Merge branch 'lars/test_case_bugs'

lthor · lthor · commit a730c16c247f · 2024-04-25T13:17:21.000+02:00
* lars/test_case_bugs:
  Fix failing test cases
diff --git a/lib/orber/test/Makefile b/lib/orber/test/Makefile
@@ -48,6 +48,7 @@ IDL_FILES = \
 IDLOUTDIR = idl_output
 
 MODULES =  \
+	cert_gen \
 	cdrcoding_11_SUITE \
 	cdrcoding_10_SUITE \
 	cdrcoding_12_SUITE \
diff --git a/lib/orber/test/cert_gen.erl b/lib/orber/test/cert_gen.erl
@@ -0,0 +1,153 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2017-2023. All Rights Reserved.
+%%
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
+%%
+%%     http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+%%
+
+-module(cert_gen).
+
+-include_lib("public_key/include/public_key.hrl").
+
+-export([cert_key_gen/0, cert_key_gen/1, extensions/1, gen_pem_config_files/3]).
+
+-define(DEFAULT_CURVE, secp256r1).
+
+cert_key_gen() ->
+    cert_key_gen(".").
+
+cert_key_gen(Path) ->
+    CertChainConf = #{server_chain => 
+                          #{root => [{digest, sha256}, {key,hardcode_rsa_key(1)}],
+                            peer => [{digest, sha256}, {key,hardcode_rsa_key(2)}]},
+                      client_chain =>  
+                          #{root => [{digest, sha256}, {key,hardcode_rsa_key(1)}],
+                            peer => [{digest, sha256}, {key,hardcode_rsa_key(2)}]}},
+    GenCertData = public_key:pkix_test_data(CertChainConf),
+    %io:format("GenCertData: ~p\n", [GenCertData]),
+    gen_pem_config_files(GenCertData, Path ++ "/xcmtest", Path ++ "/xcmtest").
+
+
+gen_pem_config_files(#{server_config := ServerConf,
+                       client_config := ClientConf}, ClientBase, ServerBase) ->
+    
+    ServerCaCertFile = ServerBase ++ "_server_cacerts.pem",
+    ServerCertFile = ServerBase ++ "_server_cert.pem",
+    ServerKeyFile = ServerBase ++ "_server_key.pem",
+    
+    ClientCaCertFile = ClientBase ++ "_client_cacerts.pem",
+    ClientCertFile =  ClientBase ++ "_client_cert.pem",
+    ClientKeyFile = ClientBase ++ "_client_key.pem",
+
+    do_gen_pem_config_files(ServerConf,
+                            ServerCertFile,
+                            ServerKeyFile,
+                            ServerCaCertFile),        
+    do_gen_pem_config_files(ClientConf,
+                            ClientCertFile,
+                            ClientKeyFile,
+                            ClientCaCertFile),
+    [{server_config, [{certfile, ServerCertFile}, 
+                      {keyfile, ServerKeyFile}, {cacertfile, ServerCaCertFile}]}, 
+     {client_config, [{certfile, ClientCertFile}, 
+                      {keyfile, ClientKeyFile}, {cacertfile, ClientCaCertFile}]}].
+extensions(Exts) ->
+    [extension(Ext) || Ext <- Exts].
+
+
+do_gen_pem_config_files(Config, CertFile, KeyFile, CAFile) ->
+    CAs = proplists:get_value(cacerts, Config),
+    Cert = proplists:get_value(cert, Config),
+    Key = proplists:get_value(key, Config),
+    der_to_pem(CertFile, [cert_entry(Cert)]),
+    der_to_pem(KeyFile, [key_entry(Key)]),
+    der_to_pem(CAFile, ca_entries(CAs)).
+
+cert_entry(Cert) ->
+    {'Certificate', Cert, not_encrypted}.
+
+key_entry({'RSAPrivateKey', DERKey}) ->
+    {'RSAPrivateKey', DERKey, not_encrypted};
+key_entry({'DSAPrivateKey', DERKey}) ->
+    {'DSAPrivateKey', DERKey, not_encrypted};
+key_entry({'ECPrivateKey', DERKey}) ->
+    {'ECPrivateKey', DERKey, not_encrypted}.
+
+ca_entries(CAs) ->
+    [{'Certificate', CACert, not_encrypted} || CACert <- CAs].
+
+extension({_, undefined}) ->
+    [];
+extension({basic_constraints, Data}) ->
+    case Data of
+	default ->
+	    #'Extension'{extnID = ?'id-ce-basicConstraints',
+			 extnValue = #'BasicConstraints'{cA=true},
+			 critical=true};
+	false -> 
+	    [];
+	Len when is_integer(Len) ->
+	    #'Extension'{extnID = ?'id-ce-basicConstraints',
+			 extnValue = #'BasicConstraints'{cA=true, pathLenConstraint = Len},
+			 critical = true};
+	_ ->
+	    #'Extension'{extnID = ?'id-ce-basicConstraints',
+			 extnValue = Data}
+    end;
+extension({key_usage, Value}) ->
+    #'Extension'{extnID = ?'id-ce-keyUsage',
+                 extnValue = Value,
+                 critical = false};
+extension({subject_alt, Hostname}) ->
+    #'Extension'{extnID = ?'id-ce-subjectAltName',
+                 extnValue = [{dNSName, Hostname}],
+                 critical = false};
+extension({Id, Data, Critical}) ->
+    #'Extension'{extnID = Id, extnValue = Data, critical = Critical}.
+
+der_to_pem(File, Entries) ->
+    %%io:format("File: ~p\nEntries: ~p\n", [File, Entries]),
+    PemBin = public_key:pem_encode(Entries),
+    file:write_file(File, PemBin).
+
+
+hardcode_rsa_key(1) ->
+    #'RSAPrivateKey'{
+       version = 'two-prime',
+       modulus = 23995666614853919027835084074500048897452890537492185072956789802729257783422306095699263934587064480357348855732149402060270996295002843755712064937715826848741191927820899197493902093529581182351132392364214171173881547273475904587683433713767834856230531387991145055273426806331200574039205571401702219159773947658558490957010003143162250693492642996408861265758000254664396313741422909188635443907373976005987612936763564996605457102336549804831742940035613780926178523017685712710473543251580072875247250504243621640157403744718833162626193206685233710319205099867303242759099560438381385658382486042995679707669,
+       publicExponent = 17,
