public void TestBadTrustChainCertificates()
{
var certificates = GetLocalCertificates(2);
X509Certificate[] clientCertificates = new X509Certificate[] { certificates[0] };
X509Certificate[] serverCertificates = new X509Certificate[] { certificates[1] };
int port = TestSecureTransport.GetAvailablePort(10000);
Task <bool> serverTask = this.AcceptClient(clientCertificates, serverCertificates, port);
Task <bool> clientTask = this.ConnectToServer(clientCertificates, serverCertificates, port);
// Server should not accept the connection because the client certificate is self-signed and trust chain validation fails
serverTask.Result.Should().BeFalse();
// Client should not accept the connection because server certificate is self-signed and trust chain validation fails
clientTask.Result.Should().BeFalse();
}
public void TestTimeoutAuthenticateAsClient()
{
var certificates = GetLocalCertificates(2);
X509Certificate[] clientCertificates = new X509Certificate[] { certificates[0] };
X509Certificate[] serverCertificates = new X509Certificate[] { certificates[1] };
int port = TestSecureTransport.GetAvailablePort(10000);
Task <bool> serverTask = this.AcceptClient(clientCertificates, serverCertificates, port);
Task <bool> clientTask = this.ConnectToServer(clientCertificates, serverCertificates, port, TimeSpan.Zero, CancellationToken.None);
Action waitForBoth = () => Task.WaitAll(serverTask, clientTask);
waitForBoth.ShouldThrow <AggregateException>();
// Client should throw a SecureTransportException because the timeout expired.
clientTask.IsFaulted.Should().BeTrue();
clientTask.Exception.InnerException.Should().BeOfType <SecureTransportException>();
}
public void TestClientCertificateSelectionCallback()
{
var certificates = GetLocalCertificates(2);
X509Certificate[] clientCertificates = new X509Certificate[] { certificates[0] };
X509Certificate[] serverCertificates = new X509Certificate[] { certificates[1] };
int port = TestSecureTransport.GetAvailablePort(10000);
var serverAcceptedClient = new ManualResetEventSlim();
var clientConnected = new ManualResetEventSlim();
var clientCertificateSelectionCallbackCalled = new ManualResetEventSlim();
var configuration = new SecureTransport.Configuration()
{
UseSecureConnection = true,
ClientCertificates = certificates,
ServerCertificates = serverCertificates,
CommunicationProtocolVersion = 1,
MustCheckCertificateTrustChain = false,
LocalCertificateSelectionCallback = (sender, targetHost, localCertificates, remoteCertificate, acceptableIssuers) =>
{
clientCertificateSelectionCallbackCalled.Set();
return(certificates[0]);
}
};
using (var server = CreateTransport(clientCertificates, serverCertificates))
using (var client = new SecureTransport(configuration, null, CancellationToken.None))
{
server.OnNewConnection = _ => serverAcceptedClient.Set();
client.OnNewConnection = _ => clientConnected.Set();
server.StartServer(port);
client.StartClient(new IPEndPoint(IPAddress.Loopback, port));
serverAcceptedClient.Wait(30000).Should().BeTrue();
// Client certificate selection callback must be called before
// the client accepts the connection.
clientCertificateSelectionCallbackCalled.Wait(3000).Should().BeTrue();
clientConnected.Wait(30000).Should().BeTrue();
}
}
public void TestNoClientCertificate()
{
var certificates = GetLocalCertificates(1);
X509Certificate[] serverCertificates = new X509Certificate[] { certificates[0] };
int port = TestSecureTransport.GetAvailablePort(10000);
Task <bool> serverTask = this.AcceptClient(null, serverCertificates, port);
Task <bool> clientTask = this.ConnectToServer(null, serverCertificates, port);
// Client task will not succeed because the test server certificate is self-signed
// and trust chain validation fails
clientTask.Result.Should().BeFalse();
try
{
serverTask.Result.Should().BeTrue();
}
catch (AggregateException ex)
{
Assert.IsTrue(ex.InnerException is IOException);
}
}
public void TestSuccessfulAuthentication()
{
var certificates = GetLocalCertificates(2);
X509Certificate[] clientCertificates = new X509Certificate[] { certificates[0] };
X509Certificate[] serverCertificates = new X509Certificate[] { certificates[1] };
int port = TestSecureTransport.GetAvailablePort(10000);
var serverAcceptedClient = new ManualResetEventSlim();
var clientConnected = new ManualResetEventSlim();
using (var server = CreateTransport(clientCertificates, serverCertificates))
using (var client = CreateTransport(clientCertificates, serverCertificates))
{
server.OnNewConnection = _ => serverAcceptedClient.Set();
client.OnNewConnection = _ => clientConnected.Set();
server.StartServer(port);
client.StartClient(new IPEndPoint(IPAddress.Loopback, port));
serverAcceptedClient.Wait(30000).Should().BeTrue();
clientConnected.Wait(30000).Should().BeTrue();
}
}
public void TestCancelAuthenticateAsClient()
{
var certificates = GetLocalCertificates(2);
X509Certificate[] clientCertificates = new X509Certificate[] { certificates[0] };
X509Certificate[] serverCertificates = new X509Certificate[] { certificates[1] };
using (var cancellationTokenSource = new CancellationTokenSource())
{
cancellationTokenSource.Cancel();
int port = TestSecureTransport.GetAvailablePort(10000);
Task <bool> serverTask = this.AcceptClient(clientCertificates, serverCertificates, port);
Task <bool> clientTask = this.ConnectToServer(clientCertificates, serverCertificates, port, Timeout.InfiniteTimeSpan, cancellationTokenSource.Token);
Action waitForBoth = () => Task.WaitAll(serverTask, clientTask);
waitForBoth.ShouldThrow <AggregateException>();
// Client should throw a SecureTransportException because the cancellation token has been cancelled.
clientTask.IsFaulted.Should().BeTrue();
clientTask.Exception.InnerException.Should().BeOfType <SecureTransportException>();
}
}
