public async Task SetEncryptionAsync_UpgradeToTls_ShouldSucceed() { // Arrange ServerCertificate = CertificateUtil.GetOrCreateSelfSignedCertificate("localhost"); ServerCertificateValidationCallback = (sender, certificate, chain, errors) => true; var newSession = Dummy.CreateSession(); var authenticatingSession = Dummy.CreateSession(SessionState.Authenticating); var(clientTransport, serverTransport) = await GetAndOpenTargetsAsync(); // Act await clientTransport.SendAsync(newSession, CancellationToken); var receivedEnvelopeBeforeUpgrade = await serverTransport.ReceiveAsync(CancellationToken); await Task.WhenAll( serverTransport.SetEncryptionAsync(SessionEncryption.TLS, CancellationToken), clientTransport.SetEncryptionAsync(SessionEncryption.TLS, CancellationToken)); await clientTransport.SendAsync(authenticatingSession, CancellationToken); var receivedEnvelopeAfterUpgrade = await serverTransport.ReceiveAsync(CancellationToken); // Assert serverTransport.Encryption.ShouldBe(SessionEncryption.TLS); clientTransport.Encryption.ShouldBe(SessionEncryption.TLS); var actualNewSession = receivedEnvelopeBeforeUpgrade.ShouldBeOfType <Session>(); actualNewSession.Id.ShouldBe(newSession.Id); actualNewSession.State.ShouldBe(newSession.State); var actualAuthenticatingSession = receivedEnvelopeAfterUpgrade.ShouldBeOfType <Session>(); actualAuthenticatingSession.Id.ShouldBe(authenticatingSession.Id); actualAuthenticatingSession.State.ShouldBe(authenticatingSession.State); }
public async Task SendAsync_FullSessionNegotiationWithTlsUpgrade_ShouldSucceed() { // Arrange ServerCertificate = CertificateUtil.GetOrCreateSelfSignedCertificate("localhost"); ServerCertificateValidationCallback = (sender, certificate, chain, errors) => true; var(clientTransport, serverTransport) = await GetAndOpenTargetsAsync(); var clientChannel = new ClientChannel(clientTransport, TimeSpan.FromSeconds(30)); var serverChannel = new ServerChannel(EnvelopeId.NewId(), "*****@*****.**", serverTransport, TimeSpan.FromSeconds(30)); // Act var clientEstablishmentTask = clientChannel.EstablishSessionAsync( c => SessionCompression.None, e => SessionEncryption.TLS, "*****@*****.**", (schemes, authentication) => new GuestAuthentication(), EnvelopeId.NewId(), CancellationToken); var serverEstablishmentTask = serverChannel.EstablishSessionAsync( serverTransport.GetSupportedCompression(), serverTransport.GetSupportedEncryption(), new[] { AuthenticationScheme.Guest }, (i, am, cancellationToken) => new AuthenticationResult(DomainRole.Member).AsCompletedTask(), (_, __, ___) => Task.FromResult(Node.Parse("[email protected]/instance")), CancellationToken); await Task.WhenAll(clientEstablishmentTask, serverEstablishmentTask); // Assert serverTransport.Encryption.ShouldBe(SessionEncryption.TLS); clientTransport.Encryption.ShouldBe(SessionEncryption.TLS); var session = await clientEstablishmentTask; session.State.ShouldBe(SessionState.Established); }
public async Task SetUp() { _stream = new Mock <Stream>(); _tcpClient = new Mock <ITcpClient>(); _tcpClient .Setup(c => c.GetStream()) .Returns(() => _stream.Object); _envelopeSerializer = new Mock <IEnvelopeSerializer>(); _traceWriter = new Mock <ITraceWriter>(); _cancellationToken = TimeSpan.FromSeconds(10).ToCancellationToken(); _serverUri = new Uri($"net.tcp://*****:*****@fakedomain.local"); _serverCertificate = CertificateUtil.GetOrCreateSelfSignedCertificate(_serverIdentity.Domain); _tcpListener = new TcpTransportListener( _serverUri, _serverCertificate, _envelopeSerializer.Object, clientCertificateValidationCallback: (object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) => { return(true); }); await _tcpListener.StartAsync(_cancellationToken); }
private X509Certificate2 GetWildcardDomainCertificate(Identity identity, bool trimDomainLabel = true) { var domain = trimDomainLabel ? identity.Domain.TrimFirstDomainLabel() : identity.Domain; return(CertificateUtil.GetOrCreateSelfSignedCertificate($"*.{domain} ")); }
public async Task GetSupportedEncryptionOptions_ServerWithServerCertificateDefined_ShouldReturnNoneTls() { // Arrange ServerCertificate = CertificateUtil.GetOrCreateSelfSignedCertificate("localhost"); var(clientTransport, serverTransport) = await GetAndOpenTargetsAsync(); // Act var serverSupportedEncryption = serverTransport.GetSupportedEncryption(); // Assert serverSupportedEncryption.ShouldContain(SessionEncryption.None); serverSupportedEncryption.ShouldContain(SessionEncryption.TLS); }
public async Task AuthenticateAsync_WithInvalidClientCertificate_ShouldThrowAuthenticationException() { // Arrange ServerCertificate = CertificateUtil.GetOrCreateSelfSignedCertificate("localhost"); ServerCertificateValidationCallback = (sender, certificate, chain, errors) => true; ClientCertificateValidationCallback = (sender, certificate, chain, errors) => false; var clientIdentity = Dummy.CreateIdentity(); ClientCertificate = CertificateUtil.GetOrCreateSelfSignedCertificate(clientIdentity); var(clientTransport, serverTransport) = await GetAndOpenTargetsAsync(); // Act await Task.WhenAll( serverTransport.SetEncryptionAsync(SessionEncryption.TLS, CancellationToken), clientTransport.SetEncryptionAsync(SessionEncryption.TLS, CancellationToken)) .ShouldThrowAsync <AuthenticationException>(); }
public async Task AuthenticateAsync_WithoutClientCertificate_ShouldReturnUnknown() { // Arrange ServerCertificate = CertificateUtil.GetOrCreateSelfSignedCertificate("localhost"); ClientCertificateValidationCallback = ServerCertificateValidationCallback = (sender, certificate, chain, errors) => true; var clientIdentity = Dummy.CreateIdentity(); ClientCertificate = null; var(clientTransport, serverTransport) = await GetAndOpenTargetsAsync(); await Task.WhenAll( serverTransport.SetEncryptionAsync(SessionEncryption.TLS, CancellationToken), clientTransport.SetEncryptionAsync(SessionEncryption.TLS, CancellationToken)); // Act var actual = await((IAuthenticatableTransport)serverTransport).AuthenticateAsync(clientIdentity); // Assert actual.ShouldBe(DomainRole.Unknown); }
private X509Certificate2 GetDomainCertificate(Identity identity) { return(CertificateUtil.GetOrCreateSelfSignedCertificate(identity.Domain)); }
/// <summary> /// Use certificate on disk to optimize test execution time, since /// certificate creation takes some time... /// </summary> /// <returns></returns> private static X509Certificate2 GetClientCertificate(Identity identity) { return(CertificateUtil.GetOrCreateSelfSignedCertificate(identity.ToString())); }