public void NotifiesWhenMessageAdded_DataInRecords()
{
Guid messageId = Guid.NewGuid();
Guid messageId2 = Guid.NewGuid();
string errorMessage = "An error has occured";
string errorMessage2 = "An error has occured 2";
TlsRecords existingTlsRecords =
CreateTlsRecords(
new TlsRecord(new TlsEvaluatedResult(messageId, EvaluatorResult.FAIL, errorMessage)));
TlsRecords newTlsRecords =
CreateTlsRecords(
new TlsRecord(new TlsEvaluatedResult(messageId, EvaluatorResult.FAIL, errorMessage)),
new TlsRecord(new TlsEvaluatedResult(messageId2, EvaluatorResult.FAIL, errorMessage2)));
TlsEntityState existingState = CreateEntityStateWithMessages(existingTlsRecords);
_advisoryChangedNotifier.Handle(existingState, CreateTlsResultsEvaluatedWithResults(newTlsRecords), new List <string> {
"test.gov.uk"
});
A.CallTo(() => _messageDispatcher.Dispatch(A <TlsAdvisoryAdded> ._, A <string> ._))
.MustHaveHappenedOnceExactly();
A.CallTo(() =>
_messageDispatcher.Dispatch(
A <TlsAdvisoryAdded> .That.Matches(x => x.Messages.First().Text == errorMessage2), A <string> ._)).MustHaveHappenedOnceExactly();
A.CallTo(() => _messageDispatcher.Dispatch(A <TlsAdvisoryRemoved> ._, A <string> ._))
.MustNotHaveHappened();
}
public void NotifiesAdvisoryRemovedWhenPreviouslyTwoAdvisoryButNowOne()
{
Guid messageId1 = Guid.Parse("9f200bc1-bf50-4df6-a34d-5278a82e2245");
string errorMessage1 = "When testing TLS 1.2 with a range of cipher suites in reverse order the " +
"server selected a different cipher suite (TLS_RSA_WITH_3DES_EDE_CBC_SHA) which has no " +
"Perfect Forward Secrecy (PFS) and uses 3DES and SHA-1. The server should choose the same " +
"cipher suite regardless of the order that they are presented by the client.";
string errorMessage2 = "When testing TLS 1.0 we were unable to create a connection";
TlsEntityState existingState = CreateTwoAdvisoryEntityStateFromExample();
TlsRecords newTlsRecords =
CreateTlsRecords(
new TlsRecord(new TlsEvaluatedResult(messageId1, EvaluatorResult.WARNING, errorMessage1)));
_advisoryChangedNotifier.Handle(existingState, CreateTlsResultsEvaluatedWithResults(newTlsRecords), new List <string> {
"test.gov.uk"
});
A.CallTo(() => _messageDispatcher.Dispatch(A <TlsAdvisoryAdded> ._, A <string> ._))
.MustNotHaveHappened();
A.CallTo(() => _messageDispatcher.Dispatch(A <TlsAdvisoryRemoved> ._, A <string> ._))
.MustHaveHappenedOnceExactly();
A.CallTo(() => _messageDispatcher.Dispatch(
A <TlsAdvisoryRemoved> .That.Matches(x => x.Messages.First().Text == errorMessage2 && x.Id == "test.gov.uk" && x.Host == "mailchecktest.host.gov.uk."), A <string> ._))
.MustHaveHappenedOnceExactly();
}
public void NoNotifiersWhenSameAdvisories()
{
Guid messageId1 = Guid.Parse("9f200bc1-bf50-4df6-a34d-5278a82e2245");
string errorMessage = "When testing TLS 1.2 with a range of cipher suites in reverse order the " +
"server selected a different cipher suite (TLS_RSA_WITH_3DES_EDE_CBC_SHA) which has no " +
"Perfect Forward Secrecy (PFS) and uses 3DES and SHA-1. The server should choose the same " +
