDistinguishedName)),
?match({ok, [#'AttributeTypeAndValue'{}]},
'OrberCSIv2':decode('RelativeDistinguishedName', list_to_binary(Enc))),
ok.
code_AttributeTypeAndValue_api(doc) -> ["Code AttributeTypeAndValue"];
code_AttributeTypeAndValue_api(suite) -> [];
code_AttributeTypeAndValue_api(_Config) ->
{ok, Enc} =
?match({ok, _}, 'OrberCSIv2':encode('AttributeTypeAndValue', ?AttributeTypeAndValue)),
?match({ok, #'AttributeTypeAndValue'{}},
'OrberCSIv2':decode('AttributeTypeAndValue', list_to_binary(Enc))),
ok.
code_Attribute_api(doc) -> ["Code Attribute"];
code_Attribute_api(suite) -> [];
code_Attribute_api(_Config) ->
{ok, Enc} =
?match({ok, _}, 'OrberCSIv2':encode('Attribute', ?Attribute)),
?match({ok, #'Attribute'{}},
'OrberCSIv2':decode('Attribute', list_to_binary(Enc))),
ok.
code_Validity_api(doc) -> ["Code Validity"];
code_Validity_api(suite) -> [];
code_Validity_api(_Config) ->
{ok, Enc} =
?match({ok, _}, 'OrberCSIv2':encode('Validity', ?Validity)),
?match({ok, #'Validity'{}},
'OrberCSIv2':decode('Validity', list_to_binary(Enc))),
ok.
code_SubjectPublicKeyInfo_api(doc) -> ["Code SubjectPublicKeyInfo"];
code_SubjectPublicKeyInfo_api(suite) -> [];
code_SubjectPublicKeyInfo_api(_Config) ->
{ok, Enc} =
?match({ok, _}, 'OrberCSIv2':encode('SubjectPublicKeyInfo', ?SubjectPublicKeyInfo)),
?match({ok, #'SubjectPublicKeyInfo'{}},
'OrberCSIv2':decode('SubjectPublicKeyInfo', list_to_binary(Enc))),
ok.
code_UniqueIdentifier_api(doc) -> ["Code UniqueIdentifier"];
code_UniqueIdentifier_api(suite) -> [];
code_UniqueIdentifier_api(_Config) ->
{ok, Enc} =
?match({ok, _}, 'OrberCSIv2':encode('UniqueIdentifier', ?UniqueIdentifier)),
?match({ok, _}, 'OrberCSIv2':decode('UniqueIdentifier', list_to_binary(Enc))),
ok.
code_Extensions_api(doc) -> ["Code Extensions"];
code_Extensions_api(suite) -> [];
code_Extensions_api(_Config) ->
{ok, Enc} =
?match({ok, _}, 'OrberCSIv2':encode('Extensions', ?Extensions)),
?match({ok, [#'Extension'{}]},
'OrberCSIv2':decode('Extensions', list_to_binary(Enc))),
ok.
code_Extension_api(doc) -> ["Code Extension"];
code_Extension_api(suite) -> [];
code_Extension_api(_Config) ->
{ok, Enc} =
?match({ok, _}, 'OrberCSIv2':encode('Extension', ?Extension)),
?match({ok, #'Extension'{}},
'OrberCSIv2':decode('Extension', list_to_binary(Enc))),
ok.
%% OpenSSL generated x509 Certificate
code_OpenSSL509_api(doc) -> ["Code OpenSSL generated x509 Certificate"];
code_OpenSSL509_api(suite) -> [];
code_OpenSSL509_api(_Config) ->
{ok, Cert} =
?match({ok, #'Certificate'{}},
'OrberCSIv2':decode('Certificate', ?X509DER)),
AttrCertChain = #'AttributeCertChain'{attributeCert = ?AttributeCertificate,
certificateChain = [Cert]},
{ok, EAttrCertChain} =
?match({ok, _}, 'OrberCSIv2':encode('AttributeCertChain', AttrCertChain)),
?match({ok, #'AttributeCertChain'{}},
'OrberCSIv2':decode('AttributeCertChain', list_to_binary(EAttrCertChain))),
ok.
-endif.
