1: %% 2: %% %CopyrightBegin% 3: %% 4: %% Copyright Ericsson AB 2005-2013. All Rights Reserved. 5: %% 6: %% The contents of this file are subject to the Erlang Public License, 7: %% Version 1.1, (the "License"); you may not use this file except in 8: %% compliance with the License. You should have received a copy of the 9: %% Erlang Public License along with this software. If not, it can be 10: %% retrieved online at http://www.erlang.org/. 11: %% 12: %% Software distributed under the License is distributed on an "AS IS" 13: %% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See 14: %% the License for the specific language governing rights and limitations 15: %% under the License. 16: %% 17: %% %CopyrightEnd% 18: %% 19: %% 20: 21: -module(csiv2_SUITE). 22: 23: -include_lib("test_server/include/test_server.hrl"). 24: -include_lib("orber/include/corba.hrl"). 25: -include_lib("orber/COSS/CosNaming/CosNaming.hrl"). 26: -include_lib("orber/src/orber_iiop.hrl"). 27: -include_lib("orber/src/ifr_objects.hrl"). 28: -include("idl_output/orber_test_server.hrl"). 29: -include_lib("orber/COSS/CosNaming/CosNaming_NamingContextExt.hrl"). 30: -include_lib("orber/COSS/CosNaming/CosNaming_NamingContext.hrl"). 31: %%-include_lib("orber/src/OrberCSIv2.hrl"). 32: 33: -define(default_timeout, ?t:minutes(5)). 34: 35: -define(match(ExpectedRes,Expr), 36: fun() -> 37: AcTuAlReS = (catch (Expr)), 38: case AcTuAlReS of 39: ExpectedRes -> 40: io:format("------ CORRECT RESULT ------~n~p~n", 41: [AcTuAlReS]), 42: AcTuAlReS; 43: _ -> 44: io:format("###### ERROR ERROR ######~nRESULT: ~p~n", 45: [AcTuAlReS]), 46: ?line exit(AcTuAlReS) 47: end 48: end()). 49: 50: -define(REQUEST_ID, 0). 51: 52: -define(REPLY_FRAG_1, <<71,73,79,80,1,2,2,1,0,0,0,41,0,0,0,?REQUEST_ID,0,0,0,0,0,0,0,1,78,69,79,0,0,0,0,2,0,10,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0,0,0,4,49>>). 53: %% The fragments are identical for requests and replies. 54: -define(FRAG_2, <<71,73,79,80,1,2,2,7,0,0,0,5,0,0,0,?REQUEST_ID,50>>). 55: -define(FRAG_3, <<71,73,79,80,1,2,2,7,0,0,0,5,0,0,0,?REQUEST_ID,51>>). 56: -define(FRAG_4, <<71,73,79,80,1,2,0,7,0,0,0,5,0,0,0,?REQUEST_ID,0>>). 57: 58: %% Should X509 DER generated by, for example, OpenSSL 59: -define(X509DER, 60: <<42>>). 61: 62: %% Should X509 PEM generated by, for example, OpenSSL 63: -define(X509PEM, 64: <<42>>). 65: 66: %% IOR exported by VB (CSIv2 activated). 67: -define(VB_IOR, 68: #'IOP_IOR' 69: {type_id = "IDL:omg.org/CosNotifyComm/SequencePushConsumer:1.0", 70: profiles = 71: [#'IOP_TaggedProfile' 72: {tag = ?TAG_INTERNET_IOP, 73: profile_data = 74: #'IIOP_ProfileBody_1_1'{ 75: iiop_version = #'IIOP_Version'{major = 1, 76: minor = 2}, 77: host = "127.0.0.1", 78: port = 0, 79: object_key = [0,86,66,1,0,0,0,24,47,70,77,65,95,67,73,82,80,77,65,78,95,80,79,65,95,83,69,67,85,82,69,0,0,0,0,4,0,0,4,186,0,0,2,10,81,218,65,185], 80: components = 81: [#'IOP_TaggedComponent'{tag = ?TAG_SSL_SEC_TRANS, 82: component_data = #'SSLIOP_SSL'{ 83: target_supports = 102, 84: target_requires = 66, 85: port = 49934}}, 86: #'IOP_TaggedComponent'{tag = ?TAG_CSI_SEC_MECH_LIST, 87: component_data = 88: #'CSIIOP_CompoundSecMechList'{stateful = true, 89: mechanism_list = 90: [#'CSIIOP_CompoundSecMech' 91: {target_requires = 66, 92: transport_mech = #'IOP_TaggedComponent'{ 93: tag = ?TAG_TLS_SEC_TRANS, 94: component_data = 95: #'CSIIOP_TLS_SEC_TRANS'{ 96: target_supports = 102, 97: target_requires = 66, 98: addresses = 99: [#'CSIIOP_TransportAddress' 100: {host_name = "127.0.0.1", 101: port = 49934}]}}, 102: as_context_mech = 103: #'CSIIOP_AS_ContextSec'{ 104: target_supports = 0, 105: target_requires = 0, 106: client_authentication_mech = [], 107: target_name = []}, 108: sas_context_mech = 109: #'CSIIOP_SAS_ContextSec'{ 110: target_supports = 1024, 111: target_requires = 0, 112: privilege_authorities = 113: [#'CSIIOP_ServiceConfiguration' 114: {syntax = 1447174401, 115: name = "Borland"}], 116: supported_naming_mechanisms = [[6, 117: 6, 118: 103, 119: 129, 120: 2, 121: 1, 122: 1, 123: 1]], 124: supported_identity_types = 15}}]}}, 125: #'IOP_TaggedComponent' 126: {tag = ?TAG_CODE_SETS, 127: component_data = 128: #'CONV_FRAME_CodeSetComponentInfo'{'ForCharData' = 129: #'CONV_FRAME_CodeSetComponent'{ 130: native_code_set = 65537, 131: conversion_code_sets = [83951617]}, 132: 'ForWcharData' = 133: #'CONV_FRAME_CodeSetComponent'{ 134: native_code_set = 65801, 135: conversion_code_sets = []}}}, 136: #'IOP_TaggedComponent'{tag = ?TAG_ORB_TYPE, 137: component_data = 1447645952}, 138: #'IOP_TaggedComponent'{tag = 1447645955, 139: component_data = [0,5,7,1,127]}]}}]}). 