/// <summary>
/// Configures the SSL stream settings.
/// </summary>
/// <param name="configurator">The SSL stream settings configurator delegate.</param>
/// <returns>A reconfigured cluster builder.</returns>
public ClusterBuilder ConfigureSsl(Func <SslStreamSettings, SslStreamSettings> configurator)
{
Ensure.IsNotNull(configurator, "configurator");
_sslStreamSettings = configurator(_sslStreamSettings ?? new SslStreamSettings());
return(this);
}
public void With_returns_a_new_instance()
{
var subject1 = new SslStreamSettings();
var subject2 = subject1.With(checkCertificateRevocation: false);
subject2.Should().NotBeSameAs(subject1);
subject1.CheckCertificateRevocation.Should().BeTrue();
subject2.CheckCertificateRevocation.Should().BeFalse();
}
public void constructor_should_initialize_instance()
{
var subject = new SslStreamSettings();
subject.CheckCertificateRevocation.Should().BeTrue();
subject.ClientCertificates.Should().BeEmpty();
subject.ClientCertificateSelectionCallback.Should().BeNull();
subject.EnabledSslProtocols.Should().Be(SslProtocols.Tls12 | SslProtocols.Tls11 | SslProtocols.Tls);
subject.ServerCertificateValidationCallback.Should().BeNull();
}
public void Constructor_initializes_instance()
{
var subject = new SslStreamSettings();
subject.ClientCertificates.Should().BeEmpty();
subject.CheckCertificateRevocation.Should().Be(true);
subject.ClientCertificateSelectionCallback.Should().BeNull();
subject.EnabledSslProtocols.Should().Be(SslProtocols.Default);
subject.ServerCertificateValidationCallback.Should().BeNull();
}
public void constructor_should_initialize_instance()
{
var subject = new SslStreamSettings();
subject.CheckCertificateRevocation.Should().BeTrue();
subject.ClientCertificates.Should().BeEmpty();
subject.ClientCertificateSelectionCallback.Should().BeNull();
subject.EnabledSslProtocols.Should().Be(SslProtocols.Tls12 | SslProtocols.Tls11 | SslProtocols.Tls);
subject.ServerCertificateValidationCallback.Should().BeNull();
}
public void constructor_with_serverCertificateValidationCallback_should_initialize_instance()
{
RemoteCertificateValidationCallback serverCertificateValidationCallback = (s, ce, ch, e) => false;
var subject = new SslStreamSettings(serverCertificateValidationCallback: serverCertificateValidationCallback);
subject.CheckCertificateRevocation.Should().Be(__defaults.CheckCertificateRevocation);
subject.ClientCertificates.Should().Equal(__defaults.ClientCertificates);
subject.ClientCertificateSelectionCallback.Should().Be(__defaults.ClientCertificateSelectionCallback);
subject.EnabledSslProtocols.Should().Be(__defaults.EnabledSslProtocols);
subject.ServerCertificateValidationCallback.Should().Be(serverCertificateValidationCallback);
}
public void constructor_with_clientCertificates_should_initialize_instance()
{
var clientCertificates = new[] { new X509Certificate() };
var subject = new SslStreamSettings(clientCertificates: clientCertificates);
subject.CheckCertificateRevocation.Should().Be(__defaults.CheckCertificateRevocation);
subject.ClientCertificates.Should().Equal(clientCertificates);
subject.ClientCertificateSelectionCallback.Should().Be(__defaults.ClientCertificateSelectionCallback);
subject.EnabledSslProtocols.Should().Be(__defaults.EnabledSslProtocols);
subject.ServerCertificateValidationCallback.Should().Be(__defaults.ServerCertificateValidationCallback);
}
public void constructor_with_clientCertificateSelectionCallback_should_initialize_instance()
{
LocalCertificateSelectionCallback clientCertificateSelectionCallback = (s, t, l, r, a) => null;
var subject = new SslStreamSettings(clientCertificateSelectionCallback: clientCertificateSelectionCallback);
