public async Task <List <TlsTestPending> > GetMxHosts()
{
ReceiveMessageRequest receiveMessageRequest = new ReceiveMessageRequest(_config.SqsQueueUrl)
{
WaitTimeSeconds = 20, //Long polling
MaxNumberOfMessages = 10 // 10 is the max
};
_log.LogDebug("Starting long poll for SQS messages...");
ReceiveMessageResponse receiveMessageResponse = await _sqs.ReceiveMessageAsync(receiveMessageRequest);
_log.LogDebug($"Found {receiveMessageResponse.Messages.Count} SQS messages");
List <TlsTestPending> list = new List <TlsTestPending>();
foreach (Message message in receiveMessageResponse.Messages)
{
try
{
_log.LogDebug($"Deserializing SQS message {message.MessageId}");
TlsTestPending pendingTest = JsonConvert.DeserializeObject <TlsTestPending>(message.Body);
pendingTest.MessageId = message.MessageId;
pendingTest.ReceiptHandle = message.ReceiptHandle;
list.Add(pendingTest);
}
catch (Exception ex)
{
_log.LogError(ex, $"Deserializing SQS message failed for message {message.MessageId}");
}
}
return(list);
}
public async Task HostAreProcessedAndRecentlyProcessedHostsAreNot()
{
TlsTestPending testPending1 = CreateMxHostTestPending(1);
TlsTestPending testPending2 = CreateMxHostTestPending(2);
List <TlsTestPending> list = new List <TlsTestPending>
{
testPending1,
testPending2
};
A.CallTo(() => _mxQueueProcessor.GetMxHosts())
.Returns(Task.FromResult(list)).Once()
.Then
.Returns(Task.FromResult(new List <TlsTestPending>()));
A.CallTo(() => _recentlyProcessedLedger.Contains("host.domain1.gov.uk")).Returns(false);
A.CallTo(() => _recentlyProcessedLedger.Contains("host.domain2.gov.uk")).Returns(true);
A.CallTo(() => _mxQueueProcessor.DeleteMessage(A <string> ._, A <string> ._)).Returns(Task.CompletedTask);
var testResult = CreateMxHostTestResult();
A.CallTo(() => _mxHostTester.Test(testPending1)).Returns(Task.FromResult(testResult)).Once();
A.CallTo(() => _processingFilter.Reserve(A <string> ._)).Returns(true);
A.CallTo(() => _publisher.Publish(A <Message> ._, A <string> ._)).Returns(Task.CompletedTask);
Task process = _mxSecurityTesterProcessor.Process(cancellationTokenSource.Token);
await _pipelineStartBlock.SendAsync(null);
cancellationTokenSource.Cancel();
await process;
A.CallTo(() => _mxQueueProcessor.GetMxHosts()).MustHaveHappenedOnceExactly();
A.CallTo(() => _mxHostTester.Test(testPending1)).MustHaveHappened();
A.CallTo(() => _mxHostTester.Test(testPending2)).MustNotHaveHappened();
A.CallTo(() => _publisher.Publish(testResult, A <string> ._)).MustHaveHappenedOnceExactly();
A.CallTo(() => _mxQueueProcessor.DeleteMessage("MessageId1", "ReceiptHandle1")).MustHaveHappenedOnceExactly();
A.CallTo(() => _mxQueueProcessor.DeleteMessage("MessageId2", "ReceiptHandle2")).MustHaveHappenedOnceExactly();
A.CallTo(() => _processingFilter.Reserve("host.domain1.gov.uk")).MustHaveHappenedOnceExactly();
A.CallTo(() => _processingFilter.Reserve("host.domain2.gov.uk")).MustNotHaveHappened();
A.CallTo(() => _processingFilter.ReleaseReservation("host.domain1.gov.uk")).MustHaveHappenedOnceExactly();
A.CallTo(() => _processingFilter.ReleaseReservation("host.domain2.gov.uk")).MustHaveHappenedOnceExactly();
A.CallTo(() => _recentlyProcessedLedger.Set("host.domain1.gov.uk")).MustHaveHappenedOnceExactly();
A.CallTo(() => _recentlyProcessedLedger.Set("host.domain2.gov.uk")).MustNotHaveHappened();
}
public async Task <TlsTestResults> Test(TlsTestPending tlsTest)
{
List <TlsTestResult> results = new List <TlsTestResult>();
List <X509Certificate2> certificates = new List <X509Certificate2>();
if (!string.IsNullOrWhiteSpace(tlsTest.Id) && tlsTest.Id.Trim() != ".")
{
results = await _tlsSecurityTester.Test(tlsTest.Id);
certificates = results.FirstOrDefault(_ => _.Result.Certificates.Any())?
