| public AuthenticateAsClientAsync ( string targetHost ) : System.Threading.Tasks.Task | ||
| targetHost | string | |
| return | System.Threading.Tasks.Task | |
/// <summary>
/// Initializes a client instance of <see cref="DesktopNetworkStream"/>.
/// </summary>
/// <param name="host">Network host.</param>
/// <param name="port">Network port.</param>
/// <param name="useTls">Use TLS layer?</param>
/// <param name="noDelay">No delay?</param>
/// <param name="ignoreSslPolicyErrors">Ignore SSL policy errors?</param>
internal DesktopNetworkStream(string host, int port, bool useTls, bool noDelay, bool ignoreSslPolicyErrors)
{
this.Host = host;
this.Port = port;
#if NETSTANDARD
this.tcpClient = new TcpClient { NoDelay = noDelay };
this.tcpClient.ConnectAsync(host, port).Wait();
#else
this.tcpClient = new TcpClient(host, port) { NoDelay = noDelay };
#endif
Stream stream = this.tcpClient.GetStream();
if (useTls)
{
var ssl = new SslStream(
stream,
false,
(sender, certificate, chain, errors) => errors == SslPolicyErrors.None || ignoreSslPolicyErrors);
#if NETSTANDARD
ssl.AuthenticateAsClientAsync(host).Wait();
#else
ssl.AuthenticateAsClient(host);
#endif
stream = ssl;
}
this.networkStream = stream;
}
public ServiceEndPoint Discover(ServiceEndPoint serviceEndpoint)
{
try
{
using (var client = CreateConnectedTcpClient(serviceEndpoint))
{
using (var stream = client.GetStream())
{
using (var ssl = new SslStream(stream, false, ValidateCertificate))
{
ssl.AuthenticateAsClientAsync(serviceEndpoint.BaseUri.Host, new X509Certificate2Collection(), SslProtocols.Tls | SslProtocols.Tls11 | SslProtocols.Tls12, false)
.GetAwaiter()
.GetResult();
ssl.Write(HelloLine, 0, HelloLine.Length);
ssl.Flush();
if (ssl.RemoteCertificate == null)
throw new Exception("The server did not provide an SSL certificate");
return new ServiceEndPoint(serviceEndpoint.BaseUri, new X509Certificate2(ssl.RemoteCertificate.Export(X509ContentType.Cert)).Thumbprint);
}
}
}
}
catch (Exception ex)
{
throw new HalibutClientException(ex.Message, ex);
}
}
public override Task PostEmailAsync(string name, string[] to, string[] cc, string[] bcc, string subject, string message, params Attachment[] Attachments)
{
if (!ssl)
return Task.Factory.StartNew(async () =>
{
using (var client = new TcpClient())
{
await client.ConnectAsync(server, port);
using (var stream = client.GetStream())
using (var reader = new StreamReader(stream))
using (var writer = new StreamWriter(stream) { AutoFlush = true, NewLine = "\r\n" })
{
TcpWrite(writer, reader, name, to, cc, bcc, subject, message, Attachments);
}
}
});
else
return Task.Factory.StartNew(async () =>
{
using (var client = new TcpClient())
{
await client.ConnectAsync(server, port);
using (var stream = new SslStream(client.GetStream(), false))
{
await stream.AuthenticateAsClientAsync(server);
using (var reader = new StreamReader(stream))
using (var writer = new StreamWriter(stream) { AutoFlush = true, NewLine = "\r\n" })
{
TcpWrite(writer, reader, name, to, cc, bcc, subject, message, Attachments);
}
}
}
});
}
public async Task<Stream> ConnectAsync(string host, int port, X509Certificate clientCert, CancellationToken cancel)
{
Stream lowerStream = null;
SslStream sslStream = null;
X509CertificateCollection certCollection = null;;
if (clientCert != null)
{
certCollection = new X509CertificateCollection(new[] { clientCert });
}
try
{
lowerStream = await _connectionResolver.ConnectAsync(host, port, cancel);
sslStream = new SslStream(lowerStream);
await sslStream.AuthenticateAsClientAsync(host, certCollection, _protocols, checkCertificateRevocation: true);
return sslStream;
}
catch (Exception)
{
if (sslStream != null)
{
sslStream.Dispose();
}
if (lowerStream != null)
{
lowerStream.Dispose();
}
throw;
}
}
public static void Main(string[] args)
{
Console.WriteLine("Starting...");
X509Certificate2 serverCertificate = new X509Certificate2("certificate.pfx"); // Any valid certificate with private key will work fine.
TcpListener listener = new TcpListener(IPAddress.Any, 4567);
TcpClient client = new TcpClient();
listener.Start();
Task clientConnectTask = client.ConnectAsync(IPAddress.Loopback, 4567);
Task<TcpClient> listenerAcceptTask = listener.AcceptTcpClientAsync();
Task.WaitAll(clientConnectTask, listenerAcceptTask);
TcpClient server = listenerAcceptTask.Result;
SslStream clientStream = new SslStream(client.GetStream(), false, new RemoteCertificateValidationCallback(ValidateServerCertificate), null, EncryptionPolicy.RequireEncryption);
SslStream serverStream = new SslStream(server.GetStream(), false, null, null, EncryptionPolicy.RequireEncryption);
Task clientAuthenticationTask = clientStream.AuthenticateAsClientAsync(serverCertificate.GetNameInfo(X509NameType.SimpleName, false), null, SslProtocols.Tls12, false);
Task serverAuthenticationTask = serverStream.AuthenticateAsServerAsync(serverCertificate, false, SslProtocols.Tls12, false);
Task.WaitAll(clientAuthenticationTask, serverAuthenticationTask);
byte[] readBuffer = new byte[256];
Task<int> readTask = clientStream.ReadAsync(readBuffer, 0, readBuffer.Length); // Create a pending ReadAsync, which will wait for data that will never come (for testing purposes).
