diff --git a/crypto/test/UnitTests.csproj b/crypto/test/UnitTests.csproj
index 92d3b7d92..8fd93a962 100644
--- a/crypto/test/UnitTests.csproj
+++ b/crypto/test/UnitTests.csproj
@@ -315,41 +315,6 @@
<Compile Include="src\crypto\test\cavp\KDFCounterTests.cs" />
<Compile Include="src\crypto\test\cavp\KDFDoublePipelineTests.cs" />
<Compile Include="src\crypto\test\cavp\KDFFeedbackCounterTests.cs" />
- <Compile Include="src\crypto\tls\test\ByteQueueStreamTest.cs" />
- <Compile Include="src\crypto\tls\test\DtlsProtocolTest.cs" />
- <Compile Include="src\crypto\tls\test\DtlsTestCase.cs" />
- <Compile Include="src\crypto\tls\test\DtlsTestClientProtocol.cs" />
- <Compile Include="src\crypto\tls\test\DtlsTestServerProtocol.cs" />
- <Compile Include="src\crypto\tls\test\DtlsTestSuite.cs" />
- <Compile Include="src\crypto\tls\test\LoggingDatagramTransport.cs" />
- <Compile Include="src\crypto\tls\test\MockDatagramAssociation.cs" />
- <Compile Include="src\crypto\tls\test\MockDtlsClient.cs" />
- <Compile Include="src\crypto\tls\test\MockDtlsServer.cs" />
- <Compile Include="src\crypto\tls\test\MockPskTlsClient.cs" />
- <Compile Include="src\crypto\tls\test\MockPskTlsServer.cs" />
- <Compile Include="src\crypto\tls\test\MockSrpTlsClient.cs" />
- <Compile Include="src\crypto\tls\test\MockSrpTlsServer.cs" />
- <Compile Include="src\crypto\tls\test\MockTlsClient.cs" />
- <Compile Include="src\crypto\tls\test\MockTlsServer.cs" />
- <Compile Include="src\crypto\tls\test\NetworkStream.cs" />
- <Compile Include="src\crypto\tls\test\PipedStream.cs" />
- <Compile Include="src\crypto\tls\test\PskTlsClientTest.cs" />
- <Compile Include="src\crypto\tls\test\PskTlsServerTest.cs" />
- <Compile Include="src\crypto\tls\test\TlsClientTest.cs" />
- <Compile Include="src\crypto\tls\test\TlsProtocolTest.cs" />
- <Compile Include="src\crypto\tls\test\TlsProtocolNonBlockingTest.cs" />
- <Compile Include="src\crypto\tls\test\TlsPskProtocolTest.cs" />
- <Compile Include="src\crypto\tls\test\TlsServerTest.cs" />
- <Compile Include="src\crypto\tls\test\TlsSrpProtocolTest.cs" />
- <Compile Include="src\crypto\tls\test\TlsTestCase.cs" />
- <Compile Include="src\crypto\tls\test\TlsTestClientImpl.cs" />
- <Compile Include="src\crypto\tls\test\TlsTestClientProtocol.cs" />
- <Compile Include="src\crypto\tls\test\TlsTestConfig.cs" />
- <Compile Include="src\crypto\tls\test\TlsTestServerImpl.cs" />
- <Compile Include="src\crypto\tls\test\TlsTestServerProtocol.cs" />
- <Compile Include="src\crypto\tls\test\TlsTestSuite.cs" />
- <Compile Include="src\crypto\tls\test\TlsTestUtilities.cs" />
- <Compile Include="src\crypto\tls\test\UnreliableDatagramTransport.cs" />
<Compile Include="src\math\ec\custom\sec\test\SecP128R1FieldTest.cs" />
<Compile Include="src\math\ec\custom\sec\test\SecP256R1FieldTest.cs" />
<Compile Include="src\math\ec\custom\sec\test\SecP384R1FieldTest.cs" />
diff --git a/crypto/test/src/crypto/tls/test/ByteQueueStreamTest.cs b/crypto/test/src/crypto/tls/test/ByteQueueStreamTest.cs
deleted file mode 100644
index 1d68a5215..000000000
--- a/crypto/test/src/crypto/tls/test/ByteQueueStreamTest.cs
+++ /dev/null
@@ -1,134 +0,0 @@
-using System;
-
-using NUnit.Framework;
-
-using Org.BouncyCastle.Utilities;
-
-namespace Org.BouncyCastle.Crypto.Tls.Tests
-{
- [TestFixture]
- public class ByteQueueStreamTest
- {
- [Test]
- public void TestAvailable()
- {
- ByteQueueStream input = new ByteQueueStream();
-
- // buffer is empty
- Assert.AreEqual(0, input.Available);
-
- // after adding once
- input.Write(new byte[10]);
- Assert.AreEqual(10, input.Available);
-
- // after adding more than once
- input.Write(new byte[5]);
- Assert.AreEqual(15, input.Available);
-
- // after reading a single byte
- input.ReadByte();
- Assert.AreEqual(14, input.Available);
-
- // after reading into a byte array
- input.Read(new byte[4]);
- Assert.AreEqual(10, input.Available);
-
- input.Close(); // so compiler doesn't whine about a resource leak
- }
-
- [Test]
- public void TestSkip()
- {
- ByteQueueStream input = new ByteQueueStream();
-
- // skip when buffer is empty
- Assert.AreEqual(0, input.Skip(10));
-
- // skip equal to available
- input.Write(new byte[2]);
- Assert.AreEqual(2, input.Skip(2));
- Assert.AreEqual(0, input.Available);
-
- // skip less than available
- input.Write(new byte[10]);
- Assert.AreEqual(5, input.Skip(5));
- Assert.AreEqual(5, input.Available);
-
- // skip more than available
- Assert.AreEqual(5, input.Skip(20));
- Assert.AreEqual(0, input.Available);
-
- input.Close();// so compiler doesn't whine about a resource leak
- }
-
- [Test]
- public void TestRead()
- {
- ByteQueueStream input = new ByteQueueStream();
- input.Write(new byte[] { 0x01, 0x02 });
- input.Write(new byte[]{ 0x03 });
-
- Assert.AreEqual(0x01, input.ReadByte());
- Assert.AreEqual(0x02, input.ReadByte());
- Assert.AreEqual(0x03, input.ReadByte());
- Assert.AreEqual(-1, input.ReadByte());
-
- input.Close(); // so compiler doesn't whine about a resource leak
- }
-
- [Test]
- public void TestReadArray()
- {
- ByteQueueStream input = new ByteQueueStream();
- input.Write(new byte[] { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06 });
-
- byte[] buffer = new byte[5];
-
- // read less than available into specified position
- Assert.AreEqual(1, input.Read(buffer, 2, 1));
- AssertArrayEquals(new byte[]{ 0x00, 0x00, 0x01, 0x00, 0x00 }, buffer);
-
- // read equal to available
- Assert.AreEqual(5, input.Read(buffer));
- AssertArrayEquals(new byte[]{ 0x02, 0x03, 0x04, 0x05, 0x06 }, buffer);
-
- // read more than available
- input.Write(new byte[]{ 0x01, 0x02, 0x03 });
- Assert.AreEqual(3, input.Read(buffer));
- AssertArrayEquals(new byte[]{ 0x01, 0x02, 0x03, 0x05, 0x06 }, buffer);
-
- input.Close(); // so compiler doesn't whine about a resource leak
- }
-
- [Test]
- public void TestPeek()
- {
- ByteQueueStream input = new ByteQueueStream();
-
- byte[] buffer = new byte[5];
-
- // peek more than available
- Assert.AreEqual(0, input.Peek(buffer));
- AssertArrayEquals(new byte[]{ 0x00, 0x00, 0x00, 0x00, 0x00 }, buffer);
-
- // peek less than available
- input.Write(new byte[]{ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06 });
- Assert.AreEqual(5, input.Peek(buffer));
- AssertArrayEquals(new byte[]{ 0x01, 0x02, 0x03, 0x04, 0x05 }, buffer);
- Assert.AreEqual(6, input.Available);
-
- // peek equal to available
- input.ReadByte();
- Assert.AreEqual(5, input.Peek(buffer));
- AssertArrayEquals(new byte[]{ 0x02, 0x03, 0x04, 0x05, 0x06 }, buffer);
- Assert.AreEqual(5, input.Available);
-
- input.Close(); // so compiler doesn't whine about a resource leak
- }
-
- private static void AssertArrayEquals(byte[] a, byte[] b)
- {
- Assert.IsTrue(Arrays.AreEqual(a, b));
- }
- }
-}
diff --git a/crypto/test/src/crypto/tls/test/DtlsProtocolTest.cs b/crypto/test/src/crypto/tls/test/DtlsProtocolTest.cs
deleted file mode 100644
index 43726c70c..000000000
--- a/crypto/test/src/crypto/tls/test/DtlsProtocolTest.cs
+++ /dev/null
@@ -1,102 +0,0 @@
-using System;
-using System.IO;
-using System.Threading;
-
-using Org.BouncyCastle.Security;
-using Org.BouncyCastle.Utilities;
-
-using NUnit.Framework;
-
-namespace Org.BouncyCastle.Crypto.Tls.Tests
-{
- [TestFixture]
- public class DtlsProtocolTest
- {
- [Test]
- public void TestClientServer()
- {
- SecureRandom secureRandom = new SecureRandom();
-
- DtlsClientProtocol clientProtocol = new DtlsClientProtocol(secureRandom);
- DtlsServerProtocol serverProtocol = new DtlsServerProtocol(secureRandom);
-
- MockDatagramAssociation network = new MockDatagramAssociation(1500);
-
- Server server = new Server(serverProtocol, network.Server);
-
- Thread serverThread = new Thread(new ThreadStart(server.Run));
- serverThread.Start();
-
- DatagramTransport clientTransport = network.Client;
-
- clientTransport = new UnreliableDatagramTransport(clientTransport, secureRandom, 0, 0);
-
- clientTransport = new LoggingDatagramTransport(clientTransport, Console.Out);
-
- MockDtlsClient client = new MockDtlsClient(null);
-
- DtlsTransport dtlsClient = clientProtocol.Connect(client, clientTransport);
-
- for (int i = 1; i <= 10; ++i)
- {
- byte[] data = new byte[i];
- Arrays.Fill(data, (byte)i);
- dtlsClient.Send(data, 0, data.Length);
- }
-
- byte[] buf = new byte[dtlsClient.GetReceiveLimit()];
- while (dtlsClient.Receive(buf, 0, buf.Length, 100) >= 0)
- {
- }
-
- dtlsClient.Close();
-
- server.Shutdown(serverThread);
- }
-
- internal class Server
- {
- private readonly DtlsServerProtocol mServerProtocol;
- private readonly DatagramTransport mServerTransport;
- private volatile bool isShutdown = false;
-
- internal Server(DtlsServerProtocol serverProtocol, DatagramTransport serverTransport)
- {
- this.mServerProtocol = serverProtocol;
- this.mServerTransport = serverTransport;
- }
-
- public void Run()
- {
- try
- {
- MockDtlsServer server = new MockDtlsServer();
- DtlsTransport dtlsServer = mServerProtocol.Accept(server, mServerTransport);
- byte[] buf = new byte[dtlsServer.GetReceiveLimit()];
- while (!isShutdown)
- {
- int length = dtlsServer.Receive(buf, 0, buf.Length, 1000);
- if (length >= 0)
- {
- dtlsServer.Send(buf, 0, length);
- }
- }
- dtlsServer.Close();
- }
- catch (Exception e)
- {
- Console.Error.WriteLine(e);
- }
- }
-
- internal void Shutdown(Thread serverThread)
- {
- if (!isShutdown)
- {
- isShutdown = true;
- serverThread.Join();
- }
- }
- }
- }
-}
diff --git a/crypto/test/src/crypto/tls/test/DtlsTestCase.cs b/crypto/test/src/crypto/tls/test/DtlsTestCase.cs
deleted file mode 100644
index 1cea4bfe2..000000000
--- a/crypto/test/src/crypto/tls/test/DtlsTestCase.cs
+++ /dev/null
@@ -1,154 +0,0 @@
-using System;
-using System.IO;
-using System.Threading;
-
-using Org.BouncyCastle.Security;
-using Org.BouncyCastle.Utilities;
-
-using NUnit.Framework;
-
-namespace Org.BouncyCastle.Crypto.Tls.Tests
-{
- [TestFixture]
- public class DtlsTestCase
- {
- private static void CheckDtlsVersion(ProtocolVersion version)
- {
- if (version != null && !version.IsDtls)
- throw new InvalidOperationException("Non-DTLS version");
- }
-
- [Test, TestCaseSource(typeof(DtlsTestSuite), "Suite")]
- public void RunTest(TlsTestConfig config)
- {
- CheckDtlsVersion(config.clientMinimumVersion);
- CheckDtlsVersion(config.clientOfferVersion);
- CheckDtlsVersion(config.serverMaximumVersion);
- CheckDtlsVersion(config.serverMinimumVersion);
-
- SecureRandom secureRandom = new SecureRandom();
-
- DtlsTestClientProtocol clientProtocol = new DtlsTestClientProtocol(secureRandom, config);
- DtlsTestServerProtocol serverProtocol = new DtlsTestServerProtocol(secureRandom, config);
-
- MockDatagramAssociation network = new MockDatagramAssociation(1500);
-
- TlsTestClientImpl clientImpl = new TlsTestClientImpl(config);
- TlsTestServerImpl serverImpl = new TlsTestServerImpl(config);
-
- Server server = new Server(this, serverProtocol, network.Server, serverImpl);
-
- Thread serverThread = new Thread(new ThreadStart(server.Run));
- serverThread.Start();
-
- Exception caught = null;
- try
- {
- DatagramTransport clientTransport = network.Client;
-
- if (TlsTestConfig.DEBUG)
- {
- clientTransport = new LoggingDatagramTransport(clientTransport, Console.Out);
- }
-
- DtlsTransport dtlsClient = clientProtocol.Connect(clientImpl, clientTransport);
-
- for (int i = 1; i <= 10; ++i)
- {
- byte[] data = new byte[i];
- Arrays.Fill(data, (byte)i);
- dtlsClient.Send(data, 0, data.Length);
- }
-
- byte[] buf = new byte[dtlsClient.GetReceiveLimit()];
- while (dtlsClient.Receive(buf, 0, buf.Length, 100) >= 0)
- {
- }
-
- dtlsClient.Close();
- }
- catch (Exception e)
- {
- caught = e;
- LogException(caught);
- }
-
- server.Shutdown(serverThread);
-
- // TODO Add checks that the various streams were closed
-
- Assert.AreEqual(config.expectFatalAlertConnectionEnd, clientImpl.FirstFatalAlertConnectionEnd, "Client fatal alert connection end");
- Assert.AreEqual(config.expectFatalAlertConnectionEnd, serverImpl.FirstFatalAlertConnectionEnd, "Server fatal alert connection end");
-
- Assert.AreEqual(config.expectFatalAlertDescription, clientImpl.FirstFatalAlertDescription, "Client fatal alert description");
- Assert.AreEqual(config.expectFatalAlertDescription, serverImpl.FirstFatalAlertDescription, "Server fatal alert description");
-
- if (config.expectFatalAlertConnectionEnd == -1)
- {
- Assert.IsNull(caught, "Unexpected client exception");
- Assert.IsNull(server.mCaught, "Unexpected server exception");
- }
- }
-
- protected void LogException(Exception e)
- {
- if (TlsTestConfig.DEBUG)
- {
- Console.Error.WriteLine(e);
- }
- }
-
- internal class Server
- {
- private readonly DtlsTestCase mOuter;
- private readonly DtlsTestServerProtocol mServerProtocol;
- private readonly DatagramTransport mServerTransport;
- private readonly TlsTestServerImpl mServerImpl;
-
- private volatile bool isShutdown = false;
- internal Exception mCaught = null;
-
- internal Server(DtlsTestCase outer, DtlsTestServerProtocol serverProtocol,
- DatagramTransport serverTransport, TlsTestServerImpl serverImpl)
- {
- this.mOuter = outer;
- this.mServerProtocol = serverProtocol;
- this.mServerTransport = serverTransport;
- this.mServerImpl = serverImpl;
- }
-
- public void Run()
- {
- try
- {
- DtlsTransport dtlsServer = mServerProtocol.Accept(mServerImpl, mServerTransport);
- byte[] buf = new byte[dtlsServer.GetReceiveLimit()];
- while (!isShutdown)
- {
- int length = dtlsServer.Receive(buf, 0, buf.Length, 100);
- if (length >= 0)
- {
- dtlsServer.Send(buf, 0, length);
- }
- }
- dtlsServer.Close();
- }
- catch (Exception e)
- {
- mCaught = e;
- mOuter.LogException(mCaught);
- }
- }
-
- internal void Shutdown(Thread serverThread)
- {
- if (!isShutdown)
- {
- isShutdown = true;
- //serverThread.Interrupt();
- serverThread.Join();
- }
- }
- }
- }
-}
diff --git a/crypto/test/src/crypto/tls/test/DtlsTestClientProtocol.cs b/crypto/test/src/crypto/tls/test/DtlsTestClientProtocol.cs
deleted file mode 100644
index 41ed93eb0..000000000
--- a/crypto/test/src/crypto/tls/test/DtlsTestClientProtocol.cs
+++ /dev/null
@@ -1,28 +0,0 @@
-using System;
-
-using Org.BouncyCastle.Security;
-
-namespace Org.BouncyCastle.Crypto.Tls.Tests
-{
- internal class DtlsTestClientProtocol
- : DtlsClientProtocol
- {
- protected readonly TlsTestConfig config;
-
- public DtlsTestClientProtocol(SecureRandom secureRandom, TlsTestConfig config)
- : base(secureRandom)
- {
- this.config = config;
- }
-
- protected override byte[] GenerateCertificateVerify(ClientHandshakeState state, DigitallySigned certificateVerify)
- {
- if (certificateVerify.Algorithm != null && config.clientAuthSigAlgClaimed != null)
- {
- certificateVerify = new DigitallySigned(config.clientAuthSigAlgClaimed, certificateVerify.Signature);
- }
-
- return base.GenerateCertificateVerify(state, certificateVerify);
- }
- }
-}
diff --git a/crypto/test/src/crypto/tls/test/DtlsTestServerProtocol.cs b/crypto/test/src/crypto/tls/test/DtlsTestServerProtocol.cs
deleted file mode 100644
index 006473cef..000000000
--- a/crypto/test/src/crypto/tls/test/DtlsTestServerProtocol.cs
+++ /dev/null
@@ -1,18 +0,0 @@
-using System;
-
-using Org.BouncyCastle.Security;
-
-namespace Org.BouncyCastle.Crypto.Tls.Tests
-{
- internal class DtlsTestServerProtocol
- : DtlsServerProtocol
- {
- protected readonly TlsTestConfig config;
-
- public DtlsTestServerProtocol(SecureRandom secureRandom, TlsTestConfig config)
- : base(secureRandom)
- {
- this.config = config;
- }
- }
-}
diff --git a/crypto/test/src/crypto/tls/test/DtlsTestSuite.cs b/crypto/test/src/crypto/tls/test/DtlsTestSuite.cs
deleted file mode 100644
index f191ef005..000000000
--- a/crypto/test/src/crypto/tls/test/DtlsTestSuite.cs
+++ /dev/null
@@ -1,228 +0,0 @@
-using System;
-using System.Collections;
-
-using NUnit.Framework;
-
-namespace Org.BouncyCastle.Crypto.Tls.Tests
-{
- public class DtlsTestSuite
- {
- // Make the access to constants less verbose
- internal class C : TlsTestConfig {}
-
- public DtlsTestSuite()
- {
- }
-
- public static IEnumerable Suite()
- {
- IList testSuite = new ArrayList();
-
- AddFallbackTests(testSuite);
- AddVersionTests(testSuite, ProtocolVersion.DTLSv10);
- AddVersionTests(testSuite, ProtocolVersion.DTLSv12);
-
- return testSuite;
- }
-
- private static void AddFallbackTests(IList testSuite)
- {
- {
- TlsTestConfig c = CreateDtlsTestConfig(ProtocolVersion.DTLSv12);
- c.clientFallback = true;
-
- AddTestCase(testSuite, c, "FallbackGood");
- }
-
- /*
- * NOTE: Temporarily disabled automatic test runs because of problems getting a clean exit
- * of the DTLS server after a fatal alert. As of writing, manual runs show the correct
- * alerts being raised
- */
-
-#if false
- {
- TlsTestConfig c = CreateDtlsTestConfig(ProtocolVersion.DTLSv12);
- c.clientOfferVersion = ProtocolVersion.DTLSv10;
- c.clientFallback = true;
- c.ExpectServerFatalAlert(AlertDescription.inappropriate_fallback);
-
- AddTestCase(testSuite, c, "FallbackBad");
- }
-#endif
-
- {
- TlsTestConfig c = CreateDtlsTestConfig(ProtocolVersion.DTLSv12);
- c.clientOfferVersion = ProtocolVersion.DTLSv10;
-
- AddTestCase(testSuite, c, "FallbackNone");
- }
- }
-
- private static void AddVersionTests(IList testSuite, ProtocolVersion version)
- {
- string prefix = version.ToString()
- .Replace(" ", "")
- .Replace("\\", "")
- .Replace(".", "")
- + "_";
-
- /*
- * NOTE: Temporarily disabled automatic test runs because of problems getting a clean exit
- * of the DTLS server after a fatal alert. As of writing, manual runs show the correct
- * alerts being raised
- */
-
-#if false
- /*
- * Server only declares support for SHA1/RSA, client selects MD5/RSA. Since the client is
- * NOT actually tracking MD5 over the handshake, we expect fatal alert from the client.
