protected SslStreamTestParameters(SslStreamTestParameters other)
: base(other)
{
Type = other.Type;
ExpectClientException = other.ExpectClientException;
ExpectServerException = other.ExpectServerException;
}
protected HttpsTestParameters(HttpsTestParameters other)
: base(other)
{
Type = other.Type;
CertificateType = other.CertificateType;
ExpectWebException = other.ExpectWebException;
ExpectTrustFailure = other.ExpectTrustFailure;
ClientAbortsHandshake = other.ClientAbortsHandshake;
ExternalServer = other.ExternalServer;
OverrideTargetHost = other.OverrideTargetHost;
}
static string GetTestName(ConnectionTestCategory category, ConnectionTestType type, params object[] args)
{
var sb = new StringBuilder();
sb.Append(type);
foreach (var arg in args)
{
sb.AppendFormat(":{0}", arg);
}
return(sb.ToString());
}
public HttpsTestParameters(ConnectionTestCategory category, ConnectionTestType type, string identifier, CertificateResourceType certificate)
: base(category, identifier, null)
{
Type = type;
CertificateType = certificate;
}
public HttpsTestParameters(ConnectionTestCategory category, ConnectionTestType type, string identifier, X509Certificate certificate)
: base(category, identifier, certificate)
{
Type = type;
}
public static HttpsTestParameters GetParameters(TestContext ctx, ConnectionTestCategory category, ConnectionTestType type)
{
var certificateProvider = DependencyInjector.Get <ICertificateProvider> ();
var acceptAll = certificateProvider.AcceptAll();
var rejectAll = certificateProvider.RejectAll();
var acceptNull = certificateProvider.AcceptNull();
var acceptSelfSigned = certificateProvider.AcceptThisCertificate(ResourceManager.SelfSignedServerCertificate);
var acceptFromLocalCA = certificateProvider.AcceptFromCA(ResourceManager.LocalCACertificate);
var name = GetTestName(category, type);
switch (type)
{
case ConnectionTestType.Default:
return(new HttpsTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
ClientCertificateValidator = acceptAll
});
case ConnectionTestType.AcceptFromLocalCA:
return(new HttpsTestParameters(category, type, name, ResourceManager.ServerCertificateFromCA)
{
ClientCertificateValidator = acceptFromLocalCA
});
case ConnectionTestType.NoValidator:
// The default validator only allows ResourceManager.SelfSignedServerCertificate.
return(new HttpsTestParameters(category, type, name, ResourceManager.ServerCertificateFromCA)
{
ExpectTrustFailure = true, ClientAbortsHandshake = true
});
case ConnectionTestType.RejectAll:
// Explicit validator overrides the default ServicePointManager.ServerCertificateValidationCallback.
return(new HttpsTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
ExpectTrustFailure = true, ClientCertificateValidator = rejectAll,
ClientAbortsHandshake = true
});
case ConnectionTestType.UnrequestedClientCertificate:
// Provide a client certificate, but do not require it.
return(new HttpsTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
ClientCertificate = ResourceManager.PenguinCertificate, ClientCertificateValidator = acceptSelfSigned,
ServerCertificateValidator = acceptNull
});
case ConnectionTestType.RequestClientCertificate:
/*
* Request client certificate, but do not require it.
*
* FIXME:
* SslStream with Mono's old implementation fails here.
*/
return(new HttpsTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
ClientCertificate = ResourceManager.MonkeyCertificate, ClientCertificateValidator = acceptSelfSigned,
AskForClientCertificate = true, ServerCertificateValidator = acceptFromLocalCA
});
case ConnectionTestType.RequireClientCertificate:
// Require client certificate.
return(new HttpsTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
ClientCertificate = ResourceManager.MonkeyCertificate, ClientCertificateValidator = acceptSelfSigned,
AskForClientCertificate = true, RequireClientCertificate = true,
ServerCertificateValidator = acceptFromLocalCA
});
case ConnectionTestType.OptionalClientCertificate:
/*
* Request client certificate without requiring one and do not provide it.
*
* To ask for an optional client certificate (without requiring it), you need to specify a custom validation
* callback and then accept the null certificate with `SslPolicyErrors.RemoteCertificateNotAvailable' in it.
*
* FIXME:
* Mono with the old TLS implementation throws SecureChannelFailure.
