// Initialize all of the default certificates and protocols
public SslServer()
{
// Initialize the Socket
serverSocketType = SocketType.Stream;
serverProtocolType = ProtocolType.Tcp;
if (Microsoft.SPOT.Hardware.SystemInfo.SystemID.SKU == 3)
{
cert = new X509Certificate(CertificatesAndCAs.emuCert, "NetMF");
ca = new X509Certificate[] { new X509Certificate(CertificatesAndCAs.caEmuCert) };
}
else
{
// Initialize the SslStream
cert = new X509Certificate(CertificatesAndCAs.newCert);
ca = new X509Certificate[] { new X509Certificate(CertificatesAndCAs.caCert) };
}
verify = SslVerification.NoVerification;
sslProtocols = new SslProtocols[] { SslProtocols.Default };
// Create a TCP/IP (IPv4) socket and listen for incoming connections.
serverSocket = new Socket(AddressFamily.InterNetwork, serverSocketType, serverProtocolType);
serverSocket.SetSocketOption(SocketOptionLevel.Socket, SocketOptionName.Linger, false);
serverSocket.Bind(new IPEndPoint(IPAddress.Loopback, 0));
serverEp = (IPEndPoint)serverSocket.LocalEndPoint;
Debug.Print("Listening for a client to connect...");
serverSocket.Listen(1);
}
// Initialize all of the default certificates and protocols
public SslServer()
{
// Initialize the Socket
serverSocketType = SocketType.Stream;
serverProtocolType = ProtocolType.Tcp;
if (Microsoft.SPOT.Hardware.SystemInfo.SystemID.SKU == 3)
{
cert = new X509Certificate(CertificatesAndCAs.emuCert, "NetMF");
ca = new X509Certificate[] { new X509Certificate(CertificatesAndCAs.caEmuCert) };
}
else
{
// Initialize the SslStream
cert = new X509Certificate(CertificatesAndCAs.newCert);
ca = new X509Certificate[] { new X509Certificate(CertificatesAndCAs.caCert) };
}
verify = SslVerification.NoVerification;
sslProtocols = new SslProtocols[] { SslProtocols.Default };
// Create a TCP/IP (IPv4) socket and listen for incoming connections.
serverSocket = new Socket(AddressFamily.InterNetwork, serverSocketType, serverProtocolType);
serverSocket.SetSocketOption(SocketOptionLevel.Socket, SocketOptionName.Linger, false);
serverSocket.Bind(new IPEndPoint(IPAddress.Loopback, 0));
serverEp = (IPEndPoint)serverSocket.LocalEndPoint;
Log.Comment("Listening for a client to connect...");
serverSocket.Listen(1);
}
public SslServer(X509Certificate certificate, X509Certificate[] ca, SslVerification clientCertificateRequired, SslProtocols[] enabledSslProtocols, bool expectedException)
{
this.certificate = certificate;
this.ca = ca;
this.clientCertificateRequired = clientCertificateRequired;
this.enabledSslProtocols = enabledSslProtocols;
this.expectedException = expectedException;
//Get the IPV4 address on this machine which is all that the MF devices support.
IPHostEntry hostEntry = Dns.GetHostEntry("");
ipAddress = hostEntry.AddressList[0];
if (ipAddress == null)
throw new Exception("No IPV4 address found.");
}
public SslClient(IPAddress ipAddress, String targetHost, X509Certificate cert, X509Certificate [] ca, SslVerification verify, SslProtocols[] sslProtocols, bool expectedException)
{
// Initialize the Socket
messageSent = MFUtilities.GetRandomSafeString(2000) + TERMINATOR;
// Initialize the port that communication is using
port = 11111;
this.ipAddress = ipAddress;
this.messageSent = "hello" + TERMINATOR;
this.targetHost = targetHost;
this.cert = cert;
this.ca = ca;
this.verify = verify;
this.sslProtocols = sslProtocols;
this.expectedException = expectedException;
}
public SslClient(IPAddress ipAddress, String targetHost, X509Certificate cert, X509Certificate [] ca, SslVerification verify, SslProtocols[] sslProtocols, bool expectedException)
{
// Initialize the Socket
messageSent = MFUtilities.GetRandomSafeString(2000) + TERMINATOR;
// Initialize the port that communication is using
port = 11111;
this.ipAddress = ipAddress;
this.messageSent = "hello" + TERMINATOR;
this.targetHost = targetHost;
this.cert = cert;
this.ca = ca;
this.verify = verify;
this.sslProtocols = sslProtocols;
this.expectedException = expectedException;
}
public SslServer(X509Certificate certificate, X509Certificate[] ca, SslVerification clientCertificateRequired, SslProtocols[] enabledSslProtocols, bool expectedException)
{
this.certificate = certificate;
this.ca = ca;
this.clientCertificateRequired = clientCertificateRequired;
this.enabledSslProtocols = enabledSslProtocols;
this.expectedException = expectedException;
//Get the IPV4 address on this machine which is all that the MF devices support.
