public Task TestWeb( TestContext ctx, CancellationToken cancellationToken, [ConnectionTestProvider("BoringTLS")] ConnectionTestProvider provider, HttpsTestParameters parameters, HttpsTestRunner runner) { return(runner.Run(ctx, cancellationToken)); }
public HttpsTestRunner(IPortableEndPoint endpoint, HttpsTestParameters parameters, ConnectionTestProvider provider, Uri uri, ListenerFlags flags) : base(endpoint, parameters) { Provider = provider; ListenerFlags = flags; Uri = uri; }
public HttpsTestRunner(IPortableEndPoint endpoint, HttpsTestParameters parameters, ConnectionTestProvider provider, Uri uri, HttpServerFlags flags) : base(endpoint, parameters) { Provider = provider; ServerFlags = flags; Uri = uri; Server = new BuiltinHttpServer(uri, endpoint, flags, parameters, null) { Delegate = this }; }
public async Task TestCertificateStore(TestContext ctx, CancellationToken cancellationToken, ConnectionTestProvider provider, HttpsTestParameters parameters, HttpsTestRunner runner) { await runner.Run(ctx, cancellationToken); }
public async Task TestTrustedRoots(TestContext ctx, CancellationToken cancellationToken, ConnectionTestProvider provider, HttpsTestParameters parameters, HttpsTestRunner runner) { await runner.Run(ctx, cancellationToken); }
public static HttpsTestParameters GetParameters(TestContext ctx, ConnectionTestCategory category, ConnectionTestType type) { var certificateProvider = DependencyInjector.Get <ICertificateProvider> (); var acceptAll = certificateProvider.AcceptAll(); var rejectAll = certificateProvider.RejectAll(); var acceptNull = certificateProvider.AcceptNull(); var acceptSelfSigned = certificateProvider.AcceptThisCertificate(ResourceManager.SelfSignedServerCertificate); var acceptFromLocalCA = certificateProvider.AcceptFromCA(ResourceManager.LocalCACertificate); var name = GetTestName(category, type); switch (type) { case ConnectionTestType.Default: return(new HttpsTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate) { ClientCertificateValidator = acceptAll }); case ConnectionTestType.AcceptFromLocalCA: return(new HttpsTestParameters(category, type, name, ResourceManager.ServerCertificateFromCA) { ClientCertificateValidator = acceptFromLocalCA }); case ConnectionTestType.NoValidator: // The default validator only allows ResourceManager.SelfSignedServerCertificate. return(new HttpsTestParameters(category, type, name, ResourceManager.ServerCertificateFromCA) { ExpectTrustFailure = true, ClientAbortsHandshake = true }); case ConnectionTestType.RejectAll: // Explicit validator overrides the default ServicePointManager.ServerCertificateValidationCallback. return(new HttpsTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate) { ExpectTrustFailure = true, ClientCertificateValidator = rejectAll, ClientAbortsHandshake = true }); case ConnectionTestType.UnrequestedClientCertificate: // Provide a client certificate, but do not require it. return(new HttpsTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate) { ClientCertificate = ResourceManager.PenguinCertificate, ClientCertificateValidator = acceptSelfSigned, ServerCertificateValidator = acceptNull }); case ConnectionTestType.RequestClientCertificate: /* * Request client certificate, but do not require it. * * FIXME: * SslStream with Mono's old implementation fails here. */ return(new HttpsTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate) { ClientCertificate = ResourceManager.MonkeyCertificate, ClientCertificateValidator = acceptSelfSigned, AskForClientCertificate = true, ServerCertificateValidator = acceptFromLocalCA }); case ConnectionTestType.RequireClientCertificate: // Require client certificate. return(new HttpsTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate) { ClientCertificate = ResourceManager.MonkeyCertificate, ClientCertificateValidator = acceptSelfSigned, AskForClientCertificate = true, RequireClientCertificate = true, ServerCertificateValidator = acceptFromLocalCA }); case ConnectionTestType.OptionalClientCertificate: /* * Request client certificate without requiring one and do not provide it. * * To ask for an optional client certificate (without requiring it), you need to specify a custom validation * callback and then accept the null certificate with `SslPolicyErrors.RemoteCertificateNotAvailable' in it. * * FIXME: * Mono with the old TLS implementation throws SecureChannelFailure. */ return(new HttpsTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate) { ClientCertificateValidator = acceptSelfSigned, AskForClientCertificate = true, ServerCertificateValidator = acceptNull }); case ConnectionTestType.RejectClientCertificate: // Reject client certificate. return(new HttpsTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate) { ClientCertificate = ResourceManager.MonkeyCertificate, ClientCertificateValidator = acceptSelfSigned, ExpectWebException = true, ServerCertificateValidator = rejectAll, AskForClientCertificate = true, ClientAbortsHandshake = true }); case ConnectionTestType.MissingClientCertificate: // Missing client certificate. return(new HttpsTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate) { ClientCertificateValidator = acceptSelfSigned, ExpectWebException = true, AskForClientCertificate = true, RequireClientCertificate = true, ClientAbortsHandshake = true }); case ConnectionTestType.DontInvokeGlobalValidator: return(new HttpsTestParameters(category, type, name, ResourceManager.ServerCertificateFromCA) { ClientCertificateValidator = acceptAll, GlobalValidationFlags = GlobalValidationFlags.SetToTestRunner | GlobalValidationFlags.MustNotInvoke }); case ConnectionTestType.DontInvokeGlobalValidator2: return(new HttpsTestParameters(category, type, name, ResourceManager.ServerCertificateFromCA) { ClientCertificateValidator = rejectAll, GlobalValidationFlags = GlobalValidationFlags.SetToTestRunner | GlobalValidationFlags.MustNotInvoke, ExpectTrustFailure = true, ClientAbortsHandshake = true }); case ConnectionTestType.GlobalValidatorIsNull: return(new HttpsTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate) { GlobalValidationFlags = GlobalValidationFlags.SetToNull, ExpectTrustFailure = true, ClientAbortsHandshake = true }); case ConnectionTestType.MustInvokeGlobalValidator: return(new HttpsTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate) { GlobalValidationFlags = GlobalValidationFlags.SetToTestRunner | GlobalValidationFlags.MustInvoke | GlobalValidationFlags.AlwaysSucceed }); case ConnectionTestType.CheckChain: return(new HttpsTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate) { GlobalValidationFlags = GlobalValidationFlags.CheckChain, ExpectPolicyErrors = SslPolicyErrors.RemoteCertificateChainErrors | SslPolicyErrors.RemoteCertificateNameMismatch, ExpectChainStatus = X509ChainStatusFlags.UntrustedRoot }); case ConnectionTestType.ExternalServer: return(new HttpsTestParameters(category, type, name, CertificateResourceType.TlsTestXamDevNew) { ExternalServer = new Uri("https://tlstest-1.xamdev.com/"), GlobalValidationFlags = GlobalValidationFlags.CheckChain, ExpectPolicyErrors = SslPolicyErrors.None }); case ConnectionTestType.ServerCertificateWithCA: var parameters = new HttpsTestParameters(category, type, name, ResourceManager.ServerCertificateWithCA) { GlobalValidationFlags = GlobalValidationFlags.SetToTestRunner, ExpectChainStatus = X509ChainStatusFlags.UntrustedRoot }; parameters.ValidationParameters = new ValidationParameters(); parameters.ValidationParameters.AddExpectedExtraStore(CertificateResourceType.ServerCertificateFromLocalCA); parameters.ValidationParameters.AddExpectedExtraStore(CertificateResourceType.HamillerTubeCA); parameters.ValidationParameters.ExpectSuccess = false; return(parameters); case ConnectionTestType.TrustedRootCA: parameters = new HttpsTestParameters(category, type, name, ResourceManager.ServerCertificateFromCA) { GlobalValidationFlags = GlobalValidationFlags.CheckChain, ExpectPolicyErrors = SslPolicyErrors.None, OverrideTargetHost = "Hamiller-Tube.local" }; parameters.ValidationParameters = new ValidationParameters(); parameters.ValidationParameters.AddTrustedRoot(CertificateResourceType.HamillerTubeCA); parameters.ValidationParameters.ExpectSuccess = true; return(parameters); case ConnectionTestType.TrustedIntermediateCA: parameters = new HttpsTestParameters(category, type, name, ResourceManager.GetCertificate(CertificateResourceType.IntermediateServerCertificateBare)) { GlobalValidationFlags = GlobalValidationFlags.SetToTestRunner, ExpectChainStatus = X509ChainStatusFlags.NoError, ExpectPolicyErrors = SslPolicyErrors.None, OverrideTargetHost = "Intermediate-Server.local" }; parameters.ValidationParameters = new ValidationParameters(); parameters.ValidationParameters.AddTrustedRoot(CertificateResourceType.HamillerTubeIM); parameters.ValidationParameters.AddExpectedExtraStore(CertificateResourceType.IntermediateServerCertificateNoKey); parameters.ValidationParameters.ExpectSuccess = true; return(parameters); case ConnectionTestType.TrustedSelfSigned: parameters = new HttpsTestParameters(category, type, name, ResourceManager.SelfSignedServerCertificate) { GlobalValidationFlags = GlobalValidationFlags.SetToTestRunner, ExpectChainStatus = X509ChainStatusFlags.NoError, ExpectPolicyErrors = SslPolicyErrors.None, OverrideTargetHost = "Hamiller-Tube.local" }; parameters.ValidationParameters = new ValidationParameters(); parameters.ValidationParameters.AddTrustedRoot(CertificateResourceType.SelfSignedServerCertificate); parameters.ValidationParameters.ExpectSuccess = true; return(parameters); case ConnectionTestType.HostNameMismatch: parameters = new HttpsTestParameters(category, type, name, ResourceManager.ServerCertificateFromCA) { GlobalValidationFlags = GlobalValidationFlags.CheckChain, ExpectPolicyErrors = SslPolicyErrors.RemoteCertificateNameMismatch, }; parameters.ValidationParameters = new ValidationParameters(); parameters.ValidationParameters.AddTrustedRoot(CertificateResourceType.HamillerTubeCA); parameters.ValidationParameters.ExpectSuccess = false; return(parameters); case ConnectionTestType.IntermediateServerCertificate: parameters = new HttpsTestParameters(category, type, name, ResourceManager.GetCertificate(CertificateResourceType.IntermediateServerCertificate)) { GlobalValidationFlags = GlobalValidationFlags.SetToTestRunner, ExpectChainStatus = X509ChainStatusFlags.NoError, ExpectPolicyErrors = SslPolicyErrors.None, OverrideTargetHost = "Intermediate-Server.local" }; parameters.ValidationParameters = new ValidationParameters(); parameters.ValidationParameters.AddTrustedRoot(CertificateResourceType.HamillerTubeCA); parameters.ValidationParameters.AddExpectedExtraStore(CertificateResourceType.IntermediateServerCertificateNoKey); parameters.ValidationParameters.AddExpectedExtraStore(CertificateResourceType.HamillerTubeIM); parameters.ValidationParameters.ExpectSuccess = true; return(parameters); case ConnectionTestType.IntermediateServerCertificateFull: parameters = new HttpsTestParameters(category, type, name, ResourceManager.GetCertificate(CertificateResourceType.IntermediateServerCertificateFull)) { GlobalValidationFlags = GlobalValidationFlags.SetToTestRunner, ExpectChainStatus = X509ChainStatusFlags.NoError, ExpectPolicyErrors = SslPolicyErrors.None, OverrideTargetHost = "Intermediate-Server.local" }; parameters.ValidationParameters = new ValidationParameters(); parameters.ValidationParameters.AddTrustedRoot(CertificateResourceType.HamillerTubeCA); parameters.ValidationParameters.AddExpectedExtraStore(CertificateResourceType.IntermediateServerCertificateNoKey); parameters.ValidationParameters.AddExpectedExtraStore(CertificateResourceType.HamillerTubeIM); parameters.ValidationParameters.AddExpectedExtraStore(CertificateResourceType.HamillerTubeCA); parameters.ValidationParameters.ExpectSuccess = true; return(parameters); case ConnectionTestType.IntermediateServerCertificateBare: parameters = new HttpsTestParameters(category, type, name, ResourceManager.GetCertificate(CertificateResourceType.IntermediateServerCertificateBare)) { GlobalValidationFlags = GlobalValidationFlags.SetToTestRunner, ExpectPolicyErrors = SslPolicyErrors.RemoteCertificateChainErrors, OverrideTargetHost = "Intermediate-Server.local" }; parameters.ValidationParameters = new ValidationParameters(); parameters.ValidationParameters.AddTrustedRoot(CertificateResourceType.HamillerTubeCA); parameters.ValidationParameters.AddExpectedExtraStore(CertificateResourceType.IntermediateServerCertificateNoKey); parameters.ValidationParameters.ExpectSuccess = false; return(parameters); case ConnectionTestType.CertificateStore: parameters = new HttpsTestParameters(category, type, name, ResourceManager.GetCertificate(CertificateResourceType.ServerFromTrustedIntermediateCABare)) { GlobalValidationFlags = GlobalValidationFlags.SetToTestRunner, ExpectChainStatus = X509ChainStatusFlags.NoError, ExpectPolicyErrors = SslPolicyErrors.None, OverrideTargetHost = "Trusted-IM-Server.local" }; return(parameters); case ConnectionTestType.MartinTest: goto case ConnectionTestType.ServerCertificateWithCA; default: throw new InternalErrorException(); } }
public async Task TestDotNetConnection (TestContext ctx, CancellationToken cancellationToken, ConnectionTestProvider provider, HttpsTestParameters parameters, HttpsTestRunner runner) { await runner.Run (ctx, cancellationToken); }