public void ClientDefaultEncryption_ServerRequireEncryption_ConnectWithEncryption() { using (var serverRequireEncryption = new DummyTcpServer( new IPEndPoint(IPAddress.Loopback, 0), EncryptionPolicy.RequireEncryption)) using (var client = new TcpClient()) { client.Connect(serverRequireEncryption.RemoteEndPoint); using (var sslStream = new SslStream(client.GetStream(), false, AllowAnyServerCertificate, null)) { sslStream.AuthenticateAsClient("localhost", null, TestConfiguration.DefaultSslProtocols, false); _log.WriteLine("Client({0}) authenticated to server({1}) with encryption cipher: {2} {3}-bit strength", client.Client.LocalEndPoint, client.Client.RemoteEndPoint, sslStream.CipherAlgorithm, sslStream.CipherStrength); Assert.True(sslStream.CipherAlgorithm != CipherAlgorithmType.Null, "Cipher algorithm should not be NULL"); Assert.True(sslStream.CipherStrength > 0, "Cipher strength should be greater than 0"); } } }
public async Task ServerAllowNoEncryption_ClientRequireEncryption_ConnectWithEncryption() { using (var serverAllowNoEncryption = new DummyTcpServer( new IPEndPoint(IPAddress.Loopback, 0), EncryptionPolicy.AllowNoEncryption)) using (var client = new TcpClient()) { await client.ConnectAsync(serverAllowNoEncryption.RemoteEndPoint.Address, serverAllowNoEncryption.RemoteEndPoint.Port); using (var sslStream = new SslStream(client.GetStream(), false, AllowAnyServerCertificate, null, EncryptionPolicy.RequireEncryption)) { await sslStream.AuthenticateAsClientAsync("localhost", null, SslProtocolSupport.DefaultSslProtocols, false); _log.WriteLine("Client({0}) authenticated to server({1}) with encryption cipher: {2} {3}-bit strength", client.Client.LocalEndPoint, client.Client.RemoteEndPoint, sslStream.CipherAlgorithm, sslStream.CipherStrength); Assert.NotEqual(CipherAlgorithmType.Null, sslStream.CipherAlgorithm); Assert.True(sslStream.CipherStrength > 0); } } }
public async Task ServerNoEncryption_ClientNoEncryption_ConnectWithNoEncryption() { using (var serverNoEncryption = new DummyTcpServer( new IPEndPoint(IPAddress.Loopback, 0), EncryptionPolicy.NoEncryption)) using (var client = new TcpClient()) { await client.ConnectAsync(serverNoEncryption.RemoteEndPoint.Address, serverNoEncryption.RemoteEndPoint.Port); using (var sslStream = new SslStream(client.GetStream(), false, AllowAnyServerCertificate, null, EncryptionPolicy.NoEncryption)) { if (SupportsNullEncryption) { await sslStream.AuthenticateAsClientAsync("localhost", null, SslProtocolSupport.DefaultSslProtocols, false); _log.WriteLine("Client authenticated to server({0}) with encryption cipher: {1} {2}-bit strength", serverNoEncryption.RemoteEndPoint, sslStream.CipherAlgorithm, sslStream.CipherStrength); CipherAlgorithmType expected = CipherAlgorithmType.Null; Assert.Equal(expected, sslStream.CipherAlgorithm); Assert.Equal(0, sslStream.CipherStrength); } else { var ae = await Assert.ThrowsAsync <AuthenticationException>(() => sslStream.AuthenticateAsClientAsync("localhost", null, SslProtocolSupport.DefaultSslProtocols, false)); Assert.IsType <PlatformNotSupportedException>(ae.InnerException); } } } }
