npgsql/test/Npgsql.Tests/SecurityTests.cs at develop · erbul-dev/npgsql

History

164 lines (147 loc) · 5.94 KB

Raw

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

#region License

// The PostgreSQL License

// Permission to use, copy, modify, and distribute this software and its

// documentation for any purpose, without fee, and without a written

// agreement is hereby granted, provided that the above copyright notice

// and this paragraph and the following two paragraphs appear in all copies.

// IN NO EVENT SHALL THE NPGSQL DEVELOPMENT TEAM BE LIABLE TO ANY PARTY

// FOR DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES,

// INCLUDING LOST PROFITS, ARISING OUT OF THE USE OF THIS SOFTWARE AND ITS

// DOCUMENTATION, EVEN IF THE NPGSQL DEVELOPMENT TEAM HAS BEEN ADVISED OF

// THE POSSIBILITY OF SUCH DAMAGE.

// THE NPGSQL DEVELOPMENT TEAM SPECIFICALLY DISCLAIMS ANY WARRANTIES,

// INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY

// AND FITNESS FOR A PARTICULAR PURPOSE. THE SOFTWARE PROVIDED HEREUNDER IS

// ON AN "AS IS" BASIS, AND THE NPGSQL DEVELOPMENT TEAM HAS NO OBLIGATIONS

// TO PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS.

#endregion

using System;

using System.Collections.Generic;

using System.Linq;

using System.Security;

using System.Security.Permissions;

using System.Text;

using System.Web.UI.WebControls;

using Npgsql;

using NUnit.Framework;

namespace Npgsql.Tests

{

public class SecurityTests : TestBase

{

public SecurityTests(string backendVersion) : base(backendVersion) {}

[Test, Description("Establishes an SSL connection, assuming a self-signed server certificate")]

[TestCase(false, TestName = "TlsClientStream")]

[TestCase(true, TestName = "SslStream")]

public void BasicSsl(bool useSslStream)

{

using (var conn = new NpgsqlConnection(ConnectionString + ";SslMode=Require;TrustServerCertificate=true;" + (useSslStream ? ";UseSslStream=true" : "")))

{

conn.Open();

Assert.That(conn.IsSecure, Is.True);

}

[Test, Description("Makes sure a certificate whose root CA isn't known isn't accepted")]

[TestCase(false, TestName = "TlsClientStream")]

[TestCase(true, TestName = "SslStream")]

public void RejectSelfSignedCertificate(bool useSslStream)

{

using (var conn = new NpgsqlConnection(ConnectionString + ";SslMode=Require;" + (useSslStream ? ";UseSslStream=true" : "")))

{

// The following is necessary since a pooled connector may exist from a previous

// SSL test

NpgsqlConnection.ClearPool(conn);

// TODO: Specific exception, align with SslStream

Assert.That(() => conn.Open(), Throws.Exception);

}

[Test, Description("Makes sure that ssl_renegotiation_limit is always 0, renegotiation is buggy")]

public void NoSslRenegotiation()

{

using (var conn = new NpgsqlConnection(ConnectionString + ";SslMode=Require;TrustServerCertificate=true"))

{

conn.Open();

Assert.That(ExecuteScalar("SHOW ssl_renegotiation_limit", conn), Is.EqualTo("0"));

ExecuteNonQuery("DISCARD ALL");

Assert.That(ExecuteScalar("SHOW ssl_renegotiation_limit", conn), Is.EqualTo("0"));

}

[Test, Description("Makes sure that when SSL is disabled IsSecure returns false")]

public void NonSecure()

{

Assert.That(Conn.IsSecure, Is.False);

}

[Test]

public void IntegratedSecurity()

{

var csb = new NpgsqlConnectionStringBuilder(ConnectionString) {

IntegratedSecurity = true,

Username = null,

Password = null,

};

using (var conn = new NpgsqlConnection(csb))

{

try

{

conn.Open();

}

catch (Exception e)

{

if (TestUtil.IsOnBuildServer)

throw;

Assert.Ignore("Integrated security (GSS/SSPI) doesn't seem to be set up");

}

#region Partial Trust

[Test, Description("Makes sure Npgsql works when running under pseudo-medium trust")]

public void RestrictedTrust()

{

var domainSetup = new AppDomainSetup { ApplicationBase = AppDomain.CurrentDomain.BaseDirectory };

var permissions = new PermissionSet(null);

permissions.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));

var domain = AppDomain.CreateDomain("Partial Trust AppDomain", null, domainSetup, permissions);

try

{

var test = (TrustTestClass) domain.CreateInstanceAndUnwrap(

typeof (TrustTestClass).Assembly.FullName,

typeof (TrustTestClass).FullName

);

test.Go(ConnectionString);

}

finally

{

AppDomain.Unload(domain);

}

[Serializable]

public class TrustTestClass

{

public void Go(string connString)

{

using (var conn = new NpgsqlConnection(connString))

{

conn.Open();

using (var cmd = new NpgsqlCommand("SELECT 1", conn))

{

Assert.That(cmd.ExecuteScalar(), Is.EqualTo(1));

}

#endregion

#region Setup / Teardown / Utils

[SetUp]

public void CheckSslSupport()

{

var sslSupport = (string) ExecuteScalar("SHOW ssl", Conn);

if (sslSupport == "off")

TestUtil.IgnoreExceptOnBuildServer("SSL support isn't enabled at the backend");

}

#endregion

}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

FilesExpand file tree

SecurityTests.cs

Latest commit

History

SecurityTests.cs

File metadata and controls