+       privateExponent = 11292078406990079542510627799764728892919007311761028269626724613049062486316379339152594792746853873109340637991599718616598115903530750002688030558925094987642913848386305504703012749896273497577003478759630198199473669305165131570674557041773098755873191241407597673069847908861741446606684974777271632545629600685952292605647052193819136445675100211504432575554351515262198132231537860917084269870590492135731720141577986787033006338680118008484613510063003323516659048210893001173583018220214626635609151105287049126443102976056146630518124476470236027123782297108342869049542023328584384300970694412006494684657,
+       prime1 = 169371138592582642967021557955633494538845517070305333860805485424261447791289944610138334410987654265476540480228705481960508520379619587635662291973699651583489223555422528867090299996446070521801757353675026048850480903160224210802452555900007597342687137394192939372218903554801584969667104937092080815197,
+       prime2 = 141675062317286527042995673340952251894209529891636708844197799307963834958115010129693036021381525952081167155681637592199810112261679449166276939178032066869788822014115556349519329537177920752776047051833616197615329017439297361972726138285974555338480581117881706656603857310337984049152655480389797687577,
+       exponent1 = 119556097830058336212015217380447172615655659108450823901745048534772786676204666783627059584226579481512852103690850928442711896738555003036938088452023283470698275450886490965004917644550167427154181661417665446247398284583687678213495921811770068712485038160606780733330990744565824684470897602653233516609,
+       exponent2 = 41669135975672507953822256864985956439473391144599032012999352737636422046504414744027363535700448809435637398729893409470532385959317485048904982111185902020526124121798693043976273393287623750816484427009887116945685005129205106462566511260580751570141347387612266663707016855981760014456663376585234613993,
+       coefficient = 76837684977089699359024365285678488693966186052769523357232308621548155587515525857011429902602352279058920284048929101483304120686557782043616693940283344235057989514310975192908256494992960578961614059245280827077951132083993754797053182279229469590276271658395444955906108899267024101096069475145863928441,
+       otherPrimeInfos = asn1_NOVALUE};
+
+hardcode_rsa_key(2) -> 
+    #'RSAPrivateKey'{ 
+       version = 'two-prime',
+       modulus = 25089040456112869869472694987833070928503703615633809313972554887193090845137746668197820419383804666271752525807484521370419854590682661809972833718476098189250708650325307850184923546875260207894844301992963978994451844985784504212035958130279304082438876764367292331581532569155681984449177635856426023931875082020262146075451989132180409962870105455517050416234175675478291534563995772675388370042873175344937421148321291640477650173765084699931690748536036544188863178325887393475703801759010864779559318631816411493486934507417755306337476945299570726975433250753415110141783026008347194577506976486290259135429,
+       publicExponent = 17,
+       privateExponent = 8854955455098659953931539407470495621824836570223697404931489960185796768872145882893348383311931058684147950284994536954265831032005645344696294253579799360912014817761873358888796545955974191021709753644575521998041827642041589721895044045980930852625485916835514940558187965584358347452650930302268008446431977397918214293502821599497633970075862760001650736520566952260001423171553461362588848929781360590057040212831994258783694027013289053834376791974167294527043946669963760259975273650548116897900664646809242902841107022557239712438496384819445301703021164043324282687280801738470244471443835900160721870265,
+       prime1 = 171641816401041100605063917111691927706183918906535463031548413586331728772311589438043965564336865070070922328258143588739626712299625805650832695450270566547004154065267940032684307994238248203186986569945677705100224518137694769557564475390859269797990555863306972197736879644001860925483629009305104925823,
+       prime2 =146170909759497809922264016492088453282310383272504533061020897155289106805616042710009332510822455269704884883705830985184223718261139908416790475825625309815234508695722132706422885088219618698987115562577878897003573425367881351537506046253616435685549396767356003663417208105346307649599145759863108910523,
+       exponent1 = 60579464612132153154728441333538327425711971378777222246428851853999433684345266860486105493295364142377972586444050678378691780811632637288529186629507258781295583787741625893888579292084087601124818789392592131211843947578009918667375697196773859928702549128225990187436545756706539150170692591519448797349,
+       exponent2 = 137572620950115585809189662580789132500998007785886619351549079675566218169991569609420548245479957900898715184664311515467504676010484619686391036071176762179044243478326713135456833024206699951987873470661533079532774988581535389682358631768109586527575902839864474036157372334443583670210960715165278974609,
+       coefficient = 15068630434698373319269196003209754243798959461311186548759287649485250508074064775263867418602372588394608558985183294561315208336731894947137343239541687540387209051236354318837334154993136528453613256169847839789803932725339395739618592522865156272771578671216082079933457043120923342632744996962853951612,
+       otherPrimeInfos = asn1_NOVALUE}.
diff --git a/lib/orber/test/csiv2_SUITE.erl b/lib/orber/test/csiv2_SUITE.erl
@@ -361,9 +361,11 @@ end_per_testcase(_Case, Config) ->
     ok.
 
