diff options
| author | Martin Baulig <mabaul@microsoft.com> | 2019-02-08 02:43:01 +0300 |
|---|---|---|
| committer | Marek Safar <marek.safar@gmail.com> | 2019-02-21 22:43:25 +0300 |
| commit | 7277e3bb5ee3dbec669ca70634291fcc186e25cc (patch) | |
| tree | 95dc8d38fbb6f3a8f5c92a07b0c9071a6e46658f /mcs/class/System.Net.Http | |
| parent | aa047137232f1896554ae808eaf1a385fc59e830 (diff) | |
SslStream improvements and tests
* Add server-side Server-Name-Indication (SNI) support (both AppleTls and BTLS).
* Support the new `SslServerAuthenticationOptions.ServerCertificateSelectionCallback`.
* Server certificate selection is now compatible with CoreFx behavior; first
checking the new `ServerCertSelectionDelegate` then `LocalCertSelectionCallback`
and finally using an explicitly provided certificate.
* Misc exception checks and fixes to make behavior consistent with CoreFx;
any exception thrown by reading / writing the underlying stream will now be
propagated verbatim (and not wrapped in an `AuthenticationException`);
exceptions thrown by the handshake / TLS stack itself will still be wrapped.
* Added `System.Net.Security` xUnit tests from CoreFx.
* Misc test cleanups; moved certificate test files from `System.Net.Http` into
`System` and embed them in the test assembly as resources, adjusting
`test-helpers/Configuration.Certificates.cs` accordingly.
Diffstat (limited to 'mcs/class/System.Net.Http')
| -rw-r--r-- | mcs/class/System.Net.Http/FunctionalTests/Makefile | 2 | ||||
| -rw-r--r-- | mcs/class/System.Net.Http/FunctionalTests/functional-tests.sources | 4 | ||||
| -rw-r--r-- | mcs/class/System.Net.Http/Makefile | 3 | ||||
| -rw-r--r-- | mcs/class/System.Net.Http/TestData/testservereku.contoso.com.pfx | bin | 5278 -> 0 bytes | |||
| -rw-r--r-- | mcs/class/System.Net.Http/UnitTests/unit-tests.sources | 3 | ||||
| -rw-r--r-- | mcs/class/System.Net.Http/corefx/Configuration.Certificates.cs | 117 | ||||
| -rw-r--r-- | mcs/class/System.Net.Http/corefx/Configuration.Http.cs | 14 | ||||
| -rw-r--r-- | mcs/class/System.Net.Http/corefx/PlatformDetection.cs | 2 |
8 files changed, 5 insertions, 140 deletions
diff --git a/mcs/class/System.Net.Http/FunctionalTests/Makefile b/mcs/class/System.Net.Http/FunctionalTests/Makefile index e75ea2e1544..8e8991fbdb0 100644 --- a/mcs/class/System.Net.Http/FunctionalTests/Makefile +++ b/mcs/class/System.Net.Http/FunctionalTests/Makefile @@ -7,7 +7,7 @@ ASSEMBLY = System.Net.Http.FunctionalTests XTEST_LIB_REFS = System System.Core Facades/System.Threading.Tasks USE_XTEST_REMOTE_EXECUTOR = YES -XTEST_LIB_FLAGS = /resource:../TestData/testservereku.contoso.com.pfx +XTEST_LIB_FLAGS = /resource:../../System/Test/TestData/testservereku.contoso.com.pfx the_assembly = $(topdir)/class/lib/$(PROFILE_DIRECTORY)/System.Net.Http.dll diff --git a/mcs/class/System.Net.Http/FunctionalTests/functional-tests.sources b/mcs/class/System.Net.Http/FunctionalTests/functional-tests.sources index ed1f44028a8..c0e4c682bd6 100644 --- a/mcs/class/System.Net.Http/FunctionalTests/functional-tests.sources +++ b/mcs/class/System.Net.Http/FunctionalTests/functional-tests.sources @@ -1,5 +1,5 @@ -../corefx/Configuration.Certificates.cs -../corefx/Configuration.Http.cs +../../test-helpers/Configuration.Certificates.cs +../../test-helpers/Configuration.Http.cs ../corefx/Interop.VersionInfo.cs ../corefx/PlatformDetection.cs diff --git a/mcs/class/System.Net.Http/Makefile b/mcs/class/System.Net.Http/Makefile index 202f65ef194..5c4fb101334 100644 --- a/mcs/class/System.Net.Http/Makefile +++ b/mcs/class/System.Net.Http/Makefile @@ -16,9 +16,6 @@ TEST_MCS_FLAGS = LIBRARY_WARN_AS_ERROR = yes -EXTRA_DISTFILES = \ - TestData/testservereku.contoso.com.pfx - ifndef SOCKETSHTTPHANDLER TEST_MCS_FLAGS += -d:LEGACY_HTTPCLIENT