private async Task ClientAsyncSslHelper( EncryptionPolicy encryptionPolicy, SslProtocols clientSslProtocols, SslProtocols serverSslProtocols, RemoteCertificateValidationCallback certificateCallback = null) { _log.WriteLine("Server: " + serverSslProtocols + "; Client: " + clientSslProtocols); IPEndPoint endPoint = new IPEndPoint(IPAddress.Loopback, 0); using (var server = new DummyTcpServer(endPoint, encryptionPolicy)) using (var client = new TcpClient()) { server.SslProtocols = serverSslProtocols; // Use a different SNI for each connection to prevent TLS 1.3 renegotiation issue: https://github.com/dotnet/runtime/issues/47378 string serverName = TestHelper.GetTestSNIName(nameof(ClientAsyncSslHelper), clientSslProtocols, serverSslProtocols); await client.ConnectAsync(server.RemoteEndPoint.Address, server.RemoteEndPoint.Port); using (SslStream sslStream = new SslStream(client.GetStream(), false, certificateCallback != null ? certificateCallback : AllowAnyServerCertificate, null)) { Task clientAuthTask = sslStream.AuthenticateAsClientAsync(serverName, null, clientSslProtocols, false); await clientAuthTask.WaitAsync(TestConfiguration.PassingTestTimeout); _log.WriteLine("Client authenticated to server({0}) with encryption cipher: {1} {2}-bit strength", server.RemoteEndPoint, sslStream.CipherAlgorithm, sslStream.CipherStrength); Assert.True(sslStream.CipherAlgorithm != CipherAlgorithmType.Null, "Cipher algorithm should not be NULL"); Assert.True(sslStream.CipherStrength > 0, "Cipher strength should be greater than 0"); } } }
private void ClientAsyncSslHelper(EncryptionPolicy encryptionPolicy, SslProtocols clientSslProtocols, SslProtocols serverSslProtocols) { _log.WriteLine("Server: " + serverSslProtocols + "; Client: " + clientSslProtocols); IPEndPoint endPoint = new IPEndPoint(IPAddress.IPv6Loopback, 0); using (var server = new DummyTcpServer(endPoint, encryptionPolicy)) using (var client = new TcpClient(AddressFamily.InterNetworkV6)) { server.SslProtocols = serverSslProtocols; client.Connect(server.RemoteEndPoint); using (SslStream sslStream = new SslStream(client.GetStream(), false, AllowAnyServerCertificate, null)) { IAsyncResult async = sslStream.BeginAuthenticateAsClient("localhost", null, clientSslProtocols, false, null, null); Assert.True(async.AsyncWaitHandle.WaitOne(TestConfiguration.TestTimeoutSeconds * 1000), "Timed Out"); sslStream.EndAuthenticateAsClient(async); _log.WriteLine("Client({0}) authenticated to server({1}) with encryption cipher: {2} {3}-bit strength", client.Client.LocalEndPoint, client.Client.RemoteEndPoint, sslStream.CipherAlgorithm, sslStream.CipherStrength); Assert.True(sslStream.CipherAlgorithm != CipherAlgorithmType.Null, "Cipher algorithm should not be NULL"); Assert.True(sslStream.CipherStrength > 0, "Cipher strength should be greater than 0"); } } }
private async Task ClientAsyncSslHelper( EncryptionPolicy encryptionPolicy, SslProtocols clientSslProtocols, SslProtocols serverSslProtocols) { _log.WriteLine("Server: " + serverSslProtocols + "; Client: " + clientSslProtocols); IPEndPoint endPoint = new IPEndPoint(IPAddress.IPv6Loopback, 0); using (var server = new DummyTcpServer(endPoint, encryptionPolicy)) using (var client = new TcpClient(AddressFamily.InterNetworkV6)) { server.SslProtocols = serverSslProtocols; await client.ConnectAsync(server.RemoteEndPoint.Address, server.RemoteEndPoint.Port); using (SslStream sslStream = new SslStream(client.GetStream(), false, AllowAnyServerCertificate, null)) { Task clientAuthTask = sslStream.AuthenticateAsClientAsync("localhost", null, clientSslProtocols, false); await clientAuthTask.TimeoutAfter(TestConfiguration.PassingTestTimeoutMilliseconds); _log.WriteLine("Client authenticated to server({0}) with encryption cipher: {1} {2}-bit strength", server.RemoteEndPoint, sslStream.CipherAlgorithm, sslStream.CipherStrength); Assert.True(sslStream.CipherAlgorithm != CipherAlgorithmType.Null, "Cipher algorithm should not be NULL"); Assert.True(sslStream.CipherStrength > 0, "Cipher strength should be greater than 0"); } } }
