public static DuplexStream CreateStream()
 {
     var options = new SecurityOptions(SecureProtocol.Tls1, null, new[] { Protocols.Http1 }, ConnectionEnd.Client);
     var socket = new SecureSocket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp, options);
     
     return new Mock<DuplexStream>(socket, false).Object;
 }
 public void Start()
 {
     // create a new ManualResetEvent. This will be used to make the main application
     // thread wait until the full server reply has been received.
     m_ResetEvent = new ManualResetEvent(false);
     // initialize the security options
     SecurityOptions options = new SecurityOptions(
         SecureProtocol.Ssl3 | SecureProtocol.Tls1,	// use SSL3 or TLS1
         null,										// do not use client authentication
         ConnectionEnd.Client,						// this is the client side
         CredentialVerification.None,				// do not check the certificate -- this should not be used in a real-life application :-)
         null,										// not used with automatic certificate verification
         "www.microsoft.com",						// this is the common name of the Microsoft web server
         SecurityFlags.Default,						// use the default security flags
         SslAlgorithms.SECURE_CIPHERS,				// only use secure ciphers
         null);										// do not process certificate requests.
     try {
         // create the securesocket with the specified security options
         m_Socket = new SecureSocket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp, options);
         // resolve www.microsoft.com
         IPEndPoint endpoint = new IPEndPoint(Dns.GetHostEntry("www.microsoft.com").AddressList[0], 443);
         // start connecting to www.microsoft.com
         m_Socket.BeginConnect(endpoint, new AsyncCallback(this.OnConnect), null);
         // wait until the entire web page has been received
         m_ResetEvent.WaitOne();
         // close the SecureSocket
         m_Socket.Close();
     } catch {
         OnError("Could not connect to the website");
     }
 }
		/// <summary>
		/// Changes the security protocol. This method can only be used to 'upgrade' a connection from no-security to either SSL or TLS.
		/// </summary>
		/// <param name="options">The new <see cref="SecurityOptions"/> parameters.</param>
		/// <exception cref="SecurityException">An error occurs while changing the security protocol.</exception>
		/// <remarks>
		/// Programs should only call this method if there is no active <see cref="Connect"/>, <see cref="Accept"/>, <see cref="Send"/> or <see cref="Receive"/>!
		/// </remarks>
		public void ChangeSecurityProtocol(SecurityOptions options) {
			if (options == null)
				throw new ArgumentNullException();
			if (m_Options != null && m_Options.Protocol != SecureProtocol.None)
				throw new ArgumentException("Only changing from a normal connection to a secure connection is supported.");
			if (base.ProtocolType != ProtocolType.Tcp && options.Protocol != SecureProtocol.None)
				throw new SecurityException("Security protocols require underlying TCP connections!");
			// check SecurityOptions structure
			if (options.Protocol != SecureProtocol.None) {
				if (options.Entity == ConnectionEnd.Server && options.Certificate == null)
					throw new ArgumentException("The certificate cannot be set to a null reference when creating a server socket.");
				if (options.Certificate != null && !options.Certificate.HasPrivateKey())
					throw new ArgumentException("If a certificate is specified, it must have a private key.");
				if (((int)options.AllowedAlgorithms & (int)SslAlgorithms.NULL_COMPRESSION) == 0)
					throw new ArgumentException("The allowed algorithms field must contain at least one compression algorithm.");
				if (((int)options.AllowedAlgorithms ^ (int)SslAlgorithms.NULL_COMPRESSION) == 0)
					throw new ArgumentException("The allowed algorithms field must contain at least one cipher suite.");
				if (options.VerificationType == CredentialVerification.Manual && options.Verifier == null)
					throw new ArgumentException("A CertVerifyEventHandler is required when using manual certificate verification.");
			}
			m_Options = (SecurityOptions)options.Clone();
			if (options.Protocol != SecureProtocol.None) {
				if (this.Connected)
					m_Controller = new SocketController(this, base.InternalSocket, options);
			}
		}
 public SecureTcpClient(string hostname, int port, SecurityOptions options) : this(options) {
     if (hostname == null)
     {
         throw new ArgumentNullException();
     }
     Connect(hostname, port);
 }
Beispiel #5
0
        public void Connect(string hostname, int port, bool ssl)
        {
            try {
            Host = hostname;
            Port = port;
            Ssl = ssl;

            var protocol = ssl ? SecureProtocol.Tls1 | SecureProtocol.Ssl3 : SecureProtocol.None;
            SecurityOptions options = new SecurityOptions(protocol);
            options.Certificate = null;
            options.Entity = ConnectionEnd.Client;
            options.CommonName = hostname;
            options.VerificationType = CredentialVerification.Auto;
            options.Flags = SecurityFlags.Default;
            options.AllowedAlgorithms = SslAlgorithms.SECURE_CIPHERS;