"cipher suite regardless of the order that they are presented by the client.";
TlsEntityState existingState = CreateOneAdvisoryEntityStateFromExample();
TlsRecords newTlsRecords =
CreateTlsRecords(
new TlsRecord(new TlsEvaluatedResult(messageId1, EvaluatorResult.WARNING, errorMessage)));
_advisoryChangedNotifier.Handle(existingState, CreateTlsResultsEvaluatedWithResults(newTlsRecords), new List <string> {
"test.gov.uk"
});
A.CallTo(() => _messageDispatcher.Dispatch(A <TlsAdvisoryAdded> ._, A <string> ._))
.MustNotHaveHappened();
A.CallTo(() => _messageDispatcher.Dispatch(A <TlsAdvisoryRemoved> ._, A <string> ._))
.MustNotHaveHappened();
}
private List <TlsEvaluatedResult> GetAdvisoryMessages(TlsRecords tlsRecords)
{
List <TlsEvaluatedResult> messages = new List <TlsEvaluatedResult>();
if (tlsRecords != null)
{
AddAdvisoryMessage(messages,
tlsRecords.Tls12AvailableWithBestCipherSuiteSelected.TlsEvaluatedResult);
AddAdvisoryMessage(messages,
tlsRecords.Tls12AvailableWithBestCipherSuiteSelectedFromReverseList.TlsEvaluatedResult);
AddAdvisoryMessage(messages, tlsRecords.Tls12AvailableWithSha2HashFunctionSelected.TlsEvaluatedResult);
AddAdvisoryMessage(messages,
tlsRecords.Tls12AvailableWithWeakCipherSuiteNotSelected.TlsEvaluatedResult);
AddAdvisoryMessage(messages, tlsRecords.Tls11AvailableWithBestCipherSuiteSelected.TlsEvaluatedResult);
AddAdvisoryMessage(messages,
tlsRecords.Tls11AvailableWithWeakCipherSuiteNotSelected.TlsEvaluatedResult);
AddAdvisoryMessage(messages, tlsRecords.Tls10AvailableWithBestCipherSuiteSelected.TlsEvaluatedResult);
AddAdvisoryMessage(messages,
tlsRecords.Tls10AvailableWithWeakCipherSuiteNotSelected.TlsEvaluatedResult);
AddAdvisoryMessage(messages, tlsRecords.Ssl3FailsWithBadCipherSuite.TlsEvaluatedResult);
AddAdvisoryMessage(messages, tlsRecords.TlsSecureEllipticCurveSelected.TlsEvaluatedResult);
AddAdvisoryMessage(messages, tlsRecords.TlsSecureDiffieHellmanGroupSelected.TlsEvaluatedResult);
AddAdvisoryMessage(messages, tlsRecords.TlsWeakCipherSuitesRejected.TlsEvaluatedResult);
AddAdvisoryMessage(messages, tlsRecords.Tls12Available.TlsEvaluatedResult);
AddAdvisoryMessage(messages, tlsRecords.Tls11Available.TlsEvaluatedResult);
AddAdvisoryMessage(messages, tlsRecords.Tls10Available.TlsEvaluatedResult);
}
return(messages);
}
public DomainTlsEvaluatorResults Create(MxEntityState mxState,
Dictionary <string, TlsEntityState> tlsEntityStates)
{
List <MxTlsEvaluatorResults> mxTlsEvaluatorResults = new List <MxTlsEvaluatorResults>();
List <MxTlsCertificateEvaluatorResults> mxTlsCertificateEvaluatorResults =
new List <MxTlsCertificateEvaluatorResults>();
foreach (HostMxRecord hostMxRecord in mxState.HostMxRecords)
{
// tlsEntityStates keys are always lowercase due to ReverseUrl() in MxApiDao.GetTlsEntityStates
TlsEntityState tlsEntityState = tlsEntityStates[hostMxRecord.Id.ToLower()];
List <TlsRecord> records = new List <TlsRecord>();
TlsRecords tlsRecords = tlsEntityState.TlsRecords;
if (tlsRecords != null)
{
records.Add(tlsRecords.Tls12AvailableWithBestCipherSuiteSelected);
