public void PreviousCipherSuiteIsDifferentAndCurrentIsWarningShouldResultInWarning(CipherSuite cipherSuite)
{
Dictionary <TlsTestType, TlsConnectionResult> data = new Dictionary <TlsTestType, TlsConnectionResult>
{
{
TlsTestType.Tls12AvailableWithBestCipherSuiteSelectedFromReverseList,
new TlsConnectionResult(null, cipherSuite, null, null, null, null, null, null)
},
{
TlsTestType.Tls12AvailableWithBestCipherSuiteSelected,
new TlsConnectionResult(null, CipherSuite.TLS_RSA_WITH_RC4_128_MD5, null, null, null, null, null, null)
}
};
ConnectionResults connectionResults = TlsTestDataUtil.CreateConnectionResults(data);
Assert.AreEqual(_sut.Test(connectionResults).Result, EvaluatorResult.WARNING);
}
public void PreviousCipherSuiteIsDifferentAndCurrentIsPassShouldResultInPass(CipherSuite cipherSuite)
{
Dictionary <TlsTestType, TlsConnectionResult> data = new Dictionary <TlsTestType, TlsConnectionResult>
{
{
TlsTestType.Tls12AvailableWithBestCipherSuiteSelectedFromReverseList,
new TlsConnectionResult(null, cipherSuite, null, null, null, null, null, null)
},
{
TlsTestType.Tls12AvailableWithBestCipherSuiteSelected,
new TlsConnectionResult(null, CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, null, null, null, null, null, null)
}
};
ConnectionResults connectionResults = TlsTestDataUtil.CreateConnectionResults(data);
Assert.AreEqual(_sut.Test(connectionResults).Result, EvaluatorResult.PASS);
}
public void ExpectFailMessageWhenTls11HasError()
{
Dictionary <TlsTestType, TlsConnectionResult> data = new Dictionary <TlsTestType, TlsConnectionResult>
{
{
TlsTestType.Tls12AvailableWithBestCipherSuiteSelected,
new TlsConnectionResult(null, null, null, null, Error.BAD_CERTIFICATE, null, null)
},
{
TlsTestType.Tls11AvailableWithBestCipherSuiteSelected,
new TlsConnectionResult(null, null, null, null, Error.BAD_CERTIFICATE, null, null)
}
};
ConnectionResults connectionResults = TlsTestDataUtil.CreateConnectionResults(data);
Assert.AreEqual(_sut.Test(connectionResults).Result, EvaluatorResult.FAIL);
}
public async Task NoErrorReturnsPass()
{
Tls10Available tls10Available = new Tls10Available();
BouncyCastleTlsTestResult tls10ConnectionResult = new BouncyCastleTlsTestResult(null, null, null, null, null, null, new List <string>());
TlsTestResults connectionTestResults = TlsTestDataUtil.CreateMxHostTlsResults(new Dictionary <TlsTestType, BouncyCastleTlsTestResult>
{
{ TlsTestType.Tls10AvailableWithBestCipherSuiteSelected, tls10ConnectionResult },
});
List <RuleTypedTlsEvaluationResult> ruleTypedTlsEvaluationResults =
await tls10Available.Evaluate(connectionTestResults);
Assert.That(ruleTypedTlsEvaluationResults.Count, Is.EqualTo(1));
Assert.That(ruleTypedTlsEvaluationResults[0].TlsEvaluatedResult.Result, Is.EqualTo(EvaluatorResult.PASS));
Assert.That(ruleTypedTlsEvaluationResults[0].TlsEvaluatedResult.Description, Is.Null);
}
public async Task Tls10ErrorAndNoOtherTlsSupportedReturnsError()
{
Tls10Available tls10Available = new Tls10Available();
BouncyCastleTlsTestResult tls10ConnectionResult = new BouncyCastleTlsTestResult(null, null, null, null, TlsError.HANDSHAKE_FAILURE, null, new List <string>());
TlsTestResults connectionTestResults = TlsTestDataUtil.CreateMxHostTlsResults(new Dictionary <TlsTestType, BouncyCastleTlsTestResult>
{
{ TlsTestType.Tls10AvailableWithBestCipherSuiteSelected, tls10ConnectionResult },
});
List <RuleTypedTlsEvaluationResult> ruleTypedTlsEvaluationResults =
