public Task TestWeb(
TestContext ctx, CancellationToken cancellationToken,
[ConnectionTestProvider("btls")] ConnectionTestProvider provider,
HttpValidationTestParameters parameters, HttpValidationTestRunner runner)
{
return(runner.Run(ctx, cancellationToken));
}
public HttpValidationTestRunner(IPortableEndPoint endpoint, HttpValidationTestParameters parameters,
ConnectionTestProvider provider, Uri uri, HttpServerFlags flags)
{
Parameters = parameters;
Provider = provider;
ServerFlags = flags;
Uri = uri;
Server = new BuiltinHttpServer(uri, endpoint, ServerFlags, parameters, null);
ME = $"{GetType ().Name}({EffectiveType})";
}
public async Task TestCertificateStore(TestContext ctx, CancellationToken cancellationToken,
ConnectionTestProvider provider, HttpValidationTestParameters parameters,
HttpValidationTestRunner runner)
{
await runner.Run(ctx, cancellationToken);
}
public static HttpValidationTestParameters GetParameters(TestContext ctx, ConnectionTestCategory category, HttpValidationTestType type)
{
var certificateProvider = DependencyInjector.Get <ICertificateProvider> ();
var acceptAll = certificateProvider.AcceptAll();
var rejectAll = certificateProvider.RejectAll();
var acceptNull = certificateProvider.AcceptNull();
var acceptSelfSigned = certificateProvider.AcceptThisCertificate(ResourceManager.SelfSignedServerCertificate);
var acceptFromLocalCA = certificateProvider.AcceptFromCA(ResourceManager.LocalCACertificate);
var name = GetTestName(category, type);
var effectiveType = type == HttpValidationTestType.MartinTest ? MartinTest : type;
switch (effectiveType)
{
case HttpValidationTestType.Default:
return(new HttpValidationTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
ClientCertificateValidator = acceptAll
});
case HttpValidationTestType.AcceptFromLocalCA:
return(new HttpValidationTestParameters(category, type, name, ResourceManager.ServerCertificateFromCA)
{
ClientCertificateValidator = acceptFromLocalCA
});
case HttpValidationTestType.NoValidator:
// The default validator only allows ResourceManager.SelfSignedServerCertificate.
return(new HttpValidationTestParameters(category, type, name, ResourceManager.ServerCertificateFromCA)
{
ExpectedStatus = HttpStatusCode.InternalServerError,
ExpectedError = WebExceptionStatus.TrustFailure,
Flags = HttpOperationFlags.ClientAbortsHandshake
});
case HttpValidationTestType.RejectAll:
// Explicit validator overrides the default ServicePointManager.ServerCertificateValidationCallback.
return(new HttpValidationTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
ClientCertificateValidator = rejectAll,
ExpectedStatus = HttpStatusCode.InternalServerError,
ExpectedError = WebExceptionStatus.TrustFailure,
Flags = HttpOperationFlags.ClientAbortsHandshake
});
case HttpValidationTestType.UnrequestedClientCertificate:
// Provide a client certificate, but do not require it.
return(new HttpValidationTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
ClientCertificate = ResourceManager.PenguinCertificate, ClientCertificateValidator = acceptSelfSigned,
ServerCertificateValidator = acceptNull
});
case HttpValidationTestType.RequestClientCertificate:
/*
* Request client certificate, but do not require it.
*
* FIXME:
* SslStream with Mono's old implementation fails here.
*/
return(new HttpValidationTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
ClientCertificate = ResourceManager.MonkeyCertificate, ClientCertificateValidator = acceptSelfSigned,
AskForClientCertificate = true, ServerCertificateValidator = acceptFromLocalCA
});
case HttpValidationTestType.RequireClientCertificate:
// Require client certificate.
return(new HttpValidationTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
ClientCertificate = ResourceManager.MonkeyCertificate, ClientCertificateValidator = acceptSelfSigned,
AskForClientCertificate = true, RequireClientCertificate = true,
ServerCertificateValidator = acceptFromLocalCA,
Flags = HttpOperationFlags.RequireClientCertificate
});
case HttpValidationTestType.OptionalClientCertificate:
/*
* Request client certificate without requiring one and do not provide it.
*
* To ask for an optional client certificate (without requiring it), you need to specify a custom validation
* callback and then accept the null certificate with `SslPolicyErrors.RemoteCertificateNotAvailable' in it.
*
* FIXME:
* Mono with the old TLS implementation throws SecureChannelFailure.
