diff options
author | Johnny Willemsen <jwillemsen@remedy.nl> | 2018-10-30 14:25:52 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-10-30 14:25:52 +0100 |
commit | 18c0f440f6f44d9d7e6b158401e85fdc434a73bf (patch) | |
tree | 726be5aec384a504cbdf6b7eb5b8e385cfe59694 | |
parent | 1a7f9bc556a6a74c2a66065af0f0b9489b5aca1e (diff) | |
parent | 4256451a9b89b4c8280c0976c8e03a753e003453 (diff) | |
download | ATCD-18c0f440f6f44d9d7e6b158401e85fdc434a73bf.tar.gz |
Merge pull request #732 from jwillemsen/milan-mpathix-ssliop_corbaloc_parser_comma_fix
Fixed ssliop corbaloc parser and got the new revised test to run
22 files changed, 226 insertions, 102 deletions
diff --git a/TAO/bin/tao_other_tests.lst b/TAO/bin/tao_other_tests.lst index 9cc7c20e94e..8f84e6ed4fe 100644 --- a/TAO/bin/tao_other_tests.lst +++ b/TAO/bin/tao_other_tests.lst @@ -213,6 +213,7 @@ TAO/orbsvcs/tests/Property/run_test.pl: !NO_MESSAGING !ACE_FOR_TAO !CORBA_E_MICR TAO/orbsvcs/tests/Bug_3387_Regression/run_test.pl: !ST !NO_MESSAGING !MINIMUM !CORBA_E_COMPACT !CORBA_E_MICRO !ACE_FOR_TAO !LynxOS #HANGS TAO/orbsvcs/tests/ImplRepo/run_test.pl airplane #HANGS'TAO/orbsvcs/tests/ImplRepo/run_test.pl airplane_ir +TAO/orbsvcs/tests/Security/ssliop_corbaloc/run_test.pl: !ST SSL !STATIC !DISABLE_INTERCEPTORS !ACE_FOR_TAO !MINIMUM !CORBA_E_COMPACT !CORBA_E_MICRO TAO/orbsvcs/tests/Security/Secure_Invocation/run_test.pl: SSL !STATIC !DISABLE_INTERCEPTORS !ACE_FOR_TAO !MINIMUM !CORBA_E_COMPACT !CORBA_E_MICRO TAO/orbsvcs/tests/Security/Bug_1107_Regression/run_test.pl: SSL !STATIC !DISABLE_INTERCEPTORS !ACE_FOR_TAO !MINIMUM !CORBA_E_COMPACT !CORBA_E_MICRO TAO/orbsvcs/tests/Security/Bug_2908_Regression/run_test.pl: SSL !STATIC !DISABLE_INTERCEPTORS !ACE_FOR_TAO !MINIMUM !CORBA_E_COMPACT !CORBA_E_MICRO diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connector.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connector.cpp index eb6303b9b37..6aebd8005d2 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connector.cpp +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connector.cpp @@ -286,7 +286,7 @@ TAO::SSLIOP::Connector::corbaloc_scan (const char *endpoint, size_t &len) } len = ACE_OS::strlen (endpoint); } - else if (slash_pos != 0 || comma_pos > slash_pos) + else if (comma_pos == 0 || comma_pos > slash_pos) { // The endpoint address does not extend past the first '/' or ',' len = slash_pos - endpoint; diff --git a/TAO/orbsvcs/tests/Security/BiDirectional/README b/TAO/orbsvcs/tests/Security/BiDirectional/README index 006c572b7e1..a547f6dc903 100644 --- a/TAO/orbsvcs/tests/Security/BiDirectional/README +++ b/TAO/orbsvcs/tests/Security/BiDirectional/README @@ -1,5 +1,3 @@ - - This is a test that exercises the birectional GIOP connection implementation in TAO over SSLIOP connection. @@ -24,6 +22,6 @@ would crash itself. To determine that no new connections have been opened or used the test relies on the fact that TAO uses a transport cache. It can provide us -iwith the number of currently cashed transports before and after making an +with the number of currently cashed transports before and after making an invocation. Both the client and at the server make this check. diff --git a/TAO/orbsvcs/tests/Security/Secure_Invocation/README b/TAO/orbsvcs/tests/Security/Secure_Invocation/README index 702c69220ff..9f2845b2f3a 100644 --- a/TAO/orbsvcs/tests/Security/Secure_Invocation/README +++ b/TAO/orbsvcs/tests/Security/Secure_Invocation/README @@ -1,15 +1,13 @@ - - This test verifies that the ORB's secure invocation