private SecurityOptions CreateClientSecurityOptions(SSLComponentData sslData)
{
CertVerifyEventHandler serverCertificateCheckHandler = null;
CertRequestEventHandler clientCertificateRequestHandler = null;
CredentialVerification credentialVerification = CredentialVerification.Auto;
SecureProtocol protocol = SecureProtocol.None;
SslAlgorithms sslAlgs = SslAlgorithms.ALL;
if (((sslData.TargetRequiredOptions & SecurityAssociationOptions.EstablishTrustInTarget) > 0) ||
((sslData.TargetRequiredOptions & SecurityAssociationOptions.EstablishTrustInClient) > 0))
{
protocol = SecureProtocol.Tls1 | SecureProtocol.Ssl3;
sslAlgs = SslAlgorithms.SECURE_CIPHERS;
credentialVerification = CredentialVerification.Manual;
serverCertificateCheckHandler = new CertVerifyEventHandler(this.CheckServerCertAtClient);
clientCertificateRequestHandler = new CertRequestEventHandler(this.GetClientCertAtClient);
}
SecurityOptions result =
new SecurityOptions(protocol,
null, ConnectionEnd.Client,
credentialVerification, serverCertificateCheckHandler,
null, SecurityFlags.Default, sslAlgs,
clientCertificateRequestHandler);
return(result);
}
private void ConnectClient(SecureProtocol protocol)
{
lock (this)
{
if (connected)
{
throw new Exception("Connection with IRC server already opened.");
}
Debug.WriteLineIf(Rfc2812Util.IrcTrace.TraceInfo, "[" + Thread.CurrentThread.Name + "] Connection::Connect()");
SecurityOptions options = new SecurityOptions(protocol);
options.Certificate = null;
options.Entity = ConnectionEnd.Client;
options.VerificationType = CredentialVerification.None;
options.Flags = SecurityFlags.Default;
options.AllowedAlgorithms = SslAlgorithms.SECURE_CIPHERS;
client = new SecureTcpClient(options);
client.Connect(connectionArgs.Hostname, connectionArgs.Port);
connected = true;
writer = new StreamWriter(client.GetStream(), TextEncoding);
writer.AutoFlush = true;
reader = new StreamReader(client.GetStream(), TextEncoding);
socketListenThread = new Thread(new ThreadStart(ReceiveIRCMessages));
socketListenThread.Name = Name;
socketListenThread.Start();
sender.RegisterConnection(connectionArgs);
}
}
public static bool SupportsProtocol(SecureProtocol protocol, ProtocolVersion pv)
{
if (pv.GetVersionInt() == 30)
{
return(SupportsSsl3(protocol));
}
else
{
return(SupportsTls1(protocol));
}
}
public void AddHttpsBinding( IPAddress address,
int port,
SecureProtocol protocol,
Certificate cert )
{
SecurityOptions ops = new SecurityOptions( protocol, cert, ConnectionEnd.Server );
AdkSocketBinding listener = this.CreateHttpsListener( ops );
listener.HostAddress = address;
listener.Port = port;
this.AddListener(listener);
}
/// <summary>
/// Initializes a new instance of the SecurityOptions class.
