private void ConnectCallback(IAsyncResult ar)
{
var client = (Socket)ar.AsyncState;
client.EndConnect(ar);
if (_useSsl)
{
var stream = new NetworkStream(_client, FileAccess.ReadWrite, true);
_sslWrapper = new SslStream(stream, false, ValidateRemoteCert, clientCertificateSelectionCallback);
_sslWrapper.AuthenticateAsClient(_server, _xList, _xChain, SslProtocols.Default, SslStrength.All, false);
SecureReceive(_sslWrapper);
}
else
{
Receive(client);
}
if (ConnectComplete != null)
ConnectComplete(this, EventArgs.Empty);
}
private void SecureReceive(SslStream client)
{
try
{
var state = new StateObject {SecureStream = client};