public async Task ServerNoEncryption_ClientNoEncryption_ConnectWithNoEncryption() { using (var serverNoEncryption = new DummyTcpServer( new IPEndPoint(IPAddress.Loopback, 0), EncryptionPolicy.NoEncryption)) using (var client = new TcpClient()) { await client.ConnectAsync(serverNoEncryption.RemoteEndPoint.Address, serverNoEncryption.RemoteEndPoint.Port); using (var sslStream = new SslStream(client.GetStream(), false, AllowAnyServerCertificate, null, EncryptionPolicy.NoEncryption)) { if (SupportsNullEncryption) { await sslStream.AuthenticateAsClientAsync("localhost", null, SslProtocolSupport.DefaultSslProtocols, false); _log.WriteLine("Client authenticated to server({0}) with encryption cipher: {1} {2}-bit strength", serverNoEncryption.RemoteEndPoint, sslStream.CipherAlgorithm, sslStream.CipherStrength); CipherAlgorithmType expected = CipherAlgorithmType.Null; Assert.Equal(expected, sslStream.CipherAlgorithm); Assert.Equal(0, sslStream.CipherStrength); } else { var ae = await Assert.ThrowsAsync<AuthenticationException>(() => sslStream.AuthenticateAsClientAsync("localhost", null, SslProtocolSupport.DefaultSslProtocols, false)); Assert.IsType<PlatformNotSupportedException>(ae.InnerException); } } } }
public async Task SslStreamConstructor_BadEncryptionPolicy_ThrowException() { using (var _remoteServer = new DummyTcpServer( new IPEndPoint(IPAddress.Loopback, 0), EncryptionPolicy.RequireEncryption)) using (var client = new TcpClient()) { await client.ConnectAsync(_remoteServer.RemoteEndPoint.Address, _remoteServer.RemoteEndPoint.Port); Assert.Throws <ArgumentException>(() => { SslStream sslStream = new SslStream(client.GetStream(), false, AllowAnyServerCertificate, null, (EncryptionPolicy)100); }); } }
public async Task ServerRequireEncryption_ClientNoEncryption_NoConnect() { using (var serverRequireEncryption = new DummyTcpServer( new IPEndPoint(IPAddress.Loopback, 0), EncryptionPolicy.RequireEncryption)) using (var client = new TcpClient()) { await client.ConnectAsync(serverRequireEncryption.RemoteEndPoint.Address, serverRequireEncryption.RemoteEndPoint.Port); using (var sslStream = new SslStream(client.GetStream(), false, AllowAnyServerCertificate, null, EncryptionPolicy.NoEncryption)) { await Assert.ThrowsAsync<IOException>(() => sslStream.AuthenticateAsClientAsync("localhost", null, SslProtocolSupport.DefaultSslProtocols, false)); } } }
public void SslStreamConstructor_BadEncryptionPolicy_ThrowException() { using (var _remoteServer = new DummyTcpServer( new IPEndPoint(IPAddress.Loopback, 600), EncryptionPolicy.RequireEncryption)) using (var client = new TcpClient()) { client.Connect(_remoteServer.RemoteEndPoint); Assert.Throws<ArgumentException>(() => { SslStream sslStream = new SslStream(client.GetStream(), false, AllowAnyServerCertificate, null, (EncryptionPolicy)100); }); } }
public async Task ServerNoEncryption_ClientRequireEncryption_NoConnect() { using (var serverNoEncryption = new DummyTcpServer( new IPEndPoint(IPAddress.Loopback, 0), EncryptionPolicy.NoEncryption)) using (var client = new TcpClient()) { await client.ConnectAsync(serverNoEncryption.RemoteEndPoint.Address, serverNoEncryption.RemoteEndPoint.Port); using (var sslStream = new SslStream(client.GetStream(), false, AllowAnyServerCertificate, null, EncryptionPolicy.RequireEncryption)) { await Assert.ThrowsAsync <IOException>(() => sslStream.AuthenticateAsClientAsync("localhost", null, SslProtocolSupport.DefaultSslProtocols, false)); } } }