 init_per_suite(Config) ->
+    Dir = filename:dirname(code:which(?MODULE)),
+    cert_gen:cert_key_gen(Dir), %% Generate cert and keyfiles
     try crypto:start() of
         ok ->
-	    case orber_test_lib:ssl_version() of
+	    case orber_test_lib:ssl_available() of
 		no_ssl ->
 		    {skip, "SSL is not installed!"};
 		_ ->
diff --git a/lib/orber/test/multi_ORB_SUITE.erl b/lib/orber/test/multi_ORB_SUITE.erl
@@ -55,7 +55,6 @@
 	 init_per_suite/1, end_per_suite/1, basic_PI_api/1, multi_orber_api/1,
 	 init_per_testcase/2, end_per_testcase/2, multi_pseudo_orber_api/1,
 	 light_orber_api/1, light_orber2_api/1,
-	 ssl_1_multi_orber_api/1, ssl_2_multi_orber_api/1, ssl_reconfigure_api/1,
 	 iiop_timeout_api/1, iiop_timeout_added_api/1, setup_connection_timeout_api/1,
 	 setup_multi_connection_timeout_api/1, setup_multi_connection_timeout_random_api/1,
 	 setup_multi_connection_timeout_attempts_api/1,
@@ -139,28 +138,21 @@ cases() ->
      ssl_2_multi_orber_generation_3_api,
      ssl_reconfigure_generation_3_api].
 
