Ejemplo n.º 1
1
        // Initialize all of the default certificates and protocols
        public SslServer()
        {
            // Initialize the Socket
            serverSocketType = SocketType.Stream;
            serverProtocolType = ProtocolType.Tcp;

            if (Microsoft.SPOT.Hardware.SystemInfo.SystemID.SKU == 3)
            {
                cert = new X509Certificate(CertificatesAndCAs.emuCert, "NetMF");
                ca = new X509Certificate[] { new X509Certificate(CertificatesAndCAs.caEmuCert) };
            }
            else
            {
                // Initialize the SslStream
                cert = new X509Certificate(CertificatesAndCAs.newCert);
                ca = new X509Certificate[] { new X509Certificate(CertificatesAndCAs.caCert) };
            }
            verify = SslVerification.NoVerification;
            sslProtocols = new SslProtocols[] { SslProtocols.Default };

            // Create a TCP/IP (IPv4) socket and listen for incoming connections.
            serverSocket = new Socket(AddressFamily.InterNetwork, serverSocketType, serverProtocolType);
            serverSocket.SetSocketOption(SocketOptionLevel.Socket, SocketOptionName.Linger, false);

            serverSocket.Bind(new IPEndPoint(IPAddress.Loopback, 0));
            serverEp = (IPEndPoint)serverSocket.LocalEndPoint;

            Debug.Print("Listening for a client to connect...");
            serverSocket.Listen(1);
        }
Ejemplo n.º 2
0
        // Initialize all of the default certificates and protocols
        public SslServer()
        {
            // Initialize the Socket
            serverSocketType   = SocketType.Stream;
            serverProtocolType = ProtocolType.Tcp;

            if (Microsoft.SPOT.Hardware.SystemInfo.SystemID.SKU == 3)
            {
                cert = new X509Certificate(CertificatesAndCAs.emuCert, "NetMF");
                ca   = new X509Certificate[] { new X509Certificate(CertificatesAndCAs.caEmuCert) };
            }
            else
            {
                // Initialize the SslStream
                cert = new X509Certificate(CertificatesAndCAs.newCert);
                ca   = new X509Certificate[] { new X509Certificate(CertificatesAndCAs.caCert) };
            }
            verify       = SslVerification.NoVerification;
            sslProtocols = new SslProtocols[] { SslProtocols.Default };

            // Create a TCP/IP (IPv4) socket and listen for incoming connections.
            serverSocket = new Socket(AddressFamily.InterNetwork, serverSocketType, serverProtocolType);
            serverSocket.SetSocketOption(SocketOptionLevel.Socket, SocketOptionName.Linger, false);

            serverSocket.Bind(new IPEndPoint(IPAddress.Loopback, 0));
            serverEp = (IPEndPoint)serverSocket.LocalEndPoint;

            Log.Comment("Listening for a client to connect...");
            serverSocket.Listen(1);
        }
        public SslServer(X509Certificate certificate, X509Certificate[] ca, SslVerification clientCertificateRequired, SslProtocols[] enabledSslProtocols, bool expectedException)
        {
            this.certificate = certificate;
            this.ca = ca;
            this.clientCertificateRequired = clientCertificateRequired;
            this.enabledSslProtocols = enabledSslProtocols;
            this.expectedException = expectedException;

            //Get the IPV4 address on this machine which is all that the MF devices support.
            IPHostEntry hostEntry = Dns.GetHostEntry("");
            ipAddress = hostEntry.AddressList[0];

            if (ipAddress == null)
                throw new Exception("No IPV4 address found.");

        }
Ejemplo n.º 4
0
        public SslClient(IPAddress ipAddress, String targetHost, X509Certificate cert, X509Certificate [] ca, SslVerification verify, SslProtocols[] sslProtocols, bool expectedException)
        {
            // Initialize the Socket
            messageSent = MFUtilities.GetRandomSafeString(2000) + TERMINATOR;

