More tests

halter73 · halter73 · commit a66a2237d59d · 2020-08-05T21:37:42.000-07:00
diff --git a/src/Servers/Kestrel/Core/test/KestrelServerOptionsTests.cs b/src/Servers/Kestrel/Core/test/KestrelServerOptionsTests.cs
@@ -63,6 +63,17 @@ public void ConfigureThrowsInvalidOperationExceptionIfApplicationServicesIsNotSe
             Assert.Throws<InvalidOperationException>(() => options.Configure());
         }
 
+        [Fact]
+        public void ConfigureThrowsInvalidOperationExceptionIfApplicationServicesDoesntHaveRequiredServices()
+        {
+            var options = new KestrelServerOptions
+            {
+                ApplicationServices = new ServiceCollection().BuildServiceProvider()
+            };
+
+            Assert.Throws<InvalidOperationException>(() => options.Configure());
+        }
+
         [Fact]
         public void CanCallListenAfterConfigure()
         {
diff --git a/src/Servers/Kestrel/Core/test/SniOptionsSelectorTests.cs b/src/Servers/Kestrel/Core/test/SniOptionsSelectorTests.cs
@@ -431,6 +431,230 @@ public void FallsBackToHttpsConnectionAdapterServerCertificateSelectorOverServer
             Assert.Same(selectorCertificate, options.ServerCertificate);
         }
 