-% ssl_1_multi_orber_api,ssl_2_multi_orber_api,ssl_reconfigure_api,
-
 %%-----------------------------------------------------------------
 %% Init and cleanup functions.
 %%-----------------------------------------------------------------
-init_per_testcase(TC,Config)
-  when TC =:= ssl_1_multi_orber_api;
-       TC =:= ssl_2_multi_orber_api;
-       TC =:= ssl_reconfigure_api ->
-    init_ssl(Config);
 init_per_testcase(TC,Config)
   when TC =:= ssl_1_multi_orber_generation_3_api;
        TC =:= ssl_2_multi_orber_generation_3_api;
        TC =:= ssl_reconfigure_generation_3_api ->
-    init_ssl_3(Config);
+    init_ssl(Config);
 init_per_testcase(_Case, Config) ->
     init_all(Config).
 
 init_ssl(Config) ->
-    case  proplists:get_value(crypto_started, Config) of
+    case proplists:get_value(crypto_started, Config) of
 	true ->
-	    case orber_test_lib:ssl_version() of
+	    case orber_test_lib:ssl_available() of
 		no_ssl ->
 		    {skip, "SSL is not installed!"};
 		_ ->
@@ -170,21 +162,6 @@ init_ssl(Config) ->
 	    {skip, "Crypto did not start"}
     end.
 
-init_ssl_3(Config) ->
-    case  proplists:get_value(crypto_started, Config) of
-	true ->
-	    case orber_test_lib:ssl_version() of
-		3 ->
-		    init_all(Config);
-		2 ->
-		    {skip, "Could not find the correct SSL version!"};
-		no_ssl ->
-		    {skip, "SSL is not installed!"}
-	    end;
-	false ->
-	    {skip, "Crypto did not start"}
-    end.
-
 init_all(Config) ->
     Path = code:which(?MODULE),
     code:add_pathz(filename:join(filename:dirname(Path), "idl_output")),
@@ -1554,19 +1531,6 @@ basic_PI_api(_Config) ->
 %%-----------------------------------------------------------------
 %%  API tests for ORB to ORB, ssl security depth 1
 %%-----------------------------------------------------------------
-
-%% SECURE MULTI ORB API tests (SSL depth 1)
-%% This case set up two secure orbs and test if they can
-%% communicate. The case also test to access one of the
-%% secure orbs which must raise a NO_PERMISSION exception.
-ssl_1_multi_orber_api(_Config) ->
-    ServerOptions = orber_test_lib:get_options_old(iiop_ssl, server,
-					       1, [{iiop_ssl_port, 0}]),
-    ClientOptions = orber_test_lib:get_options_old(iiop_ssl, client,
-					       1, [{iiop_ssl_port, 0}]),
-    ssl_suite(ServerOptions, ClientOptions).
-
-
 %% SECURE MULTI ORB API tests (SSL depth 1)
 %% This case set up two secure orbs and test if they can
 %% communicate. The case also test to access one of the
@@ -1589,14 +1553,6 @@ ssl_1_multi_orber_generation_3_api(_Config) ->
 %% These case set up two secure orbs and test if they can
 %% communicate. They also test to access one of the
 %% secure orbs which must raise a NO_PERMISSION exception.
-ssl_2_multi_orber_api(_Config) ->
-
-    ServerOptions = orber_test_lib:get_options_old(iiop_ssl, server,
-					       2, [{iiop_ssl_port, 0}]),
-    ClientOptions = orber_test_lib:get_options_old(iiop_ssl, client,
-					       2, [{iiop_ssl_port, 0}]),
-    ssl_suite(ServerOptions, ClientOptions).
-
 ssl_2_multi_orber_generation_3_api(_Config) ->
 