- */
- if (TlsUtilities.IsTlsV12(version))
- {
- TlsTestConfig c = CreateDtlsTestConfig(version);
- c.clientAuth = C.CLIENT_AUTH_VALID;
- c.clientAuthSigAlg = new SignatureAndHashAlgorithm(HashAlgorithm.md5, SignatureAlgorithm.rsa);
- c.serverCertReqSigAlgs = TlsUtilities.GetDefaultRsaSignatureAlgorithms();
- c.ExpectClientFatalAlert(AlertDescription.internal_error);
-
- AddTestCase(testSuite, c, prefix + "BadCertificateVerifyHashAlg");
- }
-
- /*
- * Server only declares support for SHA1/ECDSA, client selects SHA1/RSA. Since the client is
- * actually tracking SHA1 over the handshake, we expect fatal alert to come from the server
- * when it verifies the selected algorithm against the CertificateRequest supported
- * algorithms.
- */
- if (TlsUtilities.IsTlsV12(version))
- {
- TlsTestConfig c = CreateDtlsTestConfig(version);
- c.clientAuth = C.CLIENT_AUTH_VALID;
- c.clientAuthSigAlg = new SignatureAndHashAlgorithm(HashAlgorithm.sha1, SignatureAlgorithm.rsa);
- c.serverCertReqSigAlgs = TlsUtilities.GetDefaultECDsaSignatureAlgorithms();
- c.ExpectServerFatalAlert(AlertDescription.illegal_parameter);
-
- AddTestCase(testSuite, c, prefix + "BadCertificateVerifySigAlg");
- }
-
- /*
- * Server only declares support for SHA1/ECDSA, client signs with SHA1/RSA, but sends
- * SHA1/ECDSA in the CertificateVerify. Since the client is actually tracking SHA1 over the
- * handshake, and the claimed algorithm is in the CertificateRequest supported algorithms,
- * we expect fatal alert to come from the server when it finds the claimed algorithm
- * doesn't match the client certificate.
- */
- if (TlsUtilities.IsTlsV12(version))
- {
- TlsTestConfig c = CreateDtlsTestConfig(version);
- c.clientAuth = C.CLIENT_AUTH_VALID;
- c.clientAuthSigAlg = new SignatureAndHashAlgorithm(HashAlgorithm.sha1, SignatureAlgorithm.rsa);
- c.clientAuthSigAlgClaimed = new SignatureAndHashAlgorithm(HashAlgorithm.sha1, SignatureAlgorithm.ecdsa);
- c.serverCertReqSigAlgs = TlsUtilities.GetDefaultECDsaSignatureAlgorithms();
- c.ExpectServerFatalAlert(AlertDescription.decrypt_error);
-
- AddTestCase(testSuite, c, prefix + "BadCertificateVerifySigAlgMismatch");
- }
-
- {
- TlsTestConfig c = CreateDtlsTestConfig(version);
- c.clientAuth = C.CLIENT_AUTH_INVALID_VERIFY;
- c.ExpectServerFatalAlert(AlertDescription.decrypt_error);
-
- AddTestCase(testSuite, c, prefix + "BadCertificateVerifySignature");
- }
-
- {
- TlsTestConfig c = CreateDtlsTestConfig(version);
- c.clientAuth = C.CLIENT_AUTH_INVALID_CERT;
- c.ExpectServerFatalAlert(AlertDescription.bad_certificate);
-
- AddTestCase(testSuite, c, prefix + "BadClientCertificate");
- }
-
- {
- TlsTestConfig c = CreateDtlsTestConfig(version);
- c.clientAuth = C.CLIENT_AUTH_NONE;
- c.serverCertReq = C.SERVER_CERT_REQ_MANDATORY;
- c.ExpectServerFatalAlert(AlertDescription.handshake_failure);
-
- AddTestCase(testSuite, c, prefix + "BadMandatoryCertReqDeclined");
- }
-
- /*
- * Server selects MD5/RSA for ServerKeyExchange signature, which is not in the default
- * supported signature algorithms that the client sent. We expect fatal alert from the
- * client when it verifies the selected algorithm against the supported algorithms.
- */
- if (TlsUtilities.IsTlsV12(version))
- {
- TlsTestConfig c = CreateDtlsTestConfig(version);
- c.serverAuthSigAlg = new SignatureAndHashAlgorithm(HashAlgorithm.md5, SignatureAlgorithm.rsa);
- c.ExpectClientFatalAlert(AlertDescription.illegal_parameter);
-
- AddTestCase(testSuite, c, prefix + "BadServerKeyExchangeSigAlg");
- }
-
- /*
- * Server selects MD5/RSA for ServerKeyExchange signature, which is not the default {sha1,rsa}
- * implied by the absent signature_algorithms extension. We expect fatal alert from the
- * client when it verifies the selected algorithm against the implicit default.
- */
- if (TlsUtilities.IsTlsV12(version))
- {
- TlsTestConfig c = CreateDtlsTestConfig(version);
- c.clientSendSignatureAlgorithms = false;
- c.serverAuthSigAlg = new SignatureAndHashAlgorithm(HashAlgorithm.md5, SignatureAlgorithm.rsa);
- c.ExpectClientFatalAlert(AlertDescription.illegal_parameter);
-
- AddTestCaseDebug(testSuite, c, prefix + "BadServerKeyExchangeSigAlg2");
- }
-#endif
-
- {
- TlsTestConfig c = CreateDtlsTestConfig(version);
-
- AddTestCase(testSuite, c, prefix + "GoodDefault");
- }
-
- {
- TlsTestConfig c = CreateDtlsTestConfig(version);
- c.serverCertReq = C.SERVER_CERT_REQ_NONE;
-
- AddTestCase(testSuite, c, prefix + "GoodNoCertReq");
- }
-
- {
- TlsTestConfig c = CreateDtlsTestConfig(version);
- c.clientAuth = C.CLIENT_AUTH_NONE;
-
- AddTestCase(testSuite, c, prefix + "GoodOptionalCertReqDeclined");
- }
- }
-
- private static void AddTestCase(IList testSuite, TlsTestConfig config, String name)
- {
- testSuite.Add(new TestCaseData(config).SetName(name));
- }
-
- private static TlsTestConfig CreateDtlsTestConfig(ProtocolVersion version)
- {
- TlsTestConfig c = new TlsTestConfig();
- c.clientMinimumVersion = ProtocolVersion.DTLSv10;
- c.clientOfferVersion = ProtocolVersion.DTLSv12;
- c.serverMaximumVersion = version;
- c.serverMinimumVersion = ProtocolVersion.DTLSv10;
- return c;
- }
-
- public static void RunTests()
- {
- foreach (TestCaseData data in Suite())
- {
- Console.WriteLine(data.TestName);
- new DtlsTestCase().RunTest((TlsTestConfig)data.Arguments[0]);
- }
- }
- }
-}
diff --git a/crypto/test/src/crypto/tls/test/LoggingDatagramTransport.cs b/crypto/test/src/crypto/tls/test/LoggingDatagramTransport.cs
deleted file mode 100644
index a26c5bdbf..000000000
--- a/crypto/test/src/crypto/tls/test/LoggingDatagramTransport.cs
+++ /dev/null
@@ -1,86 +0,0 @@
-using System;
-using System.IO;
-using System.Text;
-
-using Org.BouncyCastle.Utilities.Date;
-
-namespace Org.BouncyCastle.Crypto.Tls.Tests
-{
- public class LoggingDatagramTransport
- : DatagramTransport
- {
- private static readonly string HEX_CHARS = "0123456789ABCDEF";
-
- private readonly DatagramTransport transport;
- private readonly TextWriter output;
- private readonly long launchTimestamp;
-
- public LoggingDatagramTransport(DatagramTransport transport, TextWriter output)
- {
- this.transport = transport;
- this.output = output;
- this.launchTimestamp = DateTimeUtilities.CurrentUnixMs();
- }
-
- public virtual int GetReceiveLimit()
- {
- return transport.GetReceiveLimit();
- }
-
- public virtual int GetSendLimit()
- {
- return transport.GetSendLimit();
- }
-
- public virtual int Receive(byte[] buf, int off, int len, int waitMillis)
- {
- int length = transport.Receive(buf, off, len, waitMillis);
- if (length >= 0)
- {
- DumpDatagram("Received", buf, off, length);
- }
- return length;
- }
-
- public virtual void Send(byte[] buf, int off, int len)
- {
- DumpDatagram("Sending", buf, off, len);
- transport.Send(buf, off, len);
- }
-
- public virtual void Close()
- {
- }
-
- private void DumpDatagram(string verb, byte[] buf, int off, int len)
- {
- long timestamp = DateTimeUtilities.CurrentUnixMs() - launchTimestamp;
- StringBuilder sb = new StringBuilder("(+" + timestamp + "ms) " + verb + " " + len + " byte datagram:");
- for (int pos = 0; pos < len; ++pos)
- {
- if (pos % 16 == 0)
- {
- sb.Append(Environment.NewLine);
- sb.Append(" ");
- }
- else if (pos % 16 == 8)
- {
- sb.Append('-');
- }
- else
- {
- sb.Append(' ');
- }
- int val = buf[off + pos] & 0xFF;
- sb.Append(HEX_CHARS[val >> 4]);
- sb.Append(HEX_CHARS[val & 0xF]);
- }
- Dump(sb.ToString());
- }
-
- private void Dump(string s)
- {
- lock (this) output.WriteLine(s);
- }
- }
-}
diff --git a/crypto/test/src/crypto/tls/test/MockDatagramAssociation.cs b/crypto/test/src/crypto/tls/test/MockDatagramAssociation.cs
deleted file mode 100644
index 48df36ca9..000000000
--- a/crypto/test/src/crypto/tls/test/MockDatagramAssociation.cs
+++ /dev/null
@@ -1,110 +0,0 @@
-using System;
-using System.Collections;
-using System.IO;
-using System.Net;
-using System.Threading;
-
-using Org.BouncyCastle.Utilities;
-
-namespace Org.BouncyCastle.Crypto.Tls.Tests
-{
- public class MockDatagramAssociation
- {
- private int mtu;
- private MockDatagramTransport client, server;
-
- public MockDatagramAssociation(int mtu)
- {
- this.mtu = mtu;
-
- IList clientQueue = new ArrayList();
- IList serverQueue = new ArrayList();
-
- this.client = new MockDatagramTransport(this, clientQueue, serverQueue);
- this.server = new MockDatagramTransport(this, serverQueue, clientQueue);
- }
-
- public virtual DatagramTransport Client
- {
- get { return client; }
- }
-
- public virtual DatagramTransport Server
- {
- get { return server; }
- }
-
- private class MockDatagramTransport
- : DatagramTransport
- {
- private readonly MockDatagramAssociation mOuter;
-
- private IList receiveQueue, sendQueue;
-
- internal MockDatagramTransport(MockDatagramAssociation outer, IList receiveQueue, IList sendQueue)
- {
- this.mOuter = outer;
- this.receiveQueue = receiveQueue;
- this.sendQueue = sendQueue;
- }
-
- public virtual int GetReceiveLimit()
- {
- return mOuter.mtu;
- }
-
- public virtual int GetSendLimit()
- {
- return mOuter.mtu;
- }
-
- public virtual int Receive(byte[] buf, int off, int len, int waitMillis)
- {
- lock (receiveQueue)
- {
- if (receiveQueue.Count < 1)
- {
- try
- {
- Monitor.Wait(receiveQueue, waitMillis);
- }
- catch (ThreadInterruptedException)
- {
- // TODO Keep waiting until full wait expired?
- }
- if (receiveQueue.Count < 1)
- {
- return -1;
- }
- }
- byte[] packet = (byte[])receiveQueue[0];
- receiveQueue.RemoveAt(0);
- int copyLength = System.Math.Min(len, packet.Length);
- Array.Copy(packet, 0, buf, off, copyLength);
- return copyLength;
- }
- }
-
- public virtual void Send(byte[] buf, int off, int len)
- {
- if (len > mOuter.mtu)
- {
- // TODO Simulate rejection?
- }
-
- byte[] packet = Arrays.CopyOfRange(buf, off, off + len);
-
- lock (sendQueue)
- {
- sendQueue.Add(packet);
- Monitor.PulseAll(sendQueue);
- }
- }
-
- public virtual void Close()
- {
- // TODO?
- }
- }
- }
-}
diff --git a/crypto/test/src/crypto/tls/test/MockDtlsClient.cs b/crypto/test/src/crypto/tls/test/MockDtlsClient.cs
deleted file mode 100644
index 43b987cc1..000000000
--- a/crypto/test/src/crypto/tls/test/MockDtlsClient.cs
+++ /dev/null
@@ -1,152 +0,0 @@
-using System;
-using System.Collections;
-using System.IO;
-
-using Org.BouncyCastle.Asn1.X509;
-using Org.BouncyCastle.Utilities;
-using Org.BouncyCastle.Utilities.Encoders;
-
-namespace Org.BouncyCastle.Crypto.Tls.Tests
-{
- public class MockDtlsClient
- : DefaultTlsClient
- {
- protected TlsSession mSession;
-
- public MockDtlsClient(TlsSession session)
- {
- this.mSession = session;
- }
-
- public override TlsSession GetSessionToResume()
- {
- return this.mSession;
- }
-
- public override void NotifyAlertRaised(byte alertLevel, byte alertDescription, string message, Exception cause)
- {
- TextWriter output = (alertLevel == AlertLevel.fatal) ? Console.Error : Console.Out;
- output.WriteLine("DTLS client raised alert: " + AlertLevel.GetText(alertLevel)
- + ", " + AlertDescription.GetText(alertDescription));
- if (message != null)
- {
- output.WriteLine("> " + message);
- }
- if (cause != null)
- {
- output.WriteLine(cause);
- }
- }
-
- public override void NotifyAlertReceived(byte alertLevel, byte alertDescription)
- {
- TextWriter output = (alertLevel == AlertLevel.fatal) ? Console.Error : Console.Out;
- output.WriteLine("DTLS client received alert: " + AlertLevel.GetText(alertLevel)
- + ", " + AlertDescription.GetText(alertDescription));
- }
-
- public override ProtocolVersion ClientVersion
- {
- get { return ProtocolVersion.DTLSv12; }
- }
-
- public override ProtocolVersion MinimumVersion
- {
- get { return ProtocolVersion.DTLSv10; }
- }
-
- //public override int[] GetCipherSuites()
- //{
- // return Arrays.Concatenate(base.GetCipherSuites(),
- // new int[]
- // {
- // CipherSuite.DRAFT_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
- // });
- //}
-
- public override IDictionary GetClientExtensions()
- {
- IDictionary clientExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(base.GetClientExtensions());
- TlsExtensionsUtilities.AddEncryptThenMacExtension(clientExtensions);
- {
- /*
- * NOTE: If you are copying test code, do not blindly set these extensions in your own client.
