%% %% %CopyrightBegin% %% %% Copyright Ericsson AB 2005-2011. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in %% compliance with the License. You should have received a copy of the %% Erlang Public License along with this software. If not, it can be %% retrieved online at http://www.erlang.org/. %% %% Software distributed under the License is distributed on an "AS IS" %% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See %% the License for the specific language governing rights and limitations %% under the License. %% %% %CopyrightEnd% %% %% -module(csiv2_SUITE). -include_lib("test_server/include/test_server.hrl"). -include_lib("orber/include/corba.hrl"). -include_lib("orber/COSS/CosNaming/CosNaming.hrl"). -include_lib("orber/src/orber_iiop.hrl"). -include_lib("orber/src/ifr_objects.hrl"). -include("idl_output/orber_test_server.hrl"). -include_lib("orber/COSS/CosNaming/CosNaming_NamingContextExt.hrl"). -include_lib("orber/COSS/CosNaming/CosNaming_NamingContext.hrl"). %%-include_lib("orber/src/OrberCSIv2.hrl"). -define(default_timeout, ?t:minutes(5)). -define(match(ExpectedRes,Expr), fun() -> AcTuAlReS = (catch (Expr)), case AcTuAlReS of ExpectedRes -> io:format("------ CORRECT RESULT ------~n~p~n", [AcTuAlReS]), AcTuAlReS; _ -> io:format("###### ERROR ERROR ######~nRESULT: ~p~n", [AcTuAlReS]), ?line exit(AcTuAlReS) end end()). -define(REQUEST_ID, 0). -define(REPLY_FRAG_1, <<71,73,79,80,1,2,2,1,0,0,0,41,0,0,0,?REQUEST_ID,0,0,0,0,0,0,0,1,78,69,79,0,0,0,0,2,0,10,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0,0,0,4,49>>). %% The fragments are identical for requests and replies. -define(FRAG_2, <<71,73,79,80,1,2,2,7,0,0,0,5,0,0,0,?REQUEST_ID,50>>). -define(FRAG_3, <<71,73,79,80,1,2,2,7,0,0,0,5,0,0,0,?REQUEST_ID,51>>). -define(FRAG_4, <<71,73,79,80,1,2,0,7,0,0,0,5,0,0,0,?REQUEST_ID,0>>). %% Should X509 DER generated by, for example, OpenSSL -define(X509DER, <<42>>). %% Should X509 PEM generated by, for example, OpenSSL -define(X509PEM, <<42>>). %% IOR exported by VB (CSIv2 activated). -define(VB_IOR, #'IOP_IOR' {type_id = "IDL:omg.org/CosNotifyComm/SequencePushConsumer:1.0", profiles = [#'IOP_TaggedProfile' {tag = ?TAG_INTERNET_IOP, profile_data = #'IIOP_ProfileBody_1_1'{ iiop_version = #'IIOP_Version'{major = 1, minor = 2}, host = "127.0.0.1", port = 0, object_key = [0,86,66,1,0,0,0,24,47,70,77,65,95,67,73,82,80,77,65,78,95,80,79,65,95,83,69,67,85,82,69,0,0,0,0,4,0,0,4,186,0,0,2,10,81,218,65,185], components = [#'IOP_TaggedComponent'{tag = ?TAG_SSL_SEC_TRANS, component_data = #'SSLIOP_SSL'{ target_supports = 102, target_requires = 66, port = 49934}}, #'IOP_TaggedComponent'{tag = ?TAG_CSI_SEC_MECH_LIST, component_data = #'CSIIOP_CompoundSecMechList'{stateful = true, mechanism_list = [#'CSIIOP_CompoundSecMech' {target_requires = 66, transport_mech = #'IOP_TaggedComponent'{ tag = ?TAG_TLS_SEC_TRANS, component_data = #'CSIIOP_TLS_SEC_TRANS'{ target_supports = 102, target_requires = 66, addresses = [#'CSIIOP_TransportAddress' {host_name = "127.0.0.1", port = 49934}]}}, as_context_mech = #'CSIIOP_AS_ContextSec'{ target_supports = 0, target_requires = 0, client_authentication_mech = [], target_name = []}, sas_context_mech = #'CSIIOP_SAS_ContextSec'{ target_supports = 1024, target_requires = 0, privilege_authorities = [#'CSIIOP_ServiceConfiguration' {syntax = 1447174401, name = "Borland"}], supported_naming_mechanisms = [[6, 6, 103, 129, 2, 1, 1, 1]], supported_identity_types = 15}}]}}, #'IOP_TaggedComponent' {tag = ?TAG_CODE_SETS, component_data = #'CONV_FRAME_CodeSetComponentInfo'{'ForCharData' = #'CONV_FRAME_CodeSetComponent'{ native_code_set = 65537, conversion_code_sets = [83951617]}, 'ForWcharData' = #'CONV_FRAME_CodeSetComponent'{ native_code_set = 65801, conversion_code_sets = []}}}, #'IOP_TaggedComponent'{tag = ?TAG_ORB_TYPE, component_data = 1447645952}, #'IOP_TaggedComponent'{tag = 1447645955, component_data = [0,5,7,1,127]}]}}]}). %% Common basic types -define(OID, {2,23,130,1,1,1}). -define(OCTET_STR, [1,2,3,4]). -define(BIT_STR, [0,1,0,1,1]). -define(BOOLEAN, false). -define(ANY, [19,5,111,116,112,67,65]). -ifdef(false). %% PKIX1Explicit88 -define(AlgorithmIdentifier, #'AlgorithmIdentifier'{algorithm = ?OID, parameters = ?ANY}). -define(Validity, #'Validity'{notBefore = {utcTime, "19820102070533.8"}, notAfter = {generalTime, "19820102070533.8"}}). -define(SubjectPublicKeyInfo, #'SubjectPublicKeyInfo'{algorithm = ?AlgorithmIdentifier, subjectPublicKey = ?BIT_STR}). -define(AttributeTypeAndValue, #'AttributeTypeAndValue'{type = ?OID, value = <<19,11,69,114,105,99,115,115,111,110,32,65,66>>}). -define(RelativeDistinguishedName, [?AttributeTypeAndValue]). -define(RDNSequence, [?RelativeDistinguishedName]). -define(Name, {rdnSequence, ?RDNSequence}). -define(Version, v3). -define(CertificateSerialNumber, 1). -define(UniqueIdentifier, ?BIT_STR). -define(Extension, #'Extension'{extnID = ?OID, critical = ?BOOLEAN, extnValue = ?OCTET_STR}). -define(Extensions, [?Extension]). -define(TBSCertificate, #'TBSCertificate'{version = ?Version, serialNumber = ?CertificateSerialNumber, signature = ?AlgorithmIdentifier, issuer = ?Name, validity = ?Validity, subject = ?Name, subjectPublicKeyInfo = ?SubjectPublicKeyInfo, issuerUniqueID = ?UniqueIdentifier, subjectUniqueID = ?UniqueIdentifier, extensions = ?Extensions}). -define(Certificate, #'Certificate'{tbsCertificate = ?TBSCertificate, signatureAlgorithm = ?AlgorithmIdentifier, signature = ?BIT_STR}). %% PKIX1Implicit88 -define(GeneralName, {registeredID, ?OID}). -define(GeneralNames, [?GeneralName]). %% PKIXAttributeCertificate -define(AttCertValidityPeriod, #'AttCertValidityPeriod'{notBeforeTime = "19820102070533.8", notAfterTime = "19820102070533.8"}). -define(Attribute, #'Attribute'{type = ?OID, values = []}). -define(Attributes, [?Attribute]). -define(IssuerSerial, #'IssuerSerial'{issuer = ?GeneralNames, serial = ?CertificateSerialNumber, issuerUID = ?UniqueIdentifier}). -define(DigestedObjectType, publicKey). %% Enum -define(ObjectDigestInfo, #'ObjectDigestInfo'{digestedObjectType = ?DigestedObjectType, otherObjectTypeID = ?OID, digestAlgorithm = ?AlgorithmIdentifier, objectDigest = ?BIT_STR}). -define(V2Form, #'V2Form'{issuerName = ?GeneralNames, baseCertificateID = ?IssuerSerial, objectDigestInfo = ?ObjectDigestInfo}). -define(AttCertVersion, v2). -define(Holder, #'Holder'{baseCertificateID = ?IssuerSerial, entityName = ?GeneralNames, objectDigestInfo = ?ObjectDigestInfo}). -define(AttCertIssuer, {v2Form, ?V2Form}). -define(AttributeCertificateInfo, #'AttributeCertificateInfo'{version = ?AttCertVersion, holder = ?Holder, issuer = ?AttCertIssuer, signature = ?AlgorithmIdentifier, serialNumber = ?CertificateSerialNumber, attrCertValidityPeriod = ?AttCertValidityPeriod, attributes = ?Attributes, issuerUniqueID = ?UniqueIdentifier, extensions = ?Extensions}). -define(AttributeCertificate, #'AttributeCertificate'{acinfo = ?AttributeCertificateInfo, signatureAlgorithm = ?AlgorithmIdentifier, signatureValue = ?BIT_STR}). %% OrberCSIv2 -define(AttributeCertChain, #'AttributeCertChain'{attributeCert = ?AttributeCertificate, certificateChain = ?CertificateChain}). -define(CertificateChain, [?Certificate]). -define(VerifyingCertChain, [?Certificate]). -endif. %%----------------------------------------------------------------- %% External exports %%----------------------------------------------------------------- -export([all/0, suite/0,groups/0,init_per_group/2,end_per_group/2, cases/0, init_per_suite/1, end_per_suite/1, init_per_testcase/2, end_per_testcase/2, % code_CertificateChain_api/1, % code_AttributeCertChain_api/1, % code_VerifyingCertChain_api/1, % code_AttributeCertificate_api/1, % code_Certificate_api/1, % code_TBSCertificate_api/1, % code_CertificateSerialNumber_api/1, % code_Version_api/1, % code_AlgorithmIdentifier_api/1, % code_Name_api/1, % code_RDNSequence_api/1, % code_RelativeDistinguishedName_api/1, % code_AttributeTypeAndValue_api/1, % code_Attribute_api/1, % code_Validity_api/1, % code_SubjectPublicKeyInfo_api/1, % code_UniqueIdentifier_api/1, % code_Extensions_api/1, % code_Extension_api/1, % code_AttributeCertificateInfo_api/1, % code_AttCertVersion_api/1, % code_Holder_api/1, % code_AttCertIssuer_api/1, % code_AttCertValidityPeriod_api/1, % code_V2Form_api/1, % code_IssuerSerial_api/1, % code_ObjectDigestInfo_api/1, % code_OpenSSL509_api/1, ssl_server_peercert_api/1, ssl_client_peercert_api/1]). %%----------------------------------------------------------------- %% Internal exports %%----------------------------------------------------------------- -export([fake_server_ORB/5]). %%----------------------------------------------------------------- %% Func: all/1 %% Args: %% Returns: %%----------------------------------------------------------------- suite() -> [{ct_hooks,[ts_install_cth]}]. all() -> cases(). groups() -> []. init_per_group(_GroupName, Config) -> Config. end_per_group(_GroupName, Config) -> Config. %% NOTE - the fragment test cases must bu first since we explicitly set a request %% id. Otherwise, the request-id counter would be increased and we cannot know %% what it is. cases() -> [ssl_server_peercert_api, ssl_client_peercert_api]. %%----------------------------------------------------------------- %% Init and cleanup functions. %%----------------------------------------------------------------- init_per_testcase(_Case, Config) -> Path = code:which(?MODULE), code:add_pathz(filename:join(filename:dirname(Path), "idl_output")), Dog=test_server:timetrap(?default_timeout), orber:jump_start(0), oe_orber_test_server:oe_register(), [{watchdog, Dog}|Config]. end_per_testcase(_Case, Config) -> oe_orber_test_server:oe_unregister(), orber:jump_stop(), Path = code:which(?MODULE), code:del_path(filename:join(filename:dirname(Path), "idl_output")), Dog = ?config(watchdog, Config), test_server:timetrap_cancel(Dog), ok. init_per_suite(Config) -> case orber_test_lib:ssl_version() of no_ssl -> {skip,"SSL is not installed!"}; _ -> Config end. end_per_suite(Config) -> Config. %%----------------------------------------------------------------- %% API tests for ORB to ORB, no security %%----------------------------------------------------------------- %%----------------------------------------------------------------- %% Encode and decode ASN.1 X509 %%----------------------------------------------------------------- -ifdef(false). %% OrberCSIv2 code_CertificateChain_api(doc) -> ["Code CertificateChain"]; code_CertificateChain_api(suite) -> []; code_CertificateChain_api(_Config) -> {ok, Enc} = ?match({ok, _}, 'OrberCSIv2':encode('CertificateChain', ?CertificateChain)), ?match({ok, [#'Certificate'{}]}, 'OrberCSIv2':decode('CertificateChain', list_to_binary(Enc))), ok. code_AttributeCertChain_api(doc) -> ["Code