public void NegotiateStream_StreamToStream_NtlmAuthentication_NtlmUser_InvalidCredentials_Fail(NetworkCredential credential) { if (!_isNtlmAvailable) { _output.WriteLine("skipping NegotiateStream_StreamToStream_NtlmAuthentication_NtlmUser_InvalidCredentials_Fail"); return; } VirtualNetwork network = new VirtualNetwork(); using (var clientStream = new VirtualNetworkStream(network, isServer: false)) using (var serverStream = new VirtualNetworkStream(network, isServer: true)) using (var client = new NegotiateStream(clientStream)) using (var server = new UnixGssFakeNegotiateStream(serverStream)) { Assert.False(client.IsAuthenticated, "client.IsAuthenticated"); Assert.ThrowsAsync <AuthenticationException>(() => server.AuthenticateAsServerAsync()); Assert.ThrowsAsync <AuthenticationException>(() => client.AuthenticateAsClientAsync(credential, _testTarget, ProtectionLevel.None, TokenImpersonationLevel.Identification)); } }
public async Task SslStream_ServerLocalCertificateSelectionCallbackReturnsNull_Throw() { VirtualNetwork network = new VirtualNetwork(); var selectionCallback = new LocalCertificateSelectionCallback((object sender, string targetHost, X509CertificateCollection localCertificates, X509Certificate remoteCertificate, string[] issuers) => { return(null); }); using (var clientStream = new VirtualNetworkStream(network, isServer: false)) using (var serverStream = new VirtualNetworkStream(network, isServer: true)) using (var client = new SslStream(clientStream, false, AllowAnyServerCertificate)) using (var server = new SslStream(serverStream, false, null, selectionCallback)) using (X509Certificate2 certificate = Configuration.Certificates.GetServerCertificate()) { await Assert.ThrowsAsync <NotSupportedException>(async() => await TestConfiguration.WhenAllOrAnyFailedWithTimeout(client.AuthenticateAsClientAsync(certificate.GetNameInfo(X509NameType.SimpleName, false)), server.AuthenticateAsServerAsync(certificate)) ); } }
public void NegotiateStream_StreamToStream_KerberosAuthDefaultCredentialsNoSeed_Failure() { if (!_isKrbAvailable) { _output.WriteLine("skipping NegotiateStream_StreamToStream_KerberosAuthDefaultCredentialsNoSeed_Failure"); return; } VirtualNetwork network = new VirtualNetwork(); using (var clientStream = new VirtualNetworkStream(network, isServer: false)) using (var client = new NegotiateStream(clientStream)) { Assert.False(client.IsAuthenticated, "client is not authenticated before AuthenticateAsClient call"); string user = string.Format("{0}@{1}", TestConfiguration.KerberosUser, TestConfiguration.Realm); string target = string.Format("{0}@{1}", TestConfiguration.HostTarget, TestConfiguration.Realm); Assert.ThrowsAsync <AuthenticationException>(() => client.AuthenticateAsClientAsync(CredentialCache.DefaultNetworkCredentials, target)); } }
public async Task NegotiateStream_SPNRequirmentNotMeet_Throws() { var network = new VirtualNetwork(); var snc = new List <string> { "serviceName" }; // PolicyEnforcement.Always will force clientSpn check. var policy = new ExtendedProtectionPolicy(PolicyEnforcement.Always, ProtectionScenario.TransportSelected, new ServiceNameCollection(snc)); using (var clientStream = new VirtualNetworkStream(network, isServer: false)) using (var serverStream = new VirtualNetworkStream(network, isServer: true)) using (var client = new NegotiateStream(clientStream)) using (var server = new NegotiateStream(serverStream)) { await TestConfiguration.WhenAllOrAnyFailedWithTimeout( Assert.ThrowsAsync <AuthenticationException>(() => client.AuthenticateAsClientAsync(CredentialCache.DefaultNetworkCredentials, string.Empty)), Assert.ThrowsAsync <AuthenticationException>(() => server.AuthenticateAsServerAsync(policy))); } }