byte[] writeBuffer = new byte[256];
Task writeTask = clientStream.WriteAsync(writeBuffer, 0, writeBuffer.Length); // The main thread actually blocks here (not asychronously waits) on .NET Core making this call.
bool result = Task.WaitAll(new Task[1] { writeTask }, 5000); // This code won't even be reached on .NET Core. Works fine on .NET Framework.
if (result)
{
Console.WriteLine("WriteAsync completed successfully while ReadAsync was pending... nothing locked up.");
}
else
{
Console.WriteLine("WriteAsync failed to complete after 5 seconds.");
}
}
async protected override Task InitRemoteStream()
{
await base.InitRemoteStream();
var secureRemoteStream = new SslStream(RemoteStream, true, RemoteCertificateValidator);
var targetHost = WrapperRequest.Prologue.Headers.First(x => x.Key == "Host").Value;
await secureRemoteStream.AuthenticateAsClientAsync(targetHost);
SecureRemoteStream = secureRemoteStream;
}
public async Task Connect ()
{
if (IsConnected ())
return;
tcp = new TcpClient ();
// Disable Nagle for HTTP/2
tcp.NoDelay = true;
await tcp.ConnectAsync (Host, (int)Port);
if (UseTls) {
sslStream = new SslStream (tcp.GetStream (), false,
(sender, certificate, chain, sslPolicyErrors) => true);
await sslStream.AuthenticateAsClientAsync (
Host,
Certificates ?? new X509CertificateCollection (),
System.Security.Authentication.SslProtocols.Tls12,
false);
clientStream = sslStream;
} else {
clientStream = tcp.GetStream ();
}
// Send out preface data
var prefaceData = System.Text.Encoding.ASCII.GetBytes (ConnectionPreface);
await clientStream.WriteAsync (prefaceData, 0, prefaceData.Length);
await clientStream.FlushAsync ();
// Start reading the stream on another thread
var readTask = Task.Factory.StartNew (() => {
try { read (); }
catch (Exception ex) {
Console.WriteLine ("Read error: " + ex);
Disconnect ();
}
}, TaskCreationOptions.LongRunning);
readTask.ContinueWith (t => {
// TODO: Handle the error
Console.WriteLine ("Error: " + t.Exception);
Disconnect ();
}, TaskContinuationOptions.OnlyOnFaulted);
// Send an un-ACK'd settings frame
await SendFrame(new SettingsFrame ());
// We need to wait for settings server preface to come back now
resetEventConnectionSettingsFrame = new ManualResetEventSlim ();
resetEventConnectionSettingsFrame.Reset ();
if (!resetEventConnectionSettingsFrame.Wait (ConnectionTimeout)) {
Disconnect ();
throw new Exception ("Connection timed out");
}
}
protected override Stream createClientStream(string host, int port)
{
var rval = new SslStream(base.createClientStream(host, port), false, (o, cert, chain, errors) => true);
//rval.AuthenticateAsClient(host);
Task task = rval.AuthenticateAsClientAsync(host);
task.Wait();
return rval;
}
/// <summary>
/// Establishes a TCP connection with the endpoint at the specified address/port pair.
/// </summary>
/// <param name="address">The address of the endpoint to connect to.</param>
/// <param name="port">The port of the endpoint to connect to.</param>
/// <param name="secure">True to enable TLS on the socket.</param>
public async Task ConnectAsync(string address, int port, bool secure = false)
{
await _backingTcpClient.ConnectAsync(address, port);
InitializeWriteStream();
if (secure)
{
var secureStream = new SslStream(_writeStream, true, (sender, cert, chain, sslPolicy) => ServerValidationCallback(sender, cert, chain, sslPolicy));
await secureStream.AuthenticateAsClientAsync(address, null, System.Security.Authentication.SslProtocols.Tls, false);
_secureStream = secureStream;
}
}
} // proc OnRunJob
private async Task OnRunJobAsync()
{
inConnectionPhase = true;
try
{
var timeoutSource = new CancellationTokenSource(30000);
// resolve end point
var serverTcp = this.GetService<IServerTcp>(true);
if (endPoint == null)
endPoint = await serverTcp.ResolveEndpointAsync(targetHost, targetPort, timeoutSource.Token);
// register the connection
if (endPoint != null)
{
var protocol = this.GetService<OdetteFileTransferProtocolItem>(true);
// check if the protocol is running
if (protocol.IsActiveProtocol(ChannelName))
Log.Info("Protocol is already active.");
else // create the connection
try
{
var stream = await serverTcp.CreateConnectionAsync(endPoint, timeoutSource.Token);
if (useSsl)
{
var ssl = new SslStream(stream, false, SslRemoteCertificateValidateCallback); // , SslLocalCertificateSelector
await ssl.AuthenticateAsClientAsync(targetHost);
var cert = ssl.RemoteCertificate;
Log.Info($"Ssl active: auth={ssl.IsAuthenticated}, encrypt={ssl.IsEncrypted}, signed={ssl.IsSigned}\nissuer={cert.Issuer}\nsubject={cert.Subject}");
stream = ssl;
}
await protocol.StartProtocolAsync(new OdetteNetworkStream(stream, channelName, Config), true);
}
catch (Exception e)
{
Log.Except("Connection failed.", e);
}
}
}
catch (Exception e)
{
Log.Except(e);
}
finally
{
inConnectionPhase = false;
}
} // proc OnRunJobAsync
private async Task<Stream> CreateStream(Uri uri, Socket socket)
{
Stream stream = new NetworkStream(socket);
if (uri.Scheme.Equals("https", StringComparison.OrdinalIgnoreCase))
{
var sslStream = new SslStream(stream);
