Пример #1
0
 public static bool ValidateCipherList(ClientAndServerProvider provider, ICollection <CipherSuiteCode> ciphers)
 {
     return(ciphers == null || ciphers.Any(cipher => ProviderSupportsCipher(provider, cipher)));
 }
Пример #2
0
 public static bool ProviderSupportsCipher(ClientAndServerProvider provider, CipherSuiteCode cipher)
 {
     return(ProviderSupportsCipher(provider.Client, cipher) && ProviderSupportsCipher(provider.Server, cipher));
 }
        static SimpleConnectionParameters Create(TestContext ctx, ClientAndServerProvider provider, MonoConnectionTestCategory category, SimpleConnectionType type)
        {
            var parameters = CreateParameters(category, type);

            var certificateProvider = DependencyInjector.Get <ICertificateProvider> ();
            var acceptSelfSigned    = certificateProvider.AcceptThisCertificate(ResourceManager.SelfSignedServerCertificate);
            var acceptFromCA        = certificateProvider.AcceptFromCA(ResourceManager.LocalCACertificate);

            bool            clientSupportsEcDhe;
            bool            serverSupportsEcDhe;
            CipherSuiteCode defaultCipher;
            CipherSuiteCode defaultCipher12;
            CipherSuiteCode alternateCipher12;

            if (provider != null)
            {
                clientSupportsEcDhe = (provider.Client.Flags & ConnectionProviderFlags.SupportsEcDheCiphers) != 0;
                serverSupportsEcDhe = (provider.Server.Flags & ConnectionProviderFlags.SupportsEcDheCiphers) != 0;
            }
            else
            {
                clientSupportsEcDhe = serverSupportsEcDhe = false;
            }

            if (clientSupportsEcDhe && serverSupportsEcDhe)
            {
                defaultCipher     = CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA;
                defaultCipher12   = CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384;
                alternateCipher12 = CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA;
            }
            else
            {
                defaultCipher     = CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_CBC_SHA;
                defaultCipher12   = CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_GCM_SHA384;
                alternateCipher12 = CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA;
            }

            switch (type)
            {
            case SimpleConnectionType.Simple:
                break;

            case SimpleConnectionType.ValidateCertificate:
                parameters.ServerCertificate          = ResourceManager.ServerCertificateFromCA;
                parameters.ClientCertificateValidator = acceptFromCA;
                break;

            case SimpleConnectionType.SimpleTls10:
                parameters.ProtocolVersion = ProtocolVersions.Tls10;
                break;

            case SimpleConnectionType.SimpleTls11:
                parameters.ProtocolVersion = ProtocolVersions.Tls11;
                break;

            case SimpleConnectionType.SimpleTls12:
                parameters.ProtocolVersion = ProtocolVersions.Tls12;
                break;

            case SimpleConnectionType.DefaultCipherTls10:
                parameters.ProtocolVersion = ProtocolVersions.Tls10;
                parameters.ExpectedCipher  = defaultCipher;
                break;

            case SimpleConnectionType.DefaultCipherTls11:
                parameters.ProtocolVersion = ProtocolVersions.Tls11;
                parameters.ExpectedCipher  = defaultCipher;
                break;

            case SimpleConnectionType.DefaultCipherTls12:
                parameters.ProtocolVersion = ProtocolVersions.Tls12;
                parameters.ExpectedCipher  = defaultCipher12;
                break;

            case SimpleConnectionType.SelectCiphersTls10:
                parameters.ProtocolVersion = ProtocolVersions.Tls10;
                break;

            case SimpleConnectionType.SelectCiphersTls11:
                parameters.ProtocolVersion = ProtocolVersions.Tls11;
                break;

            case SimpleConnectionType.SelectCiphersTls12:
                parameters.ProtocolVersion = ProtocolVersions.Tls12;
                break;

            case SimpleConnectionType.RequestClientCertificate:
                /*
                 * Request client certificate, but do not require it.
                 *
                 * FIXME:
                 * SslStream with Mono's old implementation fails here.
                 */
                parameters.ClientCertificate          = ResourceManager.MonkeyCertificate;
                parameters.ClientCertificateValidator = acceptSelfSigned;
                parameters.AskForClientCertificate    = true;
                parameters.ServerCertificateValidator = acceptFromCA;
                break;

            case SimpleConnectionType.RequireClientCertificateRSA:
                /*
                 * Require client certificate.
                 *
                 */
                parameters.ClientCertificate          = ResourceManager.MonkeyCertificate;
                parameters.ClientCertificateValidator = acceptSelfSigned;
                parameters.RequireClientCertificate   = true;
                parameters.ServerCertificateValidator = acceptFromCA;
                parameters.ServerCiphers = new CipherSuiteCode[] {
                    CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA
                };
                break;

            case SimpleConnectionType.RequireClientCertificateDHE:
                /*
                 * Require client certificate.
                 *
                 */
                parameters.ClientCertificate          = ResourceManager.MonkeyCertificate;
                parameters.ClientCertificateValidator = acceptSelfSigned;
                parameters.RequireClientCertificate   = true;
                parameters.ServerCertificateValidator = acceptFromCA;
                parameters.ServerCiphers = new CipherSuiteCode[] {
                    CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_CBC_SHA
                };
                break;

            case SimpleConnectionType.CipherSelectionOrder:
                parameters.ProtocolVersion = ProtocolVersions.Tls12;
                parameters.ClientCiphers   = new CipherSuiteCode[] {
                    CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA,
                    alternateCipher12
                };
                parameters.ExpectedServerCipher = CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA;
                break;

            case SimpleConnectionType.CipherSelectionOrder2:
                parameters.ProtocolVersion = ProtocolVersions.Tls12;
                parameters.ClientCiphers   = new CipherSuiteCode[] {
                    alternateCipher12,
                    CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA
                };
                parameters.ExpectedServerCipher = alternateCipher12;
                break;

            case SimpleConnectionType.MartinTest:
                parameters.ServerCertificate = ResourceManager.GetCertificateWithKey(CertificateResourceType.SelfSignedServerCertificate);
                break;

            default:
                ctx.AssertFail("Unsupported connection type: '{0}'.", type);
                break;
            }

            return(parameters);
        }
 public static IEnumerable <SimpleConnectionParameters> GetParameters(TestContext ctx, ClientAndServerProvider provider, MonoConnectionTestCategory category)
 {
     return(GetTestTypes(ctx, category).Select(t => Create(ctx, provider, category, t)));
 }
Пример #5
0
		public static bool ValidateCipherList (ClientAndServerProvider provider, ICollection<CipherSuiteCode> ciphers)
		{
			return ciphers == null || ciphers.Any (cipher => ProviderSupportsCipher (provider, cipher));
		}
Пример #6
0
		public static bool ProviderSupportsCipher (ClientAndServerProvider provider, CipherSuiteCode cipher)
		{
			return ProviderSupportsCipher (provider.Client, cipher) && ProviderSupportsCipher (provider.Server, cipher);
		}