public void NegotiateStream_StreamToStream_NtlmAuthentication_ValidCredentials_Success(NetworkCredential credential) { if (!_isNtlmAvailable) { _output.WriteLine("skipping NegotiateStream_StreamToStream_NtlmAuthentication_ValidCredentials_Success"); return; } VirtualNetwork network = new VirtualNetwork(); using (var clientStream = new VirtualNetworkStream(network, isServer: false)) using (var serverStream = new VirtualNetworkStream(network, isServer: true)) using (var client = new NegotiateStream(clientStream)) using (var server = new UnixGssFakeNegotiateStream(serverStream)) { Assert.False(client.IsAuthenticated, "client.IsAuthenticated"); Assert.False(server.IsAuthenticated, "server.IsAuthenticated"); Task[] auth = new Task[] { client.AuthenticateAsClientAsync(credential, _testTarget, ProtectionLevel.None, TokenImpersonationLevel.Identification), server.AuthenticateAsServerAsync() }; bool finished = Task.WaitAll(auth, TestConfiguration.PassingTestTimeoutMilliseconds); Assert.True(finished, "Handshake completed in the allotted time"); // Expected Client property values: Assert.True(client.IsAuthenticated, "client.IsAuthenticated"); Assert.Equal(TokenImpersonationLevel.Identification, client.ImpersonationLevel); Assert.False(client.IsEncrypted, "client.IsEncrypted"); Assert.False(client.IsMutuallyAuthenticated, "client.IsMutuallyAuthenticated"); Assert.False(client.IsServer, "client.IsServer"); Assert.False(client.IsSigned, "client.IsSigned"); Assert.False(client.LeaveInnerStreamOpen, "client.LeaveInnerStreamOpen"); IIdentity serverIdentity = client.RemoteIdentity; Assert.Equal("NTLM", serverIdentity.AuthenticationType); Assert.True(serverIdentity.IsAuthenticated, "serverIdentity.IsAuthenticated"); IdentityValidator.AssertHasName(serverIdentity, _testTarget); } }
public void NegotiateStream_EchoServer_ClientWriteRead_Successive_Sync_Success() { if (!_isKrbAvailable) { _output.WriteLine("skipping NegotiateStream_EchoServer_ClientWriteRead_Successive_Sync_Success"); return; } VirtualNetwork network = new VirtualNetwork(); byte[] firstRecvBuffer = new byte[_firstMessage.Length]; byte[] secondRecvBuffer = new byte[_secondMessage.Length]; using (var clientStream = new VirtualNetworkStream(network, isServer: false)) using (var serverStream = new VirtualNetworkStream(network, isServer: true)) using (var client = new NegotiateStream(clientStream)) using (var server = new UnixGssFakeNegotiateStream(serverStream)) { Assert.False(client.IsAuthenticated, "client is not authenticated before AuthenticateAsClient call"); Task[] auth = new Task[2]; string user = string.Format("{0}@{1}", TestConfiguration.KerberosUser, TestConfiguration.Realm); string target = string.Format("{0}@{1}", TestConfiguration.HostTarget, TestConfiguration.Realm); NetworkCredential credential = new NetworkCredential(user, _fixture.password); auth[0] = client.AuthenticateAsClientAsync(credential, target); auth[1] = server.AuthenticateAsServerAsync(); bool finished = Task.WaitAll(auth, TestConfiguration.PassingTestTimeoutMilliseconds); Assert.True(finished, "Handshake completed in the allotted time"); Task svrMsgTask = server.PollMessageAsync(2); client.Write(_firstMessage, 0, _firstMessage.Length); client.Write(_secondMessage, 0, _secondMessage.Length); client.Read(firstRecvBuffer, 0, firstRecvBuffer.Length); client.Read(secondRecvBuffer, 0, secondRecvBuffer.Length); Assert.True(_firstMessage.SequenceEqual(firstRecvBuffer), "first message received is as expected"); Assert.True(_secondMessage.SequenceEqual(secondRecvBuffer), "second message received is as expected"); finished = svrMsgTask.Wait(TestConfiguration.PassingTestTimeoutMilliseconds); Assert.True(finished, "Message roundtrip completed in the allotted time"); } }
public async Task NegotiateStream_StreamToStream_NtlmAuthentication_KerberosCreds_Success() { if (!_isNtlmAvailable) { _output.WriteLine("skipping NegotiateStream_StreamToStream_NtlmAuthentication_KerberosCreds_Success"); return; } VirtualNetwork network = new VirtualNetwork(); using (var clientStream = new VirtualNetworkStream(network, isServer: false)) using (var serverStream = new VirtualNetworkStream(network, isServer: true)) using (var client = new NegotiateStream(clientStream)) using (var server = new UnixGssFakeNegotiateStream(serverStream)) { Assert.False(client.IsAuthenticated, "client.IsAuthenticated"); Assert.False(server.IsAuthenticated, "server.IsAuthenticated"); string user = string.Format("{0}@{1}", TestConfiguration.KerberosUser, TestConfiguration.Realm); NetworkCredential credential = new NetworkCredential(user, _fixture.password); Task[] auth = new Task[] { client.AuthenticateAsClientAsync(credential, TestConfiguration.HttpTarget, ProtectionLevel.None, TokenImpersonationLevel.Identification), server.AuthenticateAsServerAsync() }; await TestConfiguration.WhenAllOrAnyFailedWithTimeout(auth); // Expected Client property values: Assert.True(client.IsAuthenticated, "client.IsAuthenticated"); Assert.Equal(TokenImpersonationLevel.Identification, client.ImpersonationLevel); Assert.False(client.IsEncrypted, "client.IsEncrypted"); Assert.False(client.IsMutuallyAuthenticated, "client.IsMutuallyAuthenticated"); Assert.False(client.IsServer, "client.IsServer"); Assert.False(client.IsSigned, "client.IsSigned"); Assert.False(client.LeaveInnerStreamOpen, "client.LeaveInnerStreamOpen"); IIdentity serverIdentity = client.RemoteIdentity; Assert.Equal("NTLM", serverIdentity.AuthenticationType); Assert.True(serverIdentity.IsAuthenticated, "server identity is authenticated"); IdentityValidator.AssertHasName(serverIdentity, TestConfiguration.HttpTarget); } }
