public async Task ServerNoEncryption_ClientRequireEncryption_NoConnect()
{
(NetworkStream clientStream, NetworkStream serverStream) = TestHelper.GetConnectedTcpStreams();
using (clientStream)
using (serverStream)
{
using (var client = new SslStream(clientStream, false, TestHelper.AllowAnyServerCertificate, null, EncryptionPolicy.RequireEncryption))
using (var server = new SslStream(serverStream, false, TestHelper.AllowAnyServerCertificate, null, EncryptionPolicy.NoEncryption))
{
Task serverTask = server.AuthenticateAsServerAsync(TestConfiguration.ServerCertificate);
await Assert.ThrowsAsync <AuthenticationException>(() =>
client.AuthenticateAsClientAsync("localhost", null, SslProtocolSupport.DefaultSslProtocols, false));
try
{
await serverTask;
}
catch (Exception ex)
{
// serverTask will fail. Log server error in case the test fails.
_log.WriteLine(ex.ToString());
}
}
}
}
public async Task ServerNoEncryption_ClientPermitsNoEncryption_ConnectWithNoEncryption(EncryptionPolicy policy)
{
(NetworkStream clientStream, NetworkStream serverStream) = TestHelper.GetConnectedTcpStreams();
using (clientStream)
using (serverStream)
{
using (var client = new SslStream(clientStream, false, TestHelper.AllowAnyServerCertificate, null, policy))
using (var server = new SslStream(serverStream, false, TestHelper.AllowAnyServerCertificate, null, EncryptionPolicy.NoEncryption))
{
#pragma warning disable SYSLIB0039 // TLS 1.0 and 1.1 are obsolete
await TestConfiguration.WhenAllOrAnyFailedWithTimeout(
// null encryption is not permitted with Tls13
client.AuthenticateAsClientAsync("localhost", null, SslProtocols.Tls | SslProtocols.Tls11 | SslProtocols.Tls12, false),
server.AuthenticateAsServerAsync(TestConfiguration.ServerCertificate));
#pragma warning restore SYSLIB0039
_log.WriteLine("Client authenticated to server({0}) with encryption cipher: {1} {2}-bit strength",
serverStream.Socket.RemoteEndPoint, client.CipherAlgorithm, client.CipherStrength);
Assert.Equal(CipherAlgorithmType.Null, client.CipherAlgorithm);
Assert.Equal(0, client.CipherStrength);
}
}
}
public async Task ServerRequireEncryption_ClientNoEncryption_NoConnect()
{
(NetworkStream clientStream, NetworkStream serverStream) = TestHelper.GetConnectedTcpStreams();
using (clientStream)
using (serverStream)
{
using (var client = new SslStream(clientStream, false, TestHelper.AllowAnyServerCertificate, null, EncryptionPolicy.NoEncryption))
using (var server = new SslStream(serverStream))
{
Task serverTask = server.AuthenticateAsServerAsync(TestConfiguration.ServerCertificate);
#pragma warning disable SYSLIB0039 // TLS 1.0 and 1.1 are obsolete
await Assert.ThrowsAsync(TestConfiguration.SupportsHandshakeAlerts?typeof(AuthenticationException) : typeof(IOException), () =>
client.AuthenticateAsClientAsync("localhost", null, SslProtocols.Tls | SslProtocols.Tls11 | SslProtocols.Tls12, false));
#pragma warning restore SYSLIB0039
try
{
await serverTask.WaitAsync(TestConfiguration.PassingTestTimeout);
}
catch (Exception ex)
{
// This will fail. Log server error in case test fails.
_log.WriteLine(ex.ToString());
}
}
}
}
public async Task ServerAsyncAuthenticate_InvalidHello_Throws(bool close)
{
(NetworkStream client, NetworkStream server) = TestHelper.GetConnectedTcpStreams();
using (client)
using (SslStream ssl = new SslStream(server))
{
byte[] buffer = new byte[182];
buffer[0] = 178;
buffer[1] = 0;
buffer[2] = 0;
buffer[3] = 1;
buffer[4] = 133;
buffer[5] = 166;
Task t1 = ssl.AuthenticateAsServerAsync(_serverCertificate, false, false);
Task t2 = client.WriteAsync(buffer).AsTask();
if (close)
{
await t2.WaitAsync(TestConfiguration.PassingTestTimeout);
client.Socket.Shutdown(SocketShutdown.Send);
}
else
{
// Write enough data to full frame size
buffer = new byte[13000];
t2 = client.WriteAsync(buffer).AsTask();
await t2.WaitAsync(TestConfiguration.PassingTestTimeout);
}
await Assert.ThrowsAsync <AuthenticationException>(() => t1);
}
}
public async Task ClientDefaultEncryption_ServerNoEncryption_NoConnect()
{
(NetworkStream clientStream, NetworkStream serverStream) = TestHelper.GetConnectedTcpStreams();
using (clientStream)
using (serverStream)
{
using (var client = new SslStream(clientStream, false, TestHelper.AllowAnyServerCertificate, null))
#pragma warning disable SYSLIB0040// NoEncryption and AllowNoEncryption are obsolete
using (var server = new SslStream(serverStream, false, TestHelper.AllowAnyServerCertificate, null, EncryptionPolicy.NoEncryption))
#pragma warning restore SYSLIB0040
{
Task serverTask = server.AuthenticateAsServerAsync(TestConfiguration.ServerCertificate);
await Assert.ThrowsAsync <AuthenticationException>(() =>
client.AuthenticateAsClientAsync("localhost", null, SslProtocolSupport.DefaultSslProtocols, false));
try
{
await serverTask.WaitAsync(TestConfiguration.PassingTestTimeout);
}
catch (Exception ex)
{
// serverTask will fail.
