public async Task Tls_Mutual_CanAuthenticate() { var serverTlsConfig = new EpoxyServerTlsConfig( testServerCert, checkCertificateRevocation: false, clientCertificateRequired: true, remoteCertificateValidationCallback: EnsureRootedWithTestCertificate ); var clientTlsConfig = new EpoxyClientTlsConfig( certificate: testClientCert, checkCertificateRevocation: false, remoteCertificateValidationCallback: EnsureRootedWithTestCertificate); var transport = new EpoxyTransportBuilder() .SetResolver(ResolveEverythingToLocalhost) .SetServerTlsConfig(serverTlsConfig) .SetClientTlsConfig(clientTlsConfig) .Construct(); transports.Add(transport); var listener = transport.MakeListener(new IPEndPoint(IPAddress.Loopback, EpoxyTransport.DefaultSecurePort)); listener.AddService(new DummyTestService()); await listener.StartAsync(); EpoxyConnection clientConnection = await transport.ConnectToAsync("epoxys://bond-test-server1"); var proxy = new DummyTestProxy <EpoxyConnection>(clientConnection); await AssertRequestResponseWorksAsync(proxy); }
public async Task Tls_ServerBadCert_ConnectionFails() { var serverTlsConfig = new EpoxyServerTlsConfig(testServerCert, checkCertificateRevocation: false); var serverTransport = new EpoxyTransportBuilder().SetServerTlsConfig(serverTlsConfig) .Construct(); transports.Add(serverTransport); var listener = serverTransport.MakeListener(new IPEndPoint(IPAddress.Loopback, EpoxyTransport.DefaultSecurePort)); listener.AddService(new DummyTestService()); await listener.StartAsync(); var clientTlsConfig = new EpoxyClientTlsConfig( checkCertificateRevocation: false, // Intentionally set this to null so that the client gets an // invalid certificate. If this test passes on your machine, // it's probably because you've installed the Bond test root // certificate as a trusted root. This certificate cannot be // trusted, so you should uninstall it. remoteCertificateValidationCallback: null); var clientTransport = new EpoxyTransportBuilder() .SetResolver(ResolveEverythingToLocalhost) .SetClientTlsConfig(clientTlsConfig) .Construct(); transports.Add(clientTransport); Assert.Throws <AuthenticationException>(async() => await clientTransport.ConnectToAsync("epoxys://bond-test-server1")); }
public async Task Tls_MutualNoClientCert_ProxyDoesNotWork() { var serverTlsConfig = new EpoxyServerTlsConfig( testServerCert, checkCertificateRevocation: false, clientCertificateRequired: true, remoteCertificateValidationCallback: EnsureRootedWithTestCertificate ); var clientTlsConfig = new EpoxyClientTlsConfig(certificate: null, checkCertificateRevocation: false, remoteCertificateValidationCallback: EnsureRootedWithTestCertificate); var transport = new EpoxyTransportBuilder() .SetResolver(ResolveEverythingToLocalhost) .SetServerTlsConfig(serverTlsConfig) .SetClientTlsConfig(clientTlsConfig) .Construct(); listener = transport.MakeListener(new IPEndPoint(IPAddress.Loopback, EpoxyTransport.DefaultSecurePort)); listener.AddService(new DummyTestService()); await listener.StartAsync(); try { // The .NET SslStream implementation currently does not give us // a way to signal during TLS handshaking that the server is // rejecting the connection. Instead, we have to RST the // underlying socket. With Epoxy's current implementation, this // can't reliably be detected at connection time. So we attempt // to exercise the connection using a proxy and expect that to fail. EpoxyConnection clientConnection = await transport.ConnectToAsync("epoxys://bond-test-server1"); var proxy = new DummyTestProxy <EpoxyConnection>(clientConnection); await AssertRequestResponseWorksAsync(proxy); } catch (Exception ex) when(ex is InvalidOperationException || ex is AuthenticationException) { // An expected exception type, depending on timing, so pass the // test. } catch (Exception ex) { Assert.Fail("Unexpected exception of type {0}: {1}", ex.GetType(), ex); } finally { await transport.StopAsync(); } }
static async Task MainAsync(X509Certificate2 serverCertificate) { var tlsConfig = new EpoxyServerTlsConfig(serverCertificate); EpoxyTransport transport = new EpoxyTransportBuilder().SetServerTlsConfig(tlsConfig).Construct(); await StartServiceListenersAsync(transport); var connection = await transport.ConnectToAsync("epoxys://localhost"); var proxy = new SimpleProxy <EpoxyConnection>(connection); IMessage <SimpleResult> response = await proxy.SimpleMethodAsync(); PrintResponse(response); }