-
Notifications
You must be signed in to change notification settings - Fork 13
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Split test for SSL authentication with Multiplexed transports (#3677)
- Loading branch information
Showing
5 changed files
with
225 additions
and
189 deletions.
There are no files selected for viewing
143 changes: 0 additions & 143 deletions
143
...Rpc.Conformance.Tests/Transports/MultiplexedTransportSslAuthenticationConformanceTests.cs
This file was deleted.
Oops, something went wrong.
26 changes: 0 additions & 26 deletions
26
tests/IceRpc.Quic.Tests/Transports/QuicTransportSslAuthenticationConformanceTests.cs
This file was deleted.
Oops, something went wrong.
108 changes: 108 additions & 0 deletions
108
tests/IceRpc.Quic.Tests/Transports/QuicTransportSslAuthenticationTests.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,108 @@ | ||
// Copyright (c) ZeroC, Inc. | ||
|
||
using IceRpc.Tests.Common; | ||
using IceRpc.Transports; | ||
using Microsoft.Extensions.DependencyInjection; | ||
using NUnit.Framework; | ||
using System.Net.Quic; | ||
using System.Net.Security; | ||
using System.Security.Authentication; | ||
using System.Security.Cryptography.X509Certificates; | ||
|
||
namespace IceRpc.Tests.Transports; | ||
|
||
/// <summary>Test Ssl authentication with Quic transport.</summary> | ||
[Parallelizable(ParallelScope.All)] | ||
public class QuicTransportSslAuthenticationTests | ||
{ | ||
[OneTimeSetUp] | ||
public void FixtureSetUp() | ||
{ | ||
if (!QuicConnection.IsSupported) | ||
{ | ||
Assert.Ignore("Quic is not supported on this platform"); | ||
} | ||
} | ||
|
||
[Test] | ||
public async Task Quic_client_connection_connect_fails_when_server_provides_untrusted_certificate() | ||
{ | ||
// Arrange | ||
await using ServiceProvider provider = CreateServiceCollection() | ||
.AddSingleton( | ||
new SslServerAuthenticationOptions | ||
{ | ||
ServerCertificate = new X509Certificate2("server-untrusted.p12"), | ||
}) | ||
.AddSingleton( | ||
new SslClientAuthenticationOptions | ||
{ | ||
RemoteCertificateValidationCallback = (sender, certificate, chain, errors) => false | ||
}) | ||
.BuildServiceProvider(validateScopes: true); | ||
|
||
var sut = provider.GetRequiredService<ClientServerMultiplexedConnection>(); | ||
|
||
var listener = provider.GetRequiredService<IListener<IMultiplexedConnection>>(); | ||
|
||
// Act/Assert | ||
|
||
// The connect attempt starts the TLS handshake. | ||
Assert.That( | ||
async () => await sut.Client.ConnectAsync(default), | ||
Throws.TypeOf<AuthenticationException>()); | ||
} | ||
|
||
[System.Diagnostics.CodeAnalysis.SuppressMessage( | ||
"Security", | ||
"CA5359:Do Not Disable Certificate Validation", | ||
Justification = "The client doesn't need to validate the server certificate for this test")] | ||
[Test] | ||
public async Task Quic_server_connection_connect_fails_when_client_provides_untrusted_certificate() | ||
{ | ||
// Arrange | ||
await using ServiceProvider provider = CreateServiceCollection() | ||
.AddSingleton( | ||
new SslServerAuthenticationOptions | ||
{ | ||
ClientCertificateRequired = true, | ||
RemoteCertificateValidationCallback = (sender, certificate, chain, errors) => false, | ||
ServerCertificate = new X509Certificate2("server.p12"), | ||
}) | ||
.AddSingleton( | ||
new SslClientAuthenticationOptions | ||
{ | ||
ClientCertificates = new X509CertificateCollection() | ||
{ | ||
new X509Certificate2("client-untrusted.p12") | ||
}, | ||
RemoteCertificateValidationCallback = (sender, certificate, chain, errors) => true | ||
}) | ||
.BuildServiceProvider(validateScopes: true); | ||
|
||
var sut = provider.GetRequiredService<ClientServerMultiplexedConnection>(); | ||
var listener = provider.GetRequiredService<IListener<IMultiplexedConnection>>(); | ||
|
||
// The connect attempt starts the TLS handshake. | ||
var clientConnectTask = sut.Client.ConnectAsync(default); | ||
|
||
// Act/Assert | ||
Assert.That( | ||
async () => await listener.AcceptAsync(default), | ||
Throws.InstanceOf<AuthenticationException>()); | ||
|
||
try | ||
{ | ||
await clientConnectTask; | ||
} | ||
catch | ||
{ | ||
// Avoid UTE | ||
} | ||
} | ||
|
||
private static IServiceCollection CreateServiceCollection() => | ||
new ServiceCollection() | ||
.AddMultiplexedTransportTest(new Uri("icerpc://127.0.0.1:0/")) | ||
.AddQuicTransport(); | ||
} |
20 changes: 0 additions & 20 deletions
20
tests/IceRpc.Tests/Transports/Slic/SlicTransportSslAuthenticationConformanceTests.cs
This file was deleted.
Oops, something went wrong.
Oops, something went wrong.