public static void ReadCertificates(ReadableBuffer buffer, SecurePipeListener listener) { buffer = buffer.Slice(HandshakeProcessor.HandshakeHeaderSize); //ignore context BufferExtensions.SliceVector <byte>(ref buffer); //slice the list buffer = BufferExtensions.SliceVector24Bit(ref buffer); X509Certificate2Collection collection; if (listener.CertificateValidation == null) { collection = null; } else { collection = new X509Certificate2Collection(); } while (buffer.Length > 0) { var cert = BufferExtensions.SliceVector24Bit(ref buffer); var ext = BufferExtensions.SliceVector <ushort>(ref buffer); if (cert.Length > 0 && collection != null) { var x509 = new X509Certificate2(cert.ToArray()); collection.Add(x509); } } if (collection != null) { if (!listener.CertificateValidation(collection)) { Alerts.AlertException.ThrowAlert(Alerts.AlertLevel.Fatal, Alerts.AlertDescription.bad_certificate, "Failed to verify the certificate chain via the callback"); } } }
public static void Main(string[] args) { var logFactory = new LoggerFactory(); logFactory.AddConsole(LogLevel.Trace); using (var factory = new PipeFactory()) using (var list = new CertificateList()) { var thumb = "48026c976caaf7f3a72d38c17d16ce69d04a6053".ToUpper(); //var provider = new Leto.Tls13.Certificates.Windows.CertificateProvider(); //list.AddCertificate(provider.LoadCertificate(new X509Certificate2(_rsaCertPath, _certificatePassword))); //list.AddCertificate(provider.LoadCertificateFromStore(thumb,true)); var provider = new Leto.Tls13.Certificates.OpenSsl11.CertificateProvider(); list.AddCertificate(provider.LoadPfx12(_ecdsaCertPath, _certificatePassword)); using (var serverContext = new SecurePipeListener(factory, list, logFactory)) using (var socketClient = new System.IO.Pipelines.Networking.Sockets.SocketListener(factory)) { var ip = IPAddress.Loopback; int port = 443; var ipEndPoint = new IPEndPoint(ip, port); socketClient.OnConnection(s => { Console.WriteLine("Connected"); var sp = serverContext.CreateSecurePipeline(s); Console.WriteLine("Secure Connection Created"); return(ServerLoop.HandleConnection(sp, logFactory)); }); socketClient.Start(ipEndPoint); Console.ReadLine(); } } }
public LetoConnectionAdapter(LetoConnectionAdapterOptions options, ILoggerFactory loggerFactory) { _certList = new CertificateList(); var provider = new Tls13.Certificates.OpenSsl11.CertificateProvider(); _certList.AddCertificate(provider.LoadPfx12(options.PfxPath, options.PfxPassword)); _listener = new SecurePipeListener(_pipeFactory, _certList, loggerFactory); _logger = loggerFactory?.CreateLogger <LetoConnectionAdapter>(); }
public static IConnectionState GetNewStateMachine(ReadableBuffer buffer, SecurePipeListener listener, ILogger logger) { switch (GetVersion(ref buffer)) { case TlsVersion.Tls12: return(new ServerStateTls12(listener, logger)); case TlsVersion.Tls13Draft18: return(new ServerStateTls13Draft18(listener, logger)); default: Alerts.AlertException.ThrowAlert(Alerts.AlertLevel.Fatal, Alerts.AlertDescription.protocol_version, "Unsupported version"); return(null); } }
public AbstractServerState(SecurePipeListener listener, ILogger logger) { _logger = logger; _state = StateType.None; _listener = listener; }
public ServerStateTls12(SecurePipeListener listener, ILogger logger) : base(listener, logger) { _frameWriter = new FrameWriter(this); _schedule = new KeySchedule12(this, listener.KeyScheduleProvider.BufferPool); }
public ServerStateTls13Draft18(SecurePipeListener listener, ILogger logger) : base(listener, logger) { PskKeyExchangeMode = PskKeyExchangeMode.none; }
public ClientConnectionState(SecurePipeListener securePipelineListener) { State = StateType.SendClientHello; _securePipelineListener = securePipelineListener; }