mechanism is functioning properly. It does so by the doing the following: - - Invoking a request over standard (insecure) IIOP on a target - object that requires secure invocation (e.g. over SSLIOP). - The client should receive a CORBA::NO_PERMISSION exception. +- Invoking a request over standard (insecure) IIOP on a target + object that requires secure invocation (e.g. over SSLIOP). + The client should receive a CORBA::NO_PERMISSION exception. - - Invoking a request via a security mechanism, such as - SSLIOP. The AccessId associated with the given request is - obtained from the SecurityCurrent object, and displayed. +- Invoking a request via a security mechanism, such as + SSLIOP. The AccessId associated with the given request is + obtained from the SecurityCurrent object, and displayed. The expected test output is the following (actual "certificate issuer" contents may differ): diff --git a/TAO/orbsvcs/tests/Security/ssliop_corbaloc/README b/TAO/orbsvcs/tests/Security/ssliop_corbaloc/README index a47619b779e..8b8b2301c1a 100644 --- a/TAO/orbsvcs/tests/Security/ssliop_corbaloc/README +++ b/TAO/orbsvcs/tests/Security/ssliop_corbaloc/README @@ -1,5 +1,3 @@ - - These application tests address various features of TAO's Naming Service. The functionality is the same as in the Simple_Naming test, but the difference is that all the @@ -7,15 +5,15 @@ communication is done over SSLIOP and clients are using INS-style corbaloc URLs. To run all tests automatically - - execute Perl script run_test.pl + execute Perl script run_test.pl To run tests manually - - start the Naming Service (see - TAO/orbsvcs/Naming_Service/README for valid options). + start the Naming Service (see + TAO/orbsvcs/Naming_Service/README for valid options). Make sure you use " -ORBSvcConf server.conf" and "-ORBEndpoint iiop://localhost:23456/ssl_port=12345" - Then run ./client with one of the options below. + Then run ./client with one of the options below. Make sure you add " -ORBSvcConf client.conf" and "-ORBInitRef NameService=corbaloc:ssliop:localhost:12345/NameService" @@ -25,15 +23,15 @@ after themselves). The following options exist: --------------------------- --s Run the Simple test of the Naming Service. +-s Run the Simple test of the Naming Service. --t Run the Tree test of the Naming Service. +-t Run the Tree test of the Naming Service. --e Run the Exceptions test of the Naming Service +-e Run the Exceptions test of the Naming Service --i Run the Iterator test of the Naming Service. +-i Run the Iterator test of the Naming Service. --y Run the Destroy test of the Naming Service. +-y Run the Destroy test of the Naming Service. Persistent test consists of two parts (below). @@ -81,7 +79,6 @@ Persistent test consists of two parts (below). If no option is specified, Simple test is run. If more than one option is specified, only one test runs. - DESCRIPTION AND EXPECTED OUTPUT FOR EACH TEST ******************************************* Please see $TAO_ROOT/orbsvcs/tests/Simple_Naming/README diff --git a/TAO/orbsvcs/tests/Security/ssliop_corbaloc/cacert.pem b/TAO/orbsvcs/tests/Security/ssliop_corbaloc/cacert.pem new file mode 100644 index 00000000000..d98dd5918cb --- /dev/null +++ b/TAO/orbsvcs/tests/Security/ssliop_corbaloc/cacert.pem @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE----- +MIICgDCCAemgAwIBAgIJAO8E230uBaq+MA0GCSqGSIb3DQEBBQUAMDUxCzAJBgNV +BAYTAlVTMRIwEAYDVQQIEwlUZW5uZXNzZWUxEjAQBgNVBAoTCURPQyBHcm91cDAe +Fw0xMTA2MTUxMzU2MDRaFw0yMTA2MTIxMzU2MDRaMDUxCzAJBgNVBAYTAlVTMRIw +EAYDVQQIEwlUZW5uZXNzZWUxEjAQBgNVBAoTCURPQyBHcm91cDCBnzANBgkqhkiG +9w0BAQEFAAOBjQAwgYkCgYEAxzlgJm5rZMTZEQCa7m3/JPbykh4FT7DwcrWBgDRF +Jk0wgi4K7AKOFdCfOMqbW1Ps5ITbzgwq2yNXOrocKYs//02ewppKx5bxOE5wTA9v +qwvaoJUeQ8PVEY+RVi2z+CP1xFIVKOCJtrg5WwWE9Vwvu3iyTe95dR1T95Hkrl0I +yHECAwEAAaOBlzCBlDAdBgNVHQ4EFgQU/XO+9DMzOBifuZxp1BL+gTGVAwowZQYD +VR0jBF4wXIAU/XO+9DMzOBifuZxp1BL+gTGVAwqhOaQ3MDUxCzAJBgNVBAYTAlVT +MRIwEAYDVQQIEwlUZW5uZXNzZWUxEjAQBgNVBAoTCURPQyBHcm91cIIJAO8E230u +Baq+MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAUxxR/7U35mIGJ7c/ +KfZZYze4/Aio7mf9QG0DA55F9DlB16IOJuRXqeMY2Lo+WFo7pszDX8TbucWtWJC6 +pMIVamWLTpgfVrWeTcafio/puqTALKfZ5LHzHieu1QNvFPQxMx1DZ5Eawowhl7ua +4ERB9b/3K4StZjMUkPmBolSIkPo= +-----END CERTIFICATE----- diff --git a/TAO/orbsvcs/tests/Security/ssliop_corbaloc/client.conf b/TAO/orbsvcs/tests/Security/ssliop_corbaloc/client.conf index f1ebc8c1b57..dea4604403a 100644 --- a/TAO/orbsvcs/tests/Security/ssliop_corbaloc/client.conf +++ b/TAO/orbsvcs/tests/Security/ssliop_corbaloc/client.conf @@ -1,6 +1,5 @@ - dynamic SSLIOP_Factory Service_Object * TAO_SSLIOP:_make_TAO_SSLIOP_Protocol_Factory() - "-SSLPrivateKey PEM:pvtkey-client.pem -SSLCertificate PEM:selfsigncert-client.pem" + "-SSLPrivateKey PEM:client_key.pem -SSLCertificate PEM:client_cert.pem -SSLCAfile PEM:cacert.pem" static Resource_Factory "-ORBProtocolFactory SSLIOP_Factory" diff --git a/TAO/orbsvcs/tests/Security/ssliop_corbaloc/client.conf.xml b/TAO/orbsvcs/tests/Security/ssliop_corbaloc/client.conf.xml index 388ce2b122c..11f3ac0aa91 100644 --- a/TAO/orbsvcs/tests/Security/ssliop_corbaloc/client.conf.xml +++ b/TAO/orbsvcs/tests/Security/ssliop_corbaloc/client.conf.xml @@ -2,7 +2,7 @@ <!-- Converted from client.conf by svcconf-convert.pl --> <ACE_Svc_Conf> <dynamic id="SSLIOP_Factory" type="Service_Object"> - <initializer path="TAO_SSLIOP" init="_make_TAO_SSLIOP_Protocol_Factory" params="-SSLPrivateKey PEM:pvtkey-client.pem -SSLCertificate PEM:selfsigncert-client.pem"/> + <initializer path="TAO_SSLIOP" init="_make_TAO_SSLIOP_Protocol_Factory" params="-SSLPrivateKey PEM:client_key.pem -SSLCertificate PEM:client_cert.pem -SSLCAfile PEM:cacert.pem"/> </dynamic> <static id="Resource_Factory" params="-ORBProtocolFactory SSLIOP_Factory"/> </ACE_Svc_Conf> diff --git a/TAO/orbsvcs/tests/Security/ssliop_corbaloc/client.cpp b/TAO/orbsvcs/tests/Security/ssliop_corbaloc/client.cpp index bf458d40749..bce3bba7b98 100644 --- a/TAO/orbsvcs/tests/Security/ssliop_corbaloc/client.cpp +++ b/TAO/orbsvcs/tests/Security/ssliop_corbaloc/client.cpp @@ -12,12 +12,10 @@ */ //============================================================================= - #include "client.h" #include "tao/debug.h" #include "ace/Get_Opt.h" - - +#include <orbsvcs/SecurityLevel2C.h> #if defined (_MSC_VER) # pragma warning (disable : 4250) @@ -182,7 +180,14 @@ CosNaming_Client::parse_args (void) int CosNaming_Client::run (void) { - return test_->execute (naming_client_); + this->activate(); + int rv = test_->execute (naming_client_); + { + CORBA::ORB_var orb = this->orbmgr_.orb(); + orb->shutdown(); + } + this->wait(); + return rv; } CosNaming_Client::~CosNaming_Client (void) @@ -209,6 +214,21 @@ CosNaming_Client::init (int argc, ACE_TCHAR **argv) return -1; CORBA::ORB_var orb = this->orbmgr_.orb (); + + // In order to allow collocated invocations we need to allow unsecured + // collocated invocations to the object else our security manager will + // block the collocated invocation unless you explicitly allow it + CORBA::Object_var sec_man = + orb->resolve_initial_references ("SecurityLevel2:SecurityManager"); + SecurityLevel2::SecurityManager_var sec2manager = + SecurityLevel2::SecurityManager::_narrow (sec_man.in ()); + SecurityLevel2::AccessDecision_var ad_tmp = + sec2manager->access_decision (); + TAO::SL2::AccessDecision_var ad = + TAO::SL2::AccessDecision::_narrow (ad_tmp.in ()); + // Allow unsecured collocated invocations + ad->default_collocated_decision (true); + return this->naming_client_.init (orb.in ()); } catch (const CORBA::Exception& ex) @@ -1061,6 +1081,13 @@ Persistent_Test_End::execute (TAO_Naming_Client &root_context) return 0; } +int CosNaming_Client::svc() +{ + CORBA::ORB_var orb = orbmgr_.orb(); + orb->run (); + return 0; +} + // This function runs the test. int diff --git a/TAO/orbsvcs/tests/Security/ssliop_corbaloc/client.h b/TAO/orbsvcs/tests/Security/ssliop_corbaloc/client.h index 9cb24c8ea14..62789a5d4bd 100644 --- a/TAO/orbsvcs/tests/Security/ssliop_corbaloc/client.h +++ b/TAO/orbsvcs/tests/Security/ssliop_corbaloc/client.h @@ -295,7 +295,7 @@ private: * the server is hidden in the class. Just the <run> interface * is needed. */ -class CosNaming_Client +class CosNaming_Client : public ACE_Task_Base { public: // = Initialization and termination methods. @@ -309,6 +309,8 @@ public: /// Execute client example code. int run (void); + int svc (void); + /// Initialize the client communication endpoint with server. int init (int argc, ACE_TCHAR **argv); diff --git a/TAO/orbsvcs/tests/Security/ssliop_corbaloc/client_cert.pem b/TAO/orbsvcs/tests/Security/ssliop_corbaloc/client_cert.pem new file mode 100644 index 00000000000..b86bd5de1d2 --- /dev/null +++ b/TAO/orbsvcs/tests/Security/ssliop_corbaloc/client_cert.pem @@ -0,0 +1,59 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4097 (0x1001) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=Tennessee, O=DOC Group + Validity + Not Before: Jun 15 14:01:34 2011 GMT + Not After : May 25 14:01:34 2032 GMT + Subject: C=US, ST=Tennessee, O=DOC Group, CN=Build Czar Client + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:cf:7f:8e:42:bf:bb:c0:a6:23:7e:07:a4:13:ba: + b6:ba:cd:4c:ed:c4:9c:97:46:32:dc:d5:e9:63:59: + 59:b8:7c:0d:7a:97:ad:3f:29:dd:fc:40:4e:48:cc: + b2:1b:15:c4:98:59:a8:b0:b0:38:23:d2:d8:81:22: + 27:1b:77:64:d6:40:c0:02:41:b6:db:a8:25:4d:c6: + a1:f5:03:f6:fa:8a:d3:1c:b5:a4:a9:4c:a5:62:19: + 89:e3:dc:d8:ac:68:47:96:0f:3c:10:1a:ec:00:81: + 10:aa:13:3d:99:48:3a:ae:2b:ac:b9:de:5b:20:7c: + 06:4e:57:64:af:2d:b3:88:ef + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + 6F:13:BA:8B:91:ED:FA:22:DC:28:26:D4:74:5C:46:A7:B2:B2:A9:10 + X509v3 Authority Key Identifier: + keyid:FD:73:BE:F4:33:33:38:18:9F:B9:9C:69:D4:12:FE:81:31:95:03:0A + + Signature Algorithm: sha1WithRSAEncryption + bc:6f:d5:c7:68:a0:3c:8d:3a:39:61:ff:50:80:c7:a3:b9:28: + aa:c8:7b:7e:2d:af:26:e1:0a:39:94:9d:a8:94:c8:cd:82:f5: + a5:fc:d1:df:3d:3f:55:c7:5b:f9:89:14:78:59:d6:64:2d:32: + 42:23:d9:96:9c:50:34:d2:81:17:e3:cc:09:57:13:fc:ae:3b: + ed:ff:55:03:d5:c2:dd:a5:5a:f1:c5:66:55:9f:a2:77:74:2f: + 76:84:93:7c:03:b9:c1:9f:df:41:20:06:57:e4:e2:eb:e7:10: + 67:42:63:02:d1:a8:53:f1:4d:9b:91:71:37:e4:c2:02:dd:e1: + b9:04 +-----BEGIN CERTIFICATE----- +MIICeDCCAeGgAwIBAgICEAEwDQYJKoZIhvcNAQEFBQAwNTELMAkGA1UEBhMCVVMx +EjAQBgNVBAgTCVRlbm5lc3NlZTESMBAGA1UEChMJRE9DIEdyb3VwMB4XDTExMDYx +NTE0MDEzNFoXDTMyMDUyNTE0MDEzNFowUTELMAkGA1UEBhMCVVMxEjAQBgNVBAgT +CVRlbm5lc3NlZTESMBAGA1UEChMJRE9DIEdyb3VwMRowGAYDVQQDExFCdWlsZCBD +emFyIENsaWVudDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAz3+OQr+7wKYj +fgekE7q2us1M7cScl0Yy3NXpY1lZuHwNepetPynd/EBOSMyyGxXEmFmosLA4I9LY +gSInG3dk1kDAAkG226glTcah9QP2+orTHLWkqUylYhmJ49zYrGhHlg88EBrsAIEQ +qhM9mUg6riusud5bIHwGTldkry2ziO8CAwEAAaN7MHkwCQYDVR0TBAIwADAsBglg +hkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0O +BBYEFG8TuouR7foi3Cgm1HRcRqeysqkQMB8GA1UdIwQYMBaAFP1zvvQzMzgYn7mc +adQS/oExlQMKMA0GCSqGSIb3DQEBBQUAA4GBALxv1cdooDyNOjlh/1CAx6O5KKrI +e34trybhCjmUnaiUyM2C9aX80d89P1XHW/mJFHhZ1mQtMkIj2ZacUDTSgRfjzAlX +E/yuO+3/VQPVwt2lWvHFZlWfond0L3aEk3wDucGf30EgBlfk4uvnEGdCYwLRqFPx +TZuRcTfkwgLd4bkE +-----END CERTIFICATE----- diff --git a/TAO/orbsvcs/tests/Security/ssliop_corbaloc/client_key.pem b/TAO/orbsvcs/tests/Security/ssliop_corbaloc/client_key.pem new file mode 100644 index 00000000000..e761037f237 --- /dev/null +++ b/TAO/orbsvcs/tests/Security/ssliop_corbaloc/client_key.pem @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQDPf45Cv7vApiN+B6QTura6zUztxJyXRjLc1eljWVm4fA16l60/ +Kd38QE5IzLIbFcSYWaiwsDgj0tiBIicbd2TWQMACQbbbqCVNxqH1A/b6itMctaSp +TKViGYnj3NisaEeWDzwQGuwAgRCqEz2ZSDquK6y53lsgfAZOV2SvLbOI7wIDAQAB +AoGACTQ0QDu2/U2hR2bZXVKr5k9S+Tz+YSto+Ci46II/G5LNGkH+Gk4mHZlQn6QM +xmzJwqQ/ek7mvpgMqHW2XF6IZ3AUmgNqpKdkFMbmkRworAEGRHvJcXy6RhiZI4kv +UQWc9qEBA6/iR/B0sGsCgTTkv4davCs+5You5+oSyRiRu7kCQQDuQTkSkNm7fwFS +lrEGmJjzJ3gXMHuv/lL2n2HJV67BBv7Aq7JDdciVLr90chcmXkIwPCywbdWVV9jz +HWQ6GXKTAkEA3vPm3CKRHMFoSGwiX6qhM2432yLIlpjlfmSj3S6LnhhTJhYS6KMO +6Ddv4vZ20zl3r4GAaXOyMTtZ6vQlZ8W9tQJBAMvRAAHh6GF9RKRiRQ5ffHiGSzWL +RERKTK6tqfmUCOsYENbCCr2rBOyaES6Ma0FnYTfiQlirnQslG3Lesd8B5gECQQDS +FG6PNP8ZYmDaBRJqpIQayxtUoDT0OoPckgYZrvcd8/u9YoVUsfik9T+3U9dpdrgB +JvyR4NOiMjOrAXyRiLEVAkA9DutrYXzznEAyOvEEtyK92Eb2oTpu1svzRATc/i0w +UTwLkFi+1m24HJ5MIGyRTHsNj79lj5v5U91lGIINHXXU +-----END RSA PRIVATE KEY----- diff --git a/TAO/orbsvcs/tests/Security/ssliop_corbaloc/corbaloc_ssliop.mpc b/TAO/orbsvcs/tests/Security/ssliop_corbaloc/corbaloc_ssliop.mpc index 9070ed3509e..e46d1c03545 100644 --- a/TAO/orbsvcs/tests/Security/ssliop_corbaloc/corbaloc_ssliop.mpc +++ b/TAO/orbsvcs/tests/Security/ssliop_corbaloc/corbaloc_ssliop.mpc @@ -1,5 +1,5 @@ // -*- MPC -*- -project(*Client) : namingexe, portableserver, utils { +project(*Client) : namingexe, portableserver, utils, security, ssliop { exename = client Source_Files { client.cpp diff --git a/TAO/orbsvcs/tests/Security/ssliop_corbaloc/pvtkey-client.pem b/TAO/orbsvcs/tests/Security/ssliop_corbaloc/pvtkey-client.pem deleted file mode 100644 index cf53308cae2..00000000000 --- a/TAO/orbsvcs/tests/Security/ssliop_corbaloc/pvtkey-client.pem +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXwIBAAKBgQD3LcZOo8tF7BHEYMsm5pn3zYV+u6NhhvPC5G5bErY8qi8Xt4CZ -PSQPm4JmVFvLsY2H6Eme8Oe7j4bCquRuB1D/U5auKdINQ1aG2CgKqPtBy1SliHE3 -FD1Ht43O+z2mRzGHtqLowhEvFEpEVHcJLUQ7HVHPJaRNQkn80DA/nN9+5wIDAQAB -AoGBANpBJPWTU43uINIR1dAHlrRkWRfKfz1CeEMCiR8JqrhuXR7H/VlRz2Goor/Q -hS2bHal/xmH9veCznv6M/x7Yfv74hhUJxyqngNxbwGI4G+LfR3/x1fqVcweDGmv6 -LYLL4JWyDLEL5I3PEZP/dUnT6+bmmuXWU5z83itqYw8VRbsBAkEA/MnqXFlWl1KF -jTee5pijKOXGAvllrpN8MkTKM2MdjltzOkuhC1OEwhXYy86e90gRQvXAs3t7A4dT -Q5/eUYHgYQJBAPpRnYcqqDP0Rj/JqMDapwIVjMoMDQP+thB4Ey6fSRC7dYiX4+Qo -cyX8j0YnF0RYl426+Qv2O6egmOmzrQwQxEcCQQDAfUBocd7t+3iWv/PPxAr56X2O -Zjp3ZPb9kEQoPSEUda6YhV5sMXy2Dcy35O5Hfikmw9uo0C4r0bAlnma7yhoBAkEA -tI0/6ansDyVnskTbktdj1Q4EMgxFKxeC7RgfBebghdAg87hTKVO/0qt8EGbL0oFw -N0ugrW8bEkq1YQQ3kldZqwJBAJPIe/NE+NhSOoSo3kEQ70SkjU5EB2sbVxhjq6ci -UdXa+EOAna5JS5ZFMDq4AI+qU8OoSgI26hdH5S8lf10fIDo= ------END RSA PRIVATE KEY----- - diff --git a/TAO/orbsvcs/tests/Security/ssliop_corbaloc/pvtkey.pem