AttributeCertChain"]; code_AttributeCertChain_api(suite) -> []; code_AttributeCertChain_api(_Config) -> {ok, Enc} = ?match({ok, _}, 'OrberCSIv2':encode('AttributeCertChain', ?AttributeCertChain)), ?match({ok, #'AttributeCertChain'{}}, 'OrberCSIv2':decode('AttributeCertChain', list_to_binary(Enc))), ok. code_VerifyingCertChain_api(doc) -> ["Code VerifyingCertChain"]; code_VerifyingCertChain_api(suite) -> []; code_VerifyingCertChain_api(_Config) -> {ok, Enc} = ?match({ok, _}, 'OrberCSIv2':encode('VerifyingCertChain', ?VerifyingCertChain)), ?match({ok, [#'Certificate'{}]}, 'OrberCSIv2':decode('VerifyingCertChain', list_to_binary(Enc))), ok. %% PKIXAttributeCertificate code_AttributeCertificate_api(doc) -> ["Code AttributeCertificate"]; code_AttributeCertificate_api(suite) -> []; code_AttributeCertificate_api(_Config) -> {ok, Enc} = ?match({ok, _}, 'OrberCSIv2':encode('AttributeCertificate', ?AttributeCertificate)), ?match({ok, #'AttributeCertificate'{}}, 'OrberCSIv2':decode('AttributeCertificate', list_to_binary(Enc))), ok. code_AttributeCertificateInfo_api(doc) -> ["Code AttributeCertificateInfo"]; code_AttributeCertificateInfo_api(suite) -> []; code_AttributeCertificateInfo_api(_Config) -> {ok, Enc} = ?match({ok, _}, 'OrberCSIv2':encode('AttributeCertificateInfo', ?AttributeCertificateInfo)), ?match({ok, #'AttributeCertificateInfo'{}}, 'OrberCSIv2':decode('AttributeCertificateInfo', list_to_binary(Enc))), ok. code_AttCertVersion_api(doc) -> ["Code AttCertVersion"]; code_AttCertVersion_api(suite) -> []; code_AttCertVersion_api(_Config) -> {ok, Enc} = ?match({ok, _}, 'OrberCSIv2':encode('AttCertVersion', ?AttCertVersion)), ?match({ok, ?AttCertVersion}, 'OrberCSIv2':decode('AttCertVersion', list_to_binary(Enc))), ok. code_Holder_api(doc) -> ["Code Holder"]; code_Holder_api(suite) -> []; code_Holder_api(_Config) -> {ok, Enc} = ?match({ok, _}, 'OrberCSIv2':encode('Holder', ?Holder)), ?match({ok, #'Holder'{}}, 'OrberCSIv2':decode('Holder', list_to_binary(Enc))), ok. code_AttCertIssuer_api(doc) -> ["Code AttCertIssuer"]; code_AttCertIssuer_api(suite) -> []; code_AttCertIssuer_api(_Config) -> {ok, Enc} = ?match({ok, _}, 'OrberCSIv2':encode('AttCertIssuer', ?AttCertIssuer)), ?match({ok, {v2Form, _}}, 'OrberCSIv2':decode('AttCertIssuer', list_to_binary(Enc))), ok. code_AttCertValidityPeriod_api(doc) -> ["Code AttCertValidityPeriod"]; code_AttCertValidityPeriod_api(suite) -> []; code_AttCertValidityPeriod_api(_Config) -> {ok, Enc} = ?match({ok, _}, 'OrberCSIv2':encode('AttCertValidityPeriod', ?AttCertValidityPeriod)), ?match({ok, #'AttCertValidityPeriod'{}}, 'OrberCSIv2':decode('AttCertValidityPeriod', list_to_binary(Enc))), ok. code_V2Form_api(doc) -> ["Code V2Form"]; code_V2Form_api(suite) -> []; code_V2Form_api(_Config) -> {ok, Enc} = ?match({ok, _}, 'OrberCSIv2':encode('V2Form', ?V2Form)), ?match({ok, #'V2Form'{}}, 'OrberCSIv2':decode('V2Form', list_to_binary(Enc))), ok. code_IssuerSerial_api(doc) -> ["Code IssuerSerial"]; code_IssuerSerial_api(suite) -> []; code_IssuerSerial_api(_Config) -> {ok, Enc} = ?match({ok, _}, 'OrberCSIv2':encode('IssuerSerial', ?IssuerSerial)), ?match({ok, #'IssuerSerial'{}}, 'OrberCSIv2':decode('IssuerSerial', list_to_binary(Enc))), ok. code_ObjectDigestInfo_api(doc) -> ["Code ObjectDigestInfo"]; code_ObjectDigestInfo_api(suite) -> []; code_ObjectDigestInfo_api(_Config) -> {ok, Enc} = ?match({ok, _}, 'OrberCSIv2':encode('ObjectDigestInfo', ?ObjectDigestInfo)), ?match({ok, #'ObjectDigestInfo'{}}, 'OrberCSIv2':decode('ObjectDigestInfo', list_to_binary(Enc))), ok. %% PKIX1Explicit88 code_Certificate_api(doc) -> ["Code