%%-----------------------------------------------------------------
%% Test ssl:peercert
%%-----------------------------------------------------------------
ssl_server_peercert_api(doc) -> ["Test ssl:peercert (server side)"];
ssl_server_peercert_api(suite) -> [];
ssl_server_peercert_api(_Config) ->
Options = orber_test_lib:get_options(iiop_ssl, server,
2, [{iiop_ssl_port, 0}]),
{ok, ServerNode, ServerHost} =
?match({ok,_,_}, orber_test_lib:js_node(Options)),
ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_ssl_port, []),
SSLOptions = orber_test_lib:get_options(ssl, client),
{ok, Socket} =
?match({ok, _}, fake_client_ORB(ssl, ServerHost, ServerPort, SSLOptions)),
{ok, _PeerCert} = ?match({ok, _}, orber_socket:peercert(ssl, Socket)),
%% ?match({ok, {rdnSequence, _}}, orber_socket:peercert(ssl, Socket, [pkix, subject])),
%% ?match({ok, {rdnSequence, _}}, orber_socket:peercert(ssl, Socket, [ssl, subject])),
% ?match({ok, #'Certificate'{}},
% 'OrberCSIv2':decode('Certificate', PeerCert)),
destroy_fake_ORB(ssl, Socket),
ok.
ssl_client_peercert_api(doc) -> ["Test ssl:peercert (client side)"];
ssl_client_peercert_api(suite) -> [];
ssl_client_peercert_api(_Config) ->
Options = orber_test_lib:get_options(iiop_ssl, client,
2, [{iiop_ssl_port, 0}]),
{ok, ClientNode, _ClientHost} =
?match({ok,_,_}, orber_test_lib:js_node(Options)),
crypto:start(),
ssl:start(),
SSLOptions = orber_test_lib:get_options(ssl, server),
{ok, LSock} = ?match({ok, _}, ssl:listen(0, SSLOptions)),
{ok, {_Address, LPort}} = ?match({ok, {_, _}}, ssl:sockname(LSock)),
IOR = ?match({'IOP_IOR',_,_},
iop_ior:create_external({1, 2}, "IDL:FAKE:1.0",
"localhost", 6004, "FAKE",
[#'IOP_TaggedComponent'
{tag=?TAG_SSL_SEC_TRANS,
component_data=#'SSLIOP_SSL'
{target_supports = 2,
target_requires = 2,
port = LPort}}])),
spawn(orber_test_lib, remote_apply,
[ClientNode, corba_object, non_existent, [IOR]]),
{ok, Socket} = ?match({ok, _}, ssl:transport_accept(LSock)),
?match(ok, ssl:ssl_accept(Socket)),
{ok, _PeerCert} = ?match({ok, _}, orber_socket:peercert(ssl, Socket)),
%% ?match({ok, {rdnSequence, _}}, orber_socket:peercert(ssl, Socket, [pkix, subject])),
%% ?match({ok, {rdnSequence, _}}, orber_socket:peercert(ssl, Socket, [ssl, subject])),
% ?match({ok, #'Certificate'{}},
% 'OrberCSIv2':decode('Certificate', PeerCert)),
ssl:close(Socket),
ssl:close(LSock),
ssl:stop(),
ok.
%%-----------------------------------------------------------------
%% Local functions.
%%-----------------------------------------------------------------
-ifdef(false).
%% Not used yet.
context_test(Obj) ->
IDToken1 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTAbsent,
value = true},
IDToken2 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTAnonymous,
value = false},
IDToken3 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTPrincipalName,
value = [0,255]},
IDToken4 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTX509CertChain,
value = [1,255]},
IDToken5 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTDistinguishedName,
value = [2,255]},
IDToken6 = #'CSI_IdentityToken'{label = ?ULONGMAX,
value = [3,255]},
MTEstablishContext1 = #'CSI_SASContextBody'
{label = ?CSI_MsgType_MTEstablishContext,
value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX,
authorization_token =
[#'CSI_AuthorizationElement'
{the_type = ?ULONGMAX,
the_element = [0,255]}],
identity_token = IDToken1,
client_authentication_token = [1, 255]}},
MTEstablishContext2 = #'CSI_SASContextBody'
{label = ?CSI_MsgType_MTEstablishContext,
value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX,
authorization_token =
[#'CSI_AuthorizationElement'
{the_type = ?ULONGMAX,
the_element = [0,255]}],
identity_token = IDToken2,
client_authentication_token = [1, 255]}},
MTEstablishContext3 = #'CSI_SASContextBody'
{label = ?CSI_MsgType_MTEstablishContext,
value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX,
authorization_token =
[#'CSI_AuthorizationElement'
{the_type = ?ULONGMAX,
the_element = [0,255]}],
identity_token = IDToken3,
client_authentication_token = [1, 255]}},
MTEstablishContext4 = #'CSI_SASContextBody'
{label = ?CSI_MsgType_MTEstablishContext,
value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX,
authorization_token =
[#'CSI_AuthorizationElement'
{the_type = ?ULONGMAX,
the_element = [0,255]}],
identity_token = IDToken4,
client_authentication_token = [1, 255]}},
MTEstablishContext5 = #'CSI_SASContextBody'
{label = ?CSI_MsgType_MTEstablishContext,
value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX,
