1: %%
    2: %% %CopyrightBegin%
    3: %%
    4: %% Copyright Ericsson AB 2005-2013. All Rights Reserved.
    5: %%
    6: %% The contents of this file are subject to the Erlang Public License,
    7: %% Version 1.1, (the "License"); you may not use this file except in
    8: %% compliance with the License. You should have received a copy of the
    9: %% Erlang Public License along with this software. If not, it can be
   10: %% retrieved online at http://www.erlang.org/.
   11: %%
   12: %% Software distributed under the License is distributed on an "AS IS"
   13: %% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
   14: %% the License for the specific language governing rights and limitations
   15: %% under the License.
   16: %%
   17: %% %CopyrightEnd%
   18: %%
   19: %%
   20: 
   21: -module(csiv2_SUITE).
   22: 
   23: -include_lib("test_server/include/test_server.hrl").
   24: -include_lib("orber/include/corba.hrl").
   25: -include_lib("orber/COSS/CosNaming/CosNaming.hrl").
   26: -include_lib("orber/src/orber_iiop.hrl").
   27: -include_lib("orber/src/ifr_objects.hrl").
   28: -include("idl_output/orber_test_server.hrl").
   29: -include_lib("orber/COSS/CosNaming/CosNaming_NamingContextExt.hrl").
   30: -include_lib("orber/COSS/CosNaming/CosNaming_NamingContext.hrl").
   31: %%-include_lib("orber/src/OrberCSIv2.hrl").
   32: 
   33: -define(default_timeout, ?t:minutes(5)).
   34: 
   35: -define(match(ExpectedRes,Expr),
   36: 	fun() ->
   37: 	       AcTuAlReS = (catch (Expr)),
   38: 	       case AcTuAlReS of
   39: 		   ExpectedRes ->
   40: 		       io:format("------ CORRECT RESULT ------~n~p~n",
   41: 				 [AcTuAlReS]),
   42: 		       AcTuAlReS;
   43: 		   _ ->
   44: 		       io:format("###### ERROR ERROR ######~nRESULT:  ~p~n",
   45: 				 [AcTuAlReS]),
   46: 		       ?line exit(AcTuAlReS)
   47: 	       end
   48:        end()).
   49: 
   50: -define(REQUEST_ID, 0).
   51: 
   52: -define(REPLY_FRAG_1, <<71,73,79,80,1,2,2,1,0,0,0,41,0,0,0,?REQUEST_ID,0,0,0,0,0,0,0,1,78,69,79,0,0,0,0,2,0,10,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0,0,0,4,49>>).
   53: %% The fragments are identical for requests and replies.
   54: -define(FRAG_2, <<71,73,79,80,1,2,2,7,0,0,0,5,0,0,0,?REQUEST_ID,50>>).
   55: -define(FRAG_3, <<71,73,79,80,1,2,2,7,0,0,0,5,0,0,0,?REQUEST_ID,51>>).
   56: -define(FRAG_4, <<71,73,79,80,1,2,0,7,0,0,0,5,0,0,0,?REQUEST_ID,0>>).
   57: 
   58: %% Should X509 DER generated by, for example, OpenSSL
   59: -define(X509DER,
   60: 	<<42>>).
   61: 
   62: %% Should X509 PEM generated by, for example, OpenSSL
   63: -define(X509PEM,
   64: 	<<42>>).
   65: 
   66: %% IOR exported by VB (CSIv2 activated).
   67: -define(VB_IOR,
   68: 	#'IOP_IOR'
   69: 	{type_id = "IDL:omg.org/CosNotifyComm/SequencePushConsumer:1.0",
   70: 	 profiles =
   71: 	 [#'IOP_TaggedProfile'
   72: 	  {tag = ?TAG_INTERNET_IOP,
   73: 	   profile_data =
   74: 	   #'IIOP_ProfileBody_1_1'{
   75: 	     iiop_version = #'IIOP_Version'{major = 1,
   76: 					    minor = 2},
   77: 	     host =  "127.0.0.1",
   78: 	     port = 0,
   79: 	     object_key = [0,86,66,1,0,0,0,24,47,70,77,65,95,67,73,82,80,77,65,78,95,80,79,65,95,83,69,67,85,82,69,0,0,0,0,4,0,0,4,186,0,0,2,10,81,218,65,185],
   80: 	     components =
   81: 	     [#'IOP_TaggedComponent'{tag = ?TAG_SSL_SEC_TRANS,
   82: 				     component_data = #'SSLIOP_SSL'{
   83: 				       target_supports = 102,
   84: 				       target_requires = 66,
   85: 				       port = 49934}},
   86: 	      #'IOP_TaggedComponent'{tag = ?TAG_CSI_SEC_MECH_LIST,
   87: 				     component_data =
   88: 	      #'CSIIOP_CompoundSecMechList'{stateful = true,
   89: 					    mechanism_list =
   90: 					    [#'CSIIOP_CompoundSecMech'
   91: 					     {target_requires = 66,
   92: 					      transport_mech = #'IOP_TaggedComponent'{
   93: 						tag = ?TAG_TLS_SEC_TRANS,
   94: 						component_data =
   95: 						#'CSIIOP_TLS_SEC_TRANS'{
   96: 						  target_supports = 102,
   97: 						  target_requires = 66,
   98: 						  addresses =
   99: 						  [#'CSIIOP_TransportAddress'
  100: 						   {host_name = "127.0.0.1",
  101: 						    port = 49934}]}},
  102: 					      as_context_mech =
  103: 					      #'CSIIOP_AS_ContextSec'{
  104: 						target_supports = 0,
  105: 						target_requires = 0,
  106: 						client_authentication_mech = [],
  107: 						target_name = []},
  108: 					      sas_context_mech =
  109: 					      #'CSIIOP_SAS_ContextSec'{
  110: 						target_supports = 1024,
  111: 						target_requires = 0,
  112: 						privilege_authorities =
  113: 						[#'CSIIOP_ServiceConfiguration'
  114: 						 {syntax = 1447174401,
  115: 						  name = "Borland"}],
  116: 						supported_naming_mechanisms = [[6,
  117: 										6,
  118: 										103,
  119: 										129,
  120: 										2,
  121: 										1,
  122: 										1,
  123: 										1]],
  124: 						supported_identity_types = 15}}]}},
  125: 	      #'IOP_TaggedComponent'
  126: 	      {tag = ?TAG_CODE_SETS,
  127: 	       component_data =
  128: 	       #'CONV_FRAME_CodeSetComponentInfo'{'ForCharData' =
  129: 						  #'CONV_FRAME_CodeSetComponent'{
  130: 						    native_code_set = 65537,
  131: 						    conversion_code_sets = [83951617]},
  132: 						  'ForWcharData' =
  133: 						  #'CONV_FRAME_CodeSetComponent'{
  134: 						   native_code_set = 65801,
  135: 						    conversion_code_sets = []}}},
  136: 	      #'IOP_TaggedComponent'{tag = ?TAG_ORB_TYPE,
  137: 				     component_data = 1447645952},
  138: 	      #'IOP_TaggedComponent'{tag = 1447645955,
  139: 				     component_data = [0,5,7,1,127]}]}}]}).
