public async Task SslStream_SelfSignedClientEKUClientAuth_Ok()
{
var serverOptions = new HttpsTestServer.Options();
serverOptions.ServerCertificate = serverCertificateServerEku;
serverOptions.RequireClientAuthentication = true;
serverOptions.IgnoreSslPolicyErrors = SslPolicyErrors.RemoteCertificateChainErrors;
using (var server = new HttpsTestServer(serverOptions))
{
server.Start();
var clientOptions = new HttpsTestClient.Options(new IPEndPoint(IPAddress.Loopback, server.Port));
clientOptions.ServerName = serverOptions.ServerCertificate.GetNameInfo(X509NameType.SimpleName, false);
clientOptions.ClientCertificate = Configuration.Certificates.GetSelfSignedClientCertificate();
var client = new HttpsTestClient(clientOptions);
var tasks = new Task[2];
tasks[0] = server.AcceptHttpsClientAsync();
tasks[1] = client.HttpsRequestAsync();
await Task.WhenAll(tasks).WaitAsync(TimeSpan.FromMilliseconds(TestTimeoutMilliseconds));
}
}
public async Task SslStream_ServerEKUClientAuth_Fails()
{
var serverOptions = new HttpsTestServer.Options();
serverOptions.ServerCertificate = serverCertificateServerEku;
serverOptions.RequireClientAuthentication = true;
using (var server = new HttpsTestServer(serverOptions))
{
server.Start();
var clientOptions = new HttpsTestClient.Options(new IPEndPoint(IPAddress.Loopback, server.Port));
clientOptions.ServerName = serverOptions.ServerCertificate.GetNameInfo(X509NameType.SimpleName, false);
clientOptions.ClientCertificate = clientCertificateWrongEku;
var client = new HttpsTestClient(clientOptions);
var tasks = new Task[2];
tasks[0] = server.AcceptHttpsClientAsync();
tasks[1] = client.HttpsRequestAsync();
await Assert.ThrowsAsync <AuthenticationException>(() => tasks[0]);
if (OperatingSystem.IsWindows())
{
// IOException is thrown when trying to read from a disconnected socket.
await Assert.ThrowsAsync <IOException>(() => tasks[1]);
}
else
{
// Zero bytes read by client on disconnected socket.
await Assert.ThrowsAsync <InvalidOperationException>(() => tasks[1]);
}
}
}
public async Task SslStream_ClientAndServerUsesAuxRecord_Ok()
{
X509Certificate2 serverCert = Configuration.Certificates.GetServerCertificate();
var server = new HttpsTestServer(serverCert);
server.StartServer();
int port = server.Port;
var client = new SchSendAuxRecordTestClient("localhost", port);
var tasks = new Task[2];
tasks[0] = server.RunTest();
tasks[1] = client.RunTest();
await Task.WhenAll(tasks).TimeoutAfter(TestConfiguration.PassingTestTimeoutMilliseconds);
if (server.IsAuxRecordDetectionInconclusive)
{
_output.WriteLine("Test inconclusive: The Operating system preferred a non-CBC or Null cipher.");
}
else
{
Assert.True(server.AuxRecordDetected, "Server reports: Client auxiliary record not detected.");
Assert.True(client.AuxRecordDetected, "Client reports: Server auxiliary record not detected.");
}
}
public async Task HttpClient_ClientUsesAuxRecord_Ok()
{
X509Certificate2 serverCert = Configuration.Certificates.GetServerCertificate();
var server = new HttpsTestServer(serverCert);
server.StartServer();
int port = server.Port;
string requestString = "https://localhost:" + port.ToString();
using (var handler = new HttpClientHandler() { ServerCertificateCustomValidationCallback = LoopbackServer.AllowAllCertificates })
using (var client = new HttpClient(handler))
{
var tasks = new Task[2];
tasks[0] = server.RunTest();
tasks[1] = client.GetStringAsync(requestString);
await Task.WhenAll(tasks).TimeoutAfter(15 * 1000);
if (server.AuxRecordDetected)
{
_output.WriteLine("Test inconclusive: The Operating system preferred a non-CBC or Null cipher.");
}
else
{
Assert.True(server.AuxRecordDetected, "Server reports: Client auxiliary record not detected.");
}
}
}
public async Task SslStream_ClientAndServerUsesAuxRecord_Ok()
{
X509Certificate2 serverCert = Configuration.Certificates.GetServerCertificate();
var server = new HttpsTestServer(serverCert);
server.StartServer();
int port = server.Port;
var client = new SchSendAuxRecordTestClient("localhost", port);
var tasks = new Task[2];
tasks[0] = server.RunTest();
tasks[1] = client.RunTest();
await Task.WhenAll(tasks).TimeoutAfter(TestConfiguration.PassingTestTimeoutMilliseconds);
if (server.IsAuxRecordDetectionInconclusive)
{
