This repository has been archived by the owner on Jan 23, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 5k
/
ClientDefaultEncryptionTest.cs
93 lines (82 loc) · 4.28 KB
/
ClientDefaultEncryptionTest.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
// Licensed to the .NET Foundation under one or more agreements.
// The .NET Foundation licenses this file to you under the MIT license.
// See the LICENSE file in the project root for more information.
using System.IO;
using System.Net.Sockets;
using System.Net.Test.Common;
using System.Security.Authentication;
using System.Security.Cryptography.X509Certificates;
using System.Threading.Tasks;
using Xunit;
using Xunit.Abstractions;
namespace System.Net.Security.Tests
{
public class ClientDefaultEncryptionTest
{
private readonly ITestOutputHelper _log;
public ClientDefaultEncryptionTest()
{
_log = TestLogging.GetInstance();
}
// The following method is invoked by the RemoteCertificateValidationDelegate.
public bool AllowAnyServerCertificate(
object sender,
X509Certificate certificate,
X509Chain chain,
SslPolicyErrors sslPolicyErrors)
{
return true; // allow everything
}
[Fact]
public async Task ClientDefaultEncryption_ServerRequireEncryption_ConnectWithEncryption()
{
using (var serverRequireEncryption = new DummyTcpServer(
new IPEndPoint(IPAddress.Loopback, 0), EncryptionPolicy.RequireEncryption))
using (var client = new TcpClient())
{
await client.ConnectAsync(serverRequireEncryption.RemoteEndPoint.Address, serverRequireEncryption.RemoteEndPoint.Port);
using (var sslStream = new SslStream(client.GetStream(), false, AllowAnyServerCertificate, null))
{
await sslStream.AuthenticateAsClientAsync("localhost", null, SslProtocolSupport.DefaultSslProtocols, false);
_log.WriteLine("Client authenticated to server({0}) with encryption cipher: {1} {2}-bit strength",
serverRequireEncryption.RemoteEndPoint, sslStream.CipherAlgorithm, sslStream.CipherStrength);
Assert.True(sslStream.CipherAlgorithm != CipherAlgorithmType.Null, "Cipher algorithm should not be NULL");
Assert.True(sslStream.CipherStrength > 0, "Cipher strength should be greater than 0");
}
}
}
[Fact]
public async Task ClientDefaultEncryption_ServerAllowNoEncryption_ConnectWithEncryption()
{
using (var serverAllowNoEncryption = new DummyTcpServer(
new IPEndPoint(IPAddress.Loopback, 0), EncryptionPolicy.AllowNoEncryption))
using (var client = new TcpClient())
{
await client.ConnectAsync(serverAllowNoEncryption.RemoteEndPoint.Address, serverAllowNoEncryption.RemoteEndPoint.Port);
using (var sslStream = new SslStream(client.GetStream(), false, AllowAnyServerCertificate, null))
{
await sslStream.AuthenticateAsClientAsync("localhost", null, SslProtocolSupport.DefaultSslProtocols, false);
_log.WriteLine("Client authenticated to server({0}) with encryption cipher: {1} {2}-bit strength",
serverAllowNoEncryption.RemoteEndPoint, sslStream.CipherAlgorithm, sslStream.CipherStrength);
Assert.True(sslStream.CipherAlgorithm != CipherAlgorithmType.Null, "Cipher algorithm should not be NULL");
Assert.True(sslStream.CipherStrength > 0, "Cipher strength should be greater than 0");
}
}
}
[Fact]
public async Task ClientDefaultEncryption_ServerNoEncryption_NoConnect()
{
using (var serverNoEncryption = new DummyTcpServer(
new IPEndPoint(IPAddress.Loopback, 0), EncryptionPolicy.NoEncryption))
using (var client = new TcpClient())
{
await client.ConnectAsync(serverNoEncryption.RemoteEndPoint.Address, serverNoEncryption.RemoteEndPoint.Port);
using (var sslStream = new SslStream(client.GetStream(), false, AllowAnyServerCertificate, null))
{
await Assert.ThrowsAsync<IOException>(() =>
sslStream.AuthenticateAsClientAsync("localhost", null, SslProtocolSupport.DefaultSslProtocols, false));
}
}
}
}
}