+        [Fact]
+        public void PrefersHttpProtocolsDefinedInSniConfig()
+        {
+            var sniDictionary = new Dictionary<string, SniConfig>
+            {
+                {
+                    "www.example.org",
+                    new SniConfig
+                    {
+                        Protocols = HttpProtocols.None,
+                        Certificate = new CertificateConfig()
+                    }
+                }
+            };
+
+            var sniOptionsSelector = new SniOptionsSelector(
+                "TestEndpointName",
+                sniDictionary,
+                new MockCertificateConfigLoader(),
+                new HttpsConnectionAdapterOptions(),
+                fallbackHttpProtocols: HttpProtocols.Http1,
+                logger: Mock.Of<ILogger<HttpsConnectionMiddleware>>());
+
+            var mockConnectionContext = new MockConnectionContext();
+            sniOptionsSelector.GetOptions(mockConnectionContext, "www.example.org");
+
+            var httpProtocolsFeature = mockConnectionContext.Features.Get<HttpProtocolsFeature>();
+            Assert.NotNull(httpProtocolsFeature);
+            Assert.Equal(HttpProtocols.None, httpProtocolsFeature.HttpProtocols);
+        }
+
+        [Fact]
+        public void ConfiguresAlpnBasedOnConfiguredHttpProtocols()
+        {
+            var sniDictionary = new Dictionary<string, SniConfig>
+            {
+                {
+                    "www.example.org",
+                    new SniConfig
+                    {
+                        // I'm not using Http1AndHttp2 or Http2 because I don't want to account for
+                        // validation and normalization. Other tests cover that.
+                        Protocols = HttpProtocols.Http1,
+                        Certificate = new CertificateConfig()
+                    }
+                }
+            };
+
+            var sniOptionsSelector = new SniOptionsSelector(
+                "TestEndpointName",
+                sniDictionary,
+                new MockCertificateConfigLoader(),
+                new HttpsConnectionAdapterOptions(),
+                fallbackHttpProtocols: HttpProtocols.None,
+                logger: Mock.Of<ILogger<HttpsConnectionMiddleware>>());
+
+            var options = sniOptionsSelector.GetOptions(new MockConnectionContext(), "www.example.org");
+            var alpnList = options.ApplicationProtocols;
+
+            Assert.NotNull(alpnList);
+            var protocol = Assert.Single(alpnList);
+            Assert.Equal(SslApplicationProtocol.Http11, protocol);
+        }
+
+        [Fact]
+        public void FallsBackToFallbackHttpProtocols()
+        {
+            var sniDictionary = new Dictionary<string, SniConfig>
+            {
+                {
+                    "www.example.org",
+                    new SniConfig
+                    {
+                        Certificate = new CertificateConfig()
+                    }
+                }
+            };
+
+            var sniOptionsSelector = new SniOptionsSelector(
+                "TestEndpointName",
+                sniDictionary,
+                new MockCertificateConfigLoader(),
+                new HttpsConnectionAdapterOptions(),
+                fallbackHttpProtocols: HttpProtocols.Http1,
+                logger: Mock.Of<ILogger<HttpsConnectionMiddleware>>());
+
+            var mockConnectionContext = new MockConnectionContext();
+            sniOptionsSelector.GetOptions(mockConnectionContext, "www.example.org");
+
+            var httpProtocolsFeature = mockConnectionContext.Features.Get<HttpProtocolsFeature>();
+            Assert.NotNull(httpProtocolsFeature);
+            Assert.Equal(HttpProtocols.Http1, httpProtocolsFeature.HttpProtocols);
+        }
+
+        [Fact]
+        public void PrefersSslProtocolsDefinedInSniConfig()
+        {
+            var sniDictionary = new Dictionary<string, SniConfig>
+            {
+                {
+                    "www.example.org",
+                    new SniConfig
+                    {
+                        SslProtocols = SslProtocols.Tls13 | SslProtocols.Tls11,
+                        Certificate = new CertificateConfig()
+                    }
+                }
+            };
+
+            var sniOptionsSelector = new SniOptionsSelector(
+                "TestEndpointName",
+                sniDictionary,
+                new MockCertificateConfigLoader(),
+                new HttpsConnectionAdapterOptions
+                {
+                    SslProtocols = SslProtocols.Tls13
+                },
+                fallbackHttpProtocols: HttpProtocols.Http1AndHttp2,
+                logger: Mock.Of<ILogger<HttpsConnectionMiddleware>>());
+
+            var options = sniOptionsSelector.GetOptions(new MockConnectionContext(), "www.example.org");
+            Assert.Equal(SslProtocols.Tls13 | SslProtocols.Tls11, options.EnabledSslProtocols);
+        }
+
+        [Fact]
+        public void FallsBackToFallbackSslProtocols()
+        {
+            var sniDictionary = new Dictionary<string, SniConfig>
+            {
+                {
+                    "www.example.org",
+                    new SniConfig
+                    {
+                        Certificate = new CertificateConfig()
+                    }
+                }
+            };
+
+            var sniOptionsSelector = new SniOptionsSelector(
+                "TestEndpointName",
+                sniDictionary,
+                new MockCertificateConfigLoader(),
+                new HttpsConnectionAdapterOptions
+                {
+                    SslProtocols = SslProtocols.Tls13
+                },
+                fallbackHttpProtocols: HttpProtocols.Http1AndHttp2,
+                logger: Mock.Of<ILogger<HttpsConnectionMiddleware>>());
+
+            var options = sniOptionsSelector.GetOptions(new MockConnectionContext(), "www.example.org");
+            Assert.Equal(SslProtocols.Tls13, options.EnabledSslProtocols);
+        }
+
+
+        [Fact]
+        public void PrefersClientCertificateModeDefinedInSniConfig()
+        {
+            var sniDictionary = new Dictionary<string, SniConfig>
+            {
+                {
+                    "www.example.org",
+                    new SniConfig
+                    {
+                        ClientCertificateMode = ClientCertificateMode.RequireCertificate,
+                        Certificate = new CertificateConfig()
+                    }
+                }
+            };
+
+            var sniOptionsSelector = new SniOptionsSelector(
+                "TestEndpointName",
+                sniDictionary,
+                new MockCertificateConfigLoader(),
+                new HttpsConnectionAdapterOptions
+                {
+                   ClientCertificateMode = ClientCertificateMode.AllowCertificate
+                },
+                fallbackHttpProtocols: HttpProtocols.Http1AndHttp2,
+                logger: Mock.Of<ILogger<HttpsConnectionMiddleware>>());
+
+            var options = sniOptionsSelector.GetOptions(new MockConnectionContext(), "www.example.org");
+
+            Assert.True(options.ClientCertificateRequired);
+
+            Assert.NotNull(options.RemoteCertificateValidationCallback);
+            // The RemoteCertificateValidationCallback should first check if the certificate is null and return false since it's required.
+            Assert.False(options.RemoteCertificateValidationCallback(sender: null, certificate: null, chain: null, SslPolicyErrors.None));
+        }
+
+        [Fact]
+        public void FallsBackToFallbackClientCertificateMode()
+        {
+            var sniDictionary = new Dictionary<string, SniConfig>
+            {
+                {
+                    "www.example.org",
+                    new SniConfig
+                    {
+                        Certificate = new CertificateConfig()
+                    }
+                }
+            };
+
+            var sniOptionsSelector = new SniOptionsSelector(
+                "TestEndpointName",
+                sniDictionary,
+                new MockCertificateConfigLoader(),
+                new HttpsConnectionAdapterOptions
+                {
+                   ClientCertificateMode = ClientCertificateMode.AllowCertificate
+                },
+                fallbackHttpProtocols: HttpProtocols.Http1AndHttp2,
+                logger: Mock.Of<ILogger<HttpsConnectionMiddleware>>());
+
+            var options = sniOptionsSelector.GetOptions(new MockConnectionContext(), "www.example.org");
+
+            // Despite the confusing name, ClientCertificateRequired being true simply requests a certificate from the client, but doesn't require it.
+            Assert.True(options.ClientCertificateRequired);
+
+            Assert.NotNull(options.RemoteCertificateValidationCallback);
+            // The RemoteCertificateValidationCallback should see we're in the AllowCertificate mode and return true.
+            Assert.True(options.RemoteCertificateValidationCallback(sender: null, certificate: null, chain: null, SslPolicyErrors.None));
+        }
+
         [Fact]
         public void CloneSslOptionsClonesAllProperties()
         {
diff --git a/src/Servers/Kestrel/Kestrel/test/KestrelConfigurationLoaderTests.cs b/src/Servers/Kestrel/Kestrel/test/KestrelConfigurationLoaderTests.cs
@@ -839,7 +839,7 @@ public void DefaultConfigSection_CanConfigureSni()
             var config = new ConfigurationBuilder().AddInMemoryCollection(new[]
             {
                 new KeyValuePair<string, string>("Endpoints:End1:Url", "https://*:5001"),
-                new KeyValuePair<string, string>("EndpointDefaults:Sni:*.example.org:Protocols", "Http1"),
+                new KeyValuePair<string, string>("EndpointDefaults:Sni:*.example.org:Protocols", "None"),
                 new KeyValuePair<string, string>("EndpointDefaults:Sni:*.example.org:SslProtocols:0", "Tls12"),
                 new KeyValuePair<string, string>("EndpointDefaults:Sni:*.example.org:ClientCertificateMode", "AllowCertificate"),
             }).Build();
@@ -849,7 +849,7 @@ public void DefaultConfigSection_CanConfigureSni()
             var (name, sniConfig) = Assert.Single(end1?.EndpointConfig?.Sni);
 
