public static IEnumerable<CipherInstrumentParameters> GetParameters (TestContext ctx, InstrumentationCategory category)
{
switch (category) {
case InstrumentationCategory.SelectClientCipher:
return SelectAllCiphers ((protocol, cipher) => {
var parameters = CreateParameters (category, CipherInstrumentType.SelectClientCipher, protocol, cipher);
parameters.ProtocolVersion = protocol;
parameters.ClientCiphers = new CipherSuiteCode[] { cipher };
parameters.ExpectedClientCipher = cipher;
return parameters;
});
case InstrumentationCategory.SelectServerCipher:
return SelectAllCiphers ((protocol, cipher) => {
var parameters = CreateParameters (category, CipherInstrumentType.SelectServerCipher, protocol, cipher);
parameters.ProtocolVersion = protocol;
parameters.ServerCiphers = new CipherSuiteCode[] { cipher };
parameters.ExpectedServerCipher = cipher;
return parameters;
});
case InstrumentationCategory.SelectCipher:
return ConnectionTypes.Select (t => Create (ctx, category, t));
default:
ctx.AssertFail ("Unsupported instrumentation category: '{0}'.", category);
return null;
}
}
static SignatureInstrumentParameters Create(
TestContext ctx, InstrumentationCategory category, SignatureInstrumentType type,
SignatureAndHashAlgorithm algorithm, CipherSuiteCode cipher)
{
var parameters = CreateParameters(category, type, algorithm.Hash, algorithm.Signature, cipher);
parameters.ClientCertificate = ResourceManager.MonkeyCertificate;
parameters.RequireClientCertificate = true;
var signatureParameters = new SignatureParameters();
signatureParameters.Add(algorithm);
switch (type)
{
case SignatureInstrumentType.ClientSignatureAlgorithmAndCipher:
parameters.ClientSignatureParameters = signatureParameters;
parameters.ClientCiphers = new CipherSuiteCode[] { cipher };
break;
case SignatureInstrumentType.ServerSignatureAlgorithmAndCipher:
parameters.ServerSignatureAlgorithm = algorithm;
parameters.ServerCiphers = new CipherSuiteCode[] { cipher };
break;
default:
ctx.AssertFail("Unsupported signature instrument: '{0}'.", type);
break;
}
return(parameters);
}
static CipherInstrumentParameters Create(TestContext ctx, InstrumentationCategory category, CipherInstrumentType type)
{
var parameters = CreateParameters(category, type);
switch (type)
{
case CipherInstrumentType.SelectClientCipher:
parameters.ProtocolVersion = ctx.GetParameter <ProtocolVersions> ();
parameters.ClientCiphers = new CipherSuiteCode[] { ctx.GetParameter <CipherSuiteCode> () };
parameters.ValidateCipherList = true;
break;
case CipherInstrumentType.SelectServerCipher:
parameters.ProtocolVersion = ctx.GetParameter <ProtocolVersions> ();
parameters.ServerCiphers = new CipherSuiteCode[] { ctx.GetParameter <CipherSuiteCode> () };
parameters.ValidateCipherList = true;
break;
case CipherInstrumentType.InvalidCipher:
parameters.ServerCiphers = new CipherSuiteCode[] { CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA };
parameters.ClientCiphers = new CipherSuiteCode[] { CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 };
parameters.ProtocolVersion = ProtocolVersions.Tls12;
parameters.ExpectServerAlert = AlertDescription.HandshakeFailure;
break;
default:
ctx.AssertFail("Unsupported cipher instrument: '{0}'.", type);
break;
}
return(parameters);
}
public InstrumentationConnectionType (InstrumentationCategory category, ConnectionProviderType clientType, ConnectionProviderType serverType)
{
Category = category;
ClientType = clientType;
ServerType = serverType;
Value = string.Format ("{0}:{1}:{2}", category, clientType, serverType);
}
public static IEnumerable<GenericConnectionInstrumentType> GetInstrumentationTypes (TestContext ctx, InstrumentationCategory category)
{
switch (category) {
case InstrumentationCategory.ClientConnection:
yield return GenericConnectionInstrumentType.FragmentHandshakeMessages;
yield return GenericConnectionInstrumentType.SendBlobAfterReceivingFinish;
yield return GenericConnectionInstrumentType.InvalidClientCertificateV1;
break;
case InstrumentationCategory.ServerConnection:
yield return GenericConnectionInstrumentType.FragmentHandshakeMessages;
yield return GenericConnectionInstrumentType.InvalidServerCertificateV1;
yield return GenericConnectionInstrumentType.InvalidServerCertificateRsa512;
break;
case InstrumentationCategory.Connection:
yield return GenericConnectionInstrumentType.FragmentHandshakeMessages;
yield return GenericConnectionInstrumentType.ServerProvidesInvalidCertificate;
yield return GenericConnectionInstrumentType.ClientProvidesInvalidCertificate;
yield return GenericConnectionInstrumentType.RequireRsaKeyExchange;
yield return GenericConnectionInstrumentType.RsaKeyExchangeNotAllowed;
yield return GenericConnectionInstrumentType.RequireDheKeyExchange;
yield return GenericConnectionInstrumentType.DheKeyExchangeNotAllowed;
break;
case InstrumentationCategory.CertificateChecks:
yield return GenericConnectionInstrumentType.InvalidServerCertificateV1;
yield return GenericConnectionInstrumentType.InvalidServerCertificateRsa512;
yield return GenericConnectionInstrumentType.InvalidClientCertificateV1;
yield return GenericConnectionInstrumentType.InvalidServerCertificateRsa512;
yield return GenericConnectionInstrumentType.ServerProvidesInvalidCertificate;
yield return GenericConnectionInstrumentType.ClientProvidesInvalidCertificate;
yield return GenericConnectionInstrumentType.RequireRsaKeyExchange;
yield return GenericConnectionInstrumentType.RsaKeyExchangeNotAllowed;
yield return GenericConnectionInstrumentType.RequireDheKeyExchange;
yield return GenericConnectionInstrumentType.DheKeyExchangeNotAllowed;
yield return GenericConnectionInstrumentType.ClientCertificateInvalidForRsa;
yield return GenericConnectionInstrumentType.ClientProvidesCertificateThatsInvalidForRsa;
yield return GenericConnectionInstrumentType.ClientCertificateInvalidForDhe;
yield return GenericConnectionInstrumentType.ClientProvidesCertificateThatsInvalidForDhe;
yield return GenericConnectionInstrumentType.ClientCertificateRequiresRsaKeyExchange;
yield return GenericConnectionInstrumentType.ClientCertificateRequiresDheKeyExchange;
break;
case InstrumentationCategory.MartinTest:
yield return GenericConnectionInstrumentType.MartinTest;
break;
default:
ctx.AssertFail ("Unsupported instrumentation category: '{0}'.", category);
break;
}
}
static SimpleConnectionParameters CreateParameters(InstrumentationCategory category, SimpleConnectionType type, params object[] args)
{
var sb = new StringBuilder();
sb.Append(type);
foreach (var arg in args)
{
sb.AppendFormat(":{0}", arg);
}
var name = sb.ToString();
return(new SimpleConnectionParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
ClientCertificateValidator = AcceptAnyCertificate
});
}
public static IEnumerable<CipherInstrumentParameters> GetParameters (TestContext ctx, InstrumentationCategory category)
{
switch (category) {
case InstrumentationCategory.SelectClientCipher:
return SelectClientCipherTypes.Select (t => Create (ctx, category, t));
case InstrumentationCategory.SelectServerCipher:
return SelectServerCipherTypes.Select (t => Create (ctx, category, t));
case InstrumentationCategory.SelectCipher:
return ConnectionTypes.Select (t => Create (ctx, category, t));
default:
ctx.AssertFail ("Unsupported instrumentation category: '{0}'.", category);
return null;
}
}
static RenegotiationInstrumentParameters CreateParameters(InstrumentationCategory category, RenegotiationInstrumentType type, params object[] args)
{
var sb = new StringBuilder();
sb.Append(type);
foreach (var arg in args)
{
sb.AppendFormat(":{0}", arg);
}
var name = sb.ToString();
return(new RenegotiationInstrumentParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
ClientCertificateValidator = AcceptAnyCertificate, ServerCertificateValidator = AcceptAnyCertificate,
ProtocolVersion = ProtocolVersions.Tls12
});
}
public static MonoConnectionFlags GetConnectionFlags (TestContext ctx, InstrumentationCategory category)
{
switch (category) {
case InstrumentationCategory.AllClientSignatureAlgorithms:
case InstrumentationCategory.ClientSignatureParameters:
case InstrumentationCategory.ClientConnection:
return MonoConnectionFlags.ClientInstrumentation;
case InstrumentationCategory.AllServerSignatureAlgorithms:
case InstrumentationCategory.ServerSignatureParameters:
case InstrumentationCategory.ServerConnection:
return MonoConnectionFlags.ServerInstrumentation;
case InstrumentationCategory.SignatureAlgorithms:
case InstrumentationCategory.Connection:
