public async Task Run(List <string> hosts)
{
foreach (string host in hosts)
{
_log.Debug($"Testing TLS for {host}");
List <TlsTestResult> testlResults = await _tlsSecurityTester.Test(host);
foreach (var testlResult in testlResults)
{
_log.Debug($"{testlResult.Test.Id} : {testlResult.Test.Name},");
_log.Debug($"\t{testlResult.Result}");
}
}
}
public async Task <MxRecordTlsSecurityProfile> Test(MxRecordTlsSecurityProfile mxRecordTlsSecurityProfile)
{
List <Console.TlsTestResult> results = new List <Console.TlsTestResult>();
List <X509Certificate2> certificates = null;
if (!string.IsNullOrWhiteSpace(mxRecordTlsSecurityProfile.MxRecord.Hostname))
{
results = await _tlsSecurityTester.Test(mxRecordTlsSecurityProfile.MxRecord.Hostname);
certificates = results.FirstOrDefault(_ => _.Result.Certificates.Any())?
.Result.Certificates.ToList() ?? new List <X509Certificate2>();
}
return(new MxRecordTlsSecurityProfile(mxRecordTlsSecurityProfile.MxRecord,
new TlsSecurityProfile(
mxRecordTlsSecurityProfile.TlsSecurityProfile.Id,
null,
new TlsTestResults(
IsErrored(results)
? mxRecordTlsSecurityProfile.TlsSecurityProfile.TlsResults.FailureCount + 1
: 0, new TlsTestResultsWithoutCertificate(
ToTestResult(results.FirstOrDefault(_ =>
_.Test.Id == (int)TlsTestType.Tls12AvailableWithBestCipherSuiteSelected)),
ToTestResult(results.FirstOrDefault(_ =>
_.Test.Id ==
(int)TlsTestType.Tls12AvailableWithBestCipherSuiteSelectedFromReverseList)),
ToTestResult(results.FirstOrDefault(_ =>
_.Test.Id == (int)TlsTestType.Tls12AvailableWithSha2HashFunctionSelected)),
ToTestResult(results.FirstOrDefault(_ =>
_.Test.Id == (int)TlsTestType.Tls12AvailableWithWeakCipherSuiteNotSelected)),
ToTestResult(results.FirstOrDefault(_ =>
_.Test.Id == (int)TlsTestType.Tls11AvailableWithBestCipherSuiteSelected)),
ToTestResult(results.FirstOrDefault(_ =>
_.Test.Id == (int)TlsTestType.Tls11AvailableWithWeakCipherSuiteNotSelected)),
ToTestResult(results.FirstOrDefault(_ =>
_.Test.Id == (int)TlsTestType.Tls10AvailableWithBestCipherSuiteSelected)),
ToTestResult(results.FirstOrDefault(_ =>
_.Test.Id == (int)TlsTestType.Tls10AvailableWithWeakCipherSuiteNotSelected)),
ToTestResult(results.FirstOrDefault(_ =>
_.Test.Id == (int)TlsTestType.Ssl3FailsWithBadCipherSuite)),
ToTestResult(results.FirstOrDefault(_ =>
_.Test.Id == (int)TlsTestType.TlsSecureEllipticCurveSelected)),
ToTestResult(results.FirstOrDefault(_ =>
_.Test.Id == (int)TlsTestType.TlsSecureDiffieHellmanGroupSelected)),
ToTestResult(results.FirstOrDefault(_ =>
_.Test.Id == (int)TlsTestType.TlsWeakCipherSuitesRejected))),
certificates))));
}
public async Task <TlsTestResults> Test(TlsTestPending tlsTest)
{
List <TlsTestResult> results = new List <TlsTestResult>();
List <X509Certificate2> certificates = new List <X509Certificate2>();
if (!string.IsNullOrWhiteSpace(tlsTest.Id) && tlsTest.Id.Trim() != ".")
{
results = await _tlsSecurityTester.Test(tlsTest.Id);
certificates = results.FirstOrDefault(_ => _.Result.Certificates.Any())?