- */
- TlsExtensionsUtilities.AddMaxFragmentLengthExtension(clientExtensions, MaxFragmentLength.pow2_9);
- TlsExtensionsUtilities.AddPaddingExtension(clientExtensions, mContext.SecureRandom.Next(16));
- TlsExtensionsUtilities.AddTruncatedHMacExtension(clientExtensions);
- }
- return clientExtensions;
- }
-
- public override void NotifyServerVersion(ProtocolVersion serverVersion)
- {
- base.NotifyServerVersion(serverVersion);
-
- Console.WriteLine("Negotiated " + serverVersion);
- }
-
- public override TlsAuthentication GetAuthentication()
- {
- return new MyTlsAuthentication(mContext);
- }
-
- public override void NotifyHandshakeComplete()
- {
- base.NotifyHandshakeComplete();
-
- TlsSession newSession = mContext.ResumableSession;
- if (newSession != null)
- {
- byte[] newSessionID = newSession.SessionID;
- string hex = Hex.ToHexString(newSessionID);
-
- if (this.mSession != null && Arrays.AreEqual(this.mSession.SessionID, newSessionID))
- {
- Console.WriteLine("Resumed session: " + hex);
- }
- else
- {
- Console.WriteLine("Established session: " + hex);
- }
-
- this.mSession = newSession;
- }
- }
-
- internal class MyTlsAuthentication
- : TlsAuthentication
- {
- private readonly TlsContext mContext;
-
- internal MyTlsAuthentication(TlsContext context)
- {
- this.mContext = context;
- }
-
- public virtual void NotifyServerCertificate(Certificate serverCertificate)
- {
- X509CertificateStructure[] chain = serverCertificate.GetCertificateList();
- Console.WriteLine("DTLS client received server certificate chain of length " + chain.Length);
- for (int i = 0; i != chain.Length; i++)
- {
- X509CertificateStructure entry = chain[i];
- // TODO Create fingerprint based on certificate signature algorithm digest
- Console.WriteLine(" fingerprint:SHA-256 " + TlsTestUtilities.Fingerprint(entry) + " ("
- + entry.Subject + ")");
- }
- }
-
- public virtual TlsCredentials GetClientCredentials(CertificateRequest certificateRequest)
- {
- byte[] certificateTypes = certificateRequest.CertificateTypes;
- if (certificateTypes == null || !Arrays.Contains(certificateTypes, ClientCertificateType.rsa_sign))
- return null;
-
- return TlsTestUtilities.LoadSignerCredentials(mContext,
- certificateRequest.SupportedSignatureAlgorithms, SignatureAlgorithm.rsa,
- new string[]{ "x509-client-rsa.pem", "x509-ca-rsa.pem" }, "x509-client-key-rsa.pem");
- }
- };
- }
-}
diff --git a/crypto/test/src/crypto/tls/test/MockDtlsServer.cs b/crypto/test/src/crypto/tls/test/MockDtlsServer.cs
deleted file mode 100644
index 842cbba58..000000000
--- a/crypto/test/src/crypto/tls/test/MockDtlsServer.cs
+++ /dev/null
@@ -1,97 +0,0 @@
-using System;
-using System.Collections;
-using System.IO;
-
-using Org.BouncyCastle.Asn1.X509;
-using Org.BouncyCastle.Utilities;
-
-namespace Org.BouncyCastle.Crypto.Tls.Tests
-{
- public class MockDtlsServer
- : DefaultTlsServer
- {
- public override void NotifyAlertRaised(byte alertLevel, byte alertDescription, string message, Exception cause)
- {
- TextWriter output = (alertLevel == AlertLevel.fatal) ? Console.Error : Console.Out;
- output.WriteLine("DTLS server raised alert: " + AlertLevel.GetText(alertLevel)
- + ", " + AlertDescription.GetText(alertDescription));
- if (message != null)
- {
- output.WriteLine("> " + message);
- }
- if (cause != null)
- {
- output.WriteLine(cause);
- }
- }
-
- public override void NotifyAlertReceived(byte alertLevel, byte alertDescription)
- {
- TextWriter output = (alertLevel == AlertLevel.fatal) ? Console.Error : Console.Out;
- output.WriteLine("DTLS server received alert: " + AlertLevel.GetText(alertLevel)
- + ", " + AlertDescription.GetText(alertDescription));
- }
-
- protected override int[] GetCipherSuites()
- {
- return Arrays.Concatenate(base.GetCipherSuites(),
- new int[]
- {
- CipherSuite.DRAFT_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
- });
- }
-
- public override CertificateRequest GetCertificateRequest()
- {
- byte[] certificateTypes = new byte[]{ ClientCertificateType.rsa_sign,
- ClientCertificateType.dss_sign, ClientCertificateType.ecdsa_sign };
-
- IList serverSigAlgs = null;
- if (TlsUtilities.IsSignatureAlgorithmsExtensionAllowed(mServerVersion))
- {
- serverSigAlgs = TlsUtilities.GetDefaultSupportedSignatureAlgorithms();
- }
-
- IList certificateAuthorities = new ArrayList();
- certificateAuthorities.Add(TlsTestUtilities.LoadCertificateResource("x509-ca-rsa.pem").Subject);
-
- return new CertificateRequest(certificateTypes, serverSigAlgs, certificateAuthorities);
- }
-
- public override void NotifyClientCertificate(Certificate clientCertificate)
- {
- X509CertificateStructure[] chain = clientCertificate.GetCertificateList();
- Console.WriteLine("DTLS server received client certificate chain of length " + chain.Length);
- for (int i = 0; i != chain.Length; i++)
- {
- X509CertificateStructure entry = chain[i];
- // TODO Create fingerprint based on certificate signature algorithm digest
- Console.WriteLine(" fingerprint:SHA-256 " + TlsTestUtilities.Fingerprint(entry) + " ("
- + entry.Subject + ")");
- }
- }
-
- protected override ProtocolVersion MaximumVersion
- {
- get { return ProtocolVersion.DTLSv12; }
- }
-
- protected override ProtocolVersion MinimumVersion
- {
- get { return ProtocolVersion.DTLSv10; }
- }
-
- protected override TlsEncryptionCredentials GetRsaEncryptionCredentials()
- {
- return TlsTestUtilities.LoadEncryptionCredentials(mContext,
- new string[] { "x509-server-rsa-enc.pem", "x509-ca-rsa.pem" }, "x509-server-key-rsa-enc.pem");
- }
-
- protected override TlsSignerCredentials GetRsaSignerCredentials()
- {
- return TlsTestUtilities.LoadSignerCredentials(mContext, mSupportedSignatureAlgorithms,
- SignatureAlgorithm.rsa, new string[]{ "x509-server-rsa-sign.pem", "x509-ca-rsa.pem" },
- "x509-server-key-rsa-sign.pem");
- }
- }
-}
diff --git a/crypto/test/src/crypto/tls/test/MockPskTlsClient.cs b/crypto/test/src/crypto/tls/test/MockPskTlsClient.cs
deleted file mode 100644
index 80ebb4dbb..000000000
--- a/crypto/test/src/crypto/tls/test/MockPskTlsClient.cs
+++ /dev/null
@@ -1,132 +0,0 @@
-using System;
-using System.Collections;
-using System.IO;
-
-using Org.BouncyCastle.Asn1.X509;
-using Org.BouncyCastle.Utilities;
-using Org.BouncyCastle.Utilities.Encoders;
-
-namespace Org.BouncyCastle.Crypto.Tls.Tests
-{
- internal class MockPskTlsClient
- : PskTlsClient
- {
- internal TlsSession mSession;
-
- internal MockPskTlsClient(TlsSession session)
- : this(session, new BasicTlsPskIdentity("client", Strings.ToUtf8ByteArray("TLS_TEST_PSK")))
- {
- }
-
- internal MockPskTlsClient(TlsSession session, TlsPskIdentity pskIdentity)
- : base(pskIdentity)
- {
- this.mSession = session;
- }
-
- public override TlsSession GetSessionToResume()
- {
- return this.mSession;
- }
-
- public override void NotifyAlertRaised(byte alertLevel, byte alertDescription, string message, Exception cause)
- {
- TextWriter output = (alertLevel == AlertLevel.fatal) ? Console.Error : Console.Out;
- output.WriteLine("TLS-PSK client raised alert: " + AlertLevel.GetText(alertLevel)
- + ", " + AlertDescription.GetText(alertDescription));
- if (message != null)
- {
- output.WriteLine("> " + message);
- }
- if (cause != null)
- {
- output.WriteLine(cause);
- }
- }
-
- public override void NotifyAlertReceived(byte alertLevel, byte alertDescription)
- {
- TextWriter output = (alertLevel == AlertLevel.fatal) ? Console.Error : Console.Out;
- output.WriteLine("TLS-PSK client received alert: " + AlertLevel.GetText(alertLevel)
- + ", " + AlertDescription.GetText(alertDescription));
- }
-
- public override void NotifyHandshakeComplete()
- {
- base.NotifyHandshakeComplete();
-
- TlsSession newSession = mContext.ResumableSession;
- if (newSession != null)
- {
- byte[] newSessionID = newSession.SessionID;
- string hex = Hex.ToHexString(newSessionID);
-
- if (this.mSession != null && Arrays.AreEqual(this.mSession.SessionID, newSessionID))
- {
- Console.WriteLine("Resumed session: " + hex);
- }
- else
- {
- Console.WriteLine("Established session: " + hex);
- }
-
- this.mSession = newSession;
- }
- }
-
- public override int[] GetCipherSuites()
- {
- return new int[]{ CipherSuite.TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
- CipherSuite.TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, CipherSuite.TLS_RSA_PSK_WITH_AES_256_CBC_SHA384,
- CipherSuite.TLS_PSK_WITH_AES_256_CBC_SHA };
- }
-
- public override ProtocolVersion MinimumVersion
- {
- get { return ProtocolVersion.TLSv12; }
- }
-
- public override IDictionary GetClientExtensions()
- {
- IDictionary clientExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(base.GetClientExtensions());
- TlsExtensionsUtilities.AddEncryptThenMacExtension(clientExtensions);
- return clientExtensions;
- }
-
- public override void NotifyServerVersion(ProtocolVersion serverVersion)
- {
- base.NotifyServerVersion(serverVersion);
-
- Console.WriteLine("TLS-PSK client negotiated " + serverVersion);
- }
-
- public override TlsAuthentication GetAuthentication()
- {
- return new MyTlsAuthentication(mContext);
- }
-
- internal class MyTlsAuthentication
- : ServerOnlyTlsAuthentication
- {
- private readonly TlsContext mContext;
-
- internal MyTlsAuthentication(TlsContext context)
- {
- this.mContext = context;
- }
-
- public override void NotifyServerCertificate(Certificate serverCertificate)
- {
- X509CertificateStructure[] chain = serverCertificate.GetCertificateList();
- Console.WriteLine("TLS-PSK client received server certificate chain of length " + chain.Length);
- for (int i = 0; i != chain.Length; i++)
- {
- X509CertificateStructure entry = chain[i];
- // TODO Create fingerprint based on certificate signature algorithm digest
- Console.WriteLine(" fingerprint:SHA-256 " + TlsTestUtilities.Fingerprint(entry) + " ("
- + entry.Subject + ")");
- }
- }
- };
- }
-}
diff --git a/crypto/test/src/crypto/tls/test/MockPskTlsServer.cs b/crypto/test/src/crypto/tls/test/MockPskTlsServer.cs
deleted file mode 100644
index 3a6860280..000000000
--- a/crypto/test/src/crypto/tls/test/MockPskTlsServer.cs
+++ /dev/null
@@ -1,105 +0,0 @@
-using System;
-using System.Collections;
-using System.IO;
-
-using Org.BouncyCastle.Utilities;
-
-namespace Org.BouncyCastle.Crypto.Tls.Tests
-{
- internal class MockPskTlsServer
- : PskTlsServer
- {
- internal MockPskTlsServer()
- : base(new MyIdentityManager())
- {
- }
-
- public override void NotifyAlertRaised(byte alertLevel, byte alertDescription, string message, Exception cause)
- {
- TextWriter output = (alertLevel == AlertLevel.fatal) ? Console.Error : Console.Out;
- output.WriteLine("TLS-PSK server raised alert: " + AlertLevel.GetText(alertLevel)
- + ", " + AlertDescription.GetText(alertDescription));
- if (message != null)
- {
- output.WriteLine("> " + message);
- }
- if (cause != null)
- {
- output.WriteLine(cause);
- }
- }
-
- public override void NotifyAlertReceived(byte alertLevel, byte alertDescription)
- {
- TextWriter output = (alertLevel == AlertLevel.fatal) ? Console.Error : Console.Out;
- output.WriteLine("TLS-PSK server received alert: " + AlertLevel.GetText(alertLevel)
- + ", " + AlertDescription.GetText(alertDescription));
- }
-
- public override void NotifyHandshakeComplete()
- {
- base.NotifyHandshakeComplete();
-
- byte[] pskIdentity = mContext.SecurityParameters.PskIdentity;
- if (pskIdentity != null)
- {
- string name = Strings.FromUtf8ByteArray(pskIdentity);
- Console.WriteLine("TLS-PSK server completed handshake for PSK identity: " + name);
- }
- }
-
- protected override int[] GetCipherSuites()
- {
- return new int[]{ CipherSuite.TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
- CipherSuite.TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, CipherSuite.TLS_RSA_PSK_WITH_AES_256_CBC_SHA384,
- CipherSuite.TLS_PSK_WITH_AES_256_CBC_SHA };
- }
-
- protected override ProtocolVersion MaximumVersion
- {
- get { return ProtocolVersion.TLSv12; }
- }
-
- protected override ProtocolVersion MinimumVersion
- {
- get { return ProtocolVersion.TLSv12; }
- }
-
- public override ProtocolVersion GetServerVersion()
- {
- ProtocolVersion serverVersion = base.GetServerVersion();
-
- Console.WriteLine("TLS-PSK server negotiated " + serverVersion);
-
- return serverVersion;
- }
-
- protected override TlsEncryptionCredentials GetRsaEncryptionCredentials()
- {
- return TlsTestUtilities.LoadEncryptionCredentials(mContext,
- new string[]{ "x509-server-rsa-enc.pem", "x509-ca-rsa.pem"}, "x509-server-key-rsa-enc.pem");
- }
-
- internal class MyIdentityManager
- : TlsPskIdentityManager
- {
- public virtual byte[] GetHint()
- {
- return Strings.ToUtf8ByteArray("hint");
- }
-
- public virtual byte[] GetPsk(byte[] identity)
- {
- if (identity != null)
- {
- string name = Strings.FromUtf8ByteArray(identity);
- if (name.Equals("client"))
- {
- return Strings.ToUtf8ByteArray("TLS_TEST_PSK");
- }
- }
- return null;
- }
- }
- }
-}
diff --git a/crypto/test/src/crypto/tls/test/MockSrpTlsClient.cs b/crypto/test/src/crypto/tls/test/MockSrpTlsClient.cs
deleted file mode 100644
index 8a6b9f496..000000000
--- a/crypto/test/src/crypto/tls/test/MockSrpTlsClient.cs
+++ /dev/null
@@ -1,120 +0,0 @@
-using System;
-using System.Collections;
-using System.IO;
-
-using Org.BouncyCastle.Asn1.X509;
-using Org.BouncyCastle.Utilities;
-using Org.BouncyCastle.Utilities.Encoders;
-
-namespace Org.BouncyCastle.Crypto.Tls.Tests
-{
- internal class MockSrpTlsClient
- : SrpTlsClient
- {
- internal TlsSession mSession;
-
- internal MockSrpTlsClient(TlsSession session, byte[] identity, byte[] password)
- : base(identity, password)
- {
- this.mSession = session;
- }
-
- public override TlsSession GetSessionToResume()
- {
- return this.mSession;
- }
-
- public override void NotifyAlertRaised(byte alertLevel, byte alertDescription, string message, Exception cause)
- {
- TextWriter output = (alertLevel == AlertLevel.fatal) ? Console.Error : Console.Out;
- output.WriteLine("TLS-SRP client raised alert: " + AlertLevel.GetText(alertLevel)
- + ", " + AlertDescription.GetText(alertDescription));
- if (message != null)
- {
- output.WriteLine("> " + message);
- }
- if (cause != null)
- {
- output.WriteLine(cause);
- }
- }
-
- public override void NotifyAlertReceived(byte alertLevel, byte alertDescription)
- {
- TextWriter output = (alertLevel == AlertLevel.fatal) ? Console.Error : Console.Out;
- output.WriteLine("TLS-SRP client received alert: " + AlertLevel.GetText(alertLevel)
- + ", " + AlertDescription.GetText(alertDescription));
- }
-
- public override void NotifyHandshakeComplete()
- {
- base.NotifyHandshakeComplete();
-
- TlsSession newSession = mContext.ResumableSession;
- if (newSession != null)
- {
- byte[] newSessionID = newSession.SessionID;
- string hex = Hex.ToHexString(newSessionID);
-
- if (this.mSession != null && Arrays.AreEqual(this.mSession.SessionID, newSessionID))
- {
- Console.WriteLine("Resumed session: " + hex);
- }
- else
- {
- Console.WriteLine("Established session: " + hex);
- }
-
- this.mSession = newSession;
- }
- }
-
- public override ProtocolVersion MinimumVersion
- {
- get { return ProtocolVersion.TLSv12; }
- }
-
- public override IDictionary GetClientExtensions()
- {
- IDictionary clientExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(base.GetClientExtensions());
- TlsExtensionsUtilities.AddEncryptThenMacExtension(clientExtensions);
- return clientExtensions;
- }
-
- public override void NotifyServerVersion(ProtocolVersion serverVersion)
- {
- base.NotifyServerVersion(serverVersion);
-
- Console.WriteLine("TLS-SRP client negotiated " + serverVersion);
- }
-
- public override TlsAuthentication GetAuthentication()
- {
- return new MyTlsAuthentication(mContext);
- }
-
- internal class MyTlsAuthentication
- : ServerOnlyTlsAuthentication
- {
- private readonly TlsContext mContext;
-
- internal MyTlsAuthentication(TlsContext context)
- {
- this.mContext = context;
- }
-
- public override void NotifyServerCertificate(Certificate serverCertificate)
- {
- X509CertificateStructure[] chain = serverCertificate.GetCertificateList();
- Console.WriteLine("TLS-SRP client received server certificate chain of length " + chain.Length);
- for (int i = 0; i != chain.Length; i++)
- {
- X509CertificateStructure entry = chain[i];
- // TODO Create fingerprint based on certificate signature algorithm digest
- Console.WriteLine(" fingerprint:SHA-256 " + TlsTestUtilities.Fingerprint(entry) + " ("
- + entry.Subject + ")");
- }
- }
- };
- }
-}
diff --git a/crypto/test/src/crypto/tls/test/MockSrpTlsServer.cs b/crypto/test/src/crypto/tls/test/MockSrpTlsServer.cs
deleted file mode 100644
index 61a86d34e..000000000
--- a/crypto/test/src/crypto/tls/test/MockSrpTlsServer.cs
+++ /dev/null
@@ -1,115 +0,0 @@
-using System;
