public SslStreamServer(
Stream stream,
bool ownStream,
X509Certificate serverCertificate,
bool clientCertificateRequired,
X509Chain caCerts,
SslProtocols enabledSslProtocols,
SslStrength sslStrength,
bool checkCertificateRevocation,
RemoteCertificateValidationHandler remote_callback)
: base(stream, ownStream)
{
checkCertificateRevocationStatus = checkCertificateRevocation;
remoteCertificateSelectionCallback = remote_callback;
// Initialize the SslContext object
InitializeServerContext(serverCertificate, clientCertificateRequired, caCerts, enabledSslProtocols, sslStrength, checkCertificateRevocation);
// Initalize the Ssl object
ssl = new Ssl(sslContext);
sniCb = sniExt.ServerSniCb;
sniExt.AttachSniExtensionServer(ssl.Handle, sslContext.Handle, sniCb);
// Initialze the read/write bio
read_bio = BIO.MemoryBuffer(false);
write_bio = BIO.MemoryBuffer(false);
// Set the read/write bio's into the the Ssl object
ssl.SetBIO(read_bio, write_bio);
read_bio.SetClose(BIO.CloseOption.Close);
write_bio.SetClose(BIO.CloseOption.Close);
// Set the Ssl object into server mode
ssl.SetAcceptState();
}
public SslStreamServer(
Stream stream,
bool ownStream,
X509Certificate serverCertificate,
bool clientCertificateRequired,
X509Chain caCerts,
SslProtocols enabledSslProtocols,
SslStrength sslStrength,
bool checkCertificateRevocation,
RemoteCertificateValidationHandler remote_callback)
: base(stream, ownStream)
{
this.checkCertificateRevocationStatus = checkCertificateRevocation;
this.remoteCertificateSelectionCallback = remote_callback;
// Initialize the SslContext object
InitializeServerContext(serverCertificate, clientCertificateRequired, caCerts, enabledSslProtocols, sslStrength, checkCertificateRevocation);
ssl = new Ssl(sslContext);
// Initialze the read/write bio
read_bio = BIO.MemoryBuffer(false);
write_bio = BIO.MemoryBuffer(false);
// Set the read/write bio's into the the Ssl object
ssl.SetBIO(read_bio, write_bio);
read_bio.SetClose(BIO.CloseOption.Close);
write_bio.SetClose(BIO.CloseOption.Close);
// Set the Ssl object into server mode
ssl.SetAcceptState();
}
public AsyncServerTests(TestServer testServer)
{
this.testServer = testServer;
// Initialize certificate callbacks (only used for Advanced test)
clientRemoteCertificateValidationCallback = new RemoteCertificateValidationHandler(ValidateRemoteCert);
clientLocalCertificateSelectionCallback = new LocalCertificateSelectionHandler(clientCertificateSelectionCallback);
serverRemoteCertificateValidationCallback = new RemoteCertificateValidationHandler(ValidateRemoteCert);
}
/// <summary>
/// Create an SslStream based on an existing stream.
/// </summary>
/// <param name="stream"></param>
/// <param name="leaveInnerStreamOpen"></param>
/// <param name="remote_callback"></param>
public SslStream(Stream stream,
bool leaveInnerStreamOpen,
RemoteCertificateValidationHandler remote_callback) : this(
stream,
leaveInnerStreamOpen,
remote_callback,
null)
{
}
/// <summary>
/// Create an SslStream based on an existing stream.
