static SimpleConnectionParameters CreateParameters (InstrumentationCategory category, SimpleConnectionType type, params object[] args)
{
var sb = new StringBuilder ();
sb.Append (type);
foreach (var arg in args) {
sb.AppendFormat (":{0}", arg);
}
var name = sb.ToString ();
return new SimpleConnectionParameters (category, type, name, ResourceManager.SelfSignedServerCertificate) {
ClientCertificateValidator = AcceptAnyCertificate
};
}
static SimpleConnectionParameters Create (TestContext ctx, InstrumentationCategory category, SimpleConnectionType type)
{
var parameters = CreateParameters (category, type);
var provider = DependencyInjector.Get<ICertificateProvider> ();
var acceptSelfSigned = provider.AcceptThisCertificate (ResourceManager.SelfSignedServerCertificate);
var acceptFromCA = provider.AcceptFromCA (ResourceManager.LocalCACertificate);
switch (type) {
case SimpleConnectionType.Simple:
break;
case SimpleConnectionType.ValidateCertificate:
parameters.ServerParameters.ServerCertificate = ResourceManager.ServerCertificateFromCA;
parameters.ClientCertificateValidator = acceptFromCA;
break;
case SimpleConnectionType.CheckDefaultCipher:
parameters.ExpectedCipher = CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_GCM_SHA384;
break;
case SimpleConnectionType.SimpleTls10:
parameters.ProtocolVersion = ProtocolVersions.Tls10;
parameters.ExpectedCipher = CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_CBC_SHA;
break;
case SimpleConnectionType.SimpleTls11:
parameters.ProtocolVersion = ProtocolVersions.Tls11;
parameters.ExpectedCipher = CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_CBC_SHA;
break;
case SimpleConnectionType.SimpleTls12:
parameters.ProtocolVersion = ProtocolVersions.Tls12;
parameters.ExpectedCipher = CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_GCM_SHA384;
break;
case SimpleConnectionType.SelectCiphersTls10:
parameters.ProtocolVersion = ProtocolVersions.Tls10;
break;
case SimpleConnectionType.SelectCiphersTls11:
parameters.ProtocolVersion = ProtocolVersions.Tls11;
break;
case SimpleConnectionType.SelectCiphersTls12:
parameters.ProtocolVersion = ProtocolVersions.Tls12;
break;
case SimpleConnectionType.RequestClientCertificate:
/*
* Request client certificate, but do not require it.
*
* FIXME:
* SslStream with Mono's old implementation fails here.
*/
parameters.ClientCertificate = ResourceManager.MonkeyCertificate;
parameters.ClientCertificateValidator = acceptSelfSigned;
parameters.ServerFlags = ServerFlags.AskForClientCertificate;
parameters.ServerCertificateValidator = acceptFromCA;
break;
case SimpleConnectionType.RequireClientCertificateRSA:
/*
* Require client certificate.
*
*/
parameters.ClientCertificate = ResourceManager.MonkeyCertificate;
parameters.ClientCertificateValidator = acceptSelfSigned;
parameters.ServerFlags = ServerFlags.RequireClientCertificate;
parameters.ServerCertificateValidator = acceptFromCA;
parameters.ServerCiphers = new CipherSuiteCode[] { CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA };
break;
case SimpleConnectionType.RequireClientCertificateDHE:
/*
* Require client certificate.
*
*/
parameters.ClientCertificate = ResourceManager.MonkeyCertificate;
parameters.ClientCertificateValidator = acceptSelfSigned;
parameters.ServerFlags = ServerFlags.RequireClientCertificate;
parameters.ServerCertificateValidator = acceptFromCA;
parameters.ServerCiphers = new CipherSuiteCode[] { CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_CBC_SHA };
break;
case SimpleConnectionType.MartinTest:
break;
default:
ctx.AssertFail ("Unsupported connection type: '{0}'.", type);
break;
}
return parameters;
}
protected SimpleConnectionParameters(SimpleConnectionParameters other)
: base(other)
{
Type = other.Type;
}
public SimpleConnectionParametersAttribute(SimpleConnectionType type)
: base(null, TestFlags.Browsable | TestFlags.ContinueOnError)
{
Type = type;
}
static SimpleConnectionParameters Create(TestContext ctx, InstrumentationCategory category, SimpleConnectionType type)
{
var parameters = CreateParameters(category, type);
var provider = DependencyInjector.Get <ICertificateProvider> ();
var acceptSelfSigned = provider.AcceptThisCertificate(ResourceManager.SelfSignedServerCertificate);
var acceptFromCA = provider.AcceptFromCA(ResourceManager.LocalCACertificate);
switch (type)
{
case SimpleConnectionType.Simple:
break;
case SimpleConnectionType.ValidateCertificate:
parameters.ServerCertificate = ResourceManager.ServerCertificateFromCA;
parameters.ClientCertificateValidator = acceptFromCA;
break;
case SimpleConnectionType.SimpleTls10:
parameters.ProtocolVersion = ProtocolVersions.Tls10;
break;
case SimpleConnectionType.SimpleTls11:
parameters.ProtocolVersion = ProtocolVersions.Tls11;
parameters.ExpectedCipher = CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_CBC_SHA;
break;
case SimpleConnectionType.SimpleTls12:
parameters.ProtocolVersion = ProtocolVersions.Tls12;
parameters.ExpectedCipher = CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384;
break;
case SimpleConnectionType.SelectCiphersTls10:
parameters.ProtocolVersion = ProtocolVersions.Tls10;
break;
case SimpleConnectionType.SelectCiphersTls11:
parameters.ProtocolVersion = ProtocolVersions.Tls11;
break;
case SimpleConnectionType.SelectCiphersTls12:
parameters.ProtocolVersion = ProtocolVersions.Tls12;
break;
case SimpleConnectionType.RequestClientCertificate:
/*
* Request client certificate, but do not require it.