  140: 
  141: %% Common basic types
  142: -define(OID, {2,23,130,1,1,1}).
  143: 
  144: -define(OCTET_STR, [1,2,3,4]).
  145: 
  146: -define(BIT_STR, [0,1,0,1,1]).
  147: 
  148: -define(BOOLEAN, false).
  149: 
  150: -define(ANY, [19,5,111,116,112,67,65]).
  151: 
  152: -ifdef(false).
  153: %% PKIX1Explicit88
  154: -define(AlgorithmIdentifier,
  155: 	#'AlgorithmIdentifier'{algorithm = ?OID,
  156: 			       parameters = ?ANY}).
  157: 
  158: -define(Validity, #'Validity'{notBefore = {utcTime, "19820102070533.8"},
  159: 			      notAfter = {generalTime, "19820102070533.8"}}).
  160: 
  161: -define(SubjectPublicKeyInfo,
  162: 	#'SubjectPublicKeyInfo'{algorithm = ?AlgorithmIdentifier,
  163: 				subjectPublicKey = ?BIT_STR}).
  164: 
  165: -define(AttributeTypeAndValue,
  166: 	#'AttributeTypeAndValue'{type = ?OID,
  167: 				 value = <<19,11,69,114,105,99,115,115,111,110,32,65,66>>}).
  168: 
  169: -define(RelativeDistinguishedName, [?AttributeTypeAndValue]).
  170: 
  171: -define(RDNSequence, [?RelativeDistinguishedName]).
  172: 
  173: -define(Name, {rdnSequence, ?RDNSequence}).
  174: 
  175: -define(Version, v3).
  176: 
  177: -define(CertificateSerialNumber, 1).
  178: 
  179: -define(UniqueIdentifier, ?BIT_STR).
  180: 
  181: -define(Extension, #'Extension'{extnID = ?OID,
  182: 				critical = ?BOOLEAN,
  183: 				extnValue = ?OCTET_STR}).
  184: 
  185: -define(Extensions, [?Extension]).
  186: 
  187: -define(TBSCertificate,
  188: 	#'TBSCertificate'{version = ?Version,
  189: 			  serialNumber = ?CertificateSerialNumber,
  190: 			  signature = ?AlgorithmIdentifier,
  191: 			  issuer = ?Name,
  192: 			  validity = ?Validity,
  193: 			  subject = ?Name,
  194: 			  subjectPublicKeyInfo = ?SubjectPublicKeyInfo,
  195: 			  issuerUniqueID = ?UniqueIdentifier,
  196: 			  subjectUniqueID = ?UniqueIdentifier,
  197: 			  extensions = ?Extensions}).
  198: 
  199: -define(Certificate, #'Certificate'{tbsCertificate = ?TBSCertificate,
  200: 				    signatureAlgorithm = ?AlgorithmIdentifier,
  201: 				    signature = ?BIT_STR}).
  202: 
  203: %% PKIX1Implicit88
  204: 
  205: -define(GeneralName, {registeredID, ?OID}).
  206: 
  207: -define(GeneralNames, [?GeneralName]).
  208: 
  209: %% PKIXAttributeCertificate
  210: -define(AttCertValidityPeriod,
  211: 	#'AttCertValidityPeriod'{notBeforeTime = "19820102070533.8",
  212: 				 notAfterTime = "19820102070533.8"}).
  213: 
  214: 
  215: -define(Attribute, #'Attribute'{type = ?OID,
  216: 				values = []}).
  217: 
  218: -define(Attributes, [?Attribute]).
  219: 
  220: -define(IssuerSerial, #'IssuerSerial'{issuer = ?GeneralNames,
  221: 				      serial = ?CertificateSerialNumber,
  222: 				      issuerUID = ?UniqueIdentifier}).
  223: 
  224: -define(DigestedObjectType, publicKey). %% Enum
  225: 
  226: -define(ObjectDigestInfo,
  227: 	#'ObjectDigestInfo'{digestedObjectType = ?DigestedObjectType,
  228: 			    otherObjectTypeID = ?OID,
  229: 			    digestAlgorithm = ?AlgorithmIdentifier,
  230: 			    objectDigest = ?BIT_STR}).
  231: 
  232: -define(V2Form, #'V2Form'{issuerName = ?GeneralNames,
  233: 			  baseCertificateID = ?IssuerSerial,
  234: 			  objectDigestInfo = ?ObjectDigestInfo}).
  235: 
  236: -define(AttCertVersion, v2).
  237: 
  238: -define(Holder, #'Holder'{baseCertificateID = ?IssuerSerial,
  239: 			  entityName = ?GeneralNames,
  240: 			  objectDigestInfo = ?ObjectDigestInfo}).