/// </summary>
/// <param name="stream"></param>
/// <param name="leaveInnerStreamOpen"></param>
/// <param name="remote_callback"></param>
/// <param name="local_callback"></param>
public SslStream(
Stream stream,
bool leaveInnerStreamOpen,
RemoteCertificateValidationHandler remote_callback,
LocalCertificateSelectionHandler local_callback) : base(stream, leaveInnerStreamOpen)
{
remoteCertificateValidationCallback = remote_callback;
localCertificateSelectionCallback = local_callback;
}
public void AdvancedClientTest()
{
//Initialize delegates for certificate callbacks
clientRemoteCertificateValidationCallback = new RemoteCertificateValidationHandler(ValidateRemoteCert);
clientLocalCertificateSelectionCallback = new LocalCertificateSelectionHandler(clientCertificateSelectionCallback);
try {
testName = "AdvancedClientTest";
client = new TcpClient("localhost", 9000);
// Create the SslStream object with the certificate callbacks
sslStream = new SslStream(client.GetStream(), false, clientRemoteCertificateValidationCallback, clientLocalCertificateSelectionCallback);
// Initialize with client certificate list, and client CA chain
sslStream.AuthenticateAsClient("localhost", testServer.clientCertificateList, testServer.clientCAChain, SslProtocols.Tls, SslStrength.Medium | SslStrength.High, true);
// Verify mutual authentication
if (!sslStream.IsMutuallyAuthenticated)
{
Console.WriteLine("{0} failed - Stream is not mutally authenticated", testName);
Shutdown(false);
}
// Verify protocol
if (sslStream.SslProtocol != SslProtocols.Tls)
{
Console.WriteLine("{0} failed - negotiated a non Tls connection", testName);
Shutdown(false);
}
// Verify cipher strength
if (sslStream.CipherStrength < 256)
{
Console.WriteLine("{0} failed - negotiated less that 256bit cipher", testName);
Console.WriteLine("Cipher={0}\nCipherStrength = {1}", sslStream.CipherAlgorithm.ToString(), sslStream.CipherStrength);
Shutdown(false);
}
// Verify cipher
if (sslStream.CipherAlgorithm != CipherAlgorithmType.Aes256)
{
Console.WriteLine("{0} failed - negotiatied cipher wasn't Aes256", testName);
Console.WriteLine("Cipher was {0}, expected {0}", sslStream.CipherAlgorithm.ToString(), CipherAlgorithmType.Aes256.ToString());
Shutdown(false);
}
if (DoClientReadWrite())
{
Shutdown(true);
}
else
{
Shutdown(false);
}
}
catch (Exception ex) {
Shutdown(false);
Console.WriteLine(ex);
}
}
public void AdvancedServerTest()
{
serverRemoteCertificateValidationCallback = new RemoteCertificateValidationHandler(ValidateRemoteCert);
try {
testName = "AdvancedServerTest";
AcceptConnection(); // sets the client member
sslStream = new SslStream(client.GetStream(), false, serverRemoteCertificateValidationCallback);
sslStream.AuthenticateAsServer(testServer.serverCertificate, true, testServer.serverCAChain, SslProtocols.Tls, SslStrength.All, true);
// Verify mutual authentication
if (!sslStream.IsMutuallyAuthenticated)
{
Console.WriteLine("{0} failed - stream is not mutually authenticated", testName);
Shutdown(false);
return;
}
// Verify protocol
if (sslStream.SslProtocol != SslProtocols.Tls)
{
Console.WriteLine("{0} failed - negotiated non Tls connection", testName);
Shutdown(false);
return;
}
// Verify cipher strength
if (sslStream.CipherStrength < 256)
{
Console.WriteLine("{0} failed - negotiated less than 256bit cipher", testName);
Shutdown(false);
return;
}
// Do the server read, and write of the messages
if (DoServerReadWrite())
{
Shutdown(true);
}
else
{
Shutdown(false);
}
}
catch (Exception) {
Shutdown(false);
}
}
public SslStreamClient(Stream stream,
bool ownStream,
string targetHost,
X509List clientCertificates,
X509Chain caCertificates,
SslProtocols enabledSslProtocols,
SslStrength sslStrength,
bool checkCertificateRevocationStatus,
RemoteCertificateValidationHandler remoteCallback,
LocalCertificateSelectionHandler localCallback)
: base(stream, ownStream)
{
this.targetHost = targetHost;
this.clientCertificates = clientCertificates;
this.caCertificates = caCertificates;
this.checkCertificateRevocationStatus = checkCertificateRevocationStatus;
this.remoteCertificateSelectionCallback = remoteCallback;
this.localCertificateSelectionCallback = localCallback;
this.internalCertificateSelectionCallback = new ClientCertCallbackHandler(InternalClientCertificateSelectionCallback);
InitializeClientContext(clientCertificates, enabledSslProtocols, sslStrength, checkCertificateRevocationStatus);
}
public SslStreamClient(Stream stream,
bool ownStream,
string targetHost,
X509List clientCertificates,
X509Chain caCertificates,
SslProtocols enabledSslProtocols,
SslStrength sslStrength,