/// </summary>
/// <param name="protocol">One of the <see cref="SecureProtocol"/> values.</param>
/// <param name="cert">A <see cref="Certificate"/> instance.</param>
/// <param name="entity">One of the <see cref="ConnectionEnd"/> values.</param>
/// <param name="verifyType">One of the <see cref="CredentialVerification"/> values.</param>
/// <param name="verifier">The <see cref="CertVerifyEventHandler"/> delegate.</param>
/// <param name="commonName">The common name of the remote computer. This is usually a domain name.</param>
/// <param name="flags">A bitwise combination of the <see cref="SecurityFlags"/> values.</param>
/// <param name="allowed">A bitwise combination of the <see cref="SslAlgorithms"/> values.</param>
/// <param name="requestHandler">The <see cref="CertRequestEventHandler"/> delegate.</param>
public SecurityOptions(SecureProtocol protocol, Certificate cert, ConnectionEnd entity, CredentialVerification verifyType, CertVerifyEventHandler verifier, string commonName, SecurityFlags flags, SslAlgorithms allowed, CertRequestEventHandler requestHandler) {
this.Protocol = protocol;
this.Certificate = cert;
this.Entity = entity;
this.VerificationType = verifyType;
this.Verifier = verifier;
this.CommonName = commonName;
this.Flags = flags;
this.AllowedAlgorithms = allowed;
this.RequestHandler = requestHandler;
}
public static ProtocolVersion GetMaxProtocol(SecureProtocol protocol)
{
if (SupportsTls1(protocol))
{
return(new ProtocolVersion(3, 1));
}
else
{
return(new ProtocolVersion(3, 0));
}
}
/// <summary>
/// Initializes a new instance of the SecurityOptions class.
/// </summary>
/// <param name="protocol">One of the <see cref="SecureProtocol"/> values.</param>
/// <param name="cert">A <see cref="Certificate"/> instance.</param>
/// <param name="entity">One of the <see cref="ConnectionEnd"/> values.</param>
/// <param name="verifyType">One of the <see cref="CredentialVerification"/> values.</param>
/// <param name="verifier">The <see cref="CertVerifyEventHandler"/> delegate.</param>
/// <param name="commonName">The common name of the remote computer. This is usually a domain name.</param>
/// <param name="flags">A bitwise combination of the <see cref="SecurityFlags"/> values.</param>
/// <param name="allowed">A bitwise combination of the <see cref="SslAlgorithms"/> values.</param>
/// <param name="requestHandler">The <see cref="CertRequestEventHandler"/> delegate.</param>
public SecurityOptions(SecureProtocol protocol, Certificate cert, ConnectionEnd entity, CredentialVerification verifyType, CertVerifyEventHandler verifier, string commonName, SecurityFlags flags, SslAlgorithms allowed, CertRequestEventHandler requestHandler)
{
this.Protocol = protocol;
this.Certificate = cert;
this.Entity = entity;
this.VerificationType = verifyType;
this.Verifier = verifier;
this.CommonName = commonName;
this.Flags = flags;
this.AllowedAlgorithms = allowed;
this.RequestHandler = requestHandler;
}
/// <summary>
/// Creates new isntaces of the Http11ProtocolOwinAdapter class
/// </summary>
/// <param name="client">The client connection.</param>
/// <param name="protocol">Security protocol which is used for connection.</param>
/// <param name="next">The next component in the OWIN pipeline.</param>
public Http11ProtocolOwinAdapter(Stream client, SecureProtocol protocol, AppFunc next)
{
// args checking
if (client == null)
{
throw new ArgumentNullException("client");
}
_client = client;
_protocol = protocol;
_next = next;
}
public void AddHttpsBinding(IPAddress address,
int port,
SecureProtocol protocol,
Certificate cert)
{
SecurityOptions ops = new SecurityOptions(protocol, cert, ConnectionEnd.Server);
AdkSocketBinding listener = this.CreateHttpsListener(ops);
listener.HostAddress = address;
listener.Port = port;
this.AddListener(listener);
}
private void Connect(SecureProtocol protocol, bool directTLS)
{
try
{
GXLogging.Debug(log, "Connecting to host: " + host + ", port: " + port);
options = new SecurityOptions(protocol);