  241: 
  242: -define(AttCertIssuer, {v2Form, ?V2Form}).
  243: 
  244: -define(AttributeCertificateInfo,
  245: 	#'AttributeCertificateInfo'{version = ?AttCertVersion,
  246: 				    holder = ?Holder,
  247: 				    issuer = ?AttCertIssuer,
  248: 				    signature = ?AlgorithmIdentifier,
  249: 				    serialNumber = ?CertificateSerialNumber,
  250: 				    attrCertValidityPeriod = ?AttCertValidityPeriod,
  251: 				    attributes = ?Attributes,
  252: 				    issuerUniqueID = ?UniqueIdentifier,
  253: 				    extensions = ?Extensions}).
  254: 
  255: -define(AttributeCertificate,
  256: 	#'AttributeCertificate'{acinfo = ?AttributeCertificateInfo,
  257: 				signatureAlgorithm = ?AlgorithmIdentifier,
  258: 				signatureValue = ?BIT_STR}).
  259: 
  260: 
  261: %% OrberCSIv2
  262: -define(AttributeCertChain,
  263: 	#'AttributeCertChain'{attributeCert = ?AttributeCertificate,
  264: 			      certificateChain = ?CertificateChain}).
  265: 
  266: -define(CertificateChain, [?Certificate]).
  267: 
  268: -define(VerifyingCertChain, [?Certificate]).
  269: 
  270: -endif.
  271: 
  272: %%-----------------------------------------------------------------
  273: %% External exports
  274: %%-----------------------------------------------------------------
  275: -export([all/0, suite/0,groups/0,init_per_group/2,end_per_group/2, cases/0,
  276: 	 init_per_suite/1, end_per_suite/1,
  277: 	 init_per_testcase/2, end_per_testcase/2,
  278: %	 code_CertificateChain_api/1,
  279: %	 code_AttributeCertChain_api/1,
  280: %	 code_VerifyingCertChain_api/1,
  281: %	 code_AttributeCertificate_api/1,
  282: %	 code_Certificate_api/1,
  283: %	 code_TBSCertificate_api/1,
  284: %	 code_CertificateSerialNumber_api/1,
  285: %	 code_Version_api/1,
  286: %	 code_AlgorithmIdentifier_api/1,
  287: %	 code_Name_api/1,
  288: %	 code_RDNSequence_api/1,
  289: %	 code_RelativeDistinguishedName_api/1,
  290: %	 code_AttributeTypeAndValue_api/1,
  291: %	 code_Attribute_api/1,
  292: %	 code_Validity_api/1,
  293: %	 code_SubjectPublicKeyInfo_api/1,
  294: %	 code_UniqueIdentifier_api/1,
  295: %	 code_Extensions_api/1,
  296: %	 code_Extension_api/1,
  297: %	 code_AttributeCertificateInfo_api/1,
  298: %	 code_AttCertVersion_api/1,
  299: %	 code_Holder_api/1,
  300: %	 code_AttCertIssuer_api/1,
  301: %	 code_AttCertValidityPeriod_api/1,
  302: %	 code_V2Form_api/1,
  303: %	 code_IssuerSerial_api/1,
  304: %	 code_ObjectDigestInfo_api/1,
  305: %	 code_OpenSSL509_api/1,
  306: 	 ssl_server_peercert_api/1,
  307: 	 ssl_client_peercert_api/1]).
  308: 
  309: 
  310: %%-----------------------------------------------------------------
  311: %% Internal exports
  312: %%-----------------------------------------------------------------
  313: -export([fake_server_ORB/5]).
  314: 
  315: %%-----------------------------------------------------------------
  316: %% Func: all/1
  317: %% Args:
  318: %% Returns:
  319: %%-----------------------------------------------------------------
  320: suite() -> [{ct_hooks,[ts_install_cth]}].
  321: 
  322: all() ->
  323:     cases().
  324: 
  325: groups() ->
  326:     [].
  327: 
  328: init_per_group(_GroupName, Config) ->
  329:     Config.
  330: 
  331: end_per_group(_GroupName, Config) ->
  332:     Config.
  333: 
  334: 
  335: %% NOTE - the fragment test cases must bu first since we explicitly set a request
  336: %% id. Otherwise, the request-id counter would be increased and we cannot know
  337: %% what it is.
  338: cases() ->
  339:     [ssl_server_peercert_api, ssl_client_peercert_api].
  340: 
  341: %%-----------------------------------------------------------------
  342: %% Init and cleanup functions.
  343: %%-----------------------------------------------------------------
  344: 
  345: init_per_testcase(_Case, Config) ->
  346:     Path = code:which(?MODULE),
  347:     code:add_pathz(filename:join(filename:dirname(Path), "idl_output")),
  348:     Dog=test_server:timetrap(?default_timeout),
  349:     orber:jump_start(0),
  350:     oe_orber_test_server:oe_register(),
  351:     [{watchdog, Dog}|Config].
  352: 
  353: 
  354: end_per_testcase(_Case, Config) ->
  355:     oe_orber_test_server:oe_unregister(),
  356:     orber:jump_stop(),
  357:     Path = code:which(?MODULE),
  358:     code:del_path(filename:join(filename:dirname(Path), "idl_output")),
  359:     Dog = ?config(watchdog, Config),
  360:     test_server:timetrap_cancel(Dog),
  361:     ok.
  362: 
  363: init_per_suite(Config) ->
  364:     try crypto:start() of
  365:         ok ->
  366: 	    case orber_test_lib:ssl_version() of
  367: 		no_ssl ->
  368: 		    {skip, "SSL is not installed!"};
  369: 		_ ->
  370: 		    Config
  371: 	    end
  372: 	catch _:_ ->
  373: 	    {skip, "Crypto did not start"}
  374:     end.
  375: 
  376: end_per_suite(Config) ->
  377:     application:stop(crypto),
  378:     Config.