            //_Connection = new TcpClient(hostname, port);
            _Connection = new SecureTcpClient(hostname, port, options);
            _Stream = _Connection.GetStream();

            _Reader = new StreamReader(_Stream, System.Text.Encoding.Default);
            string info = _Reader.ReadLine();
            OnConnected(info);

            IsConnected = true;
            Host = hostname;
              } catch (Exception) {
            IsConnected = false;
            throw;
              }
        }
        public HttpSocketServer(Func<IDictionary<string, object>, Task> next, IDictionary<string, object> properties)
        {
            _next = next;
            var addresses = (IList<IDictionary<string, object>>)properties["host.Addresses"];

            var address = addresses.First();
            _port = Int32.Parse(address.Get<string>("port"));
            _scheme = address.Get<string>("scheme");

            _cancelAccept = new CancellationTokenSource();

            _useHandshake = (bool)properties["use-handshake"];
            _usePriorities = (bool)properties["use-priorities"];
            _useFlowControl = (bool)properties["use-flowControl"];

            var extensions = new[] { ExtensionType.Renegotiation, ExtensionType.ALPN };

            // protocols should be in order of their priority
            _options = _scheme == Uri.UriSchemeHttps ? new SecurityOptions(SecureProtocol.Tls1, extensions, new[] { Protocols.Http2, Protocols.Http204, Protocols.Http1 }, ConnectionEnd.Server)
                                : new SecurityOptions(SecureProtocol.None, extensions, new[] { Protocols.Http2, Protocols.Http1 }, ConnectionEnd.Server);

            _options.VerificationType = CredentialVerification.None;
            _options.Certificate = Certificate.CreateFromCerFile(AssemblyName + CertificateFilename);
            _options.Flags = SecurityFlags.Default;
            _options.AllowedAlgorithms = SslAlgorithms.RSA_AES_256_SHA | SslAlgorithms.NULL_COMPRESSION;

            _server = new SecureTcpListener(_port, _options);

            ThreadPool.SetMaxThreads(30, 10);

            _listenThread = new Thread(Listen);
            _listenThread.Start();
        }
 /// <summary>
 /// Initializes a new instance of the SecureTcpListener class with the specified local endpoint.
 /// </summary>
 /// <param name="localEP">The local endpoint to which to bind the listener Socket.</param>
 /// <param name="options">The security options to use.</param>
 /// <exception cref="ArgumentNullException"><paramref name="localEP"/> is a null reference (<b>Nothing</b> in Visual Basic).</exception>
 /// <remarks><paramref name="localEP"/> specifies the local <see cref="IPEndPoint"/>. This constructor creates an underlying SecureSocket, and binds that SecureSocket to <paramref name="localEP"/>. If you call the Start method, TcpListener will listen for connections on <paramref name="localEP"/>.</remarks>
 public SecureTcpListener(IPEndPoint localEP, SecurityOptions options)
 {
     if (localEP == null)
     {
         throw new ArgumentNullException();
     }
     m_LocalEndpoint   = localEP;
     m_SecurityOptions = options;
 }
 /// <summary>
 /// Initializes a new instance of the SecureTcpListener class with the specified listener SecureSocket.
 /// </summary>
 /// <param name="listener">The listener <see cref="SecureSocket"/>.</param>
 /// <param name="options">The security options to use.</param>
 /// <exception cref="ArgumentNullException"><paramref name="listener"/> is a null reference (<b>Nothing</b> in Visual Basic).</exception>
 /// <exception cref="SocketException">An error occurs while reading the LocalEndPoint property.</exception>
 /// <exception cref="ObjectDisposedException">The SecureSocket has been closed.</exception>
 protected SecureTcpListener(SecureSocket listener, SecurityOptions options)
 {
     if (listener == null)
     {
         throw new ArgumentNullException();
     }
     m_Server          = listener;
     m_LocalEndpoint   = listener.LocalEndPoint;
     m_SecurityOptions = options;
 }
 public void AddHttpsBinding( IPAddress address,
                              int port,
                              SecureProtocol protocol,
                              Certificate cert )
 {
     SecurityOptions ops = new SecurityOptions( protocol, cert, ConnectionEnd.Server );
     AdkSocketBinding listener = this.CreateHttpsListener( ops );
     listener.HostAddress = address;
     listener.Port = port;
     this.AddListener(listener);
 }
 internal HttpConnectingClient(SecureTcpListener server, SecurityOptions options, AppFunc next, 
                              bool useHandshake, bool usePriorities, bool useFlowControl)
 {
     _isDisposed = false;
     _usePriorities = usePriorities;
     _useHandshake = useHandshake;
     _useFlowControl = useFlowControl;
     _server = server;
     _next = next;
     _options = options;
     _cancelClientHandling = new CancellationTokenSource();
 }
 internal HttpConnectingClient(SecureTcpListener server, SecurityOptions options,
                              AppFunc next, bool useHandshake, bool usePriorities, 
                              bool useFlowControl, List<string> listOfRootFiles)
 {
     _listOfRootFiles = listOfRootFiles;
     _usePriorities = usePriorities;
     _useHandshake = useHandshake;
     _useFlowControl = useFlowControl;
     _server = server;
     _next = next;
     _options = options;
     _fileHelper = new FileHelper(ConnectionEnd.Server);
 }
        /// <summary>
        /// Initializes new instance of Http2 server.
        /// </summary>
        /// <param name="port">Port to listen.</param>
        public Http2Server(int port)
        {
            this.Port = port;

