public async Task OnAuthenticate_CanSetSettings() { var loggerProvider = new HandshakeErrorLoggerProvider(); LoggerFactory.AddProvider(loggerProvider); var testCert = _x509Certificate2; var onAuthenticateCalled = false; await using (var server = new TestServer(context => Task.CompletedTask, new TestServiceContext(LoggerFactory), listenOptions => { listenOptions.UseHttps(httpsOptions => { httpsOptions.ServerCertificateSelector = (_, __) => throw new NotImplementedException(); httpsOptions.OnAuthenticate = (connectionContext, authOptions) => { Assert.Null(authOptions.ServerCertificate); Assert.NotNull(authOptions.ServerCertificateSelectionCallback); authOptions.ServerCertificate = testCert; authOptions.ServerCertificateSelectionCallback = null; onAuthenticateCalled = true; }; }); })) { using (var connection = server.CreateConnection()) using (var sslStream = new SslStream(connection.Stream, true, (sender, certificate, chain, errors) => true)) { await sslStream.AuthenticateAsClientAsync("127.0.0.1", clientCertificates : null, enabledSslProtocols : SslProtocols.None, checkCertificateRevocation : false); } } Assert.True(onAuthenticateCalled, "onAuthenticateCalled"); }
public async Task OnAuthenticate_SeesOtherSettings() { var loggerProvider = new HandshakeErrorLoggerProvider(); LoggerFactory.AddProvider(loggerProvider); var testCert = TestResources.GetTestCertificate(); var onAuthenticateCalled = false; await using (var server = new TestServer(context => Task.CompletedTask, new TestServiceContext(LoggerFactory) { ExpectedConnectionMiddlewareCount = 1 }, listenOptions => { listenOptions.UseHttps(httpsOptions => { httpsOptions.ServerCertificate = testCert; httpsOptions.OnAuthenticate = (connectionContext, authOptions) => { Assert.Same(testCert, authOptions.ServerCertificate); onAuthenticateCalled = true; }; }); })) { using (var connection = server.CreateConnection()) using (var sslStream = new SslStream(connection.Stream, true, (sender, certificate, chain, errors) => true)) { await sslStream.AuthenticateAsClientAsync("127.0.0.1", clientCertificates : null, enabledSslProtocols : SslProtocols.Tls11 | SslProtocols.Tls12, checkCertificateRevocation : false); } } Assert.True(onAuthenticateCalled, "onAuthenticateCalled"); }
public async Task HandshakeTimesOutAndIsLoggedAsDebug() { var loggerProvider = new HandshakeErrorLoggerProvider(); LoggerFactory.AddProvider(loggerProvider); var hostBuilder = TransportSelector.GetWebHostBuilder() .UseKestrel(options => { options.Listen(new IPEndPoint(IPAddress.Loopback, 0), listenOptions => { listenOptions.UseHttps(o => { o.ServerCertificate = new X509Certificate2(TestResources.TestCertificatePath, "testPassword"); o.HandshakeTimeout = TimeSpan.FromSeconds(1); }); }); }) .ConfigureServices(AddTestLogging) .Configure(app => app.Run(httpContext => Task.CompletedTask)); using (var host = hostBuilder.Build()) { host.Start(); using (var socket = await HttpClientSlim.GetSocket(new Uri($"https://127.0.0.1:{host.GetPort()}/"))) using (var stream = new NetworkStream(socket, ownsSocket: false)) { // No data should be sent and the connection should be closed in well under 30 seconds. Assert.Equal(0, await stream.ReadAsync(new byte[1], 0, 1).TimeoutAfter(TestConstants.DefaultTimeout)); } } await loggerProvider.FilterLogger.LogTcs.Task.TimeoutAfter(TestConstants.DefaultTimeout); Assert.Equal(2, loggerProvider.FilterLogger.LastEventId); Assert.Equal(LogLevel.Debug, loggerProvider.FilterLogger.LastLogLevel); }
public async Task ClientAttemptingToUseUnsupportedProtocolIsLoggedAsDebug() { var loggerProvider = new HandshakeErrorLoggerProvider(); LoggerFactory.AddProvider(loggerProvider); var hostBuilder = TransportSelector.GetWebHostBuilder() .UseKestrel(options => { options.Listen(new IPEndPoint(IPAddress.Loopback, 0), listenOptions => { listenOptions.UseHttps(TestResources.TestCertificatePath, "testPassword"); }); }) .ConfigureServices(AddTestLogging) .Configure(app => app.Run(httpContext => Task.CompletedTask)); using (var host = hostBuilder.Build()) { host.Start(); using (var socket = await HttpClientSlim.GetSocket(new Uri($"https://127.0.0.1:{host.GetPort()}/"))) using (var stream = new NetworkStream(socket, ownsSocket: false)) using (var sslStream = new SslStream(stream, true, (sender, certificate, chain, errors) => true)) { // SslProtocols.Tls is TLS 1.0 which isn't supported by Kestrel by default. await Assert.ThrowsAsync <IOException>(() => sslStream.AuthenticateAsClientAsync("127.0.0.1", clientCertificates: null, enabledSslProtocols: SslProtocols.Tls, checkCertificateRevocation: false)); } } await loggerProvider.FilterLogger.LogTcs.Task.TimeoutAfter(TestConstants.DefaultTimeout); Assert.Equal(1, loggerProvider.FilterLogger.LastEventId); Assert.Equal(LogLevel.Debug, loggerProvider.FilterLogger.LastLogLevel); }