records.Add(tlsRecords.Tls12AvailableWithBestCipherSuiteSelectedFromReverseList);
records.Add(tlsRecords.Tls12AvailableWithSha2HashFunctionSelected);
records.Add(tlsRecords.Tls12AvailableWithWeakCipherSuiteNotSelected);
records.Add(tlsRecords.Tls11AvailableWithBestCipherSuiteSelected);
records.Add(tlsRecords.Tls11AvailableWithWeakCipherSuiteNotSelected);
records.Add(tlsRecords.Tls10AvailableWithBestCipherSuiteSelected);
records.Add(tlsRecords.Tls10AvailableWithWeakCipherSuiteNotSelected);
records.Add(tlsRecords.Ssl3FailsWithBadCipherSuite);
records.Add(tlsRecords.TlsSecureEllipticCurveSelected);
records.Add(tlsRecords.TlsSecureDiffieHellmanGroupSelected);
records.Add(tlsRecords.TlsWeakCipherSuitesRejected);
records.Add(tlsRecords.Tls12Available);
records.Add(tlsRecords.Tls11Available);
records.Add(tlsRecords.Tls10Available);
}
List <string> warnings = records.Where(_ => _.TlsEvaluatedResult.Result == EvaluatorResult.WARNING)
.Select(_ => _.TlsEvaluatedResult.Description).ToList();
List <string> failures = records.Where(_ => _.TlsEvaluatedResult.Result == EvaluatorResult.FAIL)
.Select(_ => _.TlsEvaluatedResult.Description).ToList();
List <string> informational = records
.Where(_ => _.TlsEvaluatedResult.Result == EvaluatorResult.INFORMATIONAL ||
_.TlsEvaluatedResult.Result == EvaluatorResult.INCONCLUSIVE)
.Select(_ => _.TlsEvaluatedResult.Description).ToList();
mxTlsEvaluatorResults.Add(
new MxTlsEvaluatorResults(
hostMxRecord.Id,
hostMxRecord.Preference ?? 0,
mxState.LastUpdated ?? DateTime.MinValue,
warnings,
failures,
informational));
mxTlsCertificateEvaluatorResults.Add(CreateMxTlsCertificateEvaluatorResults(hostMxRecord.Id,
hostMxRecord.Preference ?? 0, mxState.LastUpdated ?? DateTime.MinValue, tlsEntityState.CertificateResults));
}
return(new DomainTlsEvaluatorResults(mxState.Id, mxState.MxState == MxState.PollPending,
mxTlsEvaluatorResults, mxTlsCertificateEvaluatorResults));
}
private TlsEntityState CreateEntityStateWithMessages(TlsRecords records = null)
{
TlsEntityState entityState = new TlsEntityState("hostName")
{
TlsRecords = records ?? CreateTlsRecords()
};
return(entityState);
}
public void NotifiesAdvisoryRemovedAndAdvisoryAddedWhenSameAmountButDifferentAdvisories()
{
Guid messageId = Guid.NewGuid();
string errorMessage1 = "When testing TLS 1.2 with a range of cipher suites in reverse order " +
"we were unable to create a connection to the mail server. We will keep trying, so please check back later.";
string errorMessage2 = "When testing TLS 1.1 we were unable to create a connection";
string errorMessage3 = "When testing TLS 1.2 with a range of cipher suites in reverse order the " +
"server selected a different cipher suite (TLS_RSA_WITH_3DES_EDE_CBC_SHA) which has no " +
"Perfect Forward Secrecy (PFS) and uses 3DES and SHA-1. The server should choose the same " +
"cipher suite regardless of the order that they are presented by the client.";
string errorMessage4 = "When testing TLS 1.0 we were unable to create a connection";
