static SignatureInstrumentParameters Create(
TestContext ctx, InstrumentationCategory category, SignatureInstrumentType type,
SignatureAndHashAlgorithm algorithm, CipherSuiteCode cipher)
{
var parameters = CreateParameters(category, type, algorithm.Hash, algorithm.Signature, cipher);
parameters.ClientCertificate = ResourceManager.MonkeyCertificate;
parameters.RequireClientCertificate = true;
var signatureParameters = new SignatureParameters();
signatureParameters.Add(algorithm);
switch (type)
{
case SignatureInstrumentType.ClientSignatureAlgorithmAndCipher:
parameters.ClientSignatureParameters = signatureParameters;
parameters.ClientCiphers = new CipherSuiteCode[] { cipher };
break;
case SignatureInstrumentType.ServerSignatureAlgorithmAndCipher:
parameters.ServerSignatureAlgorithm = algorithm;
parameters.ServerCiphers = new CipherSuiteCode[] { cipher };
break;
default:
ctx.AssertFail("Unsupported signature instrument: '{0}'.", type);
break;
}
return(parameters);
}
protected SignatureInstrumentParameters (SignatureInstrumentParameters other)
: base (other)
{
Type = other.Type;
ClientSignatureParameters = other.ClientSignatureParameters;
ServerSignatureParameters = other.ServerSignatureParameters;
ClientSignatureAlgorithm = other.ClientSignatureAlgorithm;
ServerSignatureAlgorithm = other.ServerSignatureAlgorithm;
ExpectClientSignatureAlgorithm = other.ExpectClientSignatureAlgorithm;
ExpectServerSignatureAlgorithm = other.ExpectServerSignatureAlgorithm;
ServerCertificateParameters = other.ServerCertificateParameters;
CertificateVerifySignatureAlgorithm = other.CertificateVerifySignatureAlgorithm;
ExpectCertificateVerifySignatureAlgorithm = other.ExpectCertificateVerifySignatureAlgorithm;
}
protected SignatureInstrumentParameters(SignatureInstrumentParameters other)
: base(other)
{
Type = other.Type;
ClientSignatureParameters = other.ClientSignatureParameters;
ServerSignatureParameters = other.ServerSignatureParameters;
ClientSignatureAlgorithm = other.ClientSignatureAlgorithm;
ServerSignatureAlgorithm = other.ServerSignatureAlgorithm;
ExpectClientSignatureAlgorithm = other.ExpectClientSignatureAlgorithm;
ExpectServerSignatureAlgorithm = other.ExpectServerSignatureAlgorithm;
ServerCertificateParameters = other.ServerCertificateParameters;
CertificateVerifySignatureAlgorithm = other.CertificateVerifySignatureAlgorithm;
ExpectCertificateVerifySignatureAlgorithm = other.ExpectCertificateVerifySignatureAlgorithm;
}
public SignatureInstrumentParameters (InstrumentationCategory category, SignatureInstrumentType type, ClientParameters clientParameters, ServerParameters serverParameters)
: base (category, clientParameters, serverParameters)
{
Type = type;
}
public SignatureInstrumentParameters (InstrumentationCategory category, SignatureInstrumentType type, string identifier, IServerCertificate certificate)
: base (category, identifier, certificate)
{
Type = type;
}
public SignatureInstrumentParametersAttribute(SignatureInstrumentType type)
: base(null, TestFlags.Browsable | TestFlags.ContinueOnError)
{
Type = type;
}
static SignatureInstrumentParameters Create (TestContext ctx, InstrumentationCategory category, SignatureInstrumentType type)
{
var parameters = CreateParameters (category, type);
