Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

retire DummyTcpServer from SslStream tests #65876

Merged
merged 6 commits into from
Mar 4, 2022
Merged

retire DummyTcpServer from SslStream tests #65876

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
90df6df
retire DummyTcpServer from SslStream test
wfurt Feb 25, 2022
38ed1fd
fix build
wfurt Feb 25, 2022
33045d9
feedback from review
wfurt Mar 3, 2022
93b2968
Merge branch 'tcpDummy' of https://github.com/wfurt/runtime into tcpD…
wfurt Mar 3, 2022
755679f
Merge branch 'main' of https://github.com/dotnet/runtime into tcpDummy
wfurt Mar 3, 2022
a7ded0e
Merge branch 'main' of https://github.com/dotnet/runtime into tcpDummy
wfurt Mar 3, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions src/libraries/System.Net.Quic/tests/FunctionalTests/System.Net.Quic.Functional.Tests.csproj
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@
<Compile Include="$(CommonTestPath)System\Threading\Tasks\TaskTimeoutExtensions.cs" Link="TestCommon\System\Threading\Tasks\TaskTimeoutExtensions.cs" />
<Compile Include="$(CommonTestPath)TestUtilities\System\DisableParallelization.cs" Link="Common\TestUtilities\System\DisableParallelization.cs" />
<Compile Include="..\..\..\System.Net.Security\tests\FunctionalTests\TestHelper.cs" />
<Compile Include="..\..\..\System.Net.Security\tests\FunctionalTests\TestConfiguration.cs" />
</ItemGroup>
<ItemGroup>
<ProjectReference Include="$(CommonTestPath)StreamConformanceTests\StreamConformanceTests.csproj" />
Expand Down
52 changes: 37 additions & 15 deletions src/libraries/System.Net.Security/tests/FunctionalTests/ClientAsyncAuthenticateTest.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,6 @@
// The .NET Foundation licenses this file to you under the MIT license.

using System.Collections.Generic;
using System.IO;
using System.Net.Sockets;
using System.Net.Test.Common;
using System.Security.Authentication;
using System.Security.Cryptography.X509Certificates;
Expand Down Expand Up @@ -131,25 +129,49 @@ private async Task ClientAsyncSslHelper(
{
_log.WriteLine("Server: " + serverSslProtocols + "; Client: " + clientSslProtocols);

IPEndPoint endPoint = new IPEndPoint(IPAddress.Loopback, 0);
(SslStream client, SslStream server) = TestHelper.GetConnectedSslStreams();

using (var server = new DummyTcpServer(endPoint, encryptionPolicy))
using (var client = new TcpClient())
using (client)
using (server)
{
server.SslProtocols = serverSslProtocols;
// Use a different SNI for each connection to prevent TLS 1.3 renegotiation issue: https://github.com/dotnet/runtime/issues/47378
string serverName = TestHelper.GetTestSNIName(nameof(ClientAsyncSslHelper), clientSslProtocols, serverSslProtocols);

await client.ConnectAsync(server.RemoteEndPoint.Address, server.RemoteEndPoint.Port);
using (SslStream sslStream = new SslStream(client.GetStream(), false, certificateCallback != null ? certificateCallback : AllowAnyServerCertificate, null))
Task serverTask = default;
try
{
Task clientAuthTask = sslStream.AuthenticateAsClientAsync(serverName, null, clientSslProtocols, false);
await clientAuthTask.WaitAsync(TestConfiguration.PassingTestTimeout);

_log.WriteLine("Client authenticated to server({0}) with encryption cipher: {1} {2}-bit strength",
server.RemoteEndPoint, sslStream.CipherAlgorithm, sslStream.CipherStrength);
Assert.True(sslStream.CipherAlgorithm != CipherAlgorithmType.Null, "Cipher algorithm should not be NULL");
Assert.True(sslStream.CipherStrength > 0, "Cipher strength should be greater than 0");
Task clientTask = client.AuthenticateAsClientAsync(new SslClientAuthenticationOptions
{
EnabledSslProtocols = clientSslProtocols,
RemoteCertificateValidationCallback = AllowAnyServerCertificate,
TargetHost = serverName });
serverTask = server.AuthenticateAsServerAsync( new SslServerAuthenticationOptions
{
EncryptionPolicy = encryptionPolicy,
EnabledSslProtocols = serverSslProtocols,
ServerCertificate = TestConfiguration.ServerCertificate,
CertificateRevocationCheckMode = X509RevocationMode.NoCheck });

await clientTask.WaitAsync(TestConfiguration.PassingTestTimeout);