            ExtensionType[] extensions = new ExtensionType[] { ExtensionType.Renegotiation, ExtensionType.ALPN };
            SecurityOptions options = new SecurityOptions(SecureProtocol.Tls1, extensions, ConnectionEnd.Server);

            options.VerificationType = CredentialVerification.None;
            options.Certificate = Org.Mentalis.Security.Certificates.Certificate.CreateFromCerFile(@"certificate.pfx");
            options.Flags = SecurityFlags.Default;
            options.AllowedAlgorithms = SslAlgorithms.RSA_AES_128_SHA | SslAlgorithms.NULL_COMPRESSION;
            _server = new SecureTcpListener(Port, options);
        }
        public SecureHandshaker(SecureSocket socket, SecurityOptions options)
        {
            InternalSocket = socket;
            InternalSocket.OnHandshakeFinish += HandshakeFinishedHandler;

            Options = options;
            _handshakeFinishedEventRaised = new ManualResetEvent(false);

            if (Options.Protocol == SecureProtocol.None)
            {
                HandshakeFinishedHandler(this, null);
            }
        }
      public Stream Connect(IBrokerInfo broker)
      {
         MCertificate cert = GetClientCert(broker);
         SecurityOptions options = new SecurityOptions(
            SecureProtocol.Tls1, cert, ConnectionEnd.Client
            );
         if ( broker.SslOptions != null 
            && broker.SslOptions.IgnoreValidationErrors )
         {
            _logger.Warn("Ignoring any certificate validation errors during SSL handshake...");
            options.VerificationType = CredentialVerification.None;
         }

         _tcpClient = new MyTcpClient(broker.Host, broker.Port, options);
         return _tcpClient.GetStream();
      }
        public CompatibilityLayer(SocketController controller, SecurityOptions options)
        {
            m_Buffer = new byte[0];
            m_MinVersion = GetMinProtocol(options.Protocol);
            m_MaxVersion = GetMaxProtocol(options.Protocol);

            this.handshakeMonitor = new SslTlsHandshakeMonitor();

            HandshakeLayer layer = null;
            if (m_MinVersion.GetVersionInt() == 30)
            { // SSL 3.0
                if (options.Entity == ConnectionEnd.Client)
                {
                    layer = new Ssl3ClientHandshakeLayer(null, options);
                    m_MinLayer = new RecordLayer(controller, layer as ClientHandshakeLayer);

                    this.handshakeMonitor.Attach(controller.Parent, layer as ClientHandshakeLayer);
                }
                else
                {
                    layer = new Ssl3ServerHandshakeLayer(null, options);
                    m_MinLayer = new RecordLayer(controller, layer as ServerHandshakeLayer);