  379: 
  380: %%-----------------------------------------------------------------
  381: %%  API tests for ORB to ORB, no security
  382: %%-----------------------------------------------------------------
  383: 
  384: 
  385: %%-----------------------------------------------------------------
  386: %%  Encode and decode ASN.1 X509
  387: %%-----------------------------------------------------------------
  388: 
  389: -ifdef(false).
  390: %% OrberCSIv2
  391: code_CertificateChain_api(doc) -> ["Code CertificateChain"];
  392: code_CertificateChain_api(suite) -> [];
  393: code_CertificateChain_api(_Config) ->
  394:     {ok, Enc} =
  395: 	?match({ok, _},
  396: 	       'OrberCSIv2':encode('CertificateChain', ?CertificateChain)),
  397:     ?match({ok, [#'Certificate'{}]},
  398: 	   'OrberCSIv2':decode('CertificateChain', list_to_binary(Enc))),
  399:     ok.
  400: 
  401: code_AttributeCertChain_api(doc) -> ["Code AttributeCertChain"];
  402: code_AttributeCertChain_api(suite) -> [];
  403: code_AttributeCertChain_api(_Config) ->
  404:      {ok, Enc} =
  405: 	?match({ok, _},
  406: 	       'OrberCSIv2':encode('AttributeCertChain', ?AttributeCertChain)),
  407:     ?match({ok, #'AttributeCertChain'{}},
  408: 	   'OrberCSIv2':decode('AttributeCertChain', list_to_binary(Enc))),
  409:     ok.
  410: 
  411: code_VerifyingCertChain_api(doc) -> ["Code VerifyingCertChain"];
  412: code_VerifyingCertChain_api(suite) -> [];
  413: code_VerifyingCertChain_api(_Config) ->
  414:      {ok, Enc} =
  415: 	?match({ok, _},
  416: 	       'OrberCSIv2':encode('VerifyingCertChain', ?VerifyingCertChain)),
  417:     ?match({ok, [#'Certificate'{}]},
  418: 	   'OrberCSIv2':decode('VerifyingCertChain', list_to_binary(Enc))),
  419:     ok.
  420: 
  421: %% PKIXAttributeCertificate
  422: code_AttributeCertificate_api(doc) -> ["Code AttributeCertificate"];
  423: code_AttributeCertificate_api(suite) -> [];
  424: code_AttributeCertificate_api(_Config) ->
  425:     {ok, Enc} =
  426: 	?match({ok, _},
  427: 	       'OrberCSIv2':encode('AttributeCertificate', ?AttributeCertificate)),
  428:     ?match({ok, #'AttributeCertificate'{}},
  429: 	   'OrberCSIv2':decode('AttributeCertificate', list_to_binary(Enc))),
  430:     ok.
  431: 
  432: code_AttributeCertificateInfo_api(doc) -> ["Code AttributeCertificateInfo"];
  433: code_AttributeCertificateInfo_api(suite) -> [];
  434: code_AttributeCertificateInfo_api(_Config) ->
  435:     {ok, Enc} =
  436: 	?match({ok, _},
  437: 	       'OrberCSIv2':encode('AttributeCertificateInfo', ?AttributeCertificateInfo)),
  438:     ?match({ok, #'AttributeCertificateInfo'{}},
  439: 	   'OrberCSIv2':decode('AttributeCertificateInfo', list_to_binary(Enc))),
  440:     ok.
  441: 
  442: code_AttCertVersion_api(doc) -> ["Code AttCertVersion"];
  443: code_AttCertVersion_api(suite) -> [];
  444: code_AttCertVersion_api(_Config) ->
  445:     {ok, Enc} =
  446: 	?match({ok, _},
  447: 	       'OrberCSIv2':encode('AttCertVersion', ?AttCertVersion)),
  448:     ?match({ok, ?AttCertVersion},
  449: 	   'OrberCSIv2':decode('AttCertVersion', list_to_binary(Enc))),
  450:     ok.
  451: 
  452: code_Holder_api(doc) -> ["Code Holder"];
  453: code_Holder_api(suite) -> [];
  454: code_Holder_api(_Config) ->
  455:     {ok, Enc} =
  456: 	?match({ok, _},
  457: 	       'OrberCSIv2':encode('Holder', ?Holder)),
  458:     ?match({ok, #'Holder'{}},
  459: 	   'OrberCSIv2':decode('Holder', list_to_binary(Enc))),
  460:     ok.
  461: 
  462: code_AttCertIssuer_api(doc) -> ["Code AttCertIssuer"];
  463: code_AttCertIssuer_api(suite) -> [];
  464: code_AttCertIssuer_api(_Config) ->
  465:     {ok, Enc} =
  466: 	?match({ok, _},
  467: 	       'OrberCSIv2':encode('AttCertIssuer', ?AttCertIssuer)),
  468:     ?match({ok, {v2Form, _}},
  469: 	   'OrberCSIv2':decode('AttCertIssuer', list_to_binary(Enc))),
  470:     ok.
  471: 
  472: code_AttCertValidityPeriod_api(doc) -> ["Code AttCertValidityPeriod"];
  473: code_AttCertValidityPeriod_api(suite) -> [];
  474: code_AttCertValidityPeriod_api(_Config) ->
  475:     {ok, Enc} =
  476: 	?match({ok, _}, 'OrberCSIv2':encode('AttCertValidityPeriod', ?AttCertValidityPeriod)),
  477:     ?match({ok, #'AttCertValidityPeriod'{}},
  478: 	   'OrberCSIv2':decode('AttCertValidityPeriod', list_to_binary(Enc))),
  479:     ok.
  480: 
  481: code_V2Form_api(doc) -> ["Code V2Form"];
  482: code_V2Form_api(suite) -> [];
  483: code_V2Form_api(_Config) ->
  484:     {ok, Enc} =
  485: 	?match({ok, _},
  486: 	       'OrberCSIv2':encode('V2Form', ?V2Form)),
  487:     ?match({ok, #'V2Form'{}},
  488: 	   'OrberCSIv2':decode('V2Form', list_to_binary(Enc))),
  489:     ok.