// We generally don't care but can log exception to help diagnose test failures
_log.WriteLine(ex.ToString());
}
}
}
}
public async Task ServerRequireEncryption_ClientAllowNoEncryption_ConnectWithEncryption()
{
(NetworkStream clientStream, NetworkStream serverStream) = TestHelper.GetConnectedTcpStreams();
using (clientStream)
using (serverStream)
{
using (var client = new SslStream(clientStream, false, TestHelper.AllowAnyServerCertificate, null, EncryptionPolicy.AllowNoEncryption))
using (var server = new SslStream(serverStream))
{
await TestConfiguration.WhenAllOrAnyFailedWithTimeout(
client.AuthenticateAsClientAsync("localhost", null, SslProtocolSupport.DefaultSslProtocols, false),
server.AuthenticateAsServerAsync(TestConfiguration.ServerCertificate));
_log.WriteLine("Client authenticated to server({0}) with encryption cipher: {1} {2}-bit strength",
clientStream.Socket.RemoteEndPoint, client.CipherAlgorithm, client.CipherStrength);
Assert.True(client.CipherAlgorithm != CipherAlgorithmType.Null, "Cipher algorithm should not be NULL");
Assert.True(client.CipherStrength > 0, "Cipher strength should be greater than 0");
}
}
}
public async Task ServerAllowNoEncryption_ClientAllowNoEncryption_ConnectWithEncryption()
{
(NetworkStream clientStream, NetworkStream serverStream) = TestHelper.GetConnectedTcpStreams();
using (clientStream)
using (serverStream)
{
#pragma warning disable SYSLIB0040 // NoEncryption and AllowNoEncryption are obsolete
using (var client = new SslStream(clientStream, false, TestHelper.AllowAnyServerCertificate, null, EncryptionPolicy.AllowNoEncryption))
using (var server = new SslStream(serverStream, false, TestHelper.AllowAnyServerCertificate, null, EncryptionPolicy.AllowNoEncryption))
#pragma warning restore SYSLIB0040
{
await TestConfiguration.WhenAllOrAnyFailedWithTimeout(
client.AuthenticateAsClientAsync("localhost", null, SslProtocols.None, false),
server.AuthenticateAsServerAsync(TestConfiguration.ServerCertificate));
_log.WriteLine("Client authenticated to server({0}) with encryption cipher: {1} {2}-bit strength",
clientStream.Socket.RemoteEndPoint, client.CipherAlgorithm, client.CipherStrength);
Assert.NotEqual(CipherAlgorithmType.Null, client.CipherAlgorithm);
Assert.True(client.CipherStrength > 0, "Cipher strength should be greater than 0");
}
}
}
protected override Task <StreamPair> CreateConnectedStreamsAsync() => CreateWrappedConnectedStreamsAsync(TestHelper.GetConnectedTcpStreams());
private async Task ServerAsyncSslHelper(
SslProtocols clientSslProtocols,
SslProtocols serverSslProtocols,
bool expectedToFail = false)
{
_log.WriteLine(
"Server: " + serverSslProtocols + "; Client: " + clientSslProtocols +
" expectedToFail: " + expectedToFail);
(NetworkStream clientStream, NetworkStream serverStream) = TestHelper.GetConnectedTcpStreams();
using (SslStream sslServerStream = new SslStream(
serverStream,
false,
AllowEmptyClientCertificate))
using (SslStream sslClientStream = new SslStream(
clientStream,
false,
delegate {
// Allow any certificate from the server.