                    this.handshakeMonitor.Attach(controller.Parent, layer as ServerHandshakeLayer);
                }
            }
            else
            { // TLS 1.0
                if (options.Entity == ConnectionEnd.Client)
                {
                    layer = new Tls1ClientHandshakeLayer(null, options);
                    m_MinLayer = new RecordLayer(controller, layer as ClientHandshakeLayer);

                    this.handshakeMonitor.Attach(controller.Parent, layer as ClientHandshakeLayer);
                }
                else
                {
                    layer = new Tls1ServerHandshakeLayer(null, options);
                    m_MinLayer = new RecordLayer(controller, layer as ServerHandshakeLayer);

                    this.handshakeMonitor.Attach(controller.Parent, layer as ServerHandshakeLayer);
                }
               }

            m_MinLayer.HandshakeLayer.RecordLayer = m_MinLayer;
            m_Options = options;
        }
Beispiel #16
0
 /// <summary>
 /// Changes the security protocol. This method can only be used to 'upgrade' a connection from no-security to either SSL or TLS.
 /// </summary>
 /// <param name="options">The new <see cref="SecurityOptions"/> parameters.</param>
 /// <exception cref="SecurityException">An error occurs while changing the security protocol.</exception>
 /// <remarks>
 /// Programs should only call this method if there is no active <see cref="Connect"/>, <see cref="Accept"/>, <see cref="Send"/> or <see cref="Receive"/>!
 /// </remarks>
 public void ChangeSecurityProtocol(SecurityOptions options)
 {
     if (options == null)
     {
         throw new ArgumentNullException();
     }
     if (m_Options != null && m_Options.Protocol != SecureProtocol.None)
     {
         throw new ArgumentException("Only changing from a normal connection to a secure connection is supported.");
     }
     if (base.ProtocolType != ProtocolType.Tcp && options.Protocol != SecureProtocol.None)
     {
         throw new SecurityException("Security protocols require underlying TCP connections!");
     }
     // check SecurityOptions structure
     if (options.Protocol != SecureProtocol.None)
     {
         if (options.Entity == ConnectionEnd.Server && options.Certificate == null)
         {
             throw new ArgumentException("The certificate cannot be set to a null reference when creating a server socket.");
         }
         if (options.Certificate != null && !options.Certificate.HasPrivateKey())
         {
             throw new ArgumentException("If a certificate is specified, it must have a private key.");
         }
         if (((int)options.AllowedAlgorithms & (int)SslAlgorithms.NULL_COMPRESSION) == 0)
         {
             throw new ArgumentException("The allowed algorithms field must contain at least one compression algorithm.");
         }
         if (((int)options.AllowedAlgorithms ^ (int)SslAlgorithms.NULL_COMPRESSION) == 0)
         {
             throw new ArgumentException("The allowed algorithms field must contain at least one cipher suite.");
         }
         if (options.VerificationType == CredentialVerification.Manual && options.Verifier == null)
         {
             throw new ArgumentException("A CertVerifyEventHandler is required when using manual certificate verification.");
         }
     }
     m_Options = (SecurityOptions)options.Clone();
     if (options.Protocol != SecureProtocol.None)
     {
         if (this.Connected)
         {
             m_Controller = new SocketController(this, base.InternalSocket, options);
         }
     }
 }
Beispiel #17
0
		public CompatibilityLayer(SocketController controller, SecurityOptions options) {
			m_Buffer = new byte[0];
			m_MinVersion = GetMinProtocol(options.Protocol);
			m_MaxVersion = GetMaxProtocol(options.Protocol);
			if (m_MinVersion.GetVersionInt() == 30) { // SSL 3.0
				if (options.Entity == ConnectionEnd.Client)
					m_MinLayer = new RecordLayer(controller, new Ssl3ClientHandshakeLayer(null, options));
				else
					m_MinLayer = new RecordLayer(controller, new Ssl3ServerHandshakeLayer(null, options));
			} else { // TLS 1.0
				if (options.Entity == ConnectionEnd.Client)
					m_MinLayer = new RecordLayer(controller, new Tls1ClientHandshakeLayer(null, options));
