huahaofeng
/
aspnetcore
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fix merge formatting issues and cross plat tests

This commit is contained in:
Pavel Krymets 2016-05-26 10:34:25 -07:00
parent 71ecf5612f
commit ef8b0a90d8
1 changed files with 141 additions and 137 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

278
test/Microsoft.AspNetCore.Server.KestrelTests/HttpsConnectionFilterTests.cs
View File

@ -21,15 +21,13 @@ using Xunit;
namespace Microsoft.AspNetCore.Server.KestrelTests
{
public class HttpsConnectionFilterTests: IDisposable
public class HttpsConnectionFilterTests : IDisposable
{
private static string _serverAddress = "https://127.0.0.1:0/";
private static RemoteCertificateValidationCallback _alwaysValidCallback =
(sender, cert, chain, sslPolicyErrors) => true;
private static X509Certificate2 _x509Certificate2 = new X509Certificate2(@"TestResources/testCert.pfx", "testPassword");
private HttpMessageHandler _handler;
#if NET451
static HttpsConnectionFilterTests()
{
@ -43,21 +41,16 @@ namespace Microsoft.AspNetCore.Server.KestrelTests
public HttpsConnectionFilterTests()
{
#if NET451
_handler = new HttpClientHandler();
ServicePointManager.ServerCertificateValidationCallback += _alwaysValidCallback;
#else
var handler = new WinHttpHandler();
handler.ServerCertificateValidationCallback += (sender, cert, chain, sslPolicyErrors) => true;
_handler = handler;
#endif
}
public void Dispose()
{
{
#if NET451
ServicePointManager.ServerCertificateValidationCallback -= _alwaysValidCallback;
#endif
}
}
// https://github.com/aspnet/KestrelHttpServer/issues/240
// This test currently fails on mono because of an issue with SslStream.
@ -66,88 +59,88 @@ namespace Microsoft.AspNetCore.Server.KestrelTests
[OSSkipCondition(OperatingSystems.MacOSX, SkipReason = "WinHttpHandler not available on non-Windows.")]
public async Task CanReadAndWriteWithHttpsConnectionFilter()
{
var serviceContext = new TestServiceContext(new HttpsConnectionFilter(
new HttpsConnectionFilterOptions
var serviceContext = new TestServiceContext(new HttpsConnectionFilter(
new HttpsConnectionFilterOptions
{ ServerCertificate = _x509Certificate2 },
new NoOpConnectionFilter())
);
new NoOpConnectionFilter())
);
using (var server = new TestServer(App, serviceContext, _serverAddress))
{
using (var client = new HttpClient(GetHandler()))
{
using (var client = new HttpClient(_handler))
{
var result = await client.PostAsync($"https://localhost:{server.Port}/", new FormUrlEncodedContent(new[] {
var result = await client.PostAsync($"https://localhost:{server.Port}/", new FormUrlEncodedContent(new[] {
new KeyValuePair<string, string>("content", "Hello World?")
}));
Assert.Equal("content=Hello+World%3F", await result.Content.ReadAsStringAsync());
}
Assert.Equal("content=Hello+World%3F", await result.Content.ReadAsStringAsync());
}
}
}
[ConditionalFact]
[OSSkipCondition(OperatingSystems.Linux, SkipReason = "WinHttpHandler not available on non-Windows.")]
[OSSkipCondition(OperatingSystems.MacOSX, SkipReason = "WinHttpHandler not available on non-Windows.")]
public async Task RequireCertificateFailsWhenNoCertificate()
{
var serviceContext = new TestServiceContext(new HttpsConnectionFilter(
new HttpsConnectionFilterOptions
{
var serviceContext = new TestServiceContext(new HttpsConnectionFilter(
new HttpsConnectionFilterOptions
{
ServerCertificate = _x509Certificate2,
ClientCertificateMode = ClientCertificateMode.RequireCertificate
},
new NoOpConnectionFilter())
);
ClientCertificateMode = ClientCertificateMode.RequireCertificate
},
new NoOpConnectionFilter())
);
using (var server = new TestServer(App, serviceContext, _serverAddress))
{
using (var client = new HttpClient(GetHandler()))
{
using (var client = new HttpClient(_handler))
{
await Assert.ThrowsAnyAsync<Exception>(
() => client.GetAsync($"https://localhost:{server.Port}/"));
}
await Assert.ThrowsAnyAsync<Exception>(
() => client.GetAsync($"https://localhost:{server.Port}/"));
}
}
}
[ConditionalFact]
[OSSkipCondition(OperatingSystems.Linux, SkipReason = "WinHttpHandler not available on non-Windows.")]
