public async Task SslStream_ClientAndServerUsesAuxRecord_Ok()
{
X509Certificate2 serverCert = CertificateConfiguration.GetServerCertificate();
var server = new SchSendAuxRecordTestServer(serverCert);
int port = server.StartServer();
var client = new SchSendAuxRecordTestClient("localhost", port);
var tasks = new Task[2];
tasks[0] = server.RunTest();
tasks[1] = client.RunTest();
await Task.WhenAll(tasks).TimeoutAfter(TestConfiguration.PassingTestTimeoutMilliseconds);
if (server.IsInconclusive)
{
_output.WriteLine("Test inconclusive: The Operating system preferred a non-CBC or Null cipher.");
}
else
{
Assert.True(server.AuxRecordDetected, "Server reports: Client auxiliary record not detected.");
Assert.True(client.AuxRecordDetected, "Client reports: Server auxiliary record not detected.");
}
}
public static async Task AcceptSocketAsync(Socket server, Func <Socket, Stream, StreamReader, StreamWriter, Task> funcAsync, Options options = null)
{
options = options ?? new Options();
using (Socket s = await server.AcceptAsync().ConfigureAwait(false))
{
Stream stream = new NetworkStream(s, ownsSocket: false);
if (options.UseSsl)
{
var sslStream = new SslStream(stream);
using (var cert = CertificateConfiguration.GetServerCertificate())
{
await sslStream.AuthenticateAsServerAsync(
cert,
clientCertificateRequired : false,
enabledSslProtocols : options.SslProtocols,
checkCertificateRevocation : false).ConfigureAwait(false);
}
stream = sslStream;
}
using (var reader = new StreamReader(stream, Encoding.ASCII))
using (var writer = new StreamWriter(stream, Encoding.ASCII))
{
await funcAsync(s, stream, reader, writer).ConfigureAwait(false);
}
}
}
public async Task HttpClient_ClientUsesAuxRecord_Ok()
{
X509Certificate2 serverCert = CertificateConfiguration.GetServerCertificate();
var server = new SchSendAuxRecordTestServer(serverCert);
int port = server.StartServer();
string requestString = "https://localhost:" + port.ToString();
using (var handler = new HttpClientHandler()
{
ServerCertificateCustomValidationCallback = LoopbackServer.AllowAllCertificates
})
using (var client = new HttpClient(handler))
{
var tasks = new Task[2];
tasks[0] = server.RunTest();
tasks[1] = client.GetStringAsync(requestString);
await Task.WhenAll(tasks).TimeoutAfter(15 * 1000);
if (server.IsInconclusive)
{
_output.WriteLine("Test inconclusive: The Operating system preferred a non-CBC or Null cipher.");
}
else
{
Assert.True(server.AuxRecordDetected, "Server reports: Client auxiliary record not detected.");
}
}
}
public CertificateValidationClientServer()
{
_serverCertificateCollection = CertificateConfiguration.GetServerCertificateCollection();
_serverCertificate = CertificateConfiguration.GetServerCertificate();
_clientCertificateCollection = CertificateConfiguration.GetClientCertificateCollection();
_clientCertificate = CertificateConfiguration.GetClientCertificate();
}
public async void SslStream_SendReceiveOverNetworkStream_Ok()
{
TcpListener listener = new TcpListener(IPAddress.Any, 0);
using (X509Certificate2 serverCertificate = CertificateConfiguration.GetServerCertificate())
using (TcpClient client = new TcpClient())
{
listener.Start();
Task clientConnectTask = client.ConnectAsync(IPAddress.Loopback, ((IPEndPoint)listener.LocalEndpoint).Port);
Task <TcpClient> listenerAcceptTask = listener.AcceptTcpClientAsync();
await Task.WhenAll(clientConnectTask, listenerAcceptTask);
TcpClient server = listenerAcceptTask.Result;
using (SslStream clientStream = new SslStream(
client.GetStream(),
false,
new RemoteCertificateValidationCallback(ValidateServerCertificate),
null,
EncryptionPolicy.RequireEncryption))
using (SslStream serverStream = new SslStream(
server.GetStream(),
false,
null,
null,
EncryptionPolicy.RequireEncryption))
{
Task clientAuthenticationTask = clientStream.AuthenticateAsClientAsync(
serverCertificate.GetNameInfo(X509NameType.SimpleName, false),
null,
SslProtocols.Tls12,
false);
Task serverAuthenticationTask = serverStream.AuthenticateAsServerAsync(
serverCertificate,
false,