*
* FIXME:
* SslStream with Mono's old implementation fails here.
*/
parameters.ClientCertificate = ResourceManager.MonkeyCertificate;
parameters.ClientCertificateValidator = acceptSelfSigned;
parameters.AskForClientCertificate = true;
parameters.ServerCertificateValidator = acceptFromCA;
break;
case SimpleConnectionType.RequireClientCertificateRSA:
/*
* Require client certificate.
*
*/
parameters.ClientCertificate = ResourceManager.MonkeyCertificate;
parameters.ClientCertificateValidator = acceptSelfSigned;
parameters.RequireClientCertificate = true;
parameters.ServerCertificateValidator = acceptFromCA;
parameters.ServerCiphers = new CipherSuiteCode[] { CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA };
break;
case SimpleConnectionType.RequireClientCertificateDHE:
/*
* Require client certificate.
*
*/
parameters.ClientCertificate = ResourceManager.MonkeyCertificate;
parameters.ClientCertificateValidator = acceptSelfSigned;
parameters.RequireClientCertificate = true;
parameters.ServerCertificateValidator = acceptFromCA;
parameters.ServerCiphers = new CipherSuiteCode[] { CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_CBC_SHA };
break;
case SimpleConnectionType.CipherSelectionOrder:
parameters.ProtocolVersion = ProtocolVersions.Tls12;
parameters.ClientCiphers = new CipherSuiteCode[] {
CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA, CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA
};
parameters.ExpectedServerCipher = CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA;
break;
case SimpleConnectionType.CipherSelectionOrder2:
parameters.ProtocolVersion = ProtocolVersions.Tls12;
parameters.ClientCiphers = new CipherSuiteCode[] {
CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA, CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA
};
parameters.ExpectedServerCipher = CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA;
break;
case SimpleConnectionType.MartinTest:
goto case SimpleConnectionType.SimpleTls12;
default:
ctx.AssertFail("Unsupported connection type: '{0}'.", type);
break;
}
return(parameters);
}
public SimpleConnectionParameters(InstrumentationCategory category, SimpleConnectionType type, string identifier, X509Certificate certificate)
: base(category, identifier, certificate)
{
Type = type;
}
static SimpleConnectionParameters CreateParameters(InstrumentationCategory category, SimpleConnectionType type, params object[] args)
{
var sb = new StringBuilder();
sb.Append(type);
foreach (var arg in args)
{
sb.AppendFormat(":{0}", arg);
}
var name = sb.ToString();
return(new SimpleConnectionParameters(category, type, name, ResourceManager.SelfSignedServerCertificate)
{
ClientCertificateValidator = AcceptAnyCertificate
});
}
protected SimpleConnectionParameters (SimpleConnectionParameters other)
: base (other)
{
Type = other.Type;
}
public SimpleConnectionParameters (InstrumentationCategory category, SimpleConnectionType type, ClientParameters clientParameters, ServerParameters serverParameters)
: base (category, clientParameters, serverParameters)
{
Type = type;
}
public SimpleConnectionParameters (InstrumentationCategory category, SimpleConnectionType type, string identifier, IServerCertificate certificate)
: base (category, identifier, certificate)
{
Type = type;
}
static SimpleConnectionParameters Create(TestContext ctx, ClientAndServerProvider provider, MonoConnectionTestCategory category, SimpleConnectionType type)
{
var parameters = CreateParameters(category, type);
var certificateProvider = DependencyInjector.Get <ICertificateProvider> ();
var acceptSelfSigned = certificateProvider.AcceptThisCertificate(ResourceManager.SelfSignedServerCertificate);
var acceptFromCA = certificateProvider.AcceptFromCA(ResourceManager.LocalCACertificate);
bool clientSupportsEcDhe;
bool serverSupportsEcDhe;
CipherSuiteCode defaultCipher;
CipherSuiteCode defaultCipher12;
CipherSuiteCode alternateCipher12;
if (provider != null)
{
clientSupportsEcDhe = (provider.Client.Flags & ConnectionProviderFlags.SupportsEcDheCiphers) != 0;
serverSupportsEcDhe = (provider.Server.Flags & ConnectionProviderFlags.SupportsEcDheCiphers) != 0;
