public async Task HttpClient_ServerEKUClientAuth_Fails() { var options = new HttpsTestServer.Options(); options.ServerCertificate = serverCertificateServerEku; options.RequireClientAuthentication = true; using (var server = new HttpsTestServer(options)) using (HttpClientHandler handler = CreateHttpClientHandler()) using (HttpClient client = CreateHttpClient(handler)) { server.Start(); var tasks = new Task[2]; tasks[0] = server.AcceptHttpsClientAsync(); string requestUriString = GetUriStringAndConfigureHandler(options, server, handler); handler.ClientCertificates.Add(clientCertificateWrongEku); tasks[1] = client.GetStringAsync(requestUriString); // Server aborts the TCP channel. await Assert.ThrowsAsync <HttpRequestException>(() => tasks[1]); await Assert.ThrowsAsync <AuthenticationException>(() => tasks[0]); } }
public async Task HttpClient_ClientUsesAuxRecord_Ok() { X509Certificate2 serverCert = Configuration.Certificates.GetServerCertificate(); var server = new HttpsTestServer(serverCert); server.StartServer(); int port = server.Port; string requestString = "https://localhost:" + port.ToString(); using (var handler = new HttpClientHandler() { ServerCertificateCustomValidationCallback = LoopbackServer.AllowAllCertificates }) using (var client = new HttpClient(handler)) { var tasks = new Task[2]; tasks[0] = server.RunTest(); tasks[1] = client.GetStringAsync(requestString); await Task.WhenAll(tasks).TimeoutAfter(15 * 1000); if (server.AuxRecordDetected) { _output.WriteLine("Test inconclusive: The Operating system preferred a non-CBC or Null cipher."); } else { Assert.True(server.AuxRecordDetected, "Server reports: Client auxiliary record not detected."); } } }
public async Task HttpClient_ClientEKUServerAuth_Fails() { var options = new HttpsTestServer.Options(); options.ServerCertificate = serverCertificateWrongEku; using (var server = new HttpsTestServer(options)) using (HttpClientHandler handler = CreateHttpClientHandler()) using (HttpClient client = CreateHttpClient(handler)) { server.Start(); var tasks = new Task[2]; tasks[0] = server.AcceptHttpsClientAsync(); string requestUriString = GetUriStringAndConfigureHandler(options, server, handler); tasks[1] = client.GetStringAsync(requestUriString); await Assert.ThrowsAsync <HttpRequestException>(() => tasks[1]); } }
public async Task HttpClient_NoEKUServerAuth_Ok() { var options = new HttpsTestServer.Options(); options.ServerCertificate = serverCertificateNoEku; using (var server = new HttpsTestServer(options)) using (HttpClientHandler handler = CreateHttpClientHandler()) using (HttpClient client = CreateHttpClient(handler)) { server.Start(); var tasks = new Task[2]; tasks[0] = server.AcceptHttpsClientAsync(); string requestUriString = GetUriStringAndConfigureHandler(options, server, handler); tasks[1] = client.GetStringAsync(requestUriString); await tasks.WhenAllOrAnyFailed(TestTimeoutMilliseconds); } }
public async Task HttpClient_NoEKUClientAuth_Ok() { var options = new HttpsTestServer.Options(); options.ServerCertificate = serverCertificateServerEku; options.RequireClientAuthentication = true; using (var server = new HttpsTestServer(options)) using (var handler = new HttpClientHandler()) using (var client = new HttpClient(handler)) { server.Start(); var tasks = new Task[2]; tasks[0] = server.AcceptHttpsClientAsync(); string requestUriString = GetUriStringAndConfigureHandler(options, server, handler); handler.ClientCertificates.Add(clientCertificateNoEku); tasks[1] = client.GetStringAsync(requestUriString); await Task.WhenAll(tasks).TimeoutAfter(TestTimeoutMilliseconds); } }
public async Task HttpClient_ClientUsesAuxRecord_Ok() { var options = new HttpsTestServer.Options(); options.AllowedProtocols = SslProtocols.Tls; using (var server = new HttpsTestServer(options)) using (HttpClientHandler handler = CreateHttpClientHandler()) using (HttpClient client = CreateHttpClient(handler)) { handler.ServerCertificateCustomValidationCallback = TestHelper.AllowAllCertificates; server.Start(); var tasks = new Task[2]; bool serverAuxRecordDetected = false; bool serverAuxRecordDetectedInconclusive = false; int serverTotalBytesReceived = 0; int serverChunks = 0; tasks[0] = server.AcceptHttpsClientAsync((requestString) => { serverTotalBytesReceived += requestString.Length; if (serverTotalBytesReceived == 1 && serverChunks == 0) { serverAuxRecordDetected = true; } serverChunks++; // Test is inconclusive if any non-CBC cipher is used: if (server.Stream.CipherAlgorithm == CipherAlgorithmType.None || server.Stream.CipherAlgorithm == CipherAlgorithmType.Null || server.Stream.CipherAlgorithm == CipherAlgorithmType.Rc4) { serverAuxRecordDetectedInconclusive = true; } if (serverTotalBytesReceived < 5) { return(Task.FromResult <string>(null)); } else { return(Task.FromResult(HttpsTestServer.Options.DefaultResponseString)); } }); string requestUriString = "https://localhost:" + server.Port.ToString(); tasks[1] = client.GetStringAsync(requestUriString); await tasks.WhenAllOrAnyFailed(15 * 1000); if (serverAuxRecordDetectedInconclusive) { _output.WriteLine("Test inconclusive: The Operating system preferred a non-CBC or Null cipher."); } else { Assert.True(serverAuxRecordDetected, "Server reports: Client auxiliary record not detected."); } } }
private string GetUriStringAndConfigureHandler(HttpsTestServer.Options options, HttpsTestServer server, HttpClientHandler handler) { if (Capability.AreHostsFileNamesInstalled()) { string hostName = (new UriBuilder("https", options.ServerCertificate.GetNameInfo(X509NameType.SimpleName, false), server.Port)).ToString(); Console.WriteLine("[E2E testing] - Using hostname {0}", hostName); return(hostName); } else { handler.ServerCertificateCustomValidationCallback = AllowRemoteCertificateNameMismatch; return("https://localhost:" + server.Port.ToString()); } }