//static internal int TargetFirmwareVersionNumber;
internal static void RunServer(string _serverCA, string serverCert, string serverKey, string deviceCA, string deviceIDPublic)
{
if (deviceCA != null)
{
DeviceCA = new X509Certificate2(deviceCA);
}
DeviceIDPEMFile = deviceIDPublic;
// Windows likes PFX files so make one out of the cert and key PEM files
string serverPFXFile = "TO_ServerKey.pfx";
string password = "******";
Helpers.MakePFXFile(serverCert, serverKey, serverPFXFile, password);
ServerCert = new X509Certificate2(serverPFXFile, password);
TcpListener listener = new TcpListener(IPAddress.Any, 5556);
Helpers.Notify("SSL Server starting on localhost:5556");
listener.Start();
while (true)
{
Helpers.Notify("Waiting for a client to connect...");
TcpClient client = listener.AcceptTcpClient();
if (deviceIDPublic != null)
{
ProcessClient(client, false);
return;
}
else
{
ProcessClient(client, true);
// and wait for the next one
}
}
}
public static void RunClientX()
{
Thread.Sleep(3000);
// The PFX file is created by this utility, but it's just a re-packaging
// of the Alias Key pair and the the certificate generated by RIoT
string tempCertFile = "AliasCert.PFX";
string password = "";
Helpers.MakePFXFile(aliasCert, aliasKey, tempCertFile, password);
var clientCert = new X509Certificate2(tempCertFile);
var certs = new X509Certificate2Collection(new X509Certificate2[] {
clientCert
});
// connect to server
TcpClient client = new TcpClient("127.0.0.1", 5556);
//Helpers.NotifyClient("Client connected.");
// Create an SSL stream and connect.
SslStream sslStream = new SslStream(client.GetStream(), false,
new RemoteCertificateValidationCallback(ValidateServerCertificate), null);
try
{
sslStream.AuthenticateAsClient("RIoT Server CA", certs, SslProtocols.Tls, false);
}
catch (AuthenticationException e)
{
Console.WriteLine("Exception: {0}", e.Message);
if (e.InnerException != null)
{
Helpers.Notify($"Inner exception: {e.InnerException.Message}", true);
}
Helpers.Notify("Authentication failed - closing the connection.");
client.Close();
return;
}
byte[] messsage = Encoding.UTF8.GetBytes("GET /ABC/123");
sslStream.Write(messsage);
sslStream.Flush();
// Read message from the server.
string serverMessage = ReadMessage(sslStream);
Helpers.Notify($"Client received: {serverMessage}");
client.Close();
Helpers.Notify("Client closed.");
}
internal void RefreshCert()
{
Helpers.MakePFXFile(Program.ToPath(Program.AliasCert), Program.ToPath(Program.AliasKey), Program.ToPath(Program.AliasCertPFX), null);
MyCert = new X509Certificate2(Program.ToPath(Program.AliasCertPFX));
CertCount++;
}
internal bool FakeDRSServerHandshake(string devId)
{
string tempCertFile = "AliasCert.PFX";
string password = "";
Helpers.MakePFXFile(Program.ToPath(Program.AliasCert), Program.ToPath(Program.AliasKey), tempCertFile, password);
var clientCert = new X509Certificate2(tempCertFile);
var certs = new X509Certificate2Collection(new X509Certificate2[] { clientCert });
// connect to server
TcpClient client = new TcpClient("127.0.0.1", 5556);
// Create an SSL stream and connect.