bool checkCertificateRevocationStatus,
RemoteCertificateValidationHandler remoteCallback,
LocalCertificateSelectionHandler localCallback)
: base(stream, ownStream)
{
this.targetHost = targetHost;
this.clientCertificates = clientCertificates;
this.caCertificates = caCertificates;
this.checkCertificateRevocationStatus = checkCertificateRevocationStatus;
this.remoteCertificateSelectionCallback = remoteCallback;
this.localCertificateSelectionCallback = localCallback;
this.internalCertificateSelectionCallback = new ClientCertCallbackHandler(InternalClientCertificateSelectionCallback);
InitializeClientContext(clientCertificates, enabledSslProtocols, sslStrength, checkCertificateRevocationStatus);
}
/// <summary>
/// Sets the certificate verification mode and callback - calls SSL_CTX_set_verify
/// </summary>
/// <param name="mode"></param>
/// <param name="callback"></param>
public void SetVerify(VerifyMode mode, RemoteCertificateValidationHandler callback)
{
this._verifyCertCallbackThunk = new VerifyCertCallbackThunk(callback);
Native.SSL_CTX_set_verify(this.ptr, (int)mode, _verifyCertCallbackThunk.Callback);
}
public VerifyCertCallbackThunk(RemoteCertificateValidationHandler callback)
{
this.OnVerifyCert = callback;
}
public VerifyCertCallbackThunk(RemoteCertificateValidationHandler callback)
{
this.OnVerifyCert = callback;
}
/// <summary>
/// Sets the certificate verification mode and callback - calls SSL_CTX_set_verify
/// </summary>
/// <param name="mode"></param>
/// <param name="callback"></param>
public void SetVerify(VerifyMode mode, RemoteCertificateValidationHandler callback)
{
this._verifyCertCallbackThunk = new VerifyCertCallbackThunk(callback);
Native.SSL_CTX_set_verify(this.ptr, (int)mode, _verifyCertCallbackThunk.Callback);
}
public AsyncServerTests(TestServer testServer) {
this.testServer = testServer;
// Initialize certificate callbacks (only used for Advanced test)
clientRemoteCertificateValidationCallback = new RemoteCertificateValidationHandler(ValidateRemoteCert);
clientLocalCertificateSelectionCallback = new LocalCertificateSelectionHandler(clientCertificateSelectionCallback);
serverRemoteCertificateValidationCallback = new RemoteCertificateValidationHandler(ValidateRemoteCert);
}
public void AdvancedClientTest() {
//Initialize delegates for certificate callbacks
clientRemoteCertificateValidationCallback = new RemoteCertificateValidationHandler(ValidateRemoteCert);
clientLocalCertificateSelectionCallback = new LocalCertificateSelectionHandler(clientCertificateSelectionCallback);
try {
testName = "AdvancedClientTest";
client = new TcpClient("localhost", 9000);
// Create the SslStream object with the certificate callbacks
sslStream = new SslStream(client.GetStream(), false, clientRemoteCertificateValidationCallback, clientLocalCertificateSelectionCallback);
// Initialize with client certificate list, and client CA chain
sslStream.AuthenticateAsClient("localhost", testServer.clientCertificateList, testServer.clientCAChain, SslProtocols.Tls, SslStrength.Medium | SslStrength.High, true);
// Verify mutual authentication
if (!sslStream.IsMutuallyAuthenticated) {
Console.WriteLine("{0} failed - Stream is not mutally authenticated", testName);
Shutdown(false);
}
// Verify protocol
if (sslStream.SslProtocol != SslProtocols.Tls) {
Console.WriteLine("{0} failed - negotiated a non Tls connection", testName);
Shutdown(false);
}
// Verify cipher strength
if (sslStream.CipherStrength < 256) {
Console.WriteLine("{0} failed - negotiated less that 256bit cipher", testName);
Console.WriteLine("Cipher={0}\nCipherStrength = {1}", sslStream.CipherAlgorithm.ToString(), sslStream.CipherStrength);
Shutdown(false);
}
// Verify cipher
if (sslStream.CipherAlgorithm != CipherAlgorithmType.Aes256) {
Console.WriteLine("{0} failed - negotiatied cipher wasn't Aes256", testName);
Console.WriteLine("Cipher was {0}, expected {0}", sslStream.CipherAlgorithm.ToString(), CipherAlgorithmType.Aes256.ToString());
Shutdown(false);
}
if (DoClientReadWrite()) {
Shutdown(true);
}
else {
Shutdown(false);
}
}
catch (Exception ex) {
Shutdown(false);
Console.WriteLine(ex);
}
}
/// <summary>
/// Sets the certificate verification mode and callback - calls SSL_CTX_set_verify
/// </summary>
/// <param name="mode"></param>
/// <param name="callback"></param>
public void SetVerify(VerifyMode mode, RemoteCertificateValidationHandler callback)
{
OnVerifyCert = callback;
Native.SSL_CTX_set_verify(ptr, (int)mode, callback == null ? null : _ptrOnVerifyCertThunk);
}
/// <summary>
/// Create an SslStream based on an existing stream.