_output.WriteLine("Test inconclusive: The Operating system preferred a non-CBC or Null cipher.");
}
else
{
Assert.True(server.AuxRecordDetected, "Server reports: Client auxiliary record not detected.");
Assert.True(client.AuxRecordDetected, "Client reports: Server auxiliary record not detected.");
}
}
public async Task SslStream_ClientEKUServerAuth_Fails()
{
var serverOptions = new HttpsTestServer.Options();
serverOptions.ServerCertificate = serverCertificateWrongEku;
using (var server = new HttpsTestServer(serverOptions))
{
server.Start();
var clientOptions = new HttpsTestClient.Options(new IPEndPoint(IPAddress.Loopback, server.Port));
clientOptions.ServerName = serverOptions.ServerCertificate.GetNameInfo(X509NameType.SimpleName, false);
var client = new HttpsTestClient(clientOptions);
var tasks = new Task[2];
tasks[0] = server.AcceptHttpsClientAsync();
tasks[1] = client.HttpsRequestAsync();
var exception = await Assert.ThrowsAsync <AuthenticationException>(() => tasks[1]);
}
}
public async Task SslStream_NoEKUServerAuth_Ok()
{
var serverOptions = new HttpsTestServer.Options();
serverOptions.ServerCertificate = serverCertificateNoEku;
using (var server = new HttpsTestServer(serverOptions))
{
server.Start();
var clientOptions = new HttpsTestClient.Options(new IPEndPoint(IPAddress.Loopback, server.Port));
clientOptions.ServerName = serverOptions.ServerCertificate.GetNameInfo(X509NameType.SimpleName, false);
var client = new HttpsTestClient(clientOptions);
var tasks = new Task[2];
tasks[0] = server.AcceptHttpsClientAsync();
tasks[1] = client.HttpsRequestAsync();
await Task.WhenAll(tasks).WaitAsync(TimeSpan.FromMilliseconds(TestTimeoutMilliseconds));
}
}
public async Task SslStream_ClientAndServerUsesAuxRecord_Ok()
{
using (var server = new HttpsTestServer())
{
server.Start();
var tasks = new Task[2];
bool serverAuxRecordDetected = false;
bool serverAuxRecordDetectedInconclusive = false;
int serverTotalBytesReceived = 0;
int serverChunks = 0;
tasks[0] = server.AcceptHttpsClientAsync((requestString) =>
{
serverTotalBytesReceived += requestString.Length;
if (serverTotalBytesReceived == 1 && serverChunks == 0)
{
serverAuxRecordDetected = true;
}
serverChunks++;
// Test is inconclusive if any non-CBC cipher is used:
if (server.Stream.CipherAlgorithm == CipherAlgorithmType.None ||
server.Stream.CipherAlgorithm == CipherAlgorithmType.Null ||
server.Stream.CipherAlgorithm == CipherAlgorithmType.Rc4)
{
serverAuxRecordDetectedInconclusive = true;
}
if (serverTotalBytesReceived < 5)
{
return(Task.FromResult <string>(null));
}
else
{
return(Task.FromResult(HttpsTestServer.Options.DefaultResponseString));
}
});
var clientOptions = new HttpsTestClient.Options(new IPEndPoint(IPAddress.Loopback, server.Port));
clientOptions.AllowedProtocols = SslProtocols.Tls;
clientOptions.IgnoreSslPolicyErrors =
SslPolicyErrors.RemoteCertificateNameMismatch | SslPolicyErrors.RemoteCertificateChainErrors;
var client = new HttpsTestClient(clientOptions);
bool clientAuxRecordDetected = false;
bool clientAuxRecordDetectedInconclusive = false;
int clientTotalBytesReceived = 0;
int clientChunks = 0;
tasks[1] = client.HttpsRequestAsync((responseString) =>
{
if (responseString == null)
{
string requestString = string.Format(
HttpsTestClient.Options.DefaultRequestStringTemplate,
clientOptions.ServerName);
return(Task.FromResult(requestString));
}
clientTotalBytesReceived += responseString.Length;
if (clientTotalBytesReceived == 1 && clientChunks == 0)
{
clientAuxRecordDetected = true;
}
// Test is inconclusive if any non-CBC cipher is used:
if (client.Stream.CipherAlgorithm == CipherAlgorithmType.None ||
client.Stream.CipherAlgorithm == CipherAlgorithmType.Null ||
client.Stream.CipherAlgorithm == CipherAlgorithmType.Rc4)
{
clientAuxRecordDetectedInconclusive = true;
}
return(Task.FromResult <string>(null));
});
await Task.WhenAll(tasks).TimeoutAfter(TestConfiguration.PassingTestTimeoutMilliseconds);
if (serverAuxRecordDetectedInconclusive || clientAuxRecordDetectedInconclusive)
{
_output.WriteLine("Test inconclusive: The Operating system preferred a non-CBC or Null cipher.");
}
else
{
Assert.True(serverAuxRecordDetected, "Server reports: Client auxiliary record not detected.");
Assert.True(clientAuxRecordDetected, "Client reports: Server auxiliary record not detected.");
}
}
}