parameters.ClientCertificate = ResourceManager.MonkeyCertificate;
parameters.RequireClientCertificate = true;
switch (type) {
case SignatureInstrumentType.NoClientSignatureAlgorithms:
parameters.ExpectServerSignatureAlgorithm = new SignatureAndHashAlgorithm (HashAlgorithmType.Sha1);
parameters.ClientCiphers = new CipherSuiteCode[] { CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA };
break;
case SignatureInstrumentType.VerifyClientSignatureAlgorithms:
parameters.ExpectClientAlert = AlertDescription.IlegalParameter;
goto case SignatureInstrumentType.ClientProvidesSomeUnsupportedSignatureAlgorithms;
case SignatureInstrumentType.ClientProvidesSomeUnsupportedSignatureAlgorithms:
parameters.ClientSignatureParameters = new SignatureParameters ();
parameters.ClientSignatureParameters.Add (HashAlgorithmType.Sha1, SignatureAlgorithmType.Dsa);
parameters.ClientSignatureParameters.Add (HashAlgorithmType.Unknown, SignatureAlgorithmType.Unknown);
parameters.ClientSignatureParameters.Add (HashAlgorithmType.Sha256, SignatureAlgorithmType.Rsa);
parameters.ClientCiphers = new CipherSuiteCode[] { CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA };
break;
case SignatureInstrumentType.ClientProvidesNoSupportedSignatureAlgorithms:
parameters.ClientSignatureParameters = new SignatureParameters ();
parameters.ClientSignatureParameters.Add (HashAlgorithmType.Unknown, SignatureAlgorithmType.Dsa);
parameters.ExpectServerSignatureAlgorithm = new SignatureAndHashAlgorithm (HashAlgorithmType.Sha1);
parameters.ClientCiphers = new CipherSuiteCode[] { CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA };
parameters.ExpectServerAlert = AlertDescription.IlegalParameter;
break;
case SignatureInstrumentType.Tls10WithRsaExchange:
parameters.ClientCiphers = parameters.ServerCiphers = new CipherSuiteCode[] { CipherSuiteCode.TLS_RSA_WITH_AES_256_CBC_SHA };
parameters.ProtocolVersion = ProtocolVersions.Tls10;
break;
case SignatureInstrumentType.Tls10WithDheExchange:
parameters.ClientCiphers = parameters.ServerCiphers = new CipherSuiteCode[] { CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA };
parameters.ProtocolVersion = ProtocolVersions.Tls10;
break;
case SignatureInstrumentType.ServerUsesUnsupportedSignatureAlgorithm:
parameters.ClientCiphers = new CipherSuiteCode[] { CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA };
parameters.ClientSignatureParameters = new SignatureParameters ();
parameters.ClientSignatureParameters.Add (HashAlgorithmType.Sha384);
parameters.ServerSignatureAlgorithm = new SignatureAndHashAlgorithm (HashAlgorithmType.Sha512);
parameters.ExpectClientAlert = AlertDescription.IlegalParameter;
break;
case SignatureInstrumentType.ServerUsesUnsupportedSignatureAlgorithm2:
// MD5SHA1 is never allowed for TLS 1.2.
parameters.ClientCiphers = new CipherSuiteCode[] { CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA };
parameters.ClientSignatureParameters = new SignatureParameters ();
parameters.ClientSignatureParameters.Add (HashAlgorithmType.Sha1);
// we'd normally not be allowed to request this from user settings, but there's an instrumentation override
// in place for this test.
parameters.ClientSignatureParameters.Add (HashAlgorithmType.Md5Sha1);
// Instrumentation override lets us force set this.
