From 00e62020d2329f716542b22468c4e2fe23ff9cea Mon Sep 17 00:00:00 2001 From: Hong Dai Date: Tue, 4 Aug 2015 11:28:41 -0700 Subject: [PATCH] Verify Server Dns for NetTcp binding * This is one of the key scenarios for DnsEndpointIdentity * Note that it will fail until all dependent features mentioned in the test resolved. --- .../tests/Common/Scenarios/Endpoints.cs | 5 +++ .../Security.TransportSecurity.Tests.csproj | 1 + .../TransportSecurity/Tcp/IdentityTests.cs | 43 +++++++++++++++++++ .../TestResources/EndpointResource.cs | 6 +++ .../TestResources/TcpVerifyDNSResource.cs | 38 ++++++++++++++++ .../test/SelfHostWcfService/WcfService.csproj | 1 + 6 files changed, 94 insertions(+) create mode 100644 src/System.Private.ServiceModel/tests/Scenarios/Security/TransportSecurity/Tcp/IdentityTests.cs create mode 100644 src/System.Private.ServiceModel/tools/test/SelfHostWcfService/TestResources/TcpVerifyDNSResource.cs diff --git a/src/System.Private.ServiceModel/tests/Common/Scenarios/Endpoints.cs b/src/System.Private.ServiceModel/tests/Common/Scenarios/Endpoints.cs index e922af23f2f..48e5bc344a4 100644 --- a/src/System.Private.ServiceModel/tests/Common/Scenarios/Endpoints.cs +++ b/src/System.Private.ServiceModel/tests/Common/Scenarios/Endpoints.cs @@ -99,6 +99,11 @@ public static string Tcp_NoSecurity_Address get { return BridgeClient.GetResourceAddress("WcfService.TestResources.TcpNoSecurityResource"); } } + public static string Tcp_VerifyDNS_Address + { + get { return BridgeClient.GetResourceAddress("WcfService.TestResources.TcpVerifyDNSResource"); } + } + public static string Tcp_NoSecurity_Callback_Address { get { return BridgeClient.GetResourceAddress("WcfService.TestResources.DuplexResource"); } diff --git a/src/System.Private.ServiceModel/tests/Scenarios/Security/TransportSecurity/Security.TransportSecurity.Tests.csproj b/src/System.Private.ServiceModel/tests/Scenarios/Security/TransportSecurity/Security.TransportSecurity.Tests.csproj index 17150304c3f..3876915128f 100644 --- a/src/System.Private.ServiceModel/tests/Scenarios/Security/TransportSecurity/Security.TransportSecurity.Tests.csproj +++ b/src/System.Private.ServiceModel/tests/Scenarios/Security/TransportSecurity/Security.TransportSecurity.Tests.csproj @@ -20,6 +20,7 @@ + diff --git a/src/System.Private.ServiceModel/tests/Scenarios/Security/TransportSecurity/Tcp/IdentityTests.cs b/src/System.Private.ServiceModel/tests/Scenarios/Security/TransportSecurity/Tcp/IdentityTests.cs new file mode 100644 index 00000000000..ccec31d2fa2 --- /dev/null +++ b/src/System.Private.ServiceModel/tests/Scenarios/Security/TransportSecurity/Tcp/IdentityTests.cs @@ -0,0 +1,43 @@ +using System; +using System.ServiceModel; +using System.Text; +using Xunit; + +namespace Security.TransportSecurity.Tests.Tcp +{ + public static class IdentityTests + { + [Fact] + [ActiveIssue(12)] + [OuterLoop] + // The product code will check the Dns identity from the server and throw if it does not match what is specified in DnsEndpointIdentity + public static void VerifyServiceIdentityMatchDnsEndpointIdentity() + { + string testString = "Hello"; + + NetTcpBinding binding = new NetTcpBinding(); + //SecurityMode.Transport is not supported yet, we will get an exception here, tracked by issue #81 + binding.Security.Mode = SecurityMode.Transport; + binding.Security.Transport.ClientCredentialType = TcpClientCredentialType.None; + + EndpointAddress endpointAddress = new EndpointAddress(new Uri(Endpoints.Tcp_VerifyDNS_Address),new DnsEndpointIdentity("localhost")); + ChannelFactory factory = new ChannelFactory(binding, endpointAddress); + // factory.Credentials.ServiceCertificate