public void TestValidSSLProtocols(
[Values("tls11", "tls12", "Ssl3,tls11", "tls,tls11", "Default,tls11", "tls,ssl3,tls11", " tls12,tls", "tls,tls11,tls12")]
string protocolsString
)
{
StringDictionary queryOptions = new StringDictionary()
{
{ NMSPropertyConstants.NMS_SECURE_TANSPORT_SSL_PROTOCOLS, protocolsString }
};
string normalizedName;
System.Security.Authentication.SslProtocols protocol = System.Security.Authentication.SslProtocols.None;
if (Enum.TryParse(protocolsString, true, out protocol))
{
normalizedName = protocol.ToString();
}
else
{
normalizedName = protocolsString;
}
try
{
// create provider URI
string providerUriQueryParameters = Apache.NMS.Util.URISupport.CreateQueryString(queryOptions);
string providerUriBase = GetSecureProviderURIString();
string providerUri = string.Format("{0}?{1}", providerUriBase, providerUriQueryParameters);
IConnectionFactory connectionFactory = CreateConnectionFactory();
connectionFactory.BrokerUri = new Uri(providerUri);
ConnectionFactory providerConnectionFactory = connectionFactory as ConnectionFactory;
// disables certificate validation
providerConnectionFactory.CertificateValidationCallback = (a, b, c, d) => true;
string transportSSLProtocol = providerConnectionFactory.TransportProperties[NMSPropertyConstants.NMS_SECURE_TANSPORT_SSL_PROTOCOLS];
Assert.AreEqual(normalizedName, transportSSLProtocol);
Connection = CreateSecureConnection(connectionFactory);
try
{
// attempt to connect to broker
Connection.Start();
}
catch (NMSSecurityException secEx)
{
Logger.Warn(string.Format("Security failure. Check {0} file for test configuration. Or check broker configuration. Security Message : {1}", Configuration.CONFIG_FILENAME, secEx.Message));
}
}
catch (Exception ex)
{
this.PrintTestFailureAndAssert(this.GetTestMethodName(), "Unexpected Exception", ex);
}
finally
{
Connection?.Close();
}
}
private void con_RemoteConnectionAuthenticated(ConnectionData data, System.Security.Authentication.SslProtocols protocol,
System.Security.Cryptography.X509Certificates.X509Certificate2 remoteCertificate,
System.Security.Authentication.CipherAlgorithmType cipherAlgorithmType, int cipherAlgorithmStrength,
System.Security.Authentication.HashAlgorithmType hashAlgorithmType, int hashAlgorithmStrength,
System.Security.Authentication.ExchangeAlgorithmType exchangeAlgorithmType, int exchangeAlgorithmStrength)
{
ForwardingConnection con = data.Connection;
AddLogEntry(logServer, con.ConId, "Remote connection authenticated. Protocol: " + protocol.ToString() + ", Cipher: " + cipherAlgorithmType.ToString()
+ " (" + cipherAlgorithmStrength + " Bit), "
+ "Hash: " + hashAlgorithmType.ToString() + " (" + hashAlgorithmStrength + " Bit), Exchange: " + exchangeAlgorithmType
+ " (" + exchangeAlgorithmStrength + " Bit)\r\n"
+ "Certiticate Subject: " + remoteCertificate.Subject + "\r\n"
+ "Certificate Issuer: " + remoteCertificate.Issuer + "\r\n"
+ "Valid: Not before " + new DateTimeOffset(remoteCertificate.NotBefore).ToString()
+ ", not after " + new DateTimeOffset(remoteCertificate.NotAfter).ToString() + "\r\n"
+ "Fingerprint: " + remoteCertificate.Thumbprint);
}
private void con_LocalConnectionAuthenticated(ConnectionData data, System.Security.Authentication.SslProtocols protocol,
System.Security.Authentication.CipherAlgorithmType cipherAlgorithmType, int cipherAlgorithmStrength,
System.Security.Authentication.HashAlgorithmType hashAlgorithmType, int hashAlgorithmStrength,
System.Security.Authentication.ExchangeAlgorithmType exchangeAlgorithmType, int exchangeAlgorithmStrength)
{
ForwardingConnection con = data.Connection;
AddLogEntry(logClient, con.ConId, "Local connection authenticated. Protocol: " + protocol.ToString() + ", Cipher: " + cipherAlgorithmType.ToString()
+ " (" + cipherAlgorithmStrength + " Bit), "
+ "Hash: " + hashAlgorithmType.ToString() + " (" + hashAlgorithmStrength + " Bit), Exchange: " + exchangeAlgorithmType
+ " (" + exchangeAlgorithmStrength + " Bit)");
AddLogEntry(logServer, con.ConId, "Connecting...");
}
