public void TestValidSSLProtocols( [Values("tls11", "tls12", "Ssl3,tls11", "tls,tls11", "Default,tls11", "tls,ssl3,tls11", " tls12,tls", "tls,tls11,tls12")] string protocolsString ) { StringDictionary queryOptions = new StringDictionary() { { NMSPropertyConstants.NMS_SECURE_TANSPORT_SSL_PROTOCOLS, protocolsString } }; string normalizedName; System.Security.Authentication.SslProtocols protocol = System.Security.Authentication.SslProtocols.None; if (Enum.TryParse(protocolsString, true, out protocol)) { normalizedName = protocol.ToString(); } else { normalizedName = protocolsString; } try { // create provider URI string providerUriQueryParameters = Apache.NMS.Util.URISupport.CreateQueryString(queryOptions); string providerUriBase = GetSecureProviderURIString(); string providerUri = string.Format("{0}?{1}", providerUriBase, providerUriQueryParameters); IConnectionFactory connectionFactory = CreateConnectionFactory(); connectionFactory.BrokerUri = new Uri(providerUri); ConnectionFactory providerConnectionFactory = connectionFactory as ConnectionFactory; // disables certificate validation providerConnectionFactory.CertificateValidationCallback = (a, b, c, d) => true; string transportSSLProtocol = providerConnectionFactory.TransportProperties[NMSPropertyConstants.NMS_SECURE_TANSPORT_SSL_PROTOCOLS]; Assert.AreEqual(normalizedName, transportSSLProtocol); Connection = CreateSecureConnection(connectionFactory); try { // attempt to connect to broker Connection.Start(); } catch (NMSSecurityException secEx) { Logger.Warn(string.Format("Security failure. Check {0} file for test configuration. Or check broker configuration. Security Message : {1}", Configuration.CONFIG_FILENAME, secEx.Message)); } } catch (Exception ex) { this.PrintTestFailureAndAssert(this.GetTestMethodName(), "Unexpected Exception", ex); } finally { Connection?.Close(); } }
private void con_RemoteConnectionAuthenticated(ConnectionData data, System.Security.Authentication.SslProtocols protocol, System.Security.Cryptography.X509Certificates.X509Certificate2 remoteCertificate, System.Security.Authentication.CipherAlgorithmType cipherAlgorithmType, int cipherAlgorithmStrength, System.Security.Authentication.HashAlgorithmType hashAlgorithmType, int hashAlgorithmStrength, System.Security.Authentication.ExchangeAlgorithmType exchangeAlgorithmType, int exchangeAlgorithmStrength) { ForwardingConnection con = data.Connection; AddLogEntry(logServer, con.ConId, "Remote connection authenticated. Protocol: " + protocol.ToString() + ", Cipher: " + cipherAlgorithmType.ToString() + " (" + cipherAlgorithmStrength + " Bit), " + "Hash: " + hashAlgorithmType.ToString() + " (" + hashAlgorithmStrength + " Bit), Exchange: " + exchangeAlgorithmType + " (" + exchangeAlgorithmStrength + " Bit)\r\n" + "Certiticate Subject: " + remoteCertificate.Subject + "\r\n" + "Certificate Issuer: " + remoteCertificate.Issuer + "\r\n" + "Valid: Not before " + new DateTimeOffset(remoteCertificate.NotBefore).ToString() + ", not after " + new DateTimeOffset(remoteCertificate.NotAfter).ToString() + "\r\n" + "Fingerprint: " + remoteCertificate.Thumbprint); }
private void con_LocalConnectionAuthenticated(ConnectionData data, System.Security.Authentication.SslProtocols protocol, System.Security.Authentication.CipherAlgorithmType cipherAlgorithmType, int cipherAlgorithmStrength, System.Security.Authentication.HashAlgorithmType hashAlgorithmType, int hashAlgorithmStrength, System.Security.Authentication.ExchangeAlgorithmType exchangeAlgorithmType, int exchangeAlgorithmStrength) { ForwardingConnection con = data.Connection; AddLogEntry(logClient, con.ConId, "Local connection authenticated. Protocol: " + protocol.ToString() + ", Cipher: " + cipherAlgorithmType.ToString() + " (" + cipherAlgorithmStrength + " Bit), " + "Hash: " + hashAlgorithmType.ToString() + " (" + hashAlgorithmStrength + " Bit), Exchange: " + exchangeAlgorithmType + " (" + exchangeAlgorithmStrength + " Bit)"); AddLogEntry(logServer, con.ConId, "Connecting..."); }