diff options
Diffstat (limited to 'lib/orber/test/csiv2_SUITE.erl')
-rw-r--r-- | lib/orber/test/csiv2_SUITE.erl | 940 |
1 files changed, 940 insertions, 0 deletions
diff --git a/lib/orber/test/csiv2_SUITE.erl b/lib/orber/test/csiv2_SUITE.erl new file mode 100644 index 0000000000..8103fd81ac --- /dev/null +++ b/lib/orber/test/csiv2_SUITE.erl @@ -0,0 +1,940 @@ +%% +%% %CopyrightBegin% +%% +%% Copyright Ericsson AB 2005-2010. All Rights Reserved. +%% +%% The contents of this file are subject to the Erlang Public License, +%% Version 1.1, (the "License"); you may not use this file except in +%% compliance with the License. You should have received a copy of the +%% Erlang Public License along with this software. If not, it can be +%% retrieved online at http://www.erlang.org/. +%% +%% Software distributed under the License is distributed on an "AS IS" +%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See +%% the License for the specific language governing rights and limitations +%% under the License. +%% +%% %CopyrightEnd% +%% +%% + +-module(csiv2_SUITE). + +-include("test_server.hrl"). +-include_lib("orber/include/corba.hrl"). +-include_lib("orber/COSS/CosNaming/CosNaming.hrl"). +-include_lib("orber/src/orber_iiop.hrl"). +-include_lib("orber/src/ifr_objects.hrl"). +-include("idl_output/orber_test_server.hrl"). +-include_lib("orber/COSS/CosNaming/CosNaming_NamingContextExt.hrl"). +-include_lib("orber/COSS/CosNaming/CosNaming_NamingContext.hrl"). +%%-include_lib("orber/src/OrberCSIv2.hrl"). + +-define(default_timeout, ?t:minutes(5)). + +-define(match(ExpectedRes,Expr), + fun() -> + AcTuAlReS = (catch (Expr)), + case AcTuAlReS of + ExpectedRes -> + io:format("------ CORRECT RESULT ------~n~p~n", + [AcTuAlReS]), + AcTuAlReS; + _ -> + io:format("###### ERROR ERROR ######~nRESULT: ~p~n", + [AcTuAlReS]), + ?line exit(AcTuAlReS) + end + end()). + +-define(REQUEST_ID, 0). + +-define(REPLY_FRAG_1, <<71,73,79,80,1,2,2,1,0,0,0,41,0,0,0,?REQUEST_ID,0,0,0,0,0,0,0,1,78,69,79,0,0,0,0,2,0,10,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0,0,0,4,49>>). +%% The fragments are identical for requests and replies. +-define(FRAG_2, <<71,73,79,80,1,2,2,7,0,0,0,5,0,0,0,?REQUEST_ID,50>>). +-define(FRAG_3, <<71,73,79,80,1,2,2,7,0,0,0,5,0,0,0,?REQUEST_ID,51>>). +-define(FRAG_4, <<71,73,79,80,1,2,0,7,0,0,0,5,0,0,0,?REQUEST_ID,0>>). + +%% Should X509 DER generated by, for example, OpenSSL +-define(X509DER, + <<42>>). + +%% Should X509 PEM generated by, for example, OpenSSL +-define(X509PEM, + <<42>>). + +%% IOR exported by VB (CSIv2 activated). +-define(VB_IOR, + #'IOP_IOR' + {type_id = "IDL:omg.org/CosNotifyComm/SequencePushConsumer:1.0", + profiles = + [#'IOP_TaggedProfile' + {tag = ?TAG_INTERNET_IOP, + profile_data = + #'IIOP_ProfileBody_1_1'{ + iiop_version = #'IIOP_Version'{major = 1, + minor = 2}, + host = "127.0.0.1", + port = 0, + object_key = [0,86,66,1,0,0,0,24,47,70,77,65,95,67,73,82,80,77,65,78,95,80,79,65,95,83,69,67,85,82,69,0,0,0,0,4,0,0,4,186,0,0,2,10,81,218,65,185], + components = + [#'IOP_TaggedComponent'{tag = ?TAG_SSL_SEC_TRANS, + component_data = #'SSLIOP_SSL'{ + target_supports = 102, + target_requires = 66, + port = 49934}}, + #'IOP_TaggedComponent'{tag = ?TAG_CSI_SEC_MECH_LIST, + component_data = + #'CSIIOP_CompoundSecMechList'{stateful = true, + mechanism_list = + [#'CSIIOP_CompoundSecMech' + {target_requires = 66, + transport_mech = #'IOP_TaggedComponent'{ + tag = ?TAG_TLS_SEC_TRANS, + component_data = + #'CSIIOP_TLS_SEC_TRANS'{ + target_supports = 102, + target_requires = 66, + addresses = + [#'CSIIOP_TransportAddress' + {host_name = "127.0.0.1", + port = 49934}]}}, + as_context_mech = + #'CSIIOP_AS_ContextSec'{ + target_supports = 0, + target_requires = 0, + client_authentication_mech = [], + target_name = []}, + sas_context_mech = + #'CSIIOP_SAS_ContextSec'{ + target_supports = 1024, + target_requires = 0, + privilege_authorities = + [#'CSIIOP_ServiceConfiguration' + {syntax = 1447174401, + name = "Borland"}], + supported_naming_mechanisms = [[6, + 6, + 103, + 129, + 2, + 1, + 1, + 1]], + supported_identity_types = 15}}]}}, + #'IOP_TaggedComponent' + {tag = ?TAG_CODE_SETS, + component_data = + #'CONV_FRAME_CodeSetComponentInfo'{'ForCharData' = + #'CONV_FRAME_CodeSetComponent'{ + native_code_set = 65537, + conversion_code_sets = [83951617]}, + 'ForWcharData' = + #'CONV_FRAME_CodeSetComponent'{ + native_code_set = 65801, + conversion_code_sets = []}}}, + #'IOP_TaggedComponent'{tag = ?TAG_ORB_TYPE, + component_data = 1447645952}, + #'IOP_TaggedComponent'{tag = 1447645955, + component_data = [0,5,7,1,127]}]}}]}). + +%% Common basic types +-define(OID, {2,23,130,1,1,1}). + +-define(OCTET_STR, [1,2,3,4]). + +-define(BIT_STR, [0,1,0,1,1]). + +-define(BOOLEAN, false). + +-define(ANY, [19,5,111,116,112,67,65]). + +-ifdef(false). +%% PKIX1Explicit88 +-define(AlgorithmIdentifier, + #'AlgorithmIdentifier'{algorithm = ?OID, + parameters = ?ANY}). + +-define(Validity, #'Validity'{notBefore = {utcTime, "19820102070533.8"}, + notAfter = {generalTime, "19820102070533.8"}}). + +-define(SubjectPublicKeyInfo, + #'SubjectPublicKeyInfo'{algorithm = ?AlgorithmIdentifier, + subjectPublicKey = ?BIT_STR}). + +-define(AttributeTypeAndValue, + #'AttributeTypeAndValue'{type = ?OID, + value = <<19,11,69,114,105,99,115,115,111,110,32,65,66>>}). + +-define(RelativeDistinguishedName, [?AttributeTypeAndValue]). + +-define(RDNSequence, [?RelativeDistinguishedName]). + +-define(Name, {rdnSequence, ?RDNSequence}). + +-define(Version, v3). + +-define(CertificateSerialNumber, 1). + +-define(UniqueIdentifier, ?BIT_STR). + +-define(Extension, #'Extension'{extnID = ?OID, + critical = ?BOOLEAN, + extnValue = ?OCTET_STR}). + +-define(Extensions, [?Extension]). + +-define(TBSCertificate, + #'TBSCertificate'{version = ?Version, + serialNumber = ?CertificateSerialNumber, + signature = ?AlgorithmIdentifier, + issuer = ?Name, + validity = ?Validity, + subject = ?Name, + subjectPublicKeyInfo = ?SubjectPublicKeyInfo, + issuerUniqueID = ?UniqueIdentifier, + subjectUniqueID = ?UniqueIdentifier, + extensions = ?Extensions}). + +-define(Certificate, #'Certificate'{tbsCertificate = ?TBSCertificate, + signatureAlgorithm = ?AlgorithmIdentifier, + signature = ?BIT_STR}). + +%% PKIX1Implicit88 + +-define(GeneralName, {registeredID, ?OID}). + +-define(GeneralNames, [?GeneralName]). + +%% PKIXAttributeCertificate +-define(AttCertValidityPeriod, + #'AttCertValidityPeriod'{notBeforeTime = "19820102070533.8", + notAfterTime = "19820102070533.8"}). + + +-define(Attribute, #'Attribute'{type = ?OID, + values = []}). + +-define(Attributes, [?Attribute]). + +-define(IssuerSerial, #'IssuerSerial'{issuer = ?GeneralNames, + serial = ?CertificateSerialNumber, + issuerUID = ?UniqueIdentifier}). + +-define(DigestedObjectType, publicKey). %% Enum + +-define(ObjectDigestInfo, + #'ObjectDigestInfo'{digestedObjectType = ?DigestedObjectType, + otherObjectTypeID = ?OID, + digestAlgorithm = ?AlgorithmIdentifier, + objectDigest = ?BIT_STR}). + +-define(V2Form, #'V2Form'{issuerName = ?GeneralNames, + baseCertificateID = ?IssuerSerial, + objectDigestInfo = ?ObjectDigestInfo}). + +-define(AttCertVersion, v2). + +-define(Holder, #'Holder'{baseCertificateID = ?IssuerSerial, + entityName = ?GeneralNames, + objectDigestInfo = ?ObjectDigestInfo}). + +-define(AttCertIssuer, {v2Form, ?V2Form}). + +-define(AttributeCertificateInfo, + #'AttributeCertificateInfo'{version = ?AttCertVersion, + holder = ?Holder, + issuer = ?AttCertIssuer, + signature = ?AlgorithmIdentifier, + serialNumber = ?CertificateSerialNumber, + attrCertValidityPeriod = ?AttCertValidityPeriod, + attributes = ?Attributes, + issuerUniqueID = ?UniqueIdentifier, + extensions = ?Extensions}). + +-define(AttributeCertificate, + #'AttributeCertificate'{acinfo = ?AttributeCertificateInfo, + signatureAlgorithm = ?AlgorithmIdentifier, + signatureValue = ?BIT_STR}). + + +%% OrberCSIv2 +-define(AttributeCertChain, + #'AttributeCertChain'{attributeCert = ?AttributeCertificate, + certificateChain = ?CertificateChain}). + +-define(CertificateChain, [?Certificate]). + +-define(VerifyingCertChain, [?Certificate]). + +-endif. + +%%----------------------------------------------------------------- +%% External exports +%%----------------------------------------------------------------- +-export([all/1, cases/0, init_all/1, finish_all/1, + init_per_testcase/2, fin_per_testcase/2, +% code_CertificateChain_api/1, +% code_AttributeCertChain_api/1, +% code_VerifyingCertChain_api/1, +% code_AttributeCertificate_api/1, +% code_Certificate_api/1, +% code_TBSCertificate_api/1, +% code_CertificateSerialNumber_api/1, +% code_Version_api/1, +% code_AlgorithmIdentifier_api/1, +% code_Name_api/1, +% code_RDNSequence_api/1, +% code_RelativeDistinguishedName_api/1, +% code_AttributeTypeAndValue_api/1, +% code_Attribute_api/1, +% code_Validity_api/1, +% code_SubjectPublicKeyInfo_api/1, +% code_UniqueIdentifier_api/1, +% code_Extensions_api/1, +% code_Extension_api/1, +% code_AttributeCertificateInfo_api/1, +% code_AttCertVersion_api/1, +% code_Holder_api/1, +% code_AttCertIssuer_api/1, +% code_AttCertValidityPeriod_api/1, +% code_V2Form_api/1, +% code_IssuerSerial_api/1, +% code_ObjectDigestInfo_api/1, +% code_OpenSSL509_api/1, + ssl_server_peercert_api/1, + ssl_client_peercert_api/1]). + + +%%----------------------------------------------------------------- +%% Internal exports +%%----------------------------------------------------------------- +-export([fake_server_ORB/5]). + +%%----------------------------------------------------------------- +%% Func: all/1 +%% Args: +%% Returns: +%%----------------------------------------------------------------- +all(doc) -> ["API tests for multi orber interfaces using CSIv2"]; +all(suite) -> {req, + [mnesia], + {conf, init_all, cases(), finish_all}}. + +%% NOTE - the fragment test cases must bu first since we explicitly set a request +%% id. Otherwise, the request-id counter would be increased and we cannot know +%% what it is. +cases() -> + [ +% code_CertificateChain_api, +% code_AttributeCertChain_api, +% code_VerifyingCertChain_api, +% code_AttributeCertificate_api, +% code_Certificate_api, +% code_TBSCertificate_api, +% code_CertificateSerialNumber_api, +% code_Version_api, +% code_AlgorithmIdentifier_api, +% code_Name_api, +% code_RDNSequence_api, +% code_RelativeDistinguishedName_api, +% code_AttributeTypeAndValue_api, +% code_Attribute_api, +% code_Validity_api, +% code_SubjectPublicKeyInfo_api, +% code_UniqueIdentifier_api, +% code_Extensions_api, +% code_Extension_api, +% code_AttributeCertificateInfo_api, +% code_AttCertVersion_api, +% code_Holder_api, +% code_AttCertIssuer_api, +% code_AttCertValidityPeriod_api, +% code_V2Form_api, +% code_IssuerSerial_api, +% code_ObjectDigestInfo_api, +% code_OpenSSL509_api, + ssl_server_peercert_api, + ssl_client_peercert_api]. + +%%----------------------------------------------------------------- +%% Init and cleanup functions. +%%----------------------------------------------------------------- + +init_per_testcase(_Case, Config) -> + Path = code:which(?MODULE), + code:add_pathz(filename:join(filename:dirname(Path), "idl_output")), + Dog=test_server:timetrap(?default_timeout), + orber:jump_start(0), + oe_orber_test_server:oe_register(), + [{watchdog, Dog}|Config]. + + +fin_per_testcase(_Case, Config) -> + oe_orber_test_server:oe_unregister(), + orber:jump_stop(), + Path = code:which(?MODULE), + code:del_path(filename:join(filename:dirname(Path), "idl_output")), + Dog = ?config(watchdog, Config), + test_server:timetrap_cancel(Dog), + ok. + +init_all(Config) -> + if + is_list(Config) -> + Config; + true -> + exit("Config not a list") + end. + +finish_all(Config) -> + Config. + +%%----------------------------------------------------------------- +%% API