TlsEntityState existingState = CreateTwoAdvisoryEntityStateFromExample();
TlsRecords newTlsRecords =
CreateTlsRecords(
new TlsRecord(new TlsEvaluatedResult(messageId, EvaluatorResult.INCONCLUSIVE, errorMessage1)),
new TlsRecord(new TlsEvaluatedResult(messageId, EvaluatorResult.FAIL, errorMessage2)));
_advisoryChangedNotifier.Handle(existingState, CreateTlsResultsEvaluatedWithResults(newTlsRecords), new List <string> {
"test.gov.uk"
});
A.CallTo(() => _messageDispatcher.Dispatch(A <TlsAdvisoryAdded> ._, A <string> ._))
.MustHaveHappenedOnceExactly();
A.CallTo(() => _messageDispatcher.Dispatch(A <TlsAdvisoryRemoved> ._, A <string> ._))
.MustHaveHappenedOnceExactly();
A.CallTo(() => _messageDispatcher.Dispatch(
A <TlsAdvisoryAdded> .That.Matches(x => x.Messages[0].Text == errorMessage1 && x.Id == "test.gov.uk" && x.Host == "mailchecktest.host.gov.uk."), A <string> ._))
.MustHaveHappenedOnceExactly();
A.CallTo(() => _messageDispatcher.Dispatch(
A <TlsAdvisoryAdded> .That.Matches(x => x.Messages[1].Text == errorMessage2 && x.Id == "test.gov.uk" && x.Host == "mailchecktest.host.gov.uk."), A <string> ._))
.MustHaveHappenedOnceExactly();
A.CallTo(() => _messageDispatcher.Dispatch(
A <TlsAdvisoryRemoved> .That.Matches(x => x.Messages[0].Text == errorMessage3 && x.Id == "test.gov.uk" && x.Host == "mailchecktest.host.gov.uk."), A <string> ._))
.MustHaveHappenedOnceExactly();
A.CallTo(() => _messageDispatcher.Dispatch(
A <TlsAdvisoryRemoved> .That.Matches(x => x.Messages[1].Text == errorMessage4 && x.Id == "test.gov.uk" && x.Host == "mailchecktest.host.gov.uk."), A <string> ._))
.MustHaveHappenedOnceExactly();
}
public void DoesNotNotifyWhenNoChanges_DataInRecords()
{
Guid messageId = Guid.NewGuid();
string errorMessage = "An error has occured";
TlsRecords existingTlsRecords =
CreateTlsRecords(
new TlsRecord(new TlsEvaluatedResult(messageId, EvaluatorResult.FAIL, errorMessage)));
TlsEntityState existingState = CreateEntityStateWithMessages(existingTlsRecords);
TlsRecords newTlsRecords =
CreateTlsRecords(
new TlsRecord(new TlsEvaluatedResult(messageId, EvaluatorResult.FAIL, errorMessage)));
_advisoryChangedNotifier.Handle(existingState, CreateTlsResultsEvaluatedWithResults(newTlsRecords), new List <string> {
"test.gov.uk"
});
A.CallTo(() => _messageDispatcher.Dispatch(A <Message> ._, A <string> ._, A <string> ._)).MustNotHaveHappened();
}
public TlsResultsEvaluated(string id, bool failed, TlsRecords tlsRecords, CertificateResults certificates = null) : base(id)
{
TlsRecords = tlsRecords;
Certificates = certificates;
Failed = failed;
}
private TlsResultsEvaluated CreateTlsResultsEvaluatedWithResults(TlsRecords records = null)
{
TlsResultsEvaluated recordsEvaluated = new TlsResultsEvaluated("mailchecktest.host.gov.uk", false, records ?? CreateTlsRecords());
return(recordsEvaluated);
}
public TlsRecordEvaluationsChanged(string id, TlsRecords records, CertificateResults certificateResults) : base(id)
{
TlsRecords = records;
CertificateResults = certificateResults;
}