[OSSkipCondition(OperatingSystems.MacOSX, SkipReason = "WinHttpHandler not available on non-Windows.")]
public async Task AllowCertificateContinuesWhenNoCertificate()
{
var serviceContext = new TestServiceContext(new HttpsConnectionFilter(
new HttpsConnectionFilterOptions
{
ServerCertificate = _x509Certificate2,
ClientCertificateMode = ClientCertificateMode.AllowCertificate
},
new NoOpConnectionFilter())
);
RequestDelegate app = context =>
var serviceContext = new TestServiceContext(new HttpsConnectionFilter(
new HttpsConnectionFilterOptions
{
Assert.Equal(context.Features.Get<ITlsConnectionFeature>(), null);
return context.Response.WriteAsync("hello world");
};
ServerCertificate = _x509Certificate2,
ClientCertificateMode = ClientCertificateMode.AllowCertificate
},
new NoOpConnectionFilter())
);
RequestDelegate app = context =>
{
Assert.Equal(context.Features.Get<ITlsConnectionFeature>(), null);
return context.Response.WriteAsync("hello world");
};
using (var server = new TestServer(app, serviceContext, _serverAddress))
{
using (var client = new HttpClient(GetHandler()))
{
using (var client = new HttpClient(_handler))
{
var result = await client.GetAsync($"https://localhost:{server.Port}/");
var result = await client.GetAsync($"https://localhost:{server.Port}/");
Assert.Equal("hello world", await result.Content.ReadAsStringAsync());
}
Assert.Equal("hello world", await result.Content.ReadAsStringAsync());
}
}
}
[Fact]
public void ThrowsWhenNoServerCertificateIsProvided()
{
{
Assert.Throws<ArgumentException>(() => new HttpsConnectionFilter(
new HttpsConnectionFilterOptions(),
new NoOpConnectionFilter())
);
}
}
[Fact]
public async Task UsesProvidedServerCertificate()
@ -179,103 +172,103 @@ namespace Microsoft.AspNetCore.Server.KestrelTests
[Fact]
public async Task CertificatePassedToHttpContext()
{
var serviceContext = new TestServiceContext(new HttpsConnectionFilter(
new HttpsConnectionFilterOptions
{
ServerCertificate = _x509Certificate2,
ClientCertificateMode = ClientCertificateMode.RequireCertificate,
ClientCertificateValidation = (certificate, chain, sslPolicyErrors) => true
},
new NoOpConnectionFilter())
);
RequestDelegate app = context =>
var serviceContext = new TestServiceContext(new HttpsConnectionFilter(
new HttpsConnectionFilterOptions
{
var tlsFeature = context.Features.Get<ITlsConnectionFeature>();
Assert.NotNull(tlsFeature);
Assert.NotNull(tlsFeature.ClientCertificate);
Assert.NotNull(context.Connection.ClientCertificate);
return context.Response.WriteAsync("hello world");
};
ServerCertificate = _x509Certificate2,
ClientCertificateMode = ClientCertificateMode.RequireCertificate,
ClientCertificateValidation = (certificate, chain, sslPolicyErrors) => true
},
new NoOpConnectionFilter())
);
RequestDelegate app = context =>
{
var tlsFeature = context.Features.Get<ITlsConnectionFeature>();
Assert.NotNull(tlsFeature);
Assert.NotNull(tlsFeature.ClientCertificate);
Assert.NotNull(context.Connection.ClientCertificate);
return context.Response.WriteAsync("hello world");
};
using (var server = new TestServer(app, serviceContext, _serverAddress))
{
{
using (var client = new TcpClient())
{
// SslStream is used to ensure the certificate is actually passed to the server
// HttpClient might not send the certificate because it is invalid or it doesn't match any
// of the certificate authorities sent by the server in the SSL handshake.
var stream = await OpenSslStream(client, server);
await stream.AuthenticateAsClientAsync("localhost", new X509CertificateCollection(), SslProtocols.Tls12 | SslProtocols.Tls11, false);
await stream.AuthenticateAsClientAsync("localhost", new X509CertificateCollection(), SslProtocols.Tls12 | SslProtocols.Tls11, false);
await AssertConnectionResult(stream, true);
}
}
}
}
[ConditionalFact]
[OSSkipCondition(OperatingSystems.Linux, SkipReason = "WinHttpHandler not available on non-Windows.")]
