public void With_returns_a_new_instance()
{
var subject1 = new SslStreamSettings();
var subject2 = subject1.With(checkCertificateRevocation: false);
subject2.Should().NotBeSameAs(subject1);
subject1.CheckCertificateRevocation.Should().BeTrue();
subject2.CheckCertificateRevocation.Should().BeFalse();
}
public void With_serverCertificateValidationCallback_should_return_expected_result()
{
RemoteCertificateValidationCallback oldServerCertificateValidationCallback = (s, ce, ch, e) => false;
RemoteCertificateValidationCallback newServerCertificateValidationCallback = (s, ce, ch, e) => false;
var subject = new SslStreamSettings(serverCertificateValidationCallback: oldServerCertificateValidationCallback);
var result = subject.With(serverCertificateValidationCallback: newServerCertificateValidationCallback);
result.CheckCertificateRevocation.Should().Be(subject.CheckCertificateRevocation);
result.ClientCertificates.Should().Equal(subject.ClientCertificates);
result.ClientCertificateSelectionCallback.Should().Be(subject.ClientCertificateSelectionCallback);
result.EnabledSslProtocols.Should().Be(subject.EnabledSslProtocols);
result.ServerCertificateValidationCallback.Should().Be(newServerCertificateValidationCallback);
}
public void With_enabledProtocols_should_return_expected_result()
{
var oldEnabledProtocols = SslProtocols.Tls;
var newEnabledProtocols = SslProtocols.Tls12;
var subject = new SslStreamSettings(enabledProtocols: oldEnabledProtocols);
var result = subject.With(enabledProtocols: newEnabledProtocols);
result.CheckCertificateRevocation.Should().Be(subject.CheckCertificateRevocation);
result.ClientCertificates.Should().Equal(subject.ClientCertificates);
result.ClientCertificateSelectionCallback.Should().Be(subject.ClientCertificateSelectionCallback);
result.EnabledSslProtocols.Should().Be(newEnabledProtocols);
result.ServerCertificateValidationCallback.Should().Be(subject.ServerCertificateValidationCallback);
}
public void With_clientCertificateSelectionCallback_should_return_expected_result()
{
LocalCertificateSelectionCallback oldClientCertificateSelectionCallback = (s, t, l, r, a) => null;
LocalCertificateSelectionCallback newClientCertificateSelectionCallback = (s, t, l, r, a) => null;
var subject = new SslStreamSettings(clientCertificateSelectionCallback: oldClientCertificateSelectionCallback);
var result = subject.With(clientCertificateSelectionCallback: newClientCertificateSelectionCallback);
result.CheckCertificateRevocation.Should().Be(subject.CheckCertificateRevocation);
result.ClientCertificates.Should().Equal(subject.ClientCertificates);
result.ClientCertificateSelectionCallback.Should().Be(newClientCertificateSelectionCallback);
result.EnabledSslProtocols.Should().Be(subject.EnabledSslProtocols);
result.ServerCertificateValidationCallback.Should().Be(subject.ServerCertificateValidationCallback);
}
public void With_clientCertificates_should_return_expected_result()
{
var oldClientCertificates = new[] { new X509Certificate() };
var newClientCertificates = new[] { new X509Certificate() };
var subject = new SslStreamSettings(clientCertificates: oldClientCertificates);
var result = subject.With(clientCertificates: newClientCertificates);
result.CheckCertificateRevocation.Should().Be(subject.CheckCertificateRevocation);
result.ClientCertificates.Should().Equal(newClientCertificates);
result.ClientCertificateSelectionCallback.Should().Be(subject.ClientCertificateSelectionCallback);
result.EnabledSslProtocols.Should().Be(subject.EnabledSslProtocols);
result.ServerCertificateValidationCallback.Should().Be(subject.ServerCertificateValidationCallback);
}
public void With_checkCertificateRevocation_should_return_expected_result()
{
var oldCheckCertificateRevocation = false;
var newCheckCertificateRevocation = true;
var subject = new SslStreamSettings(checkCertificateRevocation: oldCheckCertificateRevocation);
var result = subject.With(checkCertificateRevocation: newCheckCertificateRevocation);
result.CheckCertificateRevocation.Should().Be(newCheckCertificateRevocation);
result.ClientCertificates.Should().Equal(subject.ClientCertificates);
result.ClientCertificateSelectionCallback.Should().Be(subject.ClientCertificateSelectionCallback);
result.EnabledSslProtocols.Should().Be(subject.EnabledSslProtocols);
result.ServerCertificateValidationCallback.Should().Be(subject.ServerCertificateValidationCallback);
}
public void With_serverCertificateValidationCallback_should_return_expected_result()
{
RemoteCertificateValidationCallback oldServerCertificateValidationCallback = (s, ce, ch, e) => false;
RemoteCertificateValidationCallback newServerCertificateValidationCallback = (s, ce, ch, e) => false;