				else
					m_MinLayer = new RecordLayer(controller, new Tls1ServerHandshakeLayer(null, options));
			}
			m_MinLayer.HandshakeLayer.RecordLayer = m_MinLayer;
			m_Options = options;
		}
		public HandshakeLayer(RecordLayer recordLayer, SecurityOptions options) {
			m_Disposed = false;
			m_Options = options;
			m_IsNegotiating = true;
			m_RNG = new RNGCryptoServiceProvider();
			m_RecordLayer = recordLayer;
			m_State = HandshakeType.Nothing;
			m_IncompleteMessage = new byte[0];
			m_LocalMD5Hash = new MD5CryptoServiceProvider();
			m_LocalSHA1Hash = new SHA1CryptoServiceProvider();
			m_RemoteMD5Hash = new MD5CryptoServiceProvider();
			m_RemoteSHA1Hash = new SHA1CryptoServiceProvider();
			m_CertSignHash = new MD5SHA1CryptoServiceProvider();
			m_CertSignHash.Protocol = this.GetProtocol();
			if (options.Entity == ConnectionEnd.Server && ((int)options.Flags & (int)SecurityFlags.MutualAuthentication) != 0)
				m_MutualAuthentication = true;
			else
				m_MutualAuthentication = false;
		}
		/// <summary>
		/// Opens the stream
		/// </summary>
		public override void Open()
		{
			SecurityOptions opts = null;
			if(secured)
			{
				opts = new SecurityOptions(SecureProtocol.Tls1);
				opts.Protocol = SecureProtocol.Tls1;
				opts.Certificate = null;
				opts.AllowedAlgorithms = SslAlgorithms.SECURE_CIPHERS;
				opts.VerificationType = CredentialVerification.Manual;
				opts.Verifier = new CertVerifyEventHandler(stream_OnCertVerify);
				opts.Flags = SecurityFlags.Default;
			}
			else 
			{
				opts = new SecurityOptions(SecureProtocol.None);
			}
			SecureTcpClient cli = new SecureTcpClient(hostname, port, opts);
			stream = cli.GetStream();
		}
		/// <summary>
		/// Initializes a new instance of the SecureSocket class.
		/// </summary>
		/// <param name="accepted">The accepted <see cref="Socket"/> instance.</param>
		/// <param name="options">The <see cref="SecurityOptions"/> to use.</param>
		/// <exception cref="SecurityException">An error occurs while changing the security protocol.</exception>
		internal SecureSocket(Socket accepted, SecurityOptions options) : base(accepted) {
			m_SentShutdownNotification = false;
			ChangeSecurityProtocol(options);
		}
		/// <summary>
		/// Initializes a new instance of the SecureSocket class.
		/// </summary>
		/// <param name="addressFamily">One of the <see cref="AddressFamily"/> values.</param>
		/// <param name="socketType">One of the <see cref="SocketType"/> values.</param>
		/// <param name="protocolType">One of the <see cref="ProtocolType"/> values.</param>
		/// <param name="options">The <see cref="SecurityOptions"/> to use.</param>
		/// <exception cref="SecurityException">An error occurs while changing the security protocol.</exception>
		public SecureSocket(AddressFamily addressFamily, SocketType socketType, ProtocolType protocolType, SecurityOptions options) : base(addressFamily, socketType, protocolType) {
			m_SentShutdownNotification = false;
			ChangeSecurityProtocol(options);
		}
 /// <summary>
 /// Initializes a new instance of the SecureSocket class.
 /// </summary>
 /// <param name="addressFamily">One of the <see cref="AddressFamily"/> values.</param>
 /// <param name="socketType">One of the <see cref="SocketType"/> values.</param>
 /// <param name="protocolType">One of the <see cref="ProtocolType"/> values.</param>
 /// <param name="options">The <see cref="SecurityOptions"/> to use.</param>
 /// <exception cref="SecurityException">An error occurs while changing the security protocol.</exception>
 public SecureSocket(AddressFamily addressFamily, SocketType socketType, 
                     ProtocolType protocolType, SecurityOptions options)
     : base(addressFamily, socketType, protocolType)
 {
     SelectedProtocol = String.Empty;
     m_SentShutdownNotification = false;
     ChangeSecurityProtocol(options);
     this.m_Controller = new SocketController(this, base.InternalSocket, m_Options);
 }
 /// <summary>
 /// Initializes a new instance of <see cref="SecureTcpClient"/> bound to the specified local endpoint.
 /// </summary>
 /// <param name="localEP">The IPEndPoint to which you bind the TCP Socket.</param>
 /// <param name="options">The security options to use.</param>
 /// <exception cref="ArgumentNullException"><paramref name="localEP"/> is null (<b>Nothing</b> in Visual Basic).</exception>
