[PlatformSpecific(~TestPlatforms.OSX)] // Not implemented public void HttpClientUsesSslCertEnvironmentVariables() { // We set SSL_CERT_DIR and SSL_CERT_FILE to empty locations. // The HttpClient should fail to validate the server certificate. var psi = new ProcessStartInfo(); string sslCertDir = GetTestFilePath(); Directory.CreateDirectory(sslCertDir); psi.Environment.Add("SSL_CERT_DIR", sslCertDir); string sslCertFile = GetTestFilePath(); File.WriteAllText(sslCertFile, ""); psi.Environment.Add("SSL_CERT_FILE", sslCertFile); RemoteExecutor.Invoke(async(useSocketsHttpHandlerString, useHttp2String) => { const string Url = "https://www.microsoft.com"; using (HttpClient client = CreateHttpClient(useSocketsHttpHandlerString, useHttp2String)) { await Assert.ThrowsAsync <HttpRequestException>(() => client.GetAsync(Url)); } return(RemoteExecutor.SuccessExitCode); }, UseSocketsHttpHandler.ToString(), UseHttp2.ToString(), new RemoteInvokeOptions { StartInfo = psi }).Dispose(); }
public void Proxy_UseEnvironmentVariableToSetSystemProxy_RequestGoesThruProxy() { if (!UseSocketsHttpHandler) { throw new SkipTestException("Test needs SocketsHttpHandler"); } RemoteExecutor.Invoke(async(useSocketsHttpHandlerString, useHttp2String) => { var options = new LoopbackProxyServer.Options { AddViaRequestHeader = true }; using (LoopbackProxyServer proxyServer = LoopbackProxyServer.Create(options)) { Environment.SetEnvironmentVariable("http_proxy", proxyServer.Uri.AbsoluteUri.ToString()); using (HttpClient client = CreateHttpClient(useSocketsHttpHandlerString, useHttp2String)) using (HttpResponseMessage response = await client.GetAsync(Configuration.Http.RemoteEchoServer)) { Assert.Equal(HttpStatusCode.OK, response.StatusCode); string body = await response.Content.ReadAsStringAsync(); Assert.Contains(proxyServer.ViaHeader, body); } return(RemoteExecutor.SuccessExitCode); } }, UseSocketsHttpHandler.ToString(), UseHttp2.ToString()).Dispose(); }
public void Authentication_UseMultiInterfaceStreamContent_Success() { RemoteExecutor.Invoke(async(useSocketsHttpHandlerString, useHttp2String) => { string username = "******"; string password = "******"; Uri uri = Configuration.Http.RemoteHttp11Server.BasicAuthUriForCreds(userName: username, password: password); HttpClientHandler handler = CreateHttpClientHandler(useSocketsHttpHandlerString, useHttp2String); handler.Credentials = new NetworkCredential(username, password); using (HttpClient client = CreateHttpClient(handler, useHttp2String)) { byte[] postData = Encoding.UTF8.GetBytes("This is data to post."); var stream = new MultiInterfaceReadOnlyStream(postData); var content = new MultiInterfaceStreamContent(stream); using (HttpResponseMessage response = await client.PostAsync(uri, content)) { Assert.Equal(HttpStatusCode.OK, response.StatusCode); string responseContent = await response.Content.ReadAsStringAsync(); } } return(RemoteExecutor.SuccessExitCode); }, UseSocketsHttpHandler.ToString(), UseHttp2.ToString()).Dispose(); }
public void Authentication_UseStreamContent_Throws() { RemoteExecutor.Invoke(async(useSocketsHttpHandlerString, useHttp2String) => { // This test validates the current limitation of CoreFx's NetFxToWinRtStreamAdapter // which throws exceptions when trying to rewind a .NET Stream when it needs to be // re-POST'd to the server. string username = "******"; string password = "******"; Uri uri = Configuration.Http.RemoteHttp11Server.BasicAuthUriForCreds(userName: username, password: password); HttpClientHandler handler = CreateHttpClientHandler(useSocketsHttpHandlerString, useHttp2String); handler.Credentials = new NetworkCredential(username, password); using (HttpClient client = CreateHttpClient(handler, useHttp2String)) { byte[] postData = Encoding.UTF8.GetBytes("This is data to post."); var stream = new MemoryStream(postData, false); var content = new StreamContent(stream); await Assert.ThrowsAsync <HttpRequestException>(() => client.PostAsync(uri, content)); } return(RemoteExecutor.SuccessExitCode); }, UseSocketsHttpHandler.ToString(), UseHttp2.ToString()).Dispose(); }