*/
return(new HttpValidationTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
ClientCertificateValidator = acceptSelfSigned, AskForClientCertificate = true,
ServerCertificateValidator = acceptNull
});
case HttpValidationTestType.RejectClientCertificate:
// Reject client certificate.
return(new HttpValidationTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
ClientCertificate = ResourceManager.MonkeyCertificate, ClientCertificateValidator = acceptSelfSigned,
ServerCertificateValidator = rejectAll,
AskForClientCertificate = true,
ExpectedStatus = HttpStatusCode.InternalServerError,
ExpectedError = WebExceptionStatus.AnyErrorStatus,
Flags = HttpOperationFlags.ClientAbortsHandshake
});
case HttpValidationTestType.MissingClientCertificate:
// Missing client certificate.
return(new HttpValidationTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
ClientCertificateValidator = acceptSelfSigned,
AskForClientCertificate = true, RequireClientCertificate = true,
ExpectedStatus = HttpStatusCode.InternalServerError,
ExpectedError = WebExceptionStatus.AnyErrorStatus,
Flags = HttpOperationFlags.ClientAbortsHandshake | HttpOperationFlags.RequireClientCertificate
});
case HttpValidationTestType.DontInvokeGlobalValidator:
return(new HttpValidationTestParameters(category, type, name, ResourceManager.ServerCertificateFromCA)
{
ClientCertificateValidator = acceptAll,
GlobalValidationFlags = GlobalValidationFlags.SetToTestRunner | GlobalValidationFlags.MustNotInvoke
});
case HttpValidationTestType.DontInvokeGlobalValidator2:
return(new HttpValidationTestParameters(category, type, name, ResourceManager.ServerCertificateFromCA)
{
ClientCertificateValidator = rejectAll,
GlobalValidationFlags = GlobalValidationFlags.SetToTestRunner | GlobalValidationFlags.MustNotInvoke,
ExpectedStatus = HttpStatusCode.InternalServerError,
ExpectedError = WebExceptionStatus.TrustFailure,
Flags = HttpOperationFlags.ClientAbortsHandshake
});
case HttpValidationTestType.GlobalValidatorIsNull:
return(new HttpValidationTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
GlobalValidationFlags = GlobalValidationFlags.SetToNull,
ExpectedStatus = HttpStatusCode.InternalServerError,
ExpectedError = WebExceptionStatus.TrustFailure,
Flags = HttpOperationFlags.ClientAbortsHandshake
});
case HttpValidationTestType.MustInvokeGlobalValidator:
return(new HttpValidationTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
GlobalValidationFlags = GlobalValidationFlags.SetToTestRunner |
GlobalValidationFlags.MustInvoke | GlobalValidationFlags.AlwaysSucceed
});
case HttpValidationTestType.CheckChain:
return(new HttpValidationTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
GlobalValidationFlags = GlobalValidationFlags.CheckChain,
ExpectPolicyErrors = SslPolicyErrors.RemoteCertificateChainErrors | SslPolicyErrors.RemoteCertificateNameMismatch,
ExpectChainStatus = X509ChainStatusFlags.UntrustedRoot
});
case HttpValidationTestType.ExternalServer:
return(new HttpValidationTestParameters(category, type, name, CertificateResourceType.TlsTestXamDevNew)
{
ExternalServer = new Uri("https://tlstest-1.xamdev.com/"),
GlobalValidationFlags = GlobalValidationFlags.CheckChain,
ExpectPolicyErrors = SslPolicyErrors.None
});
case HttpValidationTestType.ServerCertificateWithCA:
var parameters = new HttpValidationTestParameters(category, type, name, ResourceManager.ServerCertificateWithCA)
{
GlobalValidationFlags = GlobalValidationFlags.SetToTestRunner,
ExpectChainStatus = X509ChainStatusFlags.UntrustedRoot
};
parameters.ValidationParameters = new ValidationParameters();
parameters.ValidationParameters.AddExpectedExtraStore(CertificateResourceType.ServerCertificateFromLocalCA);
parameters.ValidationParameters.AddExpectedExtraStore(CertificateResourceType.HamillerTubeCA);
parameters.ValidationParameters.ExpectSuccess = false;
return(parameters);
case HttpValidationTestType.TrustedRootCA:
parameters = new HttpValidationTestParameters(category, type, name, ResourceManager.ServerCertificateFromCA)
{
GlobalValidationFlags = GlobalValidationFlags.CheckChain,
ExpectPolicyErrors = SslPolicyErrors.None, OverrideTargetHost = "Hamiller-Tube.local"
};
parameters.ValidationParameters = new ValidationParameters();
parameters.ValidationParameters.AddTrustedRoot(CertificateResourceType.HamillerTubeCA);
parameters.ValidationParameters.ExpectSuccess = true;
return(parameters);
case HttpValidationTestType.TrustedIntermediateCA:
parameters = new HttpValidationTestParameters(category, type, name, ResourceManager.GetCertificate(CertificateResourceType.IntermediateServerCertificateBare))
{
GlobalValidationFlags = GlobalValidationFlags.SetToTestRunner,
ExpectChainStatus = X509ChainStatusFlags.NoError,
ExpectPolicyErrors = SslPolicyErrors.None, OverrideTargetHost = "Intermediate-Server.local"
