public async Task HttpClient_ServerEKUClientAuth_Fails()
{
var options = new HttpsTestServer.Options();
options.ServerCertificate = serverCertificateServerEku;
options.RequireClientAuthentication = true;
using (var server = new HttpsTestServer(options))
using (HttpClientHandler handler = CreateHttpClientHandler())
using (HttpClient client = CreateHttpClient(handler))
{
server.Start();
var tasks = new Task[2];
tasks[0] = server.AcceptHttpsClientAsync();
string requestUriString = GetUriStringAndConfigureHandler(options, server, handler);
handler.ClientCertificates.Add(clientCertificateWrongEku);
tasks[1] = client.GetStringAsync(requestUriString);
// Server aborts the TCP channel.
await Assert.ThrowsAsync <HttpRequestException>(() => tasks[1]);
await Assert.ThrowsAsync <AuthenticationException>(() => tasks[0]);
}
}
public async Task HttpClient_ClientUsesAuxRecord_Ok()
{
X509Certificate2 serverCert = Configuration.Certificates.GetServerCertificate();
var server = new HttpsTestServer(serverCert);
server.StartServer();
int port = server.Port;
string requestString = "https://localhost:" + port.ToString();
using (var handler = new HttpClientHandler()
{
ServerCertificateCustomValidationCallback = LoopbackServer.AllowAllCertificates
})
using (var client = new HttpClient(handler))
{
var tasks = new Task[2];
tasks[0] = server.RunTest();
tasks[1] = client.GetStringAsync(requestString);
await Task.WhenAll(tasks).TimeoutAfter(15 * 1000);
if (server.AuxRecordDetected)
{
_output.WriteLine("Test inconclusive: The Operating system preferred a non-CBC or Null cipher.");
}
else
{
Assert.True(server.AuxRecordDetected, "Server reports: Client auxiliary record not detected.");
}
}
}
public async Task HttpClient_ClientEKUServerAuth_Fails()
{
var options = new HttpsTestServer.Options();
options.ServerCertificate = serverCertificateWrongEku;
using (var server = new HttpsTestServer(options))
using (HttpClientHandler handler = CreateHttpClientHandler())
using (HttpClient client = CreateHttpClient(handler))
{
server.Start();
var tasks = new Task[2];
tasks[0] = server.AcceptHttpsClientAsync();
string requestUriString = GetUriStringAndConfigureHandler(options, server, handler);
tasks[1] = client.GetStringAsync(requestUriString);
await Assert.ThrowsAsync <HttpRequestException>(() => tasks[1]);
}
}
public async Task HttpClient_NoEKUServerAuth_Ok()
{
var options = new HttpsTestServer.Options();
options.ServerCertificate = serverCertificateNoEku;
using (var server = new HttpsTestServer(options))
using (HttpClientHandler handler = CreateHttpClientHandler())
using (HttpClient client = CreateHttpClient(handler))
{
server.Start();
var tasks = new Task[2];
tasks[0] = server.AcceptHttpsClientAsync();
string requestUriString = GetUriStringAndConfigureHandler(options, server, handler);
tasks[1] = client.GetStringAsync(requestUriString);
await tasks.WhenAllOrAnyFailed(TestTimeoutMilliseconds);
}
}
public async Task HttpClient_NoEKUClientAuth_Ok()
{
var options = new HttpsTestServer.Options();
options.ServerCertificate = serverCertificateServerEku;
options.RequireClientAuthentication = true;
using (var server = new HttpsTestServer(options))
using (var handler = new HttpClientHandler())
using (var client = new HttpClient(handler))
{
server.Start();
var tasks = new Task[2];
tasks[0] = server.AcceptHttpsClientAsync();
string requestUriString = GetUriStringAndConfigureHandler(options, server, handler);
handler.ClientCertificates.Add(clientCertificateNoEku);
tasks[1] = client.GetStringAsync(requestUriString);
await Task.WhenAll(tasks).TimeoutAfter(TestTimeoutMilliseconds);
}
}
public async Task HttpClient_ClientUsesAuxRecord_Ok()
{
var options = new HttpsTestServer.Options();
options.AllowedProtocols = SslProtocols.Tls;
using (var server = new HttpsTestServer(options))
using (HttpClientHandler handler = CreateHttpClientHandler())
using (HttpClient client = CreateHttpClient(handler))
{
handler.ServerCertificateCustomValidationCallback = TestHelper.AllowAllCertificates;
server.Start();
var tasks = new Task[2];
bool serverAuxRecordDetected = false;
bool serverAuxRecordDetectedInconclusive = false;
int serverTotalBytesReceived = 0;
int serverChunks = 0;
tasks[0] = server.AcceptHttpsClientAsync((requestString) =>
{
serverTotalBytesReceived += requestString.Length;
if (serverTotalBytesReceived == 1 && serverChunks == 0)
{
serverAuxRecordDetected = true;
}
serverChunks++;
// Test is inconclusive if any non-CBC cipher is used:
if (server.Stream.CipherAlgorithm == CipherAlgorithmType.None ||
server.Stream.CipherAlgorithm == CipherAlgorithmType.Null ||
server.Stream.CipherAlgorithm == CipherAlgorithmType.Rc4)
{
serverAuxRecordDetectedInconclusive = true;
}
if (serverTotalBytesReceived < 5)
{
return(Task.FromResult <string>(null));
}
else
{
return(Task.FromResult(HttpsTestServer.Options.DefaultResponseString));
}
});
string requestUriString = "https://localhost:" + server.Port.ToString();
tasks[1] = client.GetStringAsync(requestUriString);
await tasks.WhenAllOrAnyFailed(15 * 1000);
if (serverAuxRecordDetectedInconclusive)
{
_output.WriteLine("Test inconclusive: The Operating system preferred a non-CBC or Null cipher.");
}
else
{
Assert.True(serverAuxRecordDetected, "Server reports: Client auxiliary record not detected.");
}
}
}
private string GetUriStringAndConfigureHandler(HttpsTestServer.Options options, HttpsTestServer server, HttpClientHandler handler)
{
if (Capability.AreHostsFileNamesInstalled())
{
string hostName =
(new UriBuilder("https", options.ServerCertificate.GetNameInfo(X509NameType.SimpleName, false), server.Port)).ToString();
Console.WriteLine("[E2E testing] - Using hostname {0}", hostName);
return(hostName);
}
else
{
handler.ServerCertificateCustomValidationCallback = AllowRemoteCertificateNameMismatch;
return("https://localhost:" + server.Port.ToString());
}
}