public async Task DoesNotThrowObjectDisposedExceptionOnEmptyConnection() { var loggerProvider = new HandshakeErrorLoggerProvider(); LoggerFactory.AddProvider(loggerProvider); using (var server = new TestServer(context => Task.CompletedTask, new TestServiceContext(LoggerFactory), listenOptions => { listenOptions.UseHttps(TestResources.TestCertificatePath, "testPassword"); })) { using (var connection = server.CreateConnection()) using (var sslStream = new SslStream(connection.Stream, true, (sender, certificate, chain, errors) => true)) { await sslStream.AuthenticateAsClientAsync("127.0.0.1", clientCertificates : null, enabledSslProtocols : SslProtocols.Tls11 | SslProtocols.Tls12, checkCertificateRevocation : false); } } Assert.False(loggerProvider.ErrorLogger.ObjectDisposedExceptionLogged); }
public async Task ClientHandshakeFailureLoggedAsDebug() { var loggerProvider = new HandshakeErrorLoggerProvider(); LoggerFactory.AddProvider(loggerProvider); var hostBuilder = TransportSelector.GetWebHostBuilder() .UseKestrel(options => { options.Listen(new IPEndPoint(IPAddress.Loopback, 0), listenOptions => { listenOptions.UseHttps(TestResources.TestCertificatePath, "testPassword"); }); }) .ConfigureServices(AddTestLogging) .Configure(app => { }); using (var host = hostBuilder.Build()) { host.Start(); using (var socket = await HttpClientSlim.GetSocket(new Uri($"https://127.0.0.1:{host.GetPort()}/"))) using (var stream = new NetworkStream(socket)) { // Send null bytes and close socket await stream.WriteAsync(new byte[10], 0, 10); } await loggerProvider.FilterLogger.LogTcs.Task.TimeoutAfter(TestConstants.DefaultTimeout); } Assert.Equal(1, loggerProvider.FilterLogger.LastEventId.Id); Assert.Equal(LogLevel.Debug, loggerProvider.FilterLogger.LastLogLevel); Assert.True(loggerProvider.ErrorLogger.TotalErrorsLogged == 0, userMessage: string.Join(Environment.NewLine, loggerProvider.ErrorLogger.ErrorMessages)); }
public async Task DoesNotThrowObjectDisposedExceptionOnConnectionAbort() { var loggerProvider = new HandshakeErrorLoggerProvider(); LoggerFactory.AddProvider(loggerProvider); var hostBuilder = TransportSelector.GetWebHostBuilder() .UseKestrel(options => { options.Listen(new IPEndPoint(IPAddress.Loopback, 0), listenOptions => { listenOptions.UseHttps(TestResources.TestCertificatePath, "testPassword"); }); }) .ConfigureServices(AddTestLogging) .ConfigureLogging(builder => builder.AddProvider(loggerProvider)) .Configure(app => app.Run(async httpContext => { var ct = httpContext.RequestAborted; while (!ct.IsCancellationRequested) { try { await httpContext.Response.WriteAsync($"hello, world", ct); await Task.Delay(1000, ct); } catch (TaskCanceledException) { // Don't regard connection abort as an error } } })); using (var host = hostBuilder.Build()) { host.Start(); using (var socket = await HttpClientSlim.GetSocket(new Uri($"https://127.0.0.1:{host.GetPort()}/"))) using (var stream = new NetworkStream(socket, ownsSocket: false)) using (var sslStream = new SslStream(stream, true, (sender, certificate, chain, errors) => true)) { await sslStream.AuthenticateAsClientAsync("127.0.0.1", clientCertificates : null, enabledSslProtocols : SslProtocols.Tls11 | SslProtocols.Tls12, checkCertificateRevocation : false); var request = Encoding.ASCII.GetBytes("GET / HTTP/1.1\r\nHost:\r\n\r\n"); await sslStream.WriteAsync(request, 0, request.Length); // Temporary workaround for a deadlock when reading from an aborted client SslStream on Mac and Linux. if (TestPlatformHelper.IsWindows) { await sslStream.ReadAsync(new byte[32], 0, 32); } else { await stream.ReadAsync(new byte[32], 0, 32); } } } Assert.False(loggerProvider.ErrorLogger.ObjectDisposedExceptionLogged); }