qpid-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kgiu...@apache.org
Subject svn commit: r1405865 - in /qpid/proton/trunk/tests/proton_tests: ssl.py ssl_db/README.txt ssl_db/bad-server-certificate.pem ssl_db/bad-server-private-key.pem
Date Mon, 05 Nov 2012 16:28:37 GMT
Author: kgiusti
Date: Mon Nov  5 16:28:37 2012
New Revision: 1405865

URL: http://svn.apache.org/viewvc?rev=1405865&view=rev
Log:
NO-JIRA: add SSL test to verify rejection of bad certificate.

Added:
    qpid/proton/trunk/tests/proton_tests/ssl_db/bad-server-certificate.pem
    qpid/proton/trunk/tests/proton_tests/ssl_db/bad-server-private-key.pem
Modified:
    qpid/proton/trunk/tests/proton_tests/ssl.py
    qpid/proton/trunk/tests/proton_tests/ssl_db/README.txt

Modified: qpid/proton/trunk/tests/proton_tests/ssl.py
URL: http://svn.apache.org/viewvc/qpid/proton/trunk/tests/proton_tests/ssl.py?rev=1405865&r1=1405864&r2=1405865&view=diff
==============================================================================
--- qpid/proton/trunk/tests/proton_tests/ssl.py (original)
+++ qpid/proton/trunk/tests/proton_tests/ssl.py Mon Nov  5 16:28:37 2012
@@ -209,4 +209,28 @@ class SslTest(common.Test):
         server_conn.close()
         self._pump()
 
+    def test_bad_server_certificate(self):
+        """ A server with a self-signed certificate that is not trusted by the
+        client.  The client should reject the server.
+        """
+        self.server.set_credentials(self._testpath("bad-server-certificate.pem"),
+                                    self._testpath("bad-server-private-key.pem"),
+                                    "server-password")
+        self.server.set_peer_authentication( SSL.ANONYMOUS_PEER )
+
+        self.client.set_trusted_ca_db(self._testpath("ca-certificate.pem"))
+        self.client.set_peer_authentication( SSL.VERIFY_PEER )
+
+        client_conn = Connection()
+        self.t_client.bind(client_conn)
+        server_conn = Connection()
+        self.t_server.bind(server_conn)
+        client_conn.open()
+        server_conn.open()
+        try:
+            self._pump()
+            assert False, "Client failed to reject bad certificate."
+        except TransportException, e:
+            pass
+
 

Modified: qpid/proton/trunk/tests/proton_tests/ssl_db/README.txt
URL: http://svn.apache.org/viewvc/qpid/proton/trunk/tests/proton_tests/ssl_db/README.txt?rev=1405865&r1=1405864&r2=1405865&view=diff
==============================================================================
--- qpid/proton/trunk/tests/proton_tests/ssl_db/README.txt (original)
+++ qpid/proton/trunk/tests/proton_tests/ssl_db/README.txt Mon Nov  5 16:28:37 2012
@@ -16,6 +16,7 @@ the CA.
 server-private-key.pem - encrypted key used to create server-certificate.pem. Password is
 "server-password"
 
+bad-server-certificate.pem, bad-server-private-key.pem - a certificate/key that is not trusted
by the client, for negative test.
 
 These certificates have been created using the OpenSSL tool.
 
@@ -32,4 +33,5 @@ The following commands were used to crea
  openssl req -newkey rsa:2048 -keyout client-private-key.pem -passout pass:client-password
-out client-request.pem -subj "/O=Client/CN=127.0.0.1"
  openssl x509 -req -in client-request.pem -CA ca-certificate.pem -CAkey ca-private-key.pem
-CAcreateserial -passin pass:ca-password -days 99999 -out client-certificate.pem
 
-
+# Create a "bad" certificate - not signed by a trusted authority
+ openssl req -x509 -newkey rsa:2048 -keyout bad-server-private-key.pem -passout pass:server-password
-out bad-server-certificate.pem  -days 99999 -subj "/O=Not Trusted, Inc/CN=127.0.0.1"