public async Task NegotiateStream_SecurityRequirmentNotMeet_Throws() { var network = new VirtualNetwork(); using (var clientStream = new VirtualNetworkStream(network, isServer: false)) using (var serverStream = new VirtualNetworkStream(network, isServer: true)) using (var client = new NegotiateStream(clientStream)) using (var server = new NegotiateStream(serverStream)) { // ProtectionLevel not match. await TestConfiguration.WhenAllOrAnyFailedWithTimeout( Assert.ThrowsAsync <AuthenticationException>(() => client.AuthenticateAsClientAsync((NetworkCredential)CredentialCache.DefaultCredentials, TargetName, ProtectionLevel.None, TokenImpersonationLevel.Identification)), Assert.ThrowsAsync <AuthenticationException>(() => server.AuthenticateAsServerAsync((NetworkCredential)CredentialCache.DefaultCredentials, ProtectionLevel.Sign, TokenImpersonationLevel.Identification))); Assert.Throws <AuthenticationException>(() => client.Write(s_sampleMsg, 0, s_sampleMsg.Length)); } }
public void SslStream_StreamToStream_Authentication_IncorrectServerName_Fail() { VirtualNetwork network = new VirtualNetwork(); using (var clientStream = new VirtualNetworkStream(network, isServer: false)) using (var serverStream = new VirtualNetworkStream(network, isServer: true)) using (var client = new SslStream(clientStream)) using (var server = new SslStream(serverStream)) { Task[] auth = new Task[2]; auth[0] = client.AuthenticateAsClientAsync("incorrectServer"); auth[1] = server.AuthenticateAsServerAsync(TestConfiguration.GetServerCertificate()); Assert.Throws <AuthenticationException>(() => { auth[0].GetAwaiter().GetResult(); }); auth[1].GetAwaiter().GetResult(); } }
public async Task SslStream_StreamToStream_Write_ReadByte_Success() { VirtualNetwork network = new VirtualNetwork(); using (var clientStream = new VirtualNetworkStream(network, isServer: false)) using (var serverStream = new VirtualNetworkStream(network, isServer: true)) using (var clientSslStream = new SslStream(clientStream, false, AllowAnyServerCertificate)) using (var serverSslStream = new SslStream(serverStream)) { await DoHandshake(clientSslStream, serverSslStream); for (int i = 0; i < 3; i++) { clientSslStream.Write(_sampleMsg); foreach (byte b in _sampleMsg) { Assert.Equal(b, serverSslStream.ReadByte()); } } } }
public async Task NegotiateStream_StreamToStream_KerberosAuthInvalidTarget_Failure() { if (!_isKrbAvailable) { _output.WriteLine("skipping NegotiateStream_StreamToStream_KerberosAuthInvalidTarget_Failure"); return; } VirtualNetwork network = new VirtualNetwork(); using (var clientStream = new VirtualNetworkStream(network, isServer: false)) using (var client = new NegotiateStream(clientStream)) { Assert.False(client.IsAuthenticated, "client stream is not authenticated by default"); string user = string.Format("{0}@{1}", TestConfiguration.KerberosUser, TestConfiguration.Realm); string target = string.Format("{0}@{1}", TestConfiguration.HostTarget, TestConfiguration.Realm); NetworkCredential credential = new NetworkCredential(user, _fixture.password); await Assert.ThrowsAsync <AuthenticationException>(() => client.AuthenticateAsClientAsync(credential, target.Substring(1))); } }
