public XSPWorker(Socket client, EndPoint localEP, ApplicationServer server,
bool secureConnection,
Mono.Security.Protocol.Tls.SecurityProtocolType SecurityProtocol,
X509Certificate cert,
PrivateKeySelectionCallback keyCB,
bool allowClientCert,
bool requireClientCert)
{
if (secureConnection)
{
ssl = new SslInformations();
ssl.AllowClientCertificate = allowClientCert;
ssl.RequireClientCertificate = requireClientCert;
ssl.RawServerCertificate = cert.GetRawCertData();
netStream = new LingeringNetworkStream(client, true);
SslServerStream s = new SslServerStream(netStream, cert, requireClientCert, false);
s.PrivateKeyCertSelectionDelegate += keyCB;
s.ClientCertValidationDelegate += new CertificateValidationCallback(ClientCertificateValidation);
stream = s;
}
else
{
netStream = new LingeringNetworkStream(client, false);
stream = netStream;
}
sock = client;
this.server = server;
this.remoteEP = (IPEndPoint)client.RemoteEndPoint;
this.localEP = (IPEndPoint)localEP;
}
public XSPWorker (Socket client, EndPoint localEP, ApplicationServer server,
bool secureConnection,
Mono.Security.Protocol.Tls.SecurityProtocolType SecurityProtocol,
X509Certificate cert,
PrivateKeySelectionCallback keyCB,
bool allowClientCert,
bool requireClientCert)
{
if (secureConnection) {
ssl = new SslInformations ();
ssl.AllowClientCertificate = allowClientCert;
ssl.RequireClientCertificate = requireClientCert;
ssl.RawServerCertificate = cert.GetRawCertData ();
netStream = new LingeringNetworkStream (client, true);
SslServerStream s = new SslServerStream (netStream, cert, requireClientCert, false);
s.PrivateKeyCertSelectionDelegate += keyCB;
s.ClientCertValidationDelegate += new CertificateValidationCallback (ClientCertificateValidation);
stream = s;
} else {
netStream = new LingeringNetworkStream (client, false);
stream = netStream;
}
sock = client;
this.server = server;
this.remoteEP = (IPEndPoint) client.RemoteEndPoint;
this.localEP = (IPEndPoint) localEP;
}
public void ProcessRequest (int reqId, long localEPAddr, int localEPPort, long remoteEPAdds,
int remoteEPPort, string verb, string path,
string queryString, string protocol, byte [] inputBuffer, string redirect,
IntPtr socket, SslInformations ssl)
{
XSPRequestBroker broker = (XSPRequestBroker) RequestBroker;
IPEndPoint localEP = new IPEndPoint (localEPAddr, localEPPort);
IPEndPoint remoteEP = new IPEndPoint (remoteEPAdds, remoteEPPort);
bool secure = (ssl != null);
XSPWorkerRequest mwr = new XSPWorkerRequest (reqId, broker, this, localEP, remoteEP, verb, path,
queryString, protocol, inputBuffer, socket, secure);
if (secure) {
// note: we're only setting what we use (and not the whole lot)
mwr.AddServerVariable ("CERT_KEYSIZE", ssl.KeySize.ToString (CultureInfo.InvariantCulture));
mwr.AddServerVariable ("CERT_SECRETKEYSIZE", ssl.SecretKeySize.ToString (CultureInfo.InvariantCulture));
if (ssl.RawClientCertificate != null) {
// the worker need to be able to return it (if asked politely)
mwr.SetClientCertificate (ssl.RawClientCertificate);
// XSPWorkerRequest will answer, as required, for CERT_COOKIE, CERT_ISSUER,
// CERT_SERIALNUMBER and CERT_SUBJECT (as anyway it requires the client
// certificate - if it was provided)
if (ssl.ClientCertificateValid) {
// client cert present (bit0 = 1) and valid (bit1 = 0)
mwr.AddServerVariable ("CERT_FLAGS", "1");
} else {
// client cert present (bit0 = 1) but invalid (bit1 = 1)
mwr.AddServerVariable ("CERT_FLAGS", "3");
}
} else {
// no client certificate (bit0 = 0) ? does bit1 matter ?
mwr.AddServerVariable ("CERT_FLAGS", "0");
}
if (ssl.RawServerCertificate != null) {
X509Certificate server = ssl.GetServerCertificate ();
#if NET_2_0
mwr.AddServerVariable ("CERT_SERVER_ISSUER", server.Issuer);
mwr.AddServerVariable ("CERT_SERVER_SUBJECT", server.Subject);
#else
mwr.AddServerVariable ("CERT_SERVER_ISSUER", server.GetIssuerName ());
mwr.AddServerVariable ("CERT_SERVER_SUBJECT", server.GetName ());
#endif
}
}
string translated = mwr.GetFilePathTranslated ();
if (path [path.Length - 1] != '/' && Directory.Exists (translated))
redirect = path + '/';
if (redirect != null) {
Redirect (mwr, redirect);
broker.UnregisterRequest (reqId);
return;
}
ProcessRequest (mwr);
}
public void ProcessRequest(int reqId, long localEPAddr, int localEPPort, long remoteEPAdds,
int remoteEPPort, string verb, string path,
string queryString, string protocol, byte [] inputBuffer, string redirect,
IntPtr socket, SslInformations ssl)
{
XSPRequestBroker broker = (XSPRequestBroker)RequestBroker;
IPEndPoint localEP = new IPEndPoint(localEPAddr, localEPPort);
IPEndPoint remoteEP = new IPEndPoint(remoteEPAdds, remoteEPPort);
bool secure = (ssl != null);
XSPWorkerRequest mwr = new XSPWorkerRequest(reqId, broker, this, localEP, remoteEP, verb, path,
queryString, protocol, inputBuffer, socket, secure);
if (secure)
{
// note: we're only setting what we use (and not the whole lot)
mwr.AddServerVariable("CERT_KEYSIZE", ssl.KeySize.ToString(CultureInfo.InvariantCulture));
mwr.AddServerVariable("CERT_SECRETKEYSIZE", ssl.SecretKeySize.ToString(CultureInfo.InvariantCulture));
if (ssl.RawClientCertificate != null)
{
// the worker need to be able to return it (if asked politely)
mwr.SetClientCertificate(ssl.RawClientCertificate);
// XSPWorkerRequest will answer, as required, for CERT_COOKIE, CERT_ISSUER,
// CERT_SERIALNUMBER and CERT_SUBJECT (as anyway it requires the client
// certificate - if it was provided)
if (ssl.ClientCertificateValid)
{
// client cert present (bit0 = 1) and valid (bit1 = 0)
mwr.AddServerVariable("CERT_FLAGS", "1");
}
else
{
// client cert present (bit0 = 1) but invalid (bit1 = 1)
mwr.AddServerVariable("CERT_FLAGS", "3");
}
}
else
{
// no client certificate (bit0 = 0) ? does bit1 matter ?
mwr.AddServerVariable("CERT_FLAGS", "0");
}
#if MONO
if (ssl.RawServerCertificate != null)
{
X509Certificate server = ssl.GetServerCertificate();
mwr.AddServerVariable("CERT_SERVER_ISSUER", server.GetIssuerName());
mwr.AddServerVariable("CERT_SERVER_SUBJECT", server.GetName());
}
#endif
}
string translated = mwr.GetFilePathTranslated();
if (path [path.Length - 1] != '/' && Directory.Exists(translated))
{
redirect = path + '/';
}
if (redirect != null)
{
Redirect(mwr, redirect);
broker.UnregisterRequest(reqId);
return;
}
ProcessRequest(mwr);
}