140: 141: %% Common basic types 142: -define(OID, {2,23,130,1,1,1}). 143: 144: -define(OCTET_STR, [1,2,3,4]). 145: 146: -define(BIT_STR, [0,1,0,1,1]). 147: 148: -define(BOOLEAN, false). 149: 150: -define(ANY, [19,5,111,116,112,67,65]). 151: 152: -ifdef(false). 153: %% PKIX1Explicit88 154: -define(AlgorithmIdentifier, 155: #'AlgorithmIdentifier'{algorithm = ?OID, 156: parameters = ?ANY}). 157: 158: -define(Validity, #'Validity'{notBefore = {utcTime, "19820102070533.8"}, 159: notAfter = {generalTime, "19820102070533.8"}}). 160: 161: -define(SubjectPublicKeyInfo, 162: #'SubjectPublicKeyInfo'{algorithm = ?AlgorithmIdentifier, 163: subjectPublicKey = ?BIT_STR}). 164: 165: -define(AttributeTypeAndValue, 166: #'AttributeTypeAndValue'{type = ?OID, 167: value = <<19,11,69,114,105,99,115,115,111,110,32,65,66>>}). 168: 169: -define(RelativeDistinguishedName, [?AttributeTypeAndValue]). 170: 171: -define(RDNSequence, [?RelativeDistinguishedName]). 172: 173: -define(Name, {rdnSequence, ?RDNSequence}). 174: 175: -define(Version, v3). 176: 177: -define(CertificateSerialNumber, 1). 178: 179: -define(UniqueIdentifier, ?BIT_STR). 180: 181: -define(Extension, #'Extension'{extnID = ?OID, 182: critical = ?BOOLEAN, 183: extnValue = ?OCTET_STR}). 184: 185: -define(Extensions, [?Extension]). 186: 187: -define(TBSCertificate, 188: #'TBSCertificate'{version = ?Version, 189: serialNumber = ?CertificateSerialNumber, 190: signature = ?AlgorithmIdentifier, 191: issuer = ?Name, 192: validity = ?Validity, 193: subject = ?Name, 194: subjectPublicKeyInfo = ?SubjectPublicKeyInfo, 195: issuerUniqueID = ?UniqueIdentifier, 196: subjectUniqueID = ?UniqueIdentifier, 197: extensions = ?Extensions}). 198: 199: -define(Certificate, #'Certificate'{tbsCertificate = ?TBSCertificate, 200: signatureAlgorithm = ?AlgorithmIdentifier, 201: signature = ?BIT_STR}). 202: 203: %% PKIX1Implicit88 204: 205: -define(GeneralName, {registeredID, ?OID}). 206: 207: -define(GeneralNames, [?GeneralName]). 208: 209: %% PKIXAttributeCertificate 210: -define(AttCertValidityPeriod, 211: #'AttCertValidityPeriod'{notBeforeTime = "19820102070533.8", 212: notAfterTime = "19820102070533.8"}). 213: 214: 215: -define(Attribute, #'Attribute'{type = ?OID, 216: values = []}). 217: 218: -define(Attributes, [?Attribute]). 219: 220: -define(IssuerSerial, #'IssuerSerial'{issuer = ?GeneralNames, 221: serial = ?CertificateSerialNumber, 222: issuerUID = ?UniqueIdentifier}). 223: 224: -define(DigestedObjectType, publicKey). %% Enum 225: 226: -define(ObjectDigestInfo, 227: #'ObjectDigestInfo'{digestedObjectType = ?DigestedObjectType, 228: otherObjectTypeID = ?OID, 229: digestAlgorithm = ?AlgorithmIdentifier, 230: objectDigest = ?BIT_STR}). 231: 232: -define(V2Form, #'V2Form'{issuerName = ?GeneralNames, 233: baseCertificateID = ?IssuerSerial, 234: objectDigestInfo = ?ObjectDigestInfo}). 235: 236: -define(AttCertVersion, v2). 237: 238: -define(Holder, #'Holder'{baseCertificateID = ?IssuerSerial, 239: entityName = ?GeneralNames, 240: objectDigestInfo = ?ObjectDigestInfo}). 241: 242: -define(AttCertIssuer, {v2Form, ?V2Form}). 243: 244: -define(AttributeCertificateInfo, 245: #'AttributeCertificateInfo'{version = ?AttCertVersion, 246: holder = ?Holder, 247: issuer = ?AttCertIssuer, 248: signature = ?AlgorithmIdentifier, 249: serialNumber = ?CertificateSerialNumber, 250: attrCertValidityPeriod = ?AttCertValidityPeriod, 251: attributes = ?Attributes, 252: issuerUniqueID = ?UniqueIdentifier, 253: extensions = ?Extensions}). 254: 255: -define(AttributeCertificate, 256: #'AttributeCertificate'{acinfo = ?AttributeCertificateInfo, 257: signatureAlgorithm = ?AlgorithmIdentifier, 258: signatureValue = ?BIT_STR}). 