}
else
{
clientSupportsEcDhe = serverSupportsEcDhe = false;
}
if (clientSupportsEcDhe && serverSupportsEcDhe)
{
defaultCipher = CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA;
defaultCipher12 = CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384;
alternateCipher12 = CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA;
}
else
{
defaultCipher = CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_CBC_SHA;
defaultCipher12 = CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_GCM_SHA384;
alternateCipher12 = CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA;
}
switch (type)
{
case SimpleConnectionType.Simple:
break;
case SimpleConnectionType.ValidateCertificate:
parameters.ServerCertificate = ResourceManager.ServerCertificateFromCA;
parameters.ClientCertificateValidator = acceptFromCA;
break;
case SimpleConnectionType.SimpleTls10:
parameters.ProtocolVersion = ProtocolVersions.Tls10;
break;
case SimpleConnectionType.SimpleTls11:
parameters.ProtocolVersion = ProtocolVersions.Tls11;
break;
case SimpleConnectionType.SimpleTls12:
parameters.ProtocolVersion = ProtocolVersions.Tls12;
break;
case SimpleConnectionType.DefaultCipherTls10:
parameters.ProtocolVersion = ProtocolVersions.Tls10;
parameters.ExpectedCipher = defaultCipher;
break;
case SimpleConnectionType.DefaultCipherTls11:
parameters.ProtocolVersion = ProtocolVersions.Tls11;
parameters.ExpectedCipher = defaultCipher;
break;
case SimpleConnectionType.DefaultCipherTls12:
parameters.ProtocolVersion = ProtocolVersions.Tls12;
parameters.ExpectedCipher = defaultCipher12;
break;
case SimpleConnectionType.SelectCiphersTls10:
parameters.ProtocolVersion = ProtocolVersions.Tls10;
break;
case SimpleConnectionType.SelectCiphersTls11:
parameters.ProtocolVersion = ProtocolVersions.Tls11;
break;
case SimpleConnectionType.SelectCiphersTls12:
parameters.ProtocolVersion = ProtocolVersions.Tls12;
break;
case SimpleConnectionType.RequestClientCertificate:
/*
* Request client certificate, but do not require it.
*
* FIXME:
* SslStream with Mono's old implementation fails here.
*/
parameters.ClientCertificate = ResourceManager.MonkeyCertificate;
parameters.ClientCertificateValidator = acceptSelfSigned;
parameters.AskForClientCertificate = true;
parameters.ServerCertificateValidator = acceptFromCA;
break;
case SimpleConnectionType.RequireClientCertificateRSA:
/*
* Require client certificate.
*
*/
parameters.ClientCertificate = ResourceManager.MonkeyCertificate;
parameters.ClientCertificateValidator = acceptSelfSigned;
parameters.RequireClientCertificate = true;
parameters.ServerCertificateValidator = acceptFromCA;
parameters.ServerCiphers = new CipherSuiteCode[] {
CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA
};
break;
case SimpleConnectionType.RequireClientCertificateDHE:
/*
* Require client certificate.
*
*/
parameters.ClientCertificate = ResourceManager.MonkeyCertificate;
parameters.ClientCertificateValidator = acceptSelfSigned;
parameters.RequireClientCertificate = true;
parameters.ServerCertificateValidator = acceptFromCA;
parameters.ServerCiphers = new CipherSuiteCode[] {
CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_CBC_SHA
};
break;
case SimpleConnectionType.CipherSelectionOrder:
parameters.ProtocolVersion = ProtocolVersions.Tls12;
parameters.ClientCiphers = new CipherSuiteCode[] {
CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA,
alternateCipher12
};
parameters.ExpectedServerCipher = CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA;
break;
case SimpleConnectionType.CipherSelectionOrder2:
parameters.ProtocolVersion = ProtocolVersions.Tls12;
parameters.ClientCiphers = new CipherSuiteCode[] {
alternateCipher12,
CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA
};
parameters.ExpectedServerCipher = alternateCipher12;
break;
case SimpleConnectionType.MartinTest:
parameters.ServerCertificate = ResourceManager.GetCertificateWithKey(CertificateResourceType.SelfSignedServerCertificate);
break;
default:
ctx.AssertFail("Unsupported connection type: '{0}'.", type);
break;
}
return(parameters);
}