is not availabe currently, tracked by issue 243 + // We need to change the validation mode as we use a test certificate. It does not affect the purpose of this test + // factory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None; + IWcfService serviceProxy = factory.CreateChannel(); + + try + { + var result = serviceProxy.Echo(testString); + Assert.Equal(testString, result); + } + finally + { + if (factory != null && factory.State != CommunicationState.Closed) + {factory.Abort(); + } + } + } + } +} diff --git a/src/System.Private.ServiceModel/tools/test/SelfHostWcfService/TestResources/EndpointResource.cs b/src/System.Private.ServiceModel/tools/test/SelfHostWcfService/TestResources/EndpointResource.cs index 8a3c4734bc8..d67a26c110a 100644 --- a/src/System.Private.ServiceModel/tools/test/SelfHostWcfService/TestResources/EndpointResource.cs +++ b/src/System.Private.ServiceModel/tools/test/SelfHostWcfService/TestResources/EndpointResource.cs @@ -15,6 +15,7 @@ internal abstract class EndpointResource : IResource private static Dictionary s_currentHosts = new Dictionary(); private static object s_currentHostLock = new object(); private string _hostName = "localhost"; + protected string certThumbprint = "1d 85 a3 f6 cd 2c 02 2c 5c a5 4e 5c b2 00 a4 7f 89 ba 0d 3d"; #region Host Listen Uri components @@ -58,6 +59,7 @@ public object Put(ResourceRequestContext context) GetBinding(), BuildUri()); ModifyBehaviors(host.Description); + ModifyHost(host); host.Open(); s_currentHosts.Add(Address, host); } @@ -80,6 +82,10 @@ public object Get() protected abstract Binding GetBinding(); + protected virtual void ModifyHost(ServiceHost serviceHost) + { + } + private void ModifyBehaviors(ServiceDescription desc) { ServiceDebugBehavior debug = desc.Behaviors.Find(); diff --git a/src/System.Private.ServiceModel/tools/test/SelfHostWcfService/TestResources/TcpVerifyDNSResource.cs b/src/System.Private.ServiceModel/tools/test/SelfHostWcfService/TestResources/TcpVerifyDNSResource.cs new file mode 100644 index 00000000000..bc158f53fa5 --- /dev/null +++ b/src/System.Private.ServiceModel/tools/test/SelfHostWcfService/TestResources/TcpVerifyDNSResource.cs @@ -0,0 +1,38 @@ +// Copyright (c) Microsoft. All rights reserved. +// Licensed under the MIT license. See LICENSE file in the project root for full license information. +using System; +using System.ServiceModel; +using System.ServiceModel.Channels; +using System.Security.Cryptography.X509Certificates; + +namespace WcfService.TestResources +{ + internal class TcpVerifyDNSResource : TcpResource + { + protected override string Address { get { return "tcp-VerifyDNS"; } } + protected override string Host + { + get + { + return Environment.MachineName; + } + } + + protected override Binding GetBinding() + { + NetTcpBinding binding = new NetTcpBinding() { PortSharingEnabled = false }; + binding.Security.Mode = SecurityMode.Transport; + binding.Security.Transport.ClientCredentialType = TcpClientCredentialType.None; + + return binding; + } + + protected override void ModifyHost(ServiceHost serviceHost) + { + serviceHost.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine, + StoreName.My, + X509FindType.FindByThumbprint, + certThumbprint); + } + } +} diff --git a/src/System.Private.ServiceModel/tools/test/SelfHostWcfService/WcfService.csproj b/src/System.Private.ServiceModel/tools/test/SelfHostWcfService/WcfService.csproj index c4114c3d490..75a41dc42f2 100644 --- a/src/System.Private.ServiceModel/tools/test/SelfHostWcfService/WcfService.csproj +++ b/src/System.Private.ServiceModel/tools/test/SelfHostWcfService/WcfService.csproj @@ -73,6 +73,7 @@ +