  490: 
  491: code_IssuerSerial_api(doc) -> ["Code IssuerSerial"];
  492: code_IssuerSerial_api(suite) -> [];
  493: code_IssuerSerial_api(_Config) ->
  494:     {ok, Enc} =
  495: 	?match({ok, _},
  496: 	       'OrberCSIv2':encode('IssuerSerial', ?IssuerSerial)),
  497:     ?match({ok, #'IssuerSerial'{}},
  498: 	   'OrberCSIv2':decode('IssuerSerial', list_to_binary(Enc))),
  499:     ok.
  500: 
  501: code_ObjectDigestInfo_api(doc) -> ["Code ObjectDigestInfo"];
  502: code_ObjectDigestInfo_api(suite) -> [];
  503: code_ObjectDigestInfo_api(_Config) ->
  504:     {ok, Enc} =
  505: 	?match({ok, _},
  506: 	       'OrberCSIv2':encode('ObjectDigestInfo', ?ObjectDigestInfo)),
  507:     ?match({ok, #'ObjectDigestInfo'{}},
  508: 	   'OrberCSIv2':decode('ObjectDigestInfo', list_to_binary(Enc))),
  509:     ok.
  510: 
  511: %% PKIX1Explicit88
  512: code_Certificate_api(doc) -> ["Code Certificate"];
  513: code_Certificate_api(suite) -> [];
  514: code_Certificate_api(_Config) ->
  515:     {ok, Enc} =
  516: 	?match({ok, _},
  517: 	       'OrberCSIv2':encode('Certificate', ?Certificate)),
  518:     ?match({ok, #'Certificate'{}},
  519: 	   'OrberCSIv2':decode('Certificate', list_to_binary(Enc))),
  520:     ok.
  521: 
  522: code_TBSCertificate_api(doc) -> ["Code TBSCertificate"];
  523: code_TBSCertificate_api(suite) -> [];
  524: code_TBSCertificate_api(_Config) ->
  525:     {ok, Enc} =
  526: 	?match({ok, _},
  527: 	       'OrberCSIv2':encode('TBSCertificate', ?TBSCertificate)),
  528:     ?match({ok, #'TBSCertificate'{}},
  529: 	   'OrberCSIv2':decode('TBSCertificate', list_to_binary(Enc))),
  530:     ok.
  531: 
  532: code_CertificateSerialNumber_api(doc) -> ["Code CertificateSerialNumber"];
  533: code_CertificateSerialNumber_api(suite) -> [];
  534: code_CertificateSerialNumber_api(_Config) ->
  535:     {ok, Enc} =
  536: 	?match({ok, _},
  537: 	       'OrberCSIv2':encode('CertificateSerialNumber', ?CertificateSerialNumber)),
  538:     ?match({ok, ?CertificateSerialNumber},
  539: 	   'OrberCSIv2':decode('CertificateSerialNumber', list_to_binary(Enc))),
  540:     ok.
  541: 
  542: code_Version_api(doc) -> ["Code Version"];
  543: code_Version_api(suite) -> [];
  544: code_Version_api(_Config) ->
  545:     {ok, Enc} =
  546: 	?match({ok, _}, 'OrberCSIv2':encode('Version', ?Version)),
  547:     ?match({ok, ?Version}, 'OrberCSIv2':decode('Version', list_to_binary(Enc))),
  548:     ok.
  549: 
  550: code_AlgorithmIdentifier_api(doc) -> ["Code AlgorithmIdentifier"];
  551: code_AlgorithmIdentifier_api(suite) -> [];
  552: code_AlgorithmIdentifier_api(_Config) ->
  553:     {ok, Enc} =
  554: 	?match({ok, _}, 'OrberCSIv2':encode('AlgorithmIdentifier', ?AlgorithmIdentifier)),
  555:     ?match({ok, #'AlgorithmIdentifier'{}},
  556: 	   'OrberCSIv2':decode('AlgorithmIdentifier', list_to_binary(Enc))),
  557:     ok.
  558: 
  559: code_Name_api(doc) -> ["Code Name"];
  560: code_Name_api(suite) -> [];
  561: code_Name_api(_Config) ->
  562:     {ok, Enc} =
  563: 	?match({ok, _}, 'OrberCSIv2':encode('Name', ?Name)),
  564:     ?match({ok, {rdnSequence,_}},
  565: 	   'OrberCSIv2':decode('Name', list_to_binary(Enc))),
  566:     ok.
  567: 
  568: code_RDNSequence_api(doc) -> ["Code RDNSequence"];
  569: code_RDNSequence_api(suite) -> [];
  570: code_RDNSequence_api(_Config) ->
  571:     {ok, Enc} =
  572: 	?match({ok, _}, 'OrberCSIv2':encode('RDNSequence', ?RDNSequence)),
  573:     ?match({ok, [[#'AttributeTypeAndValue'{}]]},
  574: 	   'OrberCSIv2':decode('RDNSequence', list_to_binary(Enc))),
  575:     ok.
  576: 
  577: code_RelativeDistinguishedName_api(doc) -> ["Code RelativeDistinguishedName"];
  578: code_RelativeDistinguishedName_api(suite) -> [];
  579: code_RelativeDistinguishedName_api(_Config) ->
  580:     {ok, Enc} =
  581: 	?match({ok, _}, 'OrberCSIv2':encode('RelativeDistinguishedName', ?RelativeDistinguishedName)),
  582:     ?match({ok, [#'AttributeTypeAndValue'{}]},
  583: 	   'OrberCSIv2':decode('RelativeDistinguishedName', list_to_binary(Enc))),
  584:     ok.
