public static StreamInstrumentationParameters GetParameters(TestContext ctx, ConnectionTestCategory category, StreamInstrumentationType type) { var certificateProvider = DependencyInjector.Get <ICertificateProvider> (); var acceptAll = certificateProvider.AcceptAll(); var effectiveType = type == StreamInstrumentationType.MartinTest ? MartinTest : type; var name = GetTestName(category, type); var parameters = new StreamInstrumentationParameters(category, type, name, ResourceManager.SelfSignedServerCertificate) { ClientCertificateValidator = acceptAll }; switch (effectiveType) { case StreamInstrumentationType.ServerRequestsShutdown: case StreamInstrumentationType.ServerRequestsShutdownDuringWrite: parameters.SslStreamFlags |= SslStreamFlags.CleanShutdown; break; } if (category == ConnectionTestCategory.SslStreamInstrumentationShutdown) { parameters.SslStreamFlags = SslStreamFlags.CleanShutdown; } return(parameters); }
public static ConnectionTestFlags GetConnectionFlags(TestContext ctx, ConnectionTestCategory category) { switch (category) { case ConnectionTestCategory.SimpleMonoClient: return(ConnectionTestFlags.RequireMonoClient); case ConnectionTestCategory.SimpleMonoServer: return(ConnectionTestFlags.RequireMonoServer); case ConnectionTestCategory.SimpleMonoConnection: case ConnectionTestCategory.MonoProtocolVersions: return(ConnectionTestFlags.RequireMono); case ConnectionTestCategory.CertificateChecks: case ConnectionTestCategory.SecurityFramework: return(ConnectionTestFlags.RequireMono); case ConnectionTestCategory.MartinTest: // return ConnectionTestFlags.RequireMono | ConnectionTestFlags.RequireTls12; return(ConnectionTestFlags.None); default: ctx.AssertFail("Unsupported instrumentation category: '{0}'.", category); return(ConnectionTestFlags.None); } }
static string GetTestName(ConnectionTestCategory category, ConnectionTestType type, params object[] args) { var sb = new StringBuilder(); sb.Append(type); foreach (var arg in args) { sb.AppendFormat(":{0}", arg); } return(sb.ToString()); }
public static RenegotiationTestParameters GetParameters(TestContext ctx, ConnectionTestCategory category, RenegotiationTestType type) { var certificateProvider = DependencyInjector.Get <ICertificateProvider> (); var acceptAll = certificateProvider.AcceptAll(); var name = GetTestName(category, type); return(new RenegotiationTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate) { ClientCertificateValidator = acceptAll }); }
public static bool IsSupported(TestContext ctx, ConnectionTestCategory category, ConnectionProvider provider) { var flags = provider.Flags; var supportsSslStream = (flags & ConnectionProviderFlags.SupportsSslStream) != 0; var supportsTls12 = (flags & ConnectionProviderFlags.SupportsTls12) != 0; var supportsClientCertificates = (flags & ConnectionProviderFlags.SupportsClientCertificates) != 0; var supportsTrustedRoots = (flags & ConnectionProviderFlags.SupportsTrustedRoots) != 0; var supportsMonoExtensions = (flags & ConnectionProviderFlags.SupportsMonoExtensions) != 0; switch (category) { case ConnectionTestCategory.Https: return(supportsSslStream); case ConnectionTestCategory.HttpsWithMono: return(supportsSslStream); case ConnectionTestCategory.HttpsWithDotNet: return(supportsSslStream && supportsTls12 && supportsClientCertificates); case ConnectionTestCategory.SslStreamWithTls12: return(supportsSslStream && supportsTls12); case ConnectionTestCategory.InvalidCertificatesInTls12: return(supportsSslStream && supportsTls12 && supportsClientCertificates); case ConnectionTestCategory.HttpsCertificateValidators: return(true); case ConnectionTestCategory.SslStreamCertificateValidators: return(supportsSslStream); case ConnectionTestCategory.TrustedRoots: case ConnectionTestCategory.CertificateStore: return(supportsTrustedRoots); case ConnectionTestCategory.SslStreamInstrumentation: case ConnectionTestCategory.SslStreamInstrumentationExperimental: return(supportsSslStream && supportsTls12); case ConnectionTestCategory.SslStreamInstrumentationMono: return(supportsSslStream && supportsTls12 && supportsMonoExtensions); case ConnectionTestCategory.MartinTest: return(true); default: throw new NotSupportedException(); } }
static string GetTestName(ConnectionTestCategory category, StreamInstrumentationType type, params object[] args) { var sb = new StringBuilder(); sb.Append(type); if (type == StreamInstrumentationType.MartinTest) { sb.Append($"({MartinTest})"); } foreach (var arg in args) { sb.Append($":{arg}"); } return(sb.ToString()); }
static SimpleConnectionParameters CreateParameters(ConnectionTestCategory category, SimpleConnectionType type, params object[] args) { var sb = new StringBuilder(); sb.Append(type); foreach (var arg in args) { sb.AppendFormat(":{0}", arg); } var name = sb.ToString(); return(new SimpleConnectionParameters(category, type, name, ResourceManager.SelfSignedServerCertificate) { ClientCertificateValidator = AcceptAnyCertificate }); }