await sslStream.AuthenticateAsClientAsync(uri.Host, new X509CertificateCollection(), _sslProtocols, checkCertificateRevocation: false);
stream = sslStream;
}
return stream;
}
public async Task<ConnectStatus> ConnectTls ()
{
try {
SslStream ssl = new SslStream(tcpc.GetStream(), false, CertificateValidationCallBack);
await ssl.AuthenticateAsClientAsync(host);
stream = ssl;
return ConnectStatus.Ok;
}
catch
{
return ConnectStatus.Failed;
}
}
async Task<Stream> IConnectionFactory.Connect(string hostname, int port, bool useSsl)
{
TcpClient client = new TcpClient();
client.NoDelay = true;
await client.ConnectAsync(hostname, port);
if (useSsl)
{
SslStream sslStream = new SslStream(client.GetStream());
await sslStream.AuthenticateAsClientAsync(hostname);
return sslStream;
}
return client.GetStream();
}
protected override async Task<Stream> GetNetworkStream(TcpClient client)
{
var sslStream = new SslStream(
client.GetStream(),
false,
ValidateServerCertificate,
null
);
await sslStream.AuthenticateAsClientAsync(Hostname).ConfigureAwait(false);
return sslStream;
}
private async Task Connect()
{
try
{
// Could be a reconnect - get rid of the old stream if so
if (_stream != null)
{
_stream.Dispose();
_stream = null;
}
await _tcpClient.ConnectAsync(_host, _port);
_stream = _tcpClient.GetStream();
_stream.ReadTimeout = _configuration.WaitForDataTimeoutInMilliseconds;
if (_configuration.Ssl)
{
var sslStream = new SslStream(_stream, false, _configuration.CertificateValidationCallback);
await sslStream.AuthenticateAsClientAsync(_host);
_stream = sslStream;
}
if (_configuration.Password != null)
{
var response = await Command.From("AUTH", _configuration.Password).SendAsync(this);
if (response.Value.IsError || response.Value.ToString() != "OK")
throw ExceptionBecause.Connection.FailedToAuthenticate(response);
}
_configuration.Events.OnConnectionOpened(new ConnectionEventArgs
{
Host = _host,
Port = _port
});
}
catch (Exception e)
{
_configuration.Events.OnConnectionError(new ConnectionEventArgs
{
Host = _host,
Port = _port,
Exception = e
});
throw;
}
}
public async Task<Stream> GetStreamAsync(Socket socket, HttpRequestMessage request)
{
Stream networkStream = new NetworkStream(socket);
if (request.RequestUri.Scheme.Equals("https", StringComparison.OrdinalIgnoreCase))
{
var httpsStream = new SslStream(networkStream);
await httpsStream.AuthenticateAsClientAsync(request.RequestUri.DnsSafeHost);
networkStream = httpsStream;
}
return networkStream;
}
public async Task Connect(string Server, int Port)
{
try
{
TCPClient.Connect(Server, Port);
SSLStream = new SslStream(TCPClient.GetStream(), false,
(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) =>
{
return true;
}) { ReadTimeout = 50000, WriteTimeout = 50000 };
await SSLStream.AuthenticateAsClientAsync(Server);
}
catch
{
}
}
private async Task<SslStream> GetStream() {
await streamSemaphore.WaitAsync();
try {
if(stream!=null) return stream;
var tcpClient = new TcpClient();
await tcpClient.ConnectAsync(Host, Port);
stream = new SslStream(tcpClient.GetStream(), false, (source, cert, chain, policy) => {
return Fingerprint==null || Fingerprint.Equals(cert.GetCertHashString(), StringComparison.OrdinalIgnoreCase);
});
await stream.AuthenticateAsClientAsync("", new X509CertificateCollection(), SslProtocols.Tls, true);
DrainStream(stream);
return stream;
} finally {
streamSemaphore.Release();
}
}
public async Task ConnectAsync(Address address, ConnectionFactory factory)
{
Socket socket = new Socket(SocketType.Stream, ProtocolType.Tcp);
if (factory.tcpSettings != null)
{
factory.tcpSettings.Configure(socket);
}
await Task.Factory.FromAsync(
(c, s) => ((Socket)s).BeginConnect(address.Host, address.Port, c, s),
(r) => ((Socket)r.AsyncState).EndConnect(r),
socket);
IAsyncTransport transport;
if (address.UseSsl)
{
SslStream sslStream;
var ssl = factory.SslInternal;
if (ssl == null)
{
sslStream = new SslStream(new NetworkStream(socket));
await sslStream.AuthenticateAsClientAsync(address.Host);
}
else
{
sslStream = new SslStream(new NetworkStream(socket), false, ssl.RemoteCertificateValidationCallback, ssl.LocalCertificateSelectionCallback);
await sslStream.AuthenticateAsClientAsync(address.Host, ssl.ClientCertificates,
ssl.Protocols, ssl.CheckCertificateRevocation);
}
transport = new SslSocket(this, sslStream);
}
else
{
transport = new TcpSocket(this, socket);
}
this.socketTransport = transport;
this.writer = new Writer(this, this.socketTransport);
}
public async Task<Stream> CreateStreamAsync(EndPoint endPoint, CancellationToken cancellationToken)
{
var stream = await _wrapped.CreateStreamAsync(endPoint, cancellationToken).ConfigureAwait(false);
var sslStream = new SslStream(
stream,
leaveInnerStreamOpen: false,
userCertificateValidationCallback: _settings.ServerCertificateValidationCallback,
userCertificateSelectionCallback: _settings.ClientCertificateSelectionCallback);
string targetHost;
DnsEndPoint dnsEndPoint;
IPEndPoint ipEndPoint;
if ((dnsEndPoint = endPoint as DnsEndPoint) != null)
{
targetHost = dnsEndPoint.Host;
}
else if ((ipEndPoint = endPoint as IPEndPoint) != null)
{
targetHost = ipEndPoint.Address.ToString();
}
else
{
targetHost = endPoint.ToString();