await tls10Available.Evaluate(connectionTestResults);
Assert.That(ruleTypedTlsEvaluationResults.Count, Is.EqualTo(1));
Assert.That(ruleTypedTlsEvaluationResults[0].TlsEvaluatedResult.Result, Is.EqualTo(EvaluatorResult.INFORMATIONAL));
StringAssert.StartsWith("This server refused to negotiate using TLS 1.0", ruleTypedTlsEvaluationResults[0].TlsEvaluatedResult.Description);
}
public async Task Test(TlsError?tlsError, EvaluatorResult expectedEvaluatorResult, string expectedDescription)
{
Tls12Available tls12Available = new Tls12Available();
BouncyCastleTlsTestResult tlsConnectionResult =
new BouncyCastleTlsTestResult(null, null, null, null, tlsError, null, new List <string>());
TlsTestResults connectionTestResults = TlsTestDataUtil.CreateMxHostTlsResults(
TlsTestType.Tls12AvailableWithBestCipherSuiteSelected, tlsConnectionResult);
List <RuleTypedTlsEvaluationResult> ruleTypedTlsEvaluationResults =
await tls12Available.Evaluate(connectionTestResults);
Assert.That(ruleTypedTlsEvaluationResults.Count, Is.EqualTo(1));
Assert.That(ruleTypedTlsEvaluationResults[0].TlsEvaluatedResult.Result, Is.EqualTo(expectedEvaluatorResult));
StringAssert.StartsWith(expectedDescription, ruleTypedTlsEvaluationResults[0].TlsEvaluatedResult.Description);
}
public void UnaccountedForCipherSuiteResponseShouldResultInInconclusive()
{
Dictionary <TlsTestType, TlsConnectionResult> data = new Dictionary <TlsTestType, TlsConnectionResult>
{
{
TlsTestType.Tls12AvailableWithBestCipherSuiteSelectedFromReverseList,
new TlsConnectionResult(null, null, null, null, null, null, null, null)
},
{
TlsTestType.Tls12AvailableWithBestCipherSuiteSelected,
new TlsConnectionResult(null, CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, null, null, null,
null, null, null)
}
};
ConnectionResults connectionResults = TlsTestDataUtil.CreateConnectionResults(data);
Assert.AreEqual(_sut.Test(connectionResults).Result, EvaluatorResult.INCONCLUSIVE);
}
public void NullCipherSuiteShouldResultInInconclusive()
{
Dictionary <TlsTestType, TlsConnectionResult> data = new Dictionary <TlsTestType, TlsConnectionResult>
{
{
TlsTestType.Tls12AvailableWithBestCipherSuiteSelectedFromReverseList,
new TlsConnectionResult(null, null, null, null, null, null, null, null)
},
{
TlsTestType.Tls12AvailableWithBestCipherSuiteSelected,
new TlsConnectionResult(null, CipherSuite.TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, null, null, null,
null, null, null)
}
};
ConnectionResults connectionResults = TlsTestDataUtil.CreateConnectionResults(data);
Assert.AreEqual(_sut.Test(connectionResults).Result, EvaluatorResult.INCONCLUSIVE);
}
public async Task PreviousCipherSuiteIsDifferentAndCurrentIsFailShouldResultInFail(CipherSuite cipherSuite)
{
Dictionary <TlsTestType, BouncyCastleTlsTestResult> data = new Dictionary <TlsTestType, BouncyCastleTlsTestResult>
{
{
TlsTestType.Tls12AvailableWithBestCipherSuiteSelectedFromReverseList,
new BouncyCastleTlsTestResult(null, cipherSuite, null, null, null, null, null, null)
},
{
TlsTestType.Tls12AvailableWithBestCipherSuiteSelected,
new BouncyCastleTlsTestResult(null, CipherSuite.TLS_RSA_WITH_RC4_128_SHA, null, null, null, null, null, null)
}
};
TlsTestResults connectionTestResults = TlsTestDataUtil.CreateMxHostTlsResults(data);
List <RuleTypedTlsEvaluationResult> evaluatorResults = await _sut.Evaluate(connectionTestResults);
Assert.AreEqual(evaluatorResults[0].TlsEvaluatedResult.Result, EvaluatorResult.FAIL);
