public static StreamInstrumentationParameters GetParameters(TestContext ctx, ConnectionTestCategory category,
StreamInstrumentationType type)
{
var certificateProvider = DependencyInjector.Get <ICertificateProvider> ();
var acceptAll = certificateProvider.AcceptAll();
var effectiveType = type == StreamInstrumentationType.MartinTest ? MartinTest : type;
var name = GetTestName(category, type);
var parameters = new StreamInstrumentationParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
ClientCertificateValidator = acceptAll
};
switch (effectiveType)
{
case StreamInstrumentationType.ServerRequestsShutdown:
case StreamInstrumentationType.ServerRequestsShutdownDuringWrite:
parameters.SslStreamFlags |= SslStreamFlags.CleanShutdown;
break;
}
if (category == ConnectionTestCategory.SslStreamInstrumentationShutdown)
{
parameters.SslStreamFlags = SslStreamFlags.CleanShutdown;
}
return(parameters);
}
public static ConnectionTestFlags GetConnectionFlags(TestContext ctx, ConnectionTestCategory category)
{
switch (category)
{
case ConnectionTestCategory.SimpleMonoClient:
return(ConnectionTestFlags.RequireMonoClient);
case ConnectionTestCategory.SimpleMonoServer:
return(ConnectionTestFlags.RequireMonoServer);
case ConnectionTestCategory.SimpleMonoConnection:
case ConnectionTestCategory.MonoProtocolVersions:
return(ConnectionTestFlags.RequireMono);
case ConnectionTestCategory.CertificateChecks:
case ConnectionTestCategory.SecurityFramework:
return(ConnectionTestFlags.RequireMono);
case ConnectionTestCategory.MartinTest:
// return ConnectionTestFlags.RequireMono | ConnectionTestFlags.RequireTls12;
return(ConnectionTestFlags.None);
default:
ctx.AssertFail("Unsupported instrumentation category: '{0}'.", category);
return(ConnectionTestFlags.None);
}
}
static string GetTestName(ConnectionTestCategory category, ConnectionTestType type, params object[] args)
{
var sb = new StringBuilder();
sb.Append(type);
foreach (var arg in args)
{
sb.AppendFormat(":{0}", arg);
}
return(sb.ToString());
}
public static RenegotiationTestParameters GetParameters(TestContext ctx, ConnectionTestCategory category,
RenegotiationTestType type)
{
var certificateProvider = DependencyInjector.Get <ICertificateProvider> ();
var acceptAll = certificateProvider.AcceptAll();
var name = GetTestName(category, type);
return(new RenegotiationTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
ClientCertificateValidator = acceptAll
});
}
public static bool IsSupported(TestContext ctx, ConnectionTestCategory category, ConnectionProvider provider)
{
var flags = provider.Flags;
var supportsSslStream = (flags & ConnectionProviderFlags.SupportsSslStream) != 0;
var supportsTls12 = (flags & ConnectionProviderFlags.SupportsTls12) != 0;
var supportsClientCertificates = (flags & ConnectionProviderFlags.SupportsClientCertificates) != 0;
var supportsTrustedRoots = (flags & ConnectionProviderFlags.SupportsTrustedRoots) != 0;
var supportsMonoExtensions = (flags & ConnectionProviderFlags.SupportsMonoExtensions) != 0;
switch (category)
{
case ConnectionTestCategory.Https:
return(supportsSslStream);
case ConnectionTestCategory.HttpsWithMono:
return(supportsSslStream);
case ConnectionTestCategory.HttpsWithDotNet:
return(supportsSslStream && supportsTls12 && supportsClientCertificates);
case ConnectionTestCategory.SslStreamWithTls12:
return(supportsSslStream && supportsTls12);
case ConnectionTestCategory.InvalidCertificatesInTls12:
return(supportsSslStream && supportsTls12 && supportsClientCertificates);
case ConnectionTestCategory.HttpsCertificateValidators:
return(true);
case ConnectionTestCategory.SslStreamCertificateValidators:
return(supportsSslStream);
case ConnectionTestCategory.TrustedRoots:
case ConnectionTestCategory.CertificateStore:
return(supportsTrustedRoots);
case ConnectionTestCategory.SslStreamInstrumentation:
case ConnectionTestCategory.SslStreamInstrumentationExperimental:
return(supportsSslStream && supportsTls12);
case ConnectionTestCategory.SslStreamInstrumentationMono:
return(supportsSslStream && supportsTls12 && supportsMonoExtensions);
case ConnectionTestCategory.MartinTest:
return(true);
default:
throw new NotSupportedException();
}
}
static string GetTestName(ConnectionTestCategory category, StreamInstrumentationType type, params object[] args)
{
var sb = new StringBuilder();
sb.Append(type);
if (type == StreamInstrumentationType.MartinTest)
{
sb.Append($"({MartinTest})");
}
foreach (var arg in args)
{
sb.Append($":{arg}");
}
return(sb.ToString());
}
static SimpleConnectionParameters CreateParameters(ConnectionTestCategory category, SimpleConnectionType type, params object[] args)
{
var sb = new StringBuilder();
sb.Append(type);
foreach (var arg in args)
{
sb.AppendFormat(":{0}", arg);
}
var name = sb.ToString();
return(new SimpleConnectionParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
ClientCertificateValidator = AcceptAnyCertificate
});
}
public static HttpsTestParameters GetParameters(TestContext ctx, ConnectionTestCategory category, ConnectionTestType type)
{
var certificateProvider = DependencyInjector.Get <ICertificateProvider> ();
var acceptAll = certificateProvider.AcceptAll();
var rejectAll = certificateProvider.RejectAll();
var acceptNull = certificateProvider.AcceptNull();
var acceptSelfSigned = certificateProvider.AcceptThisCertificate(ResourceManager.SelfSignedServerCertificate);
var acceptFromLocalCA = certificateProvider.AcceptFromCA(ResourceManager.LocalCACertificate);
var name = GetTestName(category, type);
switch (type)
{
case ConnectionTestType.Default:
return(new HttpsTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
ClientCertificateValidator = acceptAll
});
case ConnectionTestType.AcceptFromLocalCA:
return(new HttpsTestParameters(category, type, name, ResourceManager.ServerCertificateFromCA)
{
ClientCertificateValidator = acceptFromLocalCA
});
case ConnectionTestType.NoValidator:
// The default validator only allows ResourceManager.SelfSignedServerCertificate.
return(new HttpsTestParameters(category, type, name, ResourceManager.ServerCertificateFromCA)
{
ExpectTrustFailure = true, ClientAbortsHandshake = true
});
case ConnectionTestType.RejectAll:
// Explicit validator overrides the default ServicePointManager.ServerCertificateValidationCallback.
return(new HttpsTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
ExpectTrustFailure = true, ClientCertificateValidator = rejectAll,
ClientAbortsHandshake = true
});
case ConnectionTestType.UnrequestedClientCertificate:
// Provide a client certificate, but do not require it.
return(new HttpsTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
ClientCertificate = ResourceManager.PenguinCertificate, ClientCertificateValidator = acceptSelfSigned,
ServerCertificateValidator = acceptNull
});
case ConnectionTestType.RequestClientCertificate:
/*
* Request client certificate, but do not require it.
*
* FIXME:
* SslStream with Mono's old implementation fails here.
*/
return(new HttpsTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
ClientCertificate = ResourceManager.MonkeyCertificate, ClientCertificateValidator = acceptSelfSigned,
AskForClientCertificate = true, ServerCertificateValidator = acceptFromLocalCA
});
case ConnectionTestType.RequireClientCertificate:
// Require client certificate.
return(new HttpsTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
ClientCertificate = ResourceManager.MonkeyCertificate, ClientCertificateValidator = acceptSelfSigned,
AskForClientCertificate = true, RequireClientCertificate = true,
ServerCertificateValidator = acceptFromLocalCA
});
case ConnectionTestType.OptionalClientCertificate:
/*
* Request client certificate without requiring one and do not provide it.
*
* To ask for an optional client certificate (without requiring it), you need to specify a custom validation
* callback and then accept the null certificate with `SslPolicyErrors.RemoteCertificateNotAvailable' in it.
*
* FIXME:
* Mono with the old TLS implementation throws SecureChannelFailure.
*/
return(new HttpsTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
ClientCertificateValidator = acceptSelfSigned, AskForClientCertificate = true,
ServerCertificateValidator = acceptNull
});
case ConnectionTestType.RejectClientCertificate:
// Reject client certificate.
return(new HttpsTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
ClientCertificate = ResourceManager.MonkeyCertificate, ClientCertificateValidator = acceptSelfSigned,
ExpectWebException = true, ServerCertificateValidator = rejectAll,
AskForClientCertificate = true, ClientAbortsHandshake = true
});
case ConnectionTestType.MissingClientCertificate:
// Missing client certificate.
return(new HttpsTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
ClientCertificateValidator = acceptSelfSigned, ExpectWebException = true,
AskForClientCertificate = true, RequireClientCertificate = true,
ClientAbortsHandshake = true
});
case ConnectionTestType.DontInvokeGlobalValidator:
return(new HttpsTestParameters(category, type, name, ResourceManager.ServerCertificateFromCA)
{
ClientCertificateValidator = acceptAll,
GlobalValidationFlags = GlobalValidationFlags.SetToTestRunner | GlobalValidationFlags.MustNotInvoke
});
case ConnectionTestType.DontInvokeGlobalValidator2:
return(new HttpsTestParameters(category, type, name, ResourceManager.ServerCertificateFromCA)
{
ClientCertificateValidator = rejectAll,
GlobalValidationFlags = GlobalValidationFlags.SetToTestRunner | GlobalValidationFlags.MustNotInvoke,
ExpectTrustFailure = true, ClientAbortsHandshake = true
});
case ConnectionTestType.GlobalValidatorIsNull:
return(new HttpsTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
GlobalValidationFlags = GlobalValidationFlags.SetToNull,
ExpectTrustFailure = true, ClientAbortsHandshake = true
});
case ConnectionTestType.MustInvokeGlobalValidator:
return(new HttpsTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
GlobalValidationFlags = GlobalValidationFlags.SetToTestRunner |
GlobalValidationFlags.MustInvoke | GlobalValidationFlags.AlwaysSucceed
});
case ConnectionTestType.CheckChain:
return(new HttpsTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
GlobalValidationFlags = GlobalValidationFlags.CheckChain,
ExpectPolicyErrors = SslPolicyErrors.RemoteCertificateChainErrors | SslPolicyErrors.RemoteCertificateNameMismatch,
ExpectChainStatus = X509ChainStatusFlags.UntrustedRoot
});
case ConnectionTestType.ExternalServer:
return(new HttpsTestParameters(category, type, name, CertificateResourceType.TlsTestXamDevNew)
{
ExternalServer = new Uri("https://tlstest-1.xamdev.com/"),
GlobalValidationFlags = GlobalValidationFlags.CheckChain,
ExpectPolicyErrors = SslPolicyErrors.None
});
case ConnectionTestType.ServerCertificateWithCA:
var parameters = new HttpsTestParameters(category, type, name, ResourceManager.ServerCertificateWithCA)
{
GlobalValidationFlags = GlobalValidationFlags.SetToTestRunner,
ExpectChainStatus = X509ChainStatusFlags.UntrustedRoot
};
parameters.ValidationParameters = new ValidationParameters();
parameters.ValidationParameters.AddExpectedExtraStore(CertificateResourceType.ServerCertificateFromLocalCA);
parameters.ValidationParameters.AddExpectedExtraStore(CertificateResourceType.HamillerTubeCA);
parameters.ValidationParameters.ExpectSuccess = false;
return(parameters);
case ConnectionTestType.TrustedRootCA:
parameters = new HttpsTestParameters(category, type, name, ResourceManager.ServerCertificateFromCA)
{
GlobalValidationFlags = GlobalValidationFlags.CheckChain,
ExpectPolicyErrors = SslPolicyErrors.None, OverrideTargetHost = "Hamiller-Tube.local"
};
parameters.ValidationParameters = new ValidationParameters();
parameters.ValidationParameters.AddTrustedRoot(CertificateResourceType.HamillerTubeCA);
parameters.ValidationParameters.ExpectSuccess = true;
return(parameters);
case ConnectionTestType.TrustedIntermediateCA:
parameters = new HttpsTestParameters(category, type, name, ResourceManager.GetCertificate(CertificateResourceType.IntermediateServerCertificateBare))
{
GlobalValidationFlags = GlobalValidationFlags.SetToTestRunner,
ExpectChainStatus = X509ChainStatusFlags.NoError,
ExpectPolicyErrors = SslPolicyErrors.None, OverrideTargetHost = "Intermediate-Server.local"
};
parameters.ValidationParameters = new ValidationParameters();
parameters.ValidationParameters.AddTrustedRoot(CertificateResourceType.HamillerTubeIM);
parameters.ValidationParameters.AddExpectedExtraStore(CertificateResourceType.IntermediateServerCertificateNoKey);
parameters.ValidationParameters.ExpectSuccess = true;
return(parameters);
case ConnectionTestType.TrustedSelfSigned:
parameters = new HttpsTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
GlobalValidationFlags = GlobalValidationFlags.SetToTestRunner,
ExpectChainStatus = X509ChainStatusFlags.NoError,
ExpectPolicyErrors = SslPolicyErrors.None, OverrideTargetHost = "Hamiller-Tube.local"
};
parameters.ValidationParameters = new ValidationParameters();
parameters.ValidationParameters.AddTrustedRoot(CertificateResourceType.SelfSignedServerCertificate);
parameters.ValidationParameters.ExpectSuccess = true;
return(parameters);
case ConnectionTestType.HostNameMismatch:
parameters = new HttpsTestParameters(category, type, name, ResourceManager.ServerCertificateFromCA)
{
GlobalValidationFlags = GlobalValidationFlags.CheckChain,
ExpectPolicyErrors = SslPolicyErrors.RemoteCertificateNameMismatch,
};
parameters.ValidationParameters = new ValidationParameters();
parameters.ValidationParameters.AddTrustedRoot(CertificateResourceType.HamillerTubeCA);
parameters.ValidationParameters.ExpectSuccess = false;
return(parameters);
case ConnectionTestType.IntermediateServerCertificate:
parameters = new HttpsTestParameters(category, type, name, ResourceManager.GetCertificate(CertificateResourceType.IntermediateServerCertificate))
{
GlobalValidationFlags = GlobalValidationFlags.SetToTestRunner,
ExpectChainStatus = X509ChainStatusFlags.NoError,
ExpectPolicyErrors = SslPolicyErrors.None, OverrideTargetHost = "Intermediate-Server.local"
};
parameters.ValidationParameters = new ValidationParameters();
parameters.ValidationParameters.AddTrustedRoot(CertificateResourceType.HamillerTubeCA);
parameters.ValidationParameters.AddExpectedExtraStore(CertificateResourceType.IntermediateServerCertificateNoKey);
parameters.ValidationParameters.AddExpectedExtraStore(CertificateResourceType.HamillerTubeIM);
parameters.ValidationParameters.ExpectSuccess = true;
return(parameters);
case ConnectionTestType.IntermediateServerCertificateFull:
parameters = new HttpsTestParameters(category, type, name, ResourceManager.GetCertificate(CertificateResourceType.IntermediateServerCertificateFull))
{
GlobalValidationFlags = GlobalValidationFlags.SetToTestRunner,
ExpectChainStatus = X509ChainStatusFlags.NoError,
ExpectPolicyErrors = SslPolicyErrors.None, OverrideTargetHost = "Intermediate-Server.local"
};
parameters.ValidationParameters = new ValidationParameters();
parameters.ValidationParameters.AddTrustedRoot(CertificateResourceType.HamillerTubeCA);
parameters.ValidationParameters.AddExpectedExtraStore(CertificateResourceType.IntermediateServerCertificateNoKey);
parameters.ValidationParameters.AddExpectedExtraStore(CertificateResourceType.HamillerTubeIM);
parameters.ValidationParameters.AddExpectedExtraStore(CertificateResourceType.HamillerTubeCA);
parameters.ValidationParameters.ExpectSuccess = true;
return(parameters);
case ConnectionTestType.IntermediateServerCertificateBare:
parameters = new HttpsTestParameters(category, type, name, ResourceManager.GetCertificate(CertificateResourceType.IntermediateServerCertificateBare))
{
GlobalValidationFlags = GlobalValidationFlags.SetToTestRunner,
ExpectPolicyErrors = SslPolicyErrors.RemoteCertificateChainErrors, OverrideTargetHost = "Intermediate-Server.local"
};
parameters.ValidationParameters = new ValidationParameters();
parameters.ValidationParameters.AddTrustedRoot(CertificateResourceType.HamillerTubeCA);
parameters.ValidationParameters.AddExpectedExtraStore(CertificateResourceType.IntermediateServerCertificateNoKey);
parameters.ValidationParameters.ExpectSuccess = false;
return(parameters);
case ConnectionTestType.CertificateStore:
parameters = new HttpsTestParameters(category, type, name, ResourceManager.GetCertificate(CertificateResourceType.ServerFromTrustedIntermediateCABare))
{
GlobalValidationFlags = GlobalValidationFlags.SetToTestRunner,
ExpectChainStatus = X509ChainStatusFlags.NoError,
ExpectPolicyErrors = SslPolicyErrors.None, OverrideTargetHost = "Trusted-IM-Server.local"
};
return(parameters);
case ConnectionTestType.MartinTest:
goto case ConnectionTestType.ServerCertificateWithCA;
default:
throw new InternalErrorException();
}
}
public static SslStreamTestParameters GetParameters(TestContext ctx, ConnectionTestCategory category, ConnectionTestType type)
{
var certificateProvider = DependencyInjector.Get <ICertificateProvider> ();
var acceptAll = certificateProvider.AcceptAll();
var rejectAll = certificateProvider.RejectAll();
var acceptNull = certificateProvider.AcceptNull();
var acceptSelfSigned = certificateProvider.AcceptThisCertificate(ResourceManager.SelfSignedServerCertificate);
var acceptFromLocalCA = certificateProvider.AcceptFromCA(ResourceManager.LocalCACertificate);
var name = GetTestName(category, type);
switch (type)
{
case ConnectionTestType.Default:
return(new SslStreamTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
ClientCertificateValidator = acceptAll
});
case ConnectionTestType.AcceptFromLocalCA:
return(new SslStreamTestParameters(category, type, name, ResourceManager.ServerCertificateFromCA)
{
ClientCertificateValidator = acceptFromLocalCA
});
case ConnectionTestType.NoValidator:
// The default validator only allows ResourceManager.SelfSignedServerCertificate.
return(new SslStreamTestParameters(category, type, name, ResourceManager.ServerCertificateFromCA)
{
ExpectClientException = true
});
case ConnectionTestType.RejectAll:
// Explicit validator overrides the default ServicePointManager.ServerCertificateValidationCallback.
return(new SslStreamTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
ExpectClientException = true, ClientCertificateValidator = rejectAll
});
case ConnectionTestType.UnrequestedClientCertificate:
// Provide a client certificate, but do not require it.
return(new SslStreamTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
ClientCertificate = ResourceManager.PenguinCertificate, ClientCertificateValidator = acceptSelfSigned,
ServerCertificateValidator = acceptNull
});
case ConnectionTestType.RequestClientCertificate:
/*
* Request client certificate, but do not require it.
*
* FIXME:
* SslStream with Mono's old implementation fails here.
*/
return(new SslStreamTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
ClientCertificate = ResourceManager.MonkeyCertificate, ClientCertificateValidator = acceptSelfSigned,
AskForClientCertificate = true, ServerCertificateValidator = acceptFromLocalCA
});
case ConnectionTestType.RequireClientCertificate:
// Require client certificate.
return(new SslStreamTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
ClientCertificate = ResourceManager.MonkeyCertificate, ClientCertificateValidator = acceptSelfSigned,
AskForClientCertificate = true, RequireClientCertificate = true,
ServerCertificateValidator = acceptFromLocalCA
});
case ConnectionTestType.OptionalClientCertificate:
/*
* Request client certificate without requiring one and do not provide it.
*
* To ask for an optional client certificate (without requiring it), you need to specify a custom validation
* callback and then accept the null certificate with `SslPolicyErrors.RemoteCertificateNotAvailable' in it.
*
* FIXME:
* Mono with the old TLS implementation throws SecureChannelFailure.
*/
return(new SslStreamTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
ClientCertificateValidator = acceptSelfSigned, AskForClientCertificate = true,
ServerCertificateValidator = acceptNull
});
case ConnectionTestType.RejectClientCertificate:
// Reject client certificate.
return(new SslStreamTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
ClientCertificate = ResourceManager.MonkeyCertificate, ClientCertificateValidator = acceptSelfSigned,
ServerCertificateValidator = rejectAll, AskForClientCertificate = true,
ExpectClientException = true, ExpectServerException = true
});
case ConnectionTestType.MissingClientCertificate:
// Missing client certificate.
return(new SslStreamTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
ClientCertificateValidator = acceptSelfSigned,
AskForClientCertificate = true, RequireClientCertificate = true,
ExpectClientException = true, ExpectServerException = true
});
case ConnectionTestType.MartinTest:
goto case ConnectionTestType.RequestClientCertificate;
case ConnectionTestType.MustNotInvokeGlobalValidator:
return(new SslStreamTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
ClientCertificateValidator = acceptAll,
GlobalValidationFlags = GlobalValidationFlags.MustNotInvoke
});
case ConnectionTestType.MustNotInvokeGlobalValidator2:
return(new SslStreamTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
GlobalValidationFlags = GlobalValidationFlags.MustNotInvoke,
ExpectClientException = true
});
default:
throw new InternalErrorException();
}
}
public static IEnumerable <StreamInstrumentationType> GetStreamInstrumentationTypes(TestContext ctx, ConnectionTestCategory category)
{
var setup = DependencyInjector.Get <IConnectionFrameworkSetup> ();
switch (category)
{
case ConnectionTestCategory.SslStreamInstrumentation:
yield return(StreamInstrumentationType.ClientHandshake);
yield return(StreamInstrumentationType.ReadDuringClientAuth);
yield return(StreamInstrumentationType.CloseBeforeClientAuth);
yield return(StreamInstrumentationType.CloseDuringClientAuth);
yield return(StreamInstrumentationType.DisposeDuringClientAuth);
yield return(StreamInstrumentationType.InvalidDataDuringClientAuth);
yield return(StreamInstrumentationType.ShortReadDuringClientAuth);
yield return(StreamInstrumentationType.ShortReadAndClose);
yield return(StreamInstrumentationType.RemoteClosesConnectionDuringRead);
if (setup.UsingDotNet || setup.InternalVersion >= 1)
{
yield return(StreamInstrumentationType.Flush);
yield return(StreamInstrumentationType.WriteDoesNotFlush);
yield return(StreamInstrumentationType.FlushAfterDispose);
yield return(StreamInstrumentationType.PropertiesAfterDispose);
}
yield break;
case ConnectionTestCategory.SslStreamInstrumentationRecentlyFixed:
yield break;
case ConnectionTestCategory.SslStreamInstrumentationShutdown:
yield return(StreamInstrumentationType.CleanShutdown);
yield return(StreamInstrumentationType.DoubleShutdown);
yield return(StreamInstrumentationType.WriteAfterShutdown);
yield return(StreamInstrumentationType.WaitForShutdown);
yield return(StreamInstrumentationType.ReadAfterShutdown);
yield return(StreamInstrumentationType.ConnectionReuse);
yield return(StreamInstrumentationType.ConnectionReuseWithShutdown);
yield break;
case ConnectionTestCategory.SslStreamInstrumentationServerShutdown:
yield return(StreamInstrumentationType.ServerRequestsShutdown);
yield break;
case ConnectionTestCategory.SslStreamInstrumentationExperimental:
yield break;
case ConnectionTestCategory.SslStreamInstrumentationNewWebStack:
yield return(StreamInstrumentationType.VerifyAsyncStreamCalls);
yield break;
case ConnectionTestCategory.SslStreamInstrumentationMono:
yield break;
case ConnectionTestCategory.MartinTest:
yield return(StreamInstrumentationType.MartinTest);
yield break;
default:
throw ctx.AssertFail(category);
}
}
public static IEnumerable <StreamInstrumentationType> GetStreamInstrumentationTypes(TestContext ctx, ConnectionTestCategory category)
{
var setup = DependencyInjector.Get <IConnectionFrameworkSetup> ();
switch (category)
{
case ConnectionTestCategory.SslStreamInstrumentation:
yield return(StreamInstrumentationType.ClientHandshake);
yield return(StreamInstrumentationType.ReadDuringClientAuth);
yield return(StreamInstrumentationType.CloseBeforeClientAuth);
yield return(StreamInstrumentationType.CloseDuringClientAuth);
yield return(StreamInstrumentationType.DisposeDuringClientAuth);
yield return(StreamInstrumentationType.InvalidDataDuringClientAuth);
yield return(StreamInstrumentationType.ShortReadDuringClientAuth);
yield return(StreamInstrumentationType.ShortReadAndClose);
yield return(StreamInstrumentationType.RemoteClosesConnectionDuringRead);
yield return(StreamInstrumentationType.CleanShutdown);
yield return(StreamInstrumentationType.DoubleShutdown);
yield return(StreamInstrumentationType.WriteAfterShutdown);
yield return(StreamInstrumentationType.WaitForShutdown);
if (!setup.UsingAppleTls)
{
yield return(StreamInstrumentationType.ReadAfterShutdown);
}
yield return(StreamInstrumentationType.ConnectionReuse);
yield return(StreamInstrumentationType.ConnectionReuseWithShutdown);
yield break;
case ConnectionTestCategory.SslStreamInstrumentationExperimental:
yield break;
case ConnectionTestCategory.SslStreamInstrumentationMono:
yield break;
case ConnectionTestCategory.MartinTest:
yield return(StreamInstrumentationType.MartinTest);
yield break;
default:
throw ctx.AssertFail(category);
}
}
public HttpsTestParameters(ConnectionTestCategory category, ConnectionTestType type, string identifier, CertificateResourceType certificate)
: base(category, identifier, null)
{
Type = type;
CertificateType = certificate;
}
public MonoConnectionTestParameters(ConnectionTestCategory category, string identifier, X509Certificate certificate)
: base(identifier, certificate)
{
Category = category;
}
public ConnectionTestCategoryAttribute(ConnectionTestCategory category)
{
this.category = category;
this.identifier = Type.Name;
}
public ConnectionTestProvider(ConnectionProvider client, ConnectionProvider server, ConnectionTestCategory category, ConnectionTestFlags flags)
: base(client, server, string.Format("{0}:{1}:{2}{3}", client.Name, server.Name, category, GetFlagsName(flags)))
{
Category = category;
Flags = flags;
}
protected ConnectionTestParameters(ConnectionTestParameters other)
: base(other)
{
Category = other.Category;
}
public static IEnumerable <SimpleConnectionType> GetTestTypes(TestContext ctx, ConnectionTestCategory category)
{
switch (category)
{
case ConnectionTestCategory.SimpleMonoClient:
yield return(SimpleConnectionType.SimpleTls10);
yield return(SimpleConnectionType.SimpleTls11);
yield return(SimpleConnectionType.SimpleTls12);
yield break;
case ConnectionTestCategory.SimpleMonoServer:
yield return(SimpleConnectionType.SimpleTls10);
yield return(SimpleConnectionType.SimpleTls11);
yield return(SimpleConnectionType.SimpleTls12);
yield break;
case ConnectionTestCategory.SimpleMonoConnection:
yield return(SimpleConnectionType.SimpleTls10);
yield return(SimpleConnectionType.SimpleTls11);
yield return(SimpleConnectionType.SimpleTls12);
yield return(SimpleConnectionType.DefaultCipherTls10);
yield return(SimpleConnectionType.DefaultCipherTls11);
yield return(SimpleConnectionType.DefaultCipherTls12);
yield return(SimpleConnectionType.CipherSelectionOrder);
yield return(SimpleConnectionType.CipherSelectionOrder2);
yield break;
case ConnectionTestCategory.MonoProtocolVersions:
yield return(SimpleConnectionType.Simple);
yield return(SimpleConnectionType.ValidateCertificate);
yield return(SimpleConnectionType.RequestClientCertificate);
yield return(SimpleConnectionType.RequireClientCertificateRSA);
yield return(SimpleConnectionType.RequireClientCertificateDHE);
yield break;
case ConnectionTestCategory.SecurityFramework:
yield return(SimpleConnectionType.Simple);
yield break;
case ConnectionTestCategory.MartinTest:
yield return(SimpleConnectionType.MartinTest);
yield break;
default:
ctx.AssertFail("Unspported connection category: '{0}.", category);
yield break;
}
}
static SimpleConnectionParameters Create(TestContext ctx, ClientAndServerProvider provider, ConnectionTestCategory category, SimpleConnectionType type)
{
var parameters = CreateParameters(category, type);
var certificateProvider = DependencyInjector.Get <ICertificateProvider> ();
var acceptSelfSigned = certificateProvider.AcceptThisCertificate(ResourceManager.SelfSignedServerCertificate);
var acceptFromCA = certificateProvider.AcceptFromCA(ResourceManager.LocalCACertificate);
bool clientSupportsEcDhe;
bool serverSupportsEcDhe;
CipherSuiteCode defaultCipher;
CipherSuiteCode defaultCipher12;
CipherSuiteCode alternateCipher12;
if (provider != null)
{
clientSupportsEcDhe = (provider.Client.Flags & ConnectionProviderFlags.SupportsEcDheCiphers) != 0;
serverSupportsEcDhe = (provider.Server.Flags & ConnectionProviderFlags.SupportsEcDheCiphers) != 0;
}
else
{
clientSupportsEcDhe = serverSupportsEcDhe = false;
}
if (clientSupportsEcDhe && serverSupportsEcDhe)
{
defaultCipher = CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA;
defaultCipher12 = CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384;
alternateCipher12 = CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA;
}
else
{
defaultCipher = CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_CBC_SHA;
defaultCipher12 = CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_GCM_SHA384;
alternateCipher12 = CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA;
}
switch (type)
{
case SimpleConnectionType.Simple:
break;
case SimpleConnectionType.ValidateCertificate:
parameters.ServerCertificate = ResourceManager.ServerCertificateFromCA;
parameters.ClientCertificateValidator = acceptFromCA;
break;
case SimpleConnectionType.SimpleTls10:
parameters.ProtocolVersion = ProtocolVersions.Tls10;
break;
case SimpleConnectionType.SimpleTls11:
parameters.ProtocolVersion = ProtocolVersions.Tls11;
break;
case SimpleConnectionType.SimpleTls12:
parameters.ProtocolVersion = ProtocolVersions.Tls12;
break;
case SimpleConnectionType.DefaultCipherTls10:
parameters.ProtocolVersion = ProtocolVersions.Tls10;
parameters.ExpectedCipher = defaultCipher;
break;
case SimpleConnectionType.DefaultCipherTls11:
parameters.ProtocolVersion = ProtocolVersions.Tls11;
parameters.ExpectedCipher = defaultCipher;
break;
case SimpleConnectionType.DefaultCipherTls12:
parameters.ProtocolVersion = ProtocolVersions.Tls12;
parameters.ExpectedCipher = defaultCipher12;
break;
case SimpleConnectionType.SelectCiphersTls10:
parameters.ProtocolVersion = ProtocolVersions.Tls10;
break;
case SimpleConnectionType.SelectCiphersTls11:
parameters.ProtocolVersion = ProtocolVersions.Tls11;
break;
case SimpleConnectionType.SelectCiphersTls12:
parameters.ProtocolVersion = ProtocolVersions.Tls12;
break;
case SimpleConnectionType.RequestClientCertificate:
/*
* Request client certificate, but do not require it.
*
* FIXME:
* SslStream with Mono's old implementation fails here.
*/
parameters.ClientCertificate = ResourceManager.MonkeyCertificate;
parameters.ClientCertificateValidator = acceptSelfSigned;
parameters.AskForClientCertificate = true;
parameters.ServerCertificateValidator = acceptFromCA;
break;
case SimpleConnectionType.RequireClientCertificateRSA:
/*
* Require client certificate.
*
*/
parameters.ClientCertificate = ResourceManager.MonkeyCertificate;
parameters.ClientCertificateValidator = acceptSelfSigned;
parameters.RequireClientCertificate = true;
parameters.ServerCertificateValidator = acceptFromCA;
parameters.ServerCiphers = new CipherSuiteCode[] {
CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA
};
break;
case SimpleConnectionType.RequireClientCertificateDHE:
/*
* Require client certificate.
*
*/
parameters.ClientCertificate = ResourceManager.MonkeyCertificate;
parameters.ClientCertificateValidator = acceptSelfSigned;
parameters.RequireClientCertificate = true;
parameters.ServerCertificateValidator = acceptFromCA;
parameters.ServerCiphers = new CipherSuiteCode[] {
CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_CBC_SHA
};
break;
case SimpleConnectionType.CipherSelectionOrder:
parameters.ProtocolVersion = ProtocolVersions.Tls12;
parameters.ClientCiphers = new CipherSuiteCode[] {
CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA,
alternateCipher12
};
parameters.ExpectedServerCipher = CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA;
break;
case SimpleConnectionType.CipherSelectionOrder2:
parameters.ProtocolVersion = ProtocolVersions.Tls12;
parameters.ClientCiphers = new CipherSuiteCode[] {
alternateCipher12,
CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA
};
parameters.ExpectedServerCipher = alternateCipher12;
break;
case SimpleConnectionType.MartinTest:
parameters.ServerCertificate = ResourceManager.GetCertificateWithKey(CertificateResourceType.SelfSignedServerCertificate);
break;
default:
ctx.AssertFail("Unsupported connection type: '{0}'.", type);
break;
}
return(parameters);
}
public static ConnectionTestFlags GetConnectionFlags(TestContext ctx, ConnectionTestCategory category)
{
switch (category)
{
case ConnectionTestCategory.Https:
return(ConnectionTestFlags.RequireSslStream);
case ConnectionTestCategory.HttpsWithMono:
return(ConnectionTestFlags.RequireSslStream);
case ConnectionTestCategory.HttpsWithDotNet:
return(ConnectionTestFlags.RequireSslStream | ConnectionTestFlags.RequireTls12 | ConnectionTestFlags.RequireClientCertificates);
case ConnectionTestCategory.SslStreamWithTls12:
return(ConnectionTestFlags.RequireSslStream | ConnectionTestFlags.RequireTls12);
case ConnectionTestCategory.InvalidCertificatesInTls12:
return(ConnectionTestFlags.RequireSslStream | ConnectionTestFlags.RequireTls12 | ConnectionTestFlags.RequireClientCertificates);
case ConnectionTestCategory.HttpsCertificateValidators:
return(ConnectionTestFlags.RequireHttp);
case ConnectionTestCategory.SslStreamCertificateValidators:
return(ConnectionTestFlags.RequireSslStream);
case ConnectionTestCategory.TrustedRoots:
case ConnectionTestCategory.CertificateStore:
return(ConnectionTestFlags.RequireTrustedRoots);
case ConnectionTestCategory.SimpleMonoClient:
return(ConnectionTestFlags.RequireMono);
case ConnectionTestCategory.SimpleMonoServer:
return(ConnectionTestFlags.RequireMono);
case ConnectionTestCategory.SimpleMonoConnection:
case ConnectionTestCategory.MonoProtocolVersions:
return(ConnectionTestFlags.RequireMono);
case ConnectionTestCategory.CertificateChecks:
case ConnectionTestCategory.SecurityFramework:
return(ConnectionTestFlags.RequireMono);
case ConnectionTestCategory.SslStreamInstrumentation:
case ConnectionTestCategory.SslStreamInstrumentationExperimental:
return(ConnectionTestFlags.RequireSslStream | ConnectionTestFlags.RequireTls12 | ConnectionTestFlags.RequireMono);
case ConnectionTestCategory.SslStreamInstrumentationMono:
return(ConnectionTestFlags.RequireSslStream | ConnectionTestFlags.RequireTls12 | ConnectionTestFlags.RequireMono);
case ConnectionTestCategory.SslStreamInstrumentationShutdown:
return(ConnectionTestFlags.RequireSslStream | ConnectionTestFlags.RequireMono | ConnectionTestFlags.RequireCleanShutdown);
case ConnectionTestCategory.SslStreamInstrumentationServerShutdown:
return(ConnectionTestFlags.RequireSslStream | ConnectionTestFlags.RequireMono | ConnectionTestFlags.RequireCleanServerShutdown);
case ConnectionTestCategory.SslStreamInstrumentationRecentlyFixed:
return(ConnectionTestFlags.RequireSslStream | ConnectionTestFlags.RequireTls12);
case ConnectionTestCategory.SslStreamInstrumentationNewWebStack:
return(ConnectionTestFlags.RequireSslStream | ConnectionTestFlags.RequireTls12);
case ConnectionTestCategory.HttpStress:
case ConnectionTestCategory.HttpStressExperimental:
return(ConnectionTestFlags.RequireHttp | ConnectionTestFlags.RequireSslStream | ConnectionTestFlags.RequireTls12);
case ConnectionTestCategory.MartinTest:
return(ConnectionTestFlags.AssumeSupportedByTest);
default:
ctx.AssertFail("Unsupported instrumentation category: '{0}'.", category);
return(ConnectionTestFlags.None);
}
}
public SimpleConnectionParameters(ConnectionTestCategory category, SimpleConnectionType type, string identifier, X509Certificate certificate)
: base(category, identifier, certificate)
{
Type = type;
}
public static IEnumerable <ConnectionTestType> GetConnectionTestTypes(TestContext ctx, ConnectionTestCategory category)
{
switch (category)
{
case ConnectionTestCategory.Https:
yield return(ConnectionTestType.Default);
yield return(ConnectionTestType.AcceptFromLocalCA);
yield return(ConnectionTestType.NoValidator);
yield return(ConnectionTestType.RejectAll);
yield return(ConnectionTestType.RequestClientCertificate);
yield return(ConnectionTestType.RequireClientCertificate);
yield return(ConnectionTestType.RejectClientCertificate);
yield return(ConnectionTestType.UnrequestedClientCertificate);
yield return(ConnectionTestType.OptionalClientCertificate);
yield return(ConnectionTestType.RejectClientCertificate);
yield return(ConnectionTestType.MissingClientCertificate);
yield break;
case ConnectionTestCategory.HttpsWithMono:
yield return(ConnectionTestType.Default);
yield return(ConnectionTestType.AcceptFromLocalCA);
yield return(ConnectionTestType.RejectAll);
yield break;
case ConnectionTestCategory.HttpsWithDotNet:
yield return(ConnectionTestType.NoValidator);
yield return(ConnectionTestType.RequestClientCertificate);
yield return(ConnectionTestType.RequireClientCertificate);
yield return(ConnectionTestType.RejectClientCertificate);
yield return(ConnectionTestType.UnrequestedClientCertificate);
yield return(ConnectionTestType.OptionalClientCertificate);
yield return(ConnectionTestType.RejectClientCertificate);
yield return(ConnectionTestType.MissingClientCertificate);
yield break;
case ConnectionTestCategory.SslStreamWithTls12:
yield return(ConnectionTestType.Default);
yield return(ConnectionTestType.AcceptFromLocalCA);
yield return(ConnectionTestType.RequireClientCertificate);
yield break;
case ConnectionTestCategory.InvalidCertificatesInTls12:
yield return(ConnectionTestType.InvalidServerCertificate);
yield break;
case ConnectionTestCategory.HttpsCertificateValidators:
yield return(ConnectionTestType.DontInvokeGlobalValidator);
yield return(ConnectionTestType.DontInvokeGlobalValidator2);
yield return(ConnectionTestType.GlobalValidatorIsNull);
yield return(ConnectionTestType.MustInvokeGlobalValidator);
yield break;
case ConnectionTestCategory.NotYetWorking:
yield return(ConnectionTestType.ExternalServer);
yield return(ConnectionTestType.CheckChain);
yield break;
case ConnectionTestCategory.SslStreamCertificateValidators:
yield return(ConnectionTestType.MustNotInvokeGlobalValidator);
yield return(ConnectionTestType.MustNotInvokeGlobalValidator2);
yield break;
case ConnectionTestCategory.TrustedRoots:
yield return(ConnectionTestType.ServerCertificateWithCA);
yield return(ConnectionTestType.TrustedRootCA);
yield return(ConnectionTestType.TrustedIntermediateCA);
yield return(ConnectionTestType.TrustedSelfSigned);
yield return(ConnectionTestType.HostNameMismatch);
yield return(ConnectionTestType.IntermediateServerCertificate);
yield return(ConnectionTestType.IntermediateServerCertificateFull);
yield return(ConnectionTestType.IntermediateServerCertificateBare);
yield break;
case ConnectionTestCategory.CertificateStore:
yield return(ConnectionTestType.CertificateStore);
yield break;
case ConnectionTestCategory.MartinTest:
yield return(ConnectionTestType.MartinTest);
yield break;
default:
ctx.AssertFail("Unsupported test category: '{0}'.", category);
throw new InternalErrorException();
}
}
public static IEnumerable <RenegotiationTestType> GetRenegotiationTestTypes(TestContext ctx, ConnectionTestCategory category)
{
var setup = DependencyInjector.Get <IMonoConnectionFrameworkSetup> ();
switch (category)
{
case ConnectionTestCategory.MartinTest:
yield return(RenegotiationTestType.MartinTest);
yield break;
default:
throw ctx.AssertFail(category);
}
}
public HttpsTestParameters(ConnectionTestCategory category, ConnectionTestType type, string identifier, X509Certificate certificate)
: base(category, identifier, certificate)
{
Type = type;
}
public static IEnumerable <SimpleConnectionParameters> GetParameters(TestContext ctx, ClientAndServerProvider provider, ConnectionTestCategory category)
{
return(GetTestTypes(ctx, category).Select(t => Create(ctx, provider, category, t)));
}
public ConnectionTestProviderFilter(ConnectionTestCategory category, ConnectionTestFlags flags)
: base(flags)
{
Category = category;
}
public static IEnumerable <SslStreamTestType> GetTests(TestContext ctx, ConnectionTestCategory category)
{
switch (category)
{
case ConnectionTestCategory.Https:
yield return(SslStreamTestType.Default);
yield return(SslStreamTestType.AcceptFromLocalCA);
yield return(SslStreamTestType.NoValidator);
yield return(SslStreamTestType.RejectAll);
yield return(SslStreamTestType.RequestClientCertificate);
yield return(SslStreamTestType.RequireClientCertificate);
yield return(SslStreamTestType.RejectClientCertificate);
yield return(SslStreamTestType.UnrequestedClientCertificate);
yield return(SslStreamTestType.OptionalClientCertificate);
yield return(SslStreamTestType.RejectClientCertificate);
yield return(SslStreamTestType.MissingClientCertificate);
yield break;
case ConnectionTestCategory.HttpsWithMono:
yield return(SslStreamTestType.Default);
yield return(SslStreamTestType.AcceptFromLocalCA);
yield return(SslStreamTestType.RejectAll);
yield break;
case ConnectionTestCategory.HttpsWithDotNet:
yield return(SslStreamTestType.NoValidator);
yield return(SslStreamTestType.RequestClientCertificate);
yield return(SslStreamTestType.RequireClientCertificate);
yield return(SslStreamTestType.RejectClientCertificate);
yield return(SslStreamTestType.UnrequestedClientCertificate);
yield return(SslStreamTestType.OptionalClientCertificate);
yield return(SslStreamTestType.RejectClientCertificate);
yield return(SslStreamTestType.MissingClientCertificate);
yield break;
case ConnectionTestCategory.SslStreamWithTls12:
yield return(SslStreamTestType.Default);
yield return(SslStreamTestType.AcceptFromLocalCA);
yield return(SslStreamTestType.RequireClientCertificate);
yield return(SslStreamTestType.SyncAuthenticate);
yield break;
case ConnectionTestCategory.SslStreamCertificateValidators:
yield return(SslStreamTestType.MustNotInvokeGlobalValidator);
yield return(SslStreamTestType.MustNotInvokeGlobalValidator2);
yield break;
case ConnectionTestCategory.MartinTest:
yield return(SslStreamTestType.MartinTest);
yield break;
default:
ctx.AssertFail("Unsupported test category: '{0}'.", category);
throw new InternalErrorException();
}
}