Added: qpid/proton/trunk/tests/proton_tests/ssl_db/bad-server-certificate.pem
URL: http://svn.apache.org/viewvc/qpid/proton/trunk/tests/proton_tests/ssl_db/bad-server-certificate.pem?rev=1405865&view=auto
==============================================================================
--- qpid/proton/trunk/tests/proton_tests/ssl_db/bad-server-certificate.pem (added)
+++ qpid/proton/trunk/tests/proton_tests/ssl_db/bad-server-certificate.pem Mon Nov  5 16:28:37
2012
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDMzCCAhugAwIBAgIJAImy10Xen1EeMA0GCSqGSIb3DQEBBQUAMC8xGTAXBgNV
+BAoMEE5vdCBUcnVzdGVkLCBJbmMxEjAQBgNVBAMMCTEyNy4wLjAuMTAgFw0xMjEw
+MjkxNzQ4MzdaGA8yMjg2MDgxMzE3NDgzN1owLzEZMBcGA1UECgwQTm90IFRydXN0
+ZWQsIEluYzESMBAGA1UEAwwJMTI3LjAuMC4xMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEArOfXgL+eov/1+WC4YV5X5SbdHSiAk5G1CWhhJ/qucd9IIzSk
+JQ5TD2asJWs41hV80Yv50dBG7dr849oLzghpmFrRCPgmqgBbPpB/FcqgruU721Ab
+rW++nsJF0T63dZHHY2yIC73Ua8PrPeqHgShEymJ/TlSkO96CiigcTrCpqS1JdMfU
+njrGI3w5hCaRNdD2hXN6v/4SYp/eVPnVL2VXn8mFVbjpc9hZ+DFyinQzjZsEX/PZ
+gcsCDvDsdgnVgAVHRQ+X1T6m2e3gsGvc2yljVYt/LD7qvnOsq5GihnBBx7GKvBG1
+xzKyMApCso549eOT4pYN/vedtUwkSjt/mXR5AwIDAQABo1AwTjAdBgNVHQ4EFgQU
++PZbZUy2kKi/5r/4wyBf5wbiU9swHwYDVR0jBBgwFoAU+PZbZUy2kKi/5r/4wyBf
+5wbiU9swDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAR3dGkyMtGF5Y
+ssK2uWhdW7YTibkOK2Eo3407LgBJ1yVcLSTtXqOSJ5g7cXHAMPDjuLS+U3t7pPOY
+j+xN5i/Cxiln11ENg9e1WwqSaAS+mRvtthaASosNmX9E8Mv1d5Oel5aXOSpGAVFh
+mcOhd4OtwAADQ20vpd0zY2TYSoFc1yc/A/iiVbWl7fIzqfFmFAnyHHlF3KZG601g
+olEqth5tZuFg43Caki85NxawWt/08YvcH7EBY8PhRmQ9YPIn6OC6l6+EOQXuDuNH
+77J/qZrHqrJrdJ8pVp+AnmFD404WYiAo61xi04zsLNz2bsJbmqU5cChiXAj4LFbb
+RxvsH9Hz3g==
+-----END CERTIFICATE-----