options.AllowedAlgorithms = SslAlgorithms.SECURE_CIPHERS;
options.Entity = ConnectionEnd.Client;
options.VerificationType = CredentialVerification.Manual;
options.Verifier = new CertVerifyEventHandler(OnCertificateVerify);
options.Flags = SecurityFlags.Default;
options.CommonName = host;
if ((protocol == SecureProtocol.Tls1) && directTLS)
{
options.Protocol = SecureProtocol.Tls1;
}
connection = new SecureSocket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp, options);
IPAddress[] serverIPs = Dns.GetHostAddresses(host.Trim());
IAsyncResult result = connection.BeginConnect(new IPEndPoint(serverIPs[0], port), null, null);
if (result.AsyncWaitHandle.WaitOne(Timeout * 1000, true) && connection.Connected)
{
string response = GetResponse();
GXLogging.Debug(log, "Server response: " + response);
if (!response.StartsWith("220"))
{
throw new IOException(response);
}
}
else
{
GXLogging.Error(log, String.Format("Could not connect to host '{0}' with DNS resolved IP: {1} - Port {2}", host, serverIPs[0].ToString(), port.ToString()));
throw new GXMailException("Can't connect to host", MAIL_CantLogin);
}
}
catch (IOException exc)
{
GXLogging.Error(log, "Bad server response", exc);
throw new GXMailException(exc.Message, MAIL_CantLogin);
}
catch (Exception exc)
{
GXLogging.Error(log, "Can't connect to host", exc);
throw new GXMailException("Can't connect to host", MAIL_CantLogin);
}
}
internal SslConnectionListener(SecurityAssociationOptions requiredOptions,
SecurityAssociationOptions supportedOptions,
IServerSideAuthentication serverAuth,
omg.org.IOP.Codec codec)
{
m_codec = codec;
if (((requiredOptions & SecurityAssociationOptions.NoProtection) > 0) &&
(((supportedOptions & SecurityAssociationOptions.EstablishTrustInTarget) > 0) ||
((supportedOptions & SecurityAssociationOptions.EstablishTrustInClient) > 0)))
{
throw new ArgumentException("unsupported options combination: required no protection and supported EstablishTrustInTarget/Client");
}
SecureProtocol protocol = SecureProtocol.None;
SslAlgorithms allowedCiphers = SslAlgorithms.ALL;
if (((supportedOptions & SecurityAssociationOptions.EstablishTrustInTarget) > 0) ||
((supportedOptions & SecurityAssociationOptions.EstablishTrustInClient) > 0))
{
protocol = SecureProtocol.Tls1 | SecureProtocol.Ssl3;
allowedCiphers = SslAlgorithms.SECURE_CIPHERS;
m_isSecured = true;
}
CredentialVerification clientVerification = CredentialVerification.None;
CertVerifyEventHandler verifyClient = null;
SecurityFlags authFlags = SecurityFlags.Default;
if (((supportedOptions & SecurityAssociationOptions.EstablishTrustInClient) > 0) ||
((requiredOptions & SecurityAssociationOptions.EstablishTrustInClient) > 0))
{
clientVerification = CredentialVerification.Manual;
verifyClient = new CertVerifyEventHandler(this.CheckClientCertAtServer);
}
if ((requiredOptions & SecurityAssociationOptions.EstablishTrustInClient) > 0)
{
authFlags = SecurityFlags.MutualAuthentication;
}
m_sslOpts = new SecurityOptions(protocol, serverAuth.GetServerCertificate(), ConnectionEnd.Server,
clientVerification, verifyClient,
null, authFlags, allowedCiphers, null);
m_serverAuth = serverAuth;
m_supportedOptions = supportedOptions;
m_requiredOptions = requiredOptions;
}
public static CipherSuite GetCipherSuite(SecureProtocol protocol, byte[] master, byte[] clientrnd, byte[] serverrnd, SslAlgorithms scheme, ConnectionEnd entity)
{
for (int i = 0; i < Definitions.Length; i++)
{
if (Definitions[i].Scheme == scheme)
{
if (protocol == SecureProtocol.Tls1)
{
return(Tls1CipherSuites.InitializeCipherSuite(master, clientrnd, serverrnd, Definitions[i], entity));
}
else if (protocol == SecureProtocol.Ssl3)
{
return(Ssl3CipherSuites.InitializeCipherSuite(master, clientrnd, serverrnd, Definitions[i], entity));
}
}
}
throw new SslException(AlertDescription.IllegalParameter, "The cipher suite is unknown.");
}
public SecurityOptions(SecureProtocol protocol, ExtensionType[] extensions, Certificate cert,
ConnectionEnd entity, IEnumerable <string> knownProtocols,