var subject = new SslStreamSettings(serverCertificateValidationCallback: oldServerCertificateValidationCallback);
var result = subject.With(serverCertificateValidationCallback: newServerCertificateValidationCallback);
result.CheckCertificateRevocation.Should().Be(subject.CheckCertificateRevocation);
result.ClientCertificates.Should().Equal(subject.ClientCertificates);
result.ClientCertificateSelectionCallback.Should().Be(subject.ClientCertificateSelectionCallback);
result.EnabledSslProtocols.Should().Be(subject.EnabledSslProtocols);
result.ServerCertificateValidationCallback.Should().Be(newServerCertificateValidationCallback);
}
public void With_enabledProtocols_should_return_expected_result()
{
var oldEnabledProtocols = SslProtocols.Tls;
var newEnabledProtocols = SslProtocols.Tls12;
var subject = new SslStreamSettings(enabledProtocols: oldEnabledProtocols);
var result = subject.With(enabledProtocols: newEnabledProtocols);
result.CheckCertificateRevocation.Should().Be(subject.CheckCertificateRevocation);
result.ClientCertificates.Should().Equal(subject.ClientCertificates);
result.ClientCertificateSelectionCallback.Should().Be(subject.ClientCertificateSelectionCallback);
result.EnabledSslProtocols.Should().Be(newEnabledProtocols);
result.ServerCertificateValidationCallback.Should().Be(subject.ServerCertificateValidationCallback);
}
public void With_clientCertificateSelectionCallback_should_return_expected_result()
{
LocalCertificateSelectionCallback oldClientCertificateSelectionCallback = (s, t, l, r, a) => null;
LocalCertificateSelectionCallback newClientCertificateSelectionCallback = (s, t, l, r, a) => null;
var subject = new SslStreamSettings(clientCertificateSelectionCallback: oldClientCertificateSelectionCallback);
var result = subject.With(clientCertificateSelectionCallback: newClientCertificateSelectionCallback);
result.CheckCertificateRevocation.Should().Be(subject.CheckCertificateRevocation);
result.ClientCertificates.Should().Equal(subject.ClientCertificates);
result.ClientCertificateSelectionCallback.Should().Be(newClientCertificateSelectionCallback);
result.EnabledSslProtocols.Should().Be(subject.EnabledSslProtocols);
result.ServerCertificateValidationCallback.Should().Be(subject.ServerCertificateValidationCallback);
}
public void With_clientCertificates_should_return_expected_result()
{
var oldClientCertificates = new[] { new X509Certificate() };
var newClientCertificates = new[] { new X509Certificate() };
var subject = new SslStreamSettings(clientCertificates: oldClientCertificates);
var result = subject.With(clientCertificates: newClientCertificates);
result.CheckCertificateRevocation.Should().Be(subject.CheckCertificateRevocation);
result.ClientCertificates.Should().Equal(newClientCertificates);
result.ClientCertificateSelectionCallback.Should().Be(subject.ClientCertificateSelectionCallback);
result.EnabledSslProtocols.Should().Be(subject.EnabledSslProtocols);
result.ServerCertificateValidationCallback.Should().Be(subject.ServerCertificateValidationCallback);
}
public void With_checkCertificateRevocation_should_return_expected_result()
{
var oldCheckCertificateRevocation = false;
var newCheckCertificateRevocation = true;
var subject = new SslStreamSettings(checkCertificateRevocation: oldCheckCertificateRevocation);
var result = subject.With(checkCertificateRevocation: newCheckCertificateRevocation);
result.CheckCertificateRevocation.Should().Be(newCheckCertificateRevocation);
result.ClientCertificates.Should().Equal(subject.ClientCertificates);
result.ClientCertificateSelectionCallback.Should().Be(subject.ClientCertificateSelectionCallback);
result.EnabledSslProtocols.Should().Be(subject.EnabledSslProtocols);
result.ServerCertificateValidationCallback.Should().Be(subject.ServerCertificateValidationCallback);
}
private SslStreamSettings ConfigureSsl(SslStreamSettings settings, ClusterKey clusterKey)
{
if (clusterKey.UseSsl)
{
var sslSettings = clusterKey.SslSettings ?? new SslSettings();
var validationCallback = sslSettings.ServerCertificateValidationCallback;
if (validationCallback == null && !clusterKey.VerifySslCertificate)
{
validationCallback = AcceptAnySslCertificate;
}
return settings.With(
clientCertificates: Optional.Enumerable(sslSettings.ClientCertificates ?? Enumerable.Empty<X509Certificate>()),
checkCertificateRevocation: sslSettings.CheckCertificateRevocation,
clientCertificateSelectionCallback: sslSettings.ClientCertificateSelectionCallback,
enabledProtocols: sslSettings.EnabledSslProtocols,
serverCertificateValidationCallback: validationCallback);
}
return settings;
}