*/
return(new HttpsTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
ClientCertificateValidator = acceptSelfSigned, AskForClientCertificate = true,
ServerCertificateValidator = acceptNull
});
case ConnectionTestType.RejectClientCertificate:
// Reject client certificate.
return(new HttpsTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
ClientCertificate = ResourceManager.MonkeyCertificate, ClientCertificateValidator = acceptSelfSigned,
ExpectWebException = true, ServerCertificateValidator = rejectAll,
AskForClientCertificate = true, ClientAbortsHandshake = true
});
case ConnectionTestType.MissingClientCertificate:
// Missing client certificate.
return(new HttpsTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
ClientCertificateValidator = acceptSelfSigned, ExpectWebException = true,
AskForClientCertificate = true, RequireClientCertificate = true,
ClientAbortsHandshake = true
});
case ConnectionTestType.DontInvokeGlobalValidator:
return(new HttpsTestParameters(category, type, name, ResourceManager.ServerCertificateFromCA)
{
ClientCertificateValidator = acceptAll,
GlobalValidationFlags = GlobalValidationFlags.SetToTestRunner | GlobalValidationFlags.MustNotInvoke
});
case ConnectionTestType.DontInvokeGlobalValidator2:
return(new HttpsTestParameters(category, type, name, ResourceManager.ServerCertificateFromCA)
{
ClientCertificateValidator = rejectAll,
GlobalValidationFlags = GlobalValidationFlags.SetToTestRunner | GlobalValidationFlags.MustNotInvoke,
ExpectTrustFailure = true, ClientAbortsHandshake = true
});
case ConnectionTestType.GlobalValidatorIsNull:
return(new HttpsTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
GlobalValidationFlags = GlobalValidationFlags.SetToNull,
ExpectTrustFailure = true, ClientAbortsHandshake = true
});
case ConnectionTestType.MustInvokeGlobalValidator:
return(new HttpsTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
GlobalValidationFlags = GlobalValidationFlags.SetToTestRunner |
GlobalValidationFlags.MustInvoke | GlobalValidationFlags.AlwaysSucceed
});
case ConnectionTestType.CheckChain:
return(new HttpsTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
GlobalValidationFlags = GlobalValidationFlags.CheckChain,
ExpectPolicyErrors = SslPolicyErrors.RemoteCertificateChainErrors | SslPolicyErrors.RemoteCertificateNameMismatch,
ExpectChainStatus = X509ChainStatusFlags.UntrustedRoot
});
case ConnectionTestType.ExternalServer:
return(new HttpsTestParameters(category, type, name, CertificateResourceType.TlsTestXamDevNew)
{
ExternalServer = new Uri("https://tlstest-1.xamdev.com/"),
GlobalValidationFlags = GlobalValidationFlags.CheckChain,
ExpectPolicyErrors = SslPolicyErrors.None
});
case ConnectionTestType.ServerCertificateWithCA:
var parameters = new HttpsTestParameters(category, type, name, ResourceManager.ServerCertificateWithCA)
{
GlobalValidationFlags = GlobalValidationFlags.SetToTestRunner,
ExpectChainStatus = X509ChainStatusFlags.UntrustedRoot
};
parameters.ValidationParameters = new ValidationParameters();
parameters.ValidationParameters.AddExpectedExtraStore(CertificateResourceType.ServerCertificateFromLocalCA);
parameters.ValidationParameters.AddExpectedExtraStore(CertificateResourceType.HamillerTubeCA);
parameters.ValidationParameters.ExpectSuccess = false;
return(parameters);
case ConnectionTestType.TrustedRootCA:
parameters = new HttpsTestParameters(category, type, name, ResourceManager.ServerCertificateFromCA)
{
GlobalValidationFlags = GlobalValidationFlags.CheckChain,
ExpectPolicyErrors = SslPolicyErrors.None, OverrideTargetHost = "Hamiller-Tube.local"
};
parameters.ValidationParameters = new ValidationParameters();
parameters.ValidationParameters.AddTrustedRoot(CertificateResourceType.HamillerTubeCA);
parameters.ValidationParameters.ExpectSuccess = true;
return(parameters);
case ConnectionTestType.TrustedIntermediateCA:
parameters = new HttpsTestParameters(category, type, name, ResourceManager.GetCertificate(CertificateResourceType.IntermediateServerCertificateBare))
{
GlobalValidationFlags = GlobalValidationFlags.SetToTestRunner,
ExpectChainStatus = X509ChainStatusFlags.NoError,
ExpectPolicyErrors = SslPolicyErrors.None, OverrideTargetHost = "Intermediate-Server.local"
};
parameters.ValidationParameters = new ValidationParameters();
parameters.ValidationParameters.AddTrustedRoot(CertificateResourceType.HamillerTubeIM);
parameters.ValidationParameters.AddExpectedExtraStore(CertificateResourceType.IntermediateServerCertificateNoKey);
parameters.ValidationParameters.ExpectSuccess = true;
return(parameters);
case ConnectionTestType.TrustedSelfSigned:
parameters = new HttpsTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
GlobalValidationFlags = GlobalValidationFlags.SetToTestRunner,
ExpectChainStatus = X509ChainStatusFlags.NoError,
ExpectPolicyErrors = SslPolicyErrors.None, OverrideTargetHost = "Hamiller-Tube.local"
};