  585: 
  586: code_AttributeTypeAndValue_api(doc) -> ["Code AttributeTypeAndValue"];
  587: code_AttributeTypeAndValue_api(suite) -> [];
  588: code_AttributeTypeAndValue_api(_Config) ->
  589:     {ok, Enc} =
  590: 	?match({ok, _}, 'OrberCSIv2':encode('AttributeTypeAndValue', ?AttributeTypeAndValue)),
  591:     ?match({ok, #'AttributeTypeAndValue'{}},
  592: 	   'OrberCSIv2':decode('AttributeTypeAndValue', list_to_binary(Enc))),
  593:     ok.
  594: 
  595: code_Attribute_api(doc) -> ["Code Attribute"];
  596: code_Attribute_api(suite) -> [];
  597: code_Attribute_api(_Config) ->
  598:     {ok, Enc} =
  599: 	?match({ok, _}, 'OrberCSIv2':encode('Attribute', ?Attribute)),
  600:     ?match({ok, #'Attribute'{}},
  601: 	   'OrberCSIv2':decode('Attribute', list_to_binary(Enc))),
  602:     ok.
  603: 
  604: code_Validity_api(doc) -> ["Code Validity"];
  605: code_Validity_api(suite) -> [];
  606: code_Validity_api(_Config) ->
  607:     {ok, Enc} =
  608: 	?match({ok, _}, 'OrberCSIv2':encode('Validity', ?Validity)),
  609:     ?match({ok, #'Validity'{}},
  610: 	   'OrberCSIv2':decode('Validity', list_to_binary(Enc))),
  611:     ok.
  612: 
  613: code_SubjectPublicKeyInfo_api(doc) -> ["Code SubjectPublicKeyInfo"];
  614: code_SubjectPublicKeyInfo_api(suite) -> [];
  615: code_SubjectPublicKeyInfo_api(_Config) ->
  616:     {ok, Enc} =
  617: 	?match({ok, _}, 'OrberCSIv2':encode('SubjectPublicKeyInfo', ?SubjectPublicKeyInfo)),
  618:     ?match({ok, #'SubjectPublicKeyInfo'{}},
  619: 	   'OrberCSIv2':decode('SubjectPublicKeyInfo', list_to_binary(Enc))),
  620:     ok.
  621: 
  622: code_UniqueIdentifier_api(doc) -> ["Code UniqueIdentifier"];
  623: code_UniqueIdentifier_api(suite) -> [];
  624: code_UniqueIdentifier_api(_Config) ->
  625:     {ok, Enc} =
  626: 	?match({ok, _}, 'OrberCSIv2':encode('UniqueIdentifier', ?UniqueIdentifier)),
  627:     ?match({ok, _}, 'OrberCSIv2':decode('UniqueIdentifier', list_to_binary(Enc))),
  628:     ok.
  629: 
  630: code_Extensions_api(doc) -> ["Code Extensions"];
  631: code_Extensions_api(suite) -> [];
  632: code_Extensions_api(_Config) ->
  633:     {ok, Enc} =
  634: 	?match({ok, _}, 'OrberCSIv2':encode('Extensions', ?Extensions)),
  635:     ?match({ok, [#'Extension'{}]},
  636: 	   'OrberCSIv2':decode('Extensions', list_to_binary(Enc))),
  637:     ok.
  638: 
  639: code_Extension_api(doc) -> ["Code Extension"];
  640: code_Extension_api(suite) -> [];
  641: code_Extension_api(_Config) ->
  642:     {ok, Enc} =
  643: 	?match({ok, _}, 'OrberCSIv2':encode('Extension', ?Extension)),
  644:     ?match({ok, #'Extension'{}},
  645: 	   'OrberCSIv2':decode('Extension', list_to_binary(Enc))),
  646:     ok.
  647: 
  648: %% OpenSSL generated x509 Certificate
  649: code_OpenSSL509_api(doc) -> ["Code OpenSSL generated x509 Certificate"];
  650: code_OpenSSL509_api(suite) -> [];
  651: code_OpenSSL509_api(_Config) ->
  652:     {ok, Cert} =
  653: 	?match({ok, #'Certificate'{}},
  654: 	       'OrberCSIv2':decode('Certificate', ?X509DER)),
  655:     AttrCertChain = #'AttributeCertChain'{attributeCert = ?AttributeCertificate,
  656: 					  certificateChain = [Cert]},
  657:     {ok, EAttrCertChain} =
  658: 	?match({ok, _}, 'OrberCSIv2':encode('AttributeCertChain', AttrCertChain)),
  659:     ?match({ok, #'AttributeCertChain'{}},
  660: 	   'OrberCSIv2':decode('AttributeCertChain', list_to_binary(EAttrCertChain))),
  661:     ok.
  662: 
  663: -endif.
  664: 
  665: %%-----------------------------------------------------------------
  666: %%  Test ssl:peercert
  667: %%-----------------------------------------------------------------
  668: ssl_server_peercert_api(doc) -> ["Test ssl:peercert (server side)"];
  669: ssl_server_peercert_api(suite) -> [];
  670: ssl_server_peercert_api(_Config) ->
  671:     Options = orber_test_lib:get_options(iiop_ssl, server,
  672: 	2, [{iiop_ssl_port, 0}]),
  673:     {ok, ServerNode, ServerHost} =
  674:     ?match({ok,_,_}, orber_test_lib:js_node(Options)),
  675:     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_ssl_port, []),
  676:     SSLOptions = orber_test_lib:get_options(ssl, client),
  677:     {ok, Socket} =
  678:     ?match({ok, _}, fake_client_ORB(ssl, ServerHost, ServerPort, SSLOptions)),
  679:     {ok, _PeerCert} = ?match({ok, _}, orber_socket:peercert(ssl, Socket)),
  680:     %% 	    ?match({ok, {rdnSequence, _}}, orber_socket:peercert(ssl, Socket, [pkix, subject])),
  681:     %% 	    ?match({ok, {rdnSequence, _}}, orber_socket:peercert(ssl, Socket, [ssl, subject])),
  682:     %	    ?match({ok, #'Certificate'{}},
  683:     %		   'OrberCSIv2':decode('Certificate', PeerCert)),
  684:     destroy_fake_ORB(ssl, Socket),
  685:     ok.