}
var clientCertificates = new X509CertificateCollection(_settings.ClientCertificates.ToArray());
try
{
await sslStream.AuthenticateAsClientAsync(targetHost, clientCertificates, _settings.EnabledSslProtocols, _settings.CheckCertificateRevocation).ConfigureAwait(false);
}
catch
{
stream.Close();
stream.Dispose();
throw;
}
return sslStream;
}
public async Task<EndpointStatus> GetStatus()
{
try
{
var socket = await ConnectSocket().ConfigureAwait(false);
if (socket == null)
{
return new EndpointStatus(false, _endpoint);
}
socket.SendTimeout = _timeoutMilliseconds;
socket.ReceiveTimeout = _timeoutMilliseconds;
EndpointStatus endpointStatus;
using (var networkStream = new NetworkStream(socket, true))
{
Stream stream = networkStream;
if (_isHttps)
{
var sslStream = new SslStream(networkStream);
await sslStream.AuthenticateAsClientAsync(_server).ConfigureAwait(false);
stream = sslStream;
}
endpointStatus = await GetStatus(stream).ConfigureAwait(false);
}
return endpointStatus;
}
catch
{
return new EndpointStatus(false, _endpoint);
}
}
public async Task ConnectAsyncCore(Uri uri, CancellationToken cancellationToken, ClientWebSocketOptions options)
{
// TODO: Not currently implemented:
// - ClientWebSocketOptions.Credentials
// - ClientWebSocketOptions.Proxy
// Establish connection to the server
CancellationTokenRegistration registration = cancellationToken.Register(s => ((WebSocketHandle)s).Abort(), this);
try
{
// Connect to the remote server
Socket connectedSocket = await ConnectSocketAsync(uri.Host, uri.Port, cancellationToken).ConfigureAwait(false);
Stream stream = new AsyncEventArgsNetworkStream(connectedSocket);
// Upgrade to SSL if needed
if (uri.Scheme == UriScheme.Wss)
{
var sslStream = new SslStream(stream);
await sslStream.AuthenticateAsClientAsync(
uri.Host,
options.ClientCertificates,
SecurityProtocol.AllowedSecurityProtocols,
checkCertificateRevocation: false).ConfigureAwait(false);
stream = sslStream;
}
// Create the security key and expected response, then build all of the request headers
KeyValuePair<string, string> secKeyAndSecWebSocketAccept = CreateSecKeyAndSecWebSocketAccept();
byte[] requestHeader = BuildRequestHeader(uri, options, secKeyAndSecWebSocketAccept.Key);
// Write out the header to the connection
await stream.WriteAsync(requestHeader, 0, requestHeader.Length, cancellationToken).ConfigureAwait(false);
// Parse the response and store our state for the remainder of the connection
string subprotocol = await ParseAndValidateConnectResponseAsync(stream, options, secKeyAndSecWebSocketAccept.Value, cancellationToken).ConfigureAwait(false);
_webSocket = ManagedWebSocket.CreateFromConnectedStream(stream, false, subprotocol);
// If a concurrent Abort or Dispose came in before we set _webSocket, make sure to update it appropriately
if (_state == WebSocketState.Aborted)
{
_webSocket.Abort();
}
else if (_state == WebSocketState.Closed)
{
_webSocket.Dispose();
}
}
catch (Exception exc)
{
if (_state < WebSocketState.Closed)
{
_state = WebSocketState.Closed;
}
Abort();
if (exc is WebSocketException)
{
throw;
}
throw new WebSocketException(SR.net_webstatus_ConnectFailure, exc);
}
finally
{
registration.Dispose();
}
}
public async Task CertificatePassedToHttpContext()
{
RemoteCertificateValidationCallback validationCallback =
(sender, cert, chain, sslPolicyErrors) => true;
try
{
#if DNX451
ServicePointManager.ServerCertificateValidationCallback += validationCallback;
#endif
var serverAddress = "https://*****:*****@"TestResources/testCert.pfx", "testPassword"),
ClientCertificateMode = ClientCertificateMode.RequireCertificate,
ClientCertificateValidation = (certificate, chain, sslPolicyErrors) => true
},
new NoOpConnectionFilter())
};
RequestDelegate app = context =>
{
var tlsFeature = context.Features.Get<ITlsConnectionFeature>();
Assert.NotNull(tlsFeature);
Assert.NotNull(tlsFeature.ClientCertificate);
Assert.NotNull(context.Connection.ClientCertificate);
return context.Response.WriteAsync("hello world");
};
using (var server = new TestServer(app, serviceContext, serverAddress))
{
// SslStream is used to ensure the certificate is actually passed to the server
// HttpClient might not send the certificate because it is invalid or it doesn't match any
// of the certificate authorities sent by the server in the SSL handshake.
using (var client = new TcpClient())
{
await client.ConnectAsync("127.0.0.1", 54321);
SslStream stream = new SslStream(client.GetStream(), false, (sender, certificate, chain, errors) => true,
(sender, host, certificates, certificate, issuers) => new X509Certificate2(@"TestResources/testCert.pfx", "testPassword"));
await stream.AuthenticateAsClientAsync("localhost");
var request = Encoding.UTF8.GetBytes("GET / HTTP/1.0\r\n\r\n");
await stream.WriteAsync(request, 0, request.Length);
var reader = new StreamReader(stream);
var line = await reader.ReadLineAsync();
Assert.Equal("HTTP/1.0 200 OK", line);
}
}
}
finally
{
#if DNX451
ServicePointManager.ServerCertificateValidationCallback -= validationCallback;
#endif
}
}
/// <summary>
/// Establishes a connection to the specified SMTP or SMTP/S server.