return MonoConnectionFlags.ClientInstrumentation | MonoConnectionFlags.ServerInstrumentation;
case InstrumentationCategory.MartinTest:
return MonoConnectionFlags.ServerInstrumentation | MonoConnectionFlags.ClientInstrumentation;
default:
ctx.AssertFail ("Unsupported instrumentation category: '{0}'.", category);
return MonoConnectionFlags.None;
}
}
public static IEnumerable<SimpleConnectionType> GetTestTypes (TestContext ctx, InstrumentationCategory category)
{
switch (category) {
case InstrumentationCategory.SimpleMonoClient:
yield return SimpleConnectionType.SimpleTls10;
yield return SimpleConnectionType.SimpleTls11;
yield return SimpleConnectionType.SimpleTls12;
yield break;
case InstrumentationCategory.SimpleMonoServer:
yield return SimpleConnectionType.SimpleTls10;
yield return SimpleConnectionType.SimpleTls11;
yield return SimpleConnectionType.SimpleTls12;
yield break;
case InstrumentationCategory.SimpleMonoConnection:
yield return SimpleConnectionType.SimpleTls10;
yield return SimpleConnectionType.SimpleTls11;
yield return SimpleConnectionType.SimpleTls12;
yield return SimpleConnectionType.CipherSelectionOrder;
yield return SimpleConnectionType.CipherSelectionOrder2;
yield break;
case InstrumentationCategory.MonoProtocolVersions:
yield return SimpleConnectionType.Simple;
yield return SimpleConnectionType.ValidateCertificate;
yield return SimpleConnectionType.RequestClientCertificate;
yield return SimpleConnectionType.RequireClientCertificateRSA;
yield return SimpleConnectionType.RequireClientCertificateDHE;
yield break;
case InstrumentationCategory.MartinTest:
yield return SimpleConnectionType.MartinTest;
yield break;
default:
ctx.AssertFail ("Unspported connection category: '{0}.", category);
yield break;
}
}
public static IEnumerable<SimpleConnectionParameters> GetParameters (TestContext ctx, InstrumentationCategory category)
{
switch (category) {
case InstrumentationCategory.SimpleMonoClient:
return ClientConnectionTypes.Select (t => Create (ctx, category, t));
case InstrumentationCategory.SimpleMonoServer:
return ServerConnectionTypes.Select (t => Create (ctx, category, t));
case InstrumentationCategory.SimpleMonoConnection:
return ConnectionTypes.Select (t => Create (ctx, category, t));
case InstrumentationCategory.MonoProtocolVersions:
return AllVersionTypes.Select (t => Create (ctx, category, t));
case InstrumentationCategory.MartinTest:
return MartinTestTypes.Select (t => Create (ctx, category, t));
default:
ctx.AssertFail ("Unsupported connection category: '{0}'.", category);
return null;
}
}
public static IEnumerable<SignatureInstrumentParameters> GetParameters (TestContext ctx, InstrumentationCategory category)
{
switch (category) {
case InstrumentationCategory.AllClientSignatureAlgorithms:
return SelectAlgorithmsAndCiphers (SignatureInstrumentType.ClientSignatureAlgorithmAndCipher).Select (t => Create (ctx, category, t.Item1, t.Item2, t.Item3));
case InstrumentationCategory.AllServerSignatureAlgorithms:
return SelectAlgorithmsAndCiphers (SignatureInstrumentType.ServerSignatureAlgorithmAndCipher).Select (t => Create (ctx, category, t.Item1, t.Item2, t.Item3));
case InstrumentationCategory.ClientSignatureParameters:
return ClientSignatureParameterTypes.Select (t => Create (ctx, category, t));
case InstrumentationCategory.ServerSignatureParameters:
return ServerSignatureParameterTypes.Select (t => Create (ctx, category, t));
case InstrumentationCategory.SignatureAlgorithms:
return SignatureParameterTypes.Select (t => Create (ctx, category, t));
default:
ctx.AssertFail ("Unsupported instrumentation category: '{0}'.", category);
return null;
}
}
public static IEnumerable <SignatureInstrumentParameters> GetParameters(TestContext ctx, InstrumentationCategory category)
{
switch (category)
{
case InstrumentationCategory.AllClientSignatureAlgorithms:
return(SelectAlgorithmsAndCiphers(SignatureInstrumentType.ClientSignatureAlgorithmAndCipher).Select(t => Create(ctx, category, t.Item1, t.Item2, t.Item3)));
case InstrumentationCategory.AllServerSignatureAlgorithms:
return(SelectAlgorithmsAndCiphers(SignatureInstrumentType.ServerSignatureAlgorithmAndCipher).Select(t => Create(ctx, category, t.Item1, t.Item2, t.Item3)));
case InstrumentationCategory.ClientSignatureParameters:
return(ClientSignatureParameterTypes.Select(t => Create(ctx, category, t)));
case InstrumentationCategory.ServerSignatureParameters:
return(ServerSignatureParameterTypes.Select(t => Create(ctx, category, t)));
case InstrumentationCategory.SignatureAlgorithms:
return(SignatureParameterTypes.Select(t => Create(ctx, category, t)));
default:
ctx.AssertFail("Unsupported instrumentation category: '{0}'.", category);
return(null);
}
}
public static IEnumerable <CipherInstrumentParameters> GetParameters(TestContext ctx, InstrumentationCategory category)
{
switch (category)
{
case InstrumentationCategory.SelectClientCipher:
return(SelectClientCipherTypes.Select(t => Create(ctx, category, t)));
case InstrumentationCategory.SelectServerCipher:
return(SelectServerCipherTypes.Select(t => Create(ctx, category, t)));
case InstrumentationCategory.SelectCipher:
return(ConnectionTypes.Select(t => Create(ctx, category, t)));
default:
ctx.AssertFail("Unsupported instrumentation category: '{0}'.", category);
return(null);
}
}
public static IEnumerable <SimpleConnectionType> GetTestTypes(TestContext ctx, InstrumentationCategory category)
{
switch (category)
{
case InstrumentationCategory.SimpleMonoClient:
yield return(SimpleConnectionType.SimpleTls10);
yield return(SimpleConnectionType.SimpleTls11);
yield return(SimpleConnectionType.SimpleTls12);
yield break;
case InstrumentationCategory.SimpleMonoServer:
yield return(SimpleConnectionType.SimpleTls10);
yield return(SimpleConnectionType.SimpleTls11);
yield return(SimpleConnectionType.SimpleTls12);
yield break;
case InstrumentationCategory.SimpleMonoConnection:
yield return(SimpleConnectionType.SimpleTls10);
yield return(SimpleConnectionType.SimpleTls11);
yield return(SimpleConnectionType.SimpleTls12);
yield return(SimpleConnectionType.CipherSelectionOrder);
yield return(SimpleConnectionType.CipherSelectionOrder2);
yield break;
case InstrumentationCategory.MonoProtocolVersions:
yield return(SimpleConnectionType.Simple);
yield return(SimpleConnectionType.ValidateCertificate);
yield return(SimpleConnectionType.RequestClientCertificate);
yield return(SimpleConnectionType.RequireClientCertificateRSA);
yield return(SimpleConnectionType.RequireClientCertificateDHE);
yield break;
case InstrumentationCategory.MartinTest:
yield return(SimpleConnectionType.MartinTest);
yield break;
default:
ctx.AssertFail("Unspported connection category: '{0}.", category);
yield break;
}
}
public InstrumentationConnectionProvider(ConnectionProvider client, ConnectionProvider server, InstrumentationCategory category, InstrumentationConnectionFlags flags)
: base(client, server, (MonoConnectionTestCategory)category, (MonoConnectionTestFlags)flags)
{
}
public SignatureInstrumentParameters(InstrumentationCategory category, SignatureInstrumentType type, string identifier, IServerCertificate certificate)
: base(category, identifier, certificate)
{
Type = type;
}
public static IEnumerable<RenegotiationInstrumentType> GetInstrumentationTypes (TestContext ctx, InstrumentationCategory category)
{
switch (category) {
case InstrumentationCategory.ClientRenegotiation:
yield return RenegotiationInstrumentType.RequestClientRenegotiation;
break;
case InstrumentationCategory.ServerRenegotiation:
yield return RenegotiationInstrumentType.RequestRenegotiation;
yield return RenegotiationInstrumentType.SendBlobBeforeHelloRequest;
yield return RenegotiationInstrumentType.SendBlobAfterHelloRequest;
yield return RenegotiationInstrumentType.SendBlobBeforeAndAfterHelloRequest;
yield return RenegotiationInstrumentType.SendDuplicateHelloRequest;
yield return RenegotiationInstrumentType.RequestServerRenegotiation;
yield return RenegotiationInstrumentType.RequestServerRenegotiationWithPendingRead;
break;
case InstrumentationCategory.Renegotiation:
yield return RenegotiationInstrumentType.SendBlobBeforeRenegotiatingHello;
yield return RenegotiationInstrumentType.SendBlobBeforeRenegotiatingHelloNoPendingRead;
yield return RenegotiationInstrumentType.RequestClientRenegotiationWithPendingWrite;
break;
case InstrumentationCategory.MartinTest:
case InstrumentationCategory.MartinTestClient:
case InstrumentationCategory.MartinTestServer:
yield return RenegotiationInstrumentType.MartinTest;
break;
default:
ctx.AssertFail ("Unsupported instrumentation category: '{0}'.", category);
break;
}
}
public SimpleConnectionParameters (InstrumentationCategory category, SimpleConnectionType type, ClientParameters clientParameters, ServerParameters serverParameters)
: base (category, clientParameters, serverParameters)
{
Type = type;
}
public SimpleConnectionParameters (InstrumentationCategory category, SimpleConnectionType type, string identifier, IServerCertificate certificate)
: base (category, identifier, certificate)
{
Type = type;
}
public GenericConnectionInstrumentParameters (InstrumentationCategory category, GenericConnectionInstrumentType type, string identifier, IServerCertificate certificate)
: base (category, identifier, certificate)
{
Type = type;
}
public static IEnumerable <GenericConnectionInstrumentType> GetInstrumentationTypes(TestContext ctx, InstrumentationCategory category)
{
switch (category)
{
case InstrumentationCategory.ClientConnection:
yield return(GenericConnectionInstrumentType.FragmentHandshakeMessages);
yield return(GenericConnectionInstrumentType.SendBlobAfterReceivingFinish);
yield return(GenericConnectionInstrumentType.InvalidClientCertificateV1);
break;
case InstrumentationCategory.ServerConnection:
yield return(GenericConnectionInstrumentType.FragmentHandshakeMessages);
yield return(GenericConnectionInstrumentType.InvalidServerCertificateV1);
yield return(GenericConnectionInstrumentType.InvalidServerCertificateRsa512);
break;
case InstrumentationCategory.Connection:
yield return(GenericConnectionInstrumentType.FragmentHandshakeMessages);
yield return(GenericConnectionInstrumentType.ServerProvidesInvalidCertificate);
yield return(GenericConnectionInstrumentType.ClientProvidesInvalidCertificate);
yield return(GenericConnectionInstrumentType.RequireRsaKeyExchange);
yield return(GenericConnectionInstrumentType.RsaKeyExchangeNotAllowed);
yield return(GenericConnectionInstrumentType.RequireDheKeyExchange);
yield return(GenericConnectionInstrumentType.DheKeyExchangeNotAllowed);
break;
case InstrumentationCategory.CertificateChecks:
yield return(GenericConnectionInstrumentType.InvalidServerCertificateV1);
yield return(GenericConnectionInstrumentType.InvalidServerCertificateRsa512);
yield return(GenericConnectionInstrumentType.InvalidClientCertificateV1);
yield return(GenericConnectionInstrumentType.InvalidServerCertificateRsa512);
yield return(GenericConnectionInstrumentType.ServerProvidesInvalidCertificate);
yield return(GenericConnectionInstrumentType.ClientProvidesInvalidCertificate);
yield return(GenericConnectionInstrumentType.RequireRsaKeyExchange);
yield return(GenericConnectionInstrumentType.RsaKeyExchangeNotAllowed);
yield return(GenericConnectionInstrumentType.RequireDheKeyExchange);
yield return(GenericConnectionInstrumentType.DheKeyExchangeNotAllowed);
yield return(GenericConnectionInstrumentType.ClientCertificateInvalidForRsa);
yield return(GenericConnectionInstrumentType.ClientProvidesCertificateThatsInvalidForRsa);
yield return(GenericConnectionInstrumentType.ClientCertificateInvalidForDhe);
yield return(GenericConnectionInstrumentType.ClientProvidesCertificateThatsInvalidForDhe);
yield return(GenericConnectionInstrumentType.ClientCertificateRequiresRsaKeyExchange);
yield return(GenericConnectionInstrumentType.ClientCertificateRequiresDheKeyExchange);
break;
case InstrumentationCategory.MartinTest:
yield return(GenericConnectionInstrumentType.MartinTest);
break;
default:
ctx.AssertFail("Unsupported instrumentation category: '{0}'.", category);
break;
}
}
static GenericConnectionInstrumentParameters Create(TestContext ctx, InstrumentationCategory category, GenericConnectionInstrumentType type)
{
var parameters = CreateParameters(category, type);
switch (type)
{
case GenericConnectionInstrumentType.FragmentHandshakeMessages:
parameters.Add(HandshakeInstrumentType.FragmentHandshakeMessages);
break;
case GenericConnectionInstrumentType.SendBlobAfterReceivingFinish:
parameters.Add(HandshakeInstrumentType.SendBlobAfterReceivingFinish);
break;
case GenericConnectionInstrumentType.InvalidServerCertificateV1:
parameters.ServerCertificate = ResourceManager.InvalidServerCertificateV1;
parameters.ExpectServerAlert = AlertDescription.UnsupportedCertificate;
break;
case GenericConnectionInstrumentType.InvalidServerCertificateRsa512:
parameters.ServerCertificate = ResourceManager.InvalidServerCertificateRsa512;
parameters.ExpectServerAlert = AlertDescription.UnsupportedCertificate;
break;
case GenericConnectionInstrumentType.ServerProvidesInvalidCertificate:
parameters.ServerCertificate = ResourceManager.InvalidServerCertificateV1;
parameters.Add(HandshakeInstrumentType.OverrideServerCertificateSelection);
parameters.ExpectClientAlert = AlertDescription.UnsupportedCertificate;
break;
case GenericConnectionInstrumentType.InvalidClientCertificateV1:
parameters.ClientCertificate = ResourceManager.InvalidClientCertificateV1;
parameters.RequireClientCertificate = true;
parameters.ExpectClientAlert = AlertDescription.UnsupportedCertificate;
break;
case GenericConnectionInstrumentType.InvalidClientCertificateRsa512:
parameters.ClientCertificate = ResourceManager.InvalidClientCertificateRsa512;
parameters.RequireClientCertificate = true;
parameters.ExpectClientAlert = AlertDescription.UnsupportedCertificate;
break;
case GenericConnectionInstrumentType.ClientProvidesInvalidCertificate:
parameters.ClientCertificate = ResourceManager.InvalidClientCertificateV1;
parameters.RequireClientCertificate = true;
parameters.Add(HandshakeInstrumentType.OverrideClientCertificateSelection);
parameters.ExpectServerAlert = AlertDescription.UnsupportedCertificate;
break;
case GenericConnectionInstrumentType.RequireRsaKeyExchange:
parameters.ProtocolVersion = ProtocolVersions.Tls12;
parameters.ServerCertificate = ResourceManager.ServerCertificateRsaOnly;
parameters.ClientCiphers = new CipherSuiteCode[] {
CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA, CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA
};
parameters.ExpectedServerCipher = CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA;
break;
case GenericConnectionInstrumentType.RsaKeyExchangeNotAllowed:
parameters.ProtocolVersion = ProtocolVersions.Tls12;
parameters.ServerCertificate = ResourceManager.ServerCertificateDheOnly;
parameters.ServerCiphers = new CipherSuiteCode[] { CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA };
parameters.ExpectServerAlert = AlertDescription.HandshakeFailure;
break;
case GenericConnectionInstrumentType.RequireDheKeyExchange:
parameters.ProtocolVersion = ProtocolVersions.Tls12;
parameters.ServerCertificate = ResourceManager.ServerCertificateDheOnly;
parameters.ClientCiphers = new CipherSuiteCode[] {
CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA, CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA
};
parameters.ExpectedServerCipher = CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA;
break;
case GenericConnectionInstrumentType.DheKeyExchangeNotAllowed:
parameters.ProtocolVersion = ProtocolVersions.Tls12;
parameters.ServerCertificate = ResourceManager.ServerCertificateRsaOnly;
parameters.ServerCiphers = new CipherSuiteCode[] { CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA };
parameters.ExpectServerAlert = AlertDescription.HandshakeFailure;
break;
case GenericConnectionInstrumentType.MartinClientPuppy:
case GenericConnectionInstrumentType.MartinServerPuppy:
goto case GenericConnectionInstrumentType.MartinTest;
case GenericConnectionInstrumentType.ClientCertificateRequiresRsaKeyExchange:
parameters.ServerCertificate = ResourceManager.ServerCertificateRsaOnly;
parameters.ClientCiphers = new CipherSuiteCode[] { CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA };
parameters.ClientCertificate = ResourceManager.ClientCertificateRsaOnly;
parameters.RequireClientCertificate = true;
parameters.ClientCertificateValidator = AcceptAnyCertificate;
parameters.ServerCertificateValidator = AcceptAnyCertificate;
break;
case GenericConnectionInstrumentType.ClientCertificateRequiresDheKeyExchange:
parameters.ServerCertificate = ResourceManager.ServerCertificateDheOnly;
parameters.ClientCiphers = new CipherSuiteCode[] { CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA };
parameters.ClientCertificate = ResourceManager.ClientCertificateDheOnly;
parameters.RequireClientCertificate = true;