-using System.Collections;
-using System.IO;
-
-using Org.BouncyCastle.Crypto.Agreement.Srp;
-using Org.BouncyCastle.Crypto.Parameters;
-using Org.BouncyCastle.Math;
-using Org.BouncyCastle.Utilities;
-
-namespace Org.BouncyCastle.Crypto.Tls.Tests
-{
- internal class MockSrpTlsServer
- : SrpTlsServer
- {
- internal static readonly Srp6GroupParameters TEST_GROUP = Srp6StandardGroups.rfc5054_1024;
- internal static readonly byte[] TEST_IDENTITY = Strings.ToUtf8ByteArray("client");
- internal static readonly byte[] TEST_PASSWORD = Strings.ToUtf8ByteArray("password");
- internal static readonly byte[] TEST_SALT = Strings.ToUtf8ByteArray("salt");
- internal static readonly byte[] TEST_SEED_KEY = Strings.ToUtf8ByteArray("seed_key");
-
- internal MockSrpTlsServer()
- : base(new MyIdentityManager())
- {
- }
-
- public override void NotifyAlertRaised(byte alertLevel, byte alertDescription, string message, Exception cause)
- {
- TextWriter output = (alertLevel == AlertLevel.fatal) ? Console.Error : Console.Out;
- output.WriteLine("TLS-SRP server raised alert: " + AlertLevel.GetText(alertLevel)
- + ", " + AlertDescription.GetText(alertDescription));
- if (message != null)
- {
- output.WriteLine("> " + message);
- }
- if (cause != null)
- {
- output.WriteLine(cause);
- }
- }
-
- public override void NotifyAlertReceived(byte alertLevel, byte alertDescription)
- {
- TextWriter output = (alertLevel == AlertLevel.fatal) ? Console.Error : Console.Out;
- output.WriteLine("TLS-SRP server received alert: " + AlertLevel.GetText(alertLevel)
- + ", " + AlertDescription.GetText(alertDescription));
- }
-
- public override void NotifyHandshakeComplete()
- {
- base.NotifyHandshakeComplete();
-
- byte[] srpIdentity = mContext.SecurityParameters.SrpIdentity;
- if (srpIdentity != null)
- {
- string name = Strings.FromUtf8ByteArray(srpIdentity);
- Console.WriteLine("TLS-SRP server completed handshake for SRP identity: " + name);
- }
- }
-
- protected override ProtocolVersion MaximumVersion
- {
- get { return ProtocolVersion.TLSv12; }
- }
-
- protected override ProtocolVersion MinimumVersion
- {
- get { return ProtocolVersion.TLSv12; }
- }
-
- public override ProtocolVersion GetServerVersion()
- {
- ProtocolVersion serverVersion = base.GetServerVersion();
-
- Console.WriteLine("TLS-SRP server negotiated " + serverVersion);
-
- return serverVersion;
- }
-
- protected override TlsSignerCredentials GetDsaSignerCredentials()
- {
- return TlsTestUtilities.LoadSignerCredentials(mContext, mSupportedSignatureAlgorithms,
- SignatureAlgorithm.dsa, new string[] { "x509-server-dsa.pem", "x509-ca-dsa.pem" },
- "x509-server-key-dsa.pem");
- }
-
- protected override TlsSignerCredentials GetRsaSignerCredentials()
- {
- return TlsTestUtilities.LoadSignerCredentials(mContext, mSupportedSignatureAlgorithms,
- SignatureAlgorithm.rsa, new string[] { "x509-server-rsa-sign.pem", "x509-ca-rsa.pem" },
- "x509-server-key-rsa-sign.pem");
- }
-
- internal class MyIdentityManager
- : TlsSrpIdentityManager
- {
- protected SimulatedTlsSrpIdentityManager unknownIdentityManager = SimulatedTlsSrpIdentityManager.GetRfc5054Default(
- TEST_GROUP, TEST_SEED_KEY);
-
- public virtual TlsSrpLoginParameters GetLoginParameters(byte[] identity)
- {
- if (Arrays.AreEqual(TEST_IDENTITY, identity))
- {
- Srp6VerifierGenerator verifierGenerator = new Srp6VerifierGenerator();
- verifierGenerator.Init(TEST_GROUP, TlsUtilities.CreateHash(HashAlgorithm.sha1));
-
- BigInteger verifier = verifierGenerator.GenerateVerifier(TEST_SALT, identity, TEST_PASSWORD);
-
- return new TlsSrpLoginParameters(TEST_GROUP, verifier, TEST_SALT);
- }
-
- return unknownIdentityManager.GetLoginParameters(identity);
- }
- }
- }
-}
diff --git a/crypto/test/src/crypto/tls/test/MockTlsClient.cs b/crypto/test/src/crypto/tls/test/MockTlsClient.cs
deleted file mode 100644
index cdf727cc9..000000000
--- a/crypto/test/src/crypto/tls/test/MockTlsClient.cs
+++ /dev/null
@@ -1,142 +0,0 @@
-using System;
-using System.Collections;
-using System.IO;
-
-using Org.BouncyCastle.Asn1.X509;
-using Org.BouncyCastle.Utilities;
-using Org.BouncyCastle.Utilities.Encoders;
-
-namespace Org.BouncyCastle.Crypto.Tls.Tests
-{
- internal class MockTlsClient
- : DefaultTlsClient
- {
- internal TlsSession mSession;
-
- internal MockTlsClient(TlsSession session)
- {
- this.mSession = session;
- }
-
- public override TlsSession GetSessionToResume()
- {
- return this.mSession;
- }
-
- public override void NotifyAlertRaised(byte alertLevel, byte alertDescription, string message, Exception cause)
- {
- TextWriter output = (alertLevel == AlertLevel.fatal) ? Console.Error : Console.Out;
- output.WriteLine("TLS client raised alert: " + AlertLevel.GetText(alertLevel)
- + ", " + AlertDescription.GetText(alertDescription));
- if (message != null)
- {
- output.WriteLine("> " + message);
- }
- if (cause != null)
- {
- output.WriteLine(cause);
- }
- }
-
- public override void NotifyAlertReceived(byte alertLevel, byte alertDescription)
- {
- TextWriter output = (alertLevel == AlertLevel.fatal) ? Console.Error : Console.Out;
- output.WriteLine("TLS client received alert: " + AlertLevel.GetText(alertLevel)
- + ", " + AlertDescription.GetText(alertDescription));
- }
-
- //public override int[] GetCipherSuites()
- //{
- // return Arrays.Concatenate(base.GetCipherSuites(),
- // new int[]
- // {
- // CipherSuite.DRAFT_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
- // });
- //}
-
- public override IDictionary GetClientExtensions()
- {
- IDictionary clientExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(base.GetClientExtensions());
- TlsExtensionsUtilities.AddEncryptThenMacExtension(clientExtensions);
- {
- /*
- * NOTE: If you are copying test code, do not blindly set these extensions in your own client.
- */
- TlsExtensionsUtilities.AddMaxFragmentLengthExtension(clientExtensions, MaxFragmentLength.pow2_9);
- TlsExtensionsUtilities.AddPaddingExtension(clientExtensions, mContext.SecureRandom.Next(16));
- TlsExtensionsUtilities.AddTruncatedHMacExtension(clientExtensions);
- }
- return clientExtensions;
- }
-
- public override void NotifyServerVersion(ProtocolVersion serverVersion)
- {
- base.NotifyServerVersion(serverVersion);
-
- Console.WriteLine("TLS client negotiated " + serverVersion);
- }
-
- public override TlsAuthentication GetAuthentication()
- {
- return new MyTlsAuthentication(mContext);
- }
-
- public override void NotifyHandshakeComplete()
- {
- base.NotifyHandshakeComplete();
-
- TlsSession newSession = mContext.ResumableSession;
- if (newSession != null)
- {
- byte[] newSessionID = newSession.SessionID;
- string hex = Hex.ToHexString(newSessionID);
-
- if (this.mSession != null && Arrays.AreEqual(this.mSession.SessionID, newSessionID))
- {
- Console.WriteLine("Resumed session: " + hex);
- }
- else
- {
- Console.WriteLine("Established session: " + hex);
- }
-
- this.mSession = newSession;
- }
- }
-
- internal class MyTlsAuthentication
- : TlsAuthentication
- {
- private readonly TlsContext mContext;
-
- internal MyTlsAuthentication(TlsContext context)
- {
- this.mContext = context;
- }
-
- public virtual void NotifyServerCertificate(Certificate serverCertificate)
- {
- X509CertificateStructure[] chain = serverCertificate.GetCertificateList();
- Console.WriteLine("TLS client received server certificate chain of length " + chain.Length);
- for (int i = 0; i != chain.Length; i++)
- {
- X509CertificateStructure entry = chain[i];
- // TODO Create fingerprint based on certificate signature algorithm digest
- Console.WriteLine(" fingerprint:SHA-256 " + TlsTestUtilities.Fingerprint(entry) + " ("
- + entry.Subject + ")");
- }
- }
-
- public virtual TlsCredentials GetClientCredentials(CertificateRequest certificateRequest)
- {
- byte[] certificateTypes = certificateRequest.CertificateTypes;
- if (certificateTypes == null || !Arrays.Contains(certificateTypes, ClientCertificateType.rsa_sign))
- return null;
-
- return TlsTestUtilities.LoadSignerCredentials(mContext,
- certificateRequest.SupportedSignatureAlgorithms, SignatureAlgorithm.rsa,
- new string[]{ "x509-client-rsa.pem", "x509-ca-rsa.pem" }, "x509-client-key-rsa.pem");
- }
- };
- }
-}
diff --git a/crypto/test/src/crypto/tls/test/MockTlsServer.cs b/crypto/test/src/crypto/tls/test/MockTlsServer.cs
deleted file mode 100644
index 5911607bc..000000000
--- a/crypto/test/src/crypto/tls/test/MockTlsServer.cs
+++ /dev/null
@@ -1,101 +0,0 @@
-using System;
-using System.Collections;
-using System.IO;
-
-using Org.BouncyCastle.Asn1.X509;
-using Org.BouncyCastle.Utilities;
-
-namespace Org.BouncyCastle.Crypto.Tls.Tests
-{
- internal class MockTlsServer
- : DefaultTlsServer
- {
- public override void NotifyAlertRaised(byte alertLevel, byte alertDescription, string message, Exception cause)
- {
- TextWriter output = (alertLevel == AlertLevel.fatal) ? Console.Error : Console.Out;
- output.WriteLine("TLS server raised alert: " + AlertLevel.GetText(alertLevel)
- + ", " + AlertDescription.GetText(alertDescription));
- if (message != null)
- {
- output.WriteLine("> " + message);
- }
- if (cause != null)
- {
- output.WriteLine(cause);
- }
- }
-
- public override void NotifyAlertReceived(byte alertLevel, byte alertDescription)
- {
- TextWriter output = (alertLevel == AlertLevel.fatal) ? Console.Error : Console.Out;
- output.WriteLine("TLS server received alert: " + AlertLevel.GetText(alertLevel)
- + ", " + AlertDescription.GetText(alertDescription));
- }
-
- protected override int[] GetCipherSuites()
- {
- return Arrays.Concatenate(base.GetCipherSuites(),
- new int[]
- {
- CipherSuite.DRAFT_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
- });
- }
-
- protected override ProtocolVersion MaximumVersion
- {
- get { return ProtocolVersion.TLSv12; }
- }
-
- public override ProtocolVersion GetServerVersion()
- {
- ProtocolVersion serverVersion = base.GetServerVersion();
-
- Console.WriteLine("TLS server negotiated " + serverVersion);
-
- return serverVersion;
- }
-
- public override CertificateRequest GetCertificateRequest()
- {
- byte[] certificateTypes = new byte[]{ ClientCertificateType.rsa_sign,
- ClientCertificateType.dss_sign, ClientCertificateType.ecdsa_sign };
-
- IList serverSigAlgs = null;
- if (TlsUtilities.IsSignatureAlgorithmsExtensionAllowed(mServerVersion))
- {
- serverSigAlgs = TlsUtilities.GetDefaultSupportedSignatureAlgorithms();
- }
-
- IList certificateAuthorities = new ArrayList();
- certificateAuthorities.Add(TlsTestUtilities.LoadCertificateResource("x509-ca-rsa.pem").Subject);
-
- return new CertificateRequest(certificateTypes, serverSigAlgs, certificateAuthorities);
- }
-
- public override void NotifyClientCertificate(Certificate clientCertificate)
- {
- X509CertificateStructure[] chain = clientCertificate.GetCertificateList();
- Console.WriteLine("TLS server received client certificate chain of length " + chain.Length);
- for (int i = 0; i != chain.Length; i++)
- {
- X509CertificateStructure entry = chain[i];
- // TODO Create fingerprint based on certificate signature algorithm digest
- Console.WriteLine(" fingerprint:SHA-256 " + TlsTestUtilities.Fingerprint(entry) + " ("
- + entry.Subject + ")");
- }
- }
-
- protected override TlsEncryptionCredentials GetRsaEncryptionCredentials()
- {
- return TlsTestUtilities.LoadEncryptionCredentials(mContext,
- new string[]{ "x509-server-rsa-enc.pem", "x509-ca-rsa.pem" }, "x509-server-key-rsa-enc.pem");
- }
-
- protected override TlsSignerCredentials GetRsaSignerCredentials()
- {
- return TlsTestUtilities.LoadSignerCredentials(mContext, mSupportedSignatureAlgorithms,
- SignatureAlgorithm.rsa, new string[]{ "x509-server-rsa-sign.pem", "x509-ca-rsa.pem" },
- "x509-server-key-rsa-sign.pem");
- }
- }
-}
diff --git a/crypto/test/src/crypto/tls/test/NetworkStream.cs b/crypto/test/src/crypto/tls/test/NetworkStream.cs
deleted file mode 100644
index c20101c8f..000000000
--- a/crypto/test/src/crypto/tls/test/NetworkStream.cs
+++ /dev/null
@@ -1,101 +0,0 @@
-using System;
-using System.IO;
-
-namespace Org.BouncyCastle.Crypto.Tls.Tests
-{
- internal class NetworkStream
- : Stream
- {
- private readonly Stream mInner;
- private bool mClosed = false;
-
- internal NetworkStream(Stream inner)
- {
- this.mInner = inner;
- }
-
- internal virtual bool IsClosed
- {
- get { lock (this) return mClosed; }
- }
-
- public override bool CanRead
- {
- get { return mInner.CanRead; }
- }
-
- public override bool CanSeek
- {
- get { return mInner.CanSeek; }
- }
-
- public override bool CanWrite
- {
- get { return mInner.CanWrite; }
- }
-
- public override void Close()
- {
- lock (this) mClosed = true;
- }
-
- public override void Flush()
- {
- mInner.Flush();
- }
-
- public override long Length
- {
- get { return mInner.Length; }
- }
-
- public override long Position
- {
- get { return mInner.Position; }
- set { mInner.Position = value; }
- }
-
- public override long Seek(long offset, SeekOrigin origin)
- {
- return mInner.Seek(offset, origin);
- }
-
- public override void SetLength(long value)
- {
- mInner.SetLength(value);
- }
-
- public override int Read(byte[] buffer, int offset, int count)
- {
- CheckNotClosed();
- return mInner.Read(buffer, offset, count);
- }
-
- public override int ReadByte()
- {
- CheckNotClosed();
- return mInner.ReadByte();
- }
-
- public override void Write(byte[] buf, int off, int len)
- {
- CheckNotClosed();
- mInner.Write(buf, off, len);
- }
-
- public override void WriteByte(byte value)
- {
- CheckNotClosed();
- mInner.WriteByte(value);
- }
-
- private void CheckNotClosed()
- {
- lock (this)
- {
- if (mClosed)
- throw new ObjectDisposedException(this.GetType().Name);
- }
- }
- }
-}
diff --git a/crypto/test/src/crypto/tls/test/PipedStream.cs b/crypto/test/src/crypto/tls/test/PipedStream.cs
deleted file mode 100644
index cfff4b840..000000000
--- a/crypto/test/src/crypto/tls/test/PipedStream.cs
+++ /dev/null
@@ -1,134 +0,0 @@
-using System;
-using System.IO;
-using System.Threading;
-
-namespace Org.BouncyCastle.Crypto.Tls.Tests
-{
- internal class PipedStream
- : Stream
- {
- private readonly MemoryStream mBuf = new MemoryStream();
- private bool mClosed = false;
-
- private PipedStream mOther = null;
- private long mReadPos = 0;
-
- internal PipedStream()
- {
- }
-
- internal PipedStream(PipedStream other)
- {
- lock (other)
- {
- this.mOther = other;
- other.mOther = this;
- }
- }
-
- public override bool CanRead
- {
- get { return true; }
- }
-
- public override bool CanSeek
- {
- get { return false; }
- }
-
- public override bool CanWrite
- {
- get { return true; }
- }
-
- public override void Close()
- {
- lock (this)
- {
- mClosed = true;
- Monitor.PulseAll(this);
- }
- }
-
- public override void Flush()
- {
- }
-
- public override long Length
- {
- get { throw new NotImplementedException(); }
- }
-
- public override long Position
- {
- get { throw new NotImplementedException(); }
- set { throw new NotImplementedException(); }
- }
-
- public override long Seek(long offset, SeekOrigin origin)
- {
- throw new NotImplementedException();
- }
-
- public override void SetLength(long value)
- {
- throw new NotImplementedException();
- }
-
- public override int Read(byte[] buffer, int offset, int count)
- {
- lock (mOther)
- {
- WaitForData();
- int len = (int)System.Math.Min(count, mOther.mBuf.Position - mReadPos);
- Array.Copy(mOther.mBuf.GetBuffer(), mReadPos, buffer, offset, len);
- mReadPos += len;
- return len;
- }
- }
-
- public override int ReadByte()
- {
- lock (mOther)
- {
- WaitForData();
- bool eof = (mReadPos >= mOther.mBuf.Position);
- return eof ? -1 : mOther.mBuf.GetBuffer()[mReadPos++];
- }
- }
-
- public override void Write(byte[] buf, int off, int len)
- {
- lock (this)
- {
- CheckOpen();
- mBuf.Write(buf, off, len);
- Monitor.PulseAll(this);
- }
- }
-
- public override void WriteByte(byte value)
- {
- lock (this)
- {
- CheckOpen();
- mBuf.WriteByte(value);
- Monitor.PulseAll(mBuf);
- }
- }
-
- private void CheckOpen()
- {
- if (mClosed)
- throw new ObjectDisposedException(this.GetType().Name);
- }
-
- private void WaitForData()
- {
- while (mReadPos >= mOther.mBuf.Position && !mOther.mClosed)
- {
- Monitor.Wait(mOther);
- }
- }
- }
-}
diff --git a/crypto/test/src/crypto/tls/test/PskTlsClientTest.cs b/crypto/test/src/crypto/tls/test/PskTlsClientTest.cs
deleted file mode 100644
index a8c5b470a..000000000
--- a/crypto/test/src/crypto/tls/test/PskTlsClientTest.cs
+++ /dev/null
@@ -1,84 +0,0 @@
-using System;
-using System.IO;
-using System.Net.Sockets;
-using System.Text;
-
-using Org.BouncyCastle.Security;
-using Org.BouncyCastle.Utilities;
-
-namespace Org.BouncyCastle.Crypto.Tls.Tests
-{
- /**
- * A simple test designed to conduct a TLS handshake with an external TLS server.