parameters.ServerSignatureAlgorithm = new SignatureAndHashAlgorithm (HashAlgorithmType.Md5Sha1);
parameters.ExpectClientAlert = AlertDescription.IlegalParameter;
parameters.ProtocolVersion = ProtocolVersions.Tls12;
break;
case SignatureInstrumentType.ServerSendsCertificateParametersWithoutAlgorithms:
parameters.ServerCertificateParameters = new ClientCertificateParameters ();
parameters.ExpectCertificateVerifySignatureAlgorithm = SignatureParameters.DefaultAlgorithm;
break;
case SignatureInstrumentType.ServerSendsCertificateParametersWithSomeUnsupportedAlgorithms:
parameters.ServerCertificateParameters = new ClientCertificateParameters ();
parameters.ServerCertificateParameters.SignatureParameters.Add (HashAlgorithmType.Unknown);
parameters.ServerCertificateParameters.SignatureParameters.Add (HashAlgorithmType.Sha384);
parameters.ExpectCertificateVerifySignatureAlgorithm = new SignatureAndHashAlgorithm (HashAlgorithmType.Sha384);
break;
case SignatureInstrumentType.ServerSendsCertificateParametersWithNoSupportedAlgorithms:
parameters.ServerCertificateParameters = new ClientCertificateParameters ();
parameters.ServerCertificateParameters.SignatureParameters.Add (HashAlgorithmType.Unknown);
parameters.ExpectCertificateVerifySignatureAlgorithm = SignatureParameters.DefaultAlgorithm;
parameters.ExpectClientAlert = AlertDescription.IlegalParameter;
break;
case SignatureInstrumentType.ClientSendsCertificateVerifyWithUnrequestedAlgorithm:
parameters.ServerCertificateParameters = new ClientCertificateParameters ();
parameters.ServerCertificateParameters.SignatureParameters.Add (HashAlgorithmType.Sha384);
parameters.ServerCertificateParameters.SignatureParameters.Add (HashAlgorithmType.Sha512);
parameters.ClientSignatureAlgorithm = new SignatureAndHashAlgorithm (HashAlgorithmType.Sha256);
parameters.ExpectServerAlert = AlertDescription.IlegalParameter;
break;
case SignatureInstrumentType.CertificateVerifySignatureAlgorithmSelectionOrder:
parameters.ServerCertificateParameters = new ClientCertificateParameters ();
parameters.ServerCertificateParameters.SignatureParameters.Add (HashAlgorithmType.Sha384);
parameters.ServerCertificateParameters.SignatureParameters.Add (HashAlgorithmType.Sha512);
parameters.ExpectCertificateVerifySignatureAlgorithm = new SignatureAndHashAlgorithm (HashAlgorithmType.Sha384);
break;
case SignatureInstrumentType.CertificateVerifySignatureAlgorithmSelectionOrder2:
parameters.ServerCertificateParameters = new ClientCertificateParameters ();
parameters.ServerCertificateParameters.SignatureParameters.Add (HashAlgorithmType.Sha512);
parameters.ServerCertificateParameters.SignatureParameters.Add (HashAlgorithmType.Sha384);
parameters.ExpectCertificateVerifySignatureAlgorithm = new SignatureAndHashAlgorithm (HashAlgorithmType.Sha512);
break;
default:
ctx.AssertFail ("Unsupported signature instrument: '{0}'.", type);
break;
}
return parameters;
}
static SignatureInstrumentParameters Create (
TestContext ctx, InstrumentationCategory category, SignatureInstrumentType type,
SignatureAndHashAlgorithm algorithm, CipherSuiteCode cipher)
{
var parameters = CreateParameters (category, type, algorithm.Hash, algorithm.Signature, cipher);
parameters.ClientCertificate = ResourceManager.MonkeyCertificate;
parameters.RequireClientCertificate = true;
var signatureParameters = new SignatureParameters ();
signatureParameters.Add (algorithm);
switch (type) {
case SignatureInstrumentType.ClientSignatureAlgorithmAndCipher:
parameters.ClientSignatureParameters = signatureParameters;
parameters.ClientCiphers = new CipherSuiteCode[] { cipher };
break;
case SignatureInstrumentType.ServerSignatureAlgorithmAndCipher:
parameters.ServerSignatureAlgorithm = algorithm;
parameters.ServerCiphers = new CipherSuiteCode[] { cipher };
break;
default:
ctx.AssertFail ("Unsupported signature instrument: '{0}'.", type);
break;
}
return parameters;
}