public static HttpsTestParameters GetParameters(TestContext ctx, ConnectionTestCategory category, ConnectionTestType type) { var certificateProvider = DependencyInjector.Get <ICertificateProvider> (); var acceptAll = certificateProvider.AcceptAll(); var rejectAll = certificateProvider.RejectAll(); var acceptNull = certificateProvider.AcceptNull(); var acceptSelfSigned = certificateProvider.AcceptThisCertificate(ResourceManager.SelfSignedServerCertificate); var acceptFromLocalCA = certificateProvider.AcceptFromCA(ResourceManager.LocalCACertificate); var name = GetTestName(category, type); switch (type) { case ConnectionTestType.Default: return(new HttpsTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate) { ClientCertificateValidator = acceptAll }); case ConnectionTestType.AcceptFromLocalCA: return(new HttpsTestParameters(category, type, name, ResourceManager.ServerCertificateFromCA) { ClientCertificateValidator = acceptFromLocalCA }); case ConnectionTestType.NoValidator: // The default validator only allows ResourceManager.SelfSignedServerCertificate. return(new HttpsTestParameters(category, type, name, ResourceManager.ServerCertificateFromCA) { ExpectTrustFailure = true, ClientAbortsHandshake = true }); case ConnectionTestType.RejectAll: // Explicit validator overrides the default ServicePointManager.ServerCertificateValidationCallback. return(new HttpsTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate) { ExpectTrustFailure = true, ClientCertificateValidator = rejectAll, ClientAbortsHandshake = true }); case ConnectionTestType.UnrequestedClientCertificate: // Provide a client certificate, but do not require it. return(new HttpsTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate) { ClientCertificate = ResourceManager.PenguinCertificate, ClientCertificateValidator = acceptSelfSigned, ServerCertificateValidator = acceptNull }); case ConnectionTestType.RequestClientCertificate: /* * Request client certificate, but do not require it. * * FIXME: * SslStream with Mono's old implementation fails here. */ return(new HttpsTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate) { ClientCertificate = ResourceManager.MonkeyCertificate, ClientCertificateValidator = acceptSelfSigned, AskForClientCertificate = true, ServerCertificateValidator = acceptFromLocalCA }); case ConnectionTestType.RequireClientCertificate: // Require client certificate. return(new HttpsTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate) { ClientCertificate = ResourceManager.MonkeyCertificate, ClientCertificateValidator = acceptSelfSigned, AskForClientCertificate = true, RequireClientCertificate = true, ServerCertificateValidator = acceptFromLocalCA }); case ConnectionTestType.OptionalClientCertificate: /* * Request client certificate without requiring one and do not provide it. * * To ask for an optional client certificate (without requiring it), you need to specify a custom validation * callback and then accept the null certificate with `SslPolicyErrors.RemoteCertificateNotAvailable' in it. * * FIXME: * Mono with the old TLS implementation throws SecureChannelFailure. */ return(new HttpsTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate) { ClientCertificateValidator = acceptSelfSigned, AskForClientCertificate = true, ServerCertificateValidator = acceptNull }); case ConnectionTestType.RejectClientCertificate: // Reject client certificate. return(new HttpsTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate) { ClientCertificate = ResourceManager.MonkeyCertificate, ClientCertificateValidator = acceptSelfSigned, ExpectWebException = true, ServerCertificateValidator = rejectAll, AskForClientCertificate = true, ClientAbortsHandshake = true }); case ConnectionTestType.MissingClientCertificate: // Missing client certificate. return(new HttpsTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate) { ClientCertificateValidator = acceptSelfSigned, ExpectWebException = true, AskForClientCertificate = true, RequireClientCertificate = true, ClientAbortsHandshake = true }); case ConnectionTestType.DontInvokeGlobalValidator: return(new HttpsTestParameters(category, type, name, ResourceManager.ServerCertificateFromCA) { ClientCertificateValidator = acceptAll, GlobalValidationFlags = GlobalValidationFlags.SetToTestRunner | GlobalValidationFlags.MustNotInvoke }); case ConnectionTestType.DontInvokeGlobalValidator2: return(new HttpsTestParameters(category, type, name, ResourceManager.ServerCertificateFromCA) { ClientCertificateValidator = rejectAll, GlobalValidationFlags = GlobalValidationFlags.SetToTestRunner | GlobalValidationFlags.MustNotInvoke, ExpectTrustFailure = true, ClientAbortsHandshake = true }); case ConnectionTestType.GlobalValidatorIsNull: return(new HttpsTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate) { GlobalValidationFlags = GlobalValidationFlags.SetToNull, ExpectTrustFailure = true, ClientAbortsHandshake = true }); case ConnectionTestType.MustInvokeGlobalValidator: return(new HttpsTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate) { GlobalValidationFlags = GlobalValidationFlags.SetToTestRunner | GlobalValidationFlags.MustInvoke | GlobalValidationFlags.AlwaysSucceed }); case ConnectionTestType.CheckChain: return(new HttpsTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate) { GlobalValidationFlags = GlobalValidationFlags.CheckChain, ExpectPolicyErrors = SslPolicyErrors.RemoteCertificateChainErrors | SslPolicyErrors.RemoteCertificateNameMismatch, ExpectChainStatus = X509ChainStatusFlags.UntrustedRoot }); case ConnectionTestType.ExternalServer: return(new HttpsTestParameters(category, type, name, CertificateResourceType.TlsTestXamDevNew) { ExternalServer = new