public static void ReadCertificates(ReadableBuffer buffer, SecurePipelineListener listener) { buffer = buffer.Slice(HandshakeProcessor.HandshakeHeaderSize); //ignore context BufferExtensions.SliceVector <byte>(ref buffer); //slice the list buffer = BufferExtensions.SliceVector24Bit(ref buffer); X509Certificate2Collection collection; if (listener.CertificateValidation == null) { collection = null; } else { collection = new X509Certificate2Collection(); } while (buffer.Length > 0) { var cert = BufferExtensions.SliceVector24Bit(ref buffer); var ext = BufferExtensions.SliceVector <ushort>(ref buffer); if (cert.Length > 0 && collection != null) { var x509 = new X509Certificate2(cert.ToArray()); collection.Add(x509); } } if (collection != null) { if (!listener.CertificateValidation(collection)) { Alerts.AlertException.ThrowAlert(Alerts.AlertLevel.Fatal, Alerts.AlertDescription.bad_certificate, "Failed to verify the certificate chain via the callback"); } } }
public static void Main(string[] args) { using (var factory = new PipelineFactory()) using (var list = new CertificateList()) { var thumb = "48026c976caaf7f3a72d38c17d16ce69d04a6053".ToUpper(); var provider = new Leto.Tls13.Certificates.Windows.CertificateProvider(); list.AddCertificate(provider.LoadCertificateFromStore(thumb, true)); using (var serverContext = new SecurePipelineListener(factory, list)) using (var socketClient = new System.IO.Pipelines.Networking.Sockets.SocketListener(factory)) { var ip = IPAddress.Any; int port = 443; var ipEndPoint = new IPEndPoint(ip, port); socketClient.OnConnection(async s => { Console.WriteLine("Connected"); var sp = serverContext.CreateSecurePipeline(s); Console.WriteLine("Secure Connection Created"); await ServerLoop.HandleConnection(sp); }); socketClient.Start(ipEndPoint); Console.ReadLine(); } } }
public static IConnectionState GetNewStateMachine(ReadableBuffer buffer, SecurePipelineListener listener) { switch (GetVersion(ref buffer)) { case TlsVersion.Tls12: return(new ServerStateTls12(listener)); case TlsVersion.Tls13Draft18: return(new ServerStateTls13Draft18(listener)); default: Alerts.AlertException.ThrowAlert(Alerts.AlertLevel.Fatal, Alerts.AlertDescription.protocol_version, "Unsupported version"); return(null); } }
public LetoConnectionFilter(LetoConnectionFilterOptions options, IConnectionFilter previous, ILoggerFactory loggerFactory) { if (options == null) { throw new ArgumentNullException(nameof(options)); } if (previous == null) { throw new ArgumentNullException(nameof(previous)); } _factory = new PipelineFactory(); _certificateList = new CertificateList(); var prov = new Tls13.Certificates.OpenSsl11.CertificateProvider(); _certificateList.AddCertificate(prov.LoadPfx12(options.PfxPath, options.PfxPassword)); _listener = new SecurePipelineListener(_factory, _certificateList, loggerFactory); _previous = previous; _loggerFactory = loggerFactory; }
public ServerStateTls12(SecurePipelineListener listener) : base(listener) { }
public ClientConnectionState(SecurePipelineListener securePipelineListener) { State = StateType.SendClientHello; _securePipelineListener = securePipelineListener; }
public ServerStateTls13Draft18(SecurePipelineListener listener) : base(listener) { PskKeyExchangeMode = PskKeyExchangeMode.none; }
public AbstractServerState(SecurePipelineListener listener) { _state = StateType.None; _listener = listener; }