259: 260: 261: %% OrberCSIv2 262: -define(AttributeCertChain, 263: #'AttributeCertChain'{attributeCert = ?AttributeCertificate, 264: certificateChain = ?CertificateChain}). 265: 266: -define(CertificateChain, [?Certificate]). 267: 268: -define(VerifyingCertChain, [?Certificate]). 269: 270: -endif. 271: 272: %%----------------------------------------------------------------- 273: %% External exports 274: %%----------------------------------------------------------------- 275: -export([all/0, suite/0,groups/0,init_per_group/2,end_per_group/2, cases/0, 276: init_per_suite/1, end_per_suite/1, 277: init_per_testcase/2, end_per_testcase/2, 278: % code_CertificateChain_api/1, 279: % code_AttributeCertChain_api/1, 280: % code_VerifyingCertChain_api/1, 281: % code_AttributeCertificate_api/1, 282: % code_Certificate_api/1, 283: % code_TBSCertificate_api/1, 284: % code_CertificateSerialNumber_api/1, 285: % code_Version_api/1, 286: % code_AlgorithmIdentifier_api/1, 287: % code_Name_api/1, 288: % code_RDNSequence_api/1, 289: % code_RelativeDistinguishedName_api/1, 290: % code_AttributeTypeAndValue_api/1, 291: % code_Attribute_api/1, 292: % code_Validity_api/1, 293: % code_SubjectPublicKeyInfo_api/1, 294: % code_UniqueIdentifier_api/1, 295: % code_Extensions_api/1, 296: % code_Extension_api/1, 297: % code_AttributeCertificateInfo_api/1, 298: % code_AttCertVersion_api/1, 299: % code_Holder_api/1, 300: % code_AttCertIssuer_api/1, 301: % code_AttCertValidityPeriod_api/1, 302: % code_V2Form_api/1, 303: % code_IssuerSerial_api/1, 304: % code_ObjectDigestInfo_api/1, 305: % code_OpenSSL509_api/1, 306: ssl_server_peercert_api/1, 307: ssl_client_peercert_api/1]). 308: 309: 310: %%----------------------------------------------------------------- 311: %% Internal exports 312: %%----------------------------------------------------------------- 313: -export([fake_server_ORB/5]). 314: 315: %%----------------------------------------------------------------- 316: %% Func: all/1 317: %% Args: 318: %% Returns: 319: %%----------------------------------------------------------------- 320: suite() -> [{ct_hooks,[ts_install_cth]}]. 321: 322: all() -> 323: cases(). 324: 325: groups() -> 326: []. 327: 328: init_per_group(_GroupName, Config) -> 329: Config. 330: 331: end_per_group(_GroupName, Config) -> 332: Config. 333: 334: 335: %% NOTE - the fragment test cases must bu first since we explicitly set a request 336: %% id. Otherwise, the request-id counter would be increased and we cannot know 337: %% what it is. 338: cases() -> 339: [ssl_server_peercert_api, ssl_client_peercert_api]. 340: 341: %%----------------------------------------------------------------- 342: %% Init and cleanup functions. 343: %%----------------------------------------------------------------- 344: 345: init_per_testcase(_Case, Config) -> 346: Path = code:which(?MODULE), 347: code:add_pathz(filename:join(filename:dirname(Path), "idl_output")), 348: Dog=test_server:timetrap(?default_timeout), 349: orber:jump_start(0), 350: oe_orber_test_server:oe_register(), 351: [{watchdog, Dog}|Config]. 352: 353: 354: end_per_testcase(_Case, Config) -> 355: oe_orber_test_server:oe_unregister(), 356: orber:jump_stop(), 357: Path = code:which(?MODULE), 358: code:del_path(filename:join(filename:dirname(Path), "idl_output")), 359: Dog = ?config(watchdog, Config), 360: test_server:timetrap_cancel(Dog), 361: ok. 362: 363: init_per_suite(Config) -> 364: try crypto:start() of 365: ok -> 366: case orber_test_lib:ssl_version() of 367: no_ssl -> 368: {skip, "SSL is not installed!"}; 369: _ -> 370: Config 371: end 372: catch _:_ -> 373: {skip, "Crypto did not start"} 374: end. 375: 376: end_per_suite(Config) -> 377: application:stop(crypto), 378: Config. 379: 380: %%----------------------------------------------------------------- 381: %% API tests for ORB to ORB, no security 382: %%----------------------------------------------------------------- 383: 384: 385: %%----------------------------------------------------------------- 386: %% Encode and decode ASN.1 X509 387: %%----------------------------------------------------------------- 388: 389: -ifdef(false). 