Added: qpid/proton/trunk/tests/proton_tests/ssl_db/bad-server-private-key.pem
URL: http://svn.apache.org/viewvc/qpid/proton/trunk/tests/proton_tests/ssl_db/bad-server-private-key.pem?rev=1405865&view=auto
==============================================================================
--- qpid/proton/trunk/tests/proton_tests/ssl_db/bad-server-private-key.pem (added)
+++ qpid/proton/trunk/tests/proton_tests/ssl_db/bad-server-private-key.pem Mon Nov  5 16:28:37
2012
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIwerO2Q6JSj4CAggA
+MBQGCCqGSIb3DQMHBAhaNd3+ck6zqASCBMhnZ3Dr0TCjf7wmcf+QvnEDQFUEZmWF
+EL3fBx77qdal+miKU4ArUzgHDZXXR/7P+BnFZ0G7C+RnOBm9qo7xQGnfL/LTowHa
+j6STkmLXXItuIMVkCgST4mztWqia9DikkxREnkwzh3dtzK4AD4xBIC8lQ84Rk1T6
+5ECPFDTbxV6GDWHlxLmfalPAe3M+uYOu7VXmzdMdUAwLKi5HBlxiqtfR26DaBf8l
+OX0zg50xWs/xzTnTSOvNNPD+u8Kys4cH3eL75D9KwVBGzr2eLSSxGTvAUf/+zY19
+DrmNky6lv70tO7WOt3zabv0N6eS1HNsrgsUmOd4Lds+THoA2YEmpzIh6NZ2cTTyH
+AuYNtCRI7CVlfMqZ7uVWxr6bB25rQB7Go6AO/uC3edjzab2DHYGCXqUujmdyjW28
+nDwc287P88xd1b++XsJwkM3XiLX1HPjyC+6aVRADU+tHVa99t91u6IxoGATaljDI
+vLJItirP9jkXLmW7JwEGtjcxs14XZh4TjujdBfeZ+A0b8u2O/90g8no188WkCeP7
+7z9ociuv4eo/fMTYq2iL8cAj1xpMaey4APuoUmhJaO5v+GNUobld+ZpzJwOYsXjC
+wt/Tt2ftd/weAZWrM6VvPnMeEKXLBt38JKd0djanr3HU9z0Fmjhkvnq8lg1NEra7
+1FXlZvr/70kQ5KXLh9P5gucJmZw56RH+PwxfIjEFn/nz7jwYy0YFVLvC/Ay672Pu
+6qqgI3B7mdQNBPC9fh0m0hHMVTQwNh5UC37s/CHyk2YPc50Db4E/kXPOznSTMXuJ
+ILUdL3RleHVtosZrGz3DG/SSGs+r6Xgbr53DWzYTaH9U5t6DTlkoi4Lu5fUBZbRF
+hgl8DrtuQP6UHK/Sn9DGdDSSoZHfY3ZUzc59jjz1U0OPNZnLgbGKaAAA2lOhqxv7
+8eMAO6zj2xZAvZEvR/WkiG8eh8DBI295McnQqzCIBX9j95/U0XidtaFO72QDiVkB
+pAzM1zc20D29b9kBT0TgJKknhbvdarlsr+Q3jK6IqFD/3hAoF1u25iCKIqso50RT
+iCItiME0QB/62om9zCvOOIDV7vCsYW3qnhNdoK1g3vkPP5ySq+uFwuYPVbD66vP+
+HzWw/HTD4TIJ9SVfz5thFOKYsz8Lymc8WFDkBJhBNSfeTJ6UzNLaSEeNsBxjjmyR
+qOwRfSROcl4o9yXVn/A4dJs6CAZMs7f7gRyyyxJyEfZTenepcir1Z8xwKdErjKed
+1qPZw322VWc8w1iLnsyWbvzQlttdNsIGta9cqm717ea7GdfCqLGmGRLsAfnvuBUI
+ncL67+UKomU+Y8qwCcQRFV5Cmo56R3iTw50ZOH6uZ1rr29yhTO8VW5IdpvdTYwmN
+b+LGQ09AKHLkF49F44EBBc5DVP8BouUJQnJd0O542GrieMgpx2LMQqdcNvl9LqdO
+We2SDqhAhwJIXLLA8zn2aZbyFE/GEvvRJtQ4780BV11QTkWz87A/PNnsoBk/nCJt
+6BURBzobDo3InMx1DxZr6aiNSB0iVxy3JEAOk9mGGem4uMDf2LwRiJYWwxBGhz1+
+cXkSb0XeV9NWzg4+gatIrLhhSpFVAK6fwtgdFBdCPiDp6TaaKRysdAAjGPcrc+Lx
+YgE=
+-----END ENCRYPTED PRIVATE KEY-----



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org


Mime
View raw message