- * <p>
- * Please refer to GnuTLSSetup.html or OpenSSLSetup.html (under 'docs'), and x509-*.pem files in
- * this package (under 'src/test/resources') for help configuring an external TLS server.
- * </p><p>
- * In both cases, extra options are required to enable PSK ciphersuites and configure identities/keys.
- * </p>
- */
- public class PskTlsClientTest
- {
- private static readonly SecureRandom secureRandom = new SecureRandom();
-
- public static void Main(string[] args)
- {
- string hostname = "localhost";
- int port = 5556;
-
- long time1 = DateTime.UtcNow.Ticks;
-
- /*
- * Note: This is the default PSK identity for 'openssl s_server' testing, the server must be
- * started with "-psk 6161616161" to make the keys match, and possibly the "-psk_hint"
- * option should be present.
- */
- //string psk_identity = "Client_identity";
- //byte[] psk = new byte[]{ 0x61, 0x61, 0x61, 0x61, 0x61 };
-
- // These correspond to the configuration of MockPskTlsServer
- string psk_identity = "client";
- byte[] psk = Strings.ToUtf8ByteArray("TLS_TEST_PSK");
-
- BasicTlsPskIdentity pskIdentity = new BasicTlsPskIdentity(psk_identity, psk);
-
- MockPskTlsClient client = new MockPskTlsClient(null, pskIdentity);
- TlsClientProtocol protocol = OpenTlsConnection(hostname, port, client);
- protocol.Close();
-
- long time2 = DateTime.UtcNow.Ticks;
- Console.WriteLine("Elapsed 1: " + (time2 - time1)/TimeSpan.TicksPerMillisecond + "ms");
-
- client = new MockPskTlsClient(client.GetSessionToResume(), pskIdentity);
- protocol = OpenTlsConnection(hostname, port, client);
-
- long time3 = DateTime.UtcNow.Ticks;
- Console.WriteLine("Elapsed 2: " + (time3 - time2)/TimeSpan.TicksPerMillisecond + "ms");
-
- byte[] req = Encoding.UTF8.GetBytes("GET / HTTP/1.1\r\n\r\n");
-
- Stream tlsStream = protocol.Stream;
- tlsStream.Write(req, 0, req.Length);
- tlsStream.Flush();
-
- StreamReader reader = new StreamReader(tlsStream);
-
- String line;
- while ((line = reader.ReadLine()) != null)
- {
- Console.WriteLine(">>> " + line);
- }
-
- protocol.Close();
- }
-
- internal static TlsClientProtocol OpenTlsConnection(string hostname, int port, TlsClient client)
- {
- TcpClient tcp = new TcpClient(hostname, port);
-
- TlsClientProtocol protocol = new TlsClientProtocol(tcp.GetStream(), secureRandom);
- protocol.Connect(client);
- return protocol;
- }
- }
-}
diff --git a/crypto/test/src/crypto/tls/test/PskTlsServerTest.cs b/crypto/test/src/crypto/tls/test/PskTlsServerTest.cs
deleted file mode 100644
index 15766f0a4..000000000
--- a/crypto/test/src/crypto/tls/test/PskTlsServerTest.cs
+++ /dev/null
@@ -1,85 +0,0 @@
-using System;
-using System.IO;
-using System.Net;
-using System.Net.Sockets;
-using System.Threading;
-
-using Org.BouncyCastle.Security;
-using Org.BouncyCastle.Utilities.IO;
-
-namespace Org.BouncyCastle.Crypto.Tls.Tests
-{
- /**
- * A simple test designed to conduct a TLS handshake with an external TLS client.
- * <p/>
- * Please refer to GnuTLSSetup.html or OpenSSLSetup.html (under 'docs'), and x509-*.pem files in
- * this package (under 'src/test/resources') for help configuring an external TLS client.
- */
- public class PskTlsServerTest
- {
- private static readonly SecureRandom secureRandom = new SecureRandom();
-
- public static void Main(string[] args)
- {
- int port = 5556;
-
- TcpListener ss = new TcpListener(IPAddress.Any, port);
- ss.Start();
- Stream stdout = Console.OpenStandardOutput();
- try
- {
- while (true)
- {
- TcpClient s = ss.AcceptTcpClient();
- Console.WriteLine("--------------------------------------------------------------------------------");
- Console.WriteLine("Accepted " + s);
- ServerThread st = new ServerThread(s, stdout);
- Thread t = new Thread(new ThreadStart(st.Run));
- t.Start();
- }
- }
- finally
- {
- ss.Stop();
- }
- }
-
- internal class ServerThread
- {
- private readonly TcpClient s;
- private readonly Stream stdout;
-
- internal ServerThread(TcpClient s, Stream stdout)
- {
- this.s = s;
- this.stdout = stdout;
- }
-
- public void Run()
- {
- try
- {
- MockPskTlsServer server = new MockPskTlsServer();
- TlsServerProtocol serverProtocol = new TlsServerProtocol(s.GetStream(), secureRandom);
- serverProtocol.Accept(server);
- Stream log = new TeeOutputStream(serverProtocol.Stream, stdout);
- Streams.PipeAll(serverProtocol.Stream, log);
- serverProtocol.Close();
- }
- finally
- {
- try
- {
- s.Close();
- }
- catch (IOException)
- {
- }
- finally
- {
- }
- }
- }
- }
- }
-}
diff --git a/crypto/test/src/crypto/tls/test/TlsClientTest.cs b/crypto/test/src/crypto/tls/test/TlsClientTest.cs
deleted file mode 100644
index c9a5ef9ad..000000000
--- a/crypto/test/src/crypto/tls/test/TlsClientTest.cs
+++ /dev/null
@@ -1,66 +0,0 @@
-using System;
-using System.IO;
-using System.Net.Sockets;
-using System.Text;
-
-using Org.BouncyCastle.Security;
-
-namespace Org.BouncyCastle.Crypto.Tls.Tests
-{
- /**
- * A simple test designed to conduct a TLS handshake with an external TLS server.
- * <p/>
- * Please refer to GnuTLSSetup.html or OpenSSLSetup.html (under 'docs'), and x509-*.pem files in
- * this package (under 'src/test/resources') for help configuring an external TLS server.
- */
- public class TlsClientTest
- {
- private static readonly SecureRandom secureRandom = new SecureRandom();
-
- public static void Main(string[] args)
- {
- string hostname = "localhost";
- int port = 5556;
-
- long time1 = DateTime.UtcNow.Ticks;
-
- MockTlsClient client = new MockTlsClient(null);
- TlsClientProtocol protocol = OpenTlsConnection(hostname, port, client);
- protocol.Close();
-
- long time2 = DateTime.UtcNow.Ticks;
- Console.WriteLine("Elapsed 1: " + (time2 - time1)/TimeSpan.TicksPerMillisecond + "ms");
-
- client = new MockTlsClient(client.GetSessionToResume());
- protocol = OpenTlsConnection(hostname, port, client);
-
- long time3 = DateTime.UtcNow.Ticks;
- Console.WriteLine("Elapsed 2: " + (time3 - time2)/TimeSpan.TicksPerMillisecond + "ms");
-
- byte[] req = Encoding.UTF8.GetBytes("GET / HTTP/1.1\r\n\r\n");
-
- Stream tlsStream = protocol.Stream;
- tlsStream.Write(req, 0, req.Length);
- tlsStream.Flush();
-
- StreamReader reader = new StreamReader(tlsStream);
-
- String line;
- while ((line = reader.ReadLine()) != null)
- {
- Console.WriteLine(">>> " + line);
- }
-
- protocol.Close();
- }
-
- internal static TlsClientProtocol OpenTlsConnection(string hostname, int port, TlsClient client)
- {
- TcpClient tcp = new TcpClient(hostname, port);
-
- TlsClientProtocol protocol = new TlsClientProtocol(tcp.GetStream(), secureRandom);
- protocol.Connect(client);
- return protocol;
- }
- }
-}
diff --git a/crypto/test/src/crypto/tls/test/TlsProtocolNonBlockingTest.cs b/crypto/test/src/crypto/tls/test/TlsProtocolNonBlockingTest.cs
deleted file mode 100644
index 219a65af7..000000000
--- a/crypto/test/src/crypto/tls/test/TlsProtocolNonBlockingTest.cs
+++ /dev/null
@@ -1,127 +0,0 @@
-using System;
-using System.IO;
-
-using NUnit.Framework;
-
-using Org.BouncyCastle.Security;
-using Org.BouncyCastle.Utilities;
-
-namespace Org.BouncyCastle.Crypto.Tls.Tests
-{
- [TestFixture]
- public class TlsProtocolNonBlockingTest
- {
- [Test]
- public void TestClientServerFragmented()
- {
- // tests if it's really non-blocking when partial records arrive
- DoTestClientServer(true);
- }
-
- [Test]
- public void TestClientServerNonFragmented()
- {
- DoTestClientServer(false);
- }
-
- private static void DoTestClientServer(bool fragment)
- {
- SecureRandom secureRandom = new SecureRandom();
-
- TlsClientProtocol clientProtocol = new TlsClientProtocol(secureRandom);
- TlsServerProtocol serverProtocol = new TlsServerProtocol(secureRandom);
-
- clientProtocol.Connect(new MockTlsClient(null));
- serverProtocol.Accept(new MockTlsServer());
-
- // pump handshake
- bool hadDataFromServer = true;
- bool hadDataFromClient = true;
- while (hadDataFromServer || hadDataFromClient)
- {
- hadDataFromServer = PumpData(serverProtocol, clientProtocol, fragment);
- hadDataFromClient = PumpData(clientProtocol, serverProtocol, fragment);
- }
-
- // send data in both directions
- byte[] data = new byte[1024];
- secureRandom.NextBytes(data);
- WriteAndRead(clientProtocol, serverProtocol, data, fragment);
- WriteAndRead(serverProtocol, clientProtocol, data, fragment);
-
- // close the connection
- clientProtocol.Close();
- PumpData(clientProtocol, serverProtocol, fragment);
- serverProtocol.CloseInput();
- CheckClosed(serverProtocol);
- CheckClosed(clientProtocol);
- }
-
- private static void WriteAndRead(TlsProtocol writer, TlsProtocol reader, byte[] data, bool fragment)
- {
- int dataSize = data.Length;
- writer.OfferOutput(data, 0, dataSize);
- PumpData(writer, reader, fragment);
-
- Assert.AreEqual(dataSize, reader.GetAvailableInputBytes());
- byte[] readData = new byte[dataSize];
- reader.ReadInput(readData, 0, dataSize);
- AssertArrayEquals(data, readData);
- }
-
- private static bool PumpData(TlsProtocol from, TlsProtocol to, bool fragment)
- {
- int byteCount = from.GetAvailableOutputBytes();
- if (byteCount == 0)
- {
- return false;
- }
-
- if (fragment)
- {
- byte[] buffer = new byte[1];
- while (from.GetAvailableOutputBytes() > 0)
- {
- from.ReadOutput(buffer, 0, 1);
- to.OfferInput(buffer);
- }
- }
- else
- {
- byte[] buffer = new byte[byteCount];
- from.ReadOutput(buffer, 0, buffer.Length);
- to.OfferInput(buffer);
- }
-
- return true;
- }
-
- private static void CheckClosed(TlsProtocol protocol)
- {
- Assert.IsTrue(protocol.IsClosed);
-
- try
- {
- protocol.OfferInput(new byte[10]);
- Assert.Fail("Input was accepted after close");
- }
- catch (IOException)
- {
- }
-
- try
- {
- protocol.OfferOutput(new byte[10], 0, 10);
- Assert.Fail("Output was accepted after close");
- }
- catch (IOException)
- {
- }
- }
-
- private static void AssertArrayEquals(byte[] a, byte[] b)
- {
- Assert.IsTrue(Arrays.AreEqual(a, b));
- }
- }
-}
diff --git a/crypto/test/src/crypto/tls/test/TlsProtocolTest.cs b/crypto/test/src/crypto/tls/test/TlsProtocolTest.cs
deleted file mode 100644
index ba5b90c75..000000000
--- a/crypto/test/src/crypto/tls/test/TlsProtocolTest.cs
+++ /dev/null
@@ -1,80 +0,0 @@
-using System;
-using System.IO;
-using System.Threading;
-
-using Org.BouncyCastle.Security;
-using Org.BouncyCastle.Utilities;
-using Org.BouncyCastle.Utilities.IO;
-
-using NUnit.Framework;
-
-namespace Org.BouncyCastle.Crypto.Tls.Tests
-{
- [TestFixture]
- public class TlsProtocolTest
- {
- [Test]
- public void TestClientServer()
- {
- SecureRandom secureRandom = new SecureRandom();
-
- PipedStream clientPipe = new PipedStream();
- PipedStream serverPipe = new PipedStream(clientPipe);
-
- TlsClientProtocol clientProtocol = new TlsClientProtocol(clientPipe, secureRandom);
- TlsServerProtocol serverProtocol = new TlsServerProtocol(serverPipe, secureRandom);
-
- Server server = new Server(serverProtocol);
-
- Thread serverThread = new Thread(new ThreadStart(server.Run));
- serverThread.Start();
-
- MockTlsClient client = new MockTlsClient(null);
- clientProtocol.Connect(client);
-
- // NOTE: Because we write-all before we read-any, this length can't be more than the pipe capacity
- int length = 1000;
-
- byte[] data = new byte[length];
- secureRandom.NextBytes(data);
-
- Stream output = clientProtocol.Stream;
- output.Write(data, 0, data.Length);
-
- byte[] echo = new byte[data.Length];
- int count = Streams.ReadFully(clientProtocol.Stream, echo);
-
- Assert.AreEqual(count, data.Length);
- Assert.IsTrue(Arrays.AreEqual(data, echo));
-
- output.Close();
-
- serverThread.Join();
- }
-
- internal class Server
- {
- private readonly TlsServerProtocol mServerProtocol;
-
- internal Server(TlsServerProtocol serverProtocol)
- {
- this.mServerProtocol = serverProtocol;
- }
-
- public void Run()
- {
- try
- {
- MockTlsServer server = new MockTlsServer();
- mServerProtocol.Accept(server);
- Streams.PipeAll(mServerProtocol.Stream, mServerProtocol.Stream);
- mServerProtocol.Close();
- }
- catch (Exception)
- {
- //throw new RuntimeException(e);
- }
- }
- }
- }
-}
diff --git a/crypto/test/src/crypto/tls/test/TlsPskProtocolTest.cs b/crypto/test/src/crypto/tls/test/TlsPskProtocolTest.cs
deleted file mode 100644
index b059bb2cb..000000000
--- a/crypto/test/src/crypto/tls/test/TlsPskProtocolTest.cs
+++ /dev/null
@@ -1,80 +0,0 @@
-using System;
-using System.IO;
-using System.Threading;
-
-using Org.BouncyCastle.Security;
-using Org.BouncyCastle.Utilities;
-using Org.BouncyCastle.Utilities.IO;
-
-using NUnit.Framework;
-
-namespace Org.BouncyCastle.Crypto.Tls.Tests
-{
- [TestFixture]
- public class TlsPskProtocolTest
- {
- [Test]
- public void TestClientServer()
- {
- SecureRandom secureRandom = new SecureRandom();
-
- PipedStream clientPipe = new PipedStream();
- PipedStream serverPipe = new PipedStream(clientPipe);
-
- TlsClientProtocol clientProtocol = new TlsClientProtocol(clientPipe, secureRandom);
- TlsServerProtocol serverProtocol = new TlsServerProtocol(serverPipe, secureRandom);
-
- Server server = new Server(serverProtocol);
-
- Thread serverThread = new Thread(new ThreadStart(server.Run));
- serverThread.Start();
-
- MockPskTlsClient client = new MockPskTlsClient(null);
- clientProtocol.Connect(client);
-
- // NOTE: Because we write-all before we read-any, this length can't be more than the pipe capacity
- int length = 1000;
-
- byte[] data = new byte[length];
- secureRandom.NextBytes(data);
-
- Stream output = clientProtocol.Stream;
- output.Write(data, 0, data.Length);
-
- byte[] echo = new byte[data.Length];
- int count = Streams.ReadFully(clientProtocol.Stream, echo);
-
- Assert.AreEqual(count, data.Length);
- Assert.IsTrue(Arrays.AreEqual(data, echo));
-
- output.Close();
-
- serverThread.Join();
- }
-
- internal class Server
- {
- private readonly TlsServerProtocol mServerProtocol;
-
- internal Server(TlsServerProtocol serverProtocol)
- {
- this.mServerProtocol = serverProtocol;
- }
-
- public void Run()
- {
- try
- {
- MockPskTlsServer server = new MockPskTlsServer();
- mServerProtocol.Accept(server);
- Streams.PipeAll(mServerProtocol.Stream, mServerProtocol.Stream);
- mServerProtocol.Close();
- }
- catch (Exception)
- {
- //throw new RuntimeException(e);
- }
- }
- }
- }
-}
diff --git a/crypto/test/src/crypto/tls/test/TlsServerTest.cs b/crypto/test/src/crypto/tls/test/TlsServerTest.cs
deleted file mode 100644
index 7920cb59a..000000000
--- a/crypto/test/src/crypto/tls/test/TlsServerTest.cs
+++ /dev/null
@@ -1,85 +0,0 @@
-using System;
-using System.IO;
-using System.Net;
-using System.Net.Sockets;
-using System.Threading;
-
-using Org.BouncyCastle.Security;
-using Org.BouncyCastle.Utilities.IO;
-
-namespace Org.BouncyCastle.Crypto.Tls.Tests
-{
- /**
- * A simple test designed to conduct a TLS handshake with an external TLS client.
- * <p/>
- * Please refer to GnuTLSSetup.html or OpenSSLSetup.html (under 'docs'), and x509-*.pem files in
- * this package (under 'src/test/resources') for help configuring an external TLS client.