Certificate"]; code_Certificate_api(suite) -> []; code_Certificate_api(_Config) -> {ok, Enc} = ?match({ok, _}, 'OrberCSIv2':encode('Certificate', ?Certificate)), ?match({ok, #'Certificate'{}}, 'OrberCSIv2':decode('Certificate', list_to_binary(Enc))), ok. code_TBSCertificate_api(doc) -> ["Code TBSCertificate"]; code_TBSCertificate_api(suite) -> []; code_TBSCertificate_api(_Config) -> {ok, Enc} = ?match({ok, _}, 'OrberCSIv2':encode('TBSCertificate', ?TBSCertificate)), ?match({ok, #'TBSCertificate'{}}, 'OrberCSIv2':decode('TBSCertificate', list_to_binary(Enc))), ok. code_CertificateSerialNumber_api(doc) -> ["Code CertificateSerialNumber"]; code_CertificateSerialNumber_api(suite) -> []; code_CertificateSerialNumber_api(_Config) -> {ok, Enc} = ?match({ok, _}, 'OrberCSIv2':encode('CertificateSerialNumber', ?CertificateSerialNumber)), ?match({ok, ?CertificateSerialNumber}, 'OrberCSIv2':decode('CertificateSerialNumber', list_to_binary(Enc))), ok. code_Version_api(doc) -> ["Code Version"]; code_Version_api(suite) -> []; code_Version_api(_Config) -> {ok, Enc} = ?match({ok, _}, 'OrberCSIv2':encode('Version', ?Version)), ?match({ok, ?Version}, 'OrberCSIv2':decode('Version', list_to_binary(Enc))), ok. code_AlgorithmIdentifier_api(doc) -> ["Code AlgorithmIdentifier"]; code_AlgorithmIdentifier_api(suite) -> []; code_AlgorithmIdentifier_api(_Config) -> {ok, Enc} = ?match({ok, _}, 'OrberCSIv2':encode('AlgorithmIdentifier', ?AlgorithmIdentifier)), ?match({ok, #'AlgorithmIdentifier'{}}, 'OrberCSIv2':decode('AlgorithmIdentifier', list_to_binary(Enc))), ok. code_Name_api(doc) -> ["Code Name"]; code_Name_api(suite) -> []; code_Name_api(_Config) -> {ok, Enc} = ?match({ok, _}, 'OrberCSIv2':encode('Name', ?Name)), ?match({ok, {rdnSequence,_}}, 'OrberCSIv2':decode('Name', list_to_binary(Enc))), ok. code_RDNSequence_api(doc) -> ["Code RDNSequence"]; code_RDNSequence_api(suite) -> []; code_RDNSequence_api(_Config) -> {ok, Enc} = ?match({ok, _}, 'OrberCSIv2':encode('RDNSequence', ?RDNSequence)), ?match({ok, [[#'AttributeTypeAndValue'{}]]}, 'OrberCSIv2':decode('RDNSequence', list_to_binary(Enc))), ok. code_RelativeDistinguishedName_api(doc) -> ["Code RelativeDistinguishedName"]; code_RelativeDistinguishedName_api(suite) -> []; code_RelativeDistinguishedName_api(_Config) -> {ok, Enc} = ?match({ok, _}, 'OrberCSIv2':encode('RelativeDistinguishedName', ?RelativeDistinguishedName)), ?match({ok, [#'AttributeTypeAndValue'{}]}, 'OrberCSIv2':decode('RelativeDistinguishedName', list_to_binary(Enc))), ok. code_AttributeTypeAndValue_api(doc) -> ["Code AttributeTypeAndValue"]; code_AttributeTypeAndValue_api(suite) -> []; code_AttributeTypeAndValue_api(_Config) -> {ok, Enc} = ?match({ok, _}, 'OrberCSIv2':encode('AttributeTypeAndValue', ?AttributeTypeAndValue)), ?match({ok, #'AttributeTypeAndValue'{}}, 'OrberCSIv2':decode('AttributeTypeAndValue', list_to_binary(Enc))), ok. code_Attribute_api(doc) -> ["Code Attribute"]; code_Attribute_api(suite) -> []; code_Attribute_api(_Config) -> {ok, Enc} = ?match({ok, _}, 'OrberCSIv2':encode('Attribute', ?Attribute)), ?match({ok, #'Attribute'{}}, 'OrberCSIv2':decode('Attribute', list_to_binary(Enc))), ok. code_Validity_api(doc) -> ["Code Validity"]; code_Validity_api(suite) -> []; code_Validity_api(_Config) -> {ok, Enc} = ?match({ok, _}, 'OrberCSIv2':encode('Validity', ?Validity)), ?match({ok, #'Validity'{}}, 'OrberCSIv2':decode('Validity', list_to_binary(Enc))), ok. code_SubjectPublicKeyInfo_api(doc) -> ["Code SubjectPublicKeyInfo"]; code_SubjectPublicKeyInfo_api(suite) -> []; code_SubjectPublicKeyInfo_api(_Config) -> {ok, Enc} = ?match({ok, _}, 