subject.CheckCertificateRevocation.Should().Be(__defaults.CheckCertificateRevocation);
subject.ClientCertificates.Should().Equal(__defaults.ClientCertificates);
subject.ClientCertificateSelectionCallback.Should().Be(clientCertificateSelectionCallback);
subject.EnabledSslProtocols.Should().Be(__defaults.EnabledSslProtocols);
subject.ServerCertificateValidationCallback.Should().Be(__defaults.ServerCertificateValidationCallback);
}
public void constructor_with_enabledProtocols_should_initialize_instance()
{
var enabledProtocols = SslProtocols.Tls12;
var subject = new SslStreamSettings(enabledProtocols: enabledProtocols);
subject.CheckCertificateRevocation.Should().Be(__defaults.CheckCertificateRevocation);
subject.ClientCertificates.Should().Equal(__defaults.ClientCertificates);
subject.ClientCertificateSelectionCallback.Should().Be(__defaults.ClientCertificateSelectionCallback);
subject.EnabledSslProtocols.Should().Be(enabledProtocols);
subject.ServerCertificateValidationCallback.Should().Be(__defaults.ServerCertificateValidationCallback);
}
public void constructor_with_clientCertificates_should_initialize_instance()
{
var clientCertificates = new[] { new X509Certificate() };
var subject = new SslStreamSettings(clientCertificates: clientCertificates);
subject.CheckCertificateRevocation.Should().Be(__defaults.CheckCertificateRevocation);
subject.ClientCertificates.Should().Equal(clientCertificates);
subject.ClientCertificateSelectionCallback.Should().Be(__defaults.ClientCertificateSelectionCallback);
subject.EnabledSslProtocols.Should().Be(__defaults.EnabledSslProtocols);
subject.ServerCertificateValidationCallback.Should().Be(__defaults.ServerCertificateValidationCallback);
}
public void constructor_with_clientCertificateSelectionCallback_should_initialize_instance()
{
LocalCertificateSelectionCallback clientCertificateSelectionCallback = (s, t, l, r, a) => null;
var subject = new SslStreamSettings(clientCertificateSelectionCallback: clientCertificateSelectionCallback);
subject.CheckCertificateRevocation.Should().Be(__defaults.CheckCertificateRevocation);
subject.ClientCertificates.Should().Equal(__defaults.ClientCertificates);
subject.ClientCertificateSelectionCallback.Should().Be(clientCertificateSelectionCallback);
subject.EnabledSslProtocols.Should().Be(__defaults.EnabledSslProtocols);
subject.ServerCertificateValidationCallback.Should().Be(__defaults.ServerCertificateValidationCallback);
}
public void With_checkCertificateRevocation_should_return_expected_result()
{
var oldCheckCertificateRevocation = false;
var newCheckCertificateRevocation = true;
var subject = new SslStreamSettings(checkCertificateRevocation: oldCheckCertificateRevocation);
var result = subject.With(checkCertificateRevocation: newCheckCertificateRevocation);
result.CheckCertificateRevocation.Should().Be(newCheckCertificateRevocation);
result.ClientCertificates.Should().Equal(subject.ClientCertificates);
result.ClientCertificateSelectionCallback.Should().Be(subject.ClientCertificateSelectionCallback);
result.EnabledSslProtocols.Should().Be(subject.EnabledSslProtocols);
result.ServerCertificateValidationCallback.Should().Be(subject.ServerCertificateValidationCallback);
}
public void With_clientCertificates_should_return_expected_result()
{
var oldClientCertificates = new[] { new X509Certificate() };
var newClientCertificates = new[] { new X509Certificate() };
var subject = new SslStreamSettings(clientCertificates: oldClientCertificates);
var result = subject.With(clientCertificates: newClientCertificates);
result.CheckCertificateRevocation.Should().Be(subject.CheckCertificateRevocation);