Uri("https://tlstest-1.xamdev.com/"), GlobalValidationFlags = GlobalValidationFlags.CheckChain, ExpectPolicyErrors = SslPolicyErrors.None }); case ConnectionTestType.ServerCertificateWithCA: var parameters = new HttpsTestParameters(category, type, name, ResourceManager.ServerCertificateWithCA) { GlobalValidationFlags = GlobalValidationFlags.SetToTestRunner, ExpectChainStatus = X509ChainStatusFlags.UntrustedRoot }; parameters.ValidationParameters = new ValidationParameters(); parameters.ValidationParameters.AddExpectedExtraStore(CertificateResourceType.ServerCertificateFromLocalCA); parameters.ValidationParameters.AddExpectedExtraStore(CertificateResourceType.HamillerTubeCA); parameters.ValidationParameters.ExpectSuccess = false; return(parameters); case ConnectionTestType.TrustedRootCA: parameters = new HttpsTestParameters(category, type, name, ResourceManager.ServerCertificateFromCA) { GlobalValidationFlags = GlobalValidationFlags.CheckChain, ExpectPolicyErrors = SslPolicyErrors.None, OverrideTargetHost = "Hamiller-Tube.local" }; parameters.ValidationParameters = new ValidationParameters(); parameters.ValidationParameters.AddTrustedRoot(CertificateResourceType.HamillerTubeCA); parameters.ValidationParameters.ExpectSuccess = true; return(parameters); case ConnectionTestType.TrustedIntermediateCA: parameters = new HttpsTestParameters(category, type, name, ResourceManager.GetCertificate(CertificateResourceType.IntermediateServerCertificateBare)) { GlobalValidationFlags = GlobalValidationFlags.SetToTestRunner, ExpectChainStatus = X509ChainStatusFlags.NoError, ExpectPolicyErrors = SslPolicyErrors.None, OverrideTargetHost = "Intermediate-Server.local" }; parameters.ValidationParameters = new ValidationParameters(); parameters.ValidationParameters.AddTrustedRoot(CertificateResourceType.HamillerTubeIM); parameters.ValidationParameters.AddExpectedExtraStore(CertificateResourceType.IntermediateServerCertificateNoKey); parameters.ValidationParameters.ExpectSuccess = true; return(parameters); case ConnectionTestType.TrustedSelfSigned: parameters = new HttpsTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate) { GlobalValidationFlags = GlobalValidationFlags.SetToTestRunner, ExpectChainStatus = X509ChainStatusFlags.NoError, ExpectPolicyErrors = SslPolicyErrors.None, OverrideTargetHost = "Hamiller-Tube.local" }; parameters.ValidationParameters = new ValidationParameters(); parameters.ValidationParameters.AddTrustedRoot(CertificateResourceType.SelfSignedServerCertificate); parameters.ValidationParameters.ExpectSuccess = true; return(parameters); case ConnectionTestType.HostNameMismatch: parameters = new HttpsTestParameters(category, type, name, ResourceManager.ServerCertificateFromCA) { GlobalValidationFlags = GlobalValidationFlags.CheckChain, ExpectPolicyErrors = SslPolicyErrors.RemoteCertificateNameMismatch, }; parameters.ValidationParameters = new ValidationParameters(); parameters.ValidationParameters.AddTrustedRoot(CertificateResourceType.HamillerTubeCA); parameters.ValidationParameters.ExpectSuccess = false; return(parameters); case ConnectionTestType.IntermediateServerCertificate: parameters = new HttpsTestParameters(category, type, name, ResourceManager.GetCertificate(CertificateResourceType.IntermediateServerCertificate)) { GlobalValidationFlags = GlobalValidationFlags.SetToTestRunner, ExpectChainStatus = X509ChainStatusFlags.NoError, ExpectPolicyErrors = SslPolicyErrors.None, OverrideTargetHost = "Intermediate-Server.local" }; parameters.ValidationParameters = new ValidationParameters(); parameters.ValidationParameters.AddTrustedRoot(CertificateResourceType.HamillerTubeCA); parameters.ValidationParameters.AddExpectedExtraStore(CertificateResourceType.IntermediateServerCertificateNoKey); parameters.ValidationParameters.AddExpectedExtraStore(CertificateResourceType.HamillerTubeIM); parameters.ValidationParameters.ExpectSuccess = true; return(parameters); case ConnectionTestType.IntermediateServerCertificateFull: parameters = new HttpsTestParameters(category, type, name, ResourceManager.GetCertificate(CertificateResourceType.IntermediateServerCertificateFull)) { GlobalValidationFlags = GlobalValidationFlags.SetToTestRunner, ExpectChainStatus = X509ChainStatusFlags.NoError, ExpectPolicyErrors = SslPolicyErrors.None, OverrideTargetHost = "Intermediate-Server.local" }; parameters.ValidationParameters = new ValidationParameters(); parameters.ValidationParameters.AddTrustedRoot(CertificateResourceType.HamillerTubeCA); parameters.ValidationParameters.AddExpectedExtraStore(CertificateResourceType.IntermediateServerCertificateNoKey); parameters.ValidationParameters.AddExpectedExtraStore(CertificateResourceType.HamillerTubeIM); parameters.ValidationParameters.AddExpectedExtraStore(CertificateResourceType.HamillerTubeCA); parameters.ValidationParameters.ExpectSuccess = true; return(parameters); case ConnectionTestType.IntermediateServerCertificateBare: parameters = new HttpsTestParameters(category, type, name, ResourceManager.GetCertificate(CertificateResourceType.IntermediateServerCertificateBare)) { GlobalValidationFlags = GlobalValidationFlags.SetToTestRunner, ExpectPolicyErrors = SslPolicyErrors.RemoteCertificateChainErrors, OverrideTargetHost = "Intermediate-Server.local" }; parameters.ValidationParameters = new