public void SslStream_SendCertificateTrust_ThrowsOnUnsupportedPlatform() { (X509Certificate2 certificate, X509Certificate2Collection caCerts) = TestHelper.GenerateCertificates(nameof(SslStream_SendCertificateTrust_CertificateCollection)); using X509Store store = new X509Store("Root", StoreLocation.LocalMachine); Assert.Throws <PlatformNotSupportedException>(() => SslCertificateTrust.CreateForX509Collection(caCerts, sendTrustInHandshake: true)); Assert.Throws <PlatformNotSupportedException>(() => SslCertificateTrust.CreateForX509Store(store, sendTrustInHandshake: true)); }
public async Task SslStream_SendCertificateTrust_CertificateCollection() { (X509Certificate2 certificate, X509Certificate2Collection caCerts) = TestHelper.GenerateCertificates(nameof(SslStream_SendCertificateTrust_CertificateCollection)); SslCertificateTrust trust = SslCertificateTrust.CreateForX509Collection(caCerts, sendTrustInHandshake: true); string[] acceptableIssuers = await ConnectAndGatherAcceptableIssuers(trust); Assert.Equal(caCerts.Count, acceptableIssuers.Length); Assert.Equal(caCerts.Select(c => c.Subject), acceptableIssuers); }
public SslStreamNetworkStreamTest() { (_serverCert, _serverChain) = TestHelper.GenerateCertificates("localhost", this.GetType().Name); }
static SslStreamNetworkStreamTest() { TestHelper.CleanupCertificates(nameof(SslStreamNetworkStreamTest)); (_serverCert, _serverChain) = TestHelper.GenerateCertificates("localhost", nameof(SslStreamNetworkStreamTest)); }
public SslStreamNetworkStreamTest() { (_serverCert, _serverChain) = TestHelper.GenerateCertificates("localhost"); }
public async Task SslStream_ClientCertificate_SendsChain() { List <SslStream> streams = new List <SslStream>(); TestHelper.CleanupCertificates(); (X509Certificate2 clientCertificate, X509Certificate2Collection clientChain) = TestHelper.GenerateCertificates("SslStream_ClinetCertificate_SendsChain", serverCertificate: false); using (X509Store store = new X509Store(StoreName.CertificateAuthority, StoreLocation.CurrentUser)) { // add chain certificate so we can construct chain since there is no way how to pass intermediates directly. store.Open(OpenFlags.ReadWrite); store.AddRange(clientChain); store.Close(); } using (var chain = new X509Chain()) { chain.ChainPolicy.VerificationFlags = X509VerificationFlags.AllFlags; chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck; chain.ChainPolicy.DisableCertificateDownloads = false; bool chainStatus = chain.Build(clientCertificate); // Verify we can construct full chain if (chain.ChainElements.Count < clientChain.Count) { throw new SkipTestException($"chain cannot be built {chain.ChainElements.Count}"); } } var clientOptions = new SslClientAuthenticationOptions() { TargetHost = "localhost", }; clientOptions.RemoteCertificateValidationCallback = (sender, certificate, chain, sslPolicyErrors) => true; clientOptions.LocalCertificateSelectionCallback = (sender, target, certificates, remoteCertificate, issuers) => clientCertificate; var serverOptions = new SslServerAuthenticationOptions() { ClientCertificateRequired = true }; serverOptions.ServerCertificateContext = SslStreamCertificateContext.Create(Configuration.Certificates.GetServerCertificate(), null); serverOptions.RemoteCertificateValidationCallback = (sender, certificate, chain, sslPolicyErrors) => { // Client should send chain without root CA. There is no good way how to know if the chain was built from certificates // from wire or from system store. However, SslStream adds certificates from wire to ExtraStore in RemoteCertificateValidationCallback. // So we verify the operation by checking the ExtraStore. On Windows, that includes leaf itself. _output.WriteLine("RemoteCertificateValidationCallback called with {0} and {1} extra certificates", sslPolicyErrors, chain.ChainPolicy.ExtraStore.Count); foreach (X509Certificate c in chain.ChainPolicy.ExtraStore) { _output.WriteLine("received {0}", c.Subject); } Assert.True(chain.ChainPolicy.ExtraStore.Count >= clientChain.Count - 1, "client did not sent expected chain"); return(true); }; // run the test multiple times while holding established SSL so we could hit credential cache. for (int i = 0; i < 3; i++) { (Stream clientStream, Stream serverStream) = TestHelper.GetConnectedStreams(); SslStream client = new SslStream(clientStream); SslStream server = new SslStream(serverStream); Task t1 = client.AuthenticateAsClientAsync(clientOptions, CancellationToken.None); Task t2 = server.AuthenticateAsServerAsync(serverOptions, CancellationToken.None); await Task.WhenAll(t1, t2).WaitAsync(TestConfiguration.PassingTestTimeout); // hold to the streams so they stay in credential cache streams.Add(client); streams.Add(server); } TestHelper.CleanupCertificates(); clientCertificate.Dispose(); foreach (X509Certificate c in clientChain) { c.Dispose(); } foreach (SslStream s in streams) { s.Dispose(); } }
public CertificateSetup() { TestHelper.CleanupCertificates(nameof(SslStreamNetworkStreamTest)); (serverCert, serverChain) = TestHelper.GenerateCertificates("localhost", nameof(SslStreamNetworkStreamTest), longChain: true); }
public void SslStream_SendCertificateTrust_CertificateCollection_ThrowsOnWindows() { (X509Certificate2 certificate, X509Certificate2Collection caCerts) = TestHelper.GenerateCertificates(nameof(SslStream_SendCertificateTrust_CertificateCollection)); Assert.Throws <PlatformNotSupportedException>(() => SslCertificateTrust.CreateForX509Collection(caCerts, sendTrustInHandshake: true)); }