Add test for 2.1

javiercn · javiercn · commit 6da274140f3a · 2019-12-03T15:36:52.000-08:00
diff --git a/src/Servers/Kestrel/Core/src/Internal/HttpsConnectionAdapter.cs b/src/Servers/Kestrel/Core/src/Internal/HttpsConnectionAdapter.cs
@@ -166,20 +166,7 @@ private async Task<IAdaptedConnection> InnerOnConnectionAsync(ConnectionAdapterC
                     sslOptions.ApplicationProtocols.Add(SslApplicationProtocol.Http11);
                 }
 
-                try
-                {
-                    await sslStream.AuthenticateAsServerAsync(sslOptions, CancellationToken.None);
-                }
-                catch (AuthenticationException ex)
-                {
-                    if (_serverCertificate != null &&
-                        CertificateManager.IsHttpsDevelopmentCertificate(_serverCertificate) &&
-                        !CertificateManager.CheckDeveloperCertificateKey(_serverCertificate))
-                    {
-                        _logger.LogError(3, ex, CoreStrings.BadDeveloperCertificateState);
-                    }
-                    throw;
-                }
+                await sslStream.AuthenticateAsServerAsync(sslOptions, CancellationToken.None);
 #else
                 var serverCert = _serverCertificate;
                 if (_serverCertificateSelector != null)
@@ -191,22 +178,9 @@ private async Task<IAdaptedConnection> InnerOnConnectionAsync(ConnectionAdapterC
                         EnsureCertificateIsAllowedForServerAuth(serverCert);
                     }
                 }
-                try
-                {
-                    await sslStream.AuthenticateAsServerAsync(serverCert, certificateRequired,
-                    _options.SslProtocols, _options.CheckCertificateRevocation);
 
-                }
-                catch (AuthenticationException ex)
-                {
-                    if (_serverCertificate != null &&
-                        CertificateManager.IsHttpsDevelopmentCertificate(_serverCertificate) &&
-                        !CertificateManager.CheckDeveloperCertificateKey(_serverCertificate))
-                    {
-                        _logger.LogError(3, ex, CoreStrings.BadDeveloperCertificateState);
-                    }
-                    throw;
-                }
+                await sslStream.AuthenticateAsServerAsync(serverCert, certificateRequired,
+                    _options.SslProtocols, _options.CheckCertificateRevocation);
 #endif
             }
             catch (OperationCanceledException)
@@ -223,6 +197,13 @@ await sslStream.AuthenticateAsServerAsync(serverCert, certificateRequired,
             }
             finally
             {
+                if (!sslStream.IsAuthenticated && (_serverCertificate != null ||
+                    CertificateManager.IsHttpsDevelopmentCertificate(_serverCertificate) ||
+                    !CertificateManager.CheckDeveloperCertificateKey(_serverCertificate)))
+                {
+                    _logger?.LogError(3, CoreStrings.BadDeveloperCertificateState);
+                }
+
                 timeoutFeature.CancelTimeout();
             }
 
diff --git a/src/Servers/Kestrel/test/FunctionalTests/HttpsTests.cs b/src/Servers/Kestrel/test/FunctionalTests/HttpsTests.cs
@@ -1,4 +1,4 @@
-﻿// Copyright (c) .NET Foundation. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
@@ -244,6 +244,40 @@ await sslStream.AuthenticateAsClientAsync("127.0.0.1", clientCertificates: null,
             Assert.False(loggerProvider.ErrorLogger.ObjectDisposedExceptionLogged);
         }
 
+        [Fact]
+        public async Task DevCertWithInvalidPrivateKeyProducesCustomWarning()
+        {
+            var loggerProvider = new HandshakeErrorLoggerProvider();
+            LoggerFactory.AddProvider(loggerProvider);
+
+            var listenOptions = new ListenOptions(new IPEndPoint(IPAddress.Loopback, 0));
+            listenOptions.KestrelServerOptions = new KestrelServerOptions();
+            listenOptions.KestrelServerOptions.ApplicationServices = new ServiceCollection()
+                .AddSingleton(LoggerFactory)
+                .BuildServiceProvider();
+
+            var serverCertificate = new X509Certificate2(TestResources.GetTestCertificate().Export(X509ContentType.Cert));
+            listenOptions.UseHttps(serverCertificate);
+            using (var server = new TestServer(context => Task.CompletedTask,
+                new TestServiceContext(LoggerFactory),
+                listenOptions))
+            {
+                using (var connection = server.CreateConnection())
+                using (var sslStream = new SslStream(connection.Stream, true, (sender, certificate, chain, errors) => true))
+                {
+                    // SslProtocols.Tls is TLS 1.0 which isn't supported by Kestrel by default.
+                    await Assert.ThrowsAsync<IOException>(() =>
+                        sslStream.AuthenticateAsClientAsync("127.0.0.1", clientCertificates: null,
+                            enabledSslProtocols: SslProtocols.Tls,
+                            checkCertificateRevocation: false));
+                }
+            }
+
+            await loggerProvider.FilterLogger.LogTcs.Task.DefaultTimeout();
+            Assert.Equal(3, loggerProvider.FilterLogger.LastEventId);
+            Assert.Equal(LogLevel.Error, loggerProvider.FilterLogger.LastLogLevel);
+        }
+
         [Fact]
         public async Task DoesNotThrowObjectDisposedExceptionFromWriteAsyncAfterConnectionIsAborted()
         {