result.ClientCertificates.Should().Equal(newClientCertificates);
result.ClientCertificateSelectionCallback.Should().Be(subject.ClientCertificateSelectionCallback);
result.EnabledSslProtocols.Should().Be(subject.EnabledSslProtocols);
result.ServerCertificateValidationCallback.Should().Be(subject.ServerCertificateValidationCallback);
}
public void With_serverCertificateValidationCallback_should_return_expected_result()
{
RemoteCertificateValidationCallback oldServerCertificateValidationCallback = (s, ce, ch, e) => false;
RemoteCertificateValidationCallback newServerCertificateValidationCallback = (s, ce, ch, e) => false;
var subject = new SslStreamSettings(serverCertificateValidationCallback: oldServerCertificateValidationCallback);
var result = subject.With(serverCertificateValidationCallback: newServerCertificateValidationCallback);
result.CheckCertificateRevocation.Should().Be(subject.CheckCertificateRevocation);
result.ClientCertificates.Should().Equal(subject.ClientCertificates);
result.ClientCertificateSelectionCallback.Should().Be(subject.ClientCertificateSelectionCallback);
result.EnabledSslProtocols.Should().Be(subject.EnabledSslProtocols);
result.ServerCertificateValidationCallback.Should().Be(newServerCertificateValidationCallback);
}
public void With_enabledProtocols_should_return_expected_result()
{
var oldEnabledProtocols = SslProtocols.Tls;
var newEnabledProtocols = SslProtocols.Tls12;
var subject = new SslStreamSettings(enabledProtocols: oldEnabledProtocols);
var result = subject.With(enabledProtocols: newEnabledProtocols);
result.CheckCertificateRevocation.Should().Be(subject.CheckCertificateRevocation);
result.ClientCertificates.Should().Equal(subject.ClientCertificates);
result.ClientCertificateSelectionCallback.Should().Be(subject.ClientCertificateSelectionCallback);
result.EnabledSslProtocols.Should().Be(newEnabledProtocols);
result.ServerCertificateValidationCallback.Should().Be(subject.ServerCertificateValidationCallback);
}
public void With_clientCertificateSelectionCallback_should_return_expected_result()
{
LocalCertificateSelectionCallback oldClientCertificateSelectionCallback = (s, t, l, r, a) => null;
LocalCertificateSelectionCallback newClientCertificateSelectionCallback = (s, t, l, r, a) => null;
var subject = new SslStreamSettings(clientCertificateSelectionCallback: oldClientCertificateSelectionCallback);
var result = subject.With(clientCertificateSelectionCallback: newClientCertificateSelectionCallback);
result.CheckCertificateRevocation.Should().Be(subject.CheckCertificateRevocation);
result.ClientCertificates.Should().Equal(subject.ClientCertificates);
result.ClientCertificateSelectionCallback.Should().Be(newClientCertificateSelectionCallback);
result.EnabledSslProtocols.Should().Be(subject.EnabledSslProtocols);
result.ServerCertificateValidationCallback.Should().Be(subject.ServerCertificateValidationCallback);
}
public void constructor_should_initialize_instance()
{
var subject = new SslStreamSettings();
subject.CheckCertificateRevocation.Should().BeTrue();
subject.ClientCertificates.Should().BeEmpty();
subject.ClientCertificateSelectionCallback.Should().BeNull();
#if NETSTANDARD1_6
#pragma warning disable 618
subject.EnabledSslProtocols.Should().Be(SslProtocols.Tls | SslProtocols.Ssl3);
#pragma warning restore
#else
subject.EnabledSslProtocols.Should().Be(SslProtocols.Default);
#endif
subject.ServerCertificateValidationCallback.Should().BeNull();
}
public void constructor_should_initialize_instance()
{
var subject = new SslStreamSettings();
subject.CheckCertificateRevocation.Should().BeTrue();
subject.ClientCertificates.Should().BeEmpty();
subject.ClientCertificateSelectionCallback.Should().BeNull();
