private SecurityOptions CreateClientSecurityOptions(SSLComponentData sslData)
{
CertVerifyEventHandler serverCertificateCheckHandler = null;
CertRequestEventHandler clientCertificateRequestHandler = null;
CredentialVerification credentialVerification = CredentialVerification.Auto;
SecureProtocol protocol = SecureProtocol.None;
SslAlgorithms sslAlgs = SslAlgorithms.ALL;
if (((sslData.TargetRequiredOptions & SecurityAssociationOptions.EstablishTrustInTarget) > 0) ||
((sslData.TargetRequiredOptions & SecurityAssociationOptions.EstablishTrustInClient) > 0))
{
protocol = SecureProtocol.Tls1 | SecureProtocol.Ssl3;
sslAlgs = SslAlgorithms.SECURE_CIPHERS;
credentialVerification = CredentialVerification.Manual;
serverCertificateCheckHandler = new CertVerifyEventHandler(this.CheckServerCertAtClient);
clientCertificateRequestHandler = new CertRequestEventHandler(this.GetClientCertAtClient);
}
SecurityOptions result =
new SecurityOptions(protocol,
null, ConnectionEnd.Client,
credentialVerification, serverCertificateCheckHandler,
null, SecurityFlags.Default, sslAlgs,
clientCertificateRequestHandler);
return(result);
}
/// <summary><see cref="Ch.Elca.Iiop.IClientTransportFactory.CreateTransport(IIorProfile)"/></summary>
public IClientTransport CreateTransport(IIorProfile profile)
{
if (profile.ProfileId != TAG_INTERNET_IOP.ConstVal)
{
throw new INTERNAL(734, CompletionStatus.Completed_No);
}
object sslComponentDataObject = GetSSLComponent(profile, m_codec);
if (sslComponentDataObject == null)
{
throw new INTERNAL(734, CompletionStatus.Completed_No);
}
SSLComponentData sslComponent = (SSLComponentData)sslComponentDataObject;
IInternetIiopProfile targetProfile = (IInternetIiopProfile)profile;
int port = sslComponent.GetPort();
SecurityOptions options = CreateClientSecurityOptions(sslComponent);
IPAddress asIpAddress;
IClientTransport result =
IPAddress.TryParse(targetProfile.HostName, out asIpAddress)
? new SslClientTransport(asIpAddress, port, options)
: new SslClientTransport(targetProfile.HostName, port, options);
result.ReceiveTimeOut = m_receiveTimeOut;
result.SendTimeOut = m_sendTimeOut;
return(result);
}
/// <summary><see cref="Ch.Elca.Iiop.IServerTransportFactory.GetListenPoints(object)"/></summary>
public object[] GetListenPoints(Ch.Elca.Iiop.IiopChannelData chanData)
{
ArrayList listenpoints = new ArrayList();
for (int i = 0; i < chanData.AdditionalTaggedComponents.Length; i++)
{
if (chanData.AdditionalTaggedComponents[i].tag == TAG_SSL_SEC_TRANS.ConstVal)
{
SSLComponentData sslComp =
(SSLComponentData)m_codec.decode_value(chanData.AdditionalTaggedComponents[i].component_data,
SSLComponentData.TypeCode);
listenpoints.Add(new omg.org.IIOP.ListenPoint(chanData.HostName, sslComp.Port));
}
}
return(listenpoints.ToArray());
}
/// <summary><see cref="Ch.Elca.Iiop.IServerConnectionListener.StartListening"</summary>
public int StartListening(IPAddress bindTo, int listeningPortSuggestion, out TaggedComponent[] taggedComponents)
{
if (!m_isInitalized)
{
throw CreateNotInitalizedException();
}
if (m_listenerActive)
{
throw CreateAlreadyListeningException();
}
int resultPort = listeningPortSuggestion;
m_listener = new SecureTcpListener(bindTo, listeningPortSuggestion, m_sslOpts);
// start TCP-Listening
m_listener.Start();
if (listeningPortSuggestion == 0)
{
// auto-assign port selected
resultPort = ((IPEndPoint)m_listener.LocalEndpoint).Port;
