protected SslStreamTestParameters(SslStreamTestParameters other) : base(other) { Type = other.Type; ExpectClientException = other.ExpectClientException; ExpectServerException = other.ExpectServerException; }
protected HttpsTestParameters(HttpsTestParameters other) : base(other) { Type = other.Type; CertificateType = other.CertificateType; ExpectWebException = other.ExpectWebException; ExpectTrustFailure = other.ExpectTrustFailure; ClientAbortsHandshake = other.ClientAbortsHandshake; ExternalServer = other.ExternalServer; OverrideTargetHost = other.OverrideTargetHost; }
static string GetTestName(ConnectionTestCategory category, ConnectionTestType type, params object[] args) { var sb = new StringBuilder(); sb.Append(type); foreach (var arg in args) { sb.AppendFormat(":{0}", arg); } return(sb.ToString()); }
public HttpsTestParameters(ConnectionTestCategory category, ConnectionTestType type, string identifier, CertificateResourceType certificate) : base(category, identifier, null) { Type = type; CertificateType = certificate; }
public HttpsTestParameters(ConnectionTestCategory category, ConnectionTestType type, string identifier, X509Certificate certificate) : base(category, identifier, certificate) { Type = type; }
public static HttpsTestParameters GetParameters(TestContext ctx, ConnectionTestCategory category, ConnectionTestType type) { var certificateProvider = DependencyInjector.Get <ICertificateProvider> (); var acceptAll = certificateProvider.AcceptAll(); var rejectAll = certificateProvider.RejectAll(); var acceptNull = certificateProvider.AcceptNull(); var acceptSelfSigned = certificateProvider.AcceptThisCertificate(ResourceManager.SelfSignedServerCertificate); var acceptFromLocalCA = certificateProvider.AcceptFromCA(ResourceManager.LocalCACertificate); var name = GetTestName(category, type); switch (type) { case ConnectionTestType.Default: return(new HttpsTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate) { ClientCertificateValidator = acceptAll }); case ConnectionTestType.AcceptFromLocalCA: return(new HttpsTestParameters(category, type, name, ResourceManager.ServerCertificateFromCA) { ClientCertificateValidator = acceptFromLocalCA }); case ConnectionTestType.NoValidator: // The default validator only allows ResourceManager.SelfSignedServerCertificate. return(new HttpsTestParameters(category, type, name, ResourceManager.ServerCertificateFromCA) { ExpectTrustFailure = true, ClientAbortsHandshake = true }); case ConnectionTestType.RejectAll: // Explicit validator overrides the default ServicePointManager.ServerCertificateValidationCallback. return(new HttpsTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate) { ExpectTrustFailure = true, ClientCertificateValidator = rejectAll, ClientAbortsHandshake = true }); case ConnectionTestType.UnrequestedClientCertificate: // Provide a client certificate, but do not require it. return(new HttpsTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate) { ClientCertificate = ResourceManager.PenguinCertificate, ClientCertificateValidator = acceptSelfSigned, ServerCertificateValidator = acceptNull }); case ConnectionTestType.RequestClientCertificate: /* * Request client certificate, but do not require it. * * FIXME: * SslStream with Mono's old implementation fails here. */ return(new HttpsTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate) { ClientCertificate = ResourceManager.MonkeyCertificate, ClientCertificateValidator = acceptSelfSigned, AskForClientCertificate = true, ServerCertificateValidator = acceptFromLocalCA }); case ConnectionTestType.RequireClientCertificate: // Require client certificate. return(new HttpsTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate) { ClientCertificate = ResourceManager.MonkeyCertificate, ClientCertificateValidator = acceptSelfSigned, AskForClientCertificate = true, RequireClientCertificate = true, ServerCertificateValidator = acceptFromLocalCA }); case ConnectionTestType.OptionalClientCertificate: /* * Request client certificate without requiring one and do not provide it. * * To ask for an optional client certificate (without requiring it), you need to specify a custom validation * callback and then accept the null certificate with `SslPolicyErrors.RemoteCertificateNotAvailable' in it. * * FIXME: * Mono with the old TLS implementation throws SecureChannelFailure. */ return(new HttpsTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate) { ClientCertificateValidator = acceptSelfSigned, AskForClientCertificate = true, ServerCertificateValidator = acceptNull }); case ConnectionTestType.RejectClientCertificate: // Reject client certificate. return(new HttpsTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate) { ClientCertificate = ResourceManager.MonkeyCertificate, ClientCertificateValidator = acceptSelfSigned, ExpectWebException = true, ServerCertificateValidator = rejectAll, AskForClientCertificate = true, ClientAbortsHandshake = true }); case ConnectionTestType.MissingClientCertificate: // Missing client certificate. return(new HttpsTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate) { ClientCertificateValidator = acceptSelfSigned, ExpectWebException = true, AskForClientCertificate = true, RequireClientCertificate = true, ClientAbortsHandshake = true }); case ConnectionTestType.DontInvokeGlobalValidator: return(new HttpsTestParameters(category, type, name, ResourceManager.ServerCertificateFromCA) { ClientCertificateValidator = acceptAll, GlobalValidationFlags = GlobalValidationFlags.SetToTestRunner | GlobalValidationFlags.MustNotInvoke }); case ConnectionTestType.DontInvokeGlobalValidator2: return(new HttpsTestParameters(category, type, name, ResourceManager.ServerCertificateFromCA) { ClientCertificateValidator = rejectAll, GlobalValidationFlags = GlobalValidationFlags.SetToTestRunner | GlobalValidationFlags.MustNotInvoke, ExpectTrustFailure = true, ClientAbortsHandshake = true }); case ConnectionTestType.GlobalValidatorIsNull: return(new HttpsTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate) { GlobalValidationFlags = GlobalValidationFlags.SetToNull, ExpectTrustFailure = true, ClientAbortsHandshake = true }); case ConnectionTestType.MustInvokeGlobalValidator: return(new HttpsTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate) { GlobalValidationFlags = GlobalValidationFlags.SetToTestRunner | GlobalValidationFlags.MustInvoke | GlobalValidationFlags.AlwaysSucceed }); case ConnectionTestType.CheckChain: return(new HttpsTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate) { GlobalValidationFlags = GlobalValidationFlags.CheckChain, ExpectPolicyErrors = SslPolicyErrors.RemoteCertificateChainErrors | SslPolicyErrors.RemoteCertificateNameMismatch, ExpectChainStatus = X509ChainStatusFlags.UntrustedRoot }); case ConnectionTestType.ExternalServer: return(new HttpsTestParameters(category, type, name, CertificateResourceType.TlsTestXamDevNew) { ExternalServer = new Uri("https://tlstest-1.xamdev.com/"), GlobalValidationFlags = GlobalValidationFlags.CheckChain, ExpectPolicyErrors = SslPolicyErrors.None }); case ConnectionTestType.ServerCertificateWithCA: var parameters = new HttpsTestParameters(category, type, name, ResourceManager.ServerCertificateWithCA) { GlobalValidationFlags = GlobalValidationFlags.SetToTestRunner, ExpectChainStatus = X509ChainStatusFlags.UntrustedRoot }; parameters.ValidationParameters = new ValidationParameters(); parameters.ValidationParameters.AddExpectedExtraStore(CertificateResourceType.ServerCertificateFromLocalCA); parameters.ValidationParameters.AddExpectedExtraStore(CertificateResourceType.HamillerTubeCA); parameters.ValidationParameters.ExpectSuccess = false; return(parameters); case ConnectionTestType.TrustedRootCA: parameters = new HttpsTestParameters(category, type, name, ResourceManager.ServerCertificateFromCA) { GlobalValidationFlags = GlobalValidationFlags.CheckChain, ExpectPolicyErrors = SslPolicyErrors.None, OverrideTargetHost = "Hamiller-Tube.local" }; parameters.ValidationParameters = new ValidationParameters(); parameters.ValidationParameters.AddTrustedRoot(CertificateResourceType.HamillerTubeCA); parameters.ValidationParameters.ExpectSuccess = true; return(parameters); case ConnectionTestType.TrustedIntermediateCA: parameters = new HttpsTestParameters(category, type, name, ResourceManager.GetCertificate(CertificateResourceType.IntermediateServerCertificateBare)) { GlobalValidationFlags = GlobalValidationFlags.SetToTestRunner, ExpectChainStatus = X509ChainStatusFlags.NoError, ExpectPolicyErrors = SslPolicyErrors.None, OverrideTargetHost = "Intermediate-Server.local" }; parameters.ValidationParameters = new ValidationParameters(); parameters.ValidationParameters.AddTrustedRoot(CertificateResourceType.HamillerTubeIM); parameters.ValidationParameters.AddExpectedExtraStore(CertificateResourceType.IntermediateServerCertificateNoKey); parameters.ValidationParameters.ExpectSuccess = true; return(parameters); case ConnectionTestType.TrustedSelfSigned: parameters = new HttpsTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate) { GlobalValidationFlags = GlobalValidationFlags.SetToTestRunner, ExpectChainStatus = X509ChainStatusFlags.NoError, ExpectPolicyErrors = SslPolicyErrors.None, OverrideTargetHost = "Hamiller-Tube.local" }; parameters.ValidationParameters = new ValidationParameters(); parameters.ValidationParameters.AddTrustedRoot(CertificateResourceType.SelfSignedServerCertificate); parameters.ValidationParameters.ExpectSuccess = true; return(parameters); case ConnectionTestType.HostNameMismatch: parameters = new HttpsTestParameters(category, type, name, ResourceManager.ServerCertificateFromCA) { GlobalValidationFlags = GlobalValidationFlags.CheckChain, ExpectPolicyErrors = SslPolicyErrors.RemoteCertificateNameMismatch, }; parameters.ValidationParameters = new ValidationParameters(); parameters.ValidationParameters.AddTrustedRoot(CertificateResourceType.HamillerTubeCA); parameters.ValidationParameters.ExpectSuccess = false; return(parameters); case ConnectionTestType.IntermediateServerCertificate: parameters = new HttpsTestParameters(category, type, name, ResourceManager.GetCertificate(CertificateResourceType.IntermediateServerCertificate)) { GlobalValidationFlags = GlobalValidationFlags.SetToTestRunner, ExpectChainStatus = X509ChainStatusFlags.NoError, ExpectPolicyErrors = SslPolicyErrors.None, OverrideTargetHost = "Intermediate-Server.local" }; parameters.ValidationParameters = new ValidationParameters(); parameters.ValidationParameters.AddTrustedRoot(CertificateResourceType.HamillerTubeCA); parameters.ValidationParameters.AddExpectedExtraStore(CertificateResourceType.IntermediateServerCertificateNoKey); parameters.ValidationParameters.AddExpectedExtraStore(CertificateResourceType.HamillerTubeIM); parameters.ValidationParameters.ExpectSuccess = true; return(parameters); case ConnectionTestType.IntermediateServerCertificateFull: parameters = new HttpsTestParameters(category, type, name, ResourceManager.GetCertificate(CertificateResourceType.IntermediateServerCertificateFull)) { GlobalValidationFlags = GlobalValidationFlags.SetToTestRunner, ExpectChainStatus = X509ChainStatusFlags.NoError, ExpectPolicyErrors = SslPolicyErrors.None, OverrideTargetHost = "Intermediate-Server.local" }; parameters.ValidationParameters = new ValidationParameters(); parameters.ValidationParameters.AddTrustedRoot(CertificateResourceType.HamillerTubeCA); parameters.ValidationParameters.AddExpectedExtraStore(CertificateResourceType.IntermediateServerCertificateNoKey); parameters.ValidationParameters.AddExpectedExtraStore(CertificateResourceType.HamillerTubeIM); parameters.ValidationParameters.AddExpectedExtraStore(CertificateResourceType.HamillerTubeCA); parameters.ValidationParameters.ExpectSuccess = true; return(parameters); case ConnectionTestType.IntermediateServerCertificateBare: parameters = new HttpsTestParameters(category, type, name, ResourceManager.GetCertificate(CertificateResourceType.IntermediateServerCertificateBare)) { GlobalValidationFlags = GlobalValidationFlags.SetToTestRunner, ExpectPolicyErrors = SslPolicyErrors.RemoteCertificateChainErrors, OverrideTargetHost = "Intermediate-Server.local" }; parameters.ValidationParameters = new ValidationParameters(); parameters.ValidationParameters.AddTrustedRoot(CertificateResourceType.HamillerTubeCA); parameters.ValidationParameters.AddExpectedExtraStore(CertificateResourceType.IntermediateServerCertificateNoKey); parameters.ValidationParameters.ExpectSuccess = false; return(parameters); case ConnectionTestType.CertificateStore: parameters = new HttpsTestParameters(category, type, name, ResourceManager.GetCertificate(CertificateResourceType.ServerFromTrustedIntermediateCABare)) { GlobalValidationFlags = GlobalValidationFlags.SetToTestRunner, ExpectChainStatus = X509ChainStatusFlags.NoError, ExpectPolicyErrors = SslPolicyErrors.None, OverrideTargetHost = "Trusted-IM-Server.local" }; return(parameters); case ConnectionTestType.MartinTest: goto case ConnectionTestType.ServerCertificateWithCA; default: throw new InternalErrorException(); } }