#if NETSTANDARD1_6
#pragma warning disable 618
subject.EnabledSslProtocols.Should().Be(SslProtocols.Tls | SslProtocols.Ssl3);
#pragma warning restore
#else
subject.EnabledSslProtocols.Should().Be(SslProtocols.Default);
#endif
subject.ServerCertificateValidationCallback.Should().BeNull();
}
public SslStreamFactory(SslStreamSettings settings, IStreamFactory wrapped)
{
_settings = Ensure.IsNotNull(settings, "settings");
_wrapped = Ensure.IsNotNull(wrapped, "wrapped");
}
public void constructor_with_enabledProtocols_should_initialize_instance()
{
var enabledProtocols = SslProtocols.Tls12;
var subject = new SslStreamSettings(enabledProtocols: enabledProtocols);
subject.CheckCertificateRevocation.Should().Be(__defaults.CheckCertificateRevocation);
subject.ClientCertificates.Should().Equal(__defaults.ClientCertificates);
subject.ClientCertificateSelectionCallback.Should().Be(__defaults.ClientCertificateSelectionCallback);
subject.EnabledSslProtocols.Should().Be(enabledProtocols);
subject.ServerCertificateValidationCallback.Should().Be(__defaults.ServerCertificateValidationCallback);
}
private SslStreamSettings ConfigureSsl(SslStreamSettings settings, ClusterKey clusterKey)
{
if (clusterKey.UseSsl)
{
var sslSettings = clusterKey.SslSettings ?? new SslSettings();
var validationCallback = sslSettings.ServerCertificateValidationCallback;
if (validationCallback == null && !clusterKey.VerifySslCertificate)
{
validationCallback = AcceptAnySslCertificate;
}
return settings.With(
clientCertificates: Optional.Enumerable(sslSettings.ClientCertificates ?? Enumerable.Empty<X509Certificate>()),
checkCertificateRevocation: sslSettings.CheckCertificateRevocation,
clientCertificateSelectionCallback: sslSettings.ClientCertificateSelectionCallback,
enabledProtocols: sslSettings.EnabledSslProtocols,
serverCertificateValidationCallback: validationCallback);
}
return settings;
}
/// <summary>
/// Configures the SSL stream settings.
/// </summary>
/// <param name="configurator">The SSL stream settings configurator delegate.</param>
/// <returns>A reconfigured cluster builder.</returns>
public ClusterBuilder ConfigureSsl(Func <SslStreamSettings, SslStreamSettings> configurator)
{
_sslStreamSettings = configurator(_sslStreamSettings ?? new SslStreamSettings());
return(this);
}
public void With_enabledProtocols_should_return_expected_result()
{
var oldEnabledProtocols = SslProtocols.Tls;
var newEnabledProtocols = SslProtocols.Tls12;
var subject = new SslStreamSettings(enabledProtocols: oldEnabledProtocols);
var result = subject.With(enabledProtocols: newEnabledProtocols);
result.CheckCertificateRevocation.Should().Be(subject.CheckCertificateRevocation);
result.ClientCertificates.Should().Equal(subject.ClientCertificates);
result.ClientCertificateSelectionCallback.Should().Be(subject.ClientCertificateSelectionCallback);
result.EnabledSslProtocols.Should().Be(newEnabledProtocols);
result.ServerCertificateValidationCallback.Should().Be(subject.ServerCertificateValidationCallback);
}
public void With_serverCertificateValidationCallback_should_return_expected_result()
{
RemoteCertificateValidationCallback oldServerCertificateValidationCallback = (s, ce, ch, e) => false;
RemoteCertificateValidationCallback newServerCertificateValidationCallback = (s, ce, ch, e) => false;
var subject = new SslStreamSettings(serverCertificateValidationCallback: oldServerCertificateValidationCallback);
var result = subject.With(serverCertificateValidationCallback: newServerCertificateValidationCallback);
result.CheckCertificateRevocation.Should().Be(subject.CheckCertificateRevocation);
result.ClientCertificates.Should().Equal(subject.ClientCertificates);