/// </summary>
/// <remarks>
/// <para>Establishes a connection to the specified SMTP or SMTP/S server.</para>
/// <para>If the <paramref name="port"/> has a value of <c>0</c>, then the
/// <paramref name="options"/> parameter is used to determine the default port to
/// connect to. The default port used with <see cref="SecureSocketOptions.SslOnConnect"/>
/// is <c>465</c>. All other values will use a default port of <c>25</c>.</para>
/// <para>If the <paramref name="options"/> has a value of
/// <see cref="SecureSocketOptions.Auto"/>, then the <paramref name="port"/> is used
/// to determine the default security options. If the <paramref name="port"/> has a value
/// of <c>465</c>, then the default options used will be
/// <see cref="SecureSocketOptions.SslOnConnect"/>. All other values will use
/// <see cref="SecureSocketOptions.StartTlsWhenAvailable"/>.</para>
/// <para>Once a connection is established, properties such as
/// <see cref="AuthenticationMechanisms"/> and <see cref="Capabilities"/> will be
/// populated.</para>
/// <note type="note">The connection established by any of the
/// <a href="Overload_MailKit_Net_Smtp_SmtpClient_Connect.htm">Connect</a>
/// methods may be re-used if an application wishes to send multiple messages
/// to the same SMTP server. Since connecting and authenticating can be expensive
/// operations, re-using a connection can significantly improve performance when
/// sending a large number of messages to the same SMTP server over a short
/// period of time.</note>
/// </remarks>
/// <example>
/// <code language="c#" source="Examples\SmtpExamples.cs" region="SendMessage"/>
/// </example>
/// <param name="host">The host name to connect to.</param>
/// <param name="port">The port to connect to. If the specified port is <c>0</c>, then the default port will be used.</param>
/// <param name="options">The secure socket options to when connecting.</param>
/// <param name="cancellationToken">The cancellation token.</param>
/// <exception cref="System.ArgumentNullException">
/// <paramref name="host"/> is <c>null</c>.
/// </exception>
/// <exception cref="System.ArgumentOutOfRangeException">
/// <paramref name="port"/> is not between <c>0</c> and <c>65535</c>.
/// </exception>
/// <exception cref="System.ArgumentException">
/// The <paramref name="host"/> is a zero-length string.
/// </exception>
/// <exception cref="System.ObjectDisposedException">
/// The <see cref="SmtpClient"/> has been disposed.
/// </exception>
/// <exception cref="System.InvalidOperationException">
/// The <see cref="SmtpClient"/> is already connected.
/// </exception>
/// <exception cref="System.NotSupportedException">
/// <paramref name="options"/> was set to
/// <see cref="MailKit.Security.SecureSocketOptions.StartTls"/>
/// and the SMTP server does not support the STARTTLS extension.
/// </exception>
/// <exception cref="System.OperationCanceledException">
/// The operation was canceled.
/// </exception>
/// <exception cref="System.Net.Sockets.SocketException">
/// A socket error occurred trying to connect to the remote host.
/// </exception>
/// <exception cref="System.IO.IOException">
/// An I/O error occurred.
/// </exception>
/// <exception cref="SmtpCommandException">
/// An SMTP command failed.
/// </exception>
/// <exception cref="SmtpProtocolException">
/// An SMTP protocol error occurred.
/// </exception>
public override void Connect (string host, int port = 0, SecureSocketOptions options = SecureSocketOptions.Auto, CancellationToken cancellationToken = default (CancellationToken))
{
if (host == null)
throw new ArgumentNullException (nameof (host));
if (host.Length == 0)
throw new ArgumentException ("The host name cannot be empty.", nameof (host));
if (port < 0 || port > 65535)
throw new ArgumentOutOfRangeException (nameof (port));
CheckDisposed ();
if (IsConnected)
throw new InvalidOperationException ("The SmtpClient is already connected.");
capabilities = SmtpCapabilities.None;
AuthenticationMechanisms.Clear ();
MaxSize = 0;
SmtpResponse response;
Stream stream;
bool starttls;
Uri uri;
ComputeDefaultValues (host, ref port, ref options, out uri, out starttls);
#if !NETFX_CORE
#if COREFX
var ipAddresses = Dns.GetHostAddressesAsync (uri.DnsSafeHost).GetAwaiter ().GetResult ();
#else
var ipAddresses = Dns.GetHostAddresses (uri.DnsSafeHost);
#endif
Socket socket = null;
for (int i = 0; i < ipAddresses.Length; i++) {
socket = new Socket (ipAddresses[i].AddressFamily, SocketType.Stream, ProtocolType.Tcp) {
ReceiveTimeout = timeout,
SendTimeout = timeout
};
try {
cancellationToken.ThrowIfCancellationRequested ();
if (LocalEndPoint != null)
socket.Bind (LocalEndPoint);
socket.Connect (ipAddresses[i], port);
break;
} catch (OperationCanceledException) {
socket.Dispose ();
socket = null;
throw;
} catch {
socket.Dispose ();
socket = null;
if (i + 1 == ipAddresses.Length)
throw;
}
}
if (socket == null)
throw new IOException (string.Format ("Failed to resolve host: {0}", host));
this.host = host;
if (options == SecureSocketOptions.SslOnConnect) {
var ssl = new SslStream (new NetworkStream (socket, true), false, ValidateRemoteCertificate);
try {
#if COREFX
ssl.AuthenticateAsClientAsync (host, ClientCertificates, SslProtocols, true).GetAwaiter ().GetResult ();
#else
ssl.AuthenticateAsClient (host, ClientCertificates, SslProtocols, true);
#endif
} catch {
ssl.Dispose ();
throw;
}
secure = true;
stream = ssl;
} else {
stream = new NetworkStream (socket, true);
secure = false;
}
#else
var protection = options == SecureSocketOptions.SslOnConnect ? SocketProtectionLevel.Tls12 : SocketProtectionLevel.PlainSocket;
