public static void ReadCertificates(ReadableBuffer buffer, SecurePipelineListener listener)
{
buffer = buffer.Slice(HandshakeProcessor.HandshakeHeaderSize);
//ignore context
BufferExtensions.SliceVector <byte>(ref buffer);
//slice the list
buffer = BufferExtensions.SliceVector24Bit(ref buffer);
X509Certificate2Collection collection;
if (listener.CertificateValidation == null)
{
collection = null;
}
else
{
collection = new X509Certificate2Collection();
}
while (buffer.Length > 0)
{
var cert = BufferExtensions.SliceVector24Bit(ref buffer);
var ext = BufferExtensions.SliceVector <ushort>(ref buffer);
if (cert.Length > 0 && collection != null)
{
var x509 = new X509Certificate2(cert.ToArray());
collection.Add(x509);
}
}
if (collection != null)
{
if (!listener.CertificateValidation(collection))
{
Alerts.AlertException.ThrowAlert(Alerts.AlertLevel.Fatal, Alerts.AlertDescription.bad_certificate, "Failed to verify the certificate chain via the callback");
}
}
}
public static void Main(string[] args)
{
using (var factory = new PipelineFactory())
using (var list = new CertificateList())
{
var thumb = "48026c976caaf7f3a72d38c17d16ce69d04a6053".ToUpper();
var provider = new Leto.Tls13.Certificates.Windows.CertificateProvider();
list.AddCertificate(provider.LoadCertificateFromStore(thumb, true));
using (var serverContext = new SecurePipelineListener(factory, list))
using (var socketClient = new System.IO.Pipelines.Networking.Sockets.SocketListener(factory))
{
var ip = IPAddress.Any;
int port = 443;
var ipEndPoint = new IPEndPoint(ip, port);
socketClient.OnConnection(async s =>
{
Console.WriteLine("Connected");
var sp = serverContext.CreateSecurePipeline(s);
Console.WriteLine("Secure Connection Created");
await ServerLoop.HandleConnection(sp);
});
socketClient.Start(ipEndPoint);
Console.ReadLine();
}
}
}
public static IConnectionState GetNewStateMachine(ReadableBuffer buffer, SecurePipelineListener listener)
{
switch (GetVersion(ref buffer))
{
case TlsVersion.Tls12:
return(new ServerStateTls12(listener));
case TlsVersion.Tls13Draft18:
return(new ServerStateTls13Draft18(listener));
default:
Alerts.AlertException.ThrowAlert(Alerts.AlertLevel.Fatal, Alerts.AlertDescription.protocol_version, "Unsupported version");
return(null);
}
}
public LetoConnectionFilter(LetoConnectionFilterOptions options, IConnectionFilter previous, ILoggerFactory loggerFactory)
{
if (options == null)
{
throw new ArgumentNullException(nameof(options));
}
if (previous == null)
{
throw new ArgumentNullException(nameof(previous));
}
_factory = new PipelineFactory();
_certificateList = new CertificateList();
var prov = new Tls13.Certificates.OpenSsl11.CertificateProvider();
_certificateList.AddCertificate(prov.LoadPfx12(options.PfxPath, options.PfxPassword));
_listener = new SecurePipelineListener(_factory, _certificateList, loggerFactory);
_previous = previous;
_loggerFactory = loggerFactory;
}
public ServerStateTls12(SecurePipelineListener listener)
: base(listener)
{
}
public ClientConnectionState(SecurePipelineListener securePipelineListener)
{
State = StateType.SendClientHello;
_securePipelineListener = securePipelineListener;
}
public ServerStateTls13Draft18(SecurePipelineListener listener)
: base(listener)
{
PskKeyExchangeMode = PskKeyExchangeMode.none;
}
public AbstractServerState(SecurePipelineListener listener)
{
_state = StateType.None;
_listener = listener;
}