public async Task NegotiateStream_StreamToStream_Successive_ClientWrite_Async_Success() { byte[] recvBuf = new byte[s_sampleMsg.Length]; VirtualNetwork network = new VirtualNetwork(); int bytesRead = 0; using (var clientStream = new VirtualNetworkStream(network, isServer: false)) using (var serverStream = new VirtualNetworkStream(network, isServer: true)) using (var client = new NegotiateStream(clientStream)) using (var server = new NegotiateStream(serverStream)) { Assert.False(client.IsAuthenticated); Assert.False(server.IsAuthenticated); Task[] auth = new Task[2]; auth[0] = AuthenticateAsClientAsync(client, CredentialCache.DefaultNetworkCredentials, string.Empty); auth[1] = AuthenticateAsServerAsync(server); await TestConfiguration.WhenAllOrAnyFailedWithTimeout(auth); auth[0] = client.WriteAsync(s_sampleMsg, 0, s_sampleMsg.Length); auth[1] = server.ReadAsync(recvBuf, 0, s_sampleMsg.Length); await TestConfiguration.WhenAllOrAnyFailedWithTimeout(auth); Assert.True(s_sampleMsg.SequenceEqual(recvBuf)); await client.WriteAsync(s_sampleMsg, 0, s_sampleMsg.Length); // Test partial async read. bytesRead = await server.ReadAsync(recvBuf, 0, PartialBytesToRead); Assert.Equal(PartialBytesToRead, bytesRead); bytesRead = await server.ReadAsync(recvBuf, PartialBytesToRead, s_sampleMsg.Length - PartialBytesToRead); Assert.Equal(s_sampleMsg.Length - PartialBytesToRead, bytesRead); Assert.True(s_sampleMsg.SequenceEqual(recvBuf)); } }
public async Task SslStream_SameCertUsedForClientAndServer_Ok() { VirtualNetwork network = new VirtualNetwork(); using (var clientStream = new VirtualNetworkStream(network, isServer: false)) using (var serverStream = new VirtualNetworkStream(network, isServer: true)) using (var client = new SslStream(clientStream, true, AllowAnyCertificate)) using (var server = new SslStream(serverStream, true, AllowAnyCertificate)) using (X509Certificate2 certificate = Configuration.Certificates.GetServerCertificate()) { // Using the same certificate for server and client auth. X509Certificate2Collection clientCertificateCollection = new X509Certificate2Collection(certificate); var tasks = new Task[2]; tasks[0] = server.AuthenticateAsServerAsync(certificate, true, false); tasks[1] = client.AuthenticateAsClientAsync( certificate.GetNameInfo(X509NameType.SimpleName, false), clientCertificateCollection, false); await Task.WhenAll(tasks).TimeoutAfter(15 * 1000); if (!PlatformDetection.IsWindows7 || Capability.IsTrustedRootCertificateInstalled()) { // https://technet.microsoft.com/en-us/library/hh831771.aspx#BKMK_Changes2012R2 // Starting with Windows 8, the "Management of trusted issuers for client authentication" has changed: // The behavior to send the Trusted Issuers List by default is off. // // In Windows 7 the Trusted Issuers List is sent within the Server Hello TLS record. This list is built // by the server using certificates from the Trusted Root Authorities certificate store. // The client side will use the Trusted Issuers List, if not empty, to filter proposed certificates. Assert.True(client.IsMutuallyAuthenticated); Assert.True(server.IsMutuallyAuthenticated); } } }
public async Task SslStream_StreamToStream_Successive_ClientWrite_Async_Success() { byte[] recvBuf = new byte[_sampleMsg.Length]; VirtualNetwork network = new VirtualNetwork(); using (var clientStream = new VirtualNetworkStream(network, isServer: false)) using (var serverStream = new VirtualNetworkStream(network, isServer: true)) using (var clientSslStream = new SslStream(clientStream, false, AllowAnyServerCertificate)) using (var serverSslStream = new SslStream(serverStream)) { bool result = DoHandshake(clientSslStream, serverSslStream); Assert.True(result, "Handshake completed."); await clientSslStream.WriteAsync(_sampleMsg, 0, _sampleMsg.Length) .TimeoutAfter(TestConfiguration.PassingTestTimeoutMilliseconds); int bytesRead = 0; while (bytesRead < _sampleMsg.Length) { bytesRead += await serverSslStream.ReadAsync(recvBuf, bytesRead, _sampleMsg.Length - bytesRead) .TimeoutAfter(TestConfiguration.PassingTestTimeoutMilliseconds); } Assert.True(VerifyOutput(recvBuf, _sampleMsg), "verify first read data is as expected."); await clientSslStream.WriteAsync(_sampleMsg, 0, _sampleMsg.Length) .TimeoutAfter(TestConfiguration.PassingTestTimeoutMilliseconds); bytesRead = 0; while (bytesRead < _sampleMsg.Length) { bytesRead += await serverSslStream.ReadAsync(recvBuf, bytesRead, _sampleMsg.Length - bytesRead) .TimeoutAfter(TestConfiguration.PassingTestTimeoutMilliseconds); } Assert.True(VerifyOutput(recvBuf, _sampleMsg), "verify second read data is as expected."); } }