ValidationParameters(); parameters.ValidationParameters.AddTrustedRoot(CertificateResourceType.HamillerTubeCA); parameters.ValidationParameters.AddExpectedExtraStore(CertificateResourceType.IntermediateServerCertificateNoKey); parameters.ValidationParameters.ExpectSuccess = false; return(parameters); case ConnectionTestType.CertificateStore: parameters = new HttpsTestParameters(category, type, name, ResourceManager.GetCertificate(CertificateResourceType.ServerFromTrustedIntermediateCABare)) { GlobalValidationFlags = GlobalValidationFlags.SetToTestRunner, ExpectChainStatus = X509ChainStatusFlags.NoError, ExpectPolicyErrors = SslPolicyErrors.None, OverrideTargetHost = "Trusted-IM-Server.local" }; return(parameters); case ConnectionTestType.MartinTest: goto case ConnectionTestType.ServerCertificateWithCA; default: throw new InternalErrorException(); } }
public static SslStreamTestParameters GetParameters(TestContext ctx, ConnectionTestCategory category, ConnectionTestType type) { var certificateProvider = DependencyInjector.Get <ICertificateProvider> (); var acceptAll = certificateProvider.AcceptAll(); var rejectAll = certificateProvider.RejectAll(); var acceptNull = certificateProvider.AcceptNull(); var acceptSelfSigned = certificateProvider.AcceptThisCertificate(ResourceManager.SelfSignedServerCertificate); var acceptFromLocalCA = certificateProvider.AcceptFromCA(ResourceManager.LocalCACertificate); var name = GetTestName(category, type); switch (type) { case ConnectionTestType.Default: return(new SslStreamTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate) { ClientCertificateValidator = acceptAll }); case ConnectionTestType.AcceptFromLocalCA: return(new SslStreamTestParameters(category, type, name, ResourceManager.ServerCertificateFromCA) { ClientCertificateValidator = acceptFromLocalCA }); case ConnectionTestType.NoValidator: // The default validator only allows ResourceManager.SelfSignedServerCertificate. return(new SslStreamTestParameters(category, type, name, ResourceManager.ServerCertificateFromCA) { ExpectClientException = true }); case ConnectionTestType.RejectAll: // Explicit validator overrides the default ServicePointManager.ServerCertificateValidationCallback. return(new SslStreamTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate) { ExpectClientException = true, ClientCertificateValidator = rejectAll }); case ConnectionTestType.UnrequestedClientCertificate: // Provide a client certificate, but do not require it. return(new SslStreamTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate) { ClientCertificate = ResourceManager.PenguinCertificate, ClientCertificateValidator = acceptSelfSigned, ServerCertificateValidator = acceptNull }); case ConnectionTestType.RequestClientCertificate: /* * Request client certificate, but do not require it. * * FIXME: * SslStream with Mono's old implementation fails here. */ return(new SslStreamTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate) { ClientCertificate = ResourceManager.MonkeyCertificate, ClientCertificateValidator = acceptSelfSigned, AskForClientCertificate = true, ServerCertificateValidator = acceptFromLocalCA }); case ConnectionTestType.RequireClientCertificate: // Require client certificate. return(new SslStreamTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate) { ClientCertificate = ResourceManager.MonkeyCertificate, ClientCertificateValidator = acceptSelfSigned, AskForClientCertificate = true, RequireClientCertificate = true, ServerCertificateValidator = acceptFromLocalCA }); case ConnectionTestType.OptionalClientCertificate: /* * Request client certificate without requiring one and do not provide it. * * To ask for an optional client certificate (without requiring it), you need to specify a custom validation * callback and then accept the null certificate with `SslPolicyErrors.RemoteCertificateNotAvailable' in it. * * FIXME: * Mono with the old TLS implementation throws SecureChannelFailure. */ return(new SslStreamTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate) { ClientCertificateValidator = acceptSelfSigned, AskForClientCertificate = true, ServerCertificateValidator = acceptNull }); case ConnectionTestType.RejectClientCertificate: // Reject client certificate. return(new SslStreamTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate) { ClientCertificate = ResourceManager.MonkeyCertificate, ClientCertificateValidator = acceptSelfSigned, ServerCertificateValidator = rejectAll, AskForClientCertificate = true, ExpectClientException = true, ExpectServerException = true }); case ConnectionTestType.MissingClientCertificate: // Missing client certificate. return(new SslStreamTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate) { ClientCertificateValidator = acceptSelfSigned, AskForClientCertificate = true, RequireClientCertificate = true, ExpectClientException = true, ExpectServerException = true }); case ConnectionTestType.MartinTest: goto case ConnectionTestType.RequestClientCertificate; case ConnectionTestType.MustNotInvokeGlobalValidator: return(new SslStreamTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate) { ClientCertificateValidator = acceptAll, GlobalValidationFlags = GlobalValidationFlags.MustNotInvoke }); case ConnectionTestType.MustNotInvokeGlobalValidator2: return(new SslStreamTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate) { GlobalValidationFlags = GlobalValidationFlags.MustNotInvoke, ExpectClientException = true }); default: throw new InternalErrorException(); } }