}
if (m_isSecured)
{
// create ssl tagged component
SSLComponentData sslData = new SSLComponentData(Convert.ToInt16(m_supportedOptions),
Convert.ToInt16(m_requiredOptions),
(short)resultPort);
taggedComponents = new TaggedComponent[] {
new TaggedComponent(TAG_SSL_SEC_TRANS.ConstVal,
m_codec.encode_value(sslData))
};
resultPort = 0; // don't allow unsecured connections -> port is in ssl components
}
else
{
taggedComponents = new TaggedComponent[0];
}
m_listenerActive = true;
// start the handler thread
m_listenerThread.Start();
return(resultPort);
}
/// <summary><see cref="Ch.Elca.Iiop.IServerConnectionListener.StartListening"</summary>
public int StartListening(IPAddress bindTo, int listeningPortSuggestion, out TaggedComponent[] taggedComponents) {
if (!m_isInitalized) {
throw CreateNotInitalizedException();
}
if (m_listenerActive) {
throw CreateAlreadyListeningException();
}
int resultPort = listeningPortSuggestion;
m_listener = new SecureTcpListener(bindTo, listeningPortSuggestion, m_sslOpts);
// start TCP-Listening
m_listener.Start();
if (listeningPortSuggestion == 0) {
// auto-assign port selected
resultPort = ((IPEndPoint)m_listener.LocalEndpoint).Port;
}
if (m_isSecured) {
// create ssl tagged component
SSLComponentData sslData = new SSLComponentData(Convert.ToInt16(m_supportedOptions),
Convert.ToInt16(m_requiredOptions),
(short)resultPort);
taggedComponents = new TaggedComponent[] {
new TaggedComponent(TAG_SSL_SEC_TRANS.ConstVal,
m_codec.encode_value(sslData)) };
resultPort = 0; // don't allow unsecured connections -> port is in ssl components
} else {
taggedComponents = new TaggedComponent[0];
}
m_listenerActive = true;
// start the handler thread
m_listenerThread.Start();
return resultPort;
}
private SecurityOptions CreateClientSecurityOptions(SSLComponentData sslData) {
CertVerifyEventHandler serverCertificateCheckHandler = null;
CertRequestEventHandler clientCertificateRequestHandler = null;
CredentialVerification credentialVerification = CredentialVerification.Auto;
SecureProtocol protocol = SecureProtocol.None;
SslAlgorithms sslAlgs = SslAlgorithms.ALL;
if (((sslData.TargetRequiredOptions & SecurityAssociationOptions.EstablishTrustInTarget) > 0) ||
((sslData.TargetRequiredOptions & SecurityAssociationOptions.EstablishTrustInClient) > 0)) {
protocol = SecureProtocol.Tls1 | SecureProtocol.Ssl3;
sslAlgs = SslAlgorithms.SECURE_CIPHERS;
credentialVerification = CredentialVerification.Manual;
serverCertificateCheckHandler = new CertVerifyEventHandler(this.CheckServerCertAtClient);
clientCertificateRequestHandler = new CertRequestEventHandler(this.GetClientCertAtClient);
}
SecurityOptions result =
new SecurityOptions(protocol,
null, ConnectionEnd.Client,
credentialVerification, serverCertificateCheckHandler,
null, SecurityFlags.Default, sslAlgs,
clientCertificateRequestHandler);
return result;
}
public override IorProfile GetProfileForAddr(byte[] objectKey, Codec codec) {
InternetIiopProfile result = new InternetIiopProfile(Version, Host, 0, objectKey);
SSLComponentData sslComp =
new SSLComponentData(SecurityAssociationOptions.EstablishTrustInClient,
SecurityAssociationOptions.EstablishTrustInTarget,
(short)Port);
TaggedComponent sslTaggedComp =
new TaggedComponent(TAG_SSL_SEC_TRANS.ConstVal,
codec.encode_value(sslComp));
result.AddTaggedComponent(sslTaggedComp);
return result;
}