tests for ORB to ORB, no security +%%----------------------------------------------------------------- + + +%%----------------------------------------------------------------- +%% Encode and decode ASN.1 X509 +%%----------------------------------------------------------------- + +-ifdef(false). +%% OrberCSIv2 +code_CertificateChain_api(doc) -> ["Code CertificateChain"]; +code_CertificateChain_api(suite) -> []; +code_CertificateChain_api(_Config) -> + {ok, Enc} = + ?match({ok, _}, + 'OrberCSIv2':encode('CertificateChain', ?CertificateChain)), + ?match({ok, [#'Certificate'{}]}, + 'OrberCSIv2':decode('CertificateChain', list_to_binary(Enc))), + ok. + +code_AttributeCertChain_api(doc) -> ["Code AttributeCertChain"]; +code_AttributeCertChain_api(suite) -> []; +code_AttributeCertChain_api(_Config) -> + {ok, Enc} = + ?match({ok, _}, + 'OrberCSIv2':encode('AttributeCertChain', ?AttributeCertChain)), + ?match({ok, #'AttributeCertChain'{}}, + 'OrberCSIv2':decode('AttributeCertChain', list_to_binary(Enc))), + ok. + +code_VerifyingCertChain_api(doc) -> ["Code VerifyingCertChain"]; +code_VerifyingCertChain_api(suite) -> []; +code_VerifyingCertChain_api(_Config) -> + {ok, Enc} = + ?match({ok, _}, + 'OrberCSIv2':encode('VerifyingCertChain', ?VerifyingCertChain)), + ?match({ok, [#'Certificate'{}]}, + 'OrberCSIv2':decode('VerifyingCertChain', list_to_binary(Enc))), + ok. + +%% PKIXAttributeCertificate +code_AttributeCertificate_api(doc) -> ["Code AttributeCertificate"]; +code_AttributeCertificate_api(suite) -> []; +code_AttributeCertificate_api(_Config) -> + {ok, Enc} = + ?match({ok, _}, + 'OrberCSIv2':encode('AttributeCertificate', ?AttributeCertificate)), + ?match({ok, #'AttributeCertificate'{}}, + 'OrberCSIv2':decode('AttributeCertificate', list_to_binary(Enc))), + ok. + +code_AttributeCertificateInfo_api(doc) -> ["Code AttributeCertificateInfo"]; +code_AttributeCertificateInfo_api(suite) -> []; +code_AttributeCertificateInfo_api(_Config) -> + {ok, Enc} = + ?match({ok, _}, + 'OrberCSIv2':encode('AttributeCertificateInfo', ?AttributeCertificateInfo)), + ?match({ok, #'AttributeCertificateInfo'{}}, + 'OrberCSIv2':decode('AttributeCertificateInfo', list_to_binary(Enc))), + ok. + +code_AttCertVersion_api(doc) -> ["Code AttCertVersion"]; +code_AttCertVersion_api(suite) -> []; +code_AttCertVersion_api(_Config) -> + {ok, Enc} = + ?match({ok, _}, + 'OrberCSIv2':encode('AttCertVersion', ?AttCertVersion)), + ?match({ok, ?AttCertVersion}, + 'OrberCSIv2':decode('AttCertVersion', list_to_binary(Enc))), + ok. + +code_Holder_api(doc) -> ["Code Holder"]; +code_Holder_api(suite) -> []; +code_Holder_api(_Config) -> + {ok, Enc} = + ?match({ok, _}, + 'OrberCSIv2':encode('Holder', ?Holder)), + ?match({ok, #'Holder'{}}, + 'OrberCSIv2':decode('Holder', list_to_binary(Enc))), + ok. + +code_AttCertIssuer_api(doc) -> ["Code AttCertIssuer"]; +code_AttCertIssuer_api(suite) -> []; +code_AttCertIssuer_api(_Config) -> + {ok, Enc} = + ?match({ok, _}, + 'OrberCSIv2':encode('AttCertIssuer', ?AttCertIssuer)), + ?match({ok, {v2Form, _}}, + 'OrberCSIv2':decode('AttCertIssuer', list_to_binary(Enc))), + ok. + +code_AttCertValidityPeriod_api(doc) -> ["Code AttCertValidityPeriod"]; +code_AttCertValidityPeriod_api(suite) -> []; +code_AttCertValidityPeriod_api(_Config) -> + {ok, Enc} = + ?match({ok, _}, 'OrberCSIv2':encode('AttCertValidityPeriod', ?AttCertValidityPeriod)), + ?match({ok, #'AttCertValidityPeriod'{}}, + 'OrberCSIv2':decode('AttCertValidityPeriod', list_to_binary(Enc))), + ok. + +code_V2Form_api(doc) -> ["Code V2Form"]; +code_V2Form_api(suite) -> []; +code_V2Form_api(_Config) -> + {ok, Enc} = + ?match({ok, _}, + 'OrberCSIv2':encode('V2Form', ?V2Form)), + ?match({ok, #'V2Form'{}}, + 'OrberCSIv2':decode('V2Form', list_to_binary(Enc))), + ok. + +code_IssuerSerial_api(doc) -> ["Code IssuerSerial"]; +code_IssuerSerial_api(suite) -> []; +code_IssuerSerial_api(_Config) -> + {ok, Enc} = + ?match({ok, _}, + 