_log.WriteLine("Client authenticated to server with encryption cipher: {0} {1}-bit strength",
client.CipherAlgorithm, client.CipherStrength);
Assert.True(client.CipherAlgorithm != CipherAlgorithmType.Null, "Cipher algorithm should not be NULL");
Assert.True(client.CipherStrength > 0, "Cipher strength should be greater than 0");
}
finally
{
// make sure we signal server in case of client failures
client.Close();
try
{
await serverTask;
}
catch (Exception ex)
{
// We generally don't care about server but can log exception to help diagnose test failures
_log.WriteLine(ex.ToString());
}
}
}
}
Expand Down
84 changes: 43 additions & 41 deletions src/libraries/System.Net.Security/tests/FunctionalTests/ClientDefaultEncryptionTest.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,9 @@
// Licensed to the .NET Foundation under one or more agreements.
// The .NET Foundation licenses this file to you under the MIT license.

using System.IO;
using System.Net.Sockets;
using System.Net.Test.Common;
using System.Security.Authentication;
using System.Security.Cryptography.X509Certificates;
using System.Threading.Tasks;

using Xunit;
Expand All @@ -17,74 +15,78 @@ public class ClientDefaultEncryptionTest
{
private readonly ITestOutputHelper _log;

public ClientDefaultEncryptionTest()
public ClientDefaultEncryptionTest(ITestOutputHelper output)
{
_log = TestLogging.GetInstance();
}

// The following method is invoked by the RemoteCertificateValidationDelegate.
public bool AllowAnyServerCertificate(
object sender,
X509Certificate certificate,
X509Chain chain,
SslPolicyErrors sslPolicyErrors)
{
return true; // allow everything
_log = output;
}

[Fact]
public async Task ClientDefaultEncryption_ServerRequireEncryption_ConnectWithEncryption()
{
using (var serverRequireEncryption = new DummyTcpServer(
new IPEndPoint(IPAddress.Loopback, 0), EncryptionPolicy.RequireEncryption))
using (var client = new TcpClient())
(NetworkStream clientStream, NetworkStream serverStream) = TestHelper.GetConnectedTcpStreams();
using (clientStream)
using (serverStream)
{
await client.ConnectAsync(serverRequireEncryption.RemoteEndPoint.Address, serverRequireEncryption.RemoteEndPoint.Port);

using (var sslStream = new SslStream(client.GetStream(), false, AllowAnyServerCertificate, null))
using (var client = new SslStream(clientStream, false, TestHelper.AllowAnyServerCertificate, null))
using (var server = new SslStream(serverStream))
{
await sslStream.AuthenticateAsClientAsync("localhost", null, SslProtocolSupport.DefaultSslProtocols, false);
await TestConfiguration.WhenAllOrAnyFailedWithTimeout(
client.AuthenticateAsClientAsync("localhost", null, SslProtocolSupport.DefaultSslProtocols, false),
server.AuthenticateAsServerAsync(TestConfiguration.ServerCertificate));

_log.WriteLine("Client authenticated to server({0}) with encryption cipher: {1} {2}-bit strength",
serverRequireEncryption.RemoteEndPoint, sslStream.CipherAlgorithm, sslStream.CipherStrength);
Assert.True(sslStream.CipherAlgorithm != CipherAlgorithmType.Null, "Cipher algorithm should not be NULL");
Assert.True(sslStream.CipherStrength > 0, "Cipher strength should be greater than 0");
clientStream.Socket.RemoteEndPoint, client.CipherAlgorithm, client.CipherStrength) ;
Assert.True(client.CipherAlgorithm != CipherAlgorithmType.Null, "Cipher algorithm should not be NULL");
Assert.True(client.CipherStrength > 0, "Cipher strength should be greater than 0");
}
}
}

