public async Task AuthenticateAsync_IdentityWithWildcardCertificateWithSanDomain_ReturnsRootAuthority()
{
// Arrange
var clientIdentity = new Identity("client", "fakedomain.local");
var clientCertificate = CertificateUtil.CreateSelfSignedCertificate(
clientIdentity.Domain, $"*.{clientIdentity.Domain}");
var clientTransport = new TcpTransport(
_envelopeSerializer.Object,
clientCertificate,
serverCertificateValidationCallback:
(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) =>
{
return(true);
});
await clientTransport.OpenAsync(_serverUri, _cancellationToken);
var serverTransport = await _tcpListener.AcceptTransportAsync(_cancellationToken);
await serverTransport.OpenAsync(_serverUri, _cancellationToken);
await Task.WhenAll(
serverTransport.SetEncryptionAsync(SessionEncryption.TLS, _cancellationToken),
clientTransport.SetEncryptionAsync(SessionEncryption.TLS, _cancellationToken));
// Act
var actual = await((IAuthenticatableTransport)serverTransport).AuthenticateAsync(clientIdentity);
// Assert
actual.ShouldBe(DomainRole.RootAuthority);
}
public async Task AuthenticateAsync_ValidClientRootAuthorityCertificateWithSubDomain_ReturnsAuthority()
{
// Arrange
var clientIdentity = Identity.Parse("*****@*****.**");
var clientCertificate = CertificateUtil.CreateSelfSignedCertificate(
$"*.{clientIdentity.Domain.TrimFirstDomainLabel()}");
var clientTransport = new TcpTransport(
_envelopeSerializer.Object,
clientCertificate,
serverCertificateValidationCallback:
(sender, certificate, chain, sslPolicyErrors) => true);
await clientTransport.OpenAsync(_serverUri, _cancellationToken);
var serverTransport = await _tcpListener.AcceptTransportAsync(_cancellationToken);
await serverTransport.OpenAsync(_serverUri, _cancellationToken);
await Task.WhenAll(
serverTransport.SetEncryptionAsync(SessionEncryption.TLS, _cancellationToken),
clientTransport.SetEncryptionAsync(SessionEncryption.TLS, _cancellationToken));
// Act
var actual = await((IAuthenticatableTransport)serverTransport).AuthenticateAsync(clientIdentity);
// Assert
actual.ShouldBe(DomainRole.Authority);
}
public async Task AuthenticateAsync_OtherDomainCertificate_ReturnsUnknown()
{
// Arrange
var clientIdentity = new Identity("client", "fakedomain.local");
var clientCertificate = CertificateUtil.CreateSelfSignedCertificate(clientIdentity.Domain);
var clientTransport = new TcpTransport(
_envelopeSerializer.Object,
clientCertificate,
serverCertificateValidationCallback:
(sender, certificate, chain, sslPolicyErrors) =>
{
return(true);
});
await clientTransport.OpenAsync(_serverUri, _cancellationToken);
var serverTransport = await _tcpListener.AcceptTransportAsync(_cancellationToken);
await serverTransport.OpenAsync(_serverUri, _cancellationToken);
await Task.WhenAll(
serverTransport.SetEncryptionAsync(SessionEncryption.TLS, _cancellationToken),
clientTransport.SetEncryptionAsync(SessionEncryption.TLS, _cancellationToken));
var otherClientIdentity = Identity.Parse("*****@*****.**");
// Act
var actual = await((IAuthenticatableTransport)serverTransport).AuthenticateAsync(otherClientIdentity);
// Assert
actual.ShouldBe(DomainRole.Unknown);
}