'OrberCSIv2':encode('IssuerSerial', ?IssuerSerial)), + ?match({ok, #'IssuerSerial'{}}, + 'OrberCSIv2':decode('IssuerSerial', list_to_binary(Enc))), + ok. + +code_ObjectDigestInfo_api(doc) -> ["Code ObjectDigestInfo"]; +code_ObjectDigestInfo_api(suite) -> []; +code_ObjectDigestInfo_api(_Config) -> + {ok, Enc} = + ?match({ok, _}, + 'OrberCSIv2':encode('ObjectDigestInfo', ?ObjectDigestInfo)), + ?match({ok, #'ObjectDigestInfo'{}}, + 'OrberCSIv2':decode('ObjectDigestInfo', list_to_binary(Enc))), + ok. + +%% PKIX1Explicit88 +code_Certificate_api(doc) -> ["Code Certificate"]; +code_Certificate_api(suite) -> []; +code_Certificate_api(_Config) -> + {ok, Enc} = + ?match({ok, _}, + 'OrberCSIv2':encode('Certificate', ?Certificate)), + ?match({ok, #'Certificate'{}}, + 'OrberCSIv2':decode('Certificate', list_to_binary(Enc))), + ok. + +code_TBSCertificate_api(doc) -> ["Code TBSCertificate"]; +code_TBSCertificate_api(suite) -> []; +code_TBSCertificate_api(_Config) -> + {ok, Enc} = + ?match({ok, _}, + 'OrberCSIv2':encode('TBSCertificate', ?TBSCertificate)), + ?match({ok, #'TBSCertificate'{}}, + 'OrberCSIv2':decode('TBSCertificate', list_to_binary(Enc))), + ok. + +code_CertificateSerialNumber_api(doc) -> ["Code CertificateSerialNumber"]; +code_CertificateSerialNumber_api(suite) -> []; +code_CertificateSerialNumber_api(_Config) -> + {ok, Enc} = + ?match({ok, _}, + 'OrberCSIv2':encode('CertificateSerialNumber', ?CertificateSerialNumber)), + ?match({ok, ?CertificateSerialNumber}, + 'OrberCSIv2':decode('CertificateSerialNumber', list_to_binary(Enc))), + ok. + +code_Version_api(doc) -> ["Code Version"]; +code_Version_api(suite) -> []; +code_Version_api(_Config) -> + {ok, Enc} = + ?match({ok, _}, 'OrberCSIv2':encode('Version', ?Version)), + ?match({ok, ?Version}, 'OrberCSIv2':decode('Version', list_to_binary(Enc))), + ok. + +code_AlgorithmIdentifier_api(doc) -> ["Code AlgorithmIdentifier"]; +code_AlgorithmIdentifier_api(suite) -> []; +code_AlgorithmIdentifier_api(_Config) -> + {ok, Enc} = + ?match({ok, _}, 'OrberCSIv2':encode('AlgorithmIdentifier', ?AlgorithmIdentifier)), + ?match({ok, #'AlgorithmIdentifier'{}}, + 'OrberCSIv2':decode('AlgorithmIdentifier', list_to_binary(Enc))), + ok. + +code_Name_api(doc) -> ["Code Name"]; +code_Name_api(suite) -> []; +code_Name_api(_Config) -> + {ok, Enc} = + ?match({ok, _}, 'OrberCSIv2':encode('Name', ?Name)), + ?match({ok, {rdnSequence,_}}, + 'OrberCSIv2':decode('Name', list_to_binary(Enc))), + ok. + +code_RDNSequence_api(doc) -> ["Code RDNSequence"]; +code_RDNSequence_api(suite) -> []; +code_RDNSequence_api(_Config) -> + {ok, Enc} = + ?match({ok, _}, 'OrberCSIv2':encode('RDNSequence', ?RDNSequence)), + ?match({ok, [[#'AttributeTypeAndValue'{}]]}, + 'OrberCSIv2':decode('RDNSequence', list_to_binary(Enc))), + ok. + +code_RelativeDistinguishedName_api(doc) -> ["Code RelativeDistinguishedName"]; +code_RelativeDistinguishedName_api(suite) -> []; +code_RelativeDistinguishedName_api(_Config) -> + {ok, Enc} = + ?match({ok, _}, 'OrberCSIv2':encode('RelativeDistinguishedName', ?RelativeDistinguishedName)), + ?match({ok, [#'AttributeTypeAndValue'{}]}, + 'OrberCSIv2':decode('RelativeDistinguishedName', list_to_binary(Enc))), + ok. + +code_AttributeTypeAndValue_api(doc) -> ["Code AttributeTypeAndValue"]; +code_AttributeTypeAndValue_api(suite) -> []; +code_AttributeTypeAndValue_api(_Config) -> + {ok, Enc} = + ?match({ok, _}, 'OrberCSIv2':encode('AttributeTypeAndValue', ?AttributeTypeAndValue)), + ?match({ok, #'AttributeTypeAndValue'{}}, + 'OrberCSIv2':decode('AttributeTypeAndValue', list_to_binary(Enc))), + ok. + +code_Attribute_api(doc) -> ["Code Attribute"]; +code_Attribute_api(suite) -> []; +code_Attribute_api(_Config) -> + {ok, Enc} = + ?match({ok, _}, 'OrberCSIv2':encode('Attribute', ?Attribute)), + ?match({ok, #'Attribute'{}}, + 'OrberCSIv2':decode('Attribute', list_to_binary(Enc))), + ok. + +code_Validity_api(doc) -> ["Code