[OSSkipCondition(OperatingSystems.MacOSX, SkipReason = "WinHttpHandler not available on non-Windows.")]
public async Task HttpsSchemePassedToRequestFeature()
{
var serviceContext = new TestServiceContext(
new HttpsConnectionFilter(
new HttpsConnectionFilterOptions
{
var serviceContext = new TestServiceContext(
new HttpsConnectionFilter(
new HttpsConnectionFilterOptions
{
ServerCertificate = _x509Certificate2
},
new NoOpConnectionFilter())
);
},
new NoOpConnectionFilter())
);
RequestDelegate app = context => context.Response.WriteAsync(context.Request.Scheme);
RequestDelegate app = context => context.Response.WriteAsync(context.Request.Scheme);
using (var server = new TestServer(app, serviceContext, _serverAddress))
{
using (var client = new HttpClient(GetHandler()))
{
using (var client = new HttpClient(_handler))
{
var result = await client.GetAsync($"https://localhost:{server.Port}/");
var result = await client.GetAsync($"https://localhost:{server.Port}/");
Assert.Equal("https", await result.Content.ReadAsStringAsync());
}
Assert.Equal("https", await result.Content.ReadAsStringAsync());
}
}
}
[Fact]
public async Task DoesNotSupportTls10()
{
var serviceContext = new TestServiceContext(new HttpsConnectionFilter(
new HttpsConnectionFilterOptions
{
ServerCertificate = _x509Certificate2,
ClientCertificateMode = ClientCertificateMode.RequireCertificate,
ClientCertificateValidation = (certificate, chain, sslPolicyErrors) => true
},
new NoOpConnectionFilter())
);
RequestDelegate app = context =>
var serviceContext = new TestServiceContext(new HttpsConnectionFilter(
new HttpsConnectionFilterOptions
{
return context.Response.WriteAsync("hello world");
};
ServerCertificate = _x509Certificate2,
ClientCertificateMode = ClientCertificateMode.RequireCertificate,
ClientCertificateValidation = (certificate, chain, sslPolicyErrors) => true
},
new NoOpConnectionFilter())
);
RequestDelegate app = context =>
{
return context.Response.WriteAsync("hello world");
};
using (var server = new TestServer(app, serviceContext, _serverAddress))
{
// SslStream is used to ensure the certificate is actually passed to the server
// HttpClient might not send the certificate because it is invalid or it doesn't match any
// of the certificate authorities sent by the server in the SSL handshake.
using (var client = new TcpClient())
{
// SslStream is used to ensure the certificate is actually passed to the server
// HttpClient might not send the certificate because it is invalid or it doesn't match any
// of the certificate authorities sent by the server in the SSL handshake.
using (var client = new TcpClient())
{
var stream = await OpenSslStream(client, server);
var ex = await Assert.ThrowsAsync(typeof(IOException), async () =>
await stream.AuthenticateAsClientAsync("localhost", new X509CertificateCollection(), SslProtocols.Tls, false));
}
var ex = await Assert.ThrowsAsync(typeof(IOException),
async () => await stream.AuthenticateAsClientAsync("localhost", new X509CertificateCollection(), SslProtocols.Tls, false));
}
}
}
[Theory]
[InlineData(ClientCertificateMode.AllowCertificate)]
[InlineData(ClientCertificateMode.RequireCertificate)]
public async Task ClientCertificateValidationGetsCalledWithNotNullParameters(ClientCertificateMode mode)
{
{
var clientCertificateValidationCalled = false;
var serviceContext = new TestServiceContext(new HttpsConnectionFilter(
new HttpsConnectionFilterOptions
@ -288,7 +281,7 @@ namespace Microsoft.AspNetCore.Server.KestrelTests
Assert.NotNull(certificate);
Assert.NotNull(chain);
return true;
}
}
},
new NoOpConnectionFilter())
);
@ -303,7 +296,7 @@ namespace Microsoft.AspNetCore.Server.KestrelTests
await stream.AuthenticateAsClientAsync("localhost", new X509CertificateCollection(), SslProtocols.Tls12 | SslProtocols.Tls11, false);
await AssertConnectionResult(stream, true);
Assert.True(clientCertificateValidationCalled);
}
}
}
}
@ -340,9 +333,9 @@ namespace Microsoft.AspNetCore.Server.KestrelTests
[InlineData(ClientCertificateMode.RequireCertificate)]
