public async Task SslStream_ServerEKUClientAuth_Fails() { var serverOptions = new HttpsTestServer.Options(); serverOptions.ServerCertificate = serverCertificateServerEku; serverOptions.RequireClientAuthentication = true; using (var server = new HttpsTestServer(serverOptions)) { server.Start(); var clientOptions = new HttpsTestClient.Options(new IPEndPoint(IPAddress.Loopback, server.Port)); clientOptions.ServerName = serverOptions.ServerCertificate.GetNameInfo(X509NameType.SimpleName, false); clientOptions.ClientCertificate = clientCertificateWrongEku; var client = new HttpsTestClient(clientOptions); var tasks = new Task[2]; tasks[0] = server.AcceptHttpsClientAsync(); tasks[1] = client.HttpsRequestAsync(); await Assert.ThrowsAsync <AuthenticationException>(() => tasks[0]); if (OperatingSystem.IsWindows()) { // IOException is thrown when trying to read from a disconnected socket. await Assert.ThrowsAsync <IOException>(() => tasks[1]); } else { // Zero bytes read by client on disconnected socket. await Assert.ThrowsAsync <InvalidOperationException>(() => tasks[1]); } } }
public async Task SslStream_SelfSignedClientEKUClientAuth_Ok() { var serverOptions = new HttpsTestServer.Options(); serverOptions.ServerCertificate = serverCertificateServerEku; serverOptions.RequireClientAuthentication = true; serverOptions.IgnoreSslPolicyErrors = SslPolicyErrors.RemoteCertificateChainErrors; using (var server = new HttpsTestServer(serverOptions)) { server.Start(); var clientOptions = new HttpsTestClient.Options(new IPEndPoint(IPAddress.Loopback, server.Port)); clientOptions.ServerName = serverOptions.ServerCertificate.GetNameInfo(X509NameType.SimpleName, false); clientOptions.ClientCertificate = Configuration.Certificates.GetSelfSignedClientCertificate(); var client = new HttpsTestClient(clientOptions); var tasks = new Task[2]; tasks[0] = server.AcceptHttpsClientAsync(); tasks[1] = client.HttpsRequestAsync(); await Task.WhenAll(tasks).WaitAsync(TimeSpan.FromMilliseconds(TestTimeoutMilliseconds)); } }
public async Task HttpClient_ServerEKUClientAuth_Fails() { var options = new HttpsTestServer.Options(); options.ServerCertificate = serverCertificateServerEku; options.RequireClientAuthentication = true; using (var server = new HttpsTestServer(options)) using (HttpClientHandler handler = CreateHttpClientHandler()) using (HttpClient client = CreateHttpClient(handler)) { server.Start(); var tasks = new Task[2]; tasks[0] = server.AcceptHttpsClientAsync(); string requestUriString = GetUriStringAndConfigureHandler(options, server, handler); handler.ClientCertificates.Add(clientCertificateWrongEku); tasks[1] = client.GetStringAsync(requestUriString); // Server aborts the TCP channel. await Assert.ThrowsAsync <HttpRequestException>(() => tasks[1]); await Assert.ThrowsAsync <AuthenticationException>(() => tasks[0]); } }
private string GetUriStringAndConfigureHandler(HttpsTestServer.Options options, HttpsTestServer server, HttpClientHandler handler) { if (Capability.AreHostsFileNamesInstalled()) { string hostName = (new UriBuilder("https", options.ServerCertificate.GetNameInfo(X509NameType.SimpleName, false), server.Port)).ToString(); Console.WriteLine("[E2E testing] - Using hostname {0}", hostName); return(hostName); } else { handler.ServerCertificateCustomValidationCallback = AllowRemoteCertificateNameMismatch; return("https://localhost:" + server.Port.ToString()); } }
public async Task HttpClient_ClientEKUServerAuth_Fails() { var options = new HttpsTestServer.Options(); options.ServerCertificate = serverCertificateWrongEku; using (var server = new HttpsTestServer(options)) using (HttpClientHandler handler = CreateHttpClientHandler()) using (HttpClient client = CreateHttpClient(handler)) { server.Start(); var tasks = new Task[2]; tasks[0] = server.AcceptHttpsClientAsync(); string requestUriString = GetUriStringAndConfigureHandler(options, server, handler); tasks[1] = client.GetStringAsync(requestUriString); await Assert.ThrowsAsync <HttpRequestException>(() => tasks[1]); } }
