Beispiel #1
0
        public async Task SslStream_ServerEKUClientAuth_Fails()
        {
            var serverOptions = new HttpsTestServer.Options();

            serverOptions.ServerCertificate           = serverCertificateServerEku;
            serverOptions.RequireClientAuthentication = true;

            using (var server = new HttpsTestServer(serverOptions))
            {
                server.Start();

                var clientOptions = new HttpsTestClient.Options(new IPEndPoint(IPAddress.Loopback, server.Port));
                clientOptions.ServerName        = serverOptions.ServerCertificate.GetNameInfo(X509NameType.SimpleName, false);
                clientOptions.ClientCertificate = clientCertificateWrongEku;

                var client = new HttpsTestClient(clientOptions);

                var tasks = new Task[2];
                tasks[0] = server.AcceptHttpsClientAsync();
                tasks[1] = client.HttpsRequestAsync();

                await Assert.ThrowsAsync <AuthenticationException>(() => tasks[0]);

                if (OperatingSystem.IsWindows())
                {
                    // IOException is thrown when trying to read from a disconnected socket.
                    await Assert.ThrowsAsync <IOException>(() => tasks[1]);
                }
                else
                {
                    // Zero bytes read by client on disconnected socket.
                    await Assert.ThrowsAsync <InvalidOperationException>(() => tasks[1]);
                }
            }
        }
Beispiel #2
0
        public async Task SslStream_SelfSignedClientEKUClientAuth_Ok()
        {
            var serverOptions = new HttpsTestServer.Options();

            serverOptions.ServerCertificate           = serverCertificateServerEku;
            serverOptions.RequireClientAuthentication = true;
            serverOptions.IgnoreSslPolicyErrors       = SslPolicyErrors.RemoteCertificateChainErrors;

            using (var server = new HttpsTestServer(serverOptions))
            {
                server.Start();

                var clientOptions = new HttpsTestClient.Options(new IPEndPoint(IPAddress.Loopback, server.Port));
                clientOptions.ServerName        = serverOptions.ServerCertificate.GetNameInfo(X509NameType.SimpleName, false);
                clientOptions.ClientCertificate = Configuration.Certificates.GetSelfSignedClientCertificate();

                var client = new HttpsTestClient(clientOptions);

                var tasks = new Task[2];
                tasks[0] = server.AcceptHttpsClientAsync();
                tasks[1] = client.HttpsRequestAsync();

                await Task.WhenAll(tasks).WaitAsync(TimeSpan.FromMilliseconds(TestTimeoutMilliseconds));
            }
        }
Beispiel #3
0
        public async Task SslStream_ClientEKUServerAuth_Fails()
        {
            var serverOptions = new HttpsTestServer.Options();

            serverOptions.ServerCertificate = serverCertificateWrongEku;

            using (var server = new HttpsTestServer(serverOptions))
            {
                server.Start();

                var clientOptions = new HttpsTestClient.Options(new IPEndPoint(IPAddress.Loopback, server.Port));
                clientOptions.ServerName = serverOptions.ServerCertificate.GetNameInfo(X509NameType.SimpleName, false);

                var client = new HttpsTestClient(clientOptions);

                var tasks = new Task[2];
                tasks[0] = server.AcceptHttpsClientAsync();
                tasks[1] = client.HttpsRequestAsync();

                var exception = await Assert.ThrowsAsync <AuthenticationException>(() => tasks[1]);
            }
        }
Beispiel #4
0
        public async Task SslStream_NoEKUServerAuth_Ok()
        {
            var serverOptions = new HttpsTestServer.Options();

            serverOptions.ServerCertificate = serverCertificateNoEku;

            using (var server = new HttpsTestServer(serverOptions))
            {
                server.Start();

                var clientOptions = new HttpsTestClient.Options(new IPEndPoint(IPAddress.Loopback, server.Port));
                clientOptions.ServerName = serverOptions.ServerCertificate.GetNameInfo(X509NameType.SimpleName, false);