public async Task RejectsConnectionOnSslPolicyErrorsWhenNoValidation(ClientCertificateMode mode)
{
var serviceContext = new TestServiceContext(new HttpsConnectionFilter(
new HttpsConnectionFilterOptions
{
var serviceContext = new TestServiceContext(new HttpsConnectionFilter(
new HttpsConnectionFilterOptions
{
ServerCertificate = _x509Certificate2,
ClientCertificateMode = mode,
},
@ -369,29 +362,29 @@ namespace Microsoft.AspNetCore.Server.KestrelTests
new HttpsConnectionFilterOptions
{
ServerCertificate = _x509Certificate2,
ClientCertificateMode = ClientCertificateMode.RequireCertificate,
ClientCertificateValidation = (certificate, chain, sslPolicyErrors) => true
},
new NoOpConnectionFilter())
ClientCertificateMode = ClientCertificateMode.RequireCertificate,
ClientCertificateValidation = (certificate, chain, sslPolicyErrors) => true
},
new NoOpConnectionFilter())
);
RequestDelegate app = context =>
{
var tlsFeature = context.Features.Get<ITlsConnectionFeature>();
Assert.NotNull(tlsFeature);
Assert.NotNull(tlsFeature.ClientCertificate);
Assert.NotNull(context.Connection.ClientCertificate);
Assert.NotNull(context.Connection.ClientCertificate.PublicKey);
return context.Response.WriteAsync("hello world");
};
RequestDelegate app = context =>
{
var tlsFeature = context.Features.Get<ITlsConnectionFeature>();
Assert.NotNull(tlsFeature);
Assert.NotNull(tlsFeature.ClientCertificate);
Assert.NotNull(context.Connection.ClientCertificate);
Assert.NotNull(context.Connection.ClientCertificate.PublicKey);
return context.Response.WriteAsync("hello world");
};
using (var server = new TestServer(app, serviceContext, _serverAddress))
{
// SslStream is used to ensure the certificate is actually passed to the server
// HttpClient might not send the certificate because it is invalid or it doesn't match any
// of the certificate authorities sent by the server in the SSL handshake.
using (var client = new TcpClient())
{
// SslStream is used to ensure the certificate is actually passed to the server
// HttpClient might not send the certificate because it is invalid or it doesn't match any
// of the certificate authorities sent by the server in the SSL handshake.
using (var client = new TcpClient())
{
var stream = await OpenSslStream(client, server);
await stream.AuthenticateAsClientAsync("localhost", new X509CertificateCollection(), SslProtocols.Tls12 | SslProtocols.Tls11, false);
await AssertConnectionResult(stream, true);
@ -418,8 +411,8 @@ namespace Microsoft.AspNetCore.Server.KestrelTests
private static async Task<SslStream> OpenSslStream(TcpClient client, TestServer server, X509Certificate2 clientCertificate = null)
{
await client.ConnectAsync("127.0.0.1", server.Port);
var stream = new SslStream(client.GetStream(), false, (sender, certificate, chain, errors) => true,
await client.ConnectAsync("127.0.0.1", server.Port);
var stream = new SslStream(client.GetStream(), false, (sender, certificate, chain, errors) => true,
(sender, host, certificates, certificate, issuers) => clientCertificate ?? _x509Certificate2);
return stream;
@ -427,15 +420,15 @@ namespace Microsoft.AspNetCore.Server.KestrelTests
private static async Task AssertConnectionResult(SslStream stream, bool success)
{
var request = Encoding.UTF8.GetBytes("GET / HTTP/1.0\r\n\r\n");
await stream.WriteAsync(request, 0, request.Length);
var reader = new StreamReader(stream);
var request = Encoding.UTF8.GetBytes("GET / HTTP/1.0\r\n\r\n");
await stream.WriteAsync(request, 0, request.Length);
var reader = new StreamReader(stream);
string line = null;
if (success)
{
line = await reader.ReadLineAsync();
Assert.Equal("HTTP/1.1 200 OK", line);
}
Assert.Equal("HTTP/1.1 200 OK", line);
}
else
{
try
@ -445,6 +438,17 @@ namespace Microsoft.AspNetCore.Server.KestrelTests
catch (IOException) { }
Assert.Null(line);
}
}
}
private HttpMessageHandler GetHandler()
{
#if NET451
return new HttpClientHandler();
#else
var handler = new WinHttpHandler();
handler.ServerCertificateValidationCallback += (sender, cert, chain, sslPolicyErrors) => true;
return handler;
#endif
}
}
}