CredentialVerification verifyType, CertVerifyEventHandler verifier,
string commonName, SecurityFlags flags, SslAlgorithms allowed,
CertRequestEventHandler requestHandler)
{
this.Protocol = protocol;
this.Certificate = cert;
this.Entity = entity;
this.VerificationType = verifyType;
this.Verifier = verifier;
this.CommonName = commonName;
this.Flags = flags;
this.AllowedAlgorithms = allowed;
this.RequestHandler = requestHandler;
this.KnownProtocols = knownProtocols;
this.Extensions = extensions;
this.ExtensionList = FormExtsList(extensions);
}
private void Connect(SecureProtocol protocol)
{
try
{
GXLogging.Debug(log, "Connecting to host: " + host + ", port: " + port);
SecurityOptions options = new SecurityOptions(protocol);
options.AllowedAlgorithms = SslAlgorithms.ALL;
options.Entity = ConnectionEnd.Client;
options.VerificationType = CredentialVerification.Manual;
options.Verifier = new CertVerifyEventHandler(OnCertificateVerify);
options.Flags = SecurityFlags.Default;
options.CommonName = host;
connection = new SecureSocket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp, options);
IPHostEntry serverIPs = Dns.GetHostEntry(host.Trim());
IPAddress hostAddress = serverIPs.AddressList.First(a => (a.AddressFamily == connection.AddressFamily));;
connection.Connect(new IPEndPoint(hostAddress, port));
string response = GetResponse();
GXLogging.Debug(log, "Connect Server response: " + response);
if (!response.StartsWith("+OK"))
{
throw new IOException(response);
}
}
catch (IOException exc)
{
GXLogging.Error(log, "Bad server response", exc);
throw new GXMailException(exc.Message, MailConstants.MAIL_CantLogin);
}
catch (Exception exc)
{
GXLogging.Error(log, "Can't connect to host", exc);
throw new GXMailException("Can't connect to host", MailConstants.MAIL_CantLogin);
}
}
public static bool SupportsTls1(SecureProtocol protocol)
{
return(((int)protocol & (int)SecureProtocol.Tls1) != 0);
}
public static bool SupportsSsl3(SecureProtocol protocol)
{
return(((int)protocol & (int)SecureProtocol.Ssl3) != 0);
}
/// <summary>
/// Initializes a new instance of the SecurityOptions structure.
/// </summary>
/// <param name="protocol">One of the <see cref="SecureProtocol"/> values.</param>
/// <remarks>
/// All other members of the structure will be instantiated with default values.
/// </remarks>
public SecurityOptions(SecureProtocol protocol) : this(protocol, null, ConnectionEnd.Client, CredentialVerification.Auto, null, null, SecurityFlags.Default, SslAlgorithms.ALL, null) {}
private void ConnectClient( SecureProtocol protocol )
{
lock ( this )
{
if( connected )
{
throw new Exception("Connection with IRC server already opened.");
}
Debug.WriteLineIf( Rfc2812Util.IrcTrace.TraceInfo,"[" + Thread.CurrentThread.Name +"] Connection::Connect()");
SecurityOptions options = new SecurityOptions( protocol );
options.Certificate = null;
options.Entity = ConnectionEnd.Client;
options.VerificationType = CredentialVerification.None;
options.Flags = SecurityFlags.Default;
options.AllowedAlgorithms = SslAlgorithms.SECURE_CIPHERS;
client = new SecureTcpClient( options );
client.Connect( connectionArgs.Hostname, connectionArgs.Port );
connected = true;
writer = new StreamWriter( client.GetStream(), TextEncoding );
writer.AutoFlush = true;
reader = new StreamReader( client.GetStream(), TextEncoding );
socketListenThread = new Thread(new ThreadStart( ReceiveIRCMessages ) );
socketListenThread.Name = Name;
socketListenThread.Start();
sender.RegisterConnection( connectionArgs );
}
}
public static bool SupportsTls1(SecureProtocol protocol)
{
return ((int)protocol & (int)SecureProtocol.Tls1) != 0;
}
public static bool SupportsProtocol(SecureProtocol protocol, ProtocolVersion pv)
{
if (pv.GetVersionInt() == 30)
return SupportsSsl3(protocol);
else
return SupportsTls1(protocol);
}
public static bool SupportsSsl3(SecureProtocol protocol)
{
return ((int)protocol & (int)SecureProtocol.Ssl3) != 0;
}
/// <summary>
/// Starts listening for incoming server connections.