  686: 
  687: ssl_client_peercert_api(doc) -> ["Test ssl:peercert (client side)"];
  688: ssl_client_peercert_api(suite) -> [];
  689: ssl_client_peercert_api(_Config) ->
  690:     Options = orber_test_lib:get_options(iiop_ssl, client,
  691: 	2, [{iiop_ssl_port, 0}]),
  692:     {ok, ClientNode, _ClientHost} =
  693:     ?match({ok,_,_}, orber_test_lib:js_node(Options)),
  694:     crypto:start(),
  695:     ssl:start(),
  696:     SSLOptions = orber_test_lib:get_options(ssl, server),
  697:     {ok, LSock} = ?match({ok, _}, ssl:listen(0, SSLOptions)),
  698:     {ok, {_Address, LPort}} = ?match({ok, {_, _}}, ssl:sockname(LSock)),
  699:     IOR = ?match({'IOP_IOR',_,_},
  700: 	iop_ior:create_external({1, 2}, "IDL:FAKE:1.0",
  701: 	    "localhost", 6004, "FAKE",
  702: 	    [#'IOP_TaggedComponent'
  703: 		{tag=?TAG_SSL_SEC_TRANS,
  704: 		    component_data=#'SSLIOP_SSL'
  705: 		    {target_supports = 2,
  706: 			target_requires = 2,
  707: 			port = LPort}}])),
  708:     spawn(orber_test_lib, remote_apply,
  709: 	[ClientNode, corba_object, non_existent, [IOR]]),
  710:     {ok, Socket} = ?match({ok, _}, ssl:transport_accept(LSock)),
  711:     ?match(ok, ssl:ssl_accept(Socket)),
  712: 
  713:     {ok, _PeerCert} = ?match({ok, _}, orber_socket:peercert(ssl, Socket)),
  714:     %% 	    ?match({ok, {rdnSequence, _}}, orber_socket:peercert(ssl, Socket, [pkix, subject])),
  715:     %% 	    ?match({ok, {rdnSequence, _}}, orber_socket:peercert(ssl, Socket, [ssl, subject])),
  716:     %	    ?match({ok, #'Certificate'{}},
  717:     %		   'OrberCSIv2':decode('Certificate', PeerCert)),
  718:     ssl:close(Socket),
  719:     ssl:close(LSock),
  720:     ssl:stop(),
  721:     ok.
  722: 
  723: %%-----------------------------------------------------------------
  724: %% Local functions.
  725: %%-----------------------------------------------------------------
  726: -ifdef(false).
  727: %% Not used yet.
  728: context_test(Obj) ->
  729:     IDToken1 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTAbsent,
  730: 				    value = true},
  731:     IDToken2 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTAnonymous,
  732: 				    value = false},
  733:     IDToken3 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTPrincipalName,
  734: 				    value = [0,255]},
  735:     IDToken4 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTX509CertChain,
  736: 				    value = [1,255]},
  737:     IDToken5 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTDistinguishedName,
  738: 				    value = [2,255]},
  739:     IDToken6 = #'CSI_IdentityToken'{label = ?ULONGMAX,
  740: 				    value = [3,255]},
  741: 
  742:     MTEstablishContext1 = #'CSI_SASContextBody'
  743:       {label = ?CSI_MsgType_MTEstablishContext,
  744:        value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX,
  745: 				       authorization_token =
  746: 				       [#'CSI_AuthorizationElement'
  747: 					{the_type = ?ULONGMAX,
  748: 					 the_element = [0,255]}],
  749: 				       identity_token = IDToken1,
  750: 				       client_authentication_token = [1, 255]}},
  751:     MTEstablishContext2 = #'CSI_SASContextBody'
  752:       {label = ?CSI_MsgType_MTEstablishContext,
  753:        value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX,
  754: 				       authorization_token =
  755: 				       [#'CSI_AuthorizationElement'
  756: 					{the_type = ?ULONGMAX,
  757: 					 the_element = [0,255]}],
  758: 				       identity_token = IDToken2,
  759: 				       client_authentication_token = [1, 255]}},
  760:     MTEstablishContext3 = #'CSI_SASContextBody'
  761:       {label = ?CSI_MsgType_MTEstablishContext,
  762:        value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX,
  763: 				       authorization_token =
  764: 				       [#'CSI_AuthorizationElement'
  765: 					{the_type = ?ULONGMAX,
  766: 					 the_element = [0,255]}],
  767: 				       identity_token = IDToken3,
  768: 				       client_authentication_token = [1, 255]}},
  769:     MTEstablishContext4 = #'CSI_SASContextBody'
  770:       {label = ?CSI_MsgType_MTEstablishContext,
  771:        value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX,
  772: 				       authorization_token =
  773: 				       [#'CSI_AuthorizationElement'
  774: 					{the_type = ?ULONGMAX,
  775: 					 the_element = [0,255]}],
  776: 				       identity_token = IDToken4,
  777: 				       client_authentication_token = [1, 255]}},
  778:     MTEstablishContext5 = #'CSI_SASContextBody'
  779:       {label = ?CSI_MsgType_MTEstablishContext,
  780:        value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX,
  781: 				       authorization_token =
  782: 				       [#'CSI_AuthorizationElement'
  783: 					{the_type = ?ULONGMAX,
  784: 					 the_element = [0,255]}],
  785: 				       identity_token = IDToken5,
  786: 				       client_authentication_token = [1, 255]}},
  787:     MTEstablishContext6 = #'CSI_SASContextBody'
  788:       {label = ?CSI_MsgType_MTEstablishContext,
  789:        value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX,
  790: 				       authorization_token =
  791: 				       [#'CSI_AuthorizationElement'
  792: 					{the_type = ?ULONGMAX,
  793: 					 the_element = [0,255]}],
  794: 				       identity_token = IDToken6,