390: %% OrberCSIv2 391: code_CertificateChain_api(doc) -> ["Code CertificateChain"]; 392: code_CertificateChain_api(suite) -> []; 393: code_CertificateChain_api(_Config) -> 394: {ok, Enc} = 395: ?match({ok, _}, 396: 'OrberCSIv2':encode('CertificateChain', ?CertificateChain)), 397: ?match({ok, [#'Certificate'{}]}, 398: 'OrberCSIv2':decode('CertificateChain', list_to_binary(Enc))), 399: ok. 400: 401: code_AttributeCertChain_api(doc) -> ["Code AttributeCertChain"]; 402: code_AttributeCertChain_api(suite) -> []; 403: code_AttributeCertChain_api(_Config) -> 404: {ok, Enc} = 405: ?match({ok, _}, 406: 'OrberCSIv2':encode('AttributeCertChain', ?AttributeCertChain)), 407: ?match({ok, #'AttributeCertChain'{}}, 408: 'OrberCSIv2':decode('AttributeCertChain', list_to_binary(Enc))), 409: ok. 410: 411: code_VerifyingCertChain_api(doc) -> ["Code VerifyingCertChain"]; 412: code_VerifyingCertChain_api(suite) -> []; 413: code_VerifyingCertChain_api(_Config) -> 414: {ok, Enc} = 415: ?match({ok, _}, 416: 'OrberCSIv2':encode('VerifyingCertChain', ?VerifyingCertChain)), 417: ?match({ok, [#'Certificate'{}]}, 418: 'OrberCSIv2':decode('VerifyingCertChain', list_to_binary(Enc))), 419: ok. 420: 421: %% PKIXAttributeCertificate 422: code_AttributeCertificate_api(doc) -> ["Code AttributeCertificate"]; 423: code_AttributeCertificate_api(suite) -> []; 424: code_AttributeCertificate_api(_Config) -> 425: {ok, Enc} = 426: ?match({ok, _}, 427: 'OrberCSIv2':encode('AttributeCertificate', ?AttributeCertificate)), 428: ?match({ok, #'AttributeCertificate'{}}, 429: 'OrberCSIv2':decode('AttributeCertificate', list_to_binary(Enc))), 430: ok. 431: 432: code_AttributeCertificateInfo_api(doc) -> ["Code AttributeCertificateInfo"]; 433: code_AttributeCertificateInfo_api(suite) -> []; 434: code_AttributeCertificateInfo_api(_Config) -> 435: {ok, Enc} = 436: ?match({ok, _}, 437: 'OrberCSIv2':encode('AttributeCertificateInfo', ?AttributeCertificateInfo)), 438: ?match({ok, #'AttributeCertificateInfo'{}}, 439: 'OrberCSIv2':decode('AttributeCertificateInfo', list_to_binary(Enc))), 440: ok. 441: 442: code_AttCertVersion_api(doc) -> ["Code AttCertVersion"]; 443: code_AttCertVersion_api(suite) -> []; 444: code_AttCertVersion_api(_Config) -> 445: {ok, Enc} = 446: ?match({ok, _}, 447: 'OrberCSIv2':encode('AttCertVersion', ?AttCertVersion)), 448: ?match({ok, ?AttCertVersion}, 449: 'OrberCSIv2':decode('AttCertVersion', list_to_binary(Enc))), 450: ok. 451: 452: code_Holder_api(doc) -> ["Code Holder"]; 453: code_Holder_api(suite) -> []; 454: code_Holder_api(_Config) -> 455: {ok, Enc} = 456: ?match({ok, _}, 457: 'OrberCSIv2':encode('Holder', ?Holder)), 458: ?match({ok, #'Holder'{}}, 459: 'OrberCSIv2':decode('Holder', list_to_binary(Enc))), 460: ok. 461: 462: code_AttCertIssuer_api(doc) -> ["Code AttCertIssuer"]; 463: code_AttCertIssuer_api(suite) -> []; 464: code_AttCertIssuer_api(_Config) -> 465: {ok, Enc} = 466: ?match({ok, _}, 467: 'OrberCSIv2':encode('AttCertIssuer', ?AttCertIssuer)), 468: ?match({ok, {v2Form, _}}, 469: 'OrberCSIv2':decode('AttCertIssuer', list_to_binary(Enc))), 470: ok. 471: 472: code_AttCertValidityPeriod_api(doc) -> ["Code AttCertValidityPeriod"]; 473: code_AttCertValidityPeriod_api(suite) -> []; 474: code_AttCertValidityPeriod_api(_Config) -> 475: {ok, Enc} = 476: ?match({ok, _}, 'OrberCSIv2':encode('AttCertValidityPeriod', ?AttCertValidityPeriod)), 477: ?match({ok, #'AttCertValidityPeriod'{}}, 478: 'OrberCSIv2':decode('AttCertValidityPeriod', list_to_binary(Enc))), 479: ok. 480: 481: code_V2Form_api(doc) -> ["Code V2Form"]; 482: code_V2Form_api(suite) -> []; 483: code_V2Form_api(_Config) -> 484: {ok, Enc} = 485: ?match({ok, _}, 486: 'OrberCSIv2':encode('V2Form', ?V2Form)), 487: ?match({ok, #'V2Form'{}}, 488: 'OrberCSIv2':decode('V2Form', list_to_binary(Enc))), 489: ok. 490: 491: code_IssuerSerial_api(doc) -> ["Code IssuerSerial"]; 492: code_IssuerSerial_api(suite) -> []; 493: code_IssuerSerial_api(_Config) -> 494: {ok, Enc} = 495: ?match({ok, _}, 496: 'OrberCSIv2':encode('IssuerSerial', ?IssuerSerial)), 497: ?match({ok, #'IssuerSerial'{}}, 498: 'OrberCSIv2':decode('IssuerSerial', list_to_binary(Enc))), 499: ok. 500: 501: code_ObjectDigestInfo_api(doc) -> ["Code