public async Task HttpClient_NoEKUServerAuth_Ok() { var options = new HttpsTestServer.Options(); options.ServerCertificate = serverCertificateNoEku; using (var server = new HttpsTestServer(options)) using (HttpClientHandler handler = CreateHttpClientHandler()) using (HttpClient client = CreateHttpClient(handler)) { server.Start(); var tasks = new Task[2]; tasks[0] = server.AcceptHttpsClientAsync(); string requestUriString = GetUriStringAndConfigureHandler(options, server, handler); tasks[1] = client.GetStringAsync(requestUriString); await tasks.WhenAllOrAnyFailed(TestTimeoutMilliseconds); } }
public async Task SslStream_ClientEKUServerAuth_Fails() { var serverOptions = new HttpsTestServer.Options(); serverOptions.ServerCertificate = serverCertificateWrongEku; using (var server = new HttpsTestServer(serverOptions)) { server.Start(); var clientOptions = new HttpsTestClient.Options(new IPEndPoint(IPAddress.Loopback, server.Port)); clientOptions.ServerName = serverOptions.ServerCertificate.GetNameInfo(X509NameType.SimpleName, false); var client = new HttpsTestClient(clientOptions); var tasks = new Task[2]; tasks[0] = server.AcceptHttpsClientAsync(); tasks[1] = client.HttpsRequestAsync(); var exception = await Assert.ThrowsAsync <AuthenticationException>(() => tasks[1]); } }
public async Task SslStream_NoEKUServerAuth_Ok() { var serverOptions = new HttpsTestServer.Options(); serverOptions.ServerCertificate = serverCertificateNoEku; using (var server = new HttpsTestServer(serverOptions)) { server.Start(); var clientOptions = new HttpsTestClient.Options(new IPEndPoint(IPAddress.Loopback, server.Port)); clientOptions.ServerName = serverOptions.ServerCertificate.GetNameInfo(X509NameType.SimpleName, false); var client = new HttpsTestClient(clientOptions); var tasks = new Task[2]; tasks[0] = server.AcceptHttpsClientAsync(); tasks[1] = client.HttpsRequestAsync(); await Task.WhenAll(tasks).WaitAsync(TimeSpan.FromMilliseconds(TestTimeoutMilliseconds)); } }
public async Task HttpClient_NoEKUClientAuth_Ok() { var options = new HttpsTestServer.Options(); options.ServerCertificate = serverCertificateServerEku; options.RequireClientAuthentication = true; using (var server = new HttpsTestServer(options)) using (var handler = new HttpClientHandler()) using (var client = new HttpClient(handler)) { server.Start(); var tasks = new Task[2]; tasks[0] = server.AcceptHttpsClientAsync(); string requestUriString = GetUriStringAndConfigureHandler(options, server, handler); handler.ClientCertificates.Add(clientCertificateNoEku); tasks[1] = client.GetStringAsync(requestUriString); await Task.WhenAll(tasks).TimeoutAfter(TestTimeoutMilliseconds); } }
public async Task HttpClient_ClientUsesAuxRecord_Ok() { var options = new HttpsTestServer.Options(); options.AllowedProtocols = SslProtocols.Tls; using (var server = new HttpsTestServer(options)) using (HttpClientHandler handler = CreateHttpClientHandler()) using (HttpClient client = CreateHttpClient(handler)) { handler.ServerCertificateCustomValidationCallback = TestHelper.AllowAllCertificates; server.Start(); var tasks = new Task[2]; bool serverAuxRecordDetected = false; bool serverAuxRecordDetectedInconclusive = false; int serverTotalBytesReceived = 0; int serverChunks = 0; tasks[0] = server.AcceptHttpsClientAsync((requestString) => { serverTotalBytesReceived += requestString.Length; if (serverTotalBytesReceived == 1 && serverChunks == 0) { serverAuxRecordDetected = true; } serverChunks++; // Test is inconclusive if any non-CBC cipher is used: if (server.Stream.CipherAlgorithm == CipherAlgorithmType.None || server.Stream.CipherAlgorithm == CipherAlgorithmType.Null || server.Stream.CipherAlgorithm == CipherAlgorithmType.Rc4) { serverAuxRecordDetectedInconclusive = true; } if (serverTotalBytesReceived < 5) { return(Task.FromResult <string>(null)); } else { return(Task.FromResult(HttpsTestServer.Options.DefaultResponseString)); } }); string requestUriString = "https://localhost:" + server.Port.ToString(); tasks[1] = client.GetStringAsync(requestUriString); await tasks.WhenAllOrAnyFailed(15 * 1000); if (serverAuxRecordDetectedInconclusive) { _output.WriteLine("Test inconclusive: The Operating system preferred a non-CBC or Null cipher."); } else { Assert.True(serverAuxRecordDetected, "Server reports: Client auxiliary record not detected."); } } }