parameters.ClientCertificateValidator = AcceptAnyCertificate;
parameters.ServerCertificateValidator = AcceptAnyCertificate;
break;
case GenericConnectionInstrumentType.ClientCertificateInvalidForRsa:
parameters.ServerCertificate = ResourceManager.ServerCertificateRsaOnly;
parameters.ClientCiphers = new CipherSuiteCode[] { CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA };
parameters.ClientCertificate = ResourceManager.ClientCertificateDheOnly;
parameters.RequireClientCertificate = true;
parameters.ClientCertificateValidator = AcceptAnyCertificate;
parameters.ServerCertificateValidator = AcceptAnyCertificate;
parameters.ExpectClientAlert = AlertDescription.UnsupportedCertificate;
break;
case GenericConnectionInstrumentType.ClientCertificateInvalidForDhe:
parameters.ServerCertificate = ResourceManager.ServerCertificateDheOnly;
parameters.ClientCiphers = new CipherSuiteCode[] { CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA };
parameters.ClientCertificate = ResourceManager.ClientCertificateRsaOnly;
parameters.RequireClientCertificate = true;
parameters.ClientCertificateValidator = AcceptAnyCertificate;
parameters.ServerCertificateValidator = AcceptAnyCertificate;
parameters.ExpectClientAlert = AlertDescription.UnsupportedCertificate;
break;
case GenericConnectionInstrumentType.ClientProvidesCertificateThatsInvalidForRsa:
parameters.ServerCertificate = ResourceManager.ServerCertificateRsaOnly;
parameters.ClientCiphers = new CipherSuiteCode[] { CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA };
parameters.ClientCertificate = ResourceManager.ClientCertificateDheOnly;
parameters.RequireClientCertificate = true;
parameters.ClientCertificateValidator = AcceptAnyCertificate;
parameters.ServerCertificateValidator = AcceptAnyCertificate;
parameters.ExpectServerAlert = AlertDescription.UnsupportedCertificate;
parameters.Add(HandshakeInstrumentType.OverrideClientCertificateSelection);
break;
case GenericConnectionInstrumentType.ClientProvidesCertificateThatsInvalidForDhe:
parameters.ServerCertificate = ResourceManager.ServerCertificateDheOnly;
parameters.ClientCiphers = new CipherSuiteCode[] { CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA };
parameters.ClientCertificate = ResourceManager.ClientCertificateRsaOnly;
parameters.RequireClientCertificate = true;
parameters.ClientCertificateValidator = AcceptAnyCertificate;
parameters.ServerCertificateValidator = AcceptAnyCertificate;
parameters.ExpectServerAlert = AlertDescription.UnsupportedCertificate;
parameters.Add(HandshakeInstrumentType.OverrideClientCertificateSelection);
break;
case GenericConnectionInstrumentType.MartinTest:
parameters.ClientCiphers = parameters.ServerCiphers = new CipherSuiteCode[] {
CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
};
break;
default:
ctx.AssertFail("Unsupported connection instrument: '{0}'.", type);
break;
}
if (parameters.ExpectClientAlert != null || parameters.ExpectServerAlert != null)
{
parameters.Add(HandshakeInstrumentType.DontSendAlerts);
}
return(parameters);
}
public CipherInstrumentParameters (InstrumentationCategory category, CipherInstrumentType type, ClientParameters clientParameters, ServerParameters serverParameters)
: base (category, clientParameters, serverParameters)
{
Type = type;
}
static ConnectionInstrumentParameters Create (TestContext ctx, InstrumentationCategory category, ConnectionInstrumentType type)
{
var parameters = CreateParameters (category, type);
switch (type) {
case ConnectionInstrumentType.FragmentHandshakeMessages:
parameters.HandshakeInstruments = new HandshakeInstrumentType[] { HandshakeInstrumentType.FragmentHandshakeMessages };
break;
case ConnectionInstrumentType.SendBlobAfterReceivingFinish:
parameters.HandshakeInstruments = new HandshakeInstrumentType[] { HandshakeInstrumentType.SendBlobAfterReceivingFinish };
break;
case ConnectionInstrumentType.MartinTest:
parameters.RequestRenegotiation = true;
parameters.EnableDebugging = true;
break;
default:
ctx.AssertFail ("Unsupported connection instrument: '{0}'.", type);
break;
}
return parameters;
}
static SignatureInstrumentParameters Create (
TestContext ctx, InstrumentationCategory category, SignatureInstrumentType type,
SignatureAndHashAlgorithm algorithm, CipherSuiteCode cipher)
{
var parameters = CreateParameters (category, type, algorithm.Hash, algorithm.Signature, cipher);
parameters.ClientCertificate = ResourceManager.MonkeyCertificate;
parameters.RequireClientCertificate = true;
var signatureParameters = new SignatureParameters ();
signatureParameters.Add (algorithm);
switch (type) {
case SignatureInstrumentType.ClientSignatureAlgorithmAndCipher:
parameters.ClientSignatureParameters = signatureParameters;
parameters.ClientCiphers = new CipherSuiteCode[] { cipher };
break;
case SignatureInstrumentType.ServerSignatureAlgorithmAndCipher:
parameters.ServerSignatureAlgorithm = algorithm;
parameters.ServerCiphers = new CipherSuiteCode[] { cipher };
break;
default:
ctx.AssertFail ("Unsupported signature instrument: '{0}'.", type);
break;
}
return parameters;
}
public InstrumentationConnectionFilter(InstrumentationCategory category, InstrumentationConnectionFlags flags)
{
Category = category;
Flags = flags;
}
public static IEnumerable<SimpleConnectionParameters> GetParameters (TestContext ctx, InstrumentationCategory category)
{
return GetTestTypes (ctx, category).Select (t => Create (ctx, category, t));
}
static RenegotiationInstrumentParameters Create (TestContext ctx, InstrumentationCategory category, RenegotiationInstrumentType type)
{
var parameters = CreateParameters (category, type);
switch (type) {
case RenegotiationInstrumentType.RequestRenegotiation:
parameters.Add (HandshakeInstrumentType.RequestServerRenegotiation);
break;
case RenegotiationInstrumentType.SendBlobBeforeHelloRequest:
parameters.Add (HandshakeInstrumentType.RequestServerRenegotiation, HandshakeInstrumentType.SendBlobBeforeHelloRequest);
break;
case RenegotiationInstrumentType.SendBlobAfterHelloRequest:
parameters.Add (HandshakeInstrumentType.RequestServerRenegotiation, HandshakeInstrumentType.SendBlobAfterHelloRequest);
break;
case RenegotiationInstrumentType.SendBlobBeforeAndAfterHelloRequest:
parameters.Add (HandshakeInstrumentType.RequestServerRenegotiation);
parameters.Add (HandshakeInstrumentType.SendBlobBeforeHelloRequest, HandshakeInstrumentType.SendBlobAfterHelloRequest);
break;
case RenegotiationInstrumentType.SendDuplicateHelloRequest:
parameters.Add (HandshakeInstrumentType.RequestServerRenegotiation, HandshakeInstrumentType.SendDuplicateHelloRequest);
break;
case RenegotiationInstrumentType.RequestServerRenegotiation:
parameters.RequestServerRenegotiation = true;
break;
case RenegotiationInstrumentType.RequestServerRenegotiationWithPendingRead:
parameters.RequestServerRenegotiation = true;
parameters.QueueServerReadFirst = true;
break;
case RenegotiationInstrumentType.SendBlobBeforeRenegotiatingHello:
parameters.RequestServerRenegotiation = true;
parameters.QueueServerReadFirst = true;
parameters.Add (HandshakeInstrumentType.SendBlobBeforeRenegotiatingHello);
break;
case RenegotiationInstrumentType.SendBlobBeforeRenegotiatingHelloNoPendingRead:
parameters.RequestServerRenegotiation = true;
parameters.Add (HandshakeInstrumentType.SendBlobBeforeRenegotiatingHello);
break;
case RenegotiationInstrumentType.RequestClientRenegotiation:
parameters.RequestClientRenegotiation = true;
break;
case RenegotiationInstrumentType.RequestClientRenegotiationWithPendingWrite:
parameters.RequestClientRenegotiation = true;
parameters.ServerWriteDuringClientRenegotiation = true;
parameters.UseStreamInstrumentation = true;
break;
case RenegotiationInstrumentType.MartinTest:
parameters.RequestServerRenegotiation = true;
parameters.Add (HandshakeInstrumentType.AskForClientCertificate);
parameters.NeedCustomCertificateSelectionCallback = true;
parameters.EnableDebugging = true;
break;
default:
ctx.AssertFail ("Unsupported connection instrument: '{0}'.", type);
break;
}
return parameters;
}
public InstrumentationConnectionProvider(ConnectionProvider client, ConnectionProvider server, InstrumentationCategory category, InstrumentationConnectionFlags flags)
: base(client, server, string.Format("{0}:{1}:{2}{3}", client.Name, server.Name, category, GetFlagsName(flags)))
{
Category = category;
Flags = flags;
}
public InstrumentationParameters (InstrumentationCategory category, string identifier, IServerCertificate certificate)