public async Task SslStream_ServerCallbackNotSet_UsesLocalCertificateSelection(string hostName) { X509Certificate serverCert = Configuration.Certificates.GetSelfSignedServerCertificate(); int timesCallbackCalled = 0; var selectionCallback = new LocalCertificateSelectionCallback((object sender, string targetHost, X509CertificateCollection localCertificates, X509Certificate remoteCertificate, string[] issuers) => { Assert.Equal(string.Empty, targetHost); Assert.True(localCertificates.Contains(serverCert)); timesCallbackCalled++; return(serverCert); }); var validationCallback = new RemoteCertificateValidationCallback((object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) => { Assert.Equal(serverCert, certificate); return(true); }); VirtualNetwork vn = new VirtualNetwork(); using (VirtualNetworkStream serverStream = new VirtualNetworkStream(vn, isServer: true), clientStream = new VirtualNetworkStream(vn, isServer: false)) using (SslStream server = new SslStream(serverStream, false, null, selectionCallback), client = new SslStream(clientStream, leaveInnerStreamOpen: false, validationCallback)) { Task clientJob = Task.Run(() => { client.AuthenticateAsClient(hostName); }); SslServerAuthenticationOptions options = DefaultServerOptions(); options.ServerCertificate = serverCert; await TaskTimeoutExtensions.WhenAllOrAnyFailed(new[] { clientJob, server.AuthenticateAsServerAsync(options, CancellationToken.None) }); Assert.Equal(1, timesCallbackCalled); } }
public void SslStream_StreamToStream_Successive_ClientWrite_WithZeroBytes_Success() { byte[] recvBuf = new byte[_sampleMsg.Length]; VirtualNetwork network = new VirtualNetwork(); using (var clientStream = new VirtualNetworkStream(network, isServer: false)) using (var serverStream = new VirtualNetworkStream(network, isServer: true)) using (var clientSslStream = new SslStream(clientStream, false, AllowAnyServerCertificate)) using (var serverSslStream = new SslStream(serverStream)) { bool result = DoHandshake(clientSslStream, serverSslStream); Assert.True(result, "Handshake completed."); clientSslStream.Write(Array.Empty <byte>()); clientSslStream.WriteAsync(Array.Empty <byte>(), 0, 0).Wait(); clientSslStream.Write(_sampleMsg); int bytesRead = 0; while (bytesRead < _sampleMsg.Length) { bytesRead += serverSslStream.Read(recvBuf, bytesRead, _sampleMsg.Length - bytesRead); } Assert.True(VerifyOutput(recvBuf, _sampleMsg), "verify first read data is as expected."); clientSslStream.Write(_sampleMsg); clientSslStream.WriteAsync(Array.Empty <byte>(), 0, 0).Wait(); clientSslStream.Write(Array.Empty <byte>()); bytesRead = 0; while (bytesRead < _sampleMsg.Length) { bytesRead += serverSslStream.Read(recvBuf, bytesRead, _sampleMsg.Length - bytesRead); } Assert.True(VerifyOutput(recvBuf, _sampleMsg), "verify second read data is as expected."); } }
public async Task SslStream_StreamToStream_WriteAsync_ReadByte_Success() { VirtualNetwork network = new VirtualNetwork(); using (var clientStream = new VirtualNetworkStream(network, isServer: false)) using (var serverStream = new VirtualNetworkStream(network, isServer: true)) using (var clientSslStream = new SslStream(clientStream, false, AllowAnyServerCertificate)) using (var serverSslStream = new SslStream(serverStream)) { bool result = DoHandshake(clientSslStream, serverSslStream); Assert.True(result, "Handshake completed."); for (int i = 0; i < 3; i++) { await clientSslStream.WriteAsync(_sampleMsg, 0, _sampleMsg.Length).ConfigureAwait(false); foreach (byte b in _sampleMsg) { Assert.Equal(b, serverSslStream.ReadByte()); } } } }
public async Task NegotiateStream_ConcurrentAsyncReadOrWrite_ThrowsNotSupportedException() { byte[] recvBuf = new byte[s_sampleMsg.Length]; var network = new VirtualNetwork(); using (var clientStream = new VirtualNetworkStream(network, isServer: false)) using (var serverStream = new VirtualNetworkStream(network, isServer: true)) using (var client = new NegotiateStream(clientStream)) using (var server = new NegotiateStream(serverStream)) { await TestConfiguration.WhenAllOrAnyFailedWithTimeout( client.AuthenticateAsClientAsync(CredentialCache.DefaultNetworkCredentials, string.Empty), server.AuthenticateAsServerAsync()); // Custom EndWrite/Read will not reset the variable which monitors concurrent write/read. await TestConfiguration.WhenAllOrAnyFailedWithTimeout( Task.Factory.FromAsync(client.BeginWrite, (ar) => { Assert.NotNull(ar); }, s_sampleMsg, 0, s_sampleMsg.Length, client), Task.Factory.FromAsync(server.BeginRead, (ar) => { Assert.NotNull(ar); }, recvBuf, 0, s_sampleMsg.Length, server)); Assert.Throws <NotSupportedException>(() => client.BeginWrite(s_sampleMsg, 0, s_sampleMsg.Length, (ar) => { Assert.Null(ar); }, null)); Assert.Throws <NotSupportedException>(() => server.BeginRead(recvBuf, 0, s_sampleMsg.Length, (ar) => { Assert.Null(ar); }, null)); } }