IPHostEntry hostEntry = Dns.GetHostEntry("");
ipAddress = hostEntry.AddressList[0];
if (ipAddress == null)
{
throw new Exception("No IPV4 address found.");
}
}
public SslClient()
{
// Initialize the Socket
clientSocketType = SocketType.Stream;
clientProtocolType = ProtocolType.Tcp;
if (Microsoft.SPOT.Hardware.SystemInfo.SystemID.SKU == 3)
{
cert = new X509Certificate(CertificatesAndCAs.emuCert, "NetMF");
ca = new X509Certificate[] { new X509Certificate(CertificatesAndCAs.caEmuCert) };
targetHost = "ZACHL-SBA1.redmond.corp.microsoft.com";
}
else
{
cert = new X509Certificate(CertificatesAndCAs.newCert);
ca = new X509Certificate[] { new X509Certificate(CertificatesAndCAs.caCert) };
targetHost = "Device.Microsoft.Com";
}
verify = SslVerification.CertificateRequired;
sslProtocols = new SslProtocols[] { SslProtocols.Default };
}
public SslClient()
{
// Initialize the Socket
clientSocketType = SocketType.Stream;
clientProtocolType = ProtocolType.Tcp;
if (Microsoft.SPOT.Hardware.SystemInfo.SystemID.SKU == 3)
{
cert = new X509Certificate(CertificatesAndCAs.emuCert, "NetMF");
ca = new X509Certificate[] { new X509Certificate(CertificatesAndCAs.caEmuCert) };
targetHost = "ZACHL-SBA1.redmond.corp.microsoft.com";
}
else
{
cert = new X509Certificate(CertificatesAndCAs.newCert);
ca = new X509Certificate[] { new X509Certificate(CertificatesAndCAs.caCert) };
targetHost = "Device.Microsoft.Com";
}
verify = SslVerification.CertificateRequired;
sslProtocols = new SslProtocols[] { SslProtocols.Default };
}
internal void Authenticate(bool isServer, string targetHost, X509Certificate certificate, X509Certificate[] ca, SslVerification verify, params SslProtocols[] sslProtocols)
{
SslProtocols vers = (SslProtocols)0;
if (-1 != _sslContext) throw new InvalidOperationException();
for (int i = sslProtocols.Length - 1; i >= 0; i--)
{
vers |= sslProtocols[i];
}
_isServer = isServer;
try
{
if (isServer)
{
_sslContext = SslNative.SecureServerInit((int)vers, (int)verify, certificate, ca);
SslNative.SecureAccept(_sslContext, _socket);
}
else
{
_sslContext = SslNative.SecureClientInit((int)vers, (int)verify, certificate, ca);
SslNative.SecureConnect(_sslContext, targetHost, _socket);
}
}
catch
{
if (_sslContext != -1)
{
SslNative.ExitSecureContext(_sslContext);
_sslContext = -1;
}
throw;
}
}
public void AuthenticateAsServer(X509Certificate cert, SslVerification verify, params SslProtocols[] sslProtocols)
{
AuthenticateAsServer(cert, null, verify, sslProtocols);
}
public extern int AuthenticateAsClient(int socketHandle, string targetHost, X509Certificate caCertificate, X509Certificate clientCertificate, SslProtocols sslProtocols, SslVerification sslVerification);
public void AuthenticateAsClient(string targetHost, X509Certificate cert, X509Certificate[] ca, SslVerification verify, params SslProtocols[] sslProtocols)
{
Authenticate(false, targetHost, cert, ca, verify, sslProtocols);
}
public void AuthenticateAsServer(X509Certificate cert, X509Certificate[] ca, SslVerification verify, params SslProtocols[] sslProtocols)
{
Authenticate(true, "", cert, ca, verify, sslProtocols);
}
internal void Authenticate(bool isServer, string targetHost, X509Certificate certificate, X509Certificate[] ca, SslVerification verify, params SslProtocols[] sslProtocols)
{
SslProtocols vers = (SslProtocols)0;
if (-1 != _sslContext)
{
throw new InvalidOperationException();
}
for (int i = sslProtocols.Length - 1; i >= 0; i--)
{
vers |= sslProtocols[i];
}
_isServer = isServer;
try
{
if (isServer)
{
throw new NotImplementedException();
//_sslContext = SslNative.SecureServerInit((int)vers, (int)verify, certificate, ca);
//SslNative.SecureAccept(_sslContext, _socket);
}
else
{
bool secMethodSSL3 = false;
bool secMethodTLS1 = false;
for (int iProtocol = 0; iProtocol < sslProtocols.Length; iProtocol++)
{
switch (sslProtocols[iProtocol])
{
case SslProtocols.None:
throw new ArgumentException("sslProtocols");
case SslProtocols.SSLv3:
secMethodSSL3 = true;
break;
case SslProtocols.TLSv1:
secMethodTLS1 = true;
break;
case SslProtocols.Default:
secMethodSSL3 = true;
secMethodTLS1 = true;
break;
}
}
byte sslProtocolOption = 0;
if (secMethodSSL3 && secMethodTLS1)
{
sslProtocolOption = 4; /* SL_SO_SEC_METHOD_SSLv3_TLSV1_2 */
}
else if (secMethodSSL3)
{
sslProtocolOption = 0; /* SL_SO_SEC_METHOD_SSLV3 */
}
else if (secMethodTLS1)
{
sslProtocolOption = 1; /* SL_SO_SEC_METHOD_TLSV1 */
}
else
{
throw new ArgumentException("sslProtocols");
}
/* NOTE: we now pass a message to the socket asking it to reconnect as SSL (using our specific SSL options) -- and then have it update its handle!