                var client = new HttpsTestClient(clientOptions);

                var tasks = new Task[2];
                tasks[0] = server.AcceptHttpsClientAsync();
                tasks[1] = client.HttpsRequestAsync();

                await Task.WhenAll(tasks).WaitAsync(TimeSpan.FromMilliseconds(TestTimeoutMilliseconds));
            }
        }
Beispiel #5
0
        public async Task SslStream_ClientAndServerUsesAuxRecord_Ok()
        {
            using (var server = new HttpsTestServer())
            {
                server.Start();

                var tasks = new Task[2];

                bool serverAuxRecordDetected             = false;
                bool serverAuxRecordDetectedInconclusive = false;
                int  serverTotalBytesReceived            = 0;
                int  serverChunks = 0;

                tasks[0] = server.AcceptHttpsClientAsync((requestString) =>
                {
                    serverTotalBytesReceived += requestString.Length;

                    if (serverTotalBytesReceived == 1 && serverChunks == 0)
                    {
                        serverAuxRecordDetected = true;
                    }

                    serverChunks++;

                    // Test is inconclusive if any non-CBC cipher is used:
                    if (server.Stream.CipherAlgorithm == CipherAlgorithmType.None ||
                        server.Stream.CipherAlgorithm == CipherAlgorithmType.Null ||
                        server.Stream.CipherAlgorithm == CipherAlgorithmType.Rc4)
                    {
                        serverAuxRecordDetectedInconclusive = true;
                    }

                    if (serverTotalBytesReceived < 5)
                    {
                        return(Task.FromResult <string>(null));
                    }
                    else
                    {
                        return(Task.FromResult(HttpsTestServer.Options.DefaultResponseString));
                    }
                });


                var clientOptions = new HttpsTestClient.Options(new IPEndPoint(IPAddress.Loopback, server.Port));
                clientOptions.AllowedProtocols = SslProtocols.Tls;

                clientOptions.IgnoreSslPolicyErrors =
                    SslPolicyErrors.RemoteCertificateNameMismatch | SslPolicyErrors.RemoteCertificateChainErrors;

                var client = new HttpsTestClient(clientOptions);

                bool clientAuxRecordDetected             = false;
                bool clientAuxRecordDetectedInconclusive = false;
                int  clientTotalBytesReceived            = 0;
                int  clientChunks = 0;

                tasks[1] = client.HttpsRequestAsync((responseString) =>
                {
                    if (responseString == null)
                    {
                        string requestString = string.Format(
                            HttpsTestClient.Options.DefaultRequestStringTemplate,
                            clientOptions.ServerName);

                        return(Task.FromResult(requestString));
                    }

                    clientTotalBytesReceived += responseString.Length;

                    if (clientTotalBytesReceived == 1 && clientChunks == 0)
                    {
                        clientAuxRecordDetected = true;
                    }

                    // Test is inconclusive if any non-CBC cipher is used:
                    if (client.Stream.CipherAlgorithm == CipherAlgorithmType.None ||
                        client.Stream.CipherAlgorithm == CipherAlgorithmType.Null ||
                        client.Stream.CipherAlgorithm == CipherAlgorithmType.Rc4)
                    {
                        clientAuxRecordDetectedInconclusive = true;
                    }

                    return(Task.FromResult <string>(null));
                });

                await Task.WhenAll(tasks).TimeoutAfter(TestConfiguration.PassingTestTimeoutMilliseconds);

                if (serverAuxRecordDetectedInconclusive || clientAuxRecordDetectedInconclusive)
                {
                    _output.WriteLine("Test inconclusive: The Operating system preferred a non-CBC or Null cipher.");
                }
                else
                {
                    Assert.True(serverAuxRecordDetected, "Server reports: Client auxiliary record not detected.");
                    Assert.True(clientAuxRecordDetected, "Client reports: Server auxiliary record not detected.");
                }
            }
        }