SslStream sslStream = new SslStream(client.GetStream(), false,
new RemoteCertificateValidationCallback(ValidateServerCertificate), null);
try
{
sslStream.AuthenticateAsClient("RIoT Server CA", certs, SslProtocols.Tls, false);
}
catch (AuthenticationException e)
{
Console.WriteLine("Exception: {0}", e.Message);
if (e.InnerException != null)
{
Helpers.Notify($"Inner exception: {e.InnerException.Message}", true);
}
Helpers.Notify("Authentication failed - closing the connection.");
client.Close();
return(false);
}
sslStream.ReadTimeout = 10000;
sslStream.WriteTimeout = 10000;
SslTcpServer.SendMessage(sslStream, devId);
string messageFromServer = SslTcpServer.ReadMessage(sslStream);
/*
* byte[] message = Encoding.UTF8.GetBytes(devId);
* byte[] len = new byte[] { (byte) message.Length };
* sslStream.Write(len, 0, 1);
* sslStream.Write(message,0, message.Length);
* sslStream.Flush();
* byte[] buf = new byte[1024];
* int numRead = sslStream.Read(buf, 0, 1);
* if(numRead!=1)
* {
* Helpers.Notify("TLSClient got a bad message from the server");
* }
* int pos = 0;
* int lenX = (int) buf[0];
* while (true)
* {
* numRead = sslStream.Read(buf, pos, lenX - pos);
* pos += numRead;
* if (pos == lenX) break;
* }
* string serverMessage = Encoding.UTF8.GetString(buf, 0, lenX);
*/
Helpers.Notify($"Client received: {messageFromServer}");
Thread.Sleep(30);
client.Close();
Helpers.Notify("Client closed.");
return(true);
}
static internal void StartListener(string _serverCert, string _serverKey, string serverCA, string _clientCert, string _clientKey)
{
// note that the programmatic cert creation and installation didn't work so did this -
// makecert.exe - r - a sha1 - n CN = localhost - sky exchange - pe - b 01 / 01 / 2000 - e 01 / 01 / 2050 - ss my
// then this
// C:\Repos\RIoT Development\Utlilities\RIoTUtils\bin\Debug\Certs>netsh http add sslcert ipport=0.0.0.0:5556 appid={20a30499-7f02-446f-8716-e85fcdbb0ce4} certhash=360e6b474436076ff6cca4b1281fda021c276dbb
// SSL Certificate successfully added
// we need to add the server cert to the store for HttpListener to use it
string serverPfxFile = "ServerCert.PFX";
Helpers.MakePFXFile(_serverCert, _serverKey, serverPfxFile, null);
Helpers.DeleteCertsByIssuer("MSR_TEST");
Helpers.InstallCert(serverCA);
Helpers.InstallCert(serverPfxFile);
Helpers.SetCertForPort(serverPfxFile, 5556);
string clientPfxFile = "ClientCert.PFX";
Helpers.MakePFXFile(_clientCert, _clientKey, clientPfxFile, null);
// 9970e392d44f8d08c158660f1a0b05838f6201f0
// 360e6b474436076ff6cca4b1281fda021c276dbb
SSLValidator.OverrideValidation();
var listener = new HttpListener();
listener.Prefixes.Add("https://127.0.0.1:5556/ABC/");
listener.Start();
Console.WriteLine("Listening...");
SslTcpClient.RunClient(_clientCert, _clientKey);
/*
* // make a request
* //You must change the path to point to your .cer file location.
* X509Certificate Cert = X509Certificate.CreateFromCertFile("ClientCert.PFX");
* // Handle any certificate errors on the certificate from the server.
* // You must change the URL to point to your Web server.
* HttpWebRequest Request = (HttpWebRequest)WebRequest.Create("https://127.0.0.1:5556/ABC/123");
* Request.ClientCertificates.Add(Cert);
* Request.UserAgent = "Client Cert Sample";
* Request.Method = "GET";
* var responseFromServer = Request.GetResponseAsync();
* //string respx = responseFromServer.Result.ToString();
*
*/
var context = listener.GetContext();
HttpListenerRequest request = context.Request;
// Obtain a response object.
HttpListenerResponse response = context.Response;
var cert = request.GetClientCertificate();
// Construct a response.
string responseString = "<HTML><BODY> Hello world!</BODY></HTML>";
byte[] buffer = System.Text.Encoding.UTF8.GetBytes(responseString);
// Get a response stream and write the response to it.
response.ContentLength64 = buffer.Length;
System.IO.Stream output = response.OutputStream;
output.Write(buffer, 0, buffer.Length);
// You must close the output stream.
output.Close();
listener.Stop();
}