parameters.ValidationParameters = new ValidationParameters();
parameters.ValidationParameters.AddTrustedRoot(CertificateResourceType.SelfSignedServerCertificate);
parameters.ValidationParameters.ExpectSuccess = true;
return(parameters);
case ConnectionTestType.HostNameMismatch:
parameters = new HttpsTestParameters(category, type, name, ResourceManager.ServerCertificateFromCA)
{
GlobalValidationFlags = GlobalValidationFlags.CheckChain,
ExpectPolicyErrors = SslPolicyErrors.RemoteCertificateNameMismatch,
};
parameters.ValidationParameters = new ValidationParameters();
parameters.ValidationParameters.AddTrustedRoot(CertificateResourceType.HamillerTubeCA);
parameters.ValidationParameters.ExpectSuccess = false;
return(parameters);
case ConnectionTestType.IntermediateServerCertificate:
parameters = new HttpsTestParameters(category, type, name, ResourceManager.GetCertificate(CertificateResourceType.IntermediateServerCertificate))
{
GlobalValidationFlags = GlobalValidationFlags.SetToTestRunner,
ExpectChainStatus = X509ChainStatusFlags.NoError,
ExpectPolicyErrors = SslPolicyErrors.None, OverrideTargetHost = "Intermediate-Server.local"
};
parameters.ValidationParameters = new ValidationParameters();
parameters.ValidationParameters.AddTrustedRoot(CertificateResourceType.HamillerTubeCA);
parameters.ValidationParameters.AddExpectedExtraStore(CertificateResourceType.IntermediateServerCertificateNoKey);
parameters.ValidationParameters.AddExpectedExtraStore(CertificateResourceType.HamillerTubeIM);
parameters.ValidationParameters.ExpectSuccess = true;
return(parameters);
case ConnectionTestType.IntermediateServerCertificateFull:
parameters = new HttpsTestParameters(category, type, name, ResourceManager.GetCertificate(CertificateResourceType.IntermediateServerCertificateFull))
{
GlobalValidationFlags = GlobalValidationFlags.SetToTestRunner,
ExpectChainStatus = X509ChainStatusFlags.NoError,
ExpectPolicyErrors = SslPolicyErrors.None, OverrideTargetHost = "Intermediate-Server.local"
};
parameters.ValidationParameters = new ValidationParameters();
parameters.ValidationParameters.AddTrustedRoot(CertificateResourceType.HamillerTubeCA);
parameters.ValidationParameters.AddExpectedExtraStore(CertificateResourceType.IntermediateServerCertificateNoKey);
parameters.ValidationParameters.AddExpectedExtraStore(CertificateResourceType.HamillerTubeIM);
parameters.ValidationParameters.AddExpectedExtraStore(CertificateResourceType.HamillerTubeCA);
parameters.ValidationParameters.ExpectSuccess = true;
return(parameters);
case ConnectionTestType.IntermediateServerCertificateBare:
parameters = new HttpsTestParameters(category, type, name, ResourceManager.GetCertificate(CertificateResourceType.IntermediateServerCertificateBare))
{
GlobalValidationFlags = GlobalValidationFlags.SetToTestRunner,
ExpectPolicyErrors = SslPolicyErrors.RemoteCertificateChainErrors, OverrideTargetHost = "Intermediate-Server.local"
};
parameters.ValidationParameters = new ValidationParameters();
parameters.ValidationParameters.AddTrustedRoot(CertificateResourceType.HamillerTubeCA);
parameters.ValidationParameters.AddExpectedExtraStore(CertificateResourceType.IntermediateServerCertificateNoKey);
parameters.ValidationParameters.ExpectSuccess = false;
return(parameters);
case ConnectionTestType.CertificateStore:
parameters = new HttpsTestParameters(category, type, name, ResourceManager.GetCertificate(CertificateResourceType.ServerFromTrustedIntermediateCABare))
{
GlobalValidationFlags = GlobalValidationFlags.SetToTestRunner,
ExpectChainStatus = X509ChainStatusFlags.NoError,
ExpectPolicyErrors = SslPolicyErrors.None, OverrideTargetHost = "Trusted-IM-Server.local"
};
return(parameters);
case ConnectionTestType.MartinTest:
goto case ConnectionTestType.ServerCertificateWithCA;
default:
throw new InternalErrorException();
}
}
public static SslStreamTestParameters GetParameters(TestContext ctx, ConnectionTestCategory category, ConnectionTestType type)
{
var certificateProvider = DependencyInjector.Get <ICertificateProvider> ();
var acceptAll = certificateProvider.AcceptAll();
var rejectAll = certificateProvider.RejectAll();
var acceptNull = certificateProvider.AcceptNull();
var acceptSelfSigned = certificateProvider.AcceptThisCertificate(ResourceManager.SelfSignedServerCertificate);
var acceptFromLocalCA = certificateProvider.AcceptFromCA(ResourceManager.LocalCACertificate);
var name = GetTestName(category, type);
switch (type)
{
case ConnectionTestType.Default:
return(new SslStreamTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
ClientCertificateValidator = acceptAll
});
case ConnectionTestType.AcceptFromLocalCA:
return(new SslStreamTestParameters(category, type, name, ResourceManager.ServerCertificateFromCA)
{
ClientCertificateValidator = acceptFromLocalCA
});
case ConnectionTestType.NoValidator:
// The default validator only allows ResourceManager.SelfSignedServerCertificate.