public static IEnumerable <StreamInstrumentationType> GetStreamInstrumentationTypes(TestContext ctx, ConnectionTestCategory category) { var setup = DependencyInjector.Get <IConnectionFrameworkSetup> (); switch (category) { case ConnectionTestCategory.SslStreamInstrumentation: yield return(StreamInstrumentationType.ClientHandshake); yield return(StreamInstrumentationType.ReadDuringClientAuth); yield return(StreamInstrumentationType.CloseBeforeClientAuth); yield return(StreamInstrumentationType.CloseDuringClientAuth); yield return(StreamInstrumentationType.DisposeDuringClientAuth); yield return(StreamInstrumentationType.InvalidDataDuringClientAuth); yield return(StreamInstrumentationType.ShortReadDuringClientAuth); yield return(StreamInstrumentationType.ShortReadAndClose); yield return(StreamInstrumentationType.RemoteClosesConnectionDuringRead); if (setup.UsingDotNet || setup.InternalVersion >= 1) { yield return(StreamInstrumentationType.Flush); yield return(StreamInstrumentationType.WriteDoesNotFlush); yield return(StreamInstrumentationType.FlushAfterDispose); yield return(StreamInstrumentationType.PropertiesAfterDispose); } yield break; case ConnectionTestCategory.SslStreamInstrumentationRecentlyFixed: yield break; case ConnectionTestCategory.SslStreamInstrumentationShutdown: yield return(StreamInstrumentationType.CleanShutdown); yield return(StreamInstrumentationType.DoubleShutdown); yield return(StreamInstrumentationType.WriteAfterShutdown); yield return(StreamInstrumentationType.WaitForShutdown); yield return(StreamInstrumentationType.ReadAfterShutdown); yield return(StreamInstrumentationType.ConnectionReuse); yield return(StreamInstrumentationType.ConnectionReuseWithShutdown); yield break; case ConnectionTestCategory.SslStreamInstrumentationServerShutdown: yield return(StreamInstrumentationType.ServerRequestsShutdown); yield break; case ConnectionTestCategory.SslStreamInstrumentationExperimental: yield break; case ConnectionTestCategory.SslStreamInstrumentationNewWebStack: yield return(StreamInstrumentationType.VerifyAsyncStreamCalls); yield break; case ConnectionTestCategory.SslStreamInstrumentationMono: yield break; case ConnectionTestCategory.MartinTest: yield return(StreamInstrumentationType.MartinTest); yield break; default: throw ctx.AssertFail(category); } }
public static IEnumerable <StreamInstrumentationType> GetStreamInstrumentationTypes(TestContext ctx, ConnectionTestCategory category) { var setup = DependencyInjector.Get <IConnectionFrameworkSetup> (); switch (category) { case ConnectionTestCategory.SslStreamInstrumentation: yield return(StreamInstrumentationType.ClientHandshake); yield return(StreamInstrumentationType.ReadDuringClientAuth); yield return(StreamInstrumentationType.CloseBeforeClientAuth); yield return(StreamInstrumentationType.CloseDuringClientAuth); yield return(StreamInstrumentationType.DisposeDuringClientAuth); yield return(StreamInstrumentationType.InvalidDataDuringClientAuth); yield return(StreamInstrumentationType.ShortReadDuringClientAuth); yield return(StreamInstrumentationType.ShortReadAndClose); yield return(StreamInstrumentationType.RemoteClosesConnectionDuringRead); yield return(StreamInstrumentationType.CleanShutdown); yield return(StreamInstrumentationType.DoubleShutdown); yield return(StreamInstrumentationType.WriteAfterShutdown); yield return(StreamInstrumentationType.WaitForShutdown); if (!setup.UsingAppleTls) { yield return(StreamInstrumentationType.ReadAfterShutdown); } yield return(StreamInstrumentationType.ConnectionReuse); yield return(StreamInstrumentationType.ConnectionReuseWithShutdown); yield break; case ConnectionTestCategory.SslStreamInstrumentationExperimental: yield break; case ConnectionTestCategory.SslStreamInstrumentationMono: yield break; case ConnectionTestCategory.MartinTest: yield return(StreamInstrumentationType.MartinTest); yield break; default: throw ctx.AssertFail(category); } }
public HttpsTestParameters(ConnectionTestCategory category, ConnectionTestType type, string identifier, CertificateResourceType certificate) : base(category, identifier, null) { Type = type; CertificateType = certificate; }
public MonoConnectionTestParameters(ConnectionTestCategory category, string identifier, X509Certificate certificate) : base(identifier, certificate) { Category = category; }
public ConnectionTestCategoryAttribute(ConnectionTestCategory category) { this.category = category; this.identifier = Type.Name; }
public ConnectionTestProvider(ConnectionProvider client, ConnectionProvider server, ConnectionTestCategory category, ConnectionTestFlags flags) : base(client, server, string.Format("{0}:{1}:{2}{3}", client.Name, server.Name, category, GetFlagsName(flags))) { Category = category; Flags = flags; }
protected ConnectionTestParameters(ConnectionTestParameters other) : base(other) { Category = other.Category; }