b/TAO/orbsvcs/tests/Security/ssliop_corbaloc/pvtkey.pem deleted file mode 100644 index 81ba8e3f968..00000000000 --- a/TAO/orbsvcs/tests/Security/ssliop_corbaloc/pvtkey.pem +++ /dev/null @@ -1,10 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIBOwIBAAJBAPXZ7YNyFU8T8PVitNwZmdwuc4tG64V/lDYHnmzolmFPQ6gvI2uo -KBQeHeJFPI6LJ5TGb8hCnypy+zbc+pve8vECAwEAAQJAE/fmZbW/a1PYT2X8AKCH -sa2ILvjMqmQpWpYV1QyzIiYQPEmQ/5GMUj/t3PZd/17BOH8aPakBT/c1Gp+os6vR -zQIhAP2RDmm6UyMrJhAtAcNC5s8nbfhKPG80Q0DZ2kiodjQfAiEA+DXqwEZlCh0j -VPzEXY7vrdQa641zQ5XIX1S/+WbCdu8CIDT9m4V86uLuoYW/4h5sXM/t7Y119itH -QMbMwFFu40UBAiEA9z+mN6An2BpMbsVXyiavREYMBuahkgprTeM7VHHzdssCIQCY -QEgmpzGzfdZoREy9B7ooNeRO919lR9qvbte9vvJvWQ== ------END RSA PRIVATE KEY----- - diff --git a/TAO/orbsvcs/tests/Security/ssliop_corbaloc/run_test.pl b/TAO/orbsvcs/tests/Security/ssliop_corbaloc/run_test.pl index fc09f50e2ef..a2b3352b09b 100755 --- a/TAO/orbsvcs/tests/Security/ssliop_corbaloc/run_test.pl +++ b/TAO/orbsvcs/tests/Security/ssliop_corbaloc/run_test.pl @@ -120,6 +120,8 @@ $orb_debug_level = ($quiet || $debug_level == 0) ? "" : "-ORBDebugLevel $debug_ @opts = ( "-s -ORBInitRef NameService=corbaloc:ssliop:$TARGETHOSTNAME:$ns_ssl_port/NameService" . " -ORBSvcConf $cli_cliconffile $orb_debug_level", + "-s -ORBInitRef NameService=corbaloc:ssliop:$TARGETHOSTNAME:$ns_ssl_port,iiop:$TARGETHOSTNAME:$ns_orb_port/NameService" + . " -ORBSvcConf $cli_cliconffile $orb_debug_level", "-t -ORBInitRef NameService=corbaloc:ssliop:$TARGETHOSTNAME:$ns_ssl_port/NameService" . " -ORBSvcConf $cli_cliconffile $orb_debug_level", "-i -ORBInitRef NameService=corbaloc:ssliop:$TARGETHOSTNAME:$ns_ssl_port/NameService" @@ -142,11 +144,13 @@ $orb_debug_level = ($quiet || $debug_level == 0) ? "" : "-ORBDebugLevel $debug_ . " -ORBSvcConf $ns_nsconffile $orb_debug_level", "-ORBEndpoint iiop://$TARGETHOSTNAME:$ns_orb_port/ssl_port=$ns_ssl_port" . " -ORBSvcConf $ns_nsconffile $orb_debug_level", - + "-ORBEndpoint iiop://$TARGETHOSTNAME:$ns_orb_port/ssl_port=$ns_ssl_port" + . " -ORBSvcConf $ns_nsconffile $orb_debug_level", ); @comments = ( "(SSL) Simple Test:", + "(SSL) Simple Multi-Profile Corbaloc Test:", "(SSL) Tree Test:", "(SSL) Iterator Test:", "(SSL) Exceptions Test:", diff --git a/TAO/orbsvcs/tests/Security/ssliop_corbaloc/selfsigncert-client.pem b/TAO/orbsvcs/tests/Security/ssliop_corbaloc/selfsigncert-client.pem deleted file mode 100644 index dc0a69d76e6..00000000000 --- a/TAO/orbsvcs/tests/Security/ssliop_corbaloc/selfsigncert-client.pem +++ /dev/null @@ -1,24 +0,0 @@ ------BEGIN CERTIFICATE----- -MIID3zCCA0igAwIBAgIBADANBgkqhkiG9w0BAQUFADCBrDELMAkGA1UEBhMCVVMx -ETAPBgNVBAgTCE1pc3NvdXJpMRMwEQYDVQQHEwpDcmV2ZSBDb3JlMR4wHAYDVQQK -ExVPYmplY3QgQ29tcHV0aW5nIEluYy4xETAPBgNVBAsTCFRBTyBUZWFtMRswGQYD -VQQDExJvY2kxMTc5Lm9jaXdlYi5jb20xJTAjBgkqhkiG9w0BCQEWFmplbGlhemtv -dl9pQG9jaXdlYi5jb20wHhcNMDQwOTEwMTY0MjMwWhcNMDUwOTEwMTY0MjMxWjCB -rDELMAkGA1UEBhMCVVMxETAPBgNVBAgTCE1pc3NvdXJpMRMwEQYDVQQHEwpDcmV2 -ZSBDb3JlMR4wHAYDVQQKExVPYmplY3QgQ29tcHV0aW5nIEluYy4xETAPBgNVBAsT -CFRBTyBUZWFtMRswGQYDVQQDExJvY2kxMTc5Lm9jaXdlYi5jb20xJTAjBgkqhkiG -9w0BCQEWFmplbGlhemtvdl9pQG9jaXdlYi5jb20wgZ8wDQYJKoZIhvcNAQEBBQAD -gY0AMIGJAoGBAPctxk6jy0XsEcRgyybmmffNhX67o2GG88LkblsStjyqLxe3gJk9 -JA+bgmZUW8uxjYfoSZ7w57uPhsKq5G4HUP9Tlq4p0g1DVobYKAqo+0HLVKWIcTcU -PUe3jc77PaZHMYe2oujCES8USkRUdwktRDsdUc8lpE1CSfzQMD+c337nAgMBAAGj -ggENMIIBCTAdBgNVHQ4EFgQUgtnhUdIQh1ESq81PL+urdJj1LRkwgdkGA1UdIwSB -0TCBzoAUgtnhUdIQh1ESq81PL+urdJj1LRmhgbKkga8wgawxCzAJBgNVBAYTAlVT -MREwDwYDVQQIEwhNaXNzb3VyaTETMBEGA1UEBxMKQ3JldmUgQ29yZTEeMBwGA1UE -ChMVT2JqZWN0IENvbXB1dGluZyBJbmMuMREwDwYDVQQLEwhUQU8gVGVhbTEbMBkG -A1UEAxMSb2NpMTE3OS5vY2l3ZWIuY29tMSUwIwYJKoZIhvcNAQkBFhZqZWxpYXpr -b3ZfaUBvY2l3ZWIuY29tggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD -gYEAVZSDOJ40+iAJPb1GZWmmh5y5Y1DVXsQF5vRENYq15Pi5Y9GBhHaYFn3qjN2U -+zyO2Cp2IJJG4HNazhBoDEj7EhDsxEyOYZiG2pd6BLe1dPl/viy6ysvdijjpcXw7 -bFPbXpCIa5rg8VKQsGYscWerLxvi79uoo+p6DrOU1FxDcYo= ------END CERTIFICATE----- - diff --git a/TAO/orbsvcs/tests/Security/ssliop_corbaloc/selfsigncert.pem b/TAO/orbsvcs/tests/Security/ssliop_corbaloc/selfsigncert.pem deleted file mode 100644 index e616730ca63..00000000000 --- a/TAO/orbsvcs/tests/Security/ssliop_corbaloc/selfsigncert.pem +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICeDCCAiKgAwIBAgIBADANBgkqhkiG9w0BAQQFADBjMQswCQYDVQQGEwJVUzEL -MAkGA1UECBMCTU8xDDAKBgNVBAcTA1NUTDELMAkGA1UEChMCV1UxDDAKBgNVBAsT -A0RPQzELMAkGA1UEAxMCS0ExETAPBgkqhkiG9w0BCQEWAktBMB4XDTAxMDgyNzE2 -NTUxMVoXDTAxMDkyNjE2NTUxMVowYzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1P -MQwwCgYDVQQHEwNTVEwxCzAJBgNVBAoTAldVMQwwCgYDVQQLEwNET0MxCzAJBgNV -BAMTAktBMREwDwYJKoZIhvcNAQkBFgJLQTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgC -QQD12e2DchVPE/D1YrTcGZncLnOLRuuFf5Q2B55s6JZhT0OoLyNrqCgUHh3iRTyO -iyeUxm/IQp8qcvs23Pqb3vLxAgMBAAGjgcAwgb0wHQYDVR0OBBYEFL8LnC8csuIX -+TUw6FCoReB27PHoMIGNBgNVHSMEgYUwgYKAFL8LnC8csuIX+TUw6FCoReB27PHo -oWekZTBjMQswCQYDVQQGEwJVUzELMAkGA1UECBMCTU8xDDAKBgNVBAcTA1NUTDEL -MAkGA1UEChMCV1UxDDAKBgNVBAsTA0RPQzELMAkGA1UEAxMCS0ExETAPBgkqhkiG -9w0BCQEWAktBggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADQQAZP9CT -TVRxAz3Acxxxn32rsnwSeNJr1uTA4hew7f4QZ187oZia+rcFLOILrwgCmtqEmWVj -dj6COUrqKo60BI5V ------END CERTIFICATE----- diff --git a/TAO/orbsvcs/tests/Security/ssliop_corbaloc/server.conf b/TAO/orbsvcs/tests/Security/ssliop_corbaloc/server.conf index ccf92593f69..2310cda1145 100644 --- a/TAO/orbsvcs/tests/Security/ssliop_corbaloc/server.conf +++ b/TAO/orbsvcs/tests/Security/ssliop_corbaloc/server.conf @@ -1,6 +1,6 @@ dynamic SSLIOP_Factory Service_Object * TAO_SSLIOP:_make_TAO_SSLIOP_Protocol_Factory() - "-SSLPrivateKey PEM:pvtkey.pem -SSLCertificate PEM:selfsigncert.pem" + "-SSLPrivateKey PEM:server_key.pem -SSLCertificate PEM:server_cert.pem -SSLCAfile PEM:cacert.pem" static Resource_Factory "-ORBProtocolFactory SSLIOP_Factory" diff --git a/TAO/orbsvcs/tests/Security/ssliop_corbaloc/server.conf.xml b/TAO/orbsvcs/tests/Security/ssliop_corbaloc/server.conf.xml index 42d208bc1e8..4a0945ff435 100644 --- a/TAO/orbsvcs/tests/Security/ssliop_corbaloc/server.conf.xml +++ b/TAO/orbsvcs/tests/Security/ssliop_corbaloc/server.conf.xml @@ -2,7 +2,7 @@ <!-- Converted from server.conf by svcconf-convert.pl --> <ACE_Svc_Conf> <dynamic id="SSLIOP_Factory" type="Service_Object"> - <initializer path="TAO_SSLIOP" init="_make_TAO_SSLIOP_Protocol_Factory" params="-SSLPrivateKey PEM:pvtkey.pem -SSLCertificate PEM:selfsigncert.pem"/> + <initializer path="TAO_SSLIOP" init="_make_TAO_SSLIOP_Protocol_Factory" params="-SSLPrivateKey PEM:server_key.pem -SSLCertificate PEM:server_cert.pem -SSLCAfile PEM:cacert.pem"/> </dynamic> <static id="Resource_Factory" params="-ORBProtocolFactory SSLIOP_Factory"/> </ACE_Svc_Conf> diff --git a/TAO/orbsvcs/tests/Security/ssliop_corbaloc/server_cert.pem b/TAO/orbsvcs/tests/Security/ssliop_corbaloc/server_cert.pem new file mode 100644 index 00000000000..5402ae2497a --- /dev/null +++ b/TAO/orbsvcs/tests/Security/ssliop_corbaloc/server_cert.pem @@ -0,0 +1,59 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4096 (0x1000) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=Tennessee, O=DOC Group + Validity + Not Before: Jun 15 14:01:15 2011 GMT + Not After : May 25 14:01:15 2032 GMT + Subject: C=US, ST=Tennessee, O=DOC Group, CN=DOC Group Build Czar Server + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:b2:03:27:b9:d6:24:a4:6d:e1:9f:0e:d7:8a:71: + 86:62:df:2b:f8:64:3b:51:53:e0:fa:71:9a:c2:10: + 40:97:bd:06:27:43:5a:1a:1c:62:f4:ca:3e:b3:b9: + 20:16:89:a2:aa:2e:1e:97:3a:70:3d:fe:f7:ff:ba: + d5:1e:b2:68:07:7e:d0:68:18:8a:3b:aa:9c:01:0e: + 1e:ef:b5:97:96:d5:0b:a5:a0:fd:a3:02:21:b5:5a: + 6f:e4:c1:36:bf:61:7b:40:ac:73:03:3d:40:75:e7: + 9d:ba:22:ab:95:81:8b:74:9e:fa:df:27:18:a7:7f: + 23:83:36:f0:15:22:22:db:7b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + 0C:27:05:12:9B:D5:4B:F9:43:32:6B:77:7B:A2:0D:34:7F:6C:0A:BC + X509v3 Authority Key Identifier: + keyid:FD:73:BE:F4:33:33:38:18:9F:B9:9C:69:D4:12:FE:81:31:95:03:0A + + Signature Algorithm: sha1WithRSAEncryption + 0d:bf:65:2a:a5:02:75:6c:c4:5a:3c:1d:3c:25:51:16:1a:f8: + 78:ad:49:f6:f4:a4:c1:97:e4:c8:0b:ac:9e:71:0e:be:1e:e6: + 1d:2e:c7:d2:4f:1e:e8:c7:21:7c:58:27:0e:6d:93:11:7e:64: + 24:57:44:c1:c1:5a:d0:76:82:79:70:82:36:06:f2:48:60:e8: + 6a:20:a7:92:09:00:73:75:b2:f9:cb:97:35:d6:aa:8e:87:11: + 20:e2:dd:8a:c3:9c:c4:aa:f0:57:04:4e:e2:b3:8b:fb:9a:4f: + 4b:60:b7:2e:3b:89:98:38:02:25:24:ff:b1:f1:c0:ad:01:eb: + 37:bd +-----BEGIN CERTIFICATE----- +MIICgjCCAeugAwIBAgICEAAwDQYJKoZIhvcNAQEFBQAwNTELMAkGA1UEBhMCVVMx +EjAQBgNVBAgTCVRlbm5lc3NlZTESMBAGA1UEChMJRE9DIEdyb3VwMB4XDTExMDYx +NTE0MDExNVoXDTMyMDUyNTE0MDExNVowWzELMAkGA1UEBhMCVVMxEjAQBgNVBAgT +CVRlbm5lc3NlZTESMBAGA1UEChMJRE9DIEdyb3VwMSQwIgYDVQQDExtET0MgR3Jv +dXAgQnVpbGQgQ3phciBTZXJ2ZXIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB +ALIDJ7nWJKRt4Z8O14pxhmLfK/hkO1FT4PpxmsIQQJe9BidDWhocYvTKPrO5IBaJ +oqouHpc6cD3+9/+61R6yaAd+0GgYijuqnAEOHu+1l5bVC6Wg/aMCIbVab+TBNr9h +e0CscwM9QHXnnboiq5WBi3Se+t8nGKd/I4M28BUiItt7AgMBAAGjezB5MAkGA1Ud +EwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmlj +YXRlMB0GA1UdDgQWBBQMJwUSm9VL+UMya3d7og00f2wKvDAfBgNVHSMEGDAWgBT9 +c770MzM4GJ+5nGnUEv6BMZUDCjANBgkqhkiG9w0BAQUFAAOBgQANv2UqpQJ1bMRa +PB08JVEWGvh4rUn29KTBl+TIC6yecQ6+HuYdLsfSTx7oxyF8WCcObZMRfmQkV0TB +wVrQdoJ5cII2BvJIYOhqIKeSCQBzdbL5y5c11qqOhxEg4t2Kw5zEqvBXBE7is4v7 +mk9LYLcuO4mYOAIlJP+x8cCtAes3vQ== +-----END CERTIFICATE----- diff --git a/TAO/orbsvcs/tests/Security/ssliop_corbaloc/server_key.pem b/TAO/orbsvcs/tests/Security/ssliop_corbaloc/server_key.pem new file mode 100644 index 00000000000..be238899a9f --- /dev/null +++ b/TAO/orbsvcs/tests/Security/ssliop_corbaloc/server_key.pem @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXgIBAAKBgQCyAye51iSkbeGfDteKcYZi3yv4ZDtRU+D6cZrCEECXvQYnQ1oa +HGL0yj6zuSAWiaKqLh6XOnA9/vf/utUesmgHftBoGIo7qpwBDh7vtZeW1QuloP2j +AiG1Wm/kwTa/YXtArHMDPUB15526IquVgYt0nvrfJxinfyODNvAVIiLbewIDAQAB +AoGAMV1KoPBPjQGjtbYp84xz1etJiEJTaMQ3+XuTjQlwwCN9F1pIHEGO9482QCSw +T0+vuj274fgktCyGnXY0L6UNz7+0wNhUj5oP2IeJdmgcJbv9tcR126rhryr4bx6H +2sZdLL4MtxjzRNkURS748zeGET/NuIhpQ4YjnUJ27YOeNtECQQDiItcRkyfMcj+r +/8JU8h9ifOV5tMOyPV4z6Hfli1X+Xa1OcIieE2nzkaa9LHPEi3+LNw41LItUDbMZ +/Aztm4VVAkEAyYVbbbebVrgoOF7ueafHZeNToc96FEn04H+tN8AgwaI4+U1Q7oga +EAjVD++e0NfUUJpeyiygBa9NlzB9XYXdjwJBAJobUCHD/R1Qxp96fn7ROh4uK1xT +mgG/3JDXXc3qtMHSKScJfbDsXgoFOnI09vf8cQD4lhAauSCg7WtJ362VjLkCQQCu +eVRoUNAgK78+1wo3sAiWcVRGQyDaEhH+kOxC2YhCvZYAWm1Yp+OQwGTfsEHbZRIA +Wzb4adx+L4HJBYV1BGKHAkEAvSCAANbm8iaLkCG4EfEyrhIpbJDY2Cx3WO08+ZOz +ekMspMikGmMQfXXroBpnJ8SGVLYSjf2hQQySwDa00hmyBA== +-----END RSA PRIVATE KEY----- |