}
public async Task PreviousCipherSuiteIsSameShouldResultInPass()
{
Dictionary <TlsTestType, BouncyCastleTlsTestResult> data = new Dictionary <TlsTestType, BouncyCastleTlsTestResult>
{
{
TlsTestType.Tls12AvailableWithBestCipherSuiteSelectedFromReverseList,
new BouncyCastleTlsTestResult(null, CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, null, null, null, null, null, null)
},
{
TlsTestType.Tls12AvailableWithBestCipherSuiteSelected,
new BouncyCastleTlsTestResult(null, CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, null, null, null, null, null, null)
}
};
TlsTestResults connectionTestResults = TlsTestDataUtil.CreateMxHostTlsResults(data);
List <RuleTypedTlsEvaluationResult> evaluatorResults = await _sut.Evaluate(connectionTestResults);
Assert.That(evaluatorResults.Count, Is.EqualTo(1));
Assert.AreEqual(evaluatorResults[0].TlsEvaluatedResult.Result, EvaluatorResult.PASS);
}
public async Task ExpectInconclusiveMessageWhenTls12HasError()
{
Dictionary <TlsTestType, BouncyCastleTlsTestResult> data = new Dictionary <TlsTestType, BouncyCastleTlsTestResult>
{
{
TlsTestType.Tls12AvailableWithBestCipherSuiteSelected,
new BouncyCastleTlsTestResult(null, null, null, null, TlsError.BAD_CERTIFICATE, null, null)
},
{
TlsTestType.Tls10AvailableWithWeakCipherSuiteNotSelected,
new BouncyCastleTlsTestResult(null, null, null, null, TlsError.BAD_CERTIFICATE, null, null)
}
};
TlsTestResults connectionTestResults = TlsTestDataUtil.CreateMxHostTlsResults(data);
List <RuleTypedTlsEvaluationResult> evaluatorResults = await _sut.Evaluate(connectionTestResults);
Assert.That(evaluatorResults.Count, Is.EqualTo(1));
Assert.AreEqual(evaluatorResults[0].TlsEvaluatedResult.Result, EvaluatorResult.INCONCLUSIVE);
}
public async Task NullCipherSuiteShouldResultInInconclusive()
{
Dictionary <TlsTestType, BouncyCastleTlsTestResult> data = new Dictionary <TlsTestType, BouncyCastleTlsTestResult>
{
{
TlsTestType.Tls12AvailableWithBestCipherSuiteSelectedFromReverseList,
new BouncyCastleTlsTestResult(null, null, null, null, null, null, null, null)
},
{
TlsTestType.Tls12AvailableWithBestCipherSuiteSelected,
new BouncyCastleTlsTestResult(null, CipherSuite.TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, null, null, null,
null, null, null)
}
};
TlsTestResults connectionTestResults = TlsTestDataUtil.CreateMxHostTlsResults(data);
List <RuleTypedTlsEvaluationResult> evaluatorResults = await _sut.Evaluate(connectionTestResults);
Assert.That(evaluatorResults.Count, Is.EqualTo(1));
Assert.AreEqual(evaluatorResults[0].TlsEvaluatedResult.Result, EvaluatorResult.INCONCLUSIVE);
}
public void ExpectFailMessageWhenTls12HasError()
{
string errorDescription = "Something went wrong!";
Dictionary <TlsTestType, TlsConnectionResult> data = new Dictionary <TlsTestType, TlsConnectionResult>
{
{
TlsTestType.Tls12AvailableWithBestCipherSuiteSelected,
new TlsConnectionResult(null, null, null, null, Error.BAD_CERTIFICATE, errorDescription, null)
},
{
TlsTestType.Tls10AvailableWithBestCipherSuiteSelected,
new TlsConnectionResult(null, null, null, null, Error.BAD_CERTIFICATE, errorDescription, null)
}
};
ConnectionResults connectionResults = TlsTestDataUtil.CreateConnectionResults(data);
TlsEvaluatorResult result = _sut.Test(connectionResults);
Assert.AreEqual(result.Result, EvaluatorResult.FAIL);
StringAssert.Contains($"Error description \"{errorDescription}\".", result.Description);
}