Validity"]; +code_Validity_api(suite) -> []; +code_Validity_api(_Config) -> + {ok, Enc} = + ?match({ok, _}, 'OrberCSIv2':encode('Validity', ?Validity)), + ?match({ok, #'Validity'{}}, + 'OrberCSIv2':decode('Validity', list_to_binary(Enc))), + ok. + +code_SubjectPublicKeyInfo_api(doc) -> ["Code SubjectPublicKeyInfo"]; +code_SubjectPublicKeyInfo_api(suite) -> []; +code_SubjectPublicKeyInfo_api(_Config) -> + {ok, Enc} = + ?match({ok, _}, 'OrberCSIv2':encode('SubjectPublicKeyInfo', ?SubjectPublicKeyInfo)), + ?match({ok, #'SubjectPublicKeyInfo'{}}, + 'OrberCSIv2':decode('SubjectPublicKeyInfo', list_to_binary(Enc))), + ok. + +code_UniqueIdentifier_api(doc) -> ["Code UniqueIdentifier"]; +code_UniqueIdentifier_api(suite) -> []; +code_UniqueIdentifier_api(_Config) -> + {ok, Enc} = + ?match({ok, _}, 'OrberCSIv2':encode('UniqueIdentifier', ?UniqueIdentifier)), + ?match({ok, _}, 'OrberCSIv2':decode('UniqueIdentifier', list_to_binary(Enc))), + ok. + +code_Extensions_api(doc) -> ["Code Extensions"]; +code_Extensions_api(suite) -> []; +code_Extensions_api(_Config) -> + {ok, Enc} = + ?match({ok, _}, 'OrberCSIv2':encode('Extensions', ?Extensions)), + ?match({ok, [#'Extension'{}]}, + 'OrberCSIv2':decode('Extensions', list_to_binary(Enc))), + ok. + +code_Extension_api(doc) -> ["Code Extension"]; +code_Extension_api(suite) -> []; +code_Extension_api(_Config) -> + {ok, Enc} = + ?match({ok, _}, 'OrberCSIv2':encode('Extension', ?Extension)), + ?match({ok, #'Extension'{}}, + 'OrberCSIv2':decode('Extension', list_to_binary(Enc))), + ok. + +%% OpenSSL generated x509 Certificate +code_OpenSSL509_api(doc) -> ["Code OpenSSL generated x509 Certificate"]; +code_OpenSSL509_api(suite) -> []; +code_OpenSSL509_api(_Config) -> + {ok, Cert} = + ?match({ok, #'Certificate'{}}, + 'OrberCSIv2':decode('Certificate', ?X509DER)), + AttrCertChain = #'AttributeCertChain'{attributeCert = ?AttributeCertificate, + certificateChain = [Cert]}, + {ok, EAttrCertChain} = + ?match({ok, _}, 'OrberCSIv2':encode('AttributeCertChain', AttrCertChain)), + ?match({ok, #'AttributeCertChain'{}}, + 'OrberCSIv2':decode('AttributeCertChain', list_to_binary(EAttrCertChain))), + ok. + +-endif. + +%%----------------------------------------------------------------- +%% Test ssl:peercert +%%----------------------------------------------------------------- +ssl_server_peercert_api(doc) -> ["Test ssl:peercert (server side)"]; +ssl_server_peercert_api(suite) -> []; +ssl_server_peercert_api(_Config) -> + case os:type() of + vxworks -> + {skipped, "No SSL-support for VxWorks."}; + _ -> + Options = orber_test_lib:get_options(iiop_ssl, server, + 2, [{iiop_ssl_port, 0}]), + {ok, ServerNode, ServerHost} = + ?match({ok,_,_}, orber_test_lib:js_node(Options)), + ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_ssl_port, []), + SSLOptions = orber_test_lib:get_options(ssl, client), + {ok, Socket} = + ?match({ok, _}, fake_client_ORB(ssl, ServerHost, ServerPort, SSLOptions)), + {ok, _PeerCert} = ?match({ok, _}, orber_socket:peercert(ssl, Socket)), + ?match({ok, {rdnSequence, _}}, orber_socket:peercert(ssl, Socket, [pkix, subject])), + ?match({ok, {rdnSequence, _}}, orber_socket:peercert(ssl, Socket, [ssl, subject])), +% ?match({ok, #'Certificate'{}}, +% 'OrberCSIv2':decode('Certificate', PeerCert)), + destroy_fake_ORB(ssl, Socket), + ok + end. + +ssl_client_peercert_api(doc) -> ["Test ssl:peercert (client side)"]; +ssl_client_peercert_api(suite) -> []; +ssl_client_peercert_api(_Config) -> + case os:type() of + vxworks -> + {skipped, "No SSL-support for VxWorks."