var socket = new StreamSocket ();
try {
cancellationToken.ThrowIfCancellationRequested ();
socket.ConnectAsync (new HostName (host), port.ToString (), protection)
.AsTask (cancellationToken)
.GetAwaiter ()
.GetResult ();
} catch {
socket.Dispose ();
throw;
}
stream = new DuplexStream (socket.InputStream.AsStreamForRead (0), socket.OutputStream.AsStreamForWrite (0));
secure = options == SecureSocketOptions.SslOnConnect;
this.host = host;
#endif
if (stream.CanTimeout) {
stream.WriteTimeout = timeout;
stream.ReadTimeout = timeout;
}
ProtocolLogger.LogConnect (uri);
Stream = new SmtpStream (stream, socket, ProtocolLogger);
try {
// read the greeting
response = Stream.ReadResponse (cancellationToken);
if (response.StatusCode != SmtpStatusCode.ServiceReady)
throw new SmtpCommandException (SmtpErrorCode.UnexpectedStatusCode, response.StatusCode, response.Response);
// Send EHLO and get a list of supported extensions
Ehlo (cancellationToken);
if (options == SecureSocketOptions.StartTls && (capabilities & SmtpCapabilities.StartTLS) == 0)
throw new NotSupportedException ("The SMTP server does not support the STARTTLS extension.");
if (starttls && (capabilities & SmtpCapabilities.StartTLS) != 0) {
response = SendCommand ("STARTTLS", cancellationToken);
if (response.StatusCode != SmtpStatusCode.ServiceReady)
throw new SmtpCommandException (SmtpErrorCode.UnexpectedStatusCode, response.StatusCode, response.Response);
#if !NETFX_CORE
var tls = new SslStream (stream, false, ValidateRemoteCertificate);
#if COREFX
tls.AuthenticateAsClientAsync (host, ClientCertificates, SslProtocols, true).GetAwaiter ().GetResult ();
#else
tls.AuthenticateAsClient (host, ClientCertificates, SslProtocols, true);
#endif
Stream.Stream = tls;
#else
socket.UpgradeToSslAsync (SocketProtectionLevel.Tls12, new HostName (host))
.AsTask (cancellationToken)
.GetAwaiter ()
.GetResult ();
#endif
secure = true;
// Send EHLO again and get the new list of supported extensions
Ehlo (cancellationToken);
}
connected = true;
} catch {
Stream.Dispose ();
secure = false;
Stream = null;
throw;
}
OnConnected ();
}
/// <summary>
/// Establish a connection to the specified SMTP or SMTP/S server using the provided socket.
/// </summary>
/// <remarks>
/// <para>Establishes a connection to the specified SMTP or SMTP/S server.</para>
/// <para>If the <paramref name="port"/> has a value of <c>0</c>, then the
/// <paramref name="options"/> parameter is used to determine the default port to
/// connect to. The default port used with <see cref="SecureSocketOptions.SslOnConnect"/>
/// is <c>465</c>. All other values will use a default port of <c>25</c>.</para>
/// <para>If the <paramref name="options"/> has a value of
/// <see cref="SecureSocketOptions.Auto"/>, then the <paramref name="port"/> is used
/// to determine the default security options. If the <paramref name="port"/> has a value
/// of <c>465</c>, then the default options used will be
/// <see cref="SecureSocketOptions.SslOnConnect"/>. All other values will use
/// <see cref="SecureSocketOptions.StartTlsWhenAvailable"/>.</para>
/// <para>Once a connection is established, properties such as
/// <see cref="AuthenticationMechanisms"/> and <see cref="Capabilities"/> will be
/// populated.</para>
/// <note type="note">The connection established by any of the
/// <a href="Overload_MailKit_Net_Smtp_SmtpClient_Connect.htm">Connect</a>
/// methods may be re-used if an application wishes to send multiple messages
/// to the same SMTP server. Since connecting and authenticating can be expensive
/// operations, re-using a connection can significantly improve performance when
/// sending a large number of messages to the same SMTP server over a short
/// period of time./</note>
/// </remarks>
/// <param name="socket">The socket to use for the connection.</param>
/// <param name="host">The host name to connect to.</param>
/// <param name="port">The port to connect to. If the specified port is <c>0</c>, then the default port will be used.</param>
/// <param name="options">The secure socket options to when connecting.</param>
/// <param name="cancellationToken">The cancellation token.</param>
/// <exception cref="System.ArgumentNullException">
/// <para><paramref name="socket"/> is <c>null</c>.</para>
/// <para>-or-</para>
/// <para><paramref name="host"/> is <c>null</c>.</para>
/// </exception>
/// <exception cref="System.ArgumentOutOfRangeException">
/// <paramref name="port"/> is not between <c>0</c> and <c>65535</c>.
/// </exception>
/// <exception cref="System.ArgumentException">
/// <para><paramref name="socket"/> is not connected.</para>
/// <para>-or-</para>
/// The <paramref name="host"/> is a zero-length string.
/// </exception>
/// <exception cref="System.ObjectDisposedException">
/// The <see cref="SmtpClient"/> has been disposed.
/// </exception>
/// <exception cref="System.InvalidOperationException">
/// The <see cref="SmtpClient"/> is already connected.
/// </exception>
/// <exception cref="System.NotSupportedException">
/// <paramref name="options"/> was set to
/// <see cref="MailKit.Security.SecureSocketOptions.StartTls"/>
/// and the SMTP server does not support the STARTTLS extension.
/// </exception>
/// <exception cref="System.OperationCanceledException">
/// The operation was canceled.
/// </exception>
/// <exception cref="System.IO.IOException">
/// An I/O error occurred.
/// </exception>
/// <exception cref="SmtpCommandException">
/// An SMTP command failed.
/// </exception>
/// <exception cref="SmtpProtocolException">
/// An SMTP protocol error occurred.