: base (identifier, certificate)
{
Category = category;
}
public static IEnumerable <SimpleConnectionParameters> GetParameters(TestContext ctx, InstrumentationCategory category)
{
return(GetTestTypes(ctx, category).Select(t => Create(ctx, category, t)));
}
public InstrumentationParameters (InstrumentationCategory category, ClientParameters clientParameters, ServerParameters serverParameters)
: base (clientParameters, serverParameters)
{
Category = category;
}
static SimpleConnectionParameters Create(TestContext ctx, InstrumentationCategory category, SimpleConnectionType type)
{
var parameters = CreateParameters(category, type);
var provider = DependencyInjector.Get <ICertificateProvider> ();
var acceptSelfSigned = provider.AcceptThisCertificate(ResourceManager.SelfSignedServerCertificate);
var acceptFromCA = provider.AcceptFromCA(ResourceManager.LocalCACertificate);
switch (type)
{
case SimpleConnectionType.Simple:
break;
case SimpleConnectionType.ValidateCertificate:
parameters.ServerCertificate = ResourceManager.ServerCertificateFromCA;
parameters.ClientCertificateValidator = acceptFromCA;
break;
case SimpleConnectionType.SimpleTls10:
parameters.ProtocolVersion = ProtocolVersions.Tls10;
break;
case SimpleConnectionType.SimpleTls11:
parameters.ProtocolVersion = ProtocolVersions.Tls11;
parameters.ExpectedCipher = CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_CBC_SHA;
break;
case SimpleConnectionType.SimpleTls12:
parameters.ProtocolVersion = ProtocolVersions.Tls12;
parameters.ExpectedCipher = CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384;
break;
case SimpleConnectionType.SelectCiphersTls10:
parameters.ProtocolVersion = ProtocolVersions.Tls10;
break;
case SimpleConnectionType.SelectCiphersTls11:
parameters.ProtocolVersion = ProtocolVersions.Tls11;
break;
case SimpleConnectionType.SelectCiphersTls12:
parameters.ProtocolVersion = ProtocolVersions.Tls12;
break;
case SimpleConnectionType.RequestClientCertificate:
/*
* Request client certificate, but do not require it.
*
* FIXME:
* SslStream with Mono's old implementation fails here.
*/
parameters.ClientCertificate = ResourceManager.MonkeyCertificate;
parameters.ClientCertificateValidator = acceptSelfSigned;
parameters.AskForClientCertificate = true;
parameters.ServerCertificateValidator = acceptFromCA;
break;
case SimpleConnectionType.RequireClientCertificateRSA:
/*
* Require client certificate.
*
*/
parameters.ClientCertificate = ResourceManager.MonkeyCertificate;
parameters.ClientCertificateValidator = acceptSelfSigned;
parameters.RequireClientCertificate = true;
parameters.ServerCertificateValidator = acceptFromCA;
parameters.ServerCiphers = new CipherSuiteCode[] { CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA };
break;
case SimpleConnectionType.RequireClientCertificateDHE:
/*
* Require client certificate.
*
*/
parameters.ClientCertificate = ResourceManager.MonkeyCertificate;
parameters.ClientCertificateValidator = acceptSelfSigned;
parameters.RequireClientCertificate = true;
parameters.ServerCertificateValidator = acceptFromCA;
parameters.ServerCiphers = new CipherSuiteCode[] { CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_CBC_SHA };
break;
case SimpleConnectionType.CipherSelectionOrder:
parameters.ProtocolVersion = ProtocolVersions.Tls12;
parameters.ClientCiphers = new CipherSuiteCode[] {
CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA, CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA
};
parameters.ExpectedServerCipher = CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA;
break;
case SimpleConnectionType.CipherSelectionOrder2:
parameters.ProtocolVersion = ProtocolVersions.Tls12;
parameters.ClientCiphers = new CipherSuiteCode[] {
CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA, CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA
};
parameters.ExpectedServerCipher = CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA;
break;
case SimpleConnectionType.MartinTest:
goto case SimpleConnectionType.SimpleTls12;
default:
ctx.AssertFail("Unsupported connection type: '{0}'.", type);
break;
}
return(parameters);
}
protected InstrumentationParameters (InstrumentationParameters other)
: base (other)
{
Category = other.Category;
}
public static InstrumentationConnectionFlags GetConnectionFlags(TestContext ctx, InstrumentationCategory category)
{
switch (category)
{
case InstrumentationCategory.SimpleMonoClient:
case InstrumentationCategory.SelectClientCipher:
return(InstrumentationConnectionFlags.RequireMonoClient);
case InstrumentationCategory.SimpleMonoServer:
case InstrumentationCategory.SelectServerCipher:
return(InstrumentationConnectionFlags.RequireMonoServer);
case InstrumentationCategory.SimpleMonoConnection:
case InstrumentationCategory.MonoProtocolVersions:
case InstrumentationCategory.SelectCipher:
return(InstrumentationConnectionFlags.RequireMonoClient | InstrumentationConnectionFlags.RequireMonoServer);
case InstrumentationCategory.AllClientSignatureAlgorithms:
case InstrumentationCategory.ClientSignatureParameters:
case InstrumentationCategory.ClientConnection:
case InstrumentationCategory.ClientRenegotiation:
case InstrumentationCategory.MartinTestClient:
return(InstrumentationConnectionFlags.ClientInstrumentation);
case InstrumentationCategory.AllServerSignatureAlgorithms:
case InstrumentationCategory.ServerConnection:
case InstrumentationCategory.ServerRenegotiation:
case InstrumentationCategory.MartinTestServer:
return(InstrumentationConnectionFlags.ServerInstrumentation);
case InstrumentationCategory.ServerSignatureParameters:
return(InstrumentationConnectionFlags.ClientInstrumentation | InstrumentationConnectionFlags.ServerInstrumentation);
case InstrumentationCategory.SignatureAlgorithms:
case InstrumentationCategory.Connection:
case InstrumentationCategory.Renegotiation:
case InstrumentationCategory.CertificateChecks:
return(InstrumentationConnectionFlags.ClientInstrumentation | InstrumentationConnectionFlags.ServerInstrumentation);
case InstrumentationCategory.MartinTest:
return(InstrumentationConnectionFlags.RequireMonoClient | InstrumentationConnectionFlags.RequireMonoServer | InstrumentationConnectionFlags.RequireTls12);
default:
ctx.AssertFail("Unsupported instrumentation category: '{0}'.", category);
return(InstrumentationConnectionFlags.None);
}
}
public InstrumentationConnectionProvider (ConnectionProvider client, ConnectionProvider server, InstrumentationCategory category, InstrumentationConnectionFlags flags)
: base (client, server, string.Format ("{0}:{1}:{2}{3}", client.Name, server.Name, category, GetFlagsName (flags)))
{
Category = category;
Flags = flags;
}
static SignatureInstrumentParameters Create(TestContext ctx, InstrumentationCategory category, SignatureInstrumentType type)
{
var parameters = CreateParameters(category, type);
parameters.ClientCertificate = ResourceManager.MonkeyCertificate;
parameters.RequireClientCertificate = true;
switch (type)
{
case SignatureInstrumentType.NoClientSignatureAlgorithms:
parameters.ExpectServerSignatureAlgorithm = new SignatureAndHashAlgorithm(HashAlgorithmType.Sha1);
parameters.ClientCiphers = new CipherSuiteCode[] { CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA };
break;
case SignatureInstrumentType.VerifyClientSignatureAlgorithms:
parameters.ExpectClientAlert = AlertDescription.IlegalParameter;
goto case SignatureInstrumentType.ClientProvidesSomeUnsupportedSignatureAlgorithms;
case SignatureInstrumentType.ClientProvidesSomeUnsupportedSignatureAlgorithms:
parameters.ClientSignatureParameters = new SignatureParameters();
parameters.ClientSignatureParameters.Add(HashAlgorithmType.Sha1, SignatureAlgorithmType.Dsa);
parameters.ClientSignatureParameters.Add(HashAlgorithmType.Unknown, SignatureAlgorithmType.Unknown);
parameters.ClientSignatureParameters.Add(HashAlgorithmType.Sha256, SignatureAlgorithmType.Rsa);
parameters.ClientCiphers = new CipherSuiteCode[] { CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA };
break;
case SignatureInstrumentType.ClientProvidesNoSupportedSignatureAlgorithms:
parameters.ClientSignatureParameters = new SignatureParameters();
parameters.ClientSignatureParameters.Add(HashAlgorithmType.Unknown, SignatureAlgorithmType.Dsa);
parameters.ExpectServerSignatureAlgorithm = new SignatureAndHashAlgorithm(HashAlgorithmType.Sha1);
parameters.ClientCiphers = new CipherSuiteCode[] { CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA };
parameters.ExpectServerAlert = AlertDescription.IlegalParameter;
break;
case SignatureInstrumentType.Tls10WithRsaExchange:
parameters.ClientCiphers = parameters.ServerCiphers = new CipherSuiteCode[] { CipherSuiteCode.TLS_RSA_WITH_AES_256_CBC_SHA };
parameters.ProtocolVersion = ProtocolVersions.Tls10;
break;
case SignatureInstrumentType.Tls10WithDheExchange:
parameters.ClientCiphers = parameters.ServerCiphers = new CipherSuiteCode[] { CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA };
parameters.ProtocolVersion = ProtocolVersions.Tls10;
break;
case SignatureInstrumentType.ServerUsesUnsupportedSignatureAlgorithm:
parameters.ClientCiphers = new CipherSuiteCode[] { CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA };
parameters.ClientSignatureParameters = new SignatureParameters();
parameters.ClientSignatureParameters.Add(HashAlgorithmType.Sha384);
parameters.ServerSignatureAlgorithm = new SignatureAndHashAlgorithm(HashAlgorithmType.Sha512);
parameters.ExpectClientAlert = AlertDescription.IlegalParameter;
break;
case SignatureInstrumentType.ServerUsesUnsupportedSignatureAlgorithm2:
// MD5SHA1 is never allowed for TLS 1.2.
parameters.ClientCiphers = new CipherSuiteCode[] { CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA };
parameters.ClientSignatureParameters = new SignatureParameters();
parameters.ClientSignatureParameters.Add(HashAlgorithmType.Sha1);
// we'd normally not be allowed to request this from user settings, but there's an instrumentation override
// in place for this test.
parameters.ClientSignatureParameters.Add(HashAlgorithmType.Md5Sha1);
// Instrumentation override lets us force set this.
parameters.ServerSignatureAlgorithm = new SignatureAndHashAlgorithm(HashAlgorithmType.Md5Sha1);
parameters.ExpectClientAlert = AlertDescription.IlegalParameter;
parameters.ProtocolVersion = ProtocolVersions.Tls12;
break;
case SignatureInstrumentType.ServerSendsCertificateParametersWithoutAlgorithms:
parameters.ServerCertificateParameters = new ClientCertificateParameters();
parameters.ExpectCertificateVerifySignatureAlgorithm = SignatureParameters.DefaultAlgorithm;
break;
case SignatureInstrumentType.ServerSendsCertificateParametersWithSomeUnsupportedAlgorithms:
parameters.ServerCertificateParameters = new ClientCertificateParameters();
parameters.ServerCertificateParameters.SignatureParameters.Add(HashAlgorithmType.Unknown);
parameters.ServerCertificateParameters.SignatureParameters.Add(HashAlgorithmType.Sha384);
parameters.ExpectCertificateVerifySignatureAlgorithm = new SignatureAndHashAlgorithm(HashAlgorithmType.Sha384);
break;
case SignatureInstrumentType.ServerSendsCertificateParametersWithNoSupportedAlgorithms:
parameters.ServerCertificateParameters = new ClientCertificateParameters();
parameters.ServerCertificateParameters.SignatureParameters.Add(HashAlgorithmType.Unknown);
parameters.ExpectCertificateVerifySignatureAlgorithm = SignatureParameters.DefaultAlgorithm;
parameters.ExpectClientAlert = AlertDescription.IlegalParameter;
break;
case SignatureInstrumentType.ClientSendsCertificateVerifyWithUnrequestedAlgorithm:
parameters.ServerCertificateParameters = new ClientCertificateParameters();
parameters.ServerCertificateParameters.SignatureParameters.Add(HashAlgorithmType.Sha384);
parameters.ServerCertificateParameters.SignatureParameters.Add(HashAlgorithmType.Sha512);
parameters.ClientSignatureAlgorithm = new SignatureAndHashAlgorithm(HashAlgorithmType.Sha256);
parameters.ExpectServerAlert = AlertDescription.IlegalParameter;
break;
case SignatureInstrumentType.CertificateVerifySignatureAlgorithmSelectionOrder:
parameters.ServerCertificateParameters = new ClientCertificateParameters();
parameters.ServerCertificateParameters.SignatureParameters.Add(HashAlgorithmType.Sha384);
parameters.ServerCertificateParameters.SignatureParameters.Add(HashAlgorithmType.Sha512);
parameters.ExpectCertificateVerifySignatureAlgorithm = new SignatureAndHashAlgorithm(HashAlgorithmType.Sha384);
break;
case SignatureInstrumentType.CertificateVerifySignatureAlgorithmSelectionOrder2:
parameters.ServerCertificateParameters = new ClientCertificateParameters();
parameters.ServerCertificateParameters.SignatureParameters.Add(HashAlgorithmType.Sha512);
parameters.ServerCertificateParameters.SignatureParameters.Add(HashAlgorithmType.Sha384);
parameters.ExpectCertificateVerifySignatureAlgorithm = new SignatureAndHashAlgorithm(HashAlgorithmType.Sha512);
break;
default:
ctx.AssertFail("Unsupported signature instrument: '{0}'.", type);
break;
}
return(parameters);
}
public ConnectionInstrumentParameters(InstrumentationCategory category, string identifier, IServerCertificate certificate)
: base(category, identifier, certificate)
{
}
public InstrumentationConnectionFilter (InstrumentationCategory category, InstrumentationConnectionFlags flags)
{
Category = category;
Flags = flags;
}
public RenegotiationInstrumentParameters(InstrumentationCategory category, RenegotiationInstrumentType type, string identifier, IServerCertificate certificate)
: base(category, identifier, certificate)
{
Type = type;
}
public SimpleConnectionParameters(InstrumentationCategory category, SimpleConnectionType type, string identifier, X509Certificate certificate)
: base(category, identifier, certificate)
{
Type = type;
}
public SignatureInstrumentParameters (InstrumentationCategory category, SignatureInstrumentType type, ClientParameters clientParameters, ServerParameters serverParameters)
: base (category, clientParameters, serverParameters)
{
Type = type;
}
static SignatureInstrumentParameters Create (TestContext ctx, InstrumentationCategory category, SignatureInstrumentType type)
{
var parameters = CreateParameters (category, type);
parameters.ClientCertificate = ResourceManager.MonkeyCertificate;
parameters.RequireClientCertificate = true;
switch (type) {
case SignatureInstrumentType.NoClientSignatureAlgorithms:
parameters.ExpectServerSignatureAlgorithm = new SignatureAndHashAlgorithm (HashAlgorithmType.Sha1);
parameters.ClientCiphers = new CipherSuiteCode[] { CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA };
break;
case SignatureInstrumentType.VerifyClientSignatureAlgorithms:
parameters.ExpectClientAlert = AlertDescription.IlegalParameter;
goto case SignatureInstrumentType.ClientProvidesSomeUnsupportedSignatureAlgorithms;
case SignatureInstrumentType.ClientProvidesSomeUnsupportedSignatureAlgorithms:
parameters.ClientSignatureParameters = new SignatureParameters ();
parameters.ClientSignatureParameters.Add (HashAlgorithmType.Sha1, SignatureAlgorithmType.Dsa);
parameters.ClientSignatureParameters.Add (HashAlgorithmType.Unknown, SignatureAlgorithmType.Unknown);
parameters.ClientSignatureParameters.Add (HashAlgorithmType.Sha256, SignatureAlgorithmType.Rsa);
parameters.ClientCiphers = new CipherSuiteCode[] { CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA };
break;
case SignatureInstrumentType.ClientProvidesNoSupportedSignatureAlgorithms:
parameters.ClientSignatureParameters = new SignatureParameters ();
parameters.ClientSignatureParameters.Add (HashAlgorithmType.Unknown, SignatureAlgorithmType.Dsa);
parameters.ExpectServerSignatureAlgorithm = new SignatureAndHashAlgorithm (HashAlgorithmType.Sha1);
parameters.ClientCiphers = new CipherSuiteCode[] { CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA };
parameters.ExpectServerAlert = AlertDescription.IlegalParameter;
break;
case SignatureInstrumentType.Tls10WithRsaExchange:
parameters.ClientCiphers = parameters.ServerCiphers = new CipherSuiteCode[] { CipherSuiteCode.TLS_RSA_WITH_AES_256_CBC_SHA };
parameters.ProtocolVersion = ProtocolVersions.Tls10;
break;
case SignatureInstrumentType.Tls10WithDheExchange:
parameters.ClientCiphers = parameters.ServerCiphers = new CipherSuiteCode[] { CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA };
parameters.ProtocolVersion = ProtocolVersions.Tls10;
break;
case SignatureInstrumentType.ServerUsesUnsupportedSignatureAlgorithm:
parameters.ClientCiphers = new CipherSuiteCode[] { CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA };
parameters.ClientSignatureParameters = new SignatureParameters ();
parameters.ClientSignatureParameters.Add (HashAlgorithmType.Sha384);
parameters.ServerSignatureAlgorithm = new SignatureAndHashAlgorithm (HashAlgorithmType.Sha512);
parameters.ExpectClientAlert = AlertDescription.IlegalParameter;
break;
case SignatureInstrumentType.ServerUsesUnsupportedSignatureAlgorithm2:
// MD5SHA1 is never allowed for TLS 1.2.