.Result.Certificates.ToList() ?? new List <X509Certificate2>();
}
BouncyCastleTlsTestResult tls12AvailableWithBestCipherSuiteSelected = ToTestResult(
results.FirstOrDefault(_ => _.Test.Id == (int)TlsTestType.Tls12AvailableWithBestCipherSuiteSelected));
BouncyCastleTlsTestResult tls12AvailableWithBestCipherSuiteSelectedFromReverseList = ToTestResult(
results.FirstOrDefault(_ =>
_.Test.Id ==
(int)TlsTestType.Tls12AvailableWithBestCipherSuiteSelectedFromReverseList));
BouncyCastleTlsTestResult tls12AvailableWithSha2HashFunctionSelected = ToTestResult(results.FirstOrDefault(
_ =>
_.Test.Id == (int)TlsTestType.Tls12AvailableWithSha2HashFunctionSelected));
BouncyCastleTlsTestResult tls12AvailableWithWeakCipherSuiteNotSelected = ToTestResult(
results.FirstOrDefault(_ =>
_.Test.Id == (int)TlsTestType.Tls12AvailableWithWeakCipherSuiteNotSelected));
BouncyCastleTlsTestResult tls11AvailableWithBestCipherSuiteSelected = ToTestResult(results.FirstOrDefault(
_ =>
_.Test.Id == (int)TlsTestType.Tls11AvailableWithBestCipherSuiteSelected));
BouncyCastleTlsTestResult tls11AvailableWithWeakCipherSuiteNotSelected = ToTestResult(
results.FirstOrDefault(_ =>
_.Test.Id == (int)TlsTestType.Tls11AvailableWithWeakCipherSuiteNotSelected));
BouncyCastleTlsTestResult tls10AvailableWithBestCipherSuiteSelected = ToTestResult(results.FirstOrDefault(
_ =>
_.Test.Id == (int)TlsTestType.Tls10AvailableWithBestCipherSuiteSelected));
BouncyCastleTlsTestResult tls10AvailableWithWeakCipherSuiteNotSelected = ToTestResult(
results.FirstOrDefault(_ =>
_.Test.Id == (int)TlsTestType.Tls10AvailableWithWeakCipherSuiteNotSelected));
BouncyCastleTlsTestResult ssl3FailsWithBadCipherSuite = ToTestResult(results.FirstOrDefault(_ =>
_.Test.Id == (int)TlsTestType.Ssl3FailsWithBadCipherSuite));
BouncyCastleTlsTestResult tlsSecureEllipticCurveSelected = ToTestResult(results.FirstOrDefault(_ =>
_.Test.Id == (int)TlsTestType.TlsSecureEllipticCurveSelected));
BouncyCastleTlsTestResult tlsSecureDiffieHellmanGroupSelected = ToTestResult(results.FirstOrDefault(_ =>
_.Test.Id == (int)TlsTestType.TlsSecureDiffieHellmanGroupSelected));
BouncyCastleTlsTestResult tlsWeakCipherSuitesRejected = ToTestResult(results.FirstOrDefault(_ =>
_.Test.Id == (int)TlsTestType.TlsWeakCipherSuitesRejected));
return
(new TlsTestResults(tlsTest.Id,
IsErrored(results),
CheckHostNotFound(results),
tls12AvailableWithBestCipherSuiteSelected,
tls12AvailableWithBestCipherSuiteSelectedFromReverseList,
tls12AvailableWithSha2HashFunctionSelected,
tls12AvailableWithWeakCipherSuiteNotSelected,
tls11AvailableWithBestCipherSuiteSelected,
tls11AvailableWithWeakCipherSuiteNotSelected,
tls10AvailableWithBestCipherSuiteSelected,
tls10AvailableWithWeakCipherSuiteNotSelected,
ssl3FailsWithBadCipherSuite,
tlsSecureEllipticCurveSelected,
tlsSecureDiffieHellmanGroupSelected,
tlsWeakCipherSuitesRejected,
certificates.Select(_ => Convert.ToBase64String(_.RawData)).ToList(),
new List <SelectedCipherSuite>
{
new SelectedCipherSuite(TlsTestType.Tls12AvailableWithBestCipherSuiteSelected.ToString(),
tls12AvailableWithBestCipherSuiteSelected?.CipherSuite?.ToString()),
new SelectedCipherSuite(
TlsTestType.Tls12AvailableWithBestCipherSuiteSelectedFromReverseList.ToString(),
tls12AvailableWithBestCipherSuiteSelectedFromReverseList?.CipherSuite
?.ToString()),
new SelectedCipherSuite(TlsTestType.Tls12AvailableWithSha2HashFunctionSelected.ToString(),
tls12AvailableWithSha2HashFunctionSelected?.CipherSuite?.ToString()),
new SelectedCipherSuite(TlsTestType.Tls12AvailableWithWeakCipherSuiteNotSelected.ToString(),
tls12AvailableWithWeakCipherSuiteNotSelected?.CipherSuite?.ToString()),
new SelectedCipherSuite(TlsTestType.Tls11AvailableWithBestCipherSuiteSelected.ToString(),
tls11AvailableWithBestCipherSuiteSelected?.CipherSuite?.ToString()),
new SelectedCipherSuite(TlsTestType.Tls11AvailableWithWeakCipherSuiteNotSelected.ToString(),
tls11AvailableWithWeakCipherSuiteNotSelected?.CipherSuite?.ToString()),
new SelectedCipherSuite(TlsTestType.Tls10AvailableWithBestCipherSuiteSelected.ToString(),
tls10AvailableWithBestCipherSuiteSelected?.CipherSuite?.ToString()),
new SelectedCipherSuite(TlsTestType.Tls10AvailableWithWeakCipherSuiteNotSelected.ToString(),
tls10AvailableWithWeakCipherSuiteNotSelected?.CipherSuite?.ToString()),
new SelectedCipherSuite(TlsTestType.Ssl3FailsWithBadCipherSuite.ToString(),
ssl3FailsWithBadCipherSuite?.CipherSuite?.ToString()),
new SelectedCipherSuite(TlsTestType.TlsSecureEllipticCurveSelected.ToString(),
tlsSecureEllipticCurveSelected?.CipherSuite?.ToString()),
new SelectedCipherSuite(TlsTestType.TlsSecureDiffieHellmanGroupSelected.ToString(),
tlsSecureDiffieHellmanGroupSelected?.CipherSuite?.ToString()),
new SelectedCipherSuite(TlsTestType.TlsWeakCipherSuitesRejected.ToString(),
tlsWeakCipherSuitesRejected?.CipherSuite?.ToString())
}
));
}