result.ClientCertificateSelectionCallback.Should().Be(subject.ClientCertificateSelectionCallback);
result.EnabledSslProtocols.Should().Be(subject.EnabledSslProtocols);
result.ServerCertificateValidationCallback.Should().Be(newServerCertificateValidationCallback);
}
public void With_clientCertificateSelectionCallback_should_return_expected_result()
{
LocalCertificateSelectionCallback oldClientCertificateSelectionCallback = (s, t, l, r, a) => null;
LocalCertificateSelectionCallback newClientCertificateSelectionCallback = (s, t, l, r, a) => null;
var subject = new SslStreamSettings(clientCertificateSelectionCallback: oldClientCertificateSelectionCallback);
var result = subject.With(clientCertificateSelectionCallback: newClientCertificateSelectionCallback);
result.CheckCertificateRevocation.Should().Be(subject.CheckCertificateRevocation);
result.ClientCertificates.Should().Equal(subject.ClientCertificates);
result.ClientCertificateSelectionCallback.Should().Be(newClientCertificateSelectionCallback);
result.EnabledSslProtocols.Should().Be(subject.EnabledSslProtocols);
result.ServerCertificateValidationCallback.Should().Be(subject.ServerCertificateValidationCallback);
}
public void With_clientCertificates_should_return_expected_result()
{
var oldClientCertificates = new[] { new X509Certificate() };
var newClientCertificates = new[] { new X509Certificate() };
var subject = new SslStreamSettings(clientCertificates: oldClientCertificates);
var result = subject.With(clientCertificates: newClientCertificates);
result.CheckCertificateRevocation.Should().Be(subject.CheckCertificateRevocation);
result.ClientCertificates.Should().Equal(newClientCertificates);
result.ClientCertificateSelectionCallback.Should().Be(subject.ClientCertificateSelectionCallback);
result.EnabledSslProtocols.Should().Be(subject.EnabledSslProtocols);
result.ServerCertificateValidationCallback.Should().Be(subject.ServerCertificateValidationCallback);
}
public void With_checkCertificateRevocation_should_return_expected_result()
{
var oldCheckCertificateRevocation = false;
var newCheckCertificateRevocation = true;
var subject = new SslStreamSettings(checkCertificateRevocation: oldCheckCertificateRevocation);
var result = subject.With(checkCertificateRevocation: newCheckCertificateRevocation);
result.CheckCertificateRevocation.Should().Be(newCheckCertificateRevocation);
result.ClientCertificates.Should().Equal(subject.ClientCertificates);
result.ClientCertificateSelectionCallback.Should().Be(subject.ClientCertificateSelectionCallback);
result.EnabledSslProtocols.Should().Be(subject.EnabledSslProtocols);
result.ServerCertificateValidationCallback.Should().Be(subject.ServerCertificateValidationCallback);
}
public void constructor_with_serverCertificateValidationCallback_should_initialize_instance()
{
RemoteCertificateValidationCallback serverCertificateValidationCallback = (s, ce, ch, e) => false;
var subject = new SslStreamSettings(serverCertificateValidationCallback: serverCertificateValidationCallback);
subject.CheckCertificateRevocation.Should().Be(__defaults.CheckCertificateRevocation);
subject.ClientCertificates.Should().Equal(__defaults.ClientCertificates);
subject.ClientCertificateSelectionCallback.Should().Be(__defaults.ClientCertificateSelectionCallback);
subject.EnabledSslProtocols.Should().Be(__defaults.EnabledSslProtocols);
subject.ServerCertificateValidationCallback.Should().Be(serverCertificateValidationCallback);
}
public SslStreamFactory(SslStreamSettings settings, IStreamFactory wrapped)
{
_settings = Ensure.IsNotNull(settings, nameof(settings));
_wrapped = Ensure.IsNotNull(wrapped, nameof(wrapped));
}