public static void ReadCertificates(ReadableBuffer buffer, SecurePipeListener listener)
{
buffer = buffer.Slice(HandshakeProcessor.HandshakeHeaderSize);
//ignore context
BufferExtensions.SliceVector <byte>(ref buffer);
//slice the list
buffer = BufferExtensions.SliceVector24Bit(ref buffer);
X509Certificate2Collection collection;
if (listener.CertificateValidation == null)
{
collection = null;
}
else
{
collection = new X509Certificate2Collection();
}
while (buffer.Length > 0)
{
var cert = BufferExtensions.SliceVector24Bit(ref buffer);
var ext = BufferExtensions.SliceVector <ushort>(ref buffer);
if (cert.Length > 0 && collection != null)
{
var x509 = new X509Certificate2(cert.ToArray());
collection.Add(x509);
}
}
if (collection != null)
{
if (!listener.CertificateValidation(collection))
{
Alerts.AlertException.ThrowAlert(Alerts.AlertLevel.Fatal, Alerts.AlertDescription.bad_certificate, "Failed to verify the certificate chain via the callback");
}
}
}
public static void Main(string[] args)
{
var logFactory = new LoggerFactory();
logFactory.AddConsole(LogLevel.Trace);
using (var factory = new PipeFactory())
using (var list = new CertificateList())
{
var thumb = "48026c976caaf7f3a72d38c17d16ce69d04a6053".ToUpper();
//var provider = new Leto.Tls13.Certificates.Windows.CertificateProvider();
//list.AddCertificate(provider.LoadCertificate(new X509Certificate2(_rsaCertPath, _certificatePassword)));
//list.AddCertificate(provider.LoadCertificateFromStore(thumb,true));
var provider = new Leto.Tls13.Certificates.OpenSsl11.CertificateProvider();
list.AddCertificate(provider.LoadPfx12(_ecdsaCertPath, _certificatePassword));
using (var serverContext = new SecurePipeListener(factory, list, logFactory))
using (var socketClient = new System.IO.Pipelines.Networking.Sockets.SocketListener(factory))
{
var ip = IPAddress.Loopback;
int port = 443;
var ipEndPoint = new IPEndPoint(ip, port);
socketClient.OnConnection(s =>
{
Console.WriteLine("Connected");
var sp = serverContext.CreateSecurePipeline(s);
Console.WriteLine("Secure Connection Created");
return(ServerLoop.HandleConnection(sp, logFactory));
});
socketClient.Start(ipEndPoint);
Console.ReadLine();
}
}
}
public LetoConnectionAdapter(LetoConnectionAdapterOptions options, ILoggerFactory loggerFactory)
{
_certList = new CertificateList();
var provider = new Tls13.Certificates.OpenSsl11.CertificateProvider();
_certList.AddCertificate(provider.LoadPfx12(options.PfxPath, options.PfxPassword));
_listener = new SecurePipeListener(_pipeFactory, _certList, loggerFactory);
_logger = loggerFactory?.CreateLogger <LetoConnectionAdapter>();
}
public static IConnectionState GetNewStateMachine(ReadableBuffer buffer, SecurePipeListener listener, ILogger logger)
{
switch (GetVersion(ref buffer))
{
case TlsVersion.Tls12:
return(new ServerStateTls12(listener, logger));
case TlsVersion.Tls13Draft18:
return(new ServerStateTls13Draft18(listener, logger));
default:
Alerts.AlertException.ThrowAlert(Alerts.AlertLevel.Fatal, Alerts.AlertDescription.protocol_version, "Unsupported version");
return(null);
}
}
public AbstractServerState(SecurePipeListener listener, ILogger logger)
{
_logger = logger;
_state = StateType.None;
_listener = listener;
}
public ServerStateTls12(SecurePipeListener listener, ILogger logger)
: base(listener, logger)
{
_frameWriter = new FrameWriter(this);
_schedule = new KeySchedule12(this, listener.KeyScheduleProvider.BufferPool);
}
public ServerStateTls13Draft18(SecurePipeListener listener, ILogger logger)
: base(listener, logger)
{
PskKeyExchangeMode = PskKeyExchangeMode.none;
}
public ClientConnectionState(SecurePipeListener securePipelineListener)
{
State = StateType.SendClientHello;
_securePipelineListener = securePipelineListener;
}