/// </summary>
/// <param name="ep">The EndPoint on which to listen.</param>
/// <param name="sp">The protocol to use.</param>
/// <param name="pfxfile">An optional PFX file.</param>
/// <param name="password">An optional PFX password.</param>
public void StartServer(IPEndPoint ep, SecureProtocol sp, Certificate cert)
{
// initialize a SecurityOptions instance
SecurityOptions options = new SecurityOptions(sp, cert, ConnectionEnd.Server);
// create a new SecureSocket with the above security options
SecureSocket s = new SecureSocket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp, options);
// from here on, act as if the SecureSocket is a normal Socket
s.Bind(ep);
s.Listen(10);
Console.WriteLine("Listening on " + s.LocalEndPoint.ToString());
SecureSocket ss;
string query = "";
byte[] buffer = new byte[1024];
int ret;
while(true) {
ss = (SecureSocket)s.Accept();
Console.WriteLine("Incoming socket accepted.");
// receive HTTP query
Console.WriteLine("Receiving HTTP request...");
ret = 0;
query = "";
while(!IsComplete(query)) { // wait until we've received the entire HTTP query
try {
ret = ss.Receive(buffer, 0, buffer.Length, SocketFlags.None);
} catch (Exception e) {
Console.WriteLine("Error while receiving data from client [" + e.Message + "].");
Console.WriteLine(e);
break;
}
if (ret == 0) {
Console.WriteLine("Client closed connection too soon.");
ss.Close();
break;
}
query += Encoding.ASCII.GetString(buffer, 0, ret);
}
if (IsComplete(query)) {
// Send HTTP reply
Console.WriteLine("Sending reply...");
ret = 0;
try {
while(ret != MentalisPage.Length) {
ret += ss.Send(Encoding.ASCII.GetBytes(MentalisPage), ret, MentalisPage.Length - ret, SocketFlags.None);
}
ss.Shutdown(SocketShutdown.Both);
ss.Close();
} catch (Exception e) {
Console.WriteLine("Error while sending data to the client [" + e.Message + "].");
Console.WriteLine(e);
}
}
Console.WriteLine("Waiting for another connection...");
}
}
public static ProtocolVersion GetMinProtocol(SecureProtocol protocol)
{
if (SupportsSsl3(protocol))
return new ProtocolVersion(3, 0);
else
return new ProtocolVersion(3, 1);
}
/// <summary>
/// Starts listening for incoming server connections.