parameters.ClientCiphers = new CipherSuiteCode[] { CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA };
parameters.ClientSignatureParameters = new SignatureParameters ();
parameters.ClientSignatureParameters.Add (HashAlgorithmType.Sha1);
// we'd normally not be allowed to request this from user settings, but there's an instrumentation override
// in place for this test.
parameters.ClientSignatureParameters.Add (HashAlgorithmType.Md5Sha1);
// Instrumentation override lets us force set this.
parameters.ServerSignatureAlgorithm = new SignatureAndHashAlgorithm (HashAlgorithmType.Md5Sha1);
parameters.ExpectClientAlert = AlertDescription.IlegalParameter;
parameters.ProtocolVersion = ProtocolVersions.Tls12;
break;
case SignatureInstrumentType.ServerSendsCertificateParametersWithoutAlgorithms:
parameters.ServerCertificateParameters = new ClientCertificateParameters ();
parameters.ExpectCertificateVerifySignatureAlgorithm = SignatureParameters.DefaultAlgorithm;
break;
case SignatureInstrumentType.ServerSendsCertificateParametersWithSomeUnsupportedAlgorithms:
parameters.ServerCertificateParameters = new ClientCertificateParameters ();
parameters.ServerCertificateParameters.SignatureParameters.Add (HashAlgorithmType.Unknown);
parameters.ServerCertificateParameters.SignatureParameters.Add (HashAlgorithmType.Sha384);
parameters.ExpectCertificateVerifySignatureAlgorithm = new SignatureAndHashAlgorithm (HashAlgorithmType.Sha384);
break;
case SignatureInstrumentType.ServerSendsCertificateParametersWithNoSupportedAlgorithms:
parameters.ServerCertificateParameters = new ClientCertificateParameters ();
parameters.ServerCertificateParameters.SignatureParameters.Add (HashAlgorithmType.Unknown);
parameters.ExpectCertificateVerifySignatureAlgorithm = SignatureParameters.DefaultAlgorithm;
parameters.ExpectClientAlert = AlertDescription.IlegalParameter;
break;
case SignatureInstrumentType.ClientSendsCertificateVerifyWithUnrequestedAlgorithm:
parameters.ServerCertificateParameters = new ClientCertificateParameters ();
parameters.ServerCertificateParameters.SignatureParameters.Add (HashAlgorithmType.Sha384);
parameters.ServerCertificateParameters.SignatureParameters.Add (HashAlgorithmType.Sha512);
parameters.ClientSignatureAlgorithm = new SignatureAndHashAlgorithm (HashAlgorithmType.Sha256);
parameters.ExpectServerAlert = AlertDescription.IlegalParameter;
break;
case SignatureInstrumentType.CertificateVerifySignatureAlgorithmSelectionOrder:
parameters.ServerCertificateParameters = new ClientCertificateParameters ();
parameters.ServerCertificateParameters.SignatureParameters.Add (HashAlgorithmType.Sha384);
parameters.ServerCertificateParameters.SignatureParameters.Add (HashAlgorithmType.Sha512);
parameters.ExpectCertificateVerifySignatureAlgorithm = new SignatureAndHashAlgorithm (HashAlgorithmType.Sha384);
break;
case SignatureInstrumentType.CertificateVerifySignatureAlgorithmSelectionOrder2:
parameters.ServerCertificateParameters = new ClientCertificateParameters ();
parameters.ServerCertificateParameters.SignatureParameters.Add (HashAlgorithmType.Sha512);
parameters.ServerCertificateParameters.SignatureParameters.Add (HashAlgorithmType.Sha384);
parameters.ExpectCertificateVerifySignatureAlgorithm = new SignatureAndHashAlgorithm (HashAlgorithmType.Sha512);
break;
default:
ctx.AssertFail ("Unsupported signature instrument: '{0}'.", type);
break;
}
return parameters;
}
public CipherInstrumentParameters(InstrumentationCategory category, CipherInstrumentType type, string identifier, X509Certificate certificate)
: base(category, identifier, certificate)
{
Type = type;
}
internal static Payload GetDerivedDefinitions(InstrumentationCategory instrumentationFilter = InstrumentationCategory.Tracing)
{
return(GetDerivedDefinitionsArray(instrumentationFilter));
}
static SimpleConnectionParameters Create (TestContext ctx, InstrumentationCategory category, SimpleConnectionType type)
{
var parameters = CreateParameters (category, type);
var provider = DependencyInjector.Get<ICertificateProvider> ();
var acceptSelfSigned = provider.AcceptThisCertificate (ResourceManager.SelfSignedServerCertificate);
var acceptFromCA = provider.AcceptFromCA (ResourceManager.LocalCACertificate);
switch (type) {
case SimpleConnectionType.Simple:
break;
case SimpleConnectionType.ValidateCertificate:
parameters.ServerParameters.ServerCertificate = ResourceManager.ServerCertificateFromCA;
parameters.ClientCertificateValidator = acceptFromCA;
break;
case SimpleConnectionType.CheckDefaultCipher:
parameters.ExpectedCipher = CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_GCM_SHA384;
break;
case SimpleConnectionType.SimpleTls10:
parameters.ProtocolVersion = ProtocolVersions.Tls10;
parameters.ExpectedCipher = CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_CBC_SHA;
break;
case SimpleConnectionType.SimpleTls11:
parameters.ProtocolVersion = ProtocolVersions.Tls11;
parameters.ExpectedCipher = CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_CBC_SHA;
break;
case SimpleConnectionType.SimpleTls12:
parameters.ProtocolVersion = ProtocolVersions.Tls12;
parameters.ExpectedCipher = CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_GCM_SHA384;
break;
case SimpleConnectionType.SelectCiphersTls10:
parameters.ProtocolVersion = ProtocolVersions.Tls10;
break;
case SimpleConnectionType.SelectCiphersTls11:
parameters.ProtocolVersion = ProtocolVersions.Tls11;
break;
case SimpleConnectionType.SelectCiphersTls12:
parameters.ProtocolVersion = ProtocolVersions.Tls12;
break;
case SimpleConnectionType.RequestClientCertificate:
/*
* Request client certificate, but do not require it.
*
* FIXME:
* SslStream with Mono's old implementation fails here.
*/
parameters.ClientCertificate = ResourceManager.MonkeyCertificate;
parameters.ClientCertificateValidator = acceptSelfSigned;
parameters.ServerFlags = ServerFlags.AskForClientCertificate;
parameters.ServerCertificateValidator = acceptFromCA;
break;
case SimpleConnectionType.RequireClientCertificateRSA:
/*
* Require client certificate.