- */
- public class TlsServerTest
- {
- private static readonly SecureRandom secureRandom = new SecureRandom();
-
- public static void Main(string[] args)
- {
- int port = 5556;
-
- TcpListener ss = new TcpListener(IPAddress.Any, port);
- ss.Start();
- Stream stdout = Console.OpenStandardOutput();
- try
- {
- while (true)
- {
- TcpClient s = ss.AcceptTcpClient();
- Console.WriteLine("--------------------------------------------------------------------------------");
- Console.WriteLine("Accepted " + s);
- ServerThread st = new ServerThread(s, stdout);
- Thread t = new Thread(new ThreadStart(st.Run));
- t.Start();
- }
- }
- finally
- {
- ss.Stop();
- }
- }
-
- internal class ServerThread
- {
- private readonly TcpClient s;
- private readonly Stream stdout;
-
- internal ServerThread(TcpClient s, Stream stdout)
- {
- this.s = s;
- this.stdout = stdout;
- }
-
- public void Run()
- {
- try
- {
- MockTlsServer server = new MockTlsServer();
- TlsServerProtocol serverProtocol = new TlsServerProtocol(s.GetStream(), secureRandom);
- serverProtocol.Accept(server);
- Stream log = new TeeOutputStream(serverProtocol.Stream, stdout);
- Streams.PipeAll(serverProtocol.Stream, log);
- serverProtocol.Close();
- }
- finally
- {
- try
- {
- s.Close();
- }
- catch (IOException)
- {
- }
- finally
- {
- }
- }
- }
- }
- }
-}
diff --git a/crypto/test/src/crypto/tls/test/TlsSrpProtocolTest.cs b/crypto/test/src/crypto/tls/test/TlsSrpProtocolTest.cs
deleted file mode 100644
index 32e126ff2..000000000
--- a/crypto/test/src/crypto/tls/test/TlsSrpProtocolTest.cs
+++ /dev/null
@@ -1,80 +0,0 @@
-using System;
-using System.IO;
-using System.Threading;
-
-using Org.BouncyCastle.Security;
-using Org.BouncyCastle.Utilities;
-using Org.BouncyCastle.Utilities.IO;
-
-using NUnit.Framework;
-
-namespace Org.BouncyCastle.Crypto.Tls.Tests
-{
- [TestFixture]
- public class TlsSrpProtocolTest
- {
- [Test]
- public void TestClientServer()
- {
- SecureRandom secureRandom = new SecureRandom();
-
- PipedStream clientPipe = new PipedStream();
- PipedStream serverPipe = new PipedStream(clientPipe);
-
- TlsClientProtocol clientProtocol = new TlsClientProtocol(clientPipe, secureRandom);
- TlsServerProtocol serverProtocol = new TlsServerProtocol(serverPipe, secureRandom);
-
- Server server = new Server(serverProtocol);
-
- Thread serverThread = new Thread(new ThreadStart(server.Run));
- serverThread.Start();
-
- MockSrpTlsClient client = new MockSrpTlsClient(null, MockSrpTlsServer.TEST_IDENTITY, MockSrpTlsServer.TEST_PASSWORD);
- clientProtocol.Connect(client);
-
- // NOTE: Because we write-all before we read-any, this length can't be more than the pipe capacity
- int length = 1000;
-
- byte[] data = new byte[length];
- secureRandom.NextBytes(data);
-
- Stream output = clientProtocol.Stream;
- output.Write(data, 0, data.Length);
-
- byte[] echo = new byte[data.Length];
- int count = Streams.ReadFully(clientProtocol.Stream, echo);
-
- Assert.AreEqual(count, data.Length);
- Assert.IsTrue(Arrays.AreEqual(data, echo));
-
- output.Close();
-
- serverThread.Join();
- }
-
- internal class Server
- {
- private readonly TlsServerProtocol mServerProtocol;
-
- internal Server(TlsServerProtocol serverProtocol)
- {
- this.mServerProtocol = serverProtocol;
- }
-
- public void Run()
- {
- try
- {
- MockSrpTlsServer server = new MockSrpTlsServer();
- mServerProtocol.Accept(server);
- Streams.PipeAll(mServerProtocol.Stream, mServerProtocol.Stream);
- mServerProtocol.Close();
- }
- catch (Exception)
- {
- //throw new RuntimeException(e);
- }
- }
- }
- }
-}
diff --git a/crypto/test/src/crypto/tls/test/TlsTestCase.cs b/crypto/test/src/crypto/tls/test/TlsTestCase.cs
deleted file mode 100644
index 7fb5db6ce..000000000
--- a/crypto/test/src/crypto/tls/test/TlsTestCase.cs
+++ /dev/null
@@ -1,164 +0,0 @@
-using System;
-using System.IO;
-using System.Threading;
-
-using Org.BouncyCastle.Security;
-using Org.BouncyCastle.Utilities;
-using Org.BouncyCastle.Utilities.IO;
-
-using NUnit.Framework;
-
-namespace Org.BouncyCastle.Crypto.Tls.Tests
-{
- [TestFixture]
- public class TlsTestCase
- {
- private static void CheckTlsVersion(ProtocolVersion version)
- {
- if (version != null && !version.IsTls)
- throw new InvalidOperationException("Non-TLS version");
- }
-
- [Test, TestCaseSource(typeof(TlsTestSuite), "Suite")]
- public void RunTest(TlsTestConfig config)
- {
- CheckTlsVersion(config.clientMinimumVersion);
- CheckTlsVersion(config.clientOfferVersion);
- CheckTlsVersion(config.serverMaximumVersion);
- CheckTlsVersion(config.serverMinimumVersion);
-
- SecureRandom secureRandom = new SecureRandom();
-
- PipedStream clientPipe = new PipedStream();
- PipedStream serverPipe = new PipedStream(clientPipe);
-
- NetworkStream clientNet = new NetworkStream(clientPipe);
- NetworkStream serverNet = new NetworkStream(serverPipe);
-
- TlsTestClientProtocol clientProtocol = new TlsTestClientProtocol(clientNet, secureRandom, config);
- TlsTestServerProtocol serverProtocol = new TlsTestServerProtocol(serverNet, secureRandom, config);
-
- TlsTestClientImpl clientImpl = new TlsTestClientImpl(config);
- TlsTestServerImpl serverImpl = new TlsTestServerImpl(config);
-
- Server server = new Server(this, serverProtocol, serverImpl);
-
- Thread serverThread = new Thread(new ThreadStart(server.Run));
- serverThread.Start();
-
- Exception caught = null;
- try
- {
- clientProtocol.Connect(clientImpl);
-
- // NOTE: Because we write-all before we read-any, this length can't be more than the pipe capacity
- int length = 1000;
-
- byte[] data = new byte[length];
- secureRandom.NextBytes(data);
-
- Stream output = clientProtocol.Stream;
- output.Write(data, 0, data.Length);
-
- byte[] echo = new byte[data.Length];
- int count = Streams.ReadFully(clientProtocol.Stream, echo);
-
- Assert.AreEqual(count, data.Length);
- Assert.IsTrue(Arrays.AreEqual(data, echo));
-
- output.Close();
- }
- catch (Exception e)
- {
- caught = e;
- LogException(caught);
- }
-
- server.AllowExit();
- serverThread.Join();
-
- Assert.IsTrue(clientNet.IsClosed, "Client Stream not closed");
- Assert.IsTrue(serverNet.IsClosed, "Server Stream not closed");
-
- Assert.AreEqual(config.expectFatalAlertConnectionEnd, clientImpl.FirstFatalAlertConnectionEnd, "Client fatal alert connection end");
- Assert.AreEqual(config.expectFatalAlertConnectionEnd, serverImpl.FirstFatalAlertConnectionEnd, "Server fatal alert connection end");
-
- Assert.AreEqual(config.expectFatalAlertDescription, clientImpl.FirstFatalAlertDescription, "Client fatal alert description");
- Assert.AreEqual(config.expectFatalAlertDescription, serverImpl.FirstFatalAlertDescription, "Server fatal alert description");
-
- if (config.expectFatalAlertConnectionEnd == -1)
- {
- Assert.IsNull(caught, "Unexpected client exception");
- Assert.IsNull(server.mCaught, "Unexpected server exception");
- }
- }
-
- protected virtual void LogException(Exception e)
- {
- if (TlsTestConfig.DEBUG)
- {
- Console.Error.WriteLine(e);
- }
- }
-
- internal class Server
- {
- protected readonly TlsTestCase mOuter;
- protected readonly TlsTestServerProtocol mServerProtocol;
- protected readonly TlsTestServerImpl mServerImpl;
-
- internal bool mCanExit = false;
- internal Exception mCaught = null;
-
- internal Server(TlsTestCase outer, TlsTestServerProtocol serverProtocol, TlsTestServerImpl serverImpl)
- {
- this.mOuter = outer;
- this.mServerProtocol = serverProtocol;
- this.mServerImpl = serverImpl;
- }
-
- internal void AllowExit()
- {
- lock (this)
- {
- mCanExit = true;
- Monitor.PulseAll(this);
- }
- }
-
- public void Run()
- {
- try
- {
- mServerProtocol.Accept(mServerImpl);
- Streams.PipeAll(mServerProtocol.Stream, mServerProtocol.Stream);
- mServerProtocol.Close();
- }
- catch (Exception e)
- {
- mCaught = e;
- mOuter.LogException(mCaught);
- }
-
- WaitExit();
- }
-
- protected void WaitExit()
- {
- lock (this)
- {
- while (!mCanExit)
- {
- try
- {
- Monitor.Wait(this);
- }
- catch (ThreadInterruptedException)
- {
- }
- }
- }
- }
- }
- }
-}
diff --git a/crypto/test/src/crypto/tls/test/TlsTestClientImpl.cs b/crypto/test/src/crypto/tls/test/TlsTestClientImpl.cs
deleted file mode 100644
index ae1f632ba..000000000
--- a/crypto/test/src/crypto/tls/test/TlsTestClientImpl.cs
+++ /dev/null
@@ -1,284 +0,0 @@
-using System;
-using System.Collections;
-using System.IO;
-
-using Org.BouncyCastle.Asn1;
-using Org.BouncyCastle.Asn1.X509;
-using Org.BouncyCastle.Utilities;
-
-namespace Org.BouncyCastle.Crypto.Tls.Tests
-{
- internal class TlsTestClientImpl
- : DefaultTlsClient
- {
- protected readonly TlsTestConfig mConfig;
-
- protected int firstFatalAlertConnectionEnd = -1;
- protected int firstFatalAlertDescription = -1;
-
- internal TlsTestClientImpl(TlsTestConfig config)
- {
- this.mConfig = config;
- }
-
- internal int FirstFatalAlertConnectionEnd
- {
- get { return firstFatalAlertConnectionEnd; }
- }
-
- internal int FirstFatalAlertDescription
- {
- get { return firstFatalAlertDescription; }
- }
-
- public override ProtocolVersion ClientVersion
- {
- get
- {
- if (mConfig.clientOfferVersion != null)
- {
- return mConfig.clientOfferVersion;
- }
-
- return base.ClientVersion;
- }
- }
-
- public override ProtocolVersion MinimumVersion
- {
- get
- {
- if (mConfig.clientMinimumVersion != null)
- {
- return mConfig.clientMinimumVersion;
- }
-
- return base.MinimumVersion;
- }
- }
-
- public override IDictionary GetClientExtensions()
- {
- IDictionary clientExtensions = base.GetClientExtensions();
- if (clientExtensions != null && !mConfig.clientSendSignatureAlgorithms)
- {
- clientExtensions.Remove(ExtensionType.signature_algorithms);
- this.mSupportedSignatureAlgorithms = null;
- }
- return clientExtensions;
- }
-
- public override bool IsFallback
- {
- get { return mConfig.clientFallback; }
- }
-
- public override void NotifyAlertRaised(byte alertLevel, byte alertDescription, string message, Exception cause)
- {
- if (alertLevel == AlertLevel.fatal && firstFatalAlertConnectionEnd == -1)
- {
- firstFatalAlertConnectionEnd = ConnectionEnd.client;
- firstFatalAlertDescription = alertDescription;
- }
-
- if (TlsTestConfig.DEBUG)
- {
- TextWriter output = (alertLevel == AlertLevel.fatal) ? Console.Error : Console.Out;
- output.WriteLine("TLS client raised alert: " + AlertLevel.GetText(alertLevel)
- + ", " + AlertDescription.GetText(alertDescription));
- if (message != null)
- {
- output.WriteLine("> " + message);
- }
- if (cause != null)
- {
- output.WriteLine(cause);
- }
- }
- }
-
- public override void NotifyAlertReceived(byte alertLevel, byte alertDescription)
- {
- if (alertLevel == AlertLevel.fatal && firstFatalAlertConnectionEnd == -1)
- {
- firstFatalAlertConnectionEnd = ConnectionEnd.server;
- firstFatalAlertDescription = alertDescription;
- }
-
- if (TlsTestConfig.DEBUG)
- {
- TextWriter output = (alertLevel == AlertLevel.fatal) ? Console.Error : Console.Out;
- output.WriteLine("TLS client received alert: " + AlertLevel.GetText(alertLevel)
- + ", " + AlertDescription.GetText(alertDescription));
- }
- }
-
- public override void NotifyServerVersion(ProtocolVersion serverVersion)
- {
- base.NotifyServerVersion(serverVersion);
-
- if (TlsTestConfig.DEBUG)
- {
- Console.WriteLine("TLS client negotiated " + serverVersion);
- }
- }
-
- public override TlsAuthentication GetAuthentication()
- {
- return new MyTlsAuthentication(this, mContext);
- }
-
- protected virtual Certificate CorruptCertificate(Certificate cert)
- {
- X509CertificateStructure[] certList = cert.GetCertificateList();
- certList[0] = CorruptCertificateSignature(certList[0]);
- return new Certificate(certList);
- }
-
- protected virtual X509CertificateStructure CorruptCertificateSignature(X509CertificateStructure cert)
- {
- Asn1EncodableVector v = new Asn1EncodableVector();
- v.Add(cert.TbsCertificate);
- v.Add(cert.SignatureAlgorithm);
- v.Add(CorruptSignature(cert.Signature));
-
- return X509CertificateStructure.GetInstance(new DerSequence(v));
- }
-
- protected virtual DerBitString CorruptSignature(DerBitString bs)
- {
- return new DerBitString(CorruptBit(bs.GetOctets()));
- }
-
- protected virtual byte[] CorruptBit(byte[] bs)
- {
- bs = Arrays.Clone(bs);
-
- // Flip a random bit
- int bit = mContext.SecureRandom.Next(bs.Length << 3);
- bs[bit >> 3] ^= (byte)(1 << (bit & 7));
-
- return bs;
- }
-
- internal class MyTlsAuthentication
- : TlsAuthentication
- {
- private readonly TlsTestClientImpl mOuter;
- private readonly TlsContext mContext;
-
- internal MyTlsAuthentication(TlsTestClientImpl outer, TlsContext context)
- {
- this.mOuter = outer;
- this.mContext = context;
- }
-
- public virtual void NotifyServerCertificate(Certificate serverCertificate)
- {
- bool isEmpty = serverCertificate == null || serverCertificate.IsEmpty;
-
- X509CertificateStructure[] chain = serverCertificate.GetCertificateList();
-
- // TODO Cache test resources?