'OrberCSIv2':encode('SubjectPublicKeyInfo', ?SubjectPublicKeyInfo)), ?match({ok, #'SubjectPublicKeyInfo'{}}, 'OrberCSIv2':decode('SubjectPublicKeyInfo', list_to_binary(Enc))), ok. code_UniqueIdentifier_api(doc) -> ["Code UniqueIdentifier"]; code_UniqueIdentifier_api(suite) -> []; code_UniqueIdentifier_api(_Config) -> {ok, Enc} = ?match({ok, _}, 'OrberCSIv2':encode('UniqueIdentifier', ?UniqueIdentifier)), ?match({ok, _}, 'OrberCSIv2':decode('UniqueIdentifier', list_to_binary(Enc))), ok. code_Extensions_api(doc) -> ["Code Extensions"]; code_Extensions_api(suite) -> []; code_Extensions_api(_Config) -> {ok, Enc} = ?match({ok, _}, 'OrberCSIv2':encode('Extensions', ?Extensions)), ?match({ok, [#'Extension'{}]}, 'OrberCSIv2':decode('Extensions', list_to_binary(Enc))), ok. code_Extension_api(doc) -> ["Code Extension"]; code_Extension_api(suite) -> []; code_Extension_api(_Config) -> {ok, Enc} = ?match({ok, _}, 'OrberCSIv2':encode('Extension', ?Extension)), ?match({ok, #'Extension'{}}, 'OrberCSIv2':decode('Extension', list_to_binary(Enc))), ok. %% OpenSSL generated x509 Certificate code_OpenSSL509_api(doc) -> ["Code OpenSSL generated x509 Certificate"]; code_OpenSSL509_api(suite) -> []; code_OpenSSL509_api(_Config) -> {ok, Cert} = ?match({ok, #'Certificate'{}}, 'OrberCSIv2':decode('Certificate', ?X509DER)), AttrCertChain = #'AttributeCertChain'{attributeCert = ?AttributeCertificate, certificateChain = [Cert]}, {ok, EAttrCertChain} = ?match({ok, _}, 'OrberCSIv2':encode('AttributeCertChain', AttrCertChain)), ?match({ok, #'AttributeCertChain'{}}, 'OrberCSIv2':decode('AttributeCertChain', list_to_binary(EAttrCertChain))), ok. -endif. %%----------------------------------------------------------------- %% Test ssl:peercert %%----------------------------------------------------------------- ssl_server_peercert_api(doc) -> ["Test ssl:peercert (server side)"]; ssl_server_peercert_api(suite) -> []; ssl_server_peercert_api(_Config) -> case os:type() of vxworks -> {skipped, "No SSL-support for VxWorks."}; _ -> Options = orber_test_lib:get_options(iiop_ssl, server, 2, [{iiop_ssl_port, 0}]), {ok, ServerNode, ServerHost} = ?match({ok,_,_}, orber_test_lib:js_node(Options)), ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_ssl_port, []), SSLOptions = orber_test_lib:get_options(ssl, client), {ok, Socket} = ?match({ok, _}, fake_client_ORB(ssl, ServerHost, ServerPort, SSLOptions)), {ok, _PeerCert} = ?match({ok, _}, orber_socket:peercert(ssl, Socket)), %% ?match({ok, {rdnSequence, _}}, orber_socket:peercert(ssl, Socket, [pkix, subject])), %% ?match({ok, {rdnSequence, _}}, orber_socket:peercert(ssl, Socket, [ssl, subject])), % ?match({ok, #'Certificate'{}}, % 'OrberCSIv2':decode('Certificate', PeerCert)), destroy_fake_ORB(ssl, Socket), ok end. ssl_client_peercert_api(doc) -> ["Test ssl:peercert (client side)"]; ssl_client_peercert_api(suite) -> []; ssl_client_peercert_api(_Config) -> case os:type() of vxworks -> {skipped, "No SSL-support for VxWorks."}; _ -> Options = orber_test_lib:get_options(iiop_ssl, client, 2, [{iiop_ssl_port, 0}]), {ok, ClientNode, _ClientHost} = ?match({ok,_,_}, orber_test_lib:js_node(Options)), crypto:start(), ssl:start(), SSLOptions = orber_test_lib:get_options(ssl, server), {ok, LSock} = ?match({ok, _}, ssl:listen(0, SSLOptions)), {ok, {_Address, LPort}} = ?match({ok, {_, _}}, ssl:sockname(LSock)), IOR = ?match({'IOP_IOR',_,_}, iop_ior:create_external({1, 2}, "IDL:FAKE:1.0", "localhost", 6004, "FAKE", [#'IOP_TaggedComponent' {tag=?TAG_SSL_SEC_TRANS, component_data=#'SSLIOP_SSL' {target_supports = 2, target_requires = 