LIB_MCS_FLAGS += -d:LEGACY_HTTPCLIENT diff --git a/mcs/class/System.Net.Http/TestData/testservereku.contoso.com.pfx b/mcs/class/System.Net.Http/TestData/testservereku.contoso.com.pfx Binary files differdeleted file mode 100644 index 1d59670a017..00000000000 --- a/mcs/class/System.Net.Http/TestData/testservereku.contoso.com.pfx +++ /dev/null diff --git a/mcs/class/System.Net.Http/UnitTests/unit-tests.sources b/mcs/class/System.Net.Http/UnitTests/unit-tests.sources index 83f397b021e..28d4d4d295e 100644 --- a/mcs/class/System.Net.Http/UnitTests/unit-tests.sources +++ b/mcs/class/System.Net.Http/UnitTests/unit-tests.sources @@ -1,3 +1,4 @@ +../../test-helpers/Configuration.Certificates.cs ../../corlib/corefx/SR.cs ../../corlib/ReferenceSources/SR.cs ../../../build/common/SR.cs @@ -43,12 +44,10 @@ ../../../../external/corefx/src/Common/tests/System/Diagnostics/Tracing/ConsoleEventListener.cs ../../../../external/corefx/src/Common/tests/System/IO/DelegateStream.cs ../../../../external/corefx/src/Common/tests/System/Net/RemoteServerQuery.cs -../../../../external/corefx/src/Common/tests/System/Net/Configuration.Certificates.cs ../../../../external/corefx/src/Common/tests/System/Net/EventSourceTestLogging.cs ../../../../external/corefx/src/Common/tests/System/Net/HttpsTestServer.cs ../../../../external/corefx/src/Common/tests/System/Net/Capability.Security.cs ../../../../external/corefx/src/Common/tests/System/Net/Configuration.cs -../../../../external/corefx/src/Common/tests/System/Net/Configuration.Http.cs ../../../../external/corefx/src/Common/tests/System/Net/Configuration.Security.cs ../../../../external/corefx/src/Common/tests/System/Net/TestWebProxies.cs ../../../../external/corefx/src/Common/tests/System/Net/VerboseTestLogging.cs diff --git a/mcs/class/System.Net.Http/corefx/Configuration.Certificates.cs b/mcs/class/System.Net.Http/corefx/Configuration.Certificates.cs deleted file mode 100644 index 5ea14b2ef51..00000000000 --- a/mcs/class/System.Net.Http/corefx/Configuration.Certificates.cs +++ /dev/null @@ -1,117 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. - -using System.Diagnostics; -using System.IO; -using System.Runtime.InteropServices; -using System.Security.Authentication; -using System.Security.Cryptography.X509Certificates; -using System.Threading; -using Xunit; - -namespace System.Net.Test.Common -{ - public static partial class Configuration - { - public static partial class Certificates - { - private const string CertificatePassword = "testcertificate"; - private const string TestDataFolder = "TestData"; - - private static readonly Mutex m; - private const int MutexTimeout = 120 * 1000; - - static Certificates() - { - if (PlatformDetection.IsUap) - { - // UWP doesn't support Global mutexes. - m = new Mutex(false, "Local\\CoreFXTest.Configuration.Certificates.LoadPfxCertificate"); - } - else - { - m = new Mutex(false, "Global\\CoreFXTest.Configuration.Certificates.LoadPfxCertificate"); - } - } - - public static X509Certificate2 GetServerCertificate() => GetCertWithPrivateKey(GetServerCertificateCollection()); - - public static X509Certificate2 GetClientCertificate() => GetCertWithPrivateKey(GetClientCertificateCollection()); - - public static X509Certificate2 GetNoEKUCertificate() => GetCertWithPrivateKey(GetNoEKUCertificateCollection()); - - public static X509Certificate2 GetSelfSignedServerCertificate() => GetCertWithPrivateKey(GetSelfSignedServerCertificateCollection()); - - public static X509Certificate2 GetSelfSignedClientCertificate() => GetCertWithPrivateKey(GetSelfSignedClientCertificateCollection()); - - public static X509Certificate2Collection GetServerCertificateCollection() => GetCertificateCollection("testservereku.contoso.com.pfx"); - - public static X509Certificate2Collection