            // Initialize the port that communication is using
            port = 11111;
            this.ipAddress = ipAddress;
            this.messageSent = "hello" + TERMINATOR;
            this.targetHost = targetHost;
            this.cert = cert;
            this.ca = ca;
            this.verify = verify;
            this.sslProtocols = sslProtocols;
            this.expectedException = expectedException;
        }
Ejemplo n.º 5
0
        public SslClient(IPAddress ipAddress, String targetHost, X509Certificate cert, X509Certificate [] ca, SslVerification verify, SslProtocols[] sslProtocols, bool expectedException)
        {
            // Initialize the Socket
            messageSent = MFUtilities.GetRandomSafeString(2000) + TERMINATOR;

            // Initialize the port that communication is using
            port                   = 11111;
            this.ipAddress         = ipAddress;
            this.messageSent       = "hello" + TERMINATOR;
            this.targetHost        = targetHost;
            this.cert              = cert;
            this.ca                = ca;
            this.verify            = verify;
            this.sslProtocols      = sslProtocols;
            this.expectedException = expectedException;
        }
Ejemplo n.º 6
0
        public SslServer(X509Certificate certificate, X509Certificate[] ca, SslVerification clientCertificateRequired, SslProtocols[] enabledSslProtocols, bool expectedException)
        {
            this.certificate = certificate;
            this.ca          = ca;
            this.clientCertificateRequired = clientCertificateRequired;
            this.enabledSslProtocols       = enabledSslProtocols;
            this.expectedException         = expectedException;

            //Get the IPV4 address on this machine which is all that the MF devices support.
            IPHostEntry hostEntry = Dns.GetHostEntry("");

            ipAddress = hostEntry.AddressList[0];

            if (ipAddress == null)
            {
                throw new Exception("No IPV4 address found.");
            }
        }
Ejemplo n.º 7
0
        public SslClient()
        {
            // Initialize the Socket
            clientSocketType   = SocketType.Stream;
            clientProtocolType = ProtocolType.Tcp;

            if (Microsoft.SPOT.Hardware.SystemInfo.SystemID.SKU == 3)
            {
                cert       = new X509Certificate(CertificatesAndCAs.emuCert, "NetMF");
                ca         = new X509Certificate[] { new X509Certificate(CertificatesAndCAs.caEmuCert) };
                targetHost = "ZACHL-SBA1.redmond.corp.microsoft.com";
            }
            else
            {
                cert       = new X509Certificate(CertificatesAndCAs.newCert);
                ca         = new X509Certificate[] { new X509Certificate(CertificatesAndCAs.caCert) };
                targetHost = "Device.Microsoft.Com";
            }
            verify       = SslVerification.CertificateRequired;
            sslProtocols = new SslProtocols[] { SslProtocols.Default };
        }
Ejemplo n.º 8
0
        public SslClient()
        {
            // Initialize the Socket
            clientSocketType = SocketType.Stream;
            clientProtocolType = ProtocolType.Tcp;

            if (Microsoft.SPOT.Hardware.SystemInfo.SystemID.SKU == 3)
            {
                cert = new X509Certificate(CertificatesAndCAs.emuCert, "NetMF");
                ca = new X509Certificate[] { new X509Certificate(CertificatesAndCAs.caEmuCert) };
                targetHost = "ZACHL-SBA1.redmond.corp.microsoft.com";
            }
            else
            {
                cert = new X509Certificate(CertificatesAndCAs.newCert);
                ca = new X509Certificate[] { new X509Certificate(CertificatesAndCAs.caCert) };
                targetHost = "Device.Microsoft.Com";
            }
            verify = SslVerification.CertificateRequired;
            sslProtocols = new SslProtocols[] { SslProtocols.Default };
        }
Ejemplo n.º 9
0
        internal void Authenticate(bool isServer, string targetHost, X509Certificate certificate, X509Certificate[] ca, SslVerification verify, params SslProtocols[] sslProtocols)
        {
            SslProtocols vers = (SslProtocols)0;

            if (-1 != _sslContext) throw new InvalidOperationException();

            for (int i = sslProtocols.Length - 1; i >= 0; i--)
            {
                vers |= sslProtocols[i];
            }

