Made the ServerHostname param mandatory, added some net tests

poshsecurity · Nov 18, 2018 · 19fb18f · 19fb18f
1 parent eb335c1
commit 19fb18f
Show file tree

Hide file tree

Showing 2 changed files with 33 additions and 10 deletions.
diff --git a/private/Get-TCPWriter.ps1 b/private/Get-TCPWriter.ps1
@@ -33,7 +33,7 @@
         $UseTLS,
 
         # Server Hostname to validate against the certificate presented during TLS validation
-        [Parameter(Mandatory        = $false,
+        [Parameter(Mandatory        = $true,
                    ParameterSetName = 'UseTLS')]
         [string]
         $ServerHostname,

diff --git a/tests/Get-TCPWriter.Tests.ps1 b/tests/Get-TCPWriter.Tests.ps1
@@ -15,28 +15,51 @@ $Env:ModuleBase = $ModuleBase
 
 Import-Module $ModuleBase\$ModuleName.psd1 -PassThru -ErrorAction Stop | Out-Null
 
+Write-Warning -Message ('These tests require access to google.com (TCP 80 and 443)')
+
 # InModuleScope runs the test in module scope.
 # It creates all variables and functions in module scope.
 # As a result, test has access to all functions, variables and aliases
 # in the module even if they're not exported.
 InModuleScope $script:ModuleName {
     Describe "Basic function unit tests" -Tags Build , Unit{
-        # Open TCP 514 so we can test TCP connections (without hitting the network)
-        $TCPEndpoint = New-Object System.Net.IPEndPoint ([IPAddress]::Loopback,514)
-        $TCPListener = New-Object System.Net.Sockets.TcpListener $TCPEndpoint
-        $TCPListener.start()
 
-        $TCPClient = Connect-TCPClient -Server '127.0.0.1' -port 514
+        It 'Connects to a known port and does not throw' {
+            $TCPClient = Connect-TCPClient -Server 'google.com' -port 80
+            {
+                $TCPWriter = Get-TCPWriter -TcpClient $TCPClient
+                Disconnect-TCPWriter -TcpWriter $TCPWriter
+            } | should not throw
+        }
 
-        It 'creates a TCPWriter' {
+        It 'Connects to a known port and returns a TCP writer' {
+            $TCPClient = Connect-TCPClient -Server 'google.com' -port 80
             $TCPWriter = Get-TCPWriter -TcpClient $TCPClient
-            $TCPWriter | should not be $null
+            $TCPWriter | Should -BeOfType System.IO.StreamWriter
             Disconnect-TCPWriter -TcpWriter $TCPWriter
         }
 
-        Disconnect-TCPClient $TCPClient
+        It 'Connects to a known port over TLS and returns a TCP writer' {
+            $TCPClient = Connect-TCPClient -Server 'google.com' -port 443
+            {
+                $TCPWriter = Get-TCPWriter -TcpClient $TCPClient -UseTLS -ServerHostname 'google.com'
+                Disconnect-TCPWriter -TcpWriter $TCPWriter
+            } | should not throw
+        }
+
+        It 'Throws an error if connecting and the certificate does not match' {
+            $TCPClient = Connect-TCPClient -Server 'google.com' -port 443
+            $TCPWriter = Get-TCPWriter -TcpClient $TCPClient -UseTLS -ServerHostname 'google.com'
+            $TCPWriter | Should -BeOfType System.IO.StreamWriter
+            Disconnect-TCPWriter -TcpWriter $TCPWriter
+        }
 
-        $TCPListener.stop()
+        It 'Does not throw an error if connecting and the certificate does not match and -DoNotValidateTLSCertificate is used and returns a TCP writer' {
+            $TCPClient = Connect-TCPClient -Server 'google.com' -port 443
+            $TCPWriter = Get-TCPWriter -TcpClient $TCPClient -UseTLS -ServerHostname 'notgoogle.com' -DoNotValidateTLSCertificate
+            $TCPWriter | Should -BeOfType System.IO.StreamWriter
+            Disconnect-TCPWriter -TcpWriter $TCPWriter
+        }
     }
 
 }