 /// <exception cref="SocketException">An operating system error occurs while accessing the Socket.</exception>
 public SecureTcpClient(IPEndPoint localEP, SecurityOptions options)
     : this(options)
 {
     m_Client.Bind(localEP);
 }
 /// <summary>
 /// Initializes a new instance of the <see cref="SecureTcpClient"/> class.
 /// </summary>
 /// <param name="options">The security options to use.</param>
 public SecureTcpClient(SecurityOptions options)
 {
     m_Client = new SecureSocket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp, options);
 }
 private void DownloadFile(Url url, int choice)
 {
     SecurityOptions options = new SecurityOptions(SecureProtocol.None);;
     m_Socket = new SecureSocket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp, options);
     // connect to the FTP server using a normal TCP connection
     m_Socket.Connect(new IPEndPoint(Dns.GetHostEntry(url.Host).AddressList[0], url.Port));
     // wait for the server hello
     ReceiveReply();
     // if the user selected to use the AUTH command..
     if (choice == 2) {
         // ..send the command to the server and start the SSL handshake
         DoAuthCommand(url.Host);
     }
     // log on and quit
     if (!SendCommand("USER " + url.Username))
         return;
     if (!SendCommand("PASS " + url.Password))
         return;
     if (!SendCommand("QUIT"))
         return;
     // clean up
     m_Socket.Shutdown(SocketShutdown.Both);
     m_Socket.Close();
 }
 /// <summary>
 /// Initializes a new instance of the SecureTcpListener class with the specified listener SecureSocket.
 /// </summary>
 /// <param name="listener">The listener <see cref="SecureSocket"/>.</param>
 /// <param name="options">The security options to use.</param>
 /// <exception cref="ArgumentNullException"><paramref name="listener"/> is a null reference (<b>Nothing</b> in Visual Basic).</exception>
 /// <exception cref="SocketException">An error occurs while reading the LocalEndPoint property.</exception>
 /// <exception cref="ObjectDisposedException">The SecureSocket has been closed.</exception>
 protected SecureTcpListener(SecureSocket listener, SecurityOptions options)
 {
     if (listener == null)
         throw new ArgumentNullException();
     m_Server = listener;
     m_LocalEndpoint = listener.LocalEndPoint;
     m_SecurityOptions = options;
 }
 /// <summary>
 /// Initializes a new instance of the SecureTcpListener class that listens on the specified port.
 /// </summary>
 /// <param name="port">The port on which to listen. If this number is 0, the system will assign an open port.</param>
 /// <param name="options">The security options to use.</param>
 /// <exception cref="ArgumentOutOfRangeException">The port parameter is not between MinPort and MaxPort.</exception>
 /// <remarks><paramref name="port"/> specifies the local port number on which you intend to listen. When you call Start, SecureTcpListener uses the default network interface to listen for connections on the specified port.</remarks>
 public SecureTcpListener(int port, SecurityOptions options) : this(IPAddress.Any, port, options)
 {
 }
 public Ssl3ServerHandshakeLayer(RecordLayer recordLayer, SecurityOptions options)
     : base(recordLayer, options)
 {
 }
 public ClientHandshakeLayer(RecordLayer recordLayer, SecurityOptions options)
     : base(recordLayer, options)
 {
     this.clientHelloExts = options.ExtensionList;
 }
 private void DoAuthCommand(string cn)
 {
     // send the AUTH command
     if (!SendCommand("AUTH TLS")) {
         Console.WriteLine("The server does not support SSL/TLS authentication -- exiting.");
         return;
     }
     // if the server accepted our command, start the SSL/TLs connection
     SecurityOptions options = new SecurityOptions(SecureProtocol.Ssl3 | SecureProtocol.Tls1);
     options.AllowedAlgorithms = SslAlgorithms.SECURE_CIPHERS;
     options.CommonName = cn;
     options.VerificationType = CredentialVerification.Manual;
     options.Verifier = new CertVerifyEventHandler(this.OnVerify);
     m_Socket.ChangeSecurityProtocol(options);
 }
 /// <summary>
 /// Initializes a new instance of the SecureTcpListener class that listens on the specified port.
 /// </summary>