*
*/
parameters.ClientCertificate = ResourceManager.MonkeyCertificate;
parameters.ClientCertificateValidator = acceptSelfSigned;
parameters.ServerFlags = ServerFlags.RequireClientCertificate;
parameters.ServerCertificateValidator = acceptFromCA;
parameters.ServerCiphers = new CipherSuiteCode[] { CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA };
break;
case SimpleConnectionType.RequireClientCertificateDHE:
/*
* Require client certificate.
*
*/
parameters.ClientCertificate = ResourceManager.MonkeyCertificate;
parameters.ClientCertificateValidator = acceptSelfSigned;
parameters.ServerFlags = ServerFlags.RequireClientCertificate;
parameters.ServerCertificateValidator = acceptFromCA;
parameters.ServerCiphers = new CipherSuiteCode[] { CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_CBC_SHA };
break;
case SimpleConnectionType.MartinTest:
break;
default:
ctx.AssertFail ("Unsupported connection type: '{0}'.", type);
break;
}
return parameters;
}
static RenegotiationInstrumentParameters CreateParameters (InstrumentationCategory category, RenegotiationInstrumentType type, params object[] args)
{
var sb = new StringBuilder ();
sb.Append (type);
foreach (var arg in args) {
sb.AppendFormat (":{0}", arg);
}
var name = sb.ToString ();
return new RenegotiationInstrumentParameters (category, type, name, ResourceManager.SelfSignedServerCertificate) {
ClientCertificateValidator = AcceptAnyCertificate, ServerCertificateValidator = AcceptAnyCertificate,
ProtocolVersion = ProtocolVersions.Tls12
};
}
public static IEnumerable<RenegotiationInstrumentParameters> GetParameters (TestContext ctx, InstrumentationCategory category)
{
return GetInstrumentationTypes (ctx, category).Select (t => Create (ctx, category, t));
}
public InstrumentationCategoryAttribute(InstrumentationCategory category)
{
this.category = category;
this.identifier = Type.Name;
}
static RenegotiationInstrumentParameters Create(TestContext ctx, InstrumentationCategory category, RenegotiationInstrumentType type)
{
var parameters = CreateParameters(category, type);
switch (type)
{
case RenegotiationInstrumentType.RequestRenegotiation:
parameters.Add(HandshakeInstrumentType.RequestServerRenegotiation);
break;
case RenegotiationInstrumentType.SendBlobBeforeHelloRequest:
parameters.Add(HandshakeInstrumentType.RequestServerRenegotiation, HandshakeInstrumentType.SendBlobBeforeHelloRequest);
break;
case RenegotiationInstrumentType.SendBlobAfterHelloRequest:
parameters.Add(HandshakeInstrumentType.RequestServerRenegotiation, HandshakeInstrumentType.SendBlobAfterHelloRequest);
break;
case RenegotiationInstrumentType.SendBlobBeforeAndAfterHelloRequest:
parameters.Add(HandshakeInstrumentType.RequestServerRenegotiation);
parameters.Add(HandshakeInstrumentType.SendBlobBeforeHelloRequest, HandshakeInstrumentType.SendBlobAfterHelloRequest);
break;
case RenegotiationInstrumentType.SendDuplicateHelloRequest:
parameters.Add(HandshakeInstrumentType.RequestServerRenegotiation, HandshakeInstrumentType.SendDuplicateHelloRequest);
break;
case RenegotiationInstrumentType.RequestServerRenegotiation:
parameters.RequestServerRenegotiation = true;
break;
case RenegotiationInstrumentType.RequestServerRenegotiationWithPendingRead:
parameters.RequestServerRenegotiation = true;
parameters.QueueServerReadFirst = true;
break;
case RenegotiationInstrumentType.SendBlobBeforeRenegotiatingHello:
parameters.RequestServerRenegotiation = true;
parameters.QueueServerReadFirst = true;
parameters.Add(HandshakeInstrumentType.SendBlobBeforeRenegotiatingHello);
break;
case RenegotiationInstrumentType.SendBlobBeforeRenegotiatingHelloNoPendingRead:
parameters.RequestServerRenegotiation = true;
parameters.Add(HandshakeInstrumentType.SendBlobBeforeRenegotiatingHello);
break;
case RenegotiationInstrumentType.RequestClientRenegotiation:
parameters.RequestClientRenegotiation = true;
break;
case RenegotiationInstrumentType.RequestClientRenegotiationWithPendingWrite:
parameters.RequestClientRenegotiation = true;
parameters.ServerWriteDuringClientRenegotiation = true;
parameters.UseStreamInstrumentation = true;
break;
case RenegotiationInstrumentType.MartinTest:
parameters.RequestServerRenegotiation = true;
parameters.Add(HandshakeInstrumentType.AskForClientCertificate);
parameters.NeedCustomCertificateSelectionCallback = true;
parameters.EnableDebugging = true;
break;
default:
ctx.AssertFail("Unsupported connection instrument: '{0}'.", type);
break;
}
return(parameters);
}
public SignatureInstrumentParameters (InstrumentationCategory category, SignatureInstrumentType type, string identifier, IServerCertificate certificate)
: base (category, identifier, certificate)
{
Type = type;
}
public static IEnumerable <RenegotiationInstrumentParameters> GetParameters(TestContext ctx, InstrumentationCategory category)
{
return(GetInstrumentationTypes(ctx, category).Select(t => Create(ctx, category, t)));
}
public InstrumentationParameters(InstrumentationCategory category, string identifier, X509Certificate certificate)
: base((MonoConnectionTestCategory)category, identifier, certificate)
{
}
public static IEnumerable <RenegotiationInstrumentType> GetInstrumentationTypes(TestContext ctx, InstrumentationCategory category)
{
switch (category)
{
case InstrumentationCategory.ClientRenegotiation:
yield return(RenegotiationInstrumentType.RequestClientRenegotiation);
break;
case InstrumentationCategory.ServerRenegotiation:
yield return(RenegotiationInstrumentType.RequestRenegotiation);
yield return(RenegotiationInstrumentType.SendBlobBeforeHelloRequest);
yield return(RenegotiationInstrumentType.SendBlobAfterHelloRequest);
yield return(RenegotiationInstrumentType.SendBlobBeforeAndAfterHelloRequest);
yield return(RenegotiationInstrumentType.SendDuplicateHelloRequest);
yield return(RenegotiationInstrumentType.RequestServerRenegotiation);
yield return(RenegotiationInstrumentType.RequestServerRenegotiationWithPendingRead);
break;
case InstrumentationCategory.Renegotiation:
yield return(RenegotiationInstrumentType.SendBlobBeforeRenegotiatingHello);
yield return(RenegotiationInstrumentType.SendBlobBeforeRenegotiatingHelloNoPendingRead);
yield return(RenegotiationInstrumentType.RequestClientRenegotiationWithPendingWrite);
break;
case InstrumentationCategory.MartinTest:
case InstrumentationCategory.MartinTestClient:
case InstrumentationCategory.MartinTestServer:
yield return(RenegotiationInstrumentType.MartinTest);
break;
default:
ctx.AssertFail("Unsupported instrumentation category: '{0}'.", category);
break;
}
}
static SimpleConnectionParameters CreateParameters (InstrumentationCategory category, SimpleConnectionType type, params object[] args)
{
var sb = new StringBuilder ();
sb.Append (type);
foreach (var arg in args) {
sb.AppendFormat (":{0}", arg);
}
var name = sb.ToString ();
return new SimpleConnectionParameters (category, type, name, ResourceManager.SelfSignedServerCertificate) {
ClientCertificateValidator = AcceptAnyCertificate
};
}
public InstrumentationParameters(InstrumentationCategory category, string identifier, IServerCertificate certificate)
: base(identifier, certificate)
{
Category = category;
}
static CipherInstrumentParameters Create (TestContext ctx, InstrumentationCategory category, CipherInstrumentType type)
{
var parameters = CreateParameters (category, type);
switch (type) {
case CipherInstrumentType.InvalidCipher:
parameters.ServerCiphers = new CipherSuiteCode[] { CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA };
parameters.ClientCiphers = new CipherSuiteCode[] { CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 };
parameters.ProtocolVersion = ProtocolVersions.Tls12;
parameters.ExpectServerAlert = AlertDescription.HandshakeFailure;
break;
default:
ctx.AssertFail ("Unsupported cipher instrument: '{0}'.", type);
break;
}
return parameters;
}
public GenericConnectionInstrumentParameters(InstrumentationCategory category, GenericConnectionInstrumentType type, string identifier, X509Certificate certificate)
: base(category, identifier, certificate)
{
Type = type;
}
