public static bool ValidateCipherList(ClientAndServerProvider provider, ICollection <CipherSuiteCode> ciphers) { return(ciphers == null || ciphers.Any(cipher => ProviderSupportsCipher(provider, cipher))); }
public static bool ProviderSupportsCipher(ClientAndServerProvider provider, CipherSuiteCode cipher) { return(ProviderSupportsCipher(provider.Client, cipher) && ProviderSupportsCipher(provider.Server, cipher)); }
static SimpleConnectionParameters Create(TestContext ctx, ClientAndServerProvider provider, MonoConnectionTestCategory category, SimpleConnectionType type) { var parameters = CreateParameters(category, type); var certificateProvider = DependencyInjector.Get <ICertificateProvider> (); var acceptSelfSigned = certificateProvider.AcceptThisCertificate(ResourceManager.SelfSignedServerCertificate); var acceptFromCA = certificateProvider.AcceptFromCA(ResourceManager.LocalCACertificate); bool clientSupportsEcDhe; bool serverSupportsEcDhe; CipherSuiteCode defaultCipher; CipherSuiteCode defaultCipher12; CipherSuiteCode alternateCipher12; if (provider != null) { clientSupportsEcDhe = (provider.Client.Flags & ConnectionProviderFlags.SupportsEcDheCiphers) != 0; serverSupportsEcDhe = (provider.Server.Flags & ConnectionProviderFlags.SupportsEcDheCiphers) != 0; } else { clientSupportsEcDhe = serverSupportsEcDhe = false; } if (clientSupportsEcDhe && serverSupportsEcDhe) { defaultCipher = CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA; defaultCipher12 = CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384; alternateCipher12 = CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA; } else { defaultCipher = CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_CBC_SHA; defaultCipher12 = CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_GCM_SHA384; alternateCipher12 = CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA; } switch (type) { case SimpleConnectionType.Simple: break; case SimpleConnectionType.ValidateCertificate: parameters.ServerCertificate = ResourceManager.ServerCertificateFromCA; parameters.ClientCertificateValidator = acceptFromCA; break; case SimpleConnectionType.SimpleTls10: parameters.ProtocolVersion = ProtocolVersions.Tls10; break; case SimpleConnectionType.SimpleTls11: parameters.ProtocolVersion = ProtocolVersions.Tls11; break; case SimpleConnectionType.SimpleTls12: parameters.ProtocolVersion = ProtocolVersions.Tls12; break; case SimpleConnectionType.DefaultCipherTls10: parameters.ProtocolVersion = ProtocolVersions.Tls10; parameters.ExpectedCipher = defaultCipher; break; case SimpleConnectionType.DefaultCipherTls11: parameters.ProtocolVersion = ProtocolVersions.Tls11; parameters.ExpectedCipher = defaultCipher; break; case SimpleConnectionType.DefaultCipherTls12: parameters.ProtocolVersion = ProtocolVersions.Tls12; parameters.ExpectedCipher = defaultCipher12; break; case SimpleConnectionType.SelectCiphersTls10: parameters.ProtocolVersion = ProtocolVersions.Tls10; break; case SimpleConnectionType.SelectCiphersTls11: parameters.ProtocolVersion = ProtocolVersions.Tls11; break; case SimpleConnectionType.SelectCiphersTls12: parameters.ProtocolVersion = ProtocolVersions.Tls12; break; case SimpleConnectionType.RequestClientCertificate: /* * Request client certificate, but do not require it. * * FIXME: * SslStream with Mono's old implementation fails here. */ parameters.ClientCertificate = ResourceManager.MonkeyCertificate; parameters.ClientCertificateValidator = acceptSelfSigned; parameters.AskForClientCertificate = true; parameters.ServerCertificateValidator = acceptFromCA; break; case SimpleConnectionType.RequireClientCertificateRSA: /* * Require client certificate. * */ parameters.ClientCertificate = ResourceManager.MonkeyCertificate; parameters.ClientCertificateValidator = acceptSelfSigned; parameters.RequireClientCertificate = true; parameters.ServerCertificateValidator = acceptFromCA; parameters.ServerCiphers = new CipherSuiteCode[] { CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA }; break; case SimpleConnectionType.RequireClientCertificateDHE: /* * Require client certificate. * */ parameters.ClientCertificate = ResourceManager.MonkeyCertificate; parameters.ClientCertificateValidator = acceptSelfSigned; parameters.RequireClientCertificate = true; parameters.ServerCertificateValidator = acceptFromCA; parameters.ServerCiphers = new CipherSuiteCode[] { CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_CBC_SHA }; break; case SimpleConnectionType.CipherSelectionOrder: parameters.ProtocolVersion = ProtocolVersions.Tls12; parameters.ClientCiphers = new CipherSuiteCode[] { CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA, alternateCipher12 }; parameters.ExpectedServerCipher = CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA; break; case SimpleConnectionType.CipherSelectionOrder2: parameters.ProtocolVersion = ProtocolVersions.Tls12; parameters.ClientCiphers = new CipherSuiteCode[] { alternateCipher12, CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA }; parameters.ExpectedServerCipher = alternateCipher12; break; case SimpleConnectionType.MartinTest: parameters.ServerCertificate = ResourceManager.GetCertificateWithKey(CertificateResourceType.SelfSignedServerCertificate); break; default: ctx.AssertFail("Unsupported connection type: '{0}'.", type); break; } return(parameters); }
public static IEnumerable <SimpleConnectionParameters> GetParameters(TestContext ctx, ClientAndServerProvider provider, MonoConnectionTestCategory category) { return(GetTestTypes(ctx, category).Select(t => Create(ctx, provider, category, t))); }
public static bool ValidateCipherList (ClientAndServerProvider provider, ICollection<CipherSuiteCode> ciphers) { return ciphers == null || ciphers.Any (cipher => ProviderSupportsCipher (provider, cipher)); }
public static bool ProviderSupportsCipher (ClientAndServerProvider provider, CipherSuiteCode cipher) { return ProviderSupportsCipher (provider.Client, cipher) && ProviderSupportsCipher (provider.Server, cipher); }