public static IEnumerable <SimpleConnectionType> GetTestTypes(TestContext ctx, ConnectionTestCategory category) { switch (category) { case ConnectionTestCategory.SimpleMonoClient: yield return(SimpleConnectionType.SimpleTls10); yield return(SimpleConnectionType.SimpleTls11); yield return(SimpleConnectionType.SimpleTls12); yield break; case ConnectionTestCategory.SimpleMonoServer: yield return(SimpleConnectionType.SimpleTls10); yield return(SimpleConnectionType.SimpleTls11); yield return(SimpleConnectionType.SimpleTls12); yield break; case ConnectionTestCategory.SimpleMonoConnection: yield return(SimpleConnectionType.SimpleTls10); yield return(SimpleConnectionType.SimpleTls11); yield return(SimpleConnectionType.SimpleTls12); yield return(SimpleConnectionType.DefaultCipherTls10); yield return(SimpleConnectionType.DefaultCipherTls11); yield return(SimpleConnectionType.DefaultCipherTls12); yield return(SimpleConnectionType.CipherSelectionOrder); yield return(SimpleConnectionType.CipherSelectionOrder2); yield break; case ConnectionTestCategory.MonoProtocolVersions: yield return(SimpleConnectionType.Simple); yield return(SimpleConnectionType.ValidateCertificate); yield return(SimpleConnectionType.RequestClientCertificate); yield return(SimpleConnectionType.RequireClientCertificateRSA); yield return(SimpleConnectionType.RequireClientCertificateDHE); yield break; case ConnectionTestCategory.SecurityFramework: yield return(SimpleConnectionType.Simple); yield break; case ConnectionTestCategory.MartinTest: yield return(SimpleConnectionType.MartinTest); yield break; default: ctx.AssertFail("Unspported connection category: '{0}.", category); yield break; } }
static SimpleConnectionParameters Create(TestContext ctx, ClientAndServerProvider provider, ConnectionTestCategory category, SimpleConnectionType type) { var parameters = CreateParameters(category, type); var certificateProvider = DependencyInjector.Get <ICertificateProvider> (); var acceptSelfSigned = certificateProvider.AcceptThisCertificate(ResourceManager.SelfSignedServerCertificate); var acceptFromCA = certificateProvider.AcceptFromCA(ResourceManager.LocalCACertificate); bool clientSupportsEcDhe; bool serverSupportsEcDhe; CipherSuiteCode defaultCipher; CipherSuiteCode defaultCipher12; CipherSuiteCode alternateCipher12; if (provider != null) { clientSupportsEcDhe = (provider.Client.Flags & ConnectionProviderFlags.SupportsEcDheCiphers) != 0; serverSupportsEcDhe = (provider.Server.Flags & ConnectionProviderFlags.SupportsEcDheCiphers) != 0; } else { clientSupportsEcDhe = serverSupportsEcDhe = false; } if (clientSupportsEcDhe && serverSupportsEcDhe) { defaultCipher = CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA; defaultCipher12 = CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384; alternateCipher12 = CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA; } else { defaultCipher = CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_CBC_SHA; defaultCipher12 = CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_GCM_SHA384; alternateCipher12 = CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA; } switch (type) { case SimpleConnectionType.Simple: break; case SimpleConnectionType.ValidateCertificate: parameters.ServerCertificate = ResourceManager.ServerCertificateFromCA; parameters.ClientCertificateValidator = acceptFromCA; break; case SimpleConnectionType.SimpleTls10: parameters.ProtocolVersion = ProtocolVersions.Tls10; break; case SimpleConnectionType.SimpleTls11: parameters.ProtocolVersion = ProtocolVersions.Tls11; break; case SimpleConnectionType.SimpleTls12: parameters.ProtocolVersion = ProtocolVersions.Tls12; break; case SimpleConnectionType.DefaultCipherTls10: parameters.ProtocolVersion = ProtocolVersions.Tls10; parameters.ExpectedCipher = defaultCipher; break; case SimpleConnectionType.DefaultCipherTls11: parameters.ProtocolVersion = ProtocolVersions.Tls11; parameters.ExpectedCipher = defaultCipher; break; case SimpleConnectionType.DefaultCipherTls12: parameters.ProtocolVersion = ProtocolVersions.Tls12; parameters.ExpectedCipher = defaultCipher12; break; case SimpleConnectionType.SelectCiphersTls10: parameters.ProtocolVersion = ProtocolVersions.Tls10; break; case SimpleConnectionType.SelectCiphersTls11: parameters.ProtocolVersion = ProtocolVersions.Tls11; break; case SimpleConnectionType.SelectCiphersTls12: parameters.ProtocolVersion = ProtocolVersions.Tls12; break; case SimpleConnectionType.RequestClientCertificate: /* * Request client certificate, but do not require it. * * FIXME: * SslStream with Mono's old implementation fails here. */ parameters.ClientCertificate = ResourceManager.MonkeyCertificate; parameters.ClientCertificateValidator = acceptSelfSigned; parameters.AskForClientCertificate = true; parameters.ServerCertificateValidator = acceptFromCA; break; case SimpleConnectionType.RequireClientCertificateRSA: /* * Require client certificate. * */ parameters.ClientCertificate = ResourceManager.MonkeyCertificate; parameters.ClientCertificateValidator = acceptSelfSigned; parameters.RequireClientCertificate = true; parameters.ServerCertificateValidator = acceptFromCA; parameters.ServerCiphers = new CipherSuiteCode[] { CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA }; break; case SimpleConnectionType.RequireClientCertificateDHE: /* * Require client certificate. * */ parameters.ClientCertificate = ResourceManager.MonkeyCertificate; parameters.ClientCertificateValidator = acceptSelfSigned; parameters.RequireClientCertificate = true; parameters.ServerCertificateValidator = acceptFromCA; parameters.ServerCiphers = new