return(new SslStreamTestParameters(category, type, name, ResourceManager.ServerCertificateFromCA)
{
ExpectClientException = true
});
case ConnectionTestType.RejectAll:
// Explicit validator overrides the default ServicePointManager.ServerCertificateValidationCallback.
return(new SslStreamTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
ExpectClientException = true, ClientCertificateValidator = rejectAll
});
case ConnectionTestType.UnrequestedClientCertificate:
// Provide a client certificate, but do not require it.
return(new SslStreamTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
ClientCertificate = ResourceManager.PenguinCertificate, ClientCertificateValidator = acceptSelfSigned,
ServerCertificateValidator = acceptNull
});
case ConnectionTestType.RequestClientCertificate:
/*
* Request client certificate, but do not require it.
*
* FIXME:
* SslStream with Mono's old implementation fails here.
*/
return(new SslStreamTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
ClientCertificate = ResourceManager.MonkeyCertificate, ClientCertificateValidator = acceptSelfSigned,
AskForClientCertificate = true, ServerCertificateValidator = acceptFromLocalCA
});
case ConnectionTestType.RequireClientCertificate:
// Require client certificate.
return(new SslStreamTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
ClientCertificate = ResourceManager.MonkeyCertificate, ClientCertificateValidator = acceptSelfSigned,
AskForClientCertificate = true, RequireClientCertificate = true,
ServerCertificateValidator = acceptFromLocalCA
});
case ConnectionTestType.OptionalClientCertificate:
/*
* Request client certificate without requiring one and do not provide it.
*
* To ask for an optional client certificate (without requiring it), you need to specify a custom validation
* callback and then accept the null certificate with `SslPolicyErrors.RemoteCertificateNotAvailable' in it.
*
* FIXME:
* Mono with the old TLS implementation throws SecureChannelFailure.
*/
return(new SslStreamTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
ClientCertificateValidator = acceptSelfSigned, AskForClientCertificate = true,
ServerCertificateValidator = acceptNull
});
case ConnectionTestType.RejectClientCertificate:
// Reject client certificate.
return(new SslStreamTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
ClientCertificate = ResourceManager.MonkeyCertificate, ClientCertificateValidator = acceptSelfSigned,
ServerCertificateValidator = rejectAll, AskForClientCertificate = true,
ExpectClientException = true, ExpectServerException = true
});
case ConnectionTestType.MissingClientCertificate:
// Missing client certificate.
return(new SslStreamTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
ClientCertificateValidator = acceptSelfSigned,
AskForClientCertificate = true, RequireClientCertificate = true,
ExpectClientException = true, ExpectServerException = true
});
case ConnectionTestType.MartinTest:
goto case ConnectionTestType.RequestClientCertificate;
case ConnectionTestType.MustNotInvokeGlobalValidator:
return(new SslStreamTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
ClientCertificateValidator = acceptAll,
GlobalValidationFlags = GlobalValidationFlags.MustNotInvoke
});
case ConnectionTestType.MustNotInvokeGlobalValidator2:
return(new SslStreamTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
GlobalValidationFlags = GlobalValidationFlags.MustNotInvoke,
ExpectClientException = true
});
default:
throw new InternalErrorException();
}
}
public SslStreamTestParametersAttribute(ConnectionTestType type)
: base(null, TestFlags.Browsable | TestFlags.ContinueOnError)
{
Type = type;
}
protected SslStreamTestParameters(SslStreamTestParameters other)
: base(other)
{
Type = other.Type;
}