}; + _ -> + Options = orber_test_lib:get_options(iiop_ssl, client, + 2, [{iiop_ssl_port, 0}]), + {ok, ClientNode, _ClientHost} = + ?match({ok,_,_}, orber_test_lib:js_node(Options)), + crypto:start(), + ssl:start(), + ssl:seed("testing"), + SSLOptions = orber_test_lib:get_options(ssl, server), + {ok, LSock} = ?match({ok, _}, ssl:listen(0, SSLOptions)), + {ok, {_Address, LPort}} = ?match({ok, {_, _}}, ssl:sockname(LSock)), + IOR = ?match({'IOP_IOR',_,_}, + iop_ior:create_external({1, 2}, "IDL:FAKE:1.0", + "localhost", 6004, "FAKE", + [#'IOP_TaggedComponent' + {tag=?TAG_SSL_SEC_TRANS, + component_data=#'SSLIOP_SSL' + {target_supports = 2, + target_requires = 2, + port = LPort}}])), + spawn(orber_test_lib, remote_apply, + [ClientNode, corba_object, non_existent, [IOR]]), + {ok, Socket} = ?match({ok, _}, ssl:transport_accept(LSock)), + ?match(ok, ssl:ssl_accept(Socket)), + + {ok, _PeerCert} = ?match({ok, _}, orber_socket:peercert(ssl, Socket)), + ?match({ok, {rdnSequence, _}}, orber_socket:peercert(ssl, Socket, [pkix, subject])), + ?match({ok, {rdnSequence, _}}, orber_socket:peercert(ssl, Socket, [ssl, subject])), +% ?match({ok, #'Certificate'{}}, +% 'OrberCSIv2':decode('Certificate', PeerCert)), + ssl:close(Socket), + ssl:close(LSock), + ssl:stop(), + ok + end. + +%%----------------------------------------------------------------- +%% Local functions. +%%----------------------------------------------------------------- +-ifdef(false). +%% Not used yet. +context_test(Obj) -> + IDToken1 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTAbsent, + value = true}, + IDToken2 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTAnonymous, + value = false}, + IDToken3 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTPrincipalName, + value = [0,255]}, + IDToken4 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTX509CertChain, + value = [1,255]}, + IDToken5 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTDistinguishedName, + value = [2,255]}, + IDToken6 = #'CSI_IdentityToken'{label = ?ULONGMAX, + value = [3,255]}, + + MTEstablishContext1 = #'CSI_SASContextBody' + {label = ?CSI_MsgType_MTEstablishContext, + value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX, + authorization_token = + [#'CSI_AuthorizationElement' + {the_type = ?ULONGMAX, + the_element = [0,255]}], + identity_token = IDToken1, + client_authentication_token = [1, 255]}}, + MTEstablishContext2 = #'CSI_SASContextBody' + {label = ?CSI_MsgType_MTEstablishContext, + value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX, + authorization_token = + [#'CSI_AuthorizationElement' + {the_type = ?ULONGMAX, + the_element = [0,255]}], + identity_token = IDToken2, + client_authentication_token = [1, 255]}}, + MTEstablishContext3 = #'CSI_SASContextBody' + {label = ?CSI_MsgType_MTEstablishContext, + value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX, + authorization_token = + [#'CSI_AuthorizationElement' + {the_type = ?ULONGMAX, + the_element = [0,255]}], + identity_token = IDToken3, + client_authentication_token = [1, 255]}}, + MTEstablishContext4 = #'CSI_SASContextBody' + {label = ?CSI_MsgType_MTEstablishContext, + value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX, + authorization_token = + [#'CSI_AuthorizationElement' + {the_type = ?ULONGMAX, + the_element = [0,255]}], + identity_token = IDToken4, + client_authentication_token = [1, 255]}}, + MTEstablishContext5 = #'CSI_SASContextBody' + {label = ?CSI_MsgType_MTEstablishContext, + value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX, + authorization_token = + [#'CSI_AuthorizationElement' + {the_type = ?ULONGMAX, + the_element = [0,255]}], + identity_token = IDToken5, + client_authentication_token = [1, 255]}}, + MTEstablishContext6 = #'CSI_SASContextBody' + {label = ?CSI_MsgType_MTEstablishContext, + value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX, + authorization_token = + [#'CSI_AuthorizationElement' + {the_type = ?ULONGMAX, + the_element = [0,255]}], + identity_token = IDToken6, + client_authentication_token = [1, 255]}}, + MTCompleteEstablishContext = #'CSI_SASContextBody' + {label = ?CSI_MsgType_MTCompleteEstablishContext, + value = #'CSI_CompleteEstablishContext'{client_context_id = ?ULONGLONGMAX, + context_stateful = false, + final_context_token = [1, 255]}}, + MTContextError = #'CSI_SASContextBody' + {label = ?CSI_MsgType_MTContextError, + value = #'CSI_ContextError'{client_context_id = ?ULONGLONGMAX, + major_status = 1, + minor_status = 2, + error_token = [2,255]}}, + MTMessageInContext = #'CSI_SASContextBody' + {label = ?CSI_MsgType_MTMessageInContext, + value = #'CSI_MessageInContext'{client_context_id = ?ULONGLONGMAX, + discard_context = true}}, + Ctx = [#'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, + context_data = MTEstablishContext1}, + #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, + context_data = MTEstablishContext2}, + #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, + context_data = MTEstablishContext3}, + #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, + context_data = MTEstablishContext4}, + #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, + context_data = MTEstablishContext5}, + #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, + context_data = MTEstablishContext6}, + #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, + context_data = MTCompleteEstablishContext}, + #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, + context_data = MTContextError}, + #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, + context_data = MTMessageInContext}], + ?line ?match(ok, orber_test_server:testing_iiop_context(Obj, [{context, Ctx}])). + + +fake_server_ORB(Type, Port, Options) -> + start_ssl(Type), + {ok, ListenSocket, NewPort} = + orber_socket:listen(Type, Port, + [{active, false}|Options]), + Socket = orber_socket:accept(Type, ListenSocket), + orber_socket:post_accept(Type, Socket), + {ok, Socket, NewPort}. + +-endif. + +fake_server_ORB(Type, Port, Options, Action, Data) -> + start_ssl(Type), + {ok, ListenSocket, _NewPort} = + orber_socket:listen(Type, Port, [{active, false}|Options]), + Socket = orber_socket:accept(Type, ListenSocket), + orber_socket:post_accept(Type, Socket), + do_server_action(Type, Socket, Action, Data), + orber_socket:close(Type, Socket), + ok. + +start_ssl(ssl) -> + crypto:start(), + ssl:start(), + ssl:seed("testing"); +start_ssl(_) -> + ok. + + +destroy_fake_ORB(ssl, Socket) -> + orber_socket:close(ssl, Socket), + ssl:stop(); +destroy_fake_ORB(Type, Socket) -> + orber_socket:close(Type, Socket). + +fake_client_ORB(Type, Host, Port, Options) -> + start_ssl(Type), + Socket = orber_socket:connect(Type, Host, Port, [{active, false}|Options]), + {ok, Socket}. + +-ifdef(false). +%% Not used yet. + +fake_client_ORB(Type, Host, Port, Options, Action, Data) -> + start_ssl(Type), + Socket = orber_socket:connect(Type, Host, Port, [{active, false}|Options]), + Result = do_client_action(Type, Socket, Action, Data), + orber_socket:close(Type, Socket), + Result. + +do_client_action(Type, Socket, fragments, FragList) -> + ok = send_data(Type, Socket, FragList), + {ok, Bytes} = gen_tcp:recv(Socket, 0), + {#reply_header{request_id = ?REQUEST_ID, reply_status = no_exception}, ok, [Par]} = + cdr_decode:dec_message({tk_void,[tk_any],[tk_any]}, Bytes), + Par; +do_client_action(Type, Socket, fragments_max, FragList) -> + ok = send_data(Type, Socket, FragList), + {ok, Bytes} = gen_tcp:recv(Socket, 0), + {#reply_header{request_id = ?REQUEST_ID, reply_status = system_exception}, Exc, []} = + cdr_decode:dec_message({tk_void,[tk_any],[tk_any]}, Bytes), + Exc; +do_client_action(Type, Socket, message_error, Data) -> + ok = send_data(Type, Socket, Data), + {ok,Bytes} = gen_tcp:recv(Socket, 0), + 'message_error' = cdr_decode:dec_message({tk_void,[tk_any],[tk_any]}, Bytes), + ok; +do_client_action(_Type, _Socket, _Action, _Data) -> + ok. + +-endif. + +do_server_action(Type, Socket, fragments, FragList) -> + {ok, _B} = gen_tcp:recv(Socket, 0), + ok = send_data(Type, Socket, FragList); +do_server_action(_Type, _Socket, _Action, _Data) -> + ok. + + +send_data(_Type, _Socket, []) -> + ok; +send_data(Type, Socket, [H|T]) -> + orber_socket:write(Type, Socket, H), + send_data(Type, Socket, T). + |