             Assert.Equal("*.example.org", name);
-            Assert.Equal(HttpProtocols.Http1, sniConfig.Protocols);
+            Assert.Equal(HttpProtocols.None, sniConfig.Protocols);
             Assert.Equal(SslProtocols.Tls12, sniConfig.SslProtocols);
             Assert.Equal(ClientCertificateMode.AllowCertificate, sniConfig.ClientCertificateMode);
         }
@@ -862,7 +862,7 @@ public void DefaultConfigSection_SniConfigurationIsOverriddenByNotMergedWithEndp
             var config = new ConfigurationBuilder().AddInMemoryCollection(new[]
             {
                 new KeyValuePair<string, string>("Endpoints:End1:Url", "https://*:5001"),
-                new KeyValuePair<string, string>("Endpoints:End1:Sni:*:Protocols", "Http1AndHttp2"),
+                new KeyValuePair<string, string>("Endpoints:End1:Sni:*:Protocols", "None"),
                 new KeyValuePair<string, string>("EndpointDefaults:Sni:*.example.org:Protocols", "Http1"),
                 new KeyValuePair<string, string>("EndpointDefaults:Sni:*.example.org:SslProtocols:0", "Tls12"),
                 new KeyValuePair<string, string>("EndpointDefaults:Sni:*.example.org:ClientCertificateMode", "AllowCertificate"),
@@ -873,7 +873,7 @@ public void DefaultConfigSection_SniConfigurationIsOverriddenByNotMergedWithEndp
             var (name, sniConfig) = Assert.Single(end1?.EndpointConfig?.Sni);
 
             Assert.Equal("*", name);
-            Assert.Equal(HttpProtocols.Http1AndHttp2, sniConfig.Protocols);
+            Assert.Equal(HttpProtocols.None, sniConfig.Protocols);
         }
 
         [Fact]