public void Manual_SelectClientCertificateForRemoteServer_ServerOnlyReceivesValidClientCert( int certIndex, HttpStatusCode expectedStatusCode) { if (!CanTestClientCertificates) // can't use [Conditional*] right now as it's evaluated at the wrong time for SocketsHttpHandler { _output.WriteLine($"Skipping {nameof(Manual_SelectClientCertificateForRemoteServer_ServerOnlyReceivesValidClientCert)}()"); return; } string useSocketsHttpHandlerString = UseSocketsHttpHandler.ToString(); string useHttp2String = UseHttp2.ToString(); X509Certificate2 clientCert = null; // Get client certificate. RemoteInvoke doesn't allow easy marshaling of complex types. // So we have to select the certificate at this point in the test execution. if (certIndex == 1) { // This is a valid client cert since it has an EKU with a ClientAuthentication OID. clientCert = Configuration.Certificates.GetClientCertificate(); } else if (certIndex == 2) { // This is a valid client cert since it has no EKU thus all usages are permitted. clientCert = Configuration.Certificates.GetNoEKUCertificate(); } else if (certIndex == 3) { // This is an invalid client cert since it has an EKU but is missing ClientAuthentication OID. clientCert = Configuration.Certificates.GetServerCertificate(); } Assert.NotNull(clientCert); HttpClientHandler handler = CreateHttpClientHandler(useSocketsHttpHandlerString, useHttp2String); handler.ClientCertificates.Add(clientCert); using (HttpClient client = CreateHttpClient(handler, useHttp2String)) { var request = new HttpRequestMessage(); request.RequestUri = new Uri(Configuration.Http.EchoClientCertificateRemoteServer); // Issue #35239. Force HTTP/1.1. request.Version = new Version(1, 1); HttpResponseMessage response = client.SendAsync(request).GetAwaiter().GetResult(); // need a 4-arg overload of RemoteInvoke that returns a Task Assert.Equal(expectedStatusCode, response.StatusCode); if (expectedStatusCode == HttpStatusCode.OK) { string body = response.Content.ReadAsStringAsync().GetAwaiter().GetResult(); // need a 4-arg overload of RemoteInvoke that returns a Task byte[] bytes = Convert.FromBase64String(body); var receivedCert = new X509Certificate2(bytes); Assert.Equal(clientCert, receivedCert); } } }
public async Task ProxySetViaEnvironmentVariable_DefaultProxyCredentialsUsed(bool useProxy) { const string ExpectedUsername = "******"; const string ExpectedPassword = "******"; LoopbackServer.Options options = new LoopbackServer.Options { IsProxy = true, Username = ExpectedUsername, Password = ExpectedPassword }; await LoopbackServer.CreateServerAsync(async (proxyServer, proxyUri) => { // libcurl will read a default proxy from the http_proxy environment variable. Ensure that when it does, // our default proxy credentials are used. To avoid messing up anything else in this process, we run the // test in another process. var psi = new ProcessStartInfo(); Task <List <string> > proxyTask = null; if (useProxy) { proxyTask = proxyServer.AcceptConnectionPerformAuthenticationAndCloseAsync("Proxy-Authenticate: Basic realm=\"NetCore\"\r\n"); psi.Environment.Add("http_proxy", $"http://{proxyUri.Host}:{proxyUri.Port}"); } RemoteExecutor.Invoke(async(useProxyString, useSocketsHttpHandlerString, useHttp2String) => { using (HttpClientHandler handler = CreateHttpClientHandler(useSocketsHttpHandlerString, useHttp2String)) using (HttpClient client = CreateHttpClient(handler, useHttp2String)) { var creds = new NetworkCredential(ExpectedUsername, ExpectedPassword); handler.DefaultProxyCredentials = creds; handler.UseProxy = bool.Parse(useProxyString); HttpResponseMessage response = await client.GetAsync(Configuration.Http.RemoteEchoServer); // Correctness of user and password is done in server part. Assert.True(response.StatusCode == HttpStatusCode.OK); } return(RemoteExecutor.SuccessExitCode); }, useProxy.ToString(), UseSocketsHttpHandler.ToString(), UseHttp2.ToString(), new RemoteInvokeOptions { StartInfo = psi }).Dispose(); if (useProxy) { await proxyTask; } }, options); }
public void Authentication_UseMultiInterfaceNonRewindableStreamContent_Throws() { RemoteExecutor.Invoke(async(useSocketsHttpHandlerString, useHttp2String) => { string username = "******"; string password = "******"; Uri uri = Configuration.Http.RemoteHttp11Server.BasicAuthUriForCreds(userName: username, password: password); HttpClientHandler handler = CreateHttpClientHandler(useSocketsHttpHandlerString, useHttp2String); handler.Credentials = new NetworkCredential(username, password); using (HttpClient client = CreateHttpClient(handler, useHttp2String)) { byte[] postData = Encoding.UTF8.GetBytes("This is data to post."); var stream = new MultiInterfaceNonRewindableReadOnlyStream(postData); var content = new MultiInterfaceStreamContent(stream); await Assert.ThrowsAsync <HttpRequestException>(() => client.PostAsync(uri, content)); } }, UseSocketsHttpHandler.ToString(), UseHttp2.ToString()).Dispose(); }