SslProtocols.Tls12,
false);
await Task.WhenAll(clientAuthenticationTask, serverAuthenticationTask);
byte[] readBuffer = new byte[256];
Task <int> readTask = clientStream.ReadAsync(readBuffer, 0, readBuffer.Length);
byte[] writeBuffer = new byte[256];
Task writeTask = clientStream.WriteAsync(writeBuffer, 0, writeBuffer.Length);
bool result = Task.WaitAll(
new Task[1] {
writeTask
},
TestConfiguration.PassingTestTimeoutMilliseconds);
Assert.True(result, "WriteAsync timed-out.");
}
}
}
private bool DoHandshake(SslStream clientSslStream, SslStream serverSslStream)
{
using (X509Certificate2 certificate = CertificateConfiguration.GetServerCertificate())
{
Task[] auth = new Task[2];
auth[0] = clientSslStream.AuthenticateAsClientAsync(certificate.GetNameInfo(X509NameType.SimpleName, false));
auth[1] = serverSslStream.AuthenticateAsServerAsync(certificate);
bool finished = Task.WaitAll(auth, TestConfiguration.PassingTestTimeoutMilliseconds);
return(finished);
}
}
public void SslStream_StreamToStream_Authentication_Success()
{
VirtualNetwork network = new VirtualNetwork();
using (var clientStream = new VirtualNetworkStream(network, isServer: false))
using (var serverStream = new VirtualNetworkStream(network, isServer: true))
using (var client = new SslStream(clientStream, false, AllowAnyServerCertificate))
using (var server = new SslStream(serverStream))
using (X509Certificate2 certificate = CertificateConfiguration.GetServerCertificate())
{
Task[] auth = new Task[2];
auth[0] = client.AuthenticateAsClientAsync(certificate.GetNameInfo(X509NameType.SimpleName, false));
auth[1] = server.AuthenticateAsServerAsync(certificate);
bool finished = Task.WaitAll(auth, TestConfiguration.PassingTestTimeoutMilliseconds);
Assert.True(finished, "Handshake completed in the allotted time");
}
}
public void SslStream_StreamToStream_Authentication_IncorrectServerName_Fail()
{
VirtualNetwork network = new VirtualNetwork();
using (var clientStream = new VirtualNetworkStream(network, isServer: false))
using (var serverStream = new VirtualNetworkStream(network, isServer: true))
using (var client = new SslStream(clientStream))
using (var server = new SslStream(serverStream))
using (var certificate = CertificateConfiguration.GetServerCertificate())
{
Task[] auth = new Task[2];
auth[0] = client.AuthenticateAsClientAsync("incorrectServer");
auth[1] = server.AuthenticateAsServerAsync(certificate);
Assert.Throws <AuthenticationException>(() =>
{
auth[0].GetAwaiter().GetResult();
});
auth[1].GetAwaiter().GetResult();
}
}
public ServerAsyncAuthenticateTest()
{
_log = TestLogging.GetInstance();
_logVerbose = VerboseTestLogging.GetInstance();
_serverCertificate = CertificateConfiguration.GetServerCertificate();
}
private void OnAccept(Task <TcpClient> result)
{
TcpClient client = null;
// Accept current connection
try
{
client = result.Result;
}
catch
{
}
// If we have a connection, then process it
if (client != null)
{
OnClientAccepted(client);
ClientState state;
// Start authentication for SSL?
if (_useSsl)
{
state = new ClientState(client, _sslEncryptionPolicy);
_log.WriteLine("Server: starting SSL authentication.");
SslStream sslStream = null;
X509Certificate2 certificate = CertificateConfiguration.GetServerCertificate();
try
{
sslStream = (SslStream)state.Stream;
_log.WriteLine("Server: attempting to open SslStream.");
sslStream.AuthenticateAsServerAsync(certificate, false, _sslProtocols, false).ContinueWith(t =>
{
certificate.Dispose();
OnAuthenticate(t, state);
}, TaskScheduler.Default);
}
catch (Exception ex)
{
_log.WriteLine("Server: Exception: {0}", ex);
certificate.Dispose();
state.Dispose(); // close connection to client
}
}
else
{
state = new ClientState(client);
// Start listening for data from the client connection
try
{
state.Stream.BeginRead(state.ReceiveBuffer, 0, state.ReceiveBuffer.Length, OnReceive, state);
}
catch
{
}
}
}
// Listen for more client connections
try
{
_listener.AcceptTcpClientAsync().ContinueWith(t => OnAccept(t), TaskScheduler.Default);
}
catch
{
}
}