- if (isEmpty || !(
- chain[0].Equals(TlsTestUtilities.LoadCertificateResource("x509-server-dsa.pem")) ||
- chain[0].Equals(TlsTestUtilities.LoadCertificateResource("x509-server-ecdsa.pem")) ||
- chain[0].Equals(TlsTestUtilities.LoadCertificateResource("x509-server-rsa-enc.pem")) ||
- chain[0].Equals(TlsTestUtilities.LoadCertificateResource("x509-server-rsa-sign.pem"))
- ))
- {
- throw new TlsFatalAlert(AlertDescription.bad_certificate);
- }
-
- if (TlsTestConfig.DEBUG)
- {
- Console.WriteLine("TLS client received server certificate chain of length " + chain.Length);
- for (int i = 0; i != chain.Length; i++)
- {
- X509CertificateStructure entry = chain[i];
- // TODO Create fingerprint based on certificate signature algorithm digest
- Console.WriteLine(" fingerprint:SHA-256 " + TlsTestUtilities.Fingerprint(entry) + " ("
- + entry.Subject + ")");
- }
- }
- }
-
- public virtual TlsCredentials GetClientCredentials(CertificateRequest certificateRequest)
- {
- if (mOuter.mConfig.serverCertReq == TlsTestConfig.SERVER_CERT_REQ_NONE)
- throw new InvalidOperationException();
- if (mOuter.mConfig.clientAuth == TlsTestConfig.CLIENT_AUTH_NONE)
- return null;
-
- byte[] certificateTypes = certificateRequest.CertificateTypes;
- if (certificateTypes == null || !Arrays.Contains(certificateTypes, ClientCertificateType.rsa_sign))
- {
- return null;
- }
-
- IList supportedSigAlgs = certificateRequest.SupportedSignatureAlgorithms;
- if (supportedSigAlgs != null && mOuter.mConfig.clientAuthSigAlg != null)
- {
- supportedSigAlgs = new ArrayList(1);
- supportedSigAlgs.Add(mOuter.mConfig.clientAuthSigAlg);
- }
-
- TlsSignerCredentials signerCredentials = TlsTestUtilities.LoadSignerCredentials(mContext,
- supportedSigAlgs, SignatureAlgorithm.rsa, new string[]{ "x509-client-rsa.pem", "x509-ca-rsa.pem" },
- "x509-client-key-rsa.pem");
-
- if (mOuter.mConfig.clientAuth == TlsTestConfig.CLIENT_AUTH_VALID)
- {
- return signerCredentials;
- }
-
- return new MyTlsSignerCredentials(mOuter, signerCredentials);
- }
- };
-
- internal class MyTlsSignerCredentials
- : TlsSignerCredentials
- {
- private readonly TlsTestClientImpl mOuter;
- private readonly TlsSignerCredentials mInner;
-
- internal MyTlsSignerCredentials(TlsTestClientImpl outer, TlsSignerCredentials inner)
- {
- this.mOuter = outer;
- this.mInner = inner;
- }
-
- public virtual byte[] GenerateCertificateSignature(byte[] hash)
- {
- byte[] sig = mInner.GenerateCertificateSignature(hash);
-
- if (mOuter.mConfig.clientAuth == TlsTestConfig.CLIENT_AUTH_INVALID_VERIFY)
- {
- sig = mOuter.CorruptBit(sig);
- }
-
- return sig;
- }
-
- public virtual Certificate Certificate
- {
- get
- {
- Certificate cert = mInner.Certificate;
-
- if (mOuter.mConfig.clientAuth == TlsTestConfig.CLIENT_AUTH_INVALID_CERT)
- {
- cert = mOuter.CorruptCertificate(cert);
- }
-
- return cert;
- }
- }
-
- public virtual SignatureAndHashAlgorithm SignatureAndHashAlgorithm
- {
- get { return mInner.SignatureAndHashAlgorithm; }
- }
- }
- }
-}
diff --git a/crypto/test/src/crypto/tls/test/TlsTestClientProtocol.cs b/crypto/test/src/crypto/tls/test/TlsTestClientProtocol.cs
deleted file mode 100644
index 97b7c91bc..000000000
--- a/crypto/test/src/crypto/tls/test/TlsTestClientProtocol.cs
+++ /dev/null
@@ -1,29 +0,0 @@
-using System;
-using System.IO;
-
-using Org.BouncyCastle.Security;
-
-namespace Org.BouncyCastle.Crypto.Tls.Tests
-{
- internal class TlsTestClientProtocol
- : TlsClientProtocol
- {
- protected readonly TlsTestConfig config;
-
- public TlsTestClientProtocol(Stream stream, SecureRandom secureRandom, TlsTestConfig config)
- : base(stream, secureRandom)
- {
- this.config = config;
- }
-
- protected override void SendCertificateVerifyMessage(DigitallySigned certificateVerify)
- {
- if (certificateVerify.Algorithm != null && config.clientAuthSigAlgClaimed != null)
- {
- certificateVerify = new DigitallySigned(config.clientAuthSigAlgClaimed, certificateVerify.Signature);
- }
-
- base.SendCertificateVerifyMessage(certificateVerify);
- }
- }
-}
diff --git a/crypto/test/src/crypto/tls/test/TlsTestConfig.cs b/crypto/test/src/crypto/tls/test/TlsTestConfig.cs
deleted file mode 100644
index ccbb919d2..000000000
--- a/crypto/test/src/crypto/tls/test/TlsTestConfig.cs
+++ /dev/null
@@ -1,131 +0,0 @@
-using System;
-using System.Collections;
-
-namespace Org.BouncyCastle.Crypto.Tls.Tests
-{
- public class TlsTestConfig
- {
- public static readonly bool DEBUG = false;
-
- /**
- * Client does not authenticate, ignores any certificate request
- */
- public const int CLIENT_AUTH_NONE = 0;
-
- /**
- * Client will authenticate if it receives a certificate request
- */
- public const int CLIENT_AUTH_VALID = 1;
-
- /**
- * Client will authenticate if it receives a certificate request, with an invalid certificate
- */
- public const int CLIENT_AUTH_INVALID_CERT = 2;
-
- /**
- * Client will authenticate if it receives a certificate request, with an invalid CertificateVerify signature
- */
- public const int CLIENT_AUTH_INVALID_VERIFY = 3;
-
- /**
- * Server will not request a client certificate
- */
- public const int SERVER_CERT_REQ_NONE = 0;
-
- /**
- * Server will request a client certificate but receiving one is optional
- */
- public const int SERVER_CERT_REQ_OPTIONAL = 1;
-
- /**
- * Server will request a client certificate and receiving one is mandatory
- */
- public const int SERVER_CERT_REQ_MANDATORY = 2;
-
- /**
- * Configures the client authentication behaviour of the test client. Use CLIENT_AUTH_* constants.
- */
- public int clientAuth = CLIENT_AUTH_VALID;
-
- /**
- * If not null, and TLS 1.2 or higher is negotiated, selects a fixed signature/hash algorithm to
- * be used for the CertificateVerify signature (if one is sent).
- */
- public SignatureAndHashAlgorithm clientAuthSigAlg = null;
-
- /**
- * If not null, and TLS 1.2 or higher is negotiated, selects a fixed signature/hash algorithm to
- * be _claimed_ in the CertificateVerify (if one is sent), independently of what was actually used.
- */
- public SignatureAndHashAlgorithm clientAuthSigAlgClaimed = null;
-
- /**
- * Configures the minimum protocol version the client will accept. If null, uses the library's default.
- */
- public ProtocolVersion clientMinimumVersion = null;
-
- /**
- * Configures the protocol version the client will offer. If null, uses the library's default.
- */
- public ProtocolVersion clientOfferVersion = null;
-
- /**
- * Configures whether the client will indicate version fallback via TLS_FALLBACK_SCSV.
- */
- public bool clientFallback = false;
-
- /**
- * Configures whether a (TLS 1.2+) client will send the signature_algorithms extension in ClientHello.
- */
- public bool clientSendSignatureAlgorithms = true;
-
- /**
- * If not null, and TLS 1.2 or higher is negotiated, selects a fixed signature/hash algorithm to
- * be used for the ServerKeyExchange signature (if one is sent).
- */
- public SignatureAndHashAlgorithm serverAuthSigAlg = null;
-
- /**
- * Configures whether the test server will send a certificate request.
- */
- public int serverCertReq = SERVER_CERT_REQ_OPTIONAL;
-
- /**
- * If TLS 1.2 or higher is negotiated, configures the set of supported signature algorithms in the
- * CertificateRequest (if one is sent). If null, uses a default set.
- */
- public IList serverCertReqSigAlgs = null;
-
- /**
- * Configures the maximum protocol version the server will accept. If null, uses the library's default.
- */
- public ProtocolVersion serverMaximumVersion = null;
-
- /**
- * Configures the minimum protocol version the server will accept. If null, uses the library's default.
- */
- public ProtocolVersion serverMinimumVersion = null;
-
- /**
- * Configures the connection end that a fatal alert is expected to be raised. Use ConnectionEnd.* constants.
- */
- public int expectFatalAlertConnectionEnd = -1;
-
- /**
- * Configures the type of fatal alert expected to be raised. Use AlertDescription.* constants.
- */
- public int expectFatalAlertDescription = -1;
-
- public void ExpectClientFatalAlert(byte alertDescription)
- {
- this.expectFatalAlertConnectionEnd = ConnectionEnd.client;
- this.expectFatalAlertDescription = alertDescription;
- }
-
- public void ExpectServerFatalAlert(byte alertDescription)
- {
- this.expectFatalAlertConnectionEnd = ConnectionEnd.server;
- this.expectFatalAlertDescription = alertDescription;
- }
- }
-}
diff --git a/crypto/test/src/crypto/tls/test/TlsTestServerImpl.cs b/crypto/test/src/crypto/tls/test/TlsTestServerImpl.cs
deleted file mode 100644
index 2587181a5..000000000
--- a/crypto/test/src/crypto/tls/test/TlsTestServerImpl.cs
+++ /dev/null
@@ -1,230 +0,0 @@
-using System;
-using System.Collections;
-using System.IO;
-using System.Threading;
-
-using Org.BouncyCastle.Asn1;
-using Org.BouncyCastle.Asn1.X509;
-using Org.BouncyCastle.Utilities;
-
-namespace Org.BouncyCastle.Crypto.Tls.Tests
-{
- internal class TlsTestServerImpl
- : DefaultTlsServer
- {
- protected readonly TlsTestConfig mConfig;
-
- protected int firstFatalAlertConnectionEnd = -1;
- protected int firstFatalAlertDescription = -1;
-
- internal TlsTestServerImpl(TlsTestConfig config)
- {
- this.mConfig = config;
- }
-
- internal int FirstFatalAlertConnectionEnd
- {
- get { return firstFatalAlertConnectionEnd; }
- }
-
- internal int FirstFatalAlertDescription
- {
- get { return firstFatalAlertDescription; }
- }
-
- protected override ProtocolVersion MaximumVersion
- {
- get
- {
- if (mConfig.serverMaximumVersion != null)
- {
- return mConfig.serverMaximumVersion;
- }
-
- return base.MaximumVersion;
- }
- }
-
- protected override ProtocolVersion MinimumVersion
- {
- get
- {
- if (mConfig.serverMinimumVersion != null)
- {
- return mConfig.serverMinimumVersion;
- }
-
- return base.MinimumVersion;
- }
- }
-
- public override void NotifyAlertRaised(byte alertLevel, byte alertDescription, string message, Exception cause)
- {
- if (alertLevel == AlertLevel.fatal && firstFatalAlertConnectionEnd == -1)
- {
- firstFatalAlertConnectionEnd = ConnectionEnd.server;
- firstFatalAlertDescription = alertDescription;
- }
-
- if (TlsTestConfig.DEBUG)
- {
- TextWriter output = (alertLevel == AlertLevel.fatal) ? Console.Error : Console.Out;
- output.WriteLine("TLS server raised alert: " + AlertLevel.GetText(alertLevel)
- + ", " + AlertDescription.GetText(alertDescription));
- if (message != null)
- {
- SafeWriteLine(output, "> " + message);
- }
- if (cause != null)
- {
- SafeWriteLine(output, cause);
- }
- }
- }
-
- public override void NotifyAlertReceived(byte alertLevel, byte alertDescription)
- {
- if (alertLevel == AlertLevel.fatal && firstFatalAlertConnectionEnd == -1)
- {
- firstFatalAlertConnectionEnd = ConnectionEnd.client;
- firstFatalAlertDescription = alertDescription;
- }
-
- if (TlsTestConfig.DEBUG)
- {
- TextWriter output = (alertLevel == AlertLevel.fatal) ? Console.Error : Console.Out;
- SafeWriteLine(output, "TLS server received alert: " + AlertLevel.GetText(alertLevel)
- + ", " + AlertDescription.GetText(alertDescription));
- }
- }
-
- public override ProtocolVersion GetServerVersion()
- {
- ProtocolVersion serverVersion = base.GetServerVersion();
-
- if (TlsTestConfig.DEBUG)
- {
- Console.WriteLine("TLS server negotiated " + serverVersion);
- }
-
- return serverVersion;
- }
-
- public override CertificateRequest GetCertificateRequest()
- {
- if (mConfig.serverCertReq == TlsTestConfig.SERVER_CERT_REQ_NONE)
- {
- return null;
- }
-
- byte[] certificateTypes = new byte[]{ ClientCertificateType.rsa_sign,
- ClientCertificateType.dss_sign, ClientCertificateType.ecdsa_sign };
-
- IList serverSigAlgs = null;
- if (TlsUtilities.IsSignatureAlgorithmsExtensionAllowed(mServerVersion))
- {
- serverSigAlgs = mConfig.serverCertReqSigAlgs;
- if (serverSigAlgs == null)
- {
- serverSigAlgs = TlsUtilities.GetDefaultSupportedSignatureAlgorithms();
- }
- }
-
- IList certificateAuthorities = new ArrayList();
- certificateAuthorities.Add(TlsTestUtilities.LoadCertificateResource("x509-ca-rsa.pem").Subject);
-
- return new CertificateRequest(certificateTypes, serverSigAlgs, certificateAuthorities);
- }
-
- public override void NotifyClientCertificate(Certificate clientCertificate)
- {
- bool isEmpty = (clientCertificate == null || clientCertificate.IsEmpty);
-
- if (isEmpty != (mConfig.clientAuth == TlsTestConfig.CLIENT_AUTH_NONE))
- {
- throw new InvalidOperationException();
- }
- if (isEmpty && (mConfig.serverCertReq == TlsTestConfig.SERVER_CERT_REQ_MANDATORY))
- {
- throw new TlsFatalAlert(AlertDescription.handshake_failure);
- }
-
- X509CertificateStructure[] chain = clientCertificate.GetCertificateList();
-
- // TODO Cache test resources?
- if (!isEmpty && !(
- chain[0].Equals(TlsTestUtilities.LoadCertificateResource("x509-client-dsa.pem")) ||
- chain[0].Equals(TlsTestUtilities.LoadCertificateResource("x509-client-ecdsa.pem")) ||
- chain[0].Equals(TlsTestUtilities.LoadCertificateResource("x509-client-rsa.pem"))
- ))
- {
- throw new TlsFatalAlert(AlertDescription.bad_certificate);
- }
-
- if (TlsTestConfig.DEBUG)
- {
- Console.WriteLine("TLS server received client certificate chain of length " + chain.Length);
- for (int i = 0; i != chain.Length; i++)
- {
- X509CertificateStructure entry = chain[i];
- // TODO Create fingerprint based on certificate signature algorithm digest
- Console.WriteLine(" fingerprint:SHA-256 " + TlsTestUtilities.Fingerprint(entry) + " ("
- + entry.Subject + ")");
- }
- }
- }
-
- protected virtual IList GetSupportedSignatureAlgorithms()
- {
- if (TlsUtilities.IsTlsV12(mContext) && mConfig.serverAuthSigAlg != null)
- {
- IList signatureAlgorithms = new ArrayList(1);
- signatureAlgorithms.Add(mConfig.serverAuthSigAlg);
- return signatureAlgorithms;
- }
-
- return mSupportedSignatureAlgorithms;
- }
-
- protected override TlsSignerCredentials GetDsaSignerCredentials()
- {
- return TlsTestUtilities.LoadSignerCredentials(mContext, GetSupportedSignatureAlgorithms(),
- SignatureAlgorithm.dsa, new string[]{ "x509-server-dsa.pem", "x509-ca-dsa.pem" },
- "x509-server-key-dsa.pem");
- }
-
- protected override TlsSignerCredentials GetECDsaSignerCredentials()
- {
- return TlsTestUtilities.LoadSignerCredentials(mContext, GetSupportedSignatureAlgorithms(),
- SignatureAlgorithm.ecdsa, new string[]{ "x509-server-ecdsa.pem", "x509-ca-ecdsa.pem" },
- "x509-server-key-ecdsa.pem");
- }
-
- protected override TlsEncryptionCredentials GetRsaEncryptionCredentials()
- {
- return TlsTestUtilities.LoadEncryptionCredentials(mContext,
- new string[]{ "x509-server-rsa-enc.pem", "x509-ca-rsa.pem" }, "x509-server-key-rsa-enc.pem");
- }
-
- protected override TlsSignerCredentials GetRsaSignerCredentials()
- {
- return TlsTestUtilities.LoadSignerCredentials(mContext, GetSupportedSignatureAlgorithms(),
- SignatureAlgorithm.rsa, new string[]{ "x509-server-rsa-sign.pem", "x509-ca-rsa.pem" },
- "x509-server-key-rsa-sign.pem");
- }
-
- private static void SafeWriteLine(TextWriter output, object line)
- {
- try
- {
- output.WriteLine(line);
- }
- catch (ThreadInterruptedException)
- {
- /*
- * For some reason the NUnit plugin in Visual Studio started throwing these during alert logging
- */
- }
- }
- }
-}
diff --git a/crypto/test/src/crypto/tls/test/TlsTestServerProtocol.cs b/crypto/test/src/crypto/tls/test/TlsTestServerProtocol.cs
deleted file mode 100644
index 845b7f0b9..000000000
--- a/crypto/test/src/crypto/tls/test/TlsTestServerProtocol.cs
+++ /dev/null
@@ -1,19 +0,0 @@
-using System;
-using System.IO;
-
-using Org.BouncyCastle.Security;
-
-namespace Org.BouncyCastle.Crypto.Tls.Tests
-{
- internal class TlsTestServerProtocol
- : TlsServerProtocol
- {
- protected readonly TlsTestConfig config;
-
- public TlsTestServerProtocol(Stream stream, SecureRandom secureRandom, TlsTestConfig config)
- : base(stream, secureRandom)
- {
- this.config = config;
- }
- }
-}
diff --git a/crypto/test/src/crypto/tls/test/TlsTestSuite.cs b/crypto/test/src/crypto/tls/test/TlsTestSuite.cs
deleted file mode 100644
index 849e738af..000000000
--- a/crypto/test/src/crypto/tls/test/TlsTestSuite.cs
+++ /dev/null
@@ -1,214 +0,0 @@
-using System;
-using System.Collections;
-
-using NUnit.Framework;
-
-namespace Org.BouncyCastle.Crypto.Tls.Tests
-{
- public class TlsTestSuite
- {
- // Make the access to constants less verbose
- internal class C : TlsTestConfig {}
-
- public TlsTestSuite()
- {
- }
-
- public static IEnumerable Suite()
- {
- IList testSuite = new ArrayList();
-
- AddFallbackTests(testSuite);
- AddVersionTests(testSuite, ProtocolVersion.SSLv3);
- AddVersionTests(testSuite, ProtocolVersion.TLSv10);
- AddVersionTests(testSuite, ProtocolVersion.TLSv11);
- AddVersionTests(testSuite, ProtocolVersion.TLSv12);
-
- return testSuite;
- }
-
- private static void AddFallbackTests(IList testSuite)
- {
- {
- TlsTestConfig c = CreateTlsTestConfig(ProtocolVersion.TLSv12);
- c.clientFallback = true;
-
- AddTestCase(testSuite, c, "FallbackGood");
- }
-
- {
- TlsTestConfig c = CreateTlsTestConfig(ProtocolVersion.TLSv12);
- c.clientOfferVersion = ProtocolVersion.TLSv11;
- c.clientFallback = true;
- c.ExpectServerFatalAlert(AlertDescription.inappropriate_fallback);
-
- AddTestCase(testSuite, c, "FallbackBad");
- }
-
- {
- TlsTestConfig c = CreateTlsTestConfig(ProtocolVersion.TLSv12);
- c.clientOfferVersion = ProtocolVersion.TLSv11;
-
- AddTestCase(testSuite, c, "FallbackNone");
- }
- }
-
- private static void AddVersionTests(IList testSuite, ProtocolVersion version)
- {
- string prefix = version.ToString()
- .Replace(" ", "")
- .Replace("\\", "")
- .Replace(".", "")
- + "_";
-
- {
- TlsTestConfig c = CreateTlsTestConfig(version);
-
- AddTestCase(testSuite, c, prefix + "GoodDefault");
- }
-
- /*
- * Server only declares support for SHA1/RSA, client selects MD5/RSA. Since the client is
- * NOT actually tracking MD5 over the handshake, we expect fatal alert from the client.
- */
- if (TlsUtilities.IsTlsV12(version))
- {
- TlsTestConfig c = CreateTlsTestConfig(version);
- c.clientAuth = C.CLIENT_AUTH_VALID;
- c.clientAuthSigAlg = new SignatureAndHashAlgorithm(HashAlgorithm.md5, SignatureAlgorithm.rsa);
- c.serverCertReqSigAlgs = TlsUtilities.GetDefaultRsaSignatureAlgorithms();
- c.ExpectClientFatalAlert(AlertDescription.internal_error);
-
- AddTestCase(testSuite, c, prefix + "BadCertificateVerifyHashAlg");
- }
-
- /*
- * Server only declares support for SHA1/ECDSA, client selects SHA1/RSA. Since the client is
- * actually tracking SHA1 over the handshake, we expect fatal alert to come from the server
- * when it verifies the selected algorithm against the CertificateRequest supported
- * algorithms.
