public async Task SetEncryptionAsync_UpgradeToTls_ShouldSucceed()
{
// Arrange
ServerCertificate = CertificateUtil.GetOrCreateSelfSignedCertificate("localhost");
ServerCertificateValidationCallback = (sender, certificate, chain, errors) => true;
var newSession = Dummy.CreateSession();
var authenticatingSession = Dummy.CreateSession(SessionState.Authenticating);
var(clientTransport, serverTransport) = await GetAndOpenTargetsAsync();
// Act
await clientTransport.SendAsync(newSession, CancellationToken);
var receivedEnvelopeBeforeUpgrade = await serverTransport.ReceiveAsync(CancellationToken);
await Task.WhenAll(
serverTransport.SetEncryptionAsync(SessionEncryption.TLS, CancellationToken),
clientTransport.SetEncryptionAsync(SessionEncryption.TLS, CancellationToken));
await clientTransport.SendAsync(authenticatingSession, CancellationToken);
var receivedEnvelopeAfterUpgrade = await serverTransport.ReceiveAsync(CancellationToken);
// Assert
serverTransport.Encryption.ShouldBe(SessionEncryption.TLS);
clientTransport.Encryption.ShouldBe(SessionEncryption.TLS);
var actualNewSession = receivedEnvelopeBeforeUpgrade.ShouldBeOfType <Session>();
actualNewSession.Id.ShouldBe(newSession.Id);
actualNewSession.State.ShouldBe(newSession.State);
var actualAuthenticatingSession = receivedEnvelopeAfterUpgrade.ShouldBeOfType <Session>();
actualAuthenticatingSession.Id.ShouldBe(authenticatingSession.Id);
actualAuthenticatingSession.State.ShouldBe(authenticatingSession.State);
}
public async Task SendAsync_FullSessionNegotiationWithTlsUpgrade_ShouldSucceed()
{
// Arrange
ServerCertificate = CertificateUtil.GetOrCreateSelfSignedCertificate("localhost");
ServerCertificateValidationCallback = (sender, certificate, chain, errors) => true;
var(clientTransport, serverTransport) = await GetAndOpenTargetsAsync();
var clientChannel = new ClientChannel(clientTransport, TimeSpan.FromSeconds(30));
var serverChannel = new ServerChannel(EnvelopeId.NewId(), "*****@*****.**", serverTransport, TimeSpan.FromSeconds(30));
// Act
var clientEstablishmentTask = clientChannel.EstablishSessionAsync(
c => SessionCompression.None,
e => SessionEncryption.TLS,
"*****@*****.**",
(schemes, authentication) => new GuestAuthentication(),
EnvelopeId.NewId(),
CancellationToken);
var serverEstablishmentTask = serverChannel.EstablishSessionAsync(
serverTransport.GetSupportedCompression(),
serverTransport.GetSupportedEncryption(),
new[] { AuthenticationScheme.Guest },
(i, am, cancellationToken) => new AuthenticationResult(DomainRole.Member).AsCompletedTask(),
(_, __, ___) => Task.FromResult(Node.Parse("[email protected]/instance")),
CancellationToken);
await Task.WhenAll(clientEstablishmentTask, serverEstablishmentTask);
// Assert
serverTransport.Encryption.ShouldBe(SessionEncryption.TLS);
clientTransport.Encryption.ShouldBe(SessionEncryption.TLS);
var session = await clientEstablishmentTask;
session.State.ShouldBe(SessionState.Established);
}
public async Task SetUp()
{
_stream = new Mock <Stream>();
_tcpClient = new Mock <ITcpClient>();
_tcpClient
.Setup(c => c.GetStream())
.Returns(() => _stream.Object);
_envelopeSerializer = new Mock <IEnvelopeSerializer>();
_traceWriter = new Mock <ITraceWriter>();
_cancellationToken = TimeSpan.FromSeconds(10).ToCancellationToken();
_serverUri = new Uri($"net.tcp://*****:*****@fakedomain.local");
_serverCertificate = CertificateUtil.GetOrCreateSelfSignedCertificate(_serverIdentity.Domain);
_tcpListener = new TcpTransportListener(
_serverUri,
_serverCertificate,
_envelopeSerializer.Object,
clientCertificateValidationCallback:
(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) =>
{
return(true);
});
await _tcpListener.StartAsync(_cancellationToken);
}
private X509Certificate2 GetWildcardDomainCertificate(Identity identity, bool trimDomainLabel = true)
{
var domain = trimDomainLabel
? identity.Domain.TrimFirstDomainLabel()
: identity.Domain;
return(CertificateUtil.GetOrCreateSelfSignedCertificate($"*.{domain} "));
}
public async Task GetSupportedEncryptionOptions_ServerWithServerCertificateDefined_ShouldReturnNoneTls()
{
// Arrange
ServerCertificate = CertificateUtil.GetOrCreateSelfSignedCertificate("localhost");
var(clientTransport, serverTransport) = await GetAndOpenTargetsAsync();
// Act
var serverSupportedEncryption = serverTransport.GetSupportedEncryption();
// Assert
serverSupportedEncryption.ShouldContain(SessionEncryption.None);
serverSupportedEncryption.ShouldContain(SessionEncryption.TLS);
}
public async Task AuthenticateAsync_WithInvalidClientCertificate_ShouldThrowAuthenticationException()
{
// Arrange
ServerCertificate = CertificateUtil.GetOrCreateSelfSignedCertificate("localhost");
ServerCertificateValidationCallback = (sender, certificate, chain, errors) => true;
ClientCertificateValidationCallback = (sender, certificate, chain, errors) => false;
var clientIdentity = Dummy.CreateIdentity();
ClientCertificate = CertificateUtil.GetOrCreateSelfSignedCertificate(clientIdentity);
var(clientTransport, serverTransport) = await GetAndOpenTargetsAsync();
// Act
await Task.WhenAll(
serverTransport.SetEncryptionAsync(SessionEncryption.TLS, CancellationToken),
clientTransport.SetEncryptionAsync(SessionEncryption.TLS, CancellationToken))
.ShouldThrowAsync <AuthenticationException>();
}
public async Task AuthenticateAsync_WithoutClientCertificate_ShouldReturnUnknown()
{
// Arrange
ServerCertificate = CertificateUtil.GetOrCreateSelfSignedCertificate("localhost");
ClientCertificateValidationCallback = ServerCertificateValidationCallback = (sender, certificate, chain, errors) => true;
var clientIdentity = Dummy.CreateIdentity();
ClientCertificate = null;
var(clientTransport, serverTransport) = await GetAndOpenTargetsAsync();
await Task.WhenAll(
serverTransport.SetEncryptionAsync(SessionEncryption.TLS, CancellationToken),
clientTransport.SetEncryptionAsync(SessionEncryption.TLS, CancellationToken));
// Act
var actual = await((IAuthenticatableTransport)serverTransport).AuthenticateAsync(clientIdentity);
// Assert
actual.ShouldBe(DomainRole.Unknown);
}
private X509Certificate2 GetDomainCertificate(Identity identity)
{
return(CertificateUtil.GetOrCreateSelfSignedCertificate(identity.Domain));
}
/// <summary>
/// Use certificate on disk to optimize test execution time, since
/// certificate creation takes some time...
/// </summary>
/// <returns></returns>
private static X509Certificate2 GetClientCertificate(Identity identity)
{
return(CertificateUtil.GetOrCreateSelfSignedCertificate(identity.ToString()));
}