            _isServer = isServer;

            try
            {
                if (isServer)
                {
                    _sslContext = SslNative.SecureServerInit((int)vers, (int)verify, certificate, ca);
                    SslNative.SecureAccept(_sslContext, _socket);
                }
                else
                {
                    _sslContext = SslNative.SecureClientInit((int)vers, (int)verify, certificate, ca);
                    SslNative.SecureConnect(_sslContext, targetHost, _socket);
                }
            }
            catch
            {
                if (_sslContext != -1)
                {
                    SslNative.ExitSecureContext(_sslContext);
                    _sslContext = -1;
                }

                throw;
            }
        }
Ejemplo n.º 10
0
 public void AuthenticateAsServer(X509Certificate cert, SslVerification verify, params SslProtocols[] sslProtocols)
 {
     AuthenticateAsServer(cert, null, verify, sslProtocols);
 }
Ejemplo n.º 11
0
 public extern int AuthenticateAsClient(int socketHandle, string targetHost, X509Certificate caCertificate, X509Certificate clientCertificate, SslProtocols sslProtocols, SslVerification sslVerification);
Ejemplo n.º 12
0
 public void AuthenticateAsClient(string targetHost, X509Certificate cert, X509Certificate[] ca, SslVerification verify, params SslProtocols[] sslProtocols)
 {
     Authenticate(false, targetHost, cert, ca, verify, sslProtocols);
 }
Ejemplo n.º 13
0
 public void AuthenticateAsServer(X509Certificate cert, X509Certificate[] ca, SslVerification verify, params SslProtocols[] sslProtocols)
 {
     Authenticate(true, "", cert, ca, verify, sslProtocols);
 }
Ejemplo n.º 14
0
        internal void Authenticate(bool isServer, string targetHost, X509Certificate certificate, X509Certificate[] ca, SslVerification verify, params SslProtocols[] sslProtocols)
        {
            SslProtocols vers = (SslProtocols)0;

            if (-1 != _sslContext)
            {
                throw new InvalidOperationException();
            }

            for (int i = sslProtocols.Length - 1; i >= 0; i--)
            {
                vers |= sslProtocols[i];
            }

            _isServer = isServer;

            try
            {
                if (isServer)
                {
                    throw new NotImplementedException();
                    //_sslContext = SslNative.SecureServerInit((int)vers, (int)verify, certificate, ca);
                    //SslNative.SecureAccept(_sslContext, _socket);
                }
                else
                {
                    bool secMethodSSL3 = false;
                    bool secMethodTLS1 = false;
                    for (int iProtocol = 0; iProtocol < sslProtocols.Length; iProtocol++)
                    {
                        switch (sslProtocols[iProtocol])
                        {
                        case SslProtocols.None:
                            throw new ArgumentException("sslProtocols");

                        case SslProtocols.SSLv3:
                            secMethodSSL3 = true;
                            break;

                        case SslProtocols.TLSv1:
                            secMethodTLS1 = true;
                            break;

                        case SslProtocols.Default:
                            secMethodSSL3 = true;
                            secMethodTLS1 = true;
                            break;
                        }
                    }
                    byte sslProtocolOption = 0;
                    if (secMethodSSL3 && secMethodTLS1)
                    {
                        sslProtocolOption = 4; /* SL_SO_SEC_METHOD_SSLv3_TLSV1_2 */
                    }
                    else if (secMethodSSL3)
                    {
                        sslProtocolOption = 0; /* SL_SO_SEC_METHOD_SSLV3 */
                    }
                    else if (secMethodTLS1)
                    {
                        sslProtocolOption = 1; /* SL_SO_SEC_METHOD_TLSV1 */
                    }
                    else
                    {
                        throw new ArgumentException("sslProtocols");
                    }

