public async Task ServerNoEncryption_ClientRequireEncryption_NoConnect() { (NetworkStream clientStream, NetworkStream serverStream) = TestHelper.GetConnectedTcpStreams(); using (clientStream) using (serverStream) { using (var client = new SslStream(clientStream, false, TestHelper.AllowAnyServerCertificate, null, EncryptionPolicy.RequireEncryption)) using (var server = new SslStream(serverStream, false, TestHelper.AllowAnyServerCertificate, null, EncryptionPolicy.NoEncryption)) { Task serverTask = server.AuthenticateAsServerAsync(TestConfiguration.ServerCertificate); await Assert.ThrowsAsync <AuthenticationException>(() => client.AuthenticateAsClientAsync("localhost", null, SslProtocolSupport.DefaultSslProtocols, false)); try { await serverTask; } catch (Exception ex) { // serverTask will fail. Log server error in case the test fails. _log.WriteLine(ex.ToString()); } } } }
public async Task ServerNoEncryption_ClientPermitsNoEncryption_ConnectWithNoEncryption(EncryptionPolicy policy) { (NetworkStream clientStream, NetworkStream serverStream) = TestHelper.GetConnectedTcpStreams(); using (clientStream) using (serverStream) { using (var client = new SslStream(clientStream, false, TestHelper.AllowAnyServerCertificate, null, policy)) using (var server = new SslStream(serverStream, false, TestHelper.AllowAnyServerCertificate, null, EncryptionPolicy.NoEncryption)) { #pragma warning disable SYSLIB0039 // TLS 1.0 and 1.1 are obsolete await TestConfiguration.WhenAllOrAnyFailedWithTimeout( // null encryption is not permitted with Tls13 client.AuthenticateAsClientAsync("localhost", null, SslProtocols.Tls | SslProtocols.Tls11 | SslProtocols.Tls12, false), server.AuthenticateAsServerAsync(TestConfiguration.ServerCertificate)); #pragma warning restore SYSLIB0039 _log.WriteLine("Client authenticated to server({0}) with encryption cipher: {1} {2}-bit strength", serverStream.Socket.RemoteEndPoint, client.CipherAlgorithm, client.CipherStrength); Assert.Equal(CipherAlgorithmType.Null, client.CipherAlgorithm); Assert.Equal(0, client.CipherStrength); } } }
public async Task ServerRequireEncryption_ClientNoEncryption_NoConnect() { (NetworkStream clientStream, NetworkStream serverStream) = TestHelper.GetConnectedTcpStreams(); using (clientStream) using (serverStream) { using (var client = new SslStream(clientStream, false, TestHelper.AllowAnyServerCertificate, null, EncryptionPolicy.NoEncryption)) using (var server = new SslStream(serverStream)) { Task serverTask = server.AuthenticateAsServerAsync(TestConfiguration.ServerCertificate); #pragma warning disable SYSLIB0039 // TLS 1.0 and 1.1 are obsolete await Assert.ThrowsAsync(TestConfiguration.SupportsHandshakeAlerts?typeof(AuthenticationException) : typeof(IOException), () => client.AuthenticateAsClientAsync("localhost", null, SslProtocols.Tls | SslProtocols.Tls11 | SslProtocols.Tls12, false)); #pragma warning restore SYSLIB0039 try { await serverTask.WaitAsync(TestConfiguration.PassingTestTimeout); } catch (Exception ex) { // This will fail. Log server error in case test fails. _log.WriteLine(ex.ToString()); } } } }
public async Task ServerAsyncAuthenticate_InvalidHello_Throws(bool close) { (NetworkStream client, NetworkStream server) = TestHelper.GetConnectedTcpStreams(); using (client) using (SslStream ssl = new SslStream(server)) { byte[] buffer = new byte[182]; buffer[0] = 178; buffer[1] = 0; buffer[2] = 0; buffer[3] = 1; buffer[4] = 133; buffer[5] = 166; Task t1 = ssl.AuthenticateAsServerAsync(_serverCertificate, false, false); Task t2 = client.WriteAsync(buffer).AsTask(); if (close) { await t2.WaitAsync(TestConfiguration.PassingTestTimeout); client.Socket.Shutdown(SocketShutdown.Send); } else { // Write enough data to full frame size buffer = new byte[13000]; t2 = client.WriteAsync(buffer).AsTask(); await t2.WaitAsync(TestConfiguration.PassingTestTimeout); } await Assert.ThrowsAsync <AuthenticationException>(() => t1); } }