public async Task ServerRequireEncryption_ClientNoEncryption_NoConnect() { using (var serverRequireEncryption = new DummyTcpServer( new IPEndPoint(IPAddress.Loopback, 0), EncryptionPolicy.RequireEncryption)) using (var client = new TcpClient()) { await client.ConnectAsync(serverRequireEncryption.RemoteEndPoint.Address, serverRequireEncryption.RemoteEndPoint.Port); using (var sslStream = new SslStream(client.GetStream(), false, AllowAnyServerCertificate, null, EncryptionPolicy.NoEncryption)) { await Assert.ThrowsAsync(TestConfiguration.SupportsHandshakeAlerts?typeof(AuthenticationException) : typeof(IOException), () => sslStream.AuthenticateAsClientAsync("localhost", null, SslProtocols.Tls | SslProtocols.Tls11 | SslProtocols.Tls12, false)); } } }
public void ServerRequireEncryption_ClientNoEncryption_NoConnect() { using (var serverRequireEncryption = new DummyTcpServer( new IPEndPoint(IPAddress.Loopback, 0), EncryptionPolicy.RequireEncryption)) using (var client = new TcpClient()) { client.Connect(serverRequireEncryption.RemoteEndPoint); using (var sslStream = new SslStream(client.GetStream(), false, AllowAnyServerCertificate, null, EncryptionPolicy.NoEncryption)) { Assert.Throws <IOException>(() => { sslStream.AuthenticateAsClient("localhost", null, TestConfiguration.DefaultSslProtocols, false); }); } } }
public void ServerRequireEncryption_ClientNoEncryption_NoConnect() { using (var serverRequireEncryption = new DummyTcpServer( new IPEndPoint(IPAddress.Loopback, 0), EncryptionPolicy.RequireEncryption)) using (var client = new TcpClient()) { client.Connect(serverRequireEncryption.RemoteEndPoint); using (var sslStream = new SslStream(client.GetStream(), false, AllowAnyServerCertificate, null, EncryptionPolicy.NoEncryption)) { Assert.Throws<IOException>(() => { sslStream.AuthenticateAsClient("localhost", null, TestConfiguration.DefaultSslProtocols, false); }); } } }
public async Task TransportContext_ConnectToServerWithSsl_GetExpectedChannelBindings() { using (var testServer = new DummyTcpServer( new IPEndPoint(IPAddress.Loopback, 0), EncryptionPolicy.RequireEncryption)) using (var client = new TcpClient()) { await client.ConnectAsync(testServer.RemoteEndPoint.Address, testServer.RemoteEndPoint.Port); using (var sslStream = new SslStream(client.GetStream(), false, AllowAnyServerCertificate, null, EncryptionPolicy.RequireEncryption)) { await sslStream.AuthenticateAsClientAsync("localhost", null, SslProtocols.Tls, false); TransportContext context = sslStream.TransportContext; CheckTransportContext(context); } } }
public async Task ClientDefaultEncryption_ServerAllowNoEncryption_ConnectWithEncryption() { using (var serverAllowNoEncryption = new DummyTcpServer( new IPEndPoint(IPAddress.Loopback, 0), EncryptionPolicy.AllowNoEncryption)) using (var client = new TcpClient()) { await client.ConnectAsync(serverAllowNoEncryption.RemoteEndPoint.Address, serverAllowNoEncryption.RemoteEndPoint.Port); using (var sslStream = new SslStream(client.GetStream(), false, AllowAnyServerCertificate, null)) { await sslStream.AuthenticateAsClientAsync("localhost", null, SslProtocolSupport.DefaultSslProtocols, false); _log.WriteLine("Client authenticated to server({0}) with encryption cipher: {1} {2}-bit strength", serverAllowNoEncryption.RemoteEndPoint, sslStream.CipherAlgorithm, sslStream.CipherStrength); Assert.True(sslStream.CipherAlgorithm != CipherAlgorithmType.Null, "Cipher algorithm should not be NULL"); Assert.True(sslStream.CipherStrength > 0, "Cipher strength should be greater than 0"); } } }