 /// <param name="port">The port on which to listen. If this number is 0, the system will assign an open port.</param>
 /// <param name="options">The security options to use.</param>
 /// <exception cref="ArgumentOutOfRangeException">The port parameter is not between MinPort and MaxPort.</exception>
 /// <remarks><paramref name="port"/> specifies the local port number on which you intend to listen. When you call Start, SecureTcpListener uses the default network interface to listen for connections on the specified port.</remarks>
 public SecureTcpListener(int port, SecurityOptions options)
     : this(IPAddress.Any, port, options)
 {
 }
 /// <summary>
 /// Initializes a new instance of <see cref="SecureTcpClient"/> bound to the specified local endpoint.
 /// </summary>
 /// <param name="localEP">The IPEndPoint to which you bind the TCP Socket.</param>
 /// <param name="options">The security options to use.</param>
 /// <exception cref="ArgumentNullException"><paramref name="localEP"/> is null (<b>Nothing</b> in Visual Basic).</exception>
 /// <exception cref="SocketException">An operating system error occurs while accessing the Socket.</exception>
 public SecureTcpClient(IPEndPoint localEP, SecurityOptions options) : this(options) {
     m_Client.Bind(localEP);
 }
Beispiel #33
0
 /// <summary>
 /// Initializes a new instance of the SecureSocket class.
 /// </summary>
 /// <param name="addressFamily">One of the <see cref="AddressFamily"/> values.</param>
 /// <param name="socketType">One of the <see cref="SocketType"/> values.</param>
 /// <param name="protocolType">One of the <see cref="ProtocolType"/> values.</param>
 /// <param name="options">The <see cref="SecurityOptions"/> to use.</param>
 /// <exception cref="SecurityException">An error occurs while changing the security protocol.</exception>
 public SecureSocket(AddressFamily addressFamily, SocketType socketType, ProtocolType protocolType, SecurityOptions options) : base(addressFamily, socketType, protocolType)
 {
     m_SentShutdownNotification = false;
     ChangeSecurityProtocol(options);
 }
 /// <summary>
 /// Initializes a new instance of the <see cref="SecureTcpClient"/> class.
 /// </summary>
 /// <param name="options">The security options to use.</param>
 public SecureTcpClient(SecurityOptions options)
 {
     m_Client = new SecureSocket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp, options);
 }
Beispiel #35
0
 /// <summary>
 /// Initializes a new instance of the SecureSocket class.
 /// </summary>
 /// <param name="accepted">The accepted <see cref="Socket"/> instance.</param>
 /// <param name="options">The <see cref="SecurityOptions"/> to use.</param>
 /// <exception cref="SecurityException">An error occurs while changing the security protocol.</exception>
 internal SecureSocket(Socket accepted, SecurityOptions options) : base(accepted)
 {
     m_SentShutdownNotification = false;
     ChangeSecurityProtocol(options);
 }
 /// <summary>
 /// Initializes a new instance of the <see cref="SecureTcpClient"/> class and connects to the specified port on the specified host.
 /// </summary>
 /// <param name="hostname">DNS name of the remote host to which you intend to connect.</param>
 /// <param name="port">Port number of the remote host to which you intend to connect.</param>
 /// <param name="options">The security options to use.</param>
 /// <exception cref="ArgumentNullException"><paramref name="hostname"/> is null (<b>Nothing</b> in Visual Basic).</exception>
 /// <exception cref="ArgumentOutOfRangeException"><paramref name="port"/> is less than MinPort -or- <paramref name="port"/> is greater than MaxPort.</exception>
 /// <exception cref="SocketException">An error is encountered when resolving <paramref name="hostname"/> -or- an error occurred while connecting to the remote host.</exception>
 /// <exception cref="SecurityException">The security negotiation failed.</exception>
 public SecureTcpClient(string hostname, int port, SecurityOptions options)
     : this(options)
 {
     if (hostname == null)
         throw new ArgumentNullException();
     Connect(hostname, port);
 }
Beispiel #37
0
        public HttpSocketServer(Func<IDictionary<string, object>, Task> next, IDictionary<string, object> properties)
        {
            _next = next;