GetClientCertificateCollection() => GetCertificateCollection("testclienteku.contoso.com.pfx"); - - public static X509Certificate2Collection GetNoEKUCertificateCollection() => GetCertificateCollection("testnoeku.contoso.com.pfx"); - - public static X509Certificate2Collection GetSelfSignedServerCertificateCollection() => GetCertificateCollection("testselfsignedservereku.contoso.com.pfx"); - - public static X509Certificate2Collection GetSelfSignedClientCertificateCollection() => GetCertificateCollection("testselfsignedclienteku.contoso.com.pfx"); - - private static byte[] GetResourceData(string name) - { - var assembly = typeof(Configuration).Assembly; - using (var stream = assembly.GetManifestResourceStream(name)) - using (var reader = new BinaryReader(stream)) - { - var data = new byte[stream.Length]; - var ret = stream.Read(data, 0, data.Length); - if (ret != data.Length) - throw new IOException(); - return data; - } - } - - private static X509Certificate2Collection GetCertificateCollection(string certificateFileName) - { - // On Windows, .NET Core applications should not import PFX files in parallel to avoid a known system-level race condition. - // This bug results in corrupting the X509Certificate2 certificate state. - Assert.True(m.WaitOne(MutexTimeout), "Cannot acquire the global certificate mutex."); - try - { - var certData = GetResourceData(certificateFileName); - var certCollection = new X509Certificate2Collection(); - certCollection.Import(certData, CertificatePassword, X509KeyStorageFlags.DefaultKeySet); - - return certCollection; - } - catch (Exception ex) - { - Debug.Fail(nameof(Configuration.Certificates.GetCertificateCollection) + " threw " + ex.ToString()); - throw; - } - finally - { - m.ReleaseMutex(); - } - } - - private static X509Certificate2 GetCertWithPrivateKey(X509Certificate2Collection certCollection) - { - X509Certificate2 certificate = null; - - foreach (X509Certificate2 c in certCollection) - { - if (certificate == null && c.HasPrivateKey) - { - certificate = c; - } - else - { - c.Dispose(); - } - } - - Assert.NotNull(certificate); - return certificate; - } - } - } -} diff --git a/mcs/class/System.Net.Http/corefx/Configuration.Http.cs b/mcs/class/System.Net.Http/corefx/Configuration.Http.cs deleted file mode 100644 index d98cdde1ebf..00000000000 --- a/mcs/class/System.Net.Http/corefx/Configuration.Http.cs +++ /dev/null @@ -1,14 +0,0 @@ -namespace System.Net.Test.Common -{ - public static partial class Configuration - { - public static partial class Http - { - public static readonly object[][] EchoServers = { new object[] { RemoteEchoServer }, new object[] { SecureRemoteEchoServer } }; - public static readonly object[][] VerifyUploadServers = { new object[] { RemoteVerifyUploadServer }, new object[] { SecureRemoteVerifyUploadServer } }; - public static readonly object[][] CompressedServers = { new object[] { RemoteDeflateServer }, new object[] { RemoteGZipServer } }; - public static readonly object[][] Http2Servers = { new object[] { new Uri ("https://" + Http2Host) } }; - public static readonly object[][] Http2NoPushServers = { new object[] { new Uri ("https://" + Http2NoPushHost) } }; - } - } -} diff --git a/mcs/class/System.Net.Http/corefx/PlatformDetection.cs b/mcs/class/System.Net.Http/corefx/PlatformDetection.cs index e79df47b8cb..c763282b8a5 100644 --- a/mcs/class/System.Net.Http/corefx/PlatformDetection.cs +++ b/mcs/class/System.Net.Http/corefx/PlatformDetection.cs @@ -4,7 +4,7 @@ namespace System { public static bool IsOSX => true; public static bool IsDebian => false; - public static int WindowsVersion => -1; + internal static bool IsSsl2AndSsl3Supported => false; /* * Use of these properties should be strictly limited to the `System.Net.Http` tests. |