public async Task ClientOptions_ServerOptions_NotMutatedDuringAuthentication()
{
using (X509Certificate2 clientCert = Configuration.Certificates.GetClientCertificate())
using (X509Certificate2 serverCert = Configuration.Certificates.GetServerCertificate())
{
// Values used to populate client options
bool clientAllowRenegotiation = false;
List<SslApplicationProtocol> clientAppProtocols = new List<SslApplicationProtocol> { SslApplicationProtocol.Http11 };
X509RevocationMode clientRevocation = X509RevocationMode.NoCheck;
X509CertificateCollection clientCertificates = new X509CertificateCollection() { clientCert };
SslProtocols clientSslProtocols = SslProtocols.Tls12;
EncryptionPolicy clientEncryption = EncryptionPolicy.RequireEncryption;
LocalCertificateSelectionCallback clientLocalCallback = new LocalCertificateSelectionCallback(delegate { return null; });
RemoteCertificateValidationCallback clientRemoteCallback = new RemoteCertificateValidationCallback(delegate { return true; });
string clientHost = serverCert.GetNameInfo(X509NameType.SimpleName, false);
// Values used to populate server options
bool serverAllowRenegotiation = true;
List<SslApplicationProtocol> serverAppProtocols = new List<SslApplicationProtocol> { SslApplicationProtocol.Http11, SslApplicationProtocol.Http2 };
X509RevocationMode serverRevocation = X509RevocationMode.NoCheck;
bool serverCertRequired = false;
#pragma warning disable SYSLIB0039 // TLS 1.0 and 1.1 are obsolete
SslProtocols serverSslProtocols = SslProtocols.Tls11 | SslProtocols.Tls12;
#pragma warning restore SYSLIB0039
#pragma warning disable SYSLIB0040 // NoEncryption and AllowNoEncryption are obsolete
EncryptionPolicy serverEncryption = EncryptionPolicy.AllowNoEncryption;
#pragma warning restore SYSLIB0040
RemoteCertificateValidationCallback serverRemoteCallback = new RemoteCertificateValidationCallback(delegate { return true; });
SslStreamCertificateContext certificateContext = SslStreamCertificateContext.Create(serverCert, null, false);
X509ChainPolicy policy = new X509ChainPolicy();
(Stream stream1, Stream stream2) = TestHelper.GetConnectedStreams();
using (var client = new SslStream(stream1))
using (var server = new SslStream(stream2))
{
// Create client options
var clientOptions = new SslClientAuthenticationOptions
{
AllowRenegotiation = clientAllowRenegotiation,
ApplicationProtocols = clientAppProtocols,
CertificateRevocationCheckMode = clientRevocation,
ClientCertificates = clientCertificates,
EnabledSslProtocols = clientSslProtocols,
EncryptionPolicy = clientEncryption,
LocalCertificateSelectionCallback = clientLocalCallback,
RemoteCertificateValidationCallback = clientRemoteCallback,
TargetHost = clientHost,
CertificateChainPolicy = policy,
};
// Create server options
var serverOptions = new SslServerAuthenticationOptions
{
AllowRenegotiation = serverAllowRenegotiation,
ApplicationProtocols = serverAppProtocols,
CertificateRevocationCheckMode = serverRevocation,
ClientCertificateRequired = serverCertRequired,
EnabledSslProtocols = serverSslProtocols,
EncryptionPolicy = serverEncryption,
RemoteCertificateValidationCallback = serverRemoteCallback,
ServerCertificate = serverCert,
ServerCertificateContext = certificateContext,
CertificateChainPolicy = policy,
};
// Authenticate
Task clientTask = client.AuthenticateAsClientAsync(TestAuthenticateAsync, clientOptions);
Task serverTask = server.AuthenticateAsServerAsync(TestAuthenticateAsync, serverOptions);
await new[] { clientTask, serverTask }.WhenAllOrAnyFailed();
// Validate that client options are unchanged
Assert.Equal(clientAllowRenegotiation, clientOptions.AllowRenegotiation);
Assert.Same(clientAppProtocols, clientOptions.ApplicationProtocols);
Assert.Equal(1, clientOptions.ApplicationProtocols.Count);
Assert.Equal(clientRevocation, clientOptions.CertificateRevocationCheckMode);
Assert.Same(clientCertificates, clientOptions.ClientCertificates);
Assert.Contains(clientCert, clientOptions.ClientCertificates.Cast<X509Certificate2>());
Assert.Equal(clientSslProtocols, clientOptions.EnabledSslProtocols);
Assert.Equal(clientEncryption, clientOptions.EncryptionPolicy);
Assert.Same(clientLocalCallback, clientOptions.LocalCertificateSelectionCallback);
Assert.Same(clientRemoteCallback, clientOptions.RemoteCertificateValidationCallback);
Assert.Same(clientHost, clientOptions.TargetHost);
Assert.Same(clientHost, clientOptions.TargetHost);
Assert.Same(policy, clientOptions.CertificateChainPolicy);
// Validate that server options are unchanged
Assert.Equal(serverAllowRenegotiation, serverOptions.AllowRenegotiation);
Assert.Same(serverAppProtocols, serverOptions.ApplicationProtocols);
Assert.Equal(2, serverOptions.ApplicationProtocols.Count);
Assert.Equal(clientRevocation, serverOptions.CertificateRevocationCheckMode);
Assert.Equal(serverCertRequired, serverOptions.ClientCertificateRequired);
Assert.Equal(serverSslProtocols, serverOptions.EnabledSslProtocols);
Assert.Equal(serverEncryption, serverOptions.EncryptionPolicy);
Assert.Same(serverRemoteCallback, serverOptions.RemoteCertificateValidationCallback);
Assert.Same(serverCert, serverOptions.ServerCertificate);
Assert.Same(certificateContext, serverOptions.ServerCertificateContext);
Assert.Same(policy, serverOptions.CertificateChainPolicy);
}
}
}