public async Task UseCallback_BadCertificate_ExpectedPolicyErrors(string url, SslPolicyErrors expectedErrors) { const int SEC_E_BUFFER_TOO_SMALL = unchecked ((int)0x80090321); if (!ClientSupportsDHECipherSuites) { return; } try { await UseCallback_BadCertificate_ExpectedPolicyErrors_Helper(url, UseHttp2.ToString(), expectedErrors); } catch (HttpRequestException e) when(e.InnerException?.GetType().Name == "WinHttpException" && e.InnerException.HResult == SEC_E_BUFFER_TOO_SMALL && !PlatformDetection.IsWindows10Version1607OrGreater) { // Testing on old Windows versions can hit https://github.com/dotnet/corefx/issues/7812 // Ignore SEC_E_BUFFER_TOO_SMALL error on such cases. } }
public async Task UseCallback_BadCertificate_ExpectedPolicyErrors(string url, SslPolicyErrors expectedErrors) { const int SEC_E_BUFFER_TOO_SMALL = unchecked ((int)0x80090321); if (!BackendSupportsCustomCertificateHandlingAndClientSupportsDHECipherSuites) { return; } try { if (PlatformDetection.IsUap) { // UAP HTTP stack caches connections per-process. This causes interference when these tests run in // the same process as the other tests. Each test needs to be isolated to its own process. // See dicussion: https://github.com/dotnet/corefx/issues/21945 RemoteExecutor.Invoke((remoteUrl, remoteExpectedErrors, useSocketsHttpHandlerString, useHttp2String) => { UseCallback_BadCertificate_ExpectedPolicyErrors_Helper( remoteUrl, useSocketsHttpHandlerString, useHttp2String, (SslPolicyErrors)Enum.Parse(typeof(SslPolicyErrors), remoteExpectedErrors)).Wait(); return(RemoteExecutor.SuccessExitCode); }, url, expectedErrors.ToString(), UseSocketsHttpHandler.ToString(), UseHttp2.ToString()).Dispose(); } else { await UseCallback_BadCertificate_ExpectedPolicyErrors_Helper(url, UseSocketsHttpHandler.ToString(), UseHttp2.ToString(), expectedErrors); } } catch (HttpRequestException e) when(e.InnerException?.GetType().Name == "WinHttpException" && e.InnerException.HResult == SEC_E_BUFFER_TOO_SMALL && !PlatformDetection.IsWindows10Version1607OrGreater) { // Testing on old Windows versions can hit https://github.com/dotnet/corefx/issues/7812 // Ignore SEC_E_BUFFER_TOO_SMALL error on such cases. } }
public void Manual_SelectClientCertificateForRemoteServer_ServerOnlyReceivesValidClientCert( int certIndex, HttpStatusCode expectedStatusCode) { if (!CanTestClientCertificates) // can't use [Conditional*] right now as it's evaluated at the wrong time for SocketsHttpHandler { _output.WriteLine($"Skipping {nameof(Manual_SelectClientCertificateForRemoteServer_ServerOnlyReceivesValidClientCert)}()"); return; } // UAP HTTP stack caches connections per-process. This causes interference when these tests run in // the same process as the other tests. Each test needs to be isolated to its own process. // See dicussion: https://github.com/dotnet/corefx/issues/21945 RemoteExecutor.Invoke((certIndexString, expectedStatusCodeString, useSocketsHttpHandlerString, useHttp2String) => { X509Certificate2 clientCert = null; // Get client certificate. RemoteInvoke doesn't allow easy marshaling of complex types. // So we have to select the certificate at this point in the test execution. if (certIndexString == "1") { // This is a valid client cert since it has an EKU with a ClientAuthentication OID. clientCert = Configuration.Certificates.GetClientCertificate(); } else if (certIndexString == "2") { // This is a valid client cert since it has no EKU thus all usages are permitted. clientCert = Configuration.Certificates.GetNoEKUCertificate(); } else if (certIndexString == "3") { // This is an invalid client cert since it has an EKU but is missing ClientAuthentication OID. clientCert = Configuration.Certificates.GetServerCertificate(); } Assert.NotNull(clientCert); var statusCode = (HttpStatusCode)Enum.Parse(typeof(HttpStatusCode), expectedStatusCodeString); HttpClientHandler handler = CreateHttpClientHandler(useSocketsHttpHandlerString, useHttp2String); handler.ClientCertificates.Add(clientCert); using (HttpClient client = CreateHttpClient(handler, useHttp2String)) { var request = new HttpRequestMessage(); request.RequestUri = new Uri(Configuration.Http.EchoClientCertificateRemoteServer); // Issue #35239. Force HTTP/1.1. request.Version = new Version(1, 1); HttpResponseMessage response = client.SendAsync(request).GetAwaiter().GetResult(); // need a 4-arg overload of RemoteInvoke that returns a Task Assert.Equal(statusCode, response.StatusCode); if (statusCode == HttpStatusCode.OK) { string body = response.Content.ReadAsStringAsync().GetAwaiter().GetResult(); // need a 4-arg overload of RemoteInvoke that returns a Task byte[] bytes = Convert.FromBase64String(body); var receivedCert = new X509Certificate2(bytes); Assert.Equal(clientCert, receivedCert); } return(RemoteExecutor.SuccessExitCode); } }, certIndex.ToString(), expectedStatusCode.ToString(), UseSocketsHttpHandler.ToString(), UseHttp2.ToString()).Dispose(); }