2, port = LPort}}])), spawn(orber_test_lib, remote_apply, [ClientNode, corba_object, non_existent, [IOR]]), {ok, Socket} = ?match({ok, _}, ssl:transport_accept(LSock)), ?match(ok, ssl:ssl_accept(Socket)), {ok, _PeerCert} = ?match({ok, _}, orber_socket:peercert(ssl, Socket)), %% ?match({ok, {rdnSequence, _}}, orber_socket:peercert(ssl, Socket, [pkix, subject])), %% ?match({ok, {rdnSequence, _}}, orber_socket:peercert(ssl, Socket, [ssl, subject])), % ?match({ok, #'Certificate'{}}, % 'OrberCSIv2':decode('Certificate', PeerCert)), ssl:close(Socket), ssl:close(LSock), ssl:stop(), ok end. %%----------------------------------------------------------------- %% Local functions. %%----------------------------------------------------------------- -ifdef(false). %% Not used yet. context_test(Obj) -> IDToken1 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTAbsent, value = true}, IDToken2 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTAnonymous, value = false}, IDToken3 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTPrincipalName, value = [0,255]}, IDToken4 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTX509CertChain, value = [1,255]}, IDToken5 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTDistinguishedName, value = [2,255]}, IDToken6 = #'CSI_IdentityToken'{label = ?ULONGMAX, value = [3,255]}, MTEstablishContext1 = #'CSI_SASContextBody' {label = ?CSI_MsgType_MTEstablishContext, value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX, authorization_token = [#'CSI_AuthorizationElement' {the_type = ?ULONGMAX, the_element = [0,255]}], identity_token = IDToken1, client_authentication_token = [1, 255]}}, MTEstablishContext2 = #'CSI_SASContextBody' {label = ?CSI_MsgType_MTEstablishContext, value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX, authorization_token = [#'CSI_AuthorizationElement' {the_type = ?ULONGMAX, the_element = [0,255]}], identity_token = IDToken2, client_authentication_token = [1, 255]}}, MTEstablishContext3 = #'CSI_SASContextBody' {label = ?CSI_MsgType_MTEstablishContext, value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX, authorization_token = [#'CSI_AuthorizationElement' {the_type = ?ULONGMAX, the_element = [0,255]}], identity_token = IDToken3, client_authentication_token = [1, 255]}}, MTEstablishContext4 = #'CSI_SASContextBody' {label = ?CSI_MsgType_MTEstablishContext, value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX, authorization_token = [#'CSI_AuthorizationElement' {the_type = ?ULONGMAX, the_element = [0,255]}], identity_token = IDToken4, client_authentication_token = [1, 255]}}, MTEstablishContext5 = #'CSI_SASContextBody' {label = ?CSI_MsgType_MTEstablishContext, value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX, authorization_token = [#'CSI_AuthorizationElement' {the_type = ?ULONGMAX, the_element = [0,255]}], identity_token = IDToken5, client_authentication_token = [1, 255]}}, MTEstablishContext6 = #'CSI_SASContextBody' {label = ?CSI_MsgType_MTEstablishContext, value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX, authorization_token = [#'CSI_AuthorizationElement' {the_type = ?ULONGMAX, the_element = [0,255]}], identity_token = IDToken6, client_authentication_token = [1, 255]}}, MTCompleteEstablishContext = #'CSI_SASContextBody' {label = ?CSI_MsgType_MTCompleteEstablishContext, value = #'CSI_CompleteEstablishContext'{client_context_id = ?ULONGLONGMAX, context_stateful = false, final_context_token = [1, 255]}}, MTContextError = #'CSI_SASContextBody' {label = ?CSI_MsgType_MTContextError, value = #'CSI_ContextError'{client_context_id = ?ULONGLONGMAX, major_status = 1, minor_status = 2, error_token = [2,255]}}, MTMessageInContext = #'CSI_SASContextBody' {label = ?CSI_MsgType_MTMessageInContext, value = #'CSI_MessageInContext'{client_context_id = ?ULONGLONGMAX, discard_context = true}}, Ctx = [#'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, context_data = MTEstablishContext1}, #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, context_data = MTEstablishContext2}, #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, context_data = MTEstablishContext3}, #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, context_data = MTEstablishContext4}, #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, context_data = MTEstablishContext5}, #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, context_data = MTEstablishContext6}, #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, context_data = MTCompleteEstablishContext}, #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, context_data = MTContextError}, #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, context_data = MTMessageInContext}], ?line ?match(ok, orber_test_server:testing_iiop_context(Obj, [{context, Ctx}])). fake_server_ORB(Type, Port, Options) -> start_ssl(Type), {ok, ListenSocket, NewPort} = orber_socket:listen(Type, Port, [{active, false}|Options]), Socket = orber_socket:accept(Type, ListenSocket), orber_socket:post_accept(Type, Socket), {ok, Socket, NewPort}. -endif. fake_server_ORB(Type, Port, Options, Action, Data) -> start_ssl(Type), {ok, ListenSocket, _NewPort} = orber_socket:listen(Type, Port, [{active, false}|Options]), Socket = orber_socket:accept(Type, ListenSocket), orber_socket:post_accept(Type, Socket), do_server_action(Type, Socket, Action, Data), orber_socket:close(Type, Socket), ok. start_ssl(ssl) -> crypto:start(), ssl:start(); start_ssl(_) -> ok. destroy_fake_ORB(ssl, Socket) -> orber_socket:close(ssl, Socket), ssl:stop(); destroy_fake_ORB(Type, Socket) -> orber_socket:close(Type, Socket). fake_client_ORB(Type, Host, Port, Options) -> start_ssl(Type), Socket = orber_socket:connect(Type, Host, Port, [{active, false}|Options]), {ok, Socket}. -ifdef(false). %% Not used yet. fake_client_ORB(Type, Host, Port, Options, Action, Data) -> start_ssl(Type), Socket = orber_socket:connect(Type, Host, Port, [{active, false}|Options]), Result = do_client_action(Type, Socket, Action, Data), orber_socket:close(Type, Socket), Result. do_client_action(Type, Socket, fragments, FragList) -> ok = send_data(Type, Socket, FragList), {ok, Bytes} = gen_tcp:recv(Socket, 0), {#reply_header{request_id = ?REQUEST_ID, reply_status = no_exception}, ok, [Par]} = cdr_decode:dec_message({tk_void,[tk_any],[tk_any]}, Bytes), Par; do_client_action(Type, Socket, fragments_max, FragList) -> ok = send_data(Type, Socket, FragList), {ok, Bytes} = gen_tcp:recv(Socket, 0), {#reply_header{request_id = ?REQUEST_ID, reply_status = system_exception}, Exc, []} = cdr_decode:dec_message({tk_void,[tk_any],[tk_any]}, Bytes), Exc; do_client_action(Type, Socket, message_error, Data) -> ok = send_data(Type, Socket, Data), {ok,Bytes} = gen_tcp:recv(Socket, 0), 'message_error' = cdr_decode:dec_message({tk_void,[tk_any],[tk_any]}, Bytes), ok; do_client_action(_Type, _Socket, _Action, _Data) -> ok. -endif. do_server_action(Type, Socket, fragments, FragList) -> {ok, _B} = gen_tcp:recv(Socket, 0), ok = send_data(Type, Socket, FragList); do_server_action(_Type, _Socket, _Action, _Data) -> ok. send_data(_Type, _Socket, []) -> ok; send_data(Type, Socket, [H|T]) -> orber_socket:write(Type, Socket, H), send_data(Type, Socket, T).