public static SslStreamTestParameters GetParameters(TestContext ctx, ConnectionTestCategory category, ConnectionTestType type) { var certificateProvider = DependencyInjector.Get <ICertificateProvider> (); var acceptAll = certificateProvider.AcceptAll(); var rejectAll = certificateProvider.RejectAll(); var acceptNull = certificateProvider.AcceptNull(); var acceptSelfSigned = certificateProvider.AcceptThisCertificate(ResourceManager.SelfSignedServerCertificate); var acceptFromLocalCA = certificateProvider.AcceptFromCA(ResourceManager.LocalCACertificate); var name = GetTestName(category, type); switch (type) { case ConnectionTestType.Default: return(new SslStreamTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate) { ClientCertificateValidator = acceptAll }); case ConnectionTestType.AcceptFromLocalCA: return(new SslStreamTestParameters(category, type, name, ResourceManager.ServerCertificateFromCA) { ClientCertificateValidator = acceptFromLocalCA }); case ConnectionTestType.NoValidator: // The default validator only allows ResourceManager.SelfSignedServerCertificate. return(new SslStreamTestParameters(category, type, name, ResourceManager.ServerCertificateFromCA) { ExpectClientException = true }); case ConnectionTestType.RejectAll: // Explicit validator overrides the default ServicePointManager.ServerCertificateValidationCallback. return(new SslStreamTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate) { ExpectClientException = true, ClientCertificateValidator = rejectAll }); case ConnectionTestType.UnrequestedClientCertificate: // Provide a client certificate, but do not require it. return(new SslStreamTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate) { ClientCertificate = ResourceManager.PenguinCertificate, ClientCertificateValidator = acceptSelfSigned, ServerCertificateValidator = acceptNull }); case ConnectionTestType.RequestClientCertificate: /* * Request client certificate, but do not require it. * * FIXME: * SslStream with Mono's old implementation fails here. */ return(new SslStreamTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate) { ClientCertificate = ResourceManager.MonkeyCertificate, ClientCertificateValidator = acceptSelfSigned, AskForClientCertificate = true, ServerCertificateValidator = acceptFromLocalCA }); case ConnectionTestType.RequireClientCertificate: // Require client certificate. return(new SslStreamTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate) { ClientCertificate = ResourceManager.MonkeyCertificate, ClientCertificateValidator = acceptSelfSigned, AskForClientCertificate = true, RequireClientCertificate = true, ServerCertificateValidator = acceptFromLocalCA }); case ConnectionTestType.OptionalClientCertificate: /* * Request client certificate without requiring one and do not provide it. * * To ask for an optional client certificate (without requiring it), you need to specify a custom validation * callback and then accept the null certificate with `SslPolicyErrors.RemoteCertificateNotAvailable' in it. * * FIXME: * Mono with the old TLS implementation throws SecureChannelFailure. */ return(new SslStreamTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate) { ClientCertificateValidator = acceptSelfSigned, AskForClientCertificate = true, ServerCertificateValidator = acceptNull }); case ConnectionTestType.RejectClientCertificate: // Reject client certificate. return(new SslStreamTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate) { ClientCertificate = ResourceManager.MonkeyCertificate, ClientCertificateValidator = acceptSelfSigned, ServerCertificateValidator = rejectAll, AskForClientCertificate = true, ExpectClientException = true, ExpectServerException = true }); case ConnectionTestType.MissingClientCertificate: // Missing client certificate. return(new SslStreamTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate) { ClientCertificateValidator = acceptSelfSigned, AskForClientCertificate = true, RequireClientCertificate = true, ExpectClientException = true, ExpectServerException = true }); case ConnectionTestType.MartinTest: goto case ConnectionTestType.RequestClientCertificate; case ConnectionTestType.MustNotInvokeGlobalValidator: return(new SslStreamTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate) { ClientCertificateValidator = acceptAll, GlobalValidationFlags = GlobalValidationFlags.MustNotInvoke }); case ConnectionTestType.MustNotInvokeGlobalValidator2: return(new SslStreamTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate) { GlobalValidationFlags = GlobalValidationFlags.MustNotInvoke, ExpectClientException = true }); default: throw new InternalErrorException(); } }
public SslStreamTestParametersAttribute(ConnectionTestType type) : base(null, TestFlags.Browsable | TestFlags.ContinueOnError) { Type = type; }
protected SslStreamTestParameters(SslStreamTestParameters other) : base(other) { Type = other.Type; }