ObjectDigestInfo"]; 502: code_ObjectDigestInfo_api(suite) -> []; 503: code_ObjectDigestInfo_api(_Config) -> 504: {ok, Enc} = 505: ?match({ok, _}, 506: 'OrberCSIv2':encode('ObjectDigestInfo', ?ObjectDigestInfo)), 507: ?match({ok, #'ObjectDigestInfo'{}}, 508: 'OrberCSIv2':decode('ObjectDigestInfo', list_to_binary(Enc))), 509: ok. 510: 511: %% PKIX1Explicit88 512: code_Certificate_api(doc) -> ["Code Certificate"]; 513: code_Certificate_api(suite) -> []; 514: code_Certificate_api(_Config) -> 515: {ok, Enc} = 516: ?match({ok, _}, 517: 'OrberCSIv2':encode('Certificate', ?Certificate)), 518: ?match({ok, #'Certificate'{}}, 519: 'OrberCSIv2':decode('Certificate', list_to_binary(Enc))), 520: ok. 521: 522: code_TBSCertificate_api(doc) -> ["Code TBSCertificate"]; 523: code_TBSCertificate_api(suite) -> []; 524: code_TBSCertificate_api(_Config) -> 525: {ok, Enc} = 526: ?match({ok, _}, 527: 'OrberCSIv2':encode('TBSCertificate', ?TBSCertificate)), 528: ?match({ok, #'TBSCertificate'{}}, 529: 'OrberCSIv2':decode('TBSCertificate', list_to_binary(Enc))), 530: ok. 531: 532: code_CertificateSerialNumber_api(doc) -> ["Code CertificateSerialNumber"]; 533: code_CertificateSerialNumber_api(suite) -> []; 534: code_CertificateSerialNumber_api(_Config) -> 535: {ok, Enc} = 536: ?match({ok, _}, 537: 'OrberCSIv2':encode('CertificateSerialNumber', ?CertificateSerialNumber)), 538: ?match({ok, ?CertificateSerialNumber}, 539: 'OrberCSIv2':decode('CertificateSerialNumber', list_to_binary(Enc))), 540: ok. 541: 542: code_Version_api(doc) -> ["Code Version"]; 543: code_Version_api(suite) -> []; 544: code_Version_api(_Config) -> 545: {ok, Enc} = 546: ?match({ok, _}, 'OrberCSIv2':encode('Version', ?Version)), 547: ?match({ok, ?Version}, 'OrberCSIv2':decode('Version', list_to_binary(Enc))), 548: ok. 549: 550: code_AlgorithmIdentifier_api(doc) -> ["Code AlgorithmIdentifier"]; 551: code_AlgorithmIdentifier_api(suite) -> []; 552: code_AlgorithmIdentifier_api(_Config) -> 553: {ok, Enc} = 554: ?match({ok, _}, 'OrberCSIv2':encode('AlgorithmIdentifier', ?AlgorithmIdentifier)), 555: ?match({ok, #'AlgorithmIdentifier'{}}, 556: 'OrberCSIv2':decode('AlgorithmIdentifier', list_to_binary(Enc))), 557: ok. 558: 559: code_Name_api(doc) -> ["Code Name"]; 560: code_Name_api(suite) -> []; 561: code_Name_api(_Config) -> 562: {ok, Enc} = 563: ?match({ok, _}, 'OrberCSIv2':encode('Name', ?Name)), 564: ?match({ok, {rdnSequence,_}}, 565: 'OrberCSIv2':decode('Name', list_to_binary(Enc))), 566: ok. 567: 568: code_RDNSequence_api(doc) -> ["Code RDNSequence"]; 569: code_RDNSequence_api(suite) -> []; 570: code_RDNSequence_api(_Config) -> 571: {ok, Enc} = 572: ?match({ok, _}, 'OrberCSIv2':encode('RDNSequence', ?RDNSequence)), 573: ?match({ok, [[#'AttributeTypeAndValue'{}]]}, 574: 'OrberCSIv2':decode('RDNSequence', list_to_binary(Enc))), 575: ok. 576: 577: code_RelativeDistinguishedName_api(doc) -> ["Code RelativeDistinguishedName"]; 578: code_RelativeDistinguishedName_api(suite) -> []; 579: code_RelativeDistinguishedName_api(_Config) -> 580: {ok, Enc} = 581: ?match({ok, _}, 'OrberCSIv2':encode('RelativeDistinguishedName', ?RelativeDistinguishedName)), 582: ?match({ok, [#'AttributeTypeAndValue'{}]}, 583: 'OrberCSIv2':decode('RelativeDistinguishedName', list_to_binary(Enc))), 584: ok. 585: 586: code_AttributeTypeAndValue_api(doc) -> ["Code AttributeTypeAndValue"]; 587: code_AttributeTypeAndValue_api(suite) -> []; 588: code_AttributeTypeAndValue_api(_Config) -> 589: {ok, Enc} = 590: ?match({ok, _}, 'OrberCSIv2':encode('AttributeTypeAndValue', ?AttributeTypeAndValue)), 591: ?match({ok, #'AttributeTypeAndValue'{}}, 592: 'OrberCSIv2':decode('AttributeTypeAndValue', list_to_binary(Enc))), 593: ok. 594: 595: code_Attribute_api(doc) -> ["Code Attribute"]; 596: code_Attribute_api(suite) -> []; 597: code_Attribute_api(_Config) -> 598: {ok, Enc} = 599: ?match({ok, _}, 'OrberCSIv2':encode('Attribute', ?Attribute)), 600: ?match({ok, #'Attribute'{}}, 601: 'OrberCSIv2':decode('Attribute', list_to_binary(Enc))), 602: ok. 603: 604: code_Validity_api(doc) -> ["Code Validity"]; 605: code_Validity_api(suite) -> []; 606: code_Validity_api(_Config) -> 607: {ok, Enc} = 608: ?match({ok, _}, 'OrberCSIv2':encode('Validity', ?Validity)), 609: ?match({ok, #'Validity'{}}, 610: 'OrberCSIv2':decode('Validity', list_to_binary(Enc))), 611: ok. 612: 613: code_SubjectPublicKeyInfo_api(doc) -> ["Code SubjectPublicKeyInfo"]; 614: code_SubjectPublicKeyInfo_api(suite) -> []; 615: code_SubjectPublicKeyInfo_api(_Config) -> 616: {ok, Enc} = 617: ?match({ok, _}, 'OrberCSIv2':encode('SubjectPublicKeyInfo', ?SubjectPublicKeyInfo)), 618: ?match({ok, #'SubjectPublicKeyInfo'{}}, 619: 'OrberCSIv2':decode('SubjectPublicKeyInfo', list_to_binary(Enc))), 620: ok. 621: 622: code_UniqueIdentifier_api(doc) -> ["Code UniqueIdentifier"]; 623: code_UniqueIdentifier_api(suite) -> []; 624: code_UniqueIdentifier_api(_Config) -> 625: {ok, Enc} = 626: ?match({ok, _}, 'OrberCSIv2':encode('UniqueIdentifier', ?UniqueIdentifier)), 627: ?match({ok, _}, 'OrberCSIv2':decode('UniqueIdentifier', list_to_binary(Enc))), 628: ok. 629: 630: code_Extensions_api(doc) -> ["Code Extensions"]; 631: code_Extensions_api(suite) -> []; 632: code_Extensions_api(_Config) -> 633: {ok, Enc} = 634: ?match({ok, _}, 'OrberCSIv2':encode('Extensions', ?Extensions)), 635: ?match({ok, [#'Extension'{}]}, 636: 'OrberCSIv2':decode('Extensions', list_to_binary(Enc))), 637: ok. 638: 639: code_Extension_api(doc) -> ["Code Extension"]; 640: code_Extension_api(suite) -> []; 641: code_Extension_api(_Config) -> 642: {ok, Enc} = 643: ?match({ok, _}, 'OrberCSIv2':encode('Extension', ?Extension)), 644: ?match({ok, #'Extension'{}}, 645: 'OrberCSIv2':decode('Extension', list_to_binary(Enc))), 646: ok. 647: 648: %% OpenSSL generated x509 Certificate 649: code_OpenSSL509_api(doc) -> ["Code OpenSSL generated x509 Certificate"]; 650: code_OpenSSL509_api(suite) -> []; 651: code_OpenSSL509_api(_Config) -> 652: {ok, Cert} = 653: ?match({ok, #'Certificate'{}}, 654: 'OrberCSIv2':decode('Certificate', ?X509DER)), 655: AttrCertChain = #'AttributeCertChain'{attributeCert = ?AttributeCertificate, 656: certificateChain = [Cert]}, 657: {ok, EAttrCertChain} = 658: ?match({ok, _}, 'OrberCSIv2':encode('AttributeCertChain', AttrCertChain)), 659: ?match({ok, #'AttributeCertChain'{}}, 660: 'OrberCSIv2':decode('AttributeCertChain', list_to_binary(EAttrCertChain))), 661: ok. 662: 663: -endif. 664: 665: %%----------------------------------------------------------------- 666: %% Test ssl:peercert 667: %%----------------------------------------------------------------- 668: ssl_server_peercert_api(doc) -> ["Test ssl:peercert (server side)"]; 669: ssl_server_peercert_api(suite) -> []; 670: ssl_server_peercert_api(_Config) -> 671: Options = orber_test_lib:get_options(iiop_ssl, server, 672: 2, [{iiop_ssl_port, 0}]), 673: {ok, ServerNode, ServerHost} = 674: ?match({ok,_,_}, orber_test_lib:js_node(Options)), 675: ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_ssl_port, []), 676: SSLOptions = orber_test_lib:get_options(ssl, client), 677: {ok, Socket} = 678: ?match({ok, _}, fake_client_ORB(ssl, ServerHost, ServerPort, SSLOptions)), 679: {ok, _PeerCert} = ?match({ok, _}, orber_socket:peercert(ssl, Socket)), 680: %% ?match({ok, {rdnSequence, _}}, orber_socket:peercert(ssl, Socket, [pkix, subject])), 681: %% ?match({ok, {rdnSequence, _}}, orber_socket:peercert(ssl, Socket, [ssl, subject])), 682: % ?match({ok, #'Certificate'{}}, 683: % 'OrberCSIv2':decode('Certificate', PeerCert)), 684: destroy_fake_ORB(ssl, Socket), 685: ok. 686: 687: ssl_client_peercert_api(doc) -> ["Test ssl:peercert (client side)"]; 688: ssl_client_peercert_api(suite) -> []; 689: ssl_client_peercert_api(_Config) -> 690: Options = orber_test_lib:get_options(iiop_ssl, client, 691: 2, [{iiop_ssl_port, 0}]), 692: {ok, ClientNode, _ClientHost} = 693: ?match({ok,_,_}, orber_test_lib:js_node(Options)), 694: crypto:start(), 695: ssl:start(), 696: SSLOptions = orber_test_lib:get_options(ssl, server), 697: {ok, LSock} = ?match({ok, _}, ssl:listen(0, SSLOptions)), 698: {ok, {_Address, LPort}} = ?match({ok, {_, _}}, ssl:sockname(LSock)), 699: IOR = ?match({'IOP_IOR',_,_}, 700: iop_ior:create_external({1, 2}, "IDL:FAKE:1.0", 701: "localhost", 6004, "FAKE", 702: [#'IOP_TaggedComponent' 703: {tag=?TAG_SSL_SEC_TRANS, 