public async Task ClientDefaultEncryption_ServerNoEncryption_NoConnect() { (NetworkStream clientStream, NetworkStream serverStream) = TestHelper.GetConnectedTcpStreams(); using (clientStream) using (serverStream) { using (var client = new SslStream(clientStream, false, TestHelper.AllowAnyServerCertificate, null)) #pragma warning disable SYSLIB0040// NoEncryption and AllowNoEncryption are obsolete using (var server = new SslStream(serverStream, false, TestHelper.AllowAnyServerCertificate, null, EncryptionPolicy.NoEncryption)) #pragma warning restore SYSLIB0040 { Task serverTask = server.AuthenticateAsServerAsync(TestConfiguration.ServerCertificate); await Assert.ThrowsAsync <AuthenticationException>(() => client.AuthenticateAsClientAsync("localhost", null, SslProtocolSupport.DefaultSslProtocols, false)); try { await serverTask.WaitAsync(TestConfiguration.PassingTestTimeout); } catch (Exception ex) { // serverTask will fail. // We generally don't care but can log exception to help diagnose test failures _log.WriteLine(ex.ToString()); } } } }
public async Task ServerRequireEncryption_ClientAllowNoEncryption_ConnectWithEncryption() { (NetworkStream clientStream, NetworkStream serverStream) = TestHelper.GetConnectedTcpStreams(); using (clientStream) using (serverStream) { using (var client = new SslStream(clientStream, false, TestHelper.AllowAnyServerCertificate, null, EncryptionPolicy.AllowNoEncryption)) using (var server = new SslStream(serverStream)) { await TestConfiguration.WhenAllOrAnyFailedWithTimeout( client.AuthenticateAsClientAsync("localhost", null, SslProtocolSupport.DefaultSslProtocols, false), server.AuthenticateAsServerAsync(TestConfiguration.ServerCertificate)); _log.WriteLine("Client authenticated to server({0}) with encryption cipher: {1} {2}-bit strength", clientStream.Socket.RemoteEndPoint, client.CipherAlgorithm, client.CipherStrength); Assert.True(client.CipherAlgorithm != CipherAlgorithmType.Null, "Cipher algorithm should not be NULL"); Assert.True(client.CipherStrength > 0, "Cipher strength should be greater than 0"); } } }
public async Task ServerAllowNoEncryption_ClientAllowNoEncryption_ConnectWithEncryption() { (NetworkStream clientStream, NetworkStream serverStream) = TestHelper.GetConnectedTcpStreams(); using (clientStream) using (serverStream) { #pragma warning disable SYSLIB0040 // NoEncryption and AllowNoEncryption are obsolete using (var client = new SslStream(clientStream, false, TestHelper.AllowAnyServerCertificate, null, EncryptionPolicy.AllowNoEncryption)) using (var server = new SslStream(serverStream, false, TestHelper.AllowAnyServerCertificate, null, EncryptionPolicy.AllowNoEncryption)) #pragma warning restore SYSLIB0040 { await TestConfiguration.WhenAllOrAnyFailedWithTimeout( client.AuthenticateAsClientAsync("localhost", null, SslProtocols.None, false), server.AuthenticateAsServerAsync(TestConfiguration.ServerCertificate)); _log.WriteLine("Client authenticated to server({0}) with encryption cipher: {1} {2}-bit strength", clientStream.Socket.RemoteEndPoint, client.CipherAlgorithm, client.CipherStrength); Assert.NotEqual(CipherAlgorithmType.Null, client.CipherAlgorithm); Assert.True(client.CipherStrength > 0, "Cipher strength should be greater than 0"); } } }
protected override Task <StreamPair> CreateConnectedStreamsAsync() => CreateWrappedConnectedStreamsAsync(TestHelper.GetConnectedTcpStreams());
private async Task ServerAsyncSslHelper( SslProtocols clientSslProtocols, SslProtocols serverSslProtocols, bool expectedToFail = false) { _log.WriteLine( "Server: " + serverSslProtocols + "; Client: " + clientSslProtocols + " expectedToFail: " + expectedToFail); (NetworkStream clientStream, NetworkStream serverStream) = TestHelper.GetConnectedTcpStreams(); using (SslStream sslServerStream = new SslStream( serverStream, false, AllowEmptyClientCertificate)) using (SslStream sslClientStream = new SslStream( clientStream, false, delegate { // Allow any certificate from the server. // Note that simply ignoring exceptions from AuthenticateAsClientAsync() is not enough // because in Mono, certificate validation is performed during the handshake and a failure // would result in the connection being terminated before the handshake completed, thus // making the server-side AuthenticateAsServerAsync() fail as well. return(true); })) { string serverName = _serverCertificate.GetNameInfo(X509NameType.SimpleName, false); _log.WriteLine("Connected on {0} {1} ({2} {3})", clientStream.Socket.LocalEndPoint, clientStream.Socket.RemoteEndPoint, clientStream.Socket.Handle, serverStream.Socket.Handle); _log.WriteLine("client SslStream#{0} server SslStream#{1}", sslClientStream.GetHashCode(), sslServerStream.GetHashCode()); _logVerbose.WriteLine("ServerAsyncAuthenticateTest.AuthenticateAsClientAsync start."); Task clientAuthentication = sslClientStream.AuthenticateAsClientAsync( serverName, null, clientSslProtocols, false); _logVerbose.WriteLine("ServerAsyncAuthenticateTest.AuthenticateAsServerAsync start."); Task serverAuthentication = sslServerStream.AuthenticateAsServerAsync( _serverCertificate, true, serverSslProtocols, false); try { await clientAuthentication.TimeoutAfter(TestConfiguration.PassingTestTimeoutMilliseconds); _logVerbose.WriteLine("ServerAsyncAuthenticateTest.clientAuthentication complete."); } catch (Exception ex) { // Ignore client-side errors: we're only interested in server-side behavior. _log.WriteLine("Client exception : " + ex); clientStream.Socket.Shutdown(SocketShutdown.Send); } await serverAuthentication.TimeoutAfter(TestConfiguration.PassingTestTimeoutMilliseconds); _logVerbose.WriteLine("ServerAsyncAuthenticateTest.serverAuthentication complete."); _log.WriteLine( "Server({0}) authenticated with encryption cipher: {1} {2}-bit strength", serverStream.Socket.LocalEndPoint, sslServerStream.CipherAlgorithm, sslServerStream.CipherStrength); Assert.True( sslServerStream.CipherAlgorithm != CipherAlgorithmType.Null, "Cipher algorithm should not be NULL"); Assert.True(sslServerStream.CipherStrength > 0, "Cipher strength should be greater than 0"); } }
public SslStreamSystemDefaultTest() { (Stream clientNet, Stream serverNet) = TestHelper.GetConnectedTcpStreams(); _clientStream = new SslStream(clientNet, false, ClientCertCallback); _serverStream = new SslStream(serverNet, false, ServerCertCallback); }
public async Task SslStream_RandomSizeWrites_OK(int bufferSize, int readBufferSize, int writeBufferSize, bool useAsync) { byte[] dataToCopy = RandomNumberGenerator.GetBytes(bufferSize); byte[] dataReceived = new byte[dataToCopy.Length + readBufferSize]; // make the buffer bigger to have chance to read more var clientOptions = new SslClientAuthenticationOptions() { TargetHost = "localhost" }; clientOptions.RemoteCertificateValidationCallback = (sender, certificate, chain, sslPolicyErrors) => true; var serverOptions = new SslServerAuthenticationOptions(); serverOptions.ServerCertificateContext = SslStreamCertificateContext.Create(Configuration.Certificates.GetServerCertificate(), null); (Stream clientStream, Stream serverStream) = TestHelper.GetConnectedTcpStreams(); using (clientStream) using (serverStream) using (SslStream client = new SslStream(new RandomReadWriteSizeStream(clientStream, readBufferSize))) using (SslStream server = new SslStream(new RandomReadWriteSizeStream(serverStream))) { Task t1 = client.AuthenticateAsClientAsync(clientOptions, CancellationToken.None); Task t2 = server.AuthenticateAsServerAsync(serverOptions, CancellationToken.None); await TestConfiguration.WhenAllOrAnyFailedWithTimeout(t1, t2); Task writer = Task.Run(() => { Memory <byte> data = new Memory <byte>(dataToCopy); while (data.Length > 0) { int writeLength = Math.Min(data.Length, writeBufferSize); if (useAsync) { server.WriteAsync(data.Slice(0, writeLength)).GetAwaiter().GetResult(); } else { server.Write(data.Span.Slice(0, writeLength)); } data = data.Slice(Math.Min(writeBufferSize, data.Length)); } server.ShutdownAsync().GetAwaiter().GetResult(); }); Task reader = Task.Run(() => { Memory <byte> readBuffer = new Memory <byte>(dataReceived); int totalLength = 0; int readLength; while (true) { if (useAsync) { readLength = client.ReadAsync(readBuffer.Slice(totalLength, readBufferSize)).GetAwaiter().GetResult(); } else { readLength = client.Read(readBuffer.Span.Slice(totalLength, readBufferSize)); } if (readLength == 0) { break; } totalLength += readLength; Assert.True(totalLength <= bufferSize); } Assert.Equal(bufferSize, totalLength); AssertExtensions.SequenceEqual(dataToCopy.AsSpan(), dataReceived.AsSpan().Slice(0, totalLength)); }); await TestConfiguration.WhenAllOrAnyFailedWithTimeout(writer, reader); } }