/// </exception>
public void Connect (Socket socket, string host, int port = 0, SecureSocketOptions options = SecureSocketOptions.Auto, CancellationToken cancellationToken = default (CancellationToken))
{
if (socket == null)
throw new ArgumentNullException (nameof (socket));
if (!socket.Connected)
throw new ArgumentException ("The socket is not connected.", nameof (socket));
if (host == null)
throw new ArgumentNullException (nameof (host));
if (host.Length == 0)
throw new ArgumentException ("The host name cannot be empty.", nameof (host));
if (port < 0 || port > 65535)
throw new ArgumentOutOfRangeException (nameof (port));
CheckDisposed ();
if (IsConnected)
throw new InvalidOperationException ("The SmtpClient is already connected.");
capabilities = SmtpCapabilities.None;
AuthenticationMechanisms.Clear ();
MaxSize = 0;
SmtpResponse response;
Stream stream;
bool starttls;
Uri uri;
ComputeDefaultValues (host, ref port, ref options, out uri, out starttls);
this.host = host;
if (options == SecureSocketOptions.SslOnConnect) {
var ssl = new SslStream (new NetworkStream (socket, true), false, ValidateRemoteCertificate);
try {
#if COREFX
ssl.AuthenticateAsClientAsync (host, ClientCertificates, SslProtocols, true).GetAwaiter ().GetResult ();
#else
ssl.AuthenticateAsClient (host, ClientCertificates, SslProtocols, true);
#endif
} catch {
ssl.Dispose ();
throw;
}
secure = true;
stream = ssl;
} else {
stream = new NetworkStream (socket, true);
secure = false;
}
if (stream.CanTimeout) {
stream.WriteTimeout = timeout;
stream.ReadTimeout = timeout;
}
ProtocolLogger.LogConnect (uri);
Stream = new SmtpStream (stream, socket, ProtocolLogger);
try {
// read the greeting
response = Stream.ReadResponse (cancellationToken);
if (response.StatusCode != SmtpStatusCode.ServiceReady)
throw new SmtpCommandException (SmtpErrorCode.UnexpectedStatusCode, response.StatusCode, response.Response);
// Send EHLO and get a list of supported extensions
Ehlo (cancellationToken);
if (options == SecureSocketOptions.StartTls && (capabilities & SmtpCapabilities.StartTLS) == 0)
throw new NotSupportedException ("The SMTP server does not support the STARTTLS extension.");
if (starttls && (capabilities & SmtpCapabilities.StartTLS) != 0) {
response = SendCommand ("STARTTLS", cancellationToken);
if (response.StatusCode != SmtpStatusCode.ServiceReady)
throw new SmtpCommandException (SmtpErrorCode.UnexpectedStatusCode, response.StatusCode, response.Response);
var tls = new SslStream (stream, false, ValidateRemoteCertificate);
#if COREFX
tls.AuthenticateAsClientAsync (host, ClientCertificates, SslProtocols, true).GetAwaiter ().GetResult ();
#else
tls.AuthenticateAsClient (host, ClientCertificates, SslProtocols, true);
#endif
Stream.Stream = tls;
secure = true;
// Send EHLO again and get the new list of supported extensions
Ehlo (cancellationToken);
}
connected = true;
} catch {
Stream.Dispose ();
secure = false;
Stream = null;
throw;
}
OnConnected ();
}
public async Task ConnectAsync(string host, int port, string scheme, TimeSpan timeout)
{
this.host = host;
bool succeeded = false;
try
{
// Connect without proxy
this.TcpClient = new TcpClient();
await this.TcpClient.ConnectAsync(host, port);
if (string.Equals(WebSocketConstants.Scheme, scheme, StringComparison.OrdinalIgnoreCase))
{
// In the real world, web-socket will happen over HTTPS
var sslStream = new SslStream(this.TcpClient.GetStream(), false, IotHubConnection.OnRemoteCertificateValidation);
await sslStream.AuthenticateAsClientAsync(host);
this.WebSocketStream = sslStream;
}
else
{
this.WebSocketStream = this.TcpClient.GetStream();
}
var upgradeRequest = this.BuildUpgradeRequest();
byte[] upgradeRequestBytes = Encoding.ASCII.GetBytes(upgradeRequest);
this.TcpClient.Client.SendTimeout = GetSocketTimeoutInMilliSeconds(timeout);
// Send WebSocket Upgrade request
await this.WebSocketStream.WriteAsync(upgradeRequestBytes, 0, upgradeRequestBytes.Length);
// receive WebSocket Upgrade response
var responseBuffer = new byte[8 * 1024];
var upgradeResponse = new HttpResponse(this.TcpClient, this.WebSocketStream, responseBuffer);
await upgradeResponse.ReadAsync(timeout);
if (upgradeResponse.StatusCode != HttpStatusCode.SwitchingProtocols)
{
// the HTTP response code was not 101
if (this.TcpClient.Connected)
{
this.WebSocketStream.Close();
this.TcpClient.Close();
}
throw new IOException(ServerRejectedUpgradeRequest + " " + upgradeResponse);
}
if (!this.VerifyWebSocketUpgradeResponse(upgradeResponse.Headers))
{
if (this.TcpClient.Connected)
{
this.WebSocketStream.Close();
this.TcpClient.Close();
}
throw new IOException(UpgradeProtocolNotSupported.FormatInvariant(WebSocketConstants.SubProtocols.Amqpwsb10));
}
this.State = WebSocketState.Open;
succeeded = true;
}
finally
{
if (!succeeded)
{
this.Abort();
}
}
}
/// <summary>
/// Initializes the stream asynchronous.