  795: 				       client_authentication_token = [1, 255]}},
  796:     MTCompleteEstablishContext = #'CSI_SASContextBody'
  797:       {label = ?CSI_MsgType_MTCompleteEstablishContext,
  798:        value = #'CSI_CompleteEstablishContext'{client_context_id = ?ULONGLONGMAX,
  799: 					       context_stateful = false,
  800: 					       final_context_token = [1, 255]}},
  801:     MTContextError = #'CSI_SASContextBody'
  802:       {label = ?CSI_MsgType_MTContextError,
  803:        value = #'CSI_ContextError'{client_context_id = ?ULONGLONGMAX,
  804: 				   major_status = 1,
  805: 				   minor_status = 2,
  806: 				   error_token = [2,255]}},
  807:     MTMessageInContext = #'CSI_SASContextBody'
  808:       {label = ?CSI_MsgType_MTMessageInContext,
  809:        value = #'CSI_MessageInContext'{client_context_id = ?ULONGLONGMAX,
  810: 				       discard_context = true}},
  811:     Ctx = [#'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService,
  812: 				 context_data = MTEstablishContext1},
  813: 	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService,
  814: 				 context_data = MTEstablishContext2},
  815: 	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService,
  816: 				 context_data = MTEstablishContext3},
  817: 	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService,
  818: 				 context_data = MTEstablishContext4},
  819: 	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService,
  820: 				 context_data = MTEstablishContext5},
  821: 	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService,
  822: 				 context_data = MTEstablishContext6},
  823: 	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService,
  824: 				 context_data = MTCompleteEstablishContext},
  825: 	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService,
  826: 				 context_data = MTContextError},
  827: 	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService,
  828: 				 context_data = MTMessageInContext}],
  829:     ?line ?match(ok, orber_test_server:testing_iiop_context(Obj, [{context, Ctx}])).
  830: 
  831: 
  832: fake_server_ORB(Type, Port, Options) ->
  833:     start_ssl(Type),
  834:     {ok, ListenSocket, NewPort} =
  835: 	orber_socket:listen(Type, Port,
  836: 			    [{active, false}|Options]),
  837:     Socket = orber_socket:accept(Type, ListenSocket),
  838:     orber_socket:post_accept(Type, Socket),
  839:     {ok, Socket, NewPort}.
  840: 
  841: -endif.
  842: 
  843: fake_server_ORB(Type, Port, Options, Action, Data) ->
  844:     start_ssl(Type),
  845:     {ok, ListenSocket, _NewPort} =
  846: 	orber_socket:listen(Type, Port, [{active, false}|Options]),
  847:     Socket = orber_socket:accept(Type, ListenSocket),
  848:     orber_socket:post_accept(Type, Socket),
  849:     do_server_action(Type, Socket, Action, Data),
  850:     orber_socket:close(Type, Socket),
  851:     ok.
  852: 
  853: start_ssl(ssl) ->
  854:     crypto:start(),
  855:     ssl:start();
  856: start_ssl(_) ->
  857:     ok.
  858: 
  859: 
  860: destroy_fake_ORB(ssl, Socket) ->
  861:     orber_socket:close(ssl, Socket),
  862:     ssl:stop();
  863: destroy_fake_ORB(Type, Socket) ->
  864:     orber_socket:close(Type, Socket).
  865: 
  866: fake_client_ORB(Type, Host, Port, Options) ->
  867:     start_ssl(Type),
  868:     Socket = orber_socket:connect(Type, Host, Port, [{active, false}|Options]),
  869:     {ok, Socket}.
  870: 
  871: -ifdef(false).
  872: %% Not used yet.
  873: 
  874: fake_client_ORB(Type, Host, Port, Options, Action, Data) ->
  875:     start_ssl(Type),
  876:     Socket = orber_socket:connect(Type, Host, Port, [{active, false}|Options]),
  877:     Result = do_client_action(Type, Socket, Action, Data),
  878:     orber_socket:close(Type, Socket),
  879:     Result.
  880: 
  881: do_client_action(Type, Socket, fragments, FragList) ->
  882:     ok = send_data(Type, Socket, FragList),
  883:     {ok, Bytes} = gen_tcp:recv(Socket, 0),
  884:     {#reply_header{request_id = ?REQUEST_ID, reply_status = no_exception}, ok, [Par]} =
  885: 	cdr_decode:dec_message({tk_void,[tk_any],[tk_any]}, Bytes),
  886:     Par;
  887: do_client_action(Type, Socket, fragments_max, FragList) ->
  888:     ok = send_data(Type, Socket, FragList),
  889:     {ok, Bytes} = gen_tcp:recv(Socket, 0),
  890:     {#reply_header{request_id = ?REQUEST_ID, reply_status = system_exception}, Exc, []} =
  891: 	cdr_decode:dec_message({tk_void,[tk_any],[tk_any]}, Bytes),
  892:     Exc;
  893: do_client_action(Type, Socket, message_error, Data) ->
  894:     ok = send_data(Type, Socket, Data),
  895:     {ok,Bytes} = gen_tcp:recv(Socket, 0),
  896:     'message_error' = cdr_decode:dec_message({tk_void,[tk_any],[tk_any]}, Bytes),
  897:     ok;
  898: do_client_action(_Type, _Socket, _Action, _Data) ->
  899:     ok.
  900: 
  901: -endif.
  902: 
  903: do_server_action(Type, Socket, fragments, FragList) ->
  904:     {ok, _B} = gen_tcp:recv(Socket, 0),
  905:     ok = send_data(Type, Socket, FragList);
  906: do_server_action(_Type, _Socket, _Action, _Data) ->
  907:     ok.
  908: 
  909: 
  910: send_data(_Type, _Socket, []) ->
  911:     ok;
  912: send_data(Type, Socket, [H|T]) ->
  913:     orber_socket:write(Type, Socket, H),
  914:     send_data(Type, Socket, T).
  915: