public GenericConnectionInstrumentParameters(InstrumentationCategory category, GenericConnectionInstrumentType type, string identifier, IServerCertificate certificate)
: base(category, identifier, certificate)
{
Type = type;
}
protected GenericConnectionInstrumentParameters(GenericConnectionInstrumentParameters other)
: base(other)
{
Type = other.Type;
}
public GenericConnectionInstrumentParameters (InstrumentationCategory category, GenericConnectionInstrumentType type, string identifier, IServerCertificate certificate)
: base (category, identifier, certificate)
{
Type = type;
}
protected GenericConnectionInstrumentParameters (GenericConnectionInstrumentParameters other)
: base (other)
{
Type = other.Type;
}
static GenericConnectionInstrumentParameters Create(TestContext ctx, InstrumentationCategory category, GenericConnectionInstrumentType type)
{
var parameters = CreateParameters(category, type);
switch (type)
{
case GenericConnectionInstrumentType.FragmentHandshakeMessages:
parameters.Add(HandshakeInstrumentType.FragmentHandshakeMessages);
break;
case GenericConnectionInstrumentType.SendBlobAfterReceivingFinish:
parameters.Add(HandshakeInstrumentType.SendBlobAfterReceivingFinish);
break;
case GenericConnectionInstrumentType.InvalidServerCertificateV1:
parameters.ServerCertificate = ResourceManager.InvalidServerCertificateV1;
parameters.ExpectServerAlert = AlertDescription.UnsupportedCertificate;
break;
case GenericConnectionInstrumentType.InvalidServerCertificateRsa512:
parameters.ServerCertificate = ResourceManager.InvalidServerCertificateRsa512;
parameters.ExpectServerAlert = AlertDescription.UnsupportedCertificate;
break;
case GenericConnectionInstrumentType.ServerProvidesInvalidCertificate:
parameters.ServerCertificate = ResourceManager.InvalidServerCertificateV1;
parameters.Add(HandshakeInstrumentType.OverrideServerCertificateSelection);
parameters.ExpectClientAlert = AlertDescription.UnsupportedCertificate;
break;
case GenericConnectionInstrumentType.InvalidClientCertificateV1:
parameters.ClientCertificate = ResourceManager.InvalidClientCertificateV1;
parameters.RequireClientCertificate = true;
parameters.ExpectClientAlert = AlertDescription.UnsupportedCertificate;
break;
case GenericConnectionInstrumentType.InvalidClientCertificateRsa512:
parameters.ClientCertificate = ResourceManager.InvalidClientCertificateRsa512;
parameters.RequireClientCertificate = true;
parameters.ExpectClientAlert = AlertDescription.UnsupportedCertificate;
break;
case GenericConnectionInstrumentType.ClientProvidesInvalidCertificate:
parameters.ClientCertificate = ResourceManager.InvalidClientCertificateV1;
parameters.RequireClientCertificate = true;
parameters.Add(HandshakeInstrumentType.OverrideClientCertificateSelection);
parameters.ExpectServerAlert = AlertDescription.UnsupportedCertificate;
break;
case GenericConnectionInstrumentType.RequireRsaKeyExchange:
parameters.ProtocolVersion = ProtocolVersions.Tls12;
parameters.ServerCertificate = ResourceManager.ServerCertificateRsaOnly;
parameters.ClientCiphers = new CipherSuiteCode[] {
CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA, CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA
};
parameters.ExpectedServerCipher = CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA;
break;
case GenericConnectionInstrumentType.RsaKeyExchangeNotAllowed:
parameters.ProtocolVersion = ProtocolVersions.Tls12;
parameters.ServerCertificate = ResourceManager.ServerCertificateDheOnly;
parameters.ServerCiphers = new CipherSuiteCode[] { CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA };
parameters.ExpectServerAlert = AlertDescription.HandshakeFailure;
break;
case GenericConnectionInstrumentType.RequireDheKeyExchange:
parameters.ProtocolVersion = ProtocolVersions.Tls12;
parameters.ServerCertificate = ResourceManager.ServerCertificateDheOnly;
parameters.ClientCiphers = new CipherSuiteCode[] {
CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA, CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA
};
parameters.ExpectedServerCipher = CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA;
break;
case GenericConnectionInstrumentType.DheKeyExchangeNotAllowed:
parameters.ProtocolVersion = ProtocolVersions.Tls12;
parameters.ServerCertificate = ResourceManager.ServerCertificateRsaOnly;
parameters.ServerCiphers = new CipherSuiteCode[] { CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA };
parameters.ExpectServerAlert = AlertDescription.HandshakeFailure;
break;
case GenericConnectionInstrumentType.MartinClientPuppy:
case GenericConnectionInstrumentType.MartinServerPuppy:
goto case GenericConnectionInstrumentType.MartinTest;
case GenericConnectionInstrumentType.ClientCertificateRequiresRsaKeyExchange:
parameters.ServerCertificate = ResourceManager.ServerCertificateRsaOnly;
parameters.ClientCiphers = new CipherSuiteCode[] { CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA };
parameters.ClientCertificate = ResourceManager.ClientCertificateRsaOnly;
parameters.RequireClientCertificate = true;
parameters.ClientCertificateValidator = AcceptAnyCertificate;
parameters.ServerCertificateValidator = AcceptAnyCertificate;
break;
case GenericConnectionInstrumentType.ClientCertificateRequiresDheKeyExchange:
parameters.ServerCertificate = ResourceManager.ServerCertificateDheOnly;
parameters.ClientCiphers = new CipherSuiteCode[] { CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA };
parameters.ClientCertificate = ResourceManager.ClientCertificateDheOnly;
parameters.RequireClientCertificate = true;
parameters.ClientCertificateValidator = AcceptAnyCertificate;
parameters.ServerCertificateValidator = AcceptAnyCertificate;
break;
case GenericConnectionInstrumentType.ClientCertificateInvalidForRsa:
parameters.ServerCertificate = ResourceManager.ServerCertificateRsaOnly;
parameters.ClientCiphers = new CipherSuiteCode[] { CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA };
parameters.ClientCertificate = ResourceManager.ClientCertificateDheOnly;
parameters.RequireClientCertificate = true;
parameters.ClientCertificateValidator = AcceptAnyCertificate;
parameters.ServerCertificateValidator = AcceptAnyCertificate;
parameters.ExpectClientAlert = AlertDescription.UnsupportedCertificate;
break;
case GenericConnectionInstrumentType.ClientCertificateInvalidForDhe:
parameters.ServerCertificate = ResourceManager.ServerCertificateDheOnly;
parameters.ClientCiphers = new CipherSuiteCode[] { CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA };
parameters.ClientCertificate = ResourceManager.ClientCertificateRsaOnly;
parameters.RequireClientCertificate = true;
parameters.ClientCertificateValidator = AcceptAnyCertificate;
parameters.ServerCertificateValidator = AcceptAnyCertificate;
parameters.ExpectClientAlert = AlertDescription.UnsupportedCertificate;
break;
case GenericConnectionInstrumentType.ClientProvidesCertificateThatsInvalidForRsa:
parameters.ServerCertificate = ResourceManager.ServerCertificateRsaOnly;
parameters.ClientCiphers = new CipherSuiteCode[] { CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA };
parameters.ClientCertificate = ResourceManager.ClientCertificateDheOnly;
parameters.RequireClientCertificate = true;
parameters.ClientCertificateValidator = AcceptAnyCertificate;
parameters.ServerCertificateValidator = AcceptAnyCertificate;
parameters.ExpectServerAlert = AlertDescription.UnsupportedCertificate;
parameters.Add(HandshakeInstrumentType.OverrideClientCertificateSelection);
break;
case GenericConnectionInstrumentType.ClientProvidesCertificateThatsInvalidForDhe:
parameters.ServerCertificate = ResourceManager.ServerCertificateDheOnly;
parameters.ClientCiphers = new CipherSuiteCode[] { CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA };
parameters.ClientCertificate = ResourceManager.ClientCertificateRsaOnly;
parameters.RequireClientCertificate = true;
parameters.ClientCertificateValidator = AcceptAnyCertificate;
parameters.ServerCertificateValidator = AcceptAnyCertificate;
parameters.ExpectServerAlert = AlertDescription.UnsupportedCertificate;
parameters.Add(HandshakeInstrumentType.OverrideClientCertificateSelection);
break;
case GenericConnectionInstrumentType.MartinTest:
parameters.ClientCiphers = parameters.ServerCiphers = new CipherSuiteCode[] {
CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
};
break;
default:
ctx.AssertFail("Unsupported connection instrument: '{0}'.", type);
break;
}
if (parameters.ExpectClientAlert != null || parameters.ExpectServerAlert != null)
{
parameters.Add(HandshakeInstrumentType.DontSendAlerts);
}
return(parameters);
}
static GenericConnectionInstrumentParameters CreateParameters(InstrumentationCategory category, GenericConnectionInstrumentType type, params object[] args)
{
var sb = new StringBuilder();
sb.Append(type);
foreach (var arg in args)
{
sb.AppendFormat(":{0}", arg);
}
var name = sb.ToString();
return(new GenericConnectionInstrumentParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
ClientCertificateValidator = AcceptAnyCertificate, ServerCertificateValidator = AcceptAnyCertificate,
ProtocolVersion = ProtocolVersions.Tls12
});
}
public GenericConnectionInstrumentParametersAttribute(GenericConnectionInstrumentType type)
: base(null, TestFlags.Browsable | TestFlags.ContinueOnError)
{
Type = type;
}
static GenericConnectionInstrumentParameters Create (TestContext ctx, InstrumentationCategory category, GenericConnectionInstrumentType type)
{
var parameters = CreateParameters (category, type);
switch (type) {
case GenericConnectionInstrumentType.FragmentHandshakeMessages:
parameters.Add (HandshakeInstrumentType.FragmentHandshakeMessages);
break;
case GenericConnectionInstrumentType.SendBlobAfterReceivingFinish:
parameters.Add (HandshakeInstrumentType.SendBlobAfterReceivingFinish);
break;
case GenericConnectionInstrumentType.InvalidServerCertificateV1:
parameters.ServerCertificate = ResourceManager.InvalidServerCertificateV1;
parameters.ExpectServerAlert = AlertDescription.UnsupportedCertificate;
break;
case GenericConnectionInstrumentType.InvalidServerCertificateRsa512:
parameters.ServerCertificate = ResourceManager.InvalidServerCertificateRsa512;
parameters.ExpectServerAlert = AlertDescription.UnsupportedCertificate;
break;
case GenericConnectionInstrumentType.ServerProvidesInvalidCertificate:
parameters.ServerCertificate = ResourceManager.InvalidServerCertificateV1;
parameters.Add (HandshakeInstrumentType.OverrideServerCertificateSelection);
parameters.ExpectClientAlert = AlertDescription.UnsupportedCertificate;
break;
case GenericConnectionInstrumentType.InvalidClientCertificateV1:
parameters.ClientCertificate = ResourceManager.InvalidClientCertificateV1;
parameters.RequireClientCertificate = true;
parameters.ExpectClientAlert = AlertDescription.UnsupportedCertificate;
break;
case GenericConnectionInstrumentType.InvalidClientCertificateRsa512:
parameters.ClientCertificate = ResourceManager.InvalidClientCertificateRsa512;
parameters.RequireClientCertificate = true;
parameters.ExpectClientAlert = AlertDescription.UnsupportedCertificate;
break;
case GenericConnectionInstrumentType.ClientProvidesInvalidCertificate:
parameters.ClientCertificate = ResourceManager.InvalidClientCertificateV1;
parameters.RequireClientCertificate = true;
parameters.Add (HandshakeInstrumentType.OverrideClientCertificateSelection);
parameters.ExpectServerAlert = AlertDescription.UnsupportedCertificate;
break;
case GenericConnectionInstrumentType.RequireRsaKeyExchange:
parameters.ProtocolVersion = ProtocolVersions.Tls12;
parameters.ServerCertificate = ResourceManager.ServerCertificateRsaOnly;
parameters.ClientCiphers = new CipherSuiteCode[] {
CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA, CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA
};
parameters.ExpectedServerCipher = CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA;
break;
case GenericConnectionInstrumentType.RsaKeyExchangeNotAllowed:
parameters.ProtocolVersion = ProtocolVersions.Tls12;
parameters.ServerCertificate = ResourceManager.ServerCertificateDheOnly;
parameters.ServerCiphers = new CipherSuiteCode[] { CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA };
parameters.ExpectServerAlert = AlertDescription.HandshakeFailure;
break;
case GenericConnectionInstrumentType.RequireDheKeyExchange:
parameters.ProtocolVersion = ProtocolVersions.Tls12;
parameters.ServerCertificate = ResourceManager.ServerCertificateDheOnly;
parameters.ClientCiphers = new CipherSuiteCode[] {
CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA, CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA
};
parameters.ExpectedServerCipher = CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA;
break;
case GenericConnectionInstrumentType.DheKeyExchangeNotAllowed:
parameters.ProtocolVersion = ProtocolVersions.Tls12;
parameters.ServerCertificate = ResourceManager.ServerCertificateRsaOnly;
parameters.ServerCiphers = new CipherSuiteCode[] { CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA };
parameters.ExpectServerAlert = AlertDescription.HandshakeFailure;
break;
case GenericConnectionInstrumentType.MartinClientPuppy:
case GenericConnectionInstrumentType.MartinServerPuppy:
goto case GenericConnectionInstrumentType.MartinTest;
case GenericConnectionInstrumentType.ClientCertificateRequiresRsaKeyExchange:
parameters.ServerCertificate = ResourceManager.ServerCertificateRsaOnly;
parameters.ClientCiphers = new CipherSuiteCode[] { CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA };
parameters.ClientCertificate = ResourceManager.ClientCertificateRsaOnly;
parameters.RequireClientCertificate = true;
parameters.ClientCertificateValidator = AcceptAnyCertificate;
parameters.ServerCertificateValidator = AcceptAnyCertificate;
break;
case GenericConnectionInstrumentType.ClientCertificateRequiresDheKeyExchange:
parameters.ServerCertificate = ResourceManager.ServerCertificateDheOnly;
parameters.ClientCiphers = new CipherSuiteCode[] { CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA };
parameters.ClientCertificate = ResourceManager.ClientCertificateDheOnly;
parameters.RequireClientCertificate = true;
parameters.ClientCertificateValidator = AcceptAnyCertificate;
parameters.ServerCertificateValidator = AcceptAnyCertificate;
break;
case GenericConnectionInstrumentType.ClientCertificateInvalidForRsa:
parameters.ServerCertificate = ResourceManager.ServerCertificateRsaOnly;
parameters.ClientCiphers = new CipherSuiteCode[] { CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA };
parameters.ClientCertificate = ResourceManager.ClientCertificateDheOnly;
parameters.RequireClientCertificate = true;
parameters.ClientCertificateValidator = AcceptAnyCertificate;
parameters.ServerCertificateValidator = AcceptAnyCertificate;
parameters.ExpectClientAlert = AlertDescription.UnsupportedCertificate;
break;
case GenericConnectionInstrumentType.ClientCertificateInvalidForDhe:
parameters.ServerCertificate = ResourceManager.ServerCertificateDheOnly;
parameters.ClientCiphers = new CipherSuiteCode[] { CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA };
parameters.ClientCertificate = ResourceManager.ClientCertificateRsaOnly;
parameters.RequireClientCertificate = true;
parameters.ClientCertificateValidator = AcceptAnyCertificate;
parameters.ServerCertificateValidator = AcceptAnyCertificate;
parameters.ExpectClientAlert = AlertDescription.UnsupportedCertificate;
break;
case GenericConnectionInstrumentType.ClientProvidesCertificateThatsInvalidForRsa:
parameters.ServerCertificate = ResourceManager.ServerCertificateRsaOnly;
parameters.ClientCiphers = new CipherSuiteCode[] { CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA };
parameters.ClientCertificate = ResourceManager.ClientCertificateDheOnly;
parameters.RequireClientCertificate = true;
parameters.ClientCertificateValidator = AcceptAnyCertificate;
parameters.ServerCertificateValidator = AcceptAnyCertificate;
parameters.ExpectServerAlert = AlertDescription.UnsupportedCertificate;
parameters.Add (HandshakeInstrumentType.OverrideClientCertificateSelection);
break;
case GenericConnectionInstrumentType.ClientProvidesCertificateThatsInvalidForDhe:
parameters.ServerCertificate = ResourceManager.ServerCertificateDheOnly;
parameters.ClientCiphers = new CipherSuiteCode[] { CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA };
parameters.ClientCertificate = ResourceManager.ClientCertificateRsaOnly;
parameters.RequireClientCertificate = true;
parameters.ClientCertificateValidator = AcceptAnyCertificate;
parameters.ServerCertificateValidator = AcceptAnyCertificate;
parameters.ExpectServerAlert = AlertDescription.UnsupportedCertificate;
parameters.Add (HandshakeInstrumentType.OverrideClientCertificateSelection);
break;
case GenericConnectionInstrumentType.MartinTest:
parameters.ClientCiphers = parameters.ServerCiphers = new CipherSuiteCode[] {
CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
};
break;
default:
ctx.AssertFail ("Unsupported connection instrument: '{0}'.", type);
break;
}
if (parameters.ExpectClientAlert != null || parameters.ExpectServerAlert != null)
parameters.Add (HandshakeInstrumentType.DontSendAlerts);
return parameters;
}
static GenericConnectionInstrumentParameters CreateParameters (InstrumentationCategory category, GenericConnectionInstrumentType type, params object[] args)
{
var sb = new StringBuilder ();
sb.Append (type);
foreach (var arg in args) {
sb.AppendFormat (":{0}", arg);
}
var name = sb.ToString ();
return new GenericConnectionInstrumentParameters (category, type, name, ResourceManager.SelfSignedServerCertificate) {
ClientCertificateValidator = AcceptAnyCertificate, ServerCertificateValidator = AcceptAnyCertificate,
ProtocolVersion = ProtocolVersions.Tls12
};
}