[Fact]
public async Task ClientDefaultEncryption_ServerAllowNoEncryption_ConnectWithEncryption()
{
using (var serverAllowNoEncryption = new DummyTcpServer(
new IPEndPoint(IPAddress.Loopback, 0), EncryptionPolicy.AllowNoEncryption))
using (var client = new TcpClient())
(NetworkStream clientStream, NetworkStream serverStream) = TestHelper.GetConnectedTcpStreams();
using (clientStream)
using (serverStream)
{
await client.ConnectAsync(serverAllowNoEncryption.RemoteEndPoint.Address, serverAllowNoEncryption.RemoteEndPoint.Port);

using (var sslStream = new SslStream(client.GetStream(), false, AllowAnyServerCertificate, null))
using (var client = new SslStream(clientStream, false, TestHelper.AllowAnyServerCertificate, null))
using (var server = new SslStream(serverStream))
{
await sslStream.AuthenticateAsClientAsync("localhost", null, SslProtocolSupport.DefaultSslProtocols, false);
await TestConfiguration.WhenAllOrAnyFailedWithTimeout(
client.AuthenticateAsClientAsync("localhost", null, SslProtocolSupport.DefaultSslProtocols, false),
server.AuthenticateAsServerAsync(TestConfiguration.ServerCertificate));

_log.WriteLine("Client authenticated to server({0}) with encryption cipher: {1} {2}-bit strength",
serverAllowNoEncryption.RemoteEndPoint, sslStream.CipherAlgorithm, sslStream.CipherStrength);
Assert.True(sslStream.CipherAlgorithm != CipherAlgorithmType.Null, "Cipher algorithm should not be NULL");
Assert.True(sslStream.CipherStrength > 0, "Cipher strength should be greater than 0");
clientStream.Socket.RemoteEndPoint, client.CipherAlgorithm, client.CipherStrength);
Assert.True(client.CipherAlgorithm != CipherAlgorithmType.Null, "Cipher algorithm should not be NULL");
Assert.True(client.CipherStrength > 0, "Cipher strength should be greater than 0");
}
}
}

[Fact]
public async Task ClientDefaultEncryption_ServerNoEncryption_NoConnect()
{
using (var serverNoEncryption = new DummyTcpServer(
new IPEndPoint(IPAddress.Loopback, 0), EncryptionPolicy.NoEncryption))
using (var client = new TcpClient())
(NetworkStream clientStream, NetworkStream serverStream) = TestHelper.GetConnectedTcpStreams();
using (clientStream)
using (serverStream)
{
await client.ConnectAsync(serverNoEncryption.RemoteEndPoint.Address, serverNoEncryption.RemoteEndPoint.Port);

using (var sslStream = new SslStream(client.GetStream(), false, AllowAnyServerCertificate, null))
using (var client = new SslStream(clientStream, false, TestHelper.AllowAnyServerCertificate, null))
using (var server = new SslStream(serverStream, false, TestHelper.AllowAnyServerCertificate, null, EncryptionPolicy.NoEncryption))
{
Task serverTask = server.AuthenticateAsServerAsync(TestConfiguration.ServerCertificate);
await Assert.ThrowsAsync<AuthenticationException>(() =>
sslStream.AuthenticateAsClientAsync("localhost", null, SslProtocolSupport.DefaultSslProtocols, false));
client.AuthenticateAsClientAsync("localhost", null, SslProtocolSupport.DefaultSslProtocols, false));
try
{
await serverTask.WaitAsync(TestConfiguration.PassingTestTimeout);
}
catch (Exception ex)
{
// serverTask will fail.
// We generally don't care but can log exception to help diagnose test failures
_log.WriteLine(ex.ToString());
}
}
}
}
Expand Down
Loading