public void ClientDefaultEncryption_ServerAllowNoEncryption_ConnectWithEncryption() { using (var serverAllowNoEncryption = new DummyTcpServer( new IPEndPoint(IPAddress.Loopback, 0), EncryptionPolicy.AllowNoEncryption)) using (var client = new TcpClient()) { client.Connect(serverAllowNoEncryption.RemoteEndPoint); using (var sslStream = new SslStream(client.GetStream(), false, AllowAnyServerCertificate, null)) { sslStream.AuthenticateAsClient("localhost", null, TestConfiguration.DefaultSslProtocols, false); _log.WriteLine("Client({0}) authenticated to server({1}) with encryption cipher: {2} {3}-bit strength", client.Client.LocalEndPoint, client.Client.RemoteEndPoint, sslStream.CipherAlgorithm, sslStream.CipherStrength); Assert.True(sslStream.CipherAlgorithm != CipherAlgorithmType.Null, "Cipher algorithm should not be NULL"); Assert.True(sslStream.CipherStrength > 0, "Cipher strength should be greater than 0"); } } }
public async Task ServerRequireEncryption_ClientAllowNoEncryption_ConnectWithEncryption() { using (var serverRequireEncryption = new DummyTcpServer( new IPEndPoint(IPAddress.Loopback, 0), EncryptionPolicy.RequireEncryption)) using (var client = new TcpClient()) { await client.ConnectAsync(serverRequireEncryption.RemoteEndPoint.Address, serverRequireEncryption.RemoteEndPoint.Port); using (var sslStream = new SslStream(client.GetStream(), false, AllowAnyServerCertificate, null, EncryptionPolicy.AllowNoEncryption)) { await sslStream.AuthenticateAsClientAsync("localhost", null, SslProtocolSupport.DefaultSslProtocols, false); _log.WriteLine("Client authenticated to server({0}) with encryption cipher: {1} {2}-bit strength", serverRequireEncryption.RemoteEndPoint, sslStream.CipherAlgorithm, sslStream.CipherStrength); Assert.True(sslStream.CipherAlgorithm != CipherAlgorithmType.Null, "Cipher algorithm should not be NULL"); Assert.True(sslStream.CipherStrength > 0, "Cipher strength should be greater than 0"); } } }
public async Task ServerAllowNoEncryption_ClientRequireEncryption_ConnectWithEncryption() { using (var serverAllowNoEncryption = new DummyTcpServer( new IPEndPoint(IPAddress.Loopback, 0), EncryptionPolicy.AllowNoEncryption)) using (var client = new TcpClient()) { await client.ConnectAsync(serverAllowNoEncryption.RemoteEndPoint.Address, serverAllowNoEncryption.RemoteEndPoint.Port); using (var sslStream = new SslStream(client.GetStream(), false, AllowAnyServerCertificate, null, EncryptionPolicy.RequireEncryption)) { sslStream.AuthenticateAsClient("localhost", null, SslProtocolSupport.DefaultSslProtocols, false); _log.WriteLine("Client({0}) authenticated to server({1}) with encryption cipher: {2} {3}-bit strength", client.Client.LocalEndPoint, client.Client.RemoteEndPoint, sslStream.CipherAlgorithm, sslStream.CipherStrength); Assert.NotEqual(CipherAlgorithmType.Null, sslStream.CipherAlgorithm); Assert.True(sslStream.CipherStrength > 0); } } }
public void ServerNoEncryption_ClientNoEncryption_ConnectWithNoEncryption() { using (var serverNoEncryption = new DummyTcpServer( new IPEndPoint(IPAddress.Loopback, 0), EncryptionPolicy.NoEncryption)) using (var client = new TcpClient()) { client.Connect(serverNoEncryption.RemoteEndPoint); using (var sslStream = new SslStream(client.GetStream(), false, AllowAnyServerCertificate, null, EncryptionPolicy.NoEncryption)) { sslStream.AuthenticateAsClient("localhost", null, TestConfiguration.DefaultSslProtocols, false); _log.WriteLine("Client({0}) authenticated to server({1}) with encryption cipher: {2} {3}-bit strength", client.Client.LocalEndPoint, client.Client.RemoteEndPoint, sslStream.CipherAlgorithm, sslStream.CipherStrength); CipherAlgorithmType expected = CipherAlgorithmType.Null; Assert.Equal(expected, sslStream.CipherAlgorithm); Assert.Equal(0, sslStream.CipherStrength); } } }