                    /* NOTE: we now pass a message to the socket asking it to reconnect as SSL (using our specific SSL options) -- and then have it update its handle!
                     *       we should also make sure that no other sockets are opened during the operation--so that no other threads sneak in and steal the last socket handle. */
                    byte[] addressAndHandle = new byte[10];
                    /* fill bytes 0-7 with our socket's target IP address, so we know where to connect to! */
                    addressAndHandle[2] = (byte)((((IPEndPoint)_socket.RemoteEndPoint).Port >> 8) & 0xFF);
                    addressAndHandle[3] = (byte)(((IPEndPoint)_socket.RemoteEndPoint).Port & 0xFF);
                    Array.Copy(((IPEndPoint)_socket.RemoteEndPoint).Address.GetAddressBytes(), 0, addressAndHandle, 4, 4);
                    // byte 8 is our sslProtocolOption
                    addressAndHandle[8] = sslProtocolOption;
                    // byte 9 will be our handle (new handle as output)
                    addressAndHandle[9] = 0xFF; // default handle to 0xFF to represent "no handle"
                    // request "upgrade to SSL/TLS" by closing the current socket and re-connecting via SSL/TLS
                    _socket.GetSocketOption(SocketOptionLevel.Socket, (SocketOptionName)0x400002, addressAndHandle);
                    if (addressAndHandle[9] == 0xFF)
                    {
                        // could not upgrade/re-connect to SSL
                        throw new Exception(); /* NOTE: what is the correct exception? */
                    }
                    else
                    {
                        _socket.m_Handle = addressAndHandle[9];
                    }

                    _sslContext = 0; /* SSL is now enabled on this socket */
                }
            }
            catch
            {
                if (_sslContext != -1)
                {
                    /* TODO: if we could not connect via SSL, do we need to reconnect as non-secure? */
                    _sslContext = -1;
                }

                throw;
            }
        }
Ejemplo n.º 15
0
 public void AuthenticateAsServer(X509Certificate cert, SslVerification verify, params SslProtocols[] sslProtocols)
 {
     AuthenticateAsServer(cert, null, verify, sslProtocols);
 }
Ejemplo n.º 16
0
 public void AuthenticateAsClient(string targetHost, X509Certificate cert, X509Certificate[] ca, SslVerification verify, params SslProtocols[] sslProtocols)
 {
     Authenticate(false, targetHost, cert, ca, verify, sslProtocols);
 }
Ejemplo n.º 17
0
        internal void Authenticate(bool isServer, string targetHost, X509Certificate certificate, X509Certificate[] ca, SslVerification verify, params SslProtocols[] sslProtocols)
        {
            SslProtocols vers = (SslProtocols)0;

            if (-1 != _sslContext)
            {
                throw new InvalidOperationException();
            }

            for (int i = sslProtocols.Length - 1; i >= 0; i--)
            {
                vers |= sslProtocols[i];
            }

            _isServer = isServer;

            try
            {
                if (isServer)
                {
                    _sslContext = SslNative.SecureServerInit((int)vers, (int)verify, certificate, ca);
                    SslNative.SecureAccept(_sslContext, _socket);
                }
                else
                {
                    _sslContext = SslNative.SecureClientInit((int)vers, (int)verify, certificate, ca);
                    SslNative.SecureConnect(_sslContext, targetHost, _socket);
                }
            }
            catch
            {
                if (_sslContext != -1)
                {
                    SslNative.ExitSecureContext(_sslContext);
                    _sslContext = -1;
                }

                throw;
            }
        }
Ejemplo n.º 18
0
 public void AuthenticateAsClient(string targetHost, X509Certificate caCertificate, X509Certificate clientCertificate, SslProtocols sslProtocols, SslVerification sslVerification) => this.sslHandle = this.ni.AuthenticateAsClient(this._socket.m_Handle, targetHost, caCertificate, clientCertificate, sslProtocols, sslVerification);
Ejemplo n.º 19
0
 public void AuthenticateAsServer(X509Certificate cert, X509Certificate[] ca, SslVerification verify, params SslProtocols[] sslProtocols)
 {
     Authenticate(true, "", cert, ca, verify, sslProtocols);
 }
Ejemplo n.º 20
0
 public void AuthenticateAsClient(string targetHost, X509Certificate cert, SslVerification verify, params SslProtocols[] sslProtocols)
 {
     AuthenticateAsClient(targetHost, cert, CertificateStore.CACertificates, verify, sslProtocols);
 }
Ejemplo n.º 21
0
 public void AuthenticateAsClient(string targetHost, X509Certificate cert, SslVerification verify, params SslProtocols[] sslProtocols)
 {
     AuthenticateAsClient(targetHost, cert, CertificateStore.CACertificates, verify, sslProtocols);
 }