/// </summary>
/// <returns></returns>
private Task InitializeStreamAsync()
{
var stream = _client.GetStream();
if (!_isSecure)
{
_stream = stream;
return TaskAsyncHelper.Empty;
}
var sslStream = new SslStream(stream);
_stream = sslStream;
return sslStream.AuthenticateAsClientAsync(_host);
}
private async Task SocketEntryAsync(CancellationToken ct)
{
_stream = _tcpClient.GetStream();
if (IsSecure)
{
var sslStream = new SslStream(_stream, true, (sender, cert, chain, sslPolicyErrors) =>
{
if (!AcceptInsecureCertificate)
{
if (sslPolicyErrors == SslPolicyErrors.None)
{
return true;
}
else
{
OnConnectionError(new ErrorEventArgs("Server has an invalid Ssl Certificate"));
}
}
return true; // accept all insecure certificates
});
await sslStream.AuthenticateAsClientAsync(Hostname).ConfigureAwait(false);
_stream = sslStream;
}
TaskFactory f = new TaskFactory();
await f.StartNew(async () =>
{
await Task.Yield(); // yield to fire and forget
try
{
await SocketLoopAsync(ct).ConfigureAwait(false);
}
catch (IOException ex)
{
OnConnectionError(new ErrorEventArgs(ex));
}
catch (SocketException ex)
{
OnConnectionError(new ErrorEventArgs(ex));
}
finally
{
Close();
}
}, _wtoken.Token, TaskCreationOptions.LongRunning, TaskScheduler.Default).ConfigureAwait(false);
}
public async Task ConnectAsync(Address address, ConnectionFactory factory)
{
IPAddress[] ipAddresses;
IPAddress ip;
if (IPAddress.TryParse(address.Host, out ip))
{
ipAddresses = new IPAddress[] { ip };
}
else
{
ipAddresses = await TaskExtensions.GetHostAddressesAsync(address.Host);
}
// need to handle both IPv4 and IPv6
Socket socket = null;
Exception exception = null;
for (int i = 0; i < ipAddresses.Length; i++)
{
if (ipAddresses[i] == null ||
(ipAddresses[i].AddressFamily == AddressFamily.InterNetwork && !Socket.OSSupportsIPv4) ||
(ipAddresses[i].AddressFamily == AddressFamily.InterNetworkV6 && !Socket.OSSupportsIPv6))
{
continue;
}
socket = new Socket(ipAddresses[i].AddressFamily, SocketType.Stream, ProtocolType.Tcp);
try
{
await socket.ConnectAsync(ipAddresses[i], address.Port);
exception = null;
break;
}
catch (Exception e)
{
exception = e;
socket.Dispose();
socket = null;
}
}
if (socket == null)
{
throw exception ?? new SocketException((int)SocketError.AddressNotAvailable);
}
if (factory.tcpSettings != null)
{
factory.tcpSettings.Configure(socket);
}
IAsyncTransport transport;
if (address.UseSsl)
{
SslStream sslStream;
var ssl = factory.SslInternal;
if (ssl == null)
{
sslStream = new SslStream(new NetworkStream(socket));
await sslStream.AuthenticateAsClientAsync(address.Host);
}
else
{
sslStream = new SslStream(new NetworkStream(socket), false, ssl.RemoteCertificateValidationCallback, ssl.LocalCertificateSelectionCallback);
await sslStream.AuthenticateAsClientAsync(address.Host, ssl.ClientCertificates,
ssl.Protocols, ssl.CheckCertificateRevocation);
}
transport = new SslSocket(this, sslStream);
}
else
{
transport = new TcpSocket(this, socket);
}
this.socketTransport = transport;
this.writer = new Writer(this, this.socketTransport);
}
private async Task<Stream> NegotiateStream(Stream stream)
{
if (!_sslEnabled)
return stream;
var validateRemoteCertificate = new RemoteCertificateValidationCallback(
(object sender,
X509Certificate certificate,
X509Chain chain,
SslPolicyErrors sslPolicyErrors)
=>
{
if (sslPolicyErrors == SslPolicyErrors.None)
return true;
if (_configuration.SslPolicyErrorsBypassed)
return true;
else
_log.ErrorFormat("Error occurred when validating remote certificate: [{0}], [{1}].",
this.RemoteEndPoint, sslPolicyErrors);
return false;
});
var sslStream = new SslStream(
stream,
false,
validateRemoteCertificate,
null,
_configuration.SslEncryptionPolicy);
if (_configuration.SslClientCertificates == null || _configuration.SslClientCertificates.Count == 0)
{
await sslStream.AuthenticateAsClientAsync( // No client certificates are used in the authentication. The certificate revocation list is not checked during authentication.
_configuration.SslTargetHost); // The name of the server that will share this SslStream. The value specified for targetHost must match the name on the server's certificate.
}
else
{
await sslStream.AuthenticateAsClientAsync(
_configuration.SslTargetHost, // The name of the server that will share this SslStream. The value specified for targetHost must match the name on the server's certificate.
_configuration.SslClientCertificates, // The X509CertificateCollection that contains client certificates.
_configuration.SslEnabledProtocols, // The SslProtocols value that represents the protocol used for authentication.
_configuration.SslCheckCertificateRevocation); // A Boolean value that specifies whether the certificate revocation list is checked during authentication.
}
// When authentication succeeds, you must check the IsEncrypted and IsSigned properties
// to determine what security services are used by the SslStream.
// Check the IsMutuallyAuthenticated property to determine whether mutual authentication occurred.
_log.DebugFormat(
"Ssl Stream: SslProtocol[{0}], IsServer[{1}], IsAuthenticated[{2}], IsEncrypted[{3}], IsSigned[{4}], IsMutuallyAuthenticated[{5}], "
+ "HashAlgorithm[{6}], HashStrength[{7}], KeyExchangeAlgorithm[{8}], KeyExchangeStrength[{9}], CipherAlgorithm[{10}], CipherStrength[{11}].",
sslStream.SslProtocol,
sslStream.IsServer,
sslStream.IsAuthenticated,
sslStream.IsEncrypted,
sslStream.IsSigned,
sslStream.IsMutuallyAuthenticated,
sslStream.HashAlgorithm,
sslStream.HashStrength,
sslStream.KeyExchangeAlgorithm,
sslStream.KeyExchangeStrength,
sslStream.CipherAlgorithm,
sslStream.CipherStrength);
return sslStream;
}