/// </summary>
/// <param name="ep">The EndPoint on which to listen.</param>
/// <param name="sp">The protocol to use.</param>
/// <param name="pfxfile">An optional PFX file.</param>
/// <param name="password">An optional PFX password.</param>
public void StartServer(IPEndPoint ep, SecureProtocol sp, Certificate cert)
{
// initialize a SecurityOptions instance
SecurityOptions options = new SecurityOptions(sp, cert, ConnectionEnd.Server);
// create a new SecureSocket with the above security options
SecureSocket s = new SecureSocket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp, options);
// from here on, act as if the SecureSocket is a normal Socket
s.Bind(ep);
s.Listen(10);
Console.WriteLine("Listening on " + s.LocalEndPoint.ToString());
SecureSocket ss;
string query = "";
byte[] buffer = new byte[1024];
int ret;
while (true)
{
ss = (SecureSocket)s.Accept();
Console.WriteLine("Incoming socket accepted.");
// receive HTTP query
Console.WriteLine("Receiving HTTP request...");
ret = 0;
query = "";
while (!IsComplete(query)) // wait until we've received the entire HTTP query
{
try {
ret = ss.Receive(buffer, 0, buffer.Length, SocketFlags.None);
} catch (Exception e) {
Console.WriteLine("Error while receiving data from client [" + e.Message + "].");
Console.WriteLine(e);
break;
}
if (ret == 0)
{
Console.WriteLine("Client closed connection too soon.");
ss.Close();
break;
}
query += Encoding.ASCII.GetString(buffer, 0, ret);
}
if (IsComplete(query))
{
// Send HTTP reply
Console.WriteLine("Sending reply...");
ret = 0;
try {
while (ret != MentalisPage.Length)
{
ret += ss.Send(Encoding.ASCII.GetBytes(MentalisPage), ret, MentalisPage.Length - ret, SocketFlags.None);
}
ss.Shutdown(SocketShutdown.Both);
ss.Close();
} catch (Exception e) {
Console.WriteLine("Error while sending data to the client [" + e.Message + "].");
Console.WriteLine(e);
}
}
Console.WriteLine("Waiting for another connection...");
}
}
/// <summary>
/// Download a file using the synchronous Socket methods.
/// </summary>
/// <param name="url">The URL to download.
/// </param>
/// <param name="sp">The protocol to use.</param>
protected void DownloadFile(Url url, SecureProtocol sp)
{
string request = GetHttpRequest(url); // holds the HTTP request for the given URL
SecureSocket s;
try {
// First we create a new SecurityOptions instance
// SecurityOptions objects hold information about the security
// protocols the SecureSocket should use and how the SecureSocket
// should react in certain situations.
SecurityOptions options = new SecurityOptions(sp);
// The Certificate field holds a certificate associated with
// a client [you, for instance]. Because client certificates
// are not often used for HTTP over SSL or TLS, we'll simply
// set this field to a null reference.
options.Certificate = null;
// The Entity specifies whether the SecureSocket should act
// as a client socket or as a server socket. In this case,
// it should act as a client socket.
options.Entity = ConnectionEnd.Client;
// The CommonName field specifies the name of the remote
// party we're connecting to. This is usually the domain name
// of the remote host.
options.CommonName = url.Host;
// The VerificationType field specifies how we intend to verify
// the certificate. In this case, we tell the SecureSocket that
// we will manually verify the certificate. Look in the documentation
// for other options.
options.VerificationType = CredentialVerification.Manual;
// When specifying the CredentialVerification.Manual option, we
// must also specify a CertVerifyEventHandler delegate that will
// be called when the SecureSocket receives the remote certificate.
// The Verifier field holds this delegate. If no manual verification
// is done, this field can be set to a null reference.
options.Verifier = new CertVerifyEventHandler(OnVerify);
// The Flags field specifies which flags should be used for the
// connection. In this case, we will simply use the default behavior.
options.Flags = SecurityFlags.Default;
// Allow only secure ciphers to be used. If the server only supports
// weak encryption, the connections will be shut down.
options.AllowedAlgorithms = SslAlgorithms.SECURE_CIPHERS;
// create a new SecureSocket instance and initialize it with
// the security options we specified above.