static SignatureInstrumentParameters CreateParameters (InstrumentationCategory category, SignatureInstrumentType type, params object[] args)
{
var sb = new StringBuilder ();
sb.Append (type);
foreach (var arg in args) {
sb.AppendFormat (":{0}", arg);
}
var name = sb.ToString ();
return new SignatureInstrumentParameters (category, type, name, ResourceManager.SelfSignedServerCertificate) {
ClientCertificateValidator = AcceptAnyCertificate, ServerCertificateValidator = AcceptAnyCertificate,
ProtocolVersion = ProtocolVersions.Tls12
};
}
static SignatureInstrumentParameters Create(TestContext ctx, InstrumentationCategory category, SignatureInstrumentType type)
{
var parameters = CreateParameters(category, type);
parameters.ClientCertificate = ResourceManager.MonkeyCertificate;
parameters.RequireClientCertificate = true;
switch (type)
{
case SignatureInstrumentType.NoClientSignatureAlgorithms:
parameters.ExpectServerSignatureAlgorithm = new SignatureAndHashAlgorithm(HashAlgorithmType.Sha1);
parameters.ClientCiphers = new CipherSuiteCode[] { CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA };
break;
case SignatureInstrumentType.VerifyClientSignatureAlgorithms:
parameters.ExpectClientAlert = AlertDescription.IlegalParameter;
goto case SignatureInstrumentType.ClientProvidesSomeUnsupportedSignatureAlgorithms;
case SignatureInstrumentType.ClientProvidesSomeUnsupportedSignatureAlgorithms:
parameters.ClientSignatureParameters = new SignatureParameters();
parameters.ClientSignatureParameters.Add(HashAlgorithmType.Sha1, SignatureAlgorithmType.Dsa);
parameters.ClientSignatureParameters.Add(HashAlgorithmType.Unknown, SignatureAlgorithmType.Unknown);
parameters.ClientSignatureParameters.Add(HashAlgorithmType.Sha256, SignatureAlgorithmType.Rsa);
parameters.ClientCiphers = new CipherSuiteCode[] { CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA };
break;
case SignatureInstrumentType.ClientProvidesNoSupportedSignatureAlgorithms:
parameters.ClientSignatureParameters = new SignatureParameters();
parameters.ClientSignatureParameters.Add(HashAlgorithmType.Unknown, SignatureAlgorithmType.Dsa);
parameters.ExpectServerSignatureAlgorithm = new SignatureAndHashAlgorithm(HashAlgorithmType.Sha1);
parameters.ClientCiphers = new CipherSuiteCode[] { CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA };
parameters.ExpectServerAlert = AlertDescription.IlegalParameter;
break;
case SignatureInstrumentType.Tls10WithRsaExchange:
parameters.ClientCiphers = parameters.ServerCiphers = new CipherSuiteCode[] { CipherSuiteCode.TLS_RSA_WITH_AES_256_CBC_SHA };
parameters.ProtocolVersion = ProtocolVersions.Tls10;
break;
case SignatureInstrumentType.Tls10WithDheExchange:
parameters.ClientCiphers = parameters.ServerCiphers = new CipherSuiteCode[] { CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA };
parameters.ProtocolVersion = ProtocolVersions.Tls10;
break;
case SignatureInstrumentType.ServerUsesUnsupportedSignatureAlgorithm:
parameters.ClientCiphers = new CipherSuiteCode[] { CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA };
parameters.ClientSignatureParameters = new SignatureParameters();
parameters.ClientSignatureParameters.Add(HashAlgorithmType.Sha384);
parameters.ServerSignatureAlgorithm = new SignatureAndHashAlgorithm(HashAlgorithmType.Sha512);
parameters.ExpectClientAlert = AlertDescription.IlegalParameter;
break;
case SignatureInstrumentType.ServerUsesUnsupportedSignatureAlgorithm2:
// MD5SHA1 is never allowed for TLS 1.2.
parameters.ClientCiphers = new CipherSuiteCode[] { CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA };
parameters.ClientSignatureParameters = new SignatureParameters();
parameters.ClientSignatureParameters.Add(HashAlgorithmType.Sha1);
// we'd normally not be allowed to request this from user settings, but there's an instrumentation override
// in place for this test.
parameters.ClientSignatureParameters.Add(HashAlgorithmType.Md5Sha1);
// Instrumentation override lets us force set this.