// Note that simply ignoring exceptions from AuthenticateAsClientAsync() is not enough
// because in Mono, certificate validation is performed during the handshake and a failure
// would result in the connection being terminated before the handshake completed, thus
// making the server-side AuthenticateAsServerAsync() fail as well.
return(true);
}))
{
string serverName = _serverCertificate.GetNameInfo(X509NameType.SimpleName, false);
_log.WriteLine("Connected on {0} {1} ({2} {3})", clientStream.Socket.LocalEndPoint, clientStream.Socket.RemoteEndPoint, clientStream.Socket.Handle, serverStream.Socket.Handle);
_log.WriteLine("client SslStream#{0} server SslStream#{1}", sslClientStream.GetHashCode(), sslServerStream.GetHashCode());
_logVerbose.WriteLine("ServerAsyncAuthenticateTest.AuthenticateAsClientAsync start.");
Task clientAuthentication = sslClientStream.AuthenticateAsClientAsync(
serverName,
null,
clientSslProtocols,
false);
_logVerbose.WriteLine("ServerAsyncAuthenticateTest.AuthenticateAsServerAsync start.");
Task serverAuthentication = sslServerStream.AuthenticateAsServerAsync(
_serverCertificate,
true,
serverSslProtocols,
false);
try
{
await clientAuthentication.TimeoutAfter(TestConfiguration.PassingTestTimeoutMilliseconds);
_logVerbose.WriteLine("ServerAsyncAuthenticateTest.clientAuthentication complete.");
}
catch (Exception ex)
{
// Ignore client-side errors: we're only interested in server-side behavior.
_log.WriteLine("Client exception : " + ex);
clientStream.Socket.Shutdown(SocketShutdown.Send);
}
await serverAuthentication.TimeoutAfter(TestConfiguration.PassingTestTimeoutMilliseconds);
_logVerbose.WriteLine("ServerAsyncAuthenticateTest.serverAuthentication complete.");
_log.WriteLine(
"Server({0}) authenticated with encryption cipher: {1} {2}-bit strength",
serverStream.Socket.LocalEndPoint,
sslServerStream.CipherAlgorithm,
sslServerStream.CipherStrength);
Assert.True(
sslServerStream.CipherAlgorithm != CipherAlgorithmType.Null,
"Cipher algorithm should not be NULL");
Assert.True(sslServerStream.CipherStrength > 0, "Cipher strength should be greater than 0");
}
}
public SslStreamSystemDefaultTest()
{
(Stream clientNet, Stream serverNet) = TestHelper.GetConnectedTcpStreams();
_clientStream = new SslStream(clientNet, false, ClientCertCallback);
_serverStream = new SslStream(serverNet, false, ServerCertCallback);
}
public async Task SslStream_RandomSizeWrites_OK(int bufferSize, int readBufferSize, int writeBufferSize, bool useAsync)
{
byte[] dataToCopy = RandomNumberGenerator.GetBytes(bufferSize);
byte[] dataReceived = new byte[dataToCopy.Length + readBufferSize]; // make the buffer bigger to have chance to read more
var clientOptions = new SslClientAuthenticationOptions()
{
TargetHost = "localhost"
};
clientOptions.RemoteCertificateValidationCallback = (sender, certificate, chain, sslPolicyErrors) => true;
var serverOptions = new SslServerAuthenticationOptions();
serverOptions.ServerCertificateContext = SslStreamCertificateContext.Create(Configuration.Certificates.GetServerCertificate(), null);
(Stream clientStream, Stream serverStream) = TestHelper.GetConnectedTcpStreams();
using (clientStream)
using (serverStream)
using (SslStream client = new SslStream(new RandomReadWriteSizeStream(clientStream, readBufferSize)))
using (SslStream server = new SslStream(new RandomReadWriteSizeStream(serverStream)))
{
Task t1 = client.AuthenticateAsClientAsync(clientOptions, CancellationToken.None);
Task t2 = server.AuthenticateAsServerAsync(serverOptions, CancellationToken.None);
await TestConfiguration.WhenAllOrAnyFailedWithTimeout(t1, t2);
Task writer = Task.Run(() =>
{
Memory <byte> data = new Memory <byte>(dataToCopy);
while (data.Length > 0)
{
int writeLength = Math.Min(data.Length, writeBufferSize);
if (useAsync)
{
server.WriteAsync(data.Slice(0, writeLength)).GetAwaiter().GetResult();
}
else
{
server.Write(data.Span.Slice(0, writeLength));
}
data = data.Slice(Math.Min(writeBufferSize, data.Length));
}
server.ShutdownAsync().GetAwaiter().GetResult();
});
Task reader = Task.Run(() =>
{
Memory <byte> readBuffer = new Memory <byte>(dataReceived);
int totalLength = 0;
int readLength;
while (true)
{
if (useAsync)
{
readLength = client.ReadAsync(readBuffer.Slice(totalLength, readBufferSize)).GetAwaiter().GetResult();
}
else
{
readLength = client.Read(readBuffer.Span.Slice(totalLength, readBufferSize));
}
if (readLength == 0)
{
break;
}
totalLength += readLength;
Assert.True(totalLength <= bufferSize);
}
Assert.Equal(bufferSize, totalLength);
AssertExtensions.SequenceEqual(dataToCopy.AsSpan(), dataReceived.AsSpan().Slice(0, totalLength));
});
await TestConfiguration.WhenAllOrAnyFailedWithTimeout(writer, reader);
}
}