704: component_data=#'SSLIOP_SSL' 705: {target_supports = 2, 706: target_requires = 2, 707: port = LPort}}])), 708: spawn(orber_test_lib, remote_apply, 709: [ClientNode, corba_object, non_existent, [IOR]]), 710: {ok, Socket} = ?match({ok, _}, ssl:transport_accept(LSock)), 711: ?match(ok, ssl:ssl_accept(Socket)), 712: 713: {ok, _PeerCert} = ?match({ok, _}, orber_socket:peercert(ssl, Socket)), 714: %% ?match({ok, {rdnSequence, _}}, orber_socket:peercert(ssl, Socket, [pkix, subject])), 715: %% ?match({ok, {rdnSequence, _}}, orber_socket:peercert(ssl, Socket, [ssl, subject])), 716: % ?match({ok, #'Certificate'{}}, 717: % 'OrberCSIv2':decode('Certificate', PeerCert)), 718: ssl:close(Socket), 719: ssl:close(LSock), 720: ssl:stop(), 721: ok. 722: 723: %%----------------------------------------------------------------- 724: %% Local functions. 725: %%----------------------------------------------------------------- 726: -ifdef(false). 727: %% Not used yet. 728: context_test(Obj) -> 729: IDToken1 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTAbsent, 730: value = true}, 731: IDToken2 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTAnonymous, 732: value = false}, 733: IDToken3 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTPrincipalName, 734: value = [0,255]}, 735: IDToken4 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTX509CertChain, 736: value = [1,255]}, 737: IDToken5 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTDistinguishedName, 738: value = [2,255]}, 739: IDToken6 = #'CSI_IdentityToken'{label = ?ULONGMAX, 740: value = [3,255]}, 741: 742: MTEstablishContext1 = #'CSI_SASContextBody' 743: {label = ?CSI_MsgType_MTEstablishContext, 744: value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX, 745: authorization_token = 746: [#'CSI_AuthorizationElement' 747: {the_type = ?ULONGMAX, 748: the_element = [0,255]}], 749: identity_token = IDToken1, 750: client_authentication_token = [1, 255]}}, 751: MTEstablishContext2 = #'CSI_SASContextBody' 752: {label = ?CSI_MsgType_MTEstablishContext, 753: value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX, 754: authorization_token = 755: [#'CSI_AuthorizationElement' 756: {the_type = ?ULONGMAX, 757: the_element = [0,255]}], 758: identity_token = IDToken2, 759: client_authentication_token = [1, 255]}}, 760: MTEstablishContext3 = #'CSI_SASContextBody' 761: {label = ?CSI_MsgType_MTEstablishContext, 762: value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX, 763: authorization_token = 764: [#'CSI_AuthorizationElement' 765: {the_type = ?ULONGMAX, 766: the_element = [0,255]}], 767: identity_token = IDToken3, 768: client_authentication_token = [1, 255]}}, 769: MTEstablishContext4 = #'CSI_SASContextBody' 770: {label = ?CSI_MsgType_MTEstablishContext, 771: value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX, 772: authorization_token = 773: [#'CSI_AuthorizationElement' 774: {the_type = ?ULONGMAX, 775: the_element = [0,255]}], 776: identity_token = IDToken4, 777: client_authentication_token = [1, 255]}}, 778: MTEstablishContext5 = #'CSI_SASContextBody' 779: {label = ?CSI_MsgType_MTEstablishContext, 780: value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX, 781: authorization_token = 782: [#'CSI_AuthorizationElement' 783: {the_type = ?ULONGMAX, 784: the_element = [0,255]}], 785: identity_token = IDToken5, 786: client_authentication_token = [1, 255]}}, 787: MTEstablishContext6 = #'CSI_SASContextBody' 788: {label = ?CSI_MsgType_MTEstablishContext, 789: value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX, 790: authorization_token = 791: [#'CSI_AuthorizationElement' 792: {the_type = ?ULONGMAX, 793: the_element = [0,255]}], 794: identity_token = IDToken6, 795: client_authentication_token = [1, 255]}}, 796: MTCompleteEstablishContext = #'CSI_SASContextBody' 797: {label = ?CSI_MsgType_MTCompleteEstablishContext, 798: value = #'CSI_CompleteEstablishContext'{client_context_id = ?ULONGLONGMAX, 799: context_stateful = false, 800: final_context_token = [1, 255]}}, 801: MTContextError = #'CSI_SASContextBody' 802: {label = ?CSI_MsgType_MTContextError, 803: value = #'CSI_ContextError'{client_context_id = ?ULONGLONGMAX, 804: major_status = 1, 805: minor_status = 2, 806: error_token = [2,255]}}, 807: MTMessageInContext = #'CSI_SASContextBody' 808: {label = ?CSI_MsgType_MTMessageInContext, 809: value = #'CSI_MessageInContext'{client_context_id = ?ULONGLONGMAX, 810: discard_context = true}}, 811: Ctx = [#'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, 812: context_data = MTEstablishContext1}, 813: #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, 814: context_data = MTEstablishContext2}, 815: #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, 816: context_data = MTEstablishContext3}, 817: #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, 818: context_data = MTEstablishContext4}, 819: #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, 820: context_data = MTEstablishContext5}, 821: #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, 822: context_data = MTEstablishContext6}, 823: #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, 824: context_data = MTCompleteEstablishContext}, 825: #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, 826: context_data = MTContextError}, 827: #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, 828: context_data = MTMessageInContext}], 829: ?line ?match(ok, orber_test_server:testing_iiop_context(Obj, [{context, Ctx}])). 830: 831: 832: fake_server_ORB(Type, Port, Options) -> 833: start_ssl(Type), 834: {ok, ListenSocket, NewPort} = 835: orber_socket:listen(Type, Port, 836: [{active, false}|Options]), 837: Socket = orber_socket:accept(Type, ListenSocket), 838: orber_socket:post_accept(Type, Socket), 839: {ok, Socket, NewPort}. 840: 841: -endif. 842: 843: fake_server_ORB(Type, Port, Options, Action, Data) -> 844: start_ssl(Type), 845: {ok, ListenSocket, _NewPort} = 846: orber_socket:listen(Type, Port, [{active, false}|Options]), 847: Socket = orber_socket:accept(Type, ListenSocket), 848: orber_socket:post_accept(Type, Socket), 849: do_server_action(Type, Socket, Action, Data), 850: orber_socket:close(Type, Socket), 851: ok. 852: 853: start_ssl(ssl) -> 854: crypto:start(), 855: ssl:start(); 856: start_ssl(_) -> 857: ok. 858: 859: 860: destroy_fake_ORB(ssl, Socket) -> 861: orber_socket:close(ssl, Socket), 862: ssl:stop(); 863: destroy_fake_ORB(Type, Socket) -> 864: orber_socket:close(Type, Socket). 865: 866: fake_client_ORB(Type, Host, Port, Options) -> 867: start_ssl(Type), 868: Socket = orber_socket:connect(Type, Host, Port, [{active, false}|Options]), 869: {ok, Socket}. 870: 871: -ifdef(false). 872: %% Not used yet. 873: 874: fake_client_ORB(Type, Host, Port, Options, Action, Data) -> 875: start_ssl(Type), 876: Socket = orber_socket:connect(Type, Host, Port, [{active, false}|Options]), 877: Result = do_client_action(Type, Socket, Action, Data), 878: orber_socket:close(Type, Socket), 879: Result. 880: 881: do_client_action(Type, Socket, fragments, FragList) -> 882: ok = send_data(Type, Socket, FragList), 883: {ok, Bytes} = gen_tcp:recv(Socket, 0), 884: {#reply_header{request_id = ?REQUEST_ID, reply_status = no_exception}, ok, [Par]} = 885: cdr_decode:dec_message({tk_void,[tk_any],[tk_any]}, Bytes), 886: Par; 887: do_client_action(Type, Socket, fragments_max, FragList) -> 888: ok = send_data(Type, Socket, FragList), 889: {ok, Bytes} = gen_tcp:recv(Socket, 0), 890: {#reply_header{request_id = ?REQUEST_ID, reply_status = system_exception}, Exc, []} = 891: cdr_decode:dec_message({tk_void,[tk_any],[tk_any]}, Bytes), 892: Exc; 893: do_client_action(Type, Socket, message_error, Data) -> 894: ok = send_data(Type, Socket, Data), 895: {ok,Bytes} = gen_tcp:recv(Socket, 0), 896: 'message_error' = cdr_decode:dec_message({tk_void,[tk_any],[tk_any]}, Bytes), 897: ok; 898: do_client_action(_Type, _Socket, _Action, _Data) -> 899: ok. 900: 901: -endif. 902: 903: do_server_action(Type, Socket, fragments, FragList) -> 904: {ok, _B} = gen_tcp:recv(Socket, 0), 905: ok = send_data(Type, Socket, FragList); 906: do_server_action(_Type, _Socket, _Action, _Data) -> 907: ok. 908: 909: 910: send_data(_Type, _Socket, []) -> 911: ok; 912: send_data(Type, Socket, [H|T]) -> 913: orber_socket:write(Type, Socket, H), 914: send_data(Type, Socket, T). 915: