public Task TestWeb(
TestContext ctx, CancellationToken cancellationToken,
[ConnectionTestProvider("BoringTLS")] ConnectionTestProvider provider,
HttpsTestParameters parameters, HttpsTestRunner runner)
{
return(runner.Run(ctx, cancellationToken));
}
public HttpsTestRunner(IPortableEndPoint endpoint, HttpsTestParameters parameters,
ConnectionTestProvider provider, Uri uri, ListenerFlags flags)
: base(endpoint, parameters)
{
Provider = provider;
ListenerFlags = flags;
Uri = uri;
}
public HttpsTestRunner(IPortableEndPoint endpoint, HttpsTestParameters parameters,
ConnectionTestProvider provider, Uri uri, HttpServerFlags flags)
: base(endpoint, parameters)
{
Provider = provider;
ServerFlags = flags;
Uri = uri;
Server = new BuiltinHttpServer(uri, endpoint, flags, parameters, null)
{
Delegate = this
};
}
public async Task TestCertificateStore(TestContext ctx, CancellationToken cancellationToken,
ConnectionTestProvider provider, HttpsTestParameters parameters,
HttpsTestRunner runner)
{
await runner.Run(ctx, cancellationToken);
}
public async Task TestTrustedRoots(TestContext ctx, CancellationToken cancellationToken,
ConnectionTestProvider provider, HttpsTestParameters parameters,
HttpsTestRunner runner)
{
await runner.Run(ctx, cancellationToken);
}
public static HttpsTestParameters GetParameters(TestContext ctx, ConnectionTestCategory category, ConnectionTestType type)
{
var certificateProvider = DependencyInjector.Get <ICertificateProvider> ();
var acceptAll = certificateProvider.AcceptAll();
var rejectAll = certificateProvider.RejectAll();
var acceptNull = certificateProvider.AcceptNull();
var acceptSelfSigned = certificateProvider.AcceptThisCertificate(ResourceManager.SelfSignedServerCertificate);
var acceptFromLocalCA = certificateProvider.AcceptFromCA(ResourceManager.LocalCACertificate);
var name = GetTestName(category, type);
switch (type)
{
case ConnectionTestType.Default:
return(new HttpsTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
ClientCertificateValidator = acceptAll
});
case ConnectionTestType.AcceptFromLocalCA:
return(new HttpsTestParameters(category, type, name, ResourceManager.ServerCertificateFromCA)
{
ClientCertificateValidator = acceptFromLocalCA
});
case ConnectionTestType.NoValidator:
// The default validator only allows ResourceManager.SelfSignedServerCertificate.
return(new HttpsTestParameters(category, type, name, ResourceManager.ServerCertificateFromCA)
{
ExpectTrustFailure = true, ClientAbortsHandshake = true
});
case ConnectionTestType.RejectAll:
// Explicit validator overrides the default ServicePointManager.ServerCertificateValidationCallback.
return(new HttpsTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
ExpectTrustFailure = true, ClientCertificateValidator = rejectAll,
ClientAbortsHandshake = true
});
case ConnectionTestType.UnrequestedClientCertificate:
// Provide a client certificate, but do not require it.
return(new HttpsTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
ClientCertificate = ResourceManager.PenguinCertificate, ClientCertificateValidator = acceptSelfSigned,
ServerCertificateValidator = acceptNull
});
case ConnectionTestType.RequestClientCertificate:
/*
* Request client certificate, but do not require it.
*
* FIXME:
* SslStream with Mono's old implementation fails here.
*/
return(new HttpsTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
ClientCertificate = ResourceManager.MonkeyCertificate, ClientCertificateValidator = acceptSelfSigned,
AskForClientCertificate = true, ServerCertificateValidator = acceptFromLocalCA
});
case ConnectionTestType.RequireClientCertificate:
// Require client certificate.
return(new HttpsTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
ClientCertificate = ResourceManager.MonkeyCertificate, ClientCertificateValidator = acceptSelfSigned,
AskForClientCertificate = true, RequireClientCertificate = true,
ServerCertificateValidator = acceptFromLocalCA
});
case ConnectionTestType.OptionalClientCertificate:
/*
* Request client certificate without requiring one and do not provide it.
*
* To ask for an optional client certificate (without requiring it), you need to specify a custom validation
* callback and then accept the null certificate with `SslPolicyErrors.RemoteCertificateNotAvailable' in it.
*
* FIXME:
* Mono with the old TLS implementation throws SecureChannelFailure.
*/
return(new HttpsTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
ClientCertificateValidator = acceptSelfSigned, AskForClientCertificate = true,
ServerCertificateValidator = acceptNull
});
case ConnectionTestType.RejectClientCertificate:
// Reject client certificate.
return(new HttpsTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
ClientCertificate = ResourceManager.MonkeyCertificate, ClientCertificateValidator = acceptSelfSigned,
ExpectWebException = true, ServerCertificateValidator = rejectAll,
AskForClientCertificate = true, ClientAbortsHandshake = true
});
case ConnectionTestType.MissingClientCertificate:
// Missing client certificate.
return(new HttpsTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
ClientCertificateValidator = acceptSelfSigned, ExpectWebException = true,
AskForClientCertificate = true, RequireClientCertificate = true,
ClientAbortsHandshake = true
});
case ConnectionTestType.DontInvokeGlobalValidator:
return(new HttpsTestParameters(category, type, name, ResourceManager.ServerCertificateFromCA)
{
ClientCertificateValidator = acceptAll,
GlobalValidationFlags = GlobalValidationFlags.SetToTestRunner | GlobalValidationFlags.MustNotInvoke
});
case ConnectionTestType.DontInvokeGlobalValidator2:
return(new HttpsTestParameters(category, type, name, ResourceManager.ServerCertificateFromCA)
{
ClientCertificateValidator = rejectAll,
GlobalValidationFlags = GlobalValidationFlags.SetToTestRunner | GlobalValidationFlags.MustNotInvoke,
ExpectTrustFailure = true, ClientAbortsHandshake = true
});
case ConnectionTestType.GlobalValidatorIsNull:
return(new HttpsTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
GlobalValidationFlags = GlobalValidationFlags.SetToNull,
ExpectTrustFailure = true, ClientAbortsHandshake = true
});
case ConnectionTestType.MustInvokeGlobalValidator:
return(new HttpsTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
GlobalValidationFlags = GlobalValidationFlags.SetToTestRunner |
GlobalValidationFlags.MustInvoke | GlobalValidationFlags.AlwaysSucceed
});
case ConnectionTestType.CheckChain:
return(new HttpsTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
GlobalValidationFlags = GlobalValidationFlags.CheckChain,
ExpectPolicyErrors = SslPolicyErrors.RemoteCertificateChainErrors | SslPolicyErrors.RemoteCertificateNameMismatch,
ExpectChainStatus = X509ChainStatusFlags.UntrustedRoot
});
case ConnectionTestType.ExternalServer:
return(new HttpsTestParameters(category, type, name, CertificateResourceType.TlsTestXamDevNew)
{
ExternalServer = new Uri("https://tlstest-1.xamdev.com/"),
GlobalValidationFlags = GlobalValidationFlags.CheckChain,
ExpectPolicyErrors = SslPolicyErrors.None
});
case ConnectionTestType.ServerCertificateWithCA:
var parameters = new HttpsTestParameters(category, type, name, ResourceManager.ServerCertificateWithCA)
{
GlobalValidationFlags = GlobalValidationFlags.SetToTestRunner,
ExpectChainStatus = X509ChainStatusFlags.UntrustedRoot
};
parameters.ValidationParameters = new ValidationParameters();
parameters.ValidationParameters.AddExpectedExtraStore(CertificateResourceType.ServerCertificateFromLocalCA);
parameters.ValidationParameters.AddExpectedExtraStore(CertificateResourceType.HamillerTubeCA);
parameters.ValidationParameters.ExpectSuccess = false;
return(parameters);
case ConnectionTestType.TrustedRootCA:
parameters = new HttpsTestParameters(category, type, name, ResourceManager.ServerCertificateFromCA)
{
GlobalValidationFlags = GlobalValidationFlags.CheckChain,
ExpectPolicyErrors = SslPolicyErrors.None, OverrideTargetHost = "Hamiller-Tube.local"
};
parameters.ValidationParameters = new ValidationParameters();
parameters.ValidationParameters.AddTrustedRoot(CertificateResourceType.HamillerTubeCA);
parameters.ValidationParameters.ExpectSuccess = true;
return(parameters);
case ConnectionTestType.TrustedIntermediateCA:
parameters = new HttpsTestParameters(category, type, name, ResourceManager.GetCertificate(CertificateResourceType.IntermediateServerCertificateBare))
{
GlobalValidationFlags = GlobalValidationFlags.SetToTestRunner,
ExpectChainStatus = X509ChainStatusFlags.NoError,
ExpectPolicyErrors = SslPolicyErrors.None, OverrideTargetHost = "Intermediate-Server.local"
};
parameters.ValidationParameters = new ValidationParameters();
parameters.ValidationParameters.AddTrustedRoot(CertificateResourceType.HamillerTubeIM);
parameters.ValidationParameters.AddExpectedExtraStore(CertificateResourceType.IntermediateServerCertificateNoKey);
parameters.ValidationParameters.ExpectSuccess = true;
return(parameters);
case ConnectionTestType.TrustedSelfSigned:
parameters = new HttpsTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
GlobalValidationFlags = GlobalValidationFlags.SetToTestRunner,
ExpectChainStatus = X509ChainStatusFlags.NoError,
ExpectPolicyErrors = SslPolicyErrors.None, OverrideTargetHost = "Hamiller-Tube.local"
};
parameters.ValidationParameters = new ValidationParameters();
parameters.ValidationParameters.AddTrustedRoot(CertificateResourceType.SelfSignedServerCertificate);
parameters.ValidationParameters.ExpectSuccess = true;
return(parameters);
case ConnectionTestType.HostNameMismatch:
parameters = new HttpsTestParameters(category, type, name, ResourceManager.ServerCertificateFromCA)
{
GlobalValidationFlags = GlobalValidationFlags.CheckChain,
ExpectPolicyErrors = SslPolicyErrors.RemoteCertificateNameMismatch,
};
parameters.ValidationParameters = new ValidationParameters();
parameters.ValidationParameters.AddTrustedRoot(CertificateResourceType.HamillerTubeCA);
parameters.ValidationParameters.ExpectSuccess = false;
return(parameters);
case ConnectionTestType.IntermediateServerCertificate:
parameters = new HttpsTestParameters(category, type, name, ResourceManager.GetCertificate(CertificateResourceType.IntermediateServerCertificate))
{
GlobalValidationFlags = GlobalValidationFlags.SetToTestRunner,
ExpectChainStatus = X509ChainStatusFlags.NoError,
ExpectPolicyErrors = SslPolicyErrors.None, OverrideTargetHost = "Intermediate-Server.local"
};
parameters.ValidationParameters = new ValidationParameters();
parameters.ValidationParameters.AddTrustedRoot(CertificateResourceType.HamillerTubeCA);
parameters.ValidationParameters.AddExpectedExtraStore(CertificateResourceType.IntermediateServerCertificateNoKey);
parameters.ValidationParameters.AddExpectedExtraStore(CertificateResourceType.HamillerTubeIM);
parameters.ValidationParameters.ExpectSuccess = true;
return(parameters);
case ConnectionTestType.IntermediateServerCertificateFull:
parameters = new HttpsTestParameters(category, type, name, ResourceManager.GetCertificate(CertificateResourceType.IntermediateServerCertificateFull))
{
GlobalValidationFlags = GlobalValidationFlags.SetToTestRunner,
ExpectChainStatus = X509ChainStatusFlags.NoError,
ExpectPolicyErrors = SslPolicyErrors.None, OverrideTargetHost = "Intermediate-Server.local"
};
parameters.ValidationParameters = new ValidationParameters();
parameters.ValidationParameters.AddTrustedRoot(CertificateResourceType.HamillerTubeCA);
parameters.ValidationParameters.AddExpectedExtraStore(CertificateResourceType.IntermediateServerCertificateNoKey);
parameters.ValidationParameters.AddExpectedExtraStore(CertificateResourceType.HamillerTubeIM);
parameters.ValidationParameters.AddExpectedExtraStore(CertificateResourceType.HamillerTubeCA);
parameters.ValidationParameters.ExpectSuccess = true;
return(parameters);
case ConnectionTestType.IntermediateServerCertificateBare:
parameters = new HttpsTestParameters(category, type, name, ResourceManager.GetCertificate(CertificateResourceType.IntermediateServerCertificateBare))
{
GlobalValidationFlags = GlobalValidationFlags.SetToTestRunner,
ExpectPolicyErrors = SslPolicyErrors.RemoteCertificateChainErrors, OverrideTargetHost = "Intermediate-Server.local"
};
parameters.ValidationParameters = new ValidationParameters();
parameters.ValidationParameters.AddTrustedRoot(CertificateResourceType.HamillerTubeCA);
parameters.ValidationParameters.AddExpectedExtraStore(CertificateResourceType.IntermediateServerCertificateNoKey);
parameters.ValidationParameters.ExpectSuccess = false;
return(parameters);
case ConnectionTestType.CertificateStore:
parameters = new HttpsTestParameters(category, type, name, ResourceManager.GetCertificate(CertificateResourceType.ServerFromTrustedIntermediateCABare))
{
GlobalValidationFlags = GlobalValidationFlags.SetToTestRunner,
ExpectChainStatus = X509ChainStatusFlags.NoError,
ExpectPolicyErrors = SslPolicyErrors.None, OverrideTargetHost = "Trusted-IM-Server.local"
};
return(parameters);
case ConnectionTestType.MartinTest:
goto case ConnectionTestType.ServerCertificateWithCA;
default:
throw new InternalErrorException();
}
}
public async Task TestDotNetConnection (TestContext ctx, CancellationToken cancellationToken,
ConnectionTestProvider provider, HttpsTestParameters parameters,
HttpsTestRunner runner)
{
await runner.Run (ctx, cancellationToken);
}