authorization_token =
[#'CSI_AuthorizationElement'
{the_type = ?ULONGMAX,
the_element = [0,255]}],
identity_token = IDToken5,
client_authentication_token = [1, 255]}},
MTEstablishContext6 = #'CSI_SASContextBody'
{label = ?CSI_MsgType_MTEstablishContext,
value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX,
authorization_token =
[#'CSI_AuthorizationElement'
{the_type = ?ULONGMAX,
the_element = [0,255]}],
identity_token = IDToken6,
client_authentication_token = [1, 255]}},
MTCompleteEstablishContext = #'CSI_SASContextBody'
{label = ?CSI_MsgType_MTCompleteEstablishContext,
value = #'CSI_CompleteEstablishContext'{client_context_id = ?ULONGLONGMAX,
context_stateful = false,
final_context_token = [1, 255]}},
MTContextError = #'CSI_SASContextBody'
{label = ?CSI_MsgType_MTContextError,
value = #'CSI_ContextError'{client_context_id = ?ULONGLONGMAX,
major_status = 1,
minor_status = 2,
error_token = [2,255]}},
MTMessageInContext = #'CSI_SASContextBody'
{label = ?CSI_MsgType_MTMessageInContext,
value = #'CSI_MessageInContext'{client_context_id = ?ULONGLONGMAX,
discard_context = true}},
Ctx = [#'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService,
context_data = MTEstablishContext1},
#'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService,
context_data = MTEstablishContext2},
#'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService,
context_data = MTEstablishContext3},
#'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService,
context_data = MTEstablishContext4},
#'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService,
context_data = MTEstablishContext5},
#'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService,
context_data = MTEstablishContext6},
#'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService,
context_data = MTCompleteEstablishContext},
#'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService,
context_data = MTContextError},
#'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService,
context_data = MTMessageInContext}],
?line ?match(ok, orber_test_server:testing_iiop_context(Obj, [{context, Ctx}])).
fake_server_ORB(Type, Port, Options) ->
start_ssl(Type),
{ok, ListenSocket, NewPort} =
orber_socket:listen(Type, Port,
[{active, false}|Options]),
Socket = orber_socket:accept(Type, ListenSocket),
orber_socket:post_accept(Type, Socket),
{ok, Socket, NewPort}.
-endif.
fake_server_ORB(Type, Port, Options, Action, Data) ->
start_ssl(Type),
{ok, ListenSocket, _NewPort} =
orber_socket:listen(Type, Port, [{active, false}|Options]),
Socket = orber_socket:accept(Type, ListenSocket),
orber_socket:post_accept(Type, Socket),
do_server_action(Type, Socket, Action, Data),
orber_socket:close(Type, Socket),
ok.
start_ssl(ssl) ->
crypto:start(),
ssl:start();
start_ssl(_) ->
ok.
destroy_fake_ORB(ssl, Socket) ->
orber_socket:close(ssl, Socket),
ssl:stop();
destroy_fake_ORB(Type, Socket) ->
orber_socket:close(Type, Socket).
fake_client_ORB(Type, Host, Port, Options) ->
start_ssl(Type),
Socket = orber_socket:connect(Type, Host, Port, [{active, false}|Options]),
{ok, Socket}.
-ifdef(false).
%% Not used yet.
fake_client_ORB(Type, Host, Port, Options, Action, Data) ->
start_ssl(Type),
Socket = orber_socket:connect(Type, Host, Port, [{active, false}|Options]),
Result = do_client_action(Type, Socket, Action, Data),
orber_socket:close(Type, Socket),
Result.
do_client_action(Type, Socket, fragments, FragList) ->
ok = send_data(Type, Socket, FragList),
{ok, Bytes} = gen_tcp:recv(Socket, 0),
{#reply_header{request_id = ?REQUEST_ID, reply_status = no_exception}, ok, [Par]} =
cdr_decode:dec_message({tk_void,[tk_any],[tk_any]}, Bytes),
Par;
do_client_action(Type, Socket, fragments_max, FragList) ->
ok = send_data(Type, Socket, FragList),
{ok, Bytes} = gen_tcp:recv(Socket, 0),
{#reply_header{request_id = ?REQUEST_ID, reply_status = system_exception}, Exc, []} =
cdr_decode:dec_message({tk_void,[tk_any],[tk_any]}, Bytes),
Exc;
do_client_action(Type, Socket, message_error, Data) ->
ok = send_data(Type, Socket, Data),
{ok,Bytes} = gen_tcp:recv(Socket, 0),
'message_error' = cdr_decode:dec_message({tk_void,[tk_any],[tk_any]}, Bytes),
ok;
do_client_action(_Type, _Socket, _Action, _Data) ->
ok.
-endif.
do_server_action(Type, Socket, fragments, FragList) ->
{ok, _B} = gen_tcp:recv(Socket, 0),
ok = send_data(Type, Socket, FragList);
do_server_action(_Type, _Socket, _Action, _Data) ->
ok.
send_data(_Type, _Socket, []) ->
ok;
send_data(Type, Socket, [H|T]) ->
orber_socket:write(Type, Socket, H),
send_data(Type, Socket, T).