public async Task NegotiateStream_EndReadEndWriteInvalidParameter_Throws() { byte[] recvBuf = new byte[s_sampleMsg.Length]; var network = new VirtualNetwork(); using (var clientStream = new VirtualNetworkStream(network, isServer: false)) using (var serverStream = new VirtualNetworkStream(network, isServer: true)) using (var client = new NegotiateStream(clientStream)) using (var server = new NegotiateStream(serverStream)) { await TestConfiguration.WhenAllOrAnyFailedWithTimeout( client.AuthenticateAsClientAsync(CredentialCache.DefaultNetworkCredentials, string.Empty), server.AuthenticateAsServerAsync()); await TestConfiguration.WhenAllOrAnyFailedWithTimeout( Task.Factory.FromAsync(client.BeginWrite, (asyncResult) => { NegotiateStream authStream = (NegotiateStream)asyncResult.AsyncState; AssertExtensions.Throws <ArgumentNullException>(nameof(asyncResult), () => authStream.EndWrite(null)); IAsyncResult result = new MyAsyncResult(); AssertExtensions.Throws <ArgumentException>(nameof(asyncResult), () => authStream.EndWrite(result)); }, s_sampleMsg, 0, s_sampleMsg.Length, client), Task.Factory.FromAsync(server.BeginRead, (asyncResult) => { NegotiateStream authStream = (NegotiateStream)asyncResult.AsyncState; AssertExtensions.Throws <ArgumentNullException>(nameof(asyncResult), () => authStream.EndRead(null)); IAsyncResult result = new MyAsyncResult(); AssertExtensions.Throws <ArgumentException>(nameof(asyncResult), () => authStream.EndRead(result)); }, recvBuf, 0, s_sampleMsg.Length, server)); } }
public async Task NegotiateStream_StreamToStream_Successive_ClientWrite_Sync_Success() { byte[] recvBuf = new byte[s_sampleMsg.Length]; VirtualNetwork network = new VirtualNetwork(); int bytesRead = 0; using (var clientStream = new VirtualNetworkStream(network, isServer: false)) using (var serverStream = new VirtualNetworkStream(network, isServer: true)) using (var client = new NegotiateStream(clientStream)) using (var server = new NegotiateStream(serverStream)) { Assert.False(client.IsAuthenticated); Assert.False(server.IsAuthenticated); Task[] auth = new Task[2]; auth[0] = client.AuthenticateAsClientAsync(EnterpriseTestConfiguration.ValidNetworkCredentials, TargetName); auth[1] = server.AuthenticateAsServerAsync(); await WhenAllOrAnyFailedWithTimeout(auth); client.Write(s_sampleMsg, 0, s_sampleMsg.Length); server.Read(recvBuf, 0, s_sampleMsg.Length); Assert.True(s_sampleMsg.SequenceEqual(recvBuf)); client.Write(s_sampleMsg, 0, s_sampleMsg.Length); // Test partial sync read. bytesRead = server.Read(recvBuf, 0, PartialBytesToRead); Assert.Equal(PartialBytesToRead, bytesRead); bytesRead = server.Read(recvBuf, PartialBytesToRead, s_sampleMsg.Length - PartialBytesToRead); Assert.Equal(s_sampleMsg.Length - PartialBytesToRead, bytesRead); Assert.True(s_sampleMsg.SequenceEqual(recvBuf)); } }
public async Task StreamToStream_ValidAuthentication_Success(NetworkCredential creds, string target) { var network = new VirtualNetwork(); using (var clientStream = new VirtualNetworkStream(network, isServer: false)) using (var serverStream = new VirtualNetworkStream(network, isServer: true)) using (var client = new NegotiateStream(clientStream)) using (var server = new NegotiateStream(serverStream)) { Assert.False(client.IsAuthenticated); Assert.False(server.IsAuthenticated); Task[] auth = new Task[2]; auth[0] = client.AuthenticateAsClientAsync(creds, target); auth[1] = server.AuthenticateAsServerAsync(); await WhenAllOrAnyFailedWithTimeout(auth); VerifyStreamProperties(client, isServer: false, target); string remoteName = creds.UserName + "@" + EnterpriseTestConfiguration.Realm; VerifyStreamProperties(server, isServer: true, remoteName); } }
