public static bool ValidateCipherList(ClientAndServerProvider provider, ICollection <CipherSuiteCode> ciphers)
{
return(ciphers == null || ciphers.Any(cipher => ProviderSupportsCipher(provider, cipher)));
}
public static bool ProviderSupportsCipher(ClientAndServerProvider provider, CipherSuiteCode cipher)
{
return(ProviderSupportsCipher(provider.Client, cipher) && ProviderSupportsCipher(provider.Server, cipher));
}
static SimpleConnectionParameters Create(TestContext ctx, ClientAndServerProvider provider, MonoConnectionTestCategory category, SimpleConnectionType type)
{
var parameters = CreateParameters(category, type);
var certificateProvider = DependencyInjector.Get <ICertificateProvider> ();
var acceptSelfSigned = certificateProvider.AcceptThisCertificate(ResourceManager.SelfSignedServerCertificate);
var acceptFromCA = certificateProvider.AcceptFromCA(ResourceManager.LocalCACertificate);
bool clientSupportsEcDhe;
bool serverSupportsEcDhe;
CipherSuiteCode defaultCipher;
CipherSuiteCode defaultCipher12;
CipherSuiteCode alternateCipher12;
if (provider != null)
{
clientSupportsEcDhe = (provider.Client.Flags & ConnectionProviderFlags.SupportsEcDheCiphers) != 0;
serverSupportsEcDhe = (provider.Server.Flags & ConnectionProviderFlags.SupportsEcDheCiphers) != 0;
}
else
{
clientSupportsEcDhe = serverSupportsEcDhe = false;
}
if (clientSupportsEcDhe && serverSupportsEcDhe)
{
defaultCipher = CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA;
defaultCipher12 = CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384;
alternateCipher12 = CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA;
}
else
{
defaultCipher = CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_CBC_SHA;
defaultCipher12 = CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_GCM_SHA384;
alternateCipher12 = CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA;
}
switch (type)
{
case SimpleConnectionType.Simple:
break;
case SimpleConnectionType.ValidateCertificate:
parameters.ServerCertificate = ResourceManager.ServerCertificateFromCA;
parameters.ClientCertificateValidator = acceptFromCA;
break;
case SimpleConnectionType.SimpleTls10:
parameters.ProtocolVersion = ProtocolVersions.Tls10;
break;
case SimpleConnectionType.SimpleTls11:
parameters.ProtocolVersion = ProtocolVersions.Tls11;
break;
case SimpleConnectionType.SimpleTls12:
parameters.ProtocolVersion = ProtocolVersions.Tls12;
break;
case SimpleConnectionType.DefaultCipherTls10:
parameters.ProtocolVersion = ProtocolVersions.Tls10;
parameters.ExpectedCipher = defaultCipher;
break;
case SimpleConnectionType.DefaultCipherTls11:
parameters.ProtocolVersion = ProtocolVersions.Tls11;
parameters.ExpectedCipher = defaultCipher;
break;
case SimpleConnectionType.DefaultCipherTls12:
parameters.ProtocolVersion = ProtocolVersions.Tls12;
parameters.ExpectedCipher = defaultCipher12;
break;
case SimpleConnectionType.SelectCiphersTls10:
parameters.ProtocolVersion = ProtocolVersions.Tls10;
break;
case SimpleConnectionType.SelectCiphersTls11:
parameters.ProtocolVersion = ProtocolVersions.Tls11;
break;
case SimpleConnectionType.SelectCiphersTls12:
parameters.ProtocolVersion = ProtocolVersions.Tls12;
break;
case SimpleConnectionType.RequestClientCertificate:
/*
* Request client certificate, but do not require it.
*
* FIXME:
* SslStream with Mono's old implementation fails here.
*/
parameters.ClientCertificate = ResourceManager.MonkeyCertificate;
parameters.ClientCertificateValidator = acceptSelfSigned;
parameters.AskForClientCertificate = true;
parameters.ServerCertificateValidator = acceptFromCA;
break;
case SimpleConnectionType.RequireClientCertificateRSA:
/*
* Require client certificate.
*
*/
parameters.ClientCertificate = ResourceManager.MonkeyCertificate;
parameters.ClientCertificateValidator = acceptSelfSigned;
parameters.RequireClientCertificate = true;
parameters.ServerCertificateValidator = acceptFromCA;
parameters.ServerCiphers = new CipherSuiteCode[] {
CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA
};
break;
case SimpleConnectionType.RequireClientCertificateDHE:
/*
* Require client certificate.
*
*/
parameters.ClientCertificate = ResourceManager.MonkeyCertificate;
parameters.ClientCertificateValidator = acceptSelfSigned;
parameters.RequireClientCertificate = true;
parameters.ServerCertificateValidator = acceptFromCA;
parameters.ServerCiphers = new CipherSuiteCode[] {
CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_CBC_SHA
};
break;
case SimpleConnectionType.CipherSelectionOrder:
parameters.ProtocolVersion = ProtocolVersions.Tls12;
parameters.ClientCiphers = new CipherSuiteCode[] {
CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA,
alternateCipher12
};
parameters.ExpectedServerCipher = CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA;
break;
case SimpleConnectionType.CipherSelectionOrder2:
parameters.ProtocolVersion = ProtocolVersions.Tls12;
parameters.ClientCiphers = new CipherSuiteCode[] {
alternateCipher12,
CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA
};
parameters.ExpectedServerCipher = alternateCipher12;
break;
case SimpleConnectionType.MartinTest:
parameters.ServerCertificate = ResourceManager.GetCertificateWithKey(CertificateResourceType.SelfSignedServerCertificate);
break;
default:
ctx.AssertFail("Unsupported connection type: '{0}'.", type);
break;
}
return(parameters);
}
public static IEnumerable <SimpleConnectionParameters> GetParameters(TestContext ctx, ClientAndServerProvider provider, MonoConnectionTestCategory category)
{
return(GetTestTypes(ctx, category).Select(t => Create(ctx, provider, category, t)));
}
public static bool ValidateCipherList (ClientAndServerProvider provider, ICollection<CipherSuiteCode> ciphers)
{
return ciphers == null || ciphers.Any (cipher => ProviderSupportsCipher (provider, cipher));
}
public static bool ProviderSupportsCipher (ClientAndServerProvider provider, CipherSuiteCode cipher)
{
return ProviderSupportsCipher (provider.Client, cipher) && ProviderSupportsCipher (provider.Server, cipher);
}