CipherSuiteCode[] { CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_CBC_SHA }; break; case SimpleConnectionType.CipherSelectionOrder: parameters.ProtocolVersion = ProtocolVersions.Tls12; parameters.ClientCiphers = new CipherSuiteCode[] { CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA, alternateCipher12 }; parameters.ExpectedServerCipher = CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA; break; case SimpleConnectionType.CipherSelectionOrder2: parameters.ProtocolVersion = ProtocolVersions.Tls12; parameters.ClientCiphers = new CipherSuiteCode[] { alternateCipher12, CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA }; parameters.ExpectedServerCipher = alternateCipher12; break; case SimpleConnectionType.MartinTest: parameters.ServerCertificate = ResourceManager.GetCertificateWithKey(CertificateResourceType.SelfSignedServerCertificate); break; default: ctx.AssertFail("Unsupported connection type: '{0}'.", type); break; } return(parameters); }
public static ConnectionTestFlags GetConnectionFlags(TestContext ctx, ConnectionTestCategory category) { switch (category) { case ConnectionTestCategory.Https: return(ConnectionTestFlags.RequireSslStream); case ConnectionTestCategory.HttpsWithMono: return(ConnectionTestFlags.RequireSslStream); case ConnectionTestCategory.HttpsWithDotNet: return(ConnectionTestFlags.RequireSslStream | ConnectionTestFlags.RequireTls12 | ConnectionTestFlags.RequireClientCertificates); case ConnectionTestCategory.SslStreamWithTls12: return(ConnectionTestFlags.RequireSslStream | ConnectionTestFlags.RequireTls12); case ConnectionTestCategory.InvalidCertificatesInTls12: return(ConnectionTestFlags.RequireSslStream | ConnectionTestFlags.RequireTls12 | ConnectionTestFlags.RequireClientCertificates); case ConnectionTestCategory.HttpsCertificateValidators: return(ConnectionTestFlags.RequireHttp); case ConnectionTestCategory.SslStreamCertificateValidators: return(ConnectionTestFlags.RequireSslStream); case ConnectionTestCategory.TrustedRoots: case ConnectionTestCategory.CertificateStore: return(ConnectionTestFlags.RequireTrustedRoots); case ConnectionTestCategory.SimpleMonoClient: return(ConnectionTestFlags.RequireMono); case ConnectionTestCategory.SimpleMonoServer: return(ConnectionTestFlags.RequireMono); case ConnectionTestCategory.SimpleMonoConnection: case ConnectionTestCategory.MonoProtocolVersions: return(ConnectionTestFlags.RequireMono); case ConnectionTestCategory.CertificateChecks: case ConnectionTestCategory.SecurityFramework: return(ConnectionTestFlags.RequireMono); case ConnectionTestCategory.SslStreamInstrumentation: case ConnectionTestCategory.SslStreamInstrumentationExperimental: return(ConnectionTestFlags.RequireSslStream | ConnectionTestFlags.RequireTls12 | ConnectionTestFlags.RequireMono); case ConnectionTestCategory.SslStreamInstrumentationMono: return(ConnectionTestFlags.RequireSslStream | ConnectionTestFlags.RequireTls12 | ConnectionTestFlags.RequireMono); case ConnectionTestCategory.SslStreamInstrumentationShutdown: return(ConnectionTestFlags.RequireSslStream | ConnectionTestFlags.RequireMono | ConnectionTestFlags.RequireCleanShutdown); case ConnectionTestCategory.SslStreamInstrumentationServerShutdown: return(ConnectionTestFlags.RequireSslStream | ConnectionTestFlags.RequireMono | ConnectionTestFlags.RequireCleanServerShutdown); case ConnectionTestCategory.SslStreamInstrumentationRecentlyFixed: return(ConnectionTestFlags.RequireSslStream | ConnectionTestFlags.RequireTls12); case ConnectionTestCategory.SslStreamInstrumentationNewWebStack: return(ConnectionTestFlags.RequireSslStream | ConnectionTestFlags.RequireTls12); case ConnectionTestCategory.HttpStress: case ConnectionTestCategory.HttpStressExperimental: return(ConnectionTestFlags.RequireHttp | ConnectionTestFlags.RequireSslStream | ConnectionTestFlags.RequireTls12); case ConnectionTestCategory.MartinTest: return(ConnectionTestFlags.AssumeSupportedByTest); default: ctx.AssertFail("Unsupported instrumentation category: '{0}'.", category); return(ConnectionTestFlags.None); } }
public SimpleConnectionParameters(ConnectionTestCategory category, SimpleConnectionType type, string identifier, X509Certificate certificate) : base(category, identifier, certificate) { Type = type; }
public static IEnumerable <ConnectionTestType> GetConnectionTestTypes(TestContext ctx, ConnectionTestCategory category) { switch (category) { case ConnectionTestCategory.Https: yield return(ConnectionTestType.Default); yield return(ConnectionTestType.AcceptFromLocalCA); yield return(ConnectionTestType.NoValidator); yield return(ConnectionTestType.RejectAll); yield return(ConnectionTestType.RequestClientCertificate); yield return(ConnectionTestType.RequireClientCertificate); yield return(ConnectionTestType.RejectClientCertificate); yield return(ConnectionTestType.UnrequestedClientCertificate); yield return(ConnectionTestType.OptionalClientCertificate); yield return(ConnectionTestType.RejectClientCertificate); yield return(ConnectionTestType.MissingClientCertificate); yield break; case ConnectionTestCategory.HttpsWithMono: yield return(ConnectionTestType.Default); yield return(ConnectionTestType.AcceptFromLocalCA); yield return(ConnectionTestType.RejectAll); yield break; case ConnectionTestCategory.HttpsWithDotNet: yield return(ConnectionTestType.NoValidator); yield