s = new SecureSocket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp, options);
// connect to the remote host
s.Connect(new IPEndPoint(Dns.Resolve(url.Host).AddressList[0], url.Port));
} catch (Exception e) {
Console.WriteLine("Exception occurred while connecting: " + e.ToString());
return;
}
// send the HTTP request to the remote host
Console.Write("HTTP Query string:\r\n------------------\r\n" + request);
try {
byte[] reqBytes = Encoding.ASCII.GetBytes(request);
int sent = s.Send(reqBytes, 0, reqBytes.Length, SocketFlags.None);
while (sent != reqBytes.Length)
{
sent += s.Send(reqBytes, sent, reqBytes.Length - sent, SocketFlags.None);
}
} catch (Exception e) {
Console.WriteLine("Exception occurred while sending: " + e.ToString());
return;
}
// receive the reply
Console.WriteLine("HTTP Server reply:\r\n------------------");
try {
byte[] buffer = new byte[4096];
int ret = s.Receive(buffer);
while (ret != 0)
{
Console.Write(Encoding.ASCII.GetString(buffer, 0, ret));
ret = s.Receive(buffer);
}
} catch (Exception e) {
Console.WriteLine("Exception occurred while receiving: " + e.ToString());
return;
}
try {
s.Shutdown(SocketShutdown.Both); // shut down the TCP connection
} catch (Exception e) {
Console.WriteLine("Exception occurred while shutting the connection down: " + e.ToString());
return;
}
s.Close();
}
public SecurityOptions(SecureProtocol protocol, ExtensionType[] extensions, Certificate cert,
ConnectionEnd entity, IEnumerable<string> knownProtocols,
CredentialVerification verifyType, CertVerifyEventHandler verifier,
string commonName, SecurityFlags flags, SslAlgorithms allowed,
CertRequestEventHandler requestHandler)
{
this.Protocol = protocol;
this.Certificate = cert;
this.Entity = entity;
this.VerificationType = verifyType;
this.Verifier = verifier;
this.CommonName = commonName;
this.Flags = flags;
this.AllowedAlgorithms = allowed;
this.RequestHandler = requestHandler;
this.KnownProtocols = knownProtocols;
this.Extensions = extensions;
this.ExtensionList = FormExtsList(extensions);
}
public SecurityOptions(SecureProtocol protocol, ExtensionType[] extensions,
IEnumerable<string> knownProtocols, ConnectionEnd end)
: this(protocol, extensions, null, end, knownProtocols, CredentialVerification.Auto, null, null,
SecurityFlags.Default, SslAlgorithms.ALL, null)
{
}
public SecurityOptions(SecureProtocol protocol, ExtensionType[] extensions,
IEnumerable <string> knownProtocols, ConnectionEnd end)
: this(protocol, extensions, null, end, knownProtocols, CredentialVerification.Auto, null, null,
SecurityFlags.Default, SslAlgorithms.ALL, null)
{
}
/// <summary>
/// Sets the Secure protocol settings on the IE browser
/// </summary>
/// <param name="protocols">Secure Protocol setting</param>
public static void SetSecureProtocols(SecureProtocol protocols)
{
int decimalValue = Convert.ToInt16(Enum <SecureProtocol> .Value(protocols));
Registry.SetValue(@"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings", "SecureProtocols", decimalValue, RegistryValueKind.DWord);
}
public static CipherSuite GetCipherSuite(SecureProtocol protocol, byte[] master, byte[] clientrnd, byte[] serverrnd, SslAlgorithms scheme, ConnectionEnd entity) {
for(int i = 0; i < Definitions.Length; i++) {
if (Definitions[i].Scheme == scheme) {
if (protocol == SecureProtocol.Tls1) {
return Tls1CipherSuites.InitializeCipherSuite(master, clientrnd, serverrnd, Definitions[i], entity);
} else if (protocol == SecureProtocol.Ssl3) {
return Ssl3CipherSuites.InitializeCipherSuite(master, clientrnd, serverrnd, Definitions[i], entity);
}
}
}
throw new SslException(AlertDescription.IllegalParameter, "The cipher suite is unknown.");
}
/// <summary>
/// Initializes a new instance of the SecurityOptions structure.