public async Task NegotiateStream_StreamToStream_Authentication_EmptyCredentials_Fails() { string targetName = "testTargetName"; // Ensure there is no confusion between DefaultCredentials / DefaultNetworkCredentials and a // NetworkCredential object with empty user, password and domain. NetworkCredential emptyNetworkCredential = new NetworkCredential("", "", ""); Assert.NotEqual(emptyNetworkCredential, CredentialCache.DefaultCredentials); Assert.NotEqual(emptyNetworkCredential, CredentialCache.DefaultNetworkCredentials); VirtualNetwork network = new VirtualNetwork(); using (var clientStream = new VirtualNetworkStream(network, isServer: false)) using (var serverStream = new VirtualNetworkStream(network, isServer: true)) using (var client = new NegotiateStream(clientStream)) using (var server = new NegotiateStream(serverStream)) { Assert.False(client.IsAuthenticated); Assert.False(server.IsAuthenticated); Task[] auth = new Task[2]; auth[0] = AuthenticateAsClientAsync(client, emptyNetworkCredential, targetName); auth[1] = AuthenticateAsServerAsync(server); await TestConfiguration.WhenAllOrAnyFailedWithTimeout(auth); // Expected Client property values: Assert.True(client.IsAuthenticated); Assert.Equal(TokenImpersonationLevel.Identification, client.ImpersonationLevel); Assert.Equal(true, client.IsEncrypted); Assert.Equal(false, client.IsMutuallyAuthenticated); Assert.Equal(false, client.IsServer); Assert.Equal(true, client.IsSigned); Assert.Equal(false, client.LeaveInnerStreamOpen); IIdentity serverIdentity = client.RemoteIdentity; Assert.Equal("NTLM", serverIdentity.AuthenticationType); Assert.Equal(true, serverIdentity.IsAuthenticated); Assert.Equal(targetName, serverIdentity.Name); // Expected Server property values: Assert.True(server.IsAuthenticated); Assert.Equal(TokenImpersonationLevel.Identification, server.ImpersonationLevel); Assert.Equal(true, server.IsEncrypted); Assert.Equal(false, server.IsMutuallyAuthenticated); Assert.Equal(true, server.IsServer); Assert.Equal(true, server.IsSigned); Assert.Equal(false, server.LeaveInnerStreamOpen); IIdentity clientIdentity = server.RemoteIdentity; Assert.Equal("NTLM", clientIdentity.AuthenticationType); // TODO #5241: Behavior difference: Assert.Equal(false, clientIdentity.IsAuthenticated); // On .NET Desktop: Assert.Equal(true, clientIdentity.IsAuthenticated); IdentityValidator.AssertHasName(clientIdentity, new SecurityIdentifier(WellKnownSidType.AnonymousSid, null).Translate(typeof(NTAccount)).Value); } }
public async Task SslStream_StreamToStream_EOFDuringFrameRead_ThrowsIOException() { var network = new VirtualNetwork(); using (var clientNetworkStream = new VirtualNetworkStream(network, isServer: false)) using (var serverNetworkStream = new VirtualNetworkStream(network, isServer: true)) { int readMode = 0; var serverWrappedNetworkStream = new DelegateStream( canWriteFunc: () => true, canReadFunc: () => true, writeFunc: (buffer, offset, count) => serverNetworkStream.Write(buffer, offset, count), writeAsyncFunc: (buffer, offset, count, token) => serverNetworkStream.WriteAsync(buffer, offset, count, token), readFunc: (buffer, offset, count) => { // Do normal reads as requested until the read mode is set // to 1. Then do a single read of only 10 bytes to read only // part of the message, and subsequently return EOF. if (readMode == 0) { return(serverNetworkStream.Read(buffer, offset, count)); } else if (readMode == 1) { readMode = 2; return(serverNetworkStream.Read(buffer, offset, 10)); // read at least header but less than full frame } else { return(0); } }, readAsyncFunc: (buffer, offset, count, token) => { // Do normal reads as requested until the read mode is set // to 1. Then do a single read of only 10 bytes to read only // part of the message, and subsequently return EOF. if (readMode == 0) { return(serverNetworkStream.ReadAsync(buffer, offset, count)); } else if (readMode == 1) { readMode = 2; return(serverNetworkStream.ReadAsync(buffer, offset, 10)); // read at least header but less than full frame } else { return(Task.FromResult(0)); } }); using (var clientSslStream = new SslStream(clientNetworkStream, false, AllowAnyServerCertificate)) using (var serverSslStream = new SslStream(serverWrappedNetworkStream)) { await DoHandshake(clientSslStream, serverSslStream); await WriteAsync(clientSslStream, new byte[20], 0, 20); readMode = 1; await Assert.ThrowsAsync <IOException>(() => ReadAsync(serverSslStream, new byte[1], 0, 1)); } } }
