This repository has been archived by the owner on Jan 23, 2023. It is now read-only.
/
SslAuthenticationOptionsTest.cs
108 lines (99 loc) · 6.55 KB
/
SslAuthenticationOptionsTest.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
// Licensed to the .NET Foundation under one or more agreements.
// The .NET Foundation licenses this file to you under the MIT license.
// See the LICENSE file in the project root for more information.
using System.Collections.Generic;
using System.Net.Test.Common;
using System.Security.Cryptography.X509Certificates;
using System.Security.Authentication;
using System.Threading.Tasks;
using Xunit;
using System.Linq;
namespace System.Net.Security.Tests
{
using Configuration = System.Net.Test.Common.Configuration;
public class SslClientAuthenticationOptionsTest
{
[Fact]
public async Task ClientOptions_ServerOptions_NotMutatedDuringAuthentication()
{
using (X509Certificate2 clientCert = Configuration.Certificates.GetClientCertificate())
using (X509Certificate2 serverCert = Configuration.Certificates.GetServerCertificate())
{
// Values used to populate client options
bool clientAllowRenegotiation = false;
List<SslApplicationProtocol> clientAppProtocols = new List<SslApplicationProtocol> { SslApplicationProtocol.Http11 };
X509RevocationMode clientRevocation = X509RevocationMode.NoCheck;
X509CertificateCollection clientCertificates = new X509CertificateCollection() { clientCert };
SslProtocols clientSslProtocols = SslProtocols.Tls12;
EncryptionPolicy clientEncryption = EncryptionPolicy.RequireEncryption;
LocalCertificateSelectionCallback clientLocalCallback = new LocalCertificateSelectionCallback(delegate { return null; });
RemoteCertificateValidationCallback clientRemoteCallback = new RemoteCertificateValidationCallback(delegate { return true; });
string clientHost = serverCert.GetNameInfo(X509NameType.SimpleName, false);
// Values used to populate server options
bool serverAllowRenegotiation = true;
List<SslApplicationProtocol> serverAppProtocols = new List<SslApplicationProtocol> { SslApplicationProtocol.Http11, SslApplicationProtocol.Http2 };
X509RevocationMode serverRevocation = X509RevocationMode.NoCheck;
bool serverCertRequired = false;
SslProtocols serverSslProtocols = SslProtocols.Tls11 | SslProtocols.Tls12;
EncryptionPolicy serverEncryption = EncryptionPolicy.AllowNoEncryption;
RemoteCertificateValidationCallback serverRemoteCallback = new RemoteCertificateValidationCallback(delegate { return true; });
var network = new VirtualNetwork();
using (var client = new SslStream(new VirtualNetworkStream(network, isServer: false)))
using (var server = new SslStream(new VirtualNetworkStream(network, isServer: true)))
{
// Create client options
var clientOptions = new SslClientAuthenticationOptions
{
AllowRenegotiation = clientAllowRenegotiation,
ApplicationProtocols = clientAppProtocols,
CertificateRevocationCheckMode = clientRevocation,
ClientCertificates = clientCertificates,
EnabledSslProtocols = clientSslProtocols,
EncryptionPolicy = clientEncryption,
LocalCertificateSelectionCallback = clientLocalCallback,
RemoteCertificateValidationCallback = clientRemoteCallback,
TargetHost = clientHost
};
// Create server options
var serverOptions = new SslServerAuthenticationOptions
{
AllowRenegotiation = serverAllowRenegotiation,
ApplicationProtocols = serverAppProtocols,
CertificateRevocationCheckMode = serverRevocation,
ClientCertificateRequired = serverCertRequired,
EnabledSslProtocols = serverSslProtocols,
EncryptionPolicy = serverEncryption,
RemoteCertificateValidationCallback = serverRemoteCallback,
ServerCertificate = serverCert
};
// Authenticate
Task clientTask = client.AuthenticateAsClientAsync(clientOptions, default);
Task serverTask = server.AuthenticateAsServerAsync(serverOptions, default);
await new[] { clientTask, serverTask }.WhenAllOrAnyFailed();
// Validate that client options are unchanged
Assert.Equal(clientAllowRenegotiation, clientOptions.AllowRenegotiation);
Assert.Same(clientAppProtocols, clientOptions.ApplicationProtocols);
Assert.Equal(1, clientOptions.ApplicationProtocols.Count);
Assert.Equal(clientRevocation, clientOptions.CertificateRevocationCheckMode);
Assert.Same(clientCertificates, clientOptions.ClientCertificates);
Assert.Contains(clientCert, clientOptions.ClientCertificates.Cast<X509Certificate2>());
Assert.Equal(clientSslProtocols, clientOptions.EnabledSslProtocols);
Assert.Equal(clientEncryption, clientOptions.EncryptionPolicy);
Assert.Same(clientLocalCallback, clientOptions.LocalCertificateSelectionCallback);
Assert.Same(clientRemoteCallback, clientOptions.RemoteCertificateValidationCallback);
Assert.Same(clientHost, clientOptions.TargetHost);
// Validate that server options are unchanged
Assert.Equal(serverAllowRenegotiation, serverOptions.AllowRenegotiation);
Assert.Same(serverAppProtocols, serverOptions.ApplicationProtocols);
Assert.Equal(2, serverOptions.ApplicationProtocols.Count);
Assert.Equal(clientRevocation, serverOptions.CertificateRevocationCheckMode);
Assert.Equal(serverCertRequired, serverOptions.ClientCertificateRequired);
Assert.Equal(serverSslProtocols, serverOptions.EnabledSslProtocols);
Assert.Equal(serverEncryption, serverOptions.EncryptionPolicy);
Assert.Same(serverRemoteCallback, serverOptions.RemoteCertificateValidationCallback);
Assert.Same(serverCert, serverOptions.ServerCertificate);
}
}
}
}
}