};
parameters.ValidationParameters = new ValidationParameters();
parameters.ValidationParameters.AddTrustedRoot(CertificateResourceType.HamillerTubeIM);
parameters.ValidationParameters.AddExpectedExtraStore(CertificateResourceType.IntermediateServerCertificateNoKey);
parameters.ValidationParameters.ExpectSuccess = true;
return(parameters);
case HttpValidationTestType.TrustedSelfSigned:
parameters = new HttpValidationTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
GlobalValidationFlags = GlobalValidationFlags.SetToTestRunner,
ExpectChainStatus = X509ChainStatusFlags.NoError,
ExpectPolicyErrors = SslPolicyErrors.None, OverrideTargetHost = "Hamiller-Tube.local"
};
parameters.ValidationParameters = new ValidationParameters();
parameters.ValidationParameters.AddTrustedRoot(CertificateResourceType.SelfSignedServerCertificate);
parameters.ValidationParameters.ExpectSuccess = true;
return(parameters);
case HttpValidationTestType.HostNameMismatch:
parameters = new HttpValidationTestParameters(category, type, name, ResourceManager.ServerCertificateFromCA)
{
GlobalValidationFlags = GlobalValidationFlags.CheckChain,
ExpectPolicyErrors = SslPolicyErrors.RemoteCertificateNameMismatch,
};
parameters.ValidationParameters = new ValidationParameters();
parameters.ValidationParameters.AddTrustedRoot(CertificateResourceType.HamillerTubeCA);
parameters.ValidationParameters.ExpectSuccess = false;
return(parameters);
case HttpValidationTestType.IntermediateServerCertificate:
parameters = new HttpValidationTestParameters(category, type, name, ResourceManager.GetCertificate(CertificateResourceType.IntermediateServerCertificate))
{
GlobalValidationFlags = GlobalValidationFlags.SetToTestRunner,
ExpectChainStatus = X509ChainStatusFlags.NoError,
ExpectPolicyErrors = SslPolicyErrors.None, OverrideTargetHost = "Intermediate-Server.local"
};
parameters.ValidationParameters = new ValidationParameters();
parameters.ValidationParameters.AddTrustedRoot(CertificateResourceType.HamillerTubeCA);
parameters.ValidationParameters.AddExpectedExtraStore(CertificateResourceType.IntermediateServerCertificateNoKey);
parameters.ValidationParameters.AddExpectedExtraStore(CertificateResourceType.HamillerTubeIM);
parameters.ValidationParameters.ExpectSuccess = true;
return(parameters);
case HttpValidationTestType.IntermediateServerCertificateFull:
parameters = new HttpValidationTestParameters(category, type, name, ResourceManager.GetCertificate(CertificateResourceType.IntermediateServerCertificateFull))
{
GlobalValidationFlags = GlobalValidationFlags.SetToTestRunner,
ExpectChainStatus = X509ChainStatusFlags.NoError,
ExpectPolicyErrors = SslPolicyErrors.None, OverrideTargetHost = "Intermediate-Server.local"
};
parameters.ValidationParameters = new ValidationParameters();
parameters.ValidationParameters.AddTrustedRoot(CertificateResourceType.HamillerTubeCA);
parameters.ValidationParameters.AddExpectedExtraStore(CertificateResourceType.IntermediateServerCertificateNoKey);
parameters.ValidationParameters.AddExpectedExtraStore(CertificateResourceType.HamillerTubeIM);
parameters.ValidationParameters.AddExpectedExtraStore(CertificateResourceType.HamillerTubeCA);
parameters.ValidationParameters.ExpectSuccess = true;
return(parameters);
case HttpValidationTestType.IntermediateServerCertificateBare:
parameters = new HttpValidationTestParameters(category, type, name, ResourceManager.GetCertificate(CertificateResourceType.IntermediateServerCertificateBare))
{
GlobalValidationFlags = GlobalValidationFlags.SetToTestRunner,
ExpectPolicyErrors = SslPolicyErrors.RemoteCertificateChainErrors, OverrideTargetHost = "Intermediate-Server.local"
};
parameters.ValidationParameters = new ValidationParameters();
parameters.ValidationParameters.AddTrustedRoot(CertificateResourceType.HamillerTubeCA);
parameters.ValidationParameters.AddExpectedExtraStore(CertificateResourceType.IntermediateServerCertificateNoKey);
parameters.ValidationParameters.ExpectSuccess = false;
return(parameters);
case HttpValidationTestType.CertificateStore:
parameters = new HttpValidationTestParameters(category, type, name, ResourceManager.GetCertificate(CertificateResourceType.ServerFromTrustedIntermediateCABare))
{
GlobalValidationFlags = GlobalValidationFlags.SetToTestRunner,
ExpectChainStatus = X509ChainStatusFlags.NoError,
ExpectPolicyErrors = SslPolicyErrors.None, OverrideTargetHost = "Trusted-IM-Server.local"
};
return(parameters);
case HttpValidationTestType.Abort:
return(new HttpValidationTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
ClientCertificateValidator = acceptAll,
ExpectedStatus = HttpStatusCode.InternalServerError,
ExpectedError = WebExceptionStatus.RequestCanceled,
Flags = HttpOperationFlags.ExpectServerException
});
default:
throw new InternalErrorException();
}
}