public async Task AuthenticateAsync_IdentityWithWildcardCertificateWithSanDomain_ReturnsRootAuthority() { // Arrange var clientIdentity = new Identity("client", "fakedomain.local"); var clientCertificate = CertificateUtil.CreateSelfSignedCertificate( clientIdentity.Domain, $"*.{clientIdentity.Domain}"); var clientTransport = new TcpTransport( _envelopeSerializer.Object, clientCertificate, serverCertificateValidationCallback: (object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) => { return(true); }); await clientTransport.OpenAsync(_serverUri, _cancellationToken); var serverTransport = await _tcpListener.AcceptTransportAsync(_cancellationToken); await serverTransport.OpenAsync(_serverUri, _cancellationToken); await Task.WhenAll( serverTransport.SetEncryptionAsync(SessionEncryption.TLS, _cancellationToken), clientTransport.SetEncryptionAsync(SessionEncryption.TLS, _cancellationToken)); // Act var actual = await((IAuthenticatableTransport)serverTransport).AuthenticateAsync(clientIdentity); // Assert actual.ShouldBe(DomainRole.RootAuthority); }
public async Task AuthenticateAsync_ValidClientRootAuthorityCertificateWithSubDomain_ReturnsAuthority() { // Arrange var clientIdentity = Identity.Parse("*****@*****.**"); var clientCertificate = CertificateUtil.CreateSelfSignedCertificate( $"*.{clientIdentity.Domain.TrimFirstDomainLabel()}"); var clientTransport = new TcpTransport( _envelopeSerializer.Object, clientCertificate, serverCertificateValidationCallback: (sender, certificate, chain, sslPolicyErrors) => true); await clientTransport.OpenAsync(_serverUri, _cancellationToken); var serverTransport = await _tcpListener.AcceptTransportAsync(_cancellationToken); await serverTransport.OpenAsync(_serverUri, _cancellationToken); await Task.WhenAll( serverTransport.SetEncryptionAsync(SessionEncryption.TLS, _cancellationToken), clientTransport.SetEncryptionAsync(SessionEncryption.TLS, _cancellationToken)); // Act var actual = await((IAuthenticatableTransport)serverTransport).AuthenticateAsync(clientIdentity); // Assert actual.ShouldBe(DomainRole.Authority); }
public async Task AuthenticateAsync_OtherDomainCertificate_ReturnsUnknown() { // Arrange var clientIdentity = new Identity("client", "fakedomain.local"); var clientCertificate = CertificateUtil.CreateSelfSignedCertificate(clientIdentity.Domain); var clientTransport = new TcpTransport( _envelopeSerializer.Object, clientCertificate, serverCertificateValidationCallback: (sender, certificate, chain, sslPolicyErrors) => { return(true); }); await clientTransport.OpenAsync(_serverUri, _cancellationToken); var serverTransport = await _tcpListener.AcceptTransportAsync(_cancellationToken); await serverTransport.OpenAsync(_serverUri, _cancellationToken); await Task.WhenAll( serverTransport.SetEncryptionAsync(SessionEncryption.TLS, _cancellationToken), clientTransport.SetEncryptionAsync(SessionEncryption.TLS, _cancellationToken)); var otherClientIdentity = Identity.Parse("*****@*****.**"); // Act var actual = await((IAuthenticatableTransport)serverTransport).AuthenticateAsync(otherClientIdentity); // Assert actual.ShouldBe(DomainRole.Unknown); }