/// </summary>
/// <param name="stream"></param>
/// <param name="leaveInnerStreamOpen"></param>
/// <param name="remote_callback"></param>
public SslStream(Stream stream,
bool leaveInnerStreamOpen,
RemoteCertificateValidationHandler remote_callback) : this(
stream,
leaveInnerStreamOpen,
remote_callback,
null)
{
}
/// <summary>
/// Create an SslStream based on an existing stream.
/// </summary>
/// <param name="stream"></param>
/// <param name="leaveInnerStreamOpen"></param>
/// <param name="remote_callback"></param>
/// <param name="local_callback"></param>
public SslStream(
Stream stream,
bool leaveInnerStreamOpen,
RemoteCertificateValidationHandler remote_callback,
LocalCertificateSelectionHandler local_callback) : base(stream, leaveInnerStreamOpen)
{
remoteCertificateValidationCallback = remote_callback;
localCertificateSelectionCallback = local_callback;
}
/// <summary>
/// Create an SslStream based on an existing stream.
/// </summary>
/// <param name="stream"></param>
/// <param name="leaveInnerStreamOpen"></param>
public SslStream(Stream stream, bool leaveInnerStreamOpen)
: base(stream, leaveInnerStreamOpen)
{
remoteCertificateValidationCallback = null;
localCertificateSelectionCallback = null;
}
public void AdvancedServerTest() {
serverRemoteCertificateValidationCallback = new RemoteCertificateValidationHandler(ValidateRemoteCert);
try {
testName = "AdvancedServerTest";
AcceptConnection(); // sets the client member
sslStream = new SslStream(client.GetStream(), false, serverRemoteCertificateValidationCallback);
sslStream.AuthenticateAsServer(testServer.serverCertificate, true, testServer.serverCAChain, SslProtocols.Tls, SslStrength.All, true);
// Verify mutual authentication
if (!sslStream.IsMutuallyAuthenticated) {
Console.WriteLine("{0} failed - stream is not mutually authenticated", testName);
Shutdown(false);
return;
}
// Verify protocol
if (sslStream.SslProtocol != SslProtocols.Tls) {
Console.WriteLine("{0} failed - negotiated non Tls connection", testName);
Shutdown(false);
return;
}
// Verify cipher strength
if (sslStream.CipherStrength < 256) {
Console.WriteLine("{0} failed - negotiated less than 256bit cipher", testName);
Shutdown(false);
return;
}
// Do the server read, and write of the messages
if (DoServerReadWrite()) {
Shutdown(true);
}
else {
Shutdown(false);
}
}
catch (Exception) {
Shutdown(false);
}
}
/// <summary>
/// Sets the certificate verification mode and callback - calls SSL_CTX_set_verify
/// </summary>
/// <param name="mode"></param>
/// <param name="callback"></param>
public void SetVerify(VerifyMode mode, RemoteCertificateValidationHandler callback)
{
OnVerifyCert = callback;
Native.SSL_CTX_set_verify(ptr, (int)mode, callback == null ? null : _ptrOnVerifyCertThunk);
}