            var addresses = (IList<IDictionary<string, object>>)properties[OwinConstants.CommonKeys.Addresses];

            var address = addresses.First();
            _port = Int32.Parse(address.Get<string>("port"));
            _scheme = address.Get<string>("scheme");

            _useHandshake = (bool)properties["use-handshake"];
            _usePriorities = (bool)properties["use-priorities"];
            _useFlowControl = (bool)properties["use-flowControl"];

            int securePort;

            try
            {
                securePort = int.Parse(ConfigurationManager.AppSettings["securePort"]);
            }
            catch (Exception)
            {
                Http2Logger.LogError("Incorrect port in the config file!" + ConfigurationManager.AppSettings["securePort"]);
                return;
            }

            if (_port == securePort && _scheme == Uri.UriSchemeHttp
                || _port != securePort && _scheme == Uri.UriSchemeHttps)
            {
                Http2Logger.LogError("Invalid scheme or port! Use https for secure port.");
                return;
            }

            var extensions = new[] { ExtensionType.Renegotiation, ExtensionType.ALPN };

            // protocols should be in order of their priority
            _options = _port == securePort ? new SecurityOptions(SecureProtocol.Tls1, extensions, new[] { Protocols.Http2, Protocols.Http1 }, ConnectionEnd.Server)
                                : new SecurityOptions(SecureProtocol.None, extensions, new[] { Protocols.Http2, Protocols.Http1 }, ConnectionEnd.Server);

            _options.VerificationType = CredentialVerification.None;
            _options.Certificate = Certificate.CreateFromCerFile(AssemblyName + CertificateFilename);
            _options.Flags = SecurityFlags.Default;
            _options.AllowedAlgorithms = SslAlgorithms.RSA_AES_256_SHA | SslAlgorithms.NULL_COMPRESSION;

            _server = new SecureTcpListener(_port, _options);

            ThreadPool.SetMaxThreads(30, 10);

            Listen();
        }
 /// <summary>
 /// Initializes a new instance of the SecureTcpListener class that listens to the specified IP address and port.
 /// </summary>
 /// <param name="localaddr">The local IP address.</param>
 /// <param name="port">The port on which to listen.</param>
 /// <param name="options">The security options to use.</param>
 /// <exception cref="ArgumentNullException"><paramref name="localaddr"/> is a null reference (<b>Nothing</b> in Visual Basic).</exception>
 /// <exception cref="ArgumentOutOfRangeException"><paramref name="port"/> is not between MinPort and MaxPort.</exception>
 public SecureTcpListener(IPAddress localaddr, int port, SecurityOptions options)
     : this(new IPEndPoint(localaddr, port), options)
 {
 }
 /// <summary>
 /// Changes the security protocol. This method can only be used to 'upgrade' a connection from no-security to either SSL or TLS.
 /// </summary>
 /// <param name="options">The new <see cref="SecurityOptions"/> parameters.</param>
 /// <exception cref="SecurityException">An error occurs while changing the security protocol.</exception>
 /// <remarks>
 /// Programs should only call this method if there is no active <see cref="Read"/> or <see cref="Write"/>!
 /// </remarks>
 public void ChangeSecurityProtocol(SecurityOptions options)
 {
     Socket.ChangeSecurityProtocol(options);
 }
 /// <summary>
 /// Initializes a new instance of the SecureTcpListener class that listens to the specified IP address and port.
 /// </summary>
 /// <param name="localaddr">The local IP address.</param>
 /// <param name="port">The port on which to listen.</param>
 /// <param name="options">The security options to use.</param>
 /// <exception cref="ArgumentNullException"><paramref name="localaddr"/> is a null reference (<b>Nothing</b> in Visual Basic).</exception>
 /// <exception cref="ArgumentOutOfRangeException"><paramref name="port"/> is not between MinPort and MaxPort.</exception>
 public SecureTcpListener(IPAddress localaddr, int port, SecurityOptions options) : this(new IPEndPoint(localaddr, port), options)
 {
 }
 /// <summary>
 /// Initializes a new instance of the SecureTcpListener class with the specified local endpoint.
 /// </summary>
 /// <param name="localEP">The local endpoint to which to bind the listener Socket.</param>
 /// <param name="options">The security options to use.</param>
 /// <exception cref="ArgumentNullException"><paramref name="localEP"/> is a null reference (<b>Nothing</b> in Visual Basic).</exception>
 /// <remarks><paramref name="localEP"/> specifies the local <see cref="IPEndPoint"/>. This constructor creates an underlying SecureSocket, and binds that SecureSocket to <paramref name="localEP"/>. If you call the Start method, TcpListener will listen for connections on <paramref name="localEP"/>.</remarks>
 public SecureTcpListener(IPEndPoint localEP, SecurityOptions options)
 {
     if (localEP == null)
         throw new ArgumentNullException();
     m_LocalEndpoint = localEP;
     m_SecurityOptions = options;
 }