return(ConnectionTestType.RequestClientCertificate); yield return(ConnectionTestType.RequireClientCertificate); yield return(ConnectionTestType.RejectClientCertificate); yield return(ConnectionTestType.UnrequestedClientCertificate); yield return(ConnectionTestType.OptionalClientCertificate); yield return(ConnectionTestType.RejectClientCertificate); yield return(ConnectionTestType.MissingClientCertificate); yield break; case ConnectionTestCategory.SslStreamWithTls12: yield return(ConnectionTestType.Default); yield return(ConnectionTestType.AcceptFromLocalCA); yield return(ConnectionTestType.RequireClientCertificate); yield break; case ConnectionTestCategory.InvalidCertificatesInTls12: yield return(ConnectionTestType.InvalidServerCertificate); yield break; case ConnectionTestCategory.HttpsCertificateValidators: yield return(ConnectionTestType.DontInvokeGlobalValidator); yield return(ConnectionTestType.DontInvokeGlobalValidator2); yield return(ConnectionTestType.GlobalValidatorIsNull); yield return(ConnectionTestType.MustInvokeGlobalValidator); yield break; case ConnectionTestCategory.NotYetWorking: yield return(ConnectionTestType.ExternalServer); yield return(ConnectionTestType.CheckChain); yield break; case ConnectionTestCategory.SslStreamCertificateValidators: yield return(ConnectionTestType.MustNotInvokeGlobalValidator); yield return(ConnectionTestType.MustNotInvokeGlobalValidator2); yield break; case ConnectionTestCategory.TrustedRoots: yield return(ConnectionTestType.ServerCertificateWithCA); yield return(ConnectionTestType.TrustedRootCA); yield return(ConnectionTestType.TrustedIntermediateCA); yield return(ConnectionTestType.TrustedSelfSigned); yield return(ConnectionTestType.HostNameMismatch); yield return(ConnectionTestType.IntermediateServerCertificate); yield return(ConnectionTestType.IntermediateServerCertificateFull); yield return(ConnectionTestType.IntermediateServerCertificateBare); yield break; case ConnectionTestCategory.CertificateStore: yield return(ConnectionTestType.CertificateStore); yield break; case ConnectionTestCategory.MartinTest: yield return(ConnectionTestType.MartinTest); yield break; default: ctx.AssertFail("Unsupported test category: '{0}'.", category); throw new InternalErrorException(); } }
public static IEnumerable <RenegotiationTestType> GetRenegotiationTestTypes(TestContext ctx, ConnectionTestCategory category) { var setup = DependencyInjector.Get <IMonoConnectionFrameworkSetup> (); switch (category) { case ConnectionTestCategory.MartinTest: yield return(RenegotiationTestType.MartinTest); yield break; default: throw ctx.AssertFail(category); } }
public HttpsTestParameters(ConnectionTestCategory category, ConnectionTestType type, string identifier, X509Certificate certificate) : base(category, identifier, certificate) { Type = type; }
public static IEnumerable <SimpleConnectionParameters> GetParameters(TestContext ctx, ClientAndServerProvider provider, ConnectionTestCategory category) { return(GetTestTypes(ctx, category).Select(t => Create(ctx, provider, category, t))); }
public ConnectionTestProviderFilter(ConnectionTestCategory category, ConnectionTestFlags flags) : base(flags) { Category = category; }
public static IEnumerable <SslStreamTestType> GetTests(TestContext ctx, ConnectionTestCategory category) { switch (category) { case ConnectionTestCategory.Https: yield return(SslStreamTestType.Default); yield return(SslStreamTestType.AcceptFromLocalCA); yield return(SslStreamTestType.NoValidator); yield return(SslStreamTestType.RejectAll); yield return(SslStreamTestType.RequestClientCertificate); yield return(SslStreamTestType.RequireClientCertificate); yield return(SslStreamTestType.RejectClientCertificate); yield return(SslStreamTestType.UnrequestedClientCertificate); yield return(SslStreamTestType.OptionalClientCertificate); yield return(SslStreamTestType.RejectClientCertificate); yield return(SslStreamTestType.MissingClientCertificate); yield break; case ConnectionTestCategory.HttpsWithMono: yield return(SslStreamTestType.Default); yield return(SslStreamTestType.AcceptFromLocalCA); yield return(SslStreamTestType.RejectAll); yield break; case ConnectionTestCategory.HttpsWithDotNet: yield return(SslStreamTestType.NoValidator); yield return(SslStreamTestType.RequestClientCertificate); yield return(SslStreamTestType.RequireClientCertificate); yield return(SslStreamTestType.RejectClientCertificate); yield return(SslStreamTestType.UnrequestedClientCertificate); yield return(SslStreamTestType.OptionalClientCertificate); yield return(SslStreamTestType.RejectClientCertificate); yield return(SslStreamTestType.MissingClientCertificate); yield break; case ConnectionTestCategory.SslStreamWithTls12: yield return(SslStreamTestType.Default); yield return(SslStreamTestType.AcceptFromLocalCA); yield return(SslStreamTestType.RequireClientCertificate); yield return(SslStreamTestType.SyncAuthenticate); yield break; case ConnectionTestCategory.SslStreamCertificateValidators: yield return(SslStreamTestType.MustNotInvokeGlobalValidator); yield return(SslStreamTestType.MustNotInvokeGlobalValidator2); yield break; case ConnectionTestCategory.MartinTest: yield return(SslStreamTestType.MartinTest); yield break; default: ctx.AssertFail("Unsupported test category: '{0}'.", category); throw new InternalErrorException(); } }