* we should also make sure that no other sockets are opened during the operation--so that no other threads sneak in and steal the last socket handle. */
byte[] addressAndHandle = new byte[10];
/* fill bytes 0-7 with our socket's target IP address, so we know where to connect to! */
addressAndHandle[2] = (byte)((((IPEndPoint)_socket.RemoteEndPoint).Port >> 8) & 0xFF);
addressAndHandle[3] = (byte)(((IPEndPoint)_socket.RemoteEndPoint).Port & 0xFF);
Array.Copy(((IPEndPoint)_socket.RemoteEndPoint).Address.GetAddressBytes(), 0, addressAndHandle, 4, 4);
// byte 8 is our sslProtocolOption
addressAndHandle[8] = sslProtocolOption;
// byte 9 will be our handle (new handle as output)
addressAndHandle[9] = 0xFF; // default handle to 0xFF to represent "no handle"
// request "upgrade to SSL/TLS" by closing the current socket and re-connecting via SSL/TLS
_socket.GetSocketOption(SocketOptionLevel.Socket, (SocketOptionName)0x400002, addressAndHandle);
if (addressAndHandle[9] == 0xFF)
{
// could not upgrade/re-connect to SSL
throw new Exception(); /* NOTE: what is the correct exception? */
}
else
{
_socket.m_Handle = addressAndHandle[9];
}
_sslContext = 0; /* SSL is now enabled on this socket */
}
}
catch
{
if (_sslContext != -1)
{
/* TODO: if we could not connect via SSL, do we need to reconnect as non-secure? */
_sslContext = -1;
}
throw;
}
}
public void AuthenticateAsServer(X509Certificate cert, SslVerification verify, params SslProtocols[] sslProtocols)
{
AuthenticateAsServer(cert, null, verify, sslProtocols);
}
public void AuthenticateAsClient(string targetHost, X509Certificate cert, X509Certificate[] ca, SslVerification verify, params SslProtocols[] sslProtocols)
{
Authenticate(false, targetHost, cert, ca, verify, sslProtocols);
}
internal void Authenticate(bool isServer, string targetHost, X509Certificate certificate, X509Certificate[] ca, SslVerification verify, params SslProtocols[] sslProtocols)
{
SslProtocols vers = (SslProtocols)0;
if (-1 != _sslContext)
{
throw new InvalidOperationException();
}
for (int i = sslProtocols.Length - 1; i >= 0; i--)
{
vers |= sslProtocols[i];
}
_isServer = isServer;
try
{
if (isServer)
{
_sslContext = SslNative.SecureServerInit((int)vers, (int)verify, certificate, ca);
SslNative.SecureAccept(_sslContext, _socket);
}
else
{
_sslContext = SslNative.SecureClientInit((int)vers, (int)verify, certificate, ca);
SslNative.SecureConnect(_sslContext, targetHost, _socket);
}
}
catch
{
if (_sslContext != -1)
{
SslNative.ExitSecureContext(_sslContext);
_sslContext = -1;
}
throw;
}
}
public void AuthenticateAsClient(string targetHost, X509Certificate caCertificate, X509Certificate clientCertificate, SslProtocols sslProtocols, SslVerification sslVerification) => this.sslHandle = this.ni.AuthenticateAsClient(this._socket.m_Handle, targetHost, caCertificate, clientCertificate, sslProtocols, sslVerification);
public void AuthenticateAsServer(X509Certificate cert, X509Certificate[] ca, SslVerification verify, params SslProtocols[] sslProtocols)
{
Authenticate(true, "", cert, ca, verify, sslProtocols);
}
public void AuthenticateAsClient(string targetHost, X509Certificate cert, SslVerification verify, params SslProtocols[] sslProtocols)
{
AuthenticateAsClient(targetHost, cert, CertificateStore.CACertificates, verify, sslProtocols);
}
public void AuthenticateAsClient(string targetHost, X509Certificate cert, SslVerification verify, params SslProtocols[] sslProtocols)
{
AuthenticateAsClient(targetHost, cert, CertificateStore.CACertificates, verify, sslProtocols);
}