public void NegotiateStream_StreamToStream_Authentication_EmptyCredentials_Fails() { string targetName = "testTargetName"; // Ensure there is no confusion between DefaultCredentials / DefaultNetworkCredentials and a // NetworkCredential object with empty user, password and domain. NetworkCredential emptyNetworkCredential = new NetworkCredential("", "", ""); Assert.NotEqual(emptyNetworkCredential, CredentialCache.DefaultCredentials); Assert.NotEqual(emptyNetworkCredential, CredentialCache.DefaultNetworkCredentials); VirtualNetwork network = new VirtualNetwork(); using (var clientStream = new VirtualNetworkStream(network, isServer: false)) using (var serverStream = new VirtualNetworkStream(network, isServer: true)) using (var client = new NegotiateStream(clientStream)) using (var server = new NegotiateStream(serverStream)) { Assert.False(client.IsAuthenticated); Assert.False(server.IsAuthenticated); Task[] auth = new Task[2]; auth[0] = client.AuthenticateAsClientAsync(emptyNetworkCredential, targetName); auth[1] = server.AuthenticateAsServerAsync(); bool finished = Task.WaitAll(auth, TestConfiguration.PassingTestTimeoutMilliseconds); Assert.True(finished, "Handshake completed in the allotted time"); // Expected Client property values: Assert.True(client.IsAuthenticated); Assert.Equal(TokenImpersonationLevel.Identification, client.ImpersonationLevel); Assert.Equal(true, client.IsEncrypted); Assert.Equal(false, client.IsMutuallyAuthenticated); Assert.Equal(false, client.IsServer); Assert.Equal(true, client.IsSigned); Assert.Equal(false, client.LeaveInnerStreamOpen); IIdentity serverIdentity = client.RemoteIdentity; Assert.Equal("NTLM", serverIdentity.AuthenticationType); Assert.Equal(true, serverIdentity.IsAuthenticated); Assert.Equal(targetName, serverIdentity.Name); // Expected Server property values: Assert.True(server.IsAuthenticated); Assert.Equal(TokenImpersonationLevel.Identification, server.ImpersonationLevel); Assert.Equal(true, server.IsEncrypted); Assert.Equal(false, server.IsMutuallyAuthenticated); Assert.Equal(true, server.IsServer); Assert.Equal(true, server.IsSigned); Assert.Equal(false, server.LeaveInnerStreamOpen); IIdentity clientIdentity = server.RemoteIdentity; Assert.Equal("NTLM", clientIdentity.AuthenticationType); // TODO #5241: Behavior difference: Assert.Equal(false, clientIdentity.IsAuthenticated); // On .Net Desktop: Assert.Equal(true, clientIdentity.IsAuthenticated); IdentityValidator.AssertHasName(clientIdentity, @"NT AUTHORITY\ANONYMOUS LOGON"); } }
public void NegotiateStream_StreamToStream_Authentication_TargetName_Success() { string targetName = "testTargetName"; VirtualNetwork network = new VirtualNetwork(); using (var clientStream = new VirtualNetworkStream(network, isServer: false)) using (var serverStream = new VirtualNetworkStream(network, isServer: true)) using (var client = new NegotiateStream(clientStream)) using (var server = new NegotiateStream(serverStream)) { Assert.False(client.IsAuthenticated); Assert.False(server.IsAuthenticated); Task[] auth = new Task[2]; auth[0] = AuthenticateAsClientAsync(client, CredentialCache.DefaultNetworkCredentials, targetName); auth[1] = AuthenticateAsServerAsync(server); bool finished = Task.WaitAll(auth, TestConfiguration.PassingTestTimeoutMilliseconds); Assert.True(finished, "Handshake completed in the allotted time"); // Expected Client property values: Assert.True(client.IsAuthenticated); Assert.Equal(TokenImpersonationLevel.Identification, client.ImpersonationLevel); Assert.Equal(true, client.IsEncrypted); Assert.Equal(false, client.IsMutuallyAuthenticated); Assert.Equal(false, client.IsServer); Assert.Equal(true, client.IsSigned); Assert.Equal(false, client.LeaveInnerStreamOpen); IIdentity serverIdentity = client.RemoteIdentity; Assert.Equal("NTLM", serverIdentity.AuthenticationType); Assert.Equal(true, serverIdentity.IsAuthenticated); Assert.Equal(targetName, serverIdentity.Name); // Expected Server property values: Assert.True(server.IsAuthenticated); Assert.Equal(TokenImpersonationLevel.Identification, server.ImpersonationLevel); Assert.Equal(true, server.IsEncrypted); Assert.Equal(false, server.IsMutuallyAuthenticated); Assert.Equal(true, server.IsServer); Assert.Equal(true, server.IsSigned); Assert.Equal(false, server.LeaveInnerStreamOpen); IIdentity clientIdentity = server.RemoteIdentity; Assert.Equal("NTLM", clientIdentity.AuthenticationType); if (PlatformDetection.IsUap) { // TODO #21282: UWP issue - clientIdentity.IsAuthenticated == false. Assert.Equal(false, clientIdentity.IsAuthenticated); } else { Assert.Equal(true, clientIdentity.IsAuthenticated); } IdentityValidator.AssertIsCurrentIdentity(clientIdentity); } }