- */
- if (TlsUtilities.IsTlsV12(version))
- {
- TlsTestConfig c = CreateTlsTestConfig(version);
- c.clientAuth = C.CLIENT_AUTH_VALID;
- c.clientAuthSigAlg = new SignatureAndHashAlgorithm(HashAlgorithm.sha1, SignatureAlgorithm.rsa);
- c.serverCertReqSigAlgs = TlsUtilities.GetDefaultECDsaSignatureAlgorithms();
- c.ExpectServerFatalAlert(AlertDescription.illegal_parameter);
-
- AddTestCase(testSuite, c, prefix + "BadCertificateVerifySigAlg");
- }
-
- /*
- * Server only declares support for SHA1/ECDSA, client signs with SHA1/RSA, but sends
- * SHA1/ECDSA in the CertificateVerify. Since the client is actually tracking SHA1 over the
- * handshake, and the claimed algorithm is in the CertificateRequest supported algorithms,
- * we expect fatal alert to come from the server when it finds the claimed algorithm
- * doesn't match the client certificate.
- */
- if (TlsUtilities.IsTlsV12(version))
- {
- TlsTestConfig c = CreateTlsTestConfig(version);
- c.clientAuth = C.CLIENT_AUTH_VALID;
- c.clientAuthSigAlg = new SignatureAndHashAlgorithm(HashAlgorithm.sha1, SignatureAlgorithm.rsa);
- c.clientAuthSigAlgClaimed = new SignatureAndHashAlgorithm(HashAlgorithm.sha1, SignatureAlgorithm.ecdsa);
- c.serverCertReqSigAlgs = TlsUtilities.GetDefaultECDsaSignatureAlgorithms();
- c.ExpectServerFatalAlert(AlertDescription.decrypt_error);
-
- AddTestCase(testSuite, c, prefix + "BadCertificateVerifySigAlgMismatch");
- }
-
- {
- TlsTestConfig c = CreateTlsTestConfig(version);
- c.clientAuth = C.CLIENT_AUTH_INVALID_VERIFY;
- c.ExpectServerFatalAlert(AlertDescription.decrypt_error);
-
- AddTestCase(testSuite, c, prefix + "BadCertificateVerifySignature");
- }
-
- {
- TlsTestConfig c = CreateTlsTestConfig(version);
- c.clientAuth = C.CLIENT_AUTH_INVALID_CERT;
- c.ExpectServerFatalAlert(AlertDescription.bad_certificate);
-
- AddTestCase(testSuite, c, prefix + "BadClientCertificate");
- }
-
- {
- TlsTestConfig c = CreateTlsTestConfig(version);
- c.clientAuth = C.CLIENT_AUTH_NONE;
- c.serverCertReq = C.SERVER_CERT_REQ_MANDATORY;
- c.ExpectServerFatalAlert(AlertDescription.handshake_failure);
-
- AddTestCase(testSuite, c, prefix + "BadMandatoryCertReqDeclined");
- }
-
- /*
- * Server selects MD5/RSA for ServerKeyExchange signature, which is not in the default
- * supported signature algorithms that the client sent. We expect fatal alert from the
- * client when it verifies the selected algorithm against the supported algorithms.
- */
- if (TlsUtilities.IsTlsV12(version))
- {
- TlsTestConfig c = CreateTlsTestConfig(version);
- c.serverAuthSigAlg = new SignatureAndHashAlgorithm(HashAlgorithm.md5, SignatureAlgorithm.rsa);
- c.ExpectClientFatalAlert(AlertDescription.illegal_parameter);
-
- AddTestCase(testSuite, c, prefix + "BadServerKeyExchangeSigAlg");
- }
-
- /*
- * Server selects MD5/RSA for ServerKeyExchange signature, which is not the default {sha1,rsa}
- * implied by the absent signature_algorithms extension. We expect fatal alert from the
- * client when it verifies the selected algorithm against the implicit default.
- */
- if (TlsUtilities.IsTlsV12(version))
- {
- TlsTestConfig c = CreateTlsTestConfig(version);
- c.clientSendSignatureAlgorithms = false;
- c.serverAuthSigAlg = new SignatureAndHashAlgorithm(HashAlgorithm.md5, SignatureAlgorithm.rsa);
- c.ExpectClientFatalAlert(AlertDescription.illegal_parameter);
-
- AddTestCase(testSuite, c, prefix + "BadServerKeyExchangeSigAlg2");
- }
-
- {
- TlsTestConfig c = CreateTlsTestConfig(version);
- c.serverCertReq = C.SERVER_CERT_REQ_NONE;
-
- AddTestCase(testSuite, c, prefix + "GoodNoCertReq");
- }
-
- {
- TlsTestConfig c = CreateTlsTestConfig(version);
- c.clientAuth = C.CLIENT_AUTH_NONE;
-
- AddTestCase(testSuite, c, prefix + "GoodOptionalCertReqDeclined");
- }
- }
-
- private static void AddTestCase(IList testSuite, TlsTestConfig config, string name)
- {
- testSuite.Add(new TestCaseData(config).SetName(name));
- }
-
- private static TlsTestConfig CreateTlsTestConfig(ProtocolVersion version)
- {
- TlsTestConfig c = new TlsTestConfig();
- c.clientMinimumVersion = ProtocolVersion.SSLv3;
- c.clientOfferVersion = ProtocolVersion.TLSv12;
- c.serverMaximumVersion = version;
- c.serverMinimumVersion = ProtocolVersion.SSLv3;
- return c;
- }
-
- public static void RunTests()
- {
- foreach (TestCaseData data in Suite())
- {
- Console.WriteLine(data.TestName);
- new TlsTestCase().RunTest((TlsTestConfig)data.Arguments[0]);
- }
- }
- }
-}
diff --git a/crypto/test/src/crypto/tls/test/TlsTestUtilities.cs b/crypto/test/src/crypto/tls/test/TlsTestUtilities.cs
deleted file mode 100644
index 27d7c913a..000000000
--- a/crypto/test/src/crypto/tls/test/TlsTestUtilities.cs
+++ /dev/null
@@ -1,172 +0,0 @@
-using System;
-using System.Collections;
-using System.Globalization;
-using System.IO;
-using System.Text;
-
-using Org.BouncyCastle.Asn1.Pkcs;
-using Org.BouncyCastle.Asn1.X509;
-using Org.BouncyCastle.Crypto.Digests;
-using Org.BouncyCastle.Crypto.Parameters;
-using Org.BouncyCastle.Security;
-using Org.BouncyCastle.Utilities;
-using Org.BouncyCastle.Utilities.Encoders;
-using Org.BouncyCastle.Utilities.IO.Pem;
-using Org.BouncyCastle.Utilities.Test;
-
-namespace Org.BouncyCastle.Crypto.Tls.Tests
-{
- public abstract class TlsTestUtilities
- {
- internal static readonly byte[] RsaCertData = Base64
- .Decode("MIICUzCCAf2gAwIBAgIBATANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEBhMCQVUxKDAmBgNVBAoMH1RoZSBMZWdpb2"
- + "4gb2YgdGhlIEJvdW5jeSBDYXN0bGUxEjAQBgNVBAcMCU1lbGJvdXJuZTERMA8GA1UECAwIVmljdG9yaWExLzAtBgkq"
- + "hkiG9w0BCQEWIGZlZWRiYWNrLWNyeXB0b0Bib3VuY3ljYXN0bGUub3JnMB4XDTEzMDIyNTA2MDIwNVoXDTEzMDIyNT"
- + "A2MDM0NVowgY8xCzAJBgNVBAYTAkFVMSgwJgYDVQQKDB9UaGUgTGVnaW9uIG9mIHRoZSBCb3VuY3kgQ2FzdGxlMRIw"
- + "EAYDVQQHDAlNZWxib3VybmUxETAPBgNVBAgMCFZpY3RvcmlhMS8wLQYJKoZIhvcNAQkBFiBmZWVkYmFjay1jcnlwdG"
- + "9AYm91bmN5Y2FzdGxlLm9yZzBaMA0GCSqGSIb3DQEBAQUAA0kAMEYCQQC0p+RhcFdPFqlwgrIr5YtqKmKXmEGb4Shy"
- + "pL26Ymz66ZAPdqv7EhOdzl3lZWT6srZUMWWgQMYGiHQg4z2R7X7XAgERo0QwQjAOBgNVHQ8BAf8EBAMCBSAwEgYDVR"
- + "0lAQH/BAgwBgYEVR0lADAcBgNVHREBAf8EEjAQgQ50ZXN0QHRlc3QudGVzdDANBgkqhkiG9w0BAQQFAANBAHU55Ncz"
- + "eglREcTg54YLUlGWu2WOYWhit/iM1eeq8Kivro7q98eW52jTuMI3CI5ulqd0hYzshQKQaZ5GDzErMyM=");
-
- internal static readonly byte[] DudRsaCertData = Base64
- .Decode("MIICUzCCAf2gAwIBAgIBATANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEBhMCQVUxKDAmBgNVBAoMH1RoZSBMZWdpb2"
- + "4gb2YgdGhlIEJvdW5jeSBDYXN0bGUxEjAQBgNVBAcMCU1lbGJvdXJuZTERMA8GA1UECAwIVmljdG9yaWExLzAtBgkq"
- + "hkiG9w0BCQEWIGZlZWRiYWNrLWNyeXB0b0Bib3VuY3ljYXN0bGUub3JnMB4XDTEzMDIyNTA1NDcyOFoXDTEzMDIyNT"
- + "A1NDkwOFowgY8xCzAJBgNVBAYTAkFVMSgwJgYDVQQKDB9UaGUgTGVnaW9uIG9mIHRoZSBCb3VuY3kgQ2FzdGxlMRIw"
- + "EAYDVQQHDAlNZWxib3VybmUxETAPBgNVBAgMCFZpY3RvcmlhMS8wLQYJKoZIhvcNAQkBFiBmZWVkYmFjay1jcnlwdG"
- + "9AYm91bmN5Y2FzdGxlLm9yZzBaMA0GCSqGSIb3DQEBAQUAA0kAMEYCQQC0p+RhcFdPFqlwgrIr5YtqKmKXmEGb4Shy"
- + "pL26Ymz66ZAPdqv7EhOdzl3lZWT6srZUMWWgQMYGiHQg4z2R7X7XAgERo0QwQjAOBgNVHQ8BAf8EBAMCAAEwEgYDVR"
- + "0lAQH/BAgwBgYEVR0lADAcBgNVHREBAf8EEjAQgQ50ZXN0QHRlc3QudGVzdDANBgkqhkiG9w0BAQQFAANBAJg55PBS"
- + "weg6obRUKF4FF6fCrWFi6oCYSQ99LWcAeupc5BofW5MstFMhCOaEucuGVqunwT5G7/DweazzCIrSzB0=");
-
- internal static string Fingerprint(X509CertificateStructure c)
- {
- byte[] der = c.GetEncoded();
- byte[] sha1 = Sha256DigestOf(der);
- byte[] hexBytes = Hex.Encode(sha1);
-
- string hex = Encoding.ASCII.GetString(hexBytes);
-#if PORTABLE
- string upper = hex.ToUpperInvariant();
-#else
- string upper = hex.ToUpper(CultureInfo.InvariantCulture);
-#endif
-
- StringBuilder fp = new StringBuilder();
- int i = 0;
- fp.Append(upper.Substring(i, 2));
- while ((i += 2) < upper.Length)
- {
- fp.Append(':');
- fp.Append(upper.Substring(i, 2));
- }
- return fp.ToString();
- }
-
- internal static byte[] Sha256DigestOf(byte[] input)
- {
- return DigestUtilities.CalculateDigest("SHA256", input);
- }
-
- internal static TlsAgreementCredentials LoadAgreementCredentials(TlsContext context,
- string[] certResources, string keyResource)
- {
- Certificate certificate = LoadCertificateChain(certResources);
- AsymmetricKeyParameter privateKey = LoadPrivateKeyResource(keyResource);
-
- return new DefaultTlsAgreementCredentials(certificate, privateKey);
- }
-
- internal static TlsEncryptionCredentials LoadEncryptionCredentials(TlsContext context,
- string[] certResources, string keyResource)
- {
- Certificate certificate = LoadCertificateChain(certResources);
- AsymmetricKeyParameter privateKey = LoadPrivateKeyResource(keyResource);
-
- return new DefaultTlsEncryptionCredentials(context, certificate, privateKey);
- }
-
- internal static TlsSignerCredentials LoadSignerCredentials(TlsContext context, string[] certResources,
- string keyResource, SignatureAndHashAlgorithm signatureAndHashAlgorithm)
- {
- Certificate certificate = LoadCertificateChain(certResources);
- AsymmetricKeyParameter privateKey = LoadPrivateKeyResource(keyResource);
-
- return new DefaultTlsSignerCredentials(context, certificate, privateKey, signatureAndHashAlgorithm);
- }
-
- internal static TlsSignerCredentials LoadSignerCredentials(TlsContext context, IList supportedSignatureAlgorithms,
- byte signatureAlgorithm, string[] certResources, string keyResource)
- {
- /*
- * TODO Note that this code fails to provide default value for the client supported
- * algorithms if it wasn't sent.
- */
-
- SignatureAndHashAlgorithm signatureAndHashAlgorithm = null;
- if (supportedSignatureAlgorithms != null)
- {
- foreach (SignatureAndHashAlgorithm alg in supportedSignatureAlgorithms)
- {
- if (alg.Signature == signatureAlgorithm)
- {
- signatureAndHashAlgorithm = alg;
- break;
- }
- }
-
- if (signatureAndHashAlgorithm == null)
- return null;
- }
-
- return LoadSignerCredentials(context, certResources, keyResource, signatureAndHashAlgorithm);
- }
-
- internal static Certificate LoadCertificateChain(string[] resources)
- {
- X509CertificateStructure[] chain = new X509CertificateStructure[resources.Length];
- for (int i = 0; i < resources.Length; ++i)
- {
- chain[i] = LoadCertificateResource(resources[i]);
- }
- return new Certificate(chain);
- }
-
- internal static X509CertificateStructure LoadCertificateResource(string resource)
- {
- PemObject pem = LoadPemResource(resource);
- if (pem.Type.EndsWith("CERTIFICATE"))
- {
- return X509CertificateStructure.GetInstance(pem.Content);
- }
- throw new ArgumentException("doesn't specify a valid certificate", "resource");
- }
-
- internal static AsymmetricKeyParameter LoadPrivateKeyResource(string resource)
- {
- PemObject pem = LoadPemResource(resource);
- if (pem.Type.EndsWith("RSA PRIVATE KEY"))
- {
- RsaPrivateKeyStructure rsa = RsaPrivateKeyStructure.GetInstance(pem.Content);
- return new RsaPrivateCrtKeyParameters(rsa.Modulus, rsa.PublicExponent,
- rsa.PrivateExponent, rsa.Prime1, rsa.Prime2, rsa.Exponent1,
- rsa.Exponent2, rsa.Coefficient);
- }
- if (pem.Type.EndsWith("PRIVATE KEY"))
- {
- return PrivateKeyFactory.CreateKey(pem.Content);
- }
- throw new ArgumentException("doesn't specify a valid private key", "resource");
- }
-
- internal static PemObject LoadPemResource(string resource)
- {
- Stream s = SimpleTest.GetTestDataAsStream("tls." + resource);
- PemReader p = new PemReader(new StreamReader(s));
- PemObject o = p.ReadPemObject();
- p.Reader.Close();
- return o;
- }
- }
-}
diff --git a/crypto/test/src/crypto/tls/test/UnreliableDatagramTransport.cs b/crypto/test/src/crypto/tls/test/UnreliableDatagramTransport.cs
deleted file mode 100644
index b771ab7cf..000000000
--- a/crypto/test/src/crypto/tls/test/UnreliableDatagramTransport.cs
+++ /dev/null
@@ -1,84 +0,0 @@
-using System;
-using System.IO;
-
-using Org.BouncyCastle.Utilities.Date;
-
-namespace Org.BouncyCastle.Crypto.Tls.Tests
-{
- public class UnreliableDatagramTransport
- : DatagramTransport
- {
- private readonly DatagramTransport transport;
- private readonly Random random;
- private readonly int percentPacketLossReceiving, percentPacketLossSending;
-
- public UnreliableDatagramTransport(DatagramTransport transport, Random random,
- int percentPacketLossReceiving, int percentPacketLossSending)
- {
- if (percentPacketLossReceiving < 0 || percentPacketLossReceiving > 100)
- throw new ArgumentException("out of range", "percentPacketLossReceiving");
- if (percentPacketLossSending < 0 || percentPacketLossSending > 100)
- throw new ArgumentException("out of range", "percentPacketLossSending");
-
- this.transport = transport;
- this.random = random;
- this.percentPacketLossReceiving = percentPacketLossReceiving;
- this.percentPacketLossSending = percentPacketLossSending;
- }
-
- public virtual int GetReceiveLimit()
- {
- return transport.GetReceiveLimit();
- }
-
- public virtual int GetSendLimit()
- {
- return transport.GetSendLimit();
- }
-
- public virtual int Receive(byte[] buf, int off, int len, int waitMillis)
- {
- long endMillis = DateTimeUtilities.CurrentUnixMs() + waitMillis;
- for (;;)
- {
- int length = transport.Receive(buf, off, len, waitMillis);
- if (length < 0 || !LostPacket(percentPacketLossReceiving))
- {
- return length;
- }
-
- Console.WriteLine("PACKET LOSS (" + length + " byte packet not received)");
-
- long now = DateTimeUtilities.CurrentUnixMs();
- if (now >= endMillis)
- {
- return -1;
- }
-
- waitMillis = (int)(endMillis - now);
- }
- }
-
- public virtual void Send(byte[] buf, int off, int len)
- {
- if (LostPacket(percentPacketLossSending))
- {
- Console.WriteLine("PACKET LOSS (" + len + " byte packet not sent)");
- }
- else
- {
- transport.Send(buf, off, len);
- }
- }
-
- public virtual void Close()
- {
- transport.Close();
- }
-
- private bool LostPacket(int percentPacketLoss)
- {
- return percentPacketLoss > 0 && random.Next(100) < percentPacketLoss;
- }
- }
-}
|