/// </summary>
/// <param name="protocol">One of the <see cref="SecureProtocol"/> values.</param>
/// <remarks>
/// All other members of the structure will be instantiated with default values.
/// </remarks>
public SecurityOptions(SecureProtocol protocol) : this(protocol, null, ConnectionEnd.Client, CredentialVerification.Auto, null, null, SecurityFlags.Default, SslAlgorithms.ALL, null)
{
}
/// <summary>
/// Download a file using the synchronous Socket methods.
/// </summary>
/// <param name="url">The URL to download.
/// </param>
/// <param name="sp">The protocol to use.</param>
protected void DownloadFile(Url url, SecureProtocol sp)
{
string request = GetHttpRequest(url); // holds the HTTP request for the given URL
SecureSocket s;
try {
// First we create a new SecurityOptions instance
// SecurityOptions objects hold information about the security
// protocols the SecureSocket should use and how the SecureSocket
// should react in certain situations.
SecurityOptions options = new SecurityOptions(sp);
// The Certificate field holds a certificate associated with
// a client [you, for instance]. Because client certificates
// are not often used for HTTP over SSL or TLS, we'll simply
// set this field to a null reference.
options.Certificate = null;
// The Entity specifies whether the SecureSocket should act
// as a client socket or as a server socket. In this case,
// it should act as a client socket.
options.Entity = ConnectionEnd.Client;
// The CommonName field specifies the name of the remote
// party we're connecting to. This is usually the domain name
// of the remote host.
options.CommonName = url.Host;
// The VerificationType field specifies how we intend to verify
// the certificate. In this case, we tell the SecureSocket that
// we will manually verify the certificate. Look in the documentation
// for other options.
options.VerificationType = CredentialVerification.Manual;
// When specifying the CredentialVerification.Manual option, we
// must also specify a CertVerifyEventHandler delegate that will
// be called when the SecureSocket receives the remote certificate.
// The Verifier field holds this delegate. If no manual verification
// is done, this field can be set to a null reference.
options.Verifier = new CertVerifyEventHandler(OnVerify);
// The Flags field specifies which flags should be used for the
// connection. In this case, we will simply use the default behavior.
options.Flags = SecurityFlags.Default;
// Allow only secure ciphers to be used. If the server only supports
// weak encryption, the connections will be shut down.
options.AllowedAlgorithms = SslAlgorithms.SECURE_CIPHERS;
// create a new SecureSocket instance and initialize it with
// the security options we specified above.
s = new SecureSocket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp, options);
// connect to the remote host
s.Connect(new IPEndPoint(Dns.GetHostEntry(url.Host).AddressList[0], url.Port));
} catch (Exception e) {
Console.WriteLine("Exception occurred while connecting: " + e.ToString());
return;
}
// send the HTTP request to the remote host
Console.Write("HTTP Query string:\r\n------------------\r\n" + request);
try {
byte[] reqBytes = Encoding.ASCII.GetBytes(request);
int sent = s.Send(reqBytes, 0, reqBytes.Length, SocketFlags.None);
while(sent != reqBytes.Length) {
sent += s.Send(reqBytes, sent, reqBytes.Length - sent, SocketFlags.None);
}
} catch (Exception e) {
Console.WriteLine("Exception occurred while sending: " + e.ToString());
return;
}
// receive the reply
Console.WriteLine("HTTP Server reply:\r\n------------------");
try {
byte[] buffer = new byte[4096];
int ret = s.Receive(buffer);
while(ret != 0) {
Console.Write(Encoding.ASCII.GetString(buffer, 0, ret));
ret = s.Receive(buffer);
}
} catch (Exception e) {
Console.WriteLine("Exception occurred while receiving: " + e.ToString());
return;
}
try {
s.Shutdown(SocketShutdown.Both); // shut down the TCP connection
} catch (Exception e) {
Console.WriteLine("Exception occurred while shutting the connection down: " + e.ToString());
return;
}
s.Close();
}