.Result.Certificates.ToList() ?? new List <X509Certificate2>();
}
BouncyCastleTlsTestResult tls12AvailableWithBestCipherSuiteSelected = ToTestResult(
results.FirstOrDefault(_ => _.Test.Id == (int)TlsTestType.Tls12AvailableWithBestCipherSuiteSelected));
BouncyCastleTlsTestResult tls12AvailableWithBestCipherSuiteSelectedFromReverseList = ToTestResult(
results.FirstOrDefault(_ =>
_.Test.Id ==
(int)TlsTestType.Tls12AvailableWithBestCipherSuiteSelectedFromReverseList));
BouncyCastleTlsTestResult tls12AvailableWithSha2HashFunctionSelected = ToTestResult(results.FirstOrDefault(
_ =>
_.Test.Id == (int)TlsTestType.Tls12AvailableWithSha2HashFunctionSelected));
BouncyCastleTlsTestResult tls12AvailableWithWeakCipherSuiteNotSelected = ToTestResult(
results.FirstOrDefault(_ =>
_.Test.Id == (int)TlsTestType.Tls12AvailableWithWeakCipherSuiteNotSelected));
BouncyCastleTlsTestResult tls11AvailableWithBestCipherSuiteSelected = ToTestResult(results.FirstOrDefault(
_ =>
_.Test.Id == (int)TlsTestType.Tls11AvailableWithBestCipherSuiteSelected));
BouncyCastleTlsTestResult tls11AvailableWithWeakCipherSuiteNotSelected = ToTestResult(
results.FirstOrDefault(_ =>
_.Test.Id == (int)TlsTestType.Tls11AvailableWithWeakCipherSuiteNotSelected));
BouncyCastleTlsTestResult tls10AvailableWithBestCipherSuiteSelected = ToTestResult(results.FirstOrDefault(
_ =>
_.Test.Id == (int)TlsTestType.Tls10AvailableWithBestCipherSuiteSelected));
BouncyCastleTlsTestResult tls10AvailableWithWeakCipherSuiteNotSelected = ToTestResult(
results.FirstOrDefault(_ =>
_.Test.Id == (int)TlsTestType.Tls10AvailableWithWeakCipherSuiteNotSelected));
BouncyCastleTlsTestResult ssl3FailsWithBadCipherSuite = ToTestResult(results.FirstOrDefault(_ =>
_.Test.Id == (int)TlsTestType.Ssl3FailsWithBadCipherSuite));
BouncyCastleTlsTestResult tlsSecureEllipticCurveSelected = ToTestResult(results.FirstOrDefault(_ =>
_.Test.Id == (int)TlsTestType.TlsSecureEllipticCurveSelected));
BouncyCastleTlsTestResult tlsSecureDiffieHellmanGroupSelected = ToTestResult(results.FirstOrDefault(_ =>
_.Test.Id == (int)TlsTestType.TlsSecureDiffieHellmanGroupSelected));
BouncyCastleTlsTestResult tlsWeakCipherSuitesRejected = ToTestResult(results.FirstOrDefault(_ =>
_.Test.Id == (int)TlsTestType.TlsWeakCipherSuitesRejected));
return
(new TlsTestResults(tlsTest.Id,
IsErrored(results),
CheckHostNotFound(results),
tls12AvailableWithBestCipherSuiteSelected,
tls12AvailableWithBestCipherSuiteSelectedFromReverseList,
tls12AvailableWithSha2HashFunctionSelected,
tls12AvailableWithWeakCipherSuiteNotSelected,
tls11AvailableWithBestCipherSuiteSelected,
tls11AvailableWithWeakCipherSuiteNotSelected,
tls10AvailableWithBestCipherSuiteSelected,
tls10AvailableWithWeakCipherSuiteNotSelected,
ssl3FailsWithBadCipherSuite,
tlsSecureEllipticCurveSelected,
tlsSecureDiffieHellmanGroupSelected,
tlsWeakCipherSuitesRejected,
certificates.Select(_ => Convert.ToBase64String(_.RawData)).ToList(),
new List <SelectedCipherSuite>
{
new SelectedCipherSuite(TlsTestType.Tls12AvailableWithBestCipherSuiteSelected.ToString(),
tls12AvailableWithBestCipherSuiteSelected?.CipherSuite?.ToString()),
new SelectedCipherSuite(
TlsTestType.Tls12AvailableWithBestCipherSuiteSelectedFromReverseList.ToString(),
tls12AvailableWithBestCipherSuiteSelectedFromReverseList?.CipherSuite
?.ToString()),
new SelectedCipherSuite(TlsTestType.Tls12AvailableWithSha2HashFunctionSelected.ToString(),
tls12AvailableWithSha2HashFunctionSelected?.CipherSuite?.ToString()),
new SelectedCipherSuite(TlsTestType.Tls12AvailableWithWeakCipherSuiteNotSelected.ToString(),
tls12AvailableWithWeakCipherSuiteNotSelected?.CipherSuite?.ToString()),
new SelectedCipherSuite(TlsTestType.Tls11AvailableWithBestCipherSuiteSelected.ToString(),
tls11AvailableWithBestCipherSuiteSelected?.CipherSuite?.ToString()),
new SelectedCipherSuite(TlsTestType.Tls11AvailableWithWeakCipherSuiteNotSelected.ToString(),
tls11AvailableWithWeakCipherSuiteNotSelected?.CipherSuite?.ToString()),
new SelectedCipherSuite(TlsTestType.Tls10AvailableWithBestCipherSuiteSelected.ToString(),
tls10AvailableWithBestCipherSuiteSelected?.CipherSuite?.ToString()),
new SelectedCipherSuite(TlsTestType.Tls10AvailableWithWeakCipherSuiteNotSelected.ToString(),
tls10AvailableWithWeakCipherSuiteNotSelected?.CipherSuite?.ToString()),
new SelectedCipherSuite(TlsTestType.Ssl3FailsWithBadCipherSuite.ToString(),
ssl3FailsWithBadCipherSuite?.CipherSuite?.ToString()),
new SelectedCipherSuite(TlsTestType.TlsSecureEllipticCurveSelected.ToString(),
tlsSecureEllipticCurveSelected?.CipherSuite?.ToString()),
new SelectedCipherSuite(TlsTestType.TlsSecureDiffieHellmanGroupSelected.ToString(),
tlsSecureDiffieHellmanGroupSelected?.CipherSuite?.ToString()),
new SelectedCipherSuite(TlsTestType.TlsWeakCipherSuitesRejected.ToString(),
tlsWeakCipherSuitesRejected?.CipherSuite?.ToString())
}
));
}