parameters.ServerSignatureAlgorithm = new SignatureAndHashAlgorithm(HashAlgorithmType.Md5Sha1);
parameters.ExpectClientAlert = AlertDescription.IlegalParameter;
parameters.ProtocolVersion = ProtocolVersions.Tls12;
break;
case SignatureInstrumentType.ServerSendsCertificateParametersWithoutAlgorithms:
parameters.ServerCertificateParameters = new ClientCertificateParameters();
parameters.ExpectCertificateVerifySignatureAlgorithm = SignatureParameters.DefaultAlgorithm;
break;
case SignatureInstrumentType.ServerSendsCertificateParametersWithSomeUnsupportedAlgorithms:
parameters.ServerCertificateParameters = new ClientCertificateParameters();
parameters.ServerCertificateParameters.SignatureParameters.Add(HashAlgorithmType.Unknown);
parameters.ServerCertificateParameters.SignatureParameters.Add(HashAlgorithmType.Sha384);
parameters.ExpectCertificateVerifySignatureAlgorithm = new SignatureAndHashAlgorithm(HashAlgorithmType.Sha384);
break;
case SignatureInstrumentType.ServerSendsCertificateParametersWithNoSupportedAlgorithms:
parameters.ServerCertificateParameters = new ClientCertificateParameters();
parameters.ServerCertificateParameters.SignatureParameters.Add(HashAlgorithmType.Unknown);
parameters.ExpectCertificateVerifySignatureAlgorithm = SignatureParameters.DefaultAlgorithm;
parameters.ExpectClientAlert = AlertDescription.IlegalParameter;
break;
case SignatureInstrumentType.ClientSendsCertificateVerifyWithUnrequestedAlgorithm:
parameters.ServerCertificateParameters = new ClientCertificateParameters();
parameters.ServerCertificateParameters.SignatureParameters.Add(HashAlgorithmType.Sha384);
parameters.ServerCertificateParameters.SignatureParameters.Add(HashAlgorithmType.Sha512);
parameters.ClientSignatureAlgorithm = new SignatureAndHashAlgorithm(HashAlgorithmType.Sha256);
parameters.ExpectServerAlert = AlertDescription.IlegalParameter;
break;
case SignatureInstrumentType.CertificateVerifySignatureAlgorithmSelectionOrder:
parameters.ServerCertificateParameters = new ClientCertificateParameters();
parameters.ServerCertificateParameters.SignatureParameters.Add(HashAlgorithmType.Sha384);
parameters.ServerCertificateParameters.SignatureParameters.Add(HashAlgorithmType.Sha512);
parameters.ExpectCertificateVerifySignatureAlgorithm = new SignatureAndHashAlgorithm(HashAlgorithmType.Sha384);
break;
case SignatureInstrumentType.CertificateVerifySignatureAlgorithmSelectionOrder2:
parameters.ServerCertificateParameters = new ClientCertificateParameters();
parameters.ServerCertificateParameters.SignatureParameters.Add(HashAlgorithmType.Sha512);
parameters.ServerCertificateParameters.SignatureParameters.Add(HashAlgorithmType.Sha384);
parameters.ExpectCertificateVerifySignatureAlgorithm = new SignatureAndHashAlgorithm(HashAlgorithmType.Sha512);
break;
default:
ctx.AssertFail("Unsupported signature instrument: '{0}'.", type);
break;
}
return(parameters);
}
static SignatureInstrumentParameters CreateParameters(InstrumentationCategory category, SignatureInstrumentType type, params object[] args)
{
var sb = new StringBuilder();
sb.Append(type);
foreach (var arg in args)
{
sb.AppendFormat(":{0}", arg);
}
var name = sb.ToString();
return(new SignatureInstrumentParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
ClientCertificateValidator = AcceptAnyCertificate, ServerCertificateValidator = AcceptAnyCertificate,
ProtocolVersion = ProtocolVersions.Tls12
});
}
public SignatureInstrumentParameters(InstrumentationCategory category, SignatureInstrumentType type, string identifier, IServerCertificate certificate)
: base(category, identifier, certificate)
{
Type = type;
}