     ServerOptions = orber_test_lib:get_options(iiop_ssl, server,
@@ -1609,71 +1565,13 @@ ssl_2_multi_orber_generation_3_api(_Config) ->
 %%-----------------------------------------------------------------
 %%  API tests for ORB to ORB, ssl security depth 2
 %%-----------------------------------------------------------------
-
 %% SECURE MULTI ORB API tests (SSL depth 2)
 %% These case set up two secure orbs and test if they can
 %% communicate. They also test to access one of the
 %% secure orbs which must raise a NO_PERMISSION exception.
-ssl_reconfigure_api(_Config) ->
-    ssl_reconfigure_old([]).
-
-
-% ssl_reconfigure_generation_3_api_old(_Config) ->
-%     ssl_reconfigure_old([{ssl_generation, 3}]).
-
-ssl_reconfigure_old(ExtraSSLOptions) ->
-
-    IP = orber_test_lib:get_host(),
-    Loopback = orber_test_lib:get_loopback_interface(),
-    {ok, ServerNode, _ServerHost} =
-	?match({ok,_,_},
-	       orber_test_lib:js_node([{iiop_port, 0},
-				       {flags, ?ORB_ENV_LOCAL_INTERFACE},
-				       {ip_address, IP}|ExtraSSLOptions])),
-    orber_test_lib:remote_apply(ServerNode, ssl, start, []),
-    orber_test_lib:remote_apply(ServerNode, crypto, start, []),
-    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
-					   install_test_data,
-					   [ssl])),
-    ?match({ok, _},
-	   orber_test_lib:remote_apply(ServerNode, orber,
-				       add_listen_interface,
-				       [Loopback, normal, [{iiop_port, 5648},
-							   {iiop_ssl_port, 5649},
-							   {interceptors, {native, [orber_iiop_tracer_silent]}}|ExtraSSLOptions]])),
-    ServerOptions = orber_test_lib:get_options_old(iiop_ssl, server,
-					       2, [{flags, ?ORB_ENV_LOCAL_INTERFACE},
-						   {iiop_port, 5648},
-						   {iiop_ssl_port, 5649},
-						   {interceptors, {native, [orber_iiop_tracer_silent]}}|ExtraSSLOptions]),
-    ?match({ok, _},
-	   orber_test_lib:remote_apply(ServerNode, orber,
-				       add_listen_interface,
-				       [Loopback, ssl, ServerOptions])),
-
-    ClientOptions = orber_test_lib:get_options_old(iiop_ssl, client,
-					       2, [{iiop_ssl_port, 0}|ExtraSSLOptions]),
-    {ok, ClientNode, _ClientHost} =
-	?match({ok,_,_}, orber_test_lib:js_node(ClientOptions)),
-
-    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber_test_lib,
-					   install_test_data,
-					   [ssl])),
-    orber_test_lib:remote_apply(ClientNode, ssl, start, []),
-    orber_test_lib:remote_apply(ServerNode, crypto, start, []),
-    Obj = ?match(#'IOP_IOR'{},
-		 orber_test_lib:remote_apply(ClientNode, corba,
-					     string_to_object, ["corbaname:iiop:1.1@"++Loopback++":5648/NameService#mamba",
-								[{context, [#'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID,
-												  context_data = {configuration, ClientOptions}}]}]])),
-    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber_test_server,
-					   print, [Obj])).
-
-
 ssl_reconfigure_generation_3_api(_Config) ->
     ssl_reconfigure([{ssl_generation, 3}]).
 
-
 ssl_reconfigure(ExtraSSLOptions) ->
 
     IP = orber_test_lib:get_host(),
diff --git a/lib/orber/test/orber_nat_SUITE.erl b/lib/orber/test/orber_nat_SUITE.erl
@@ -104,7 +104,7 @@ init_per_testcase(TC, Config)
       TC =:= nat_iiop_ssl_port_local ->
       case  proplists:get_value(crypto_started, Config) of
 	  true ->
-	      case orber_test_lib:ssl_version() of
+	      case orber_test_lib:ssl_available() of
 		  no_ssl ->
 		      {skip,"SSL not installed!"};
 		  _ ->
diff --git a/lib/orber/test/orber_test_lib.erl b/lib/orber/test/orber_test_lib.erl