public void ServerAllowNoEncryption_ClientNoEncryption_ConnectWithNoEncryption() { using (var serverAllowNoEncryption = new DummyTcpServer( new IPEndPoint(IPAddress.Loopback, 0), EncryptionPolicy.AllowNoEncryption)) using (var client = new TcpClient()) { client.Connect(serverAllowNoEncryption.RemoteEndPoint); using (var sslStream = new SslStream(client.GetStream(), false, AllowAnyServerCertificate, null, EncryptionPolicy.NoEncryption)) { sslStream.AuthenticateAsClient("localhost", null, TestConfiguration.DefaultSslProtocols, false); _log.WriteLine("Client({0}) authenticated to server({1}) with encryption cipher: {2} {3}-bit strength", client.Client.LocalEndPoint, client.Client.RemoteEndPoint, sslStream.CipherAlgorithm, sslStream.CipherStrength); CipherAlgorithmType expected = CipherAlgorithmType.Null; Assert.Equal(expected, sslStream.CipherAlgorithm); Assert.Equal(0, sslStream.CipherStrength); } } }
public async Task ServerNoEncryption_ClientAllowNoEncryption_ConnectWithNoEncryption() { using (var serverNoEncryption = new DummyTcpServer( new IPEndPoint(IPAddress.Loopback, 0), EncryptionPolicy.NoEncryption)) using (var client = new TcpClient()) { await client.ConnectAsync(serverNoEncryption.RemoteEndPoint.Address, serverNoEncryption.RemoteEndPoint.Port); using (var sslStream = new SslStream(client.GetStream(), false, AllowAnyServerCertificate, null, EncryptionPolicy.AllowNoEncryption)) { await sslStream.AuthenticateAsClientAsync("localhost", null, SslProtocols.Tls | SslProtocols.Tls11 | SslProtocols.Tls12, false); _log.WriteLine("Client authenticated to server({0}) with encryption cipher: {1} {2}-bit strength", serverNoEncryption.RemoteEndPoint, sslStream.CipherAlgorithm, sslStream.CipherStrength); CipherAlgorithmType expected = CipherAlgorithmType.Null; Assert.Equal(expected, sslStream.CipherAlgorithm); Assert.Equal(0, sslStream.CipherStrength); } } }
private async Task ClientAsyncSslHelper(EncryptionPolicy encryptionPolicy, SslProtocols clientSslProtocols, SslProtocols serverSslProtocols) { _log.WriteLine("Server: " + serverSslProtocols + "; Client: " + clientSslProtocols); IPEndPoint endPoint = new IPEndPoint(IPAddress.IPv6Loopback, 0); using (var server = new DummyTcpServer(endPoint, encryptionPolicy)) using (var client = new TcpClient(AddressFamily.InterNetworkV6)) { server.SslProtocols = serverSslProtocols; await client.ConnectAsync(server.RemoteEndPoint.Address, server.RemoteEndPoint.Port); using (SslStream sslStream = new SslStream(client.GetStream(), false, AllowAnyServerCertificate, null)) { Task async = sslStream.AuthenticateAsClientAsync("localhost", null, clientSslProtocols, false); Assert.True(((IAsyncResult)async).AsyncWaitHandle.WaitOne(TestConfiguration.TestTimeoutSeconds * 1000), "Timed Out"); async.GetAwaiter().GetResult(); _log.WriteLine("Client({0}) authenticated to server({1}) with encryption cipher: {2} {3}-bit strength", client.Client.LocalEndPoint, client.Client.RemoteEndPoint, sslStream.CipherAlgorithm, sslStream.CipherStrength); Assert.True(sslStream.CipherAlgorithm != CipherAlgorithmType.Null, "Cipher algorithm should not be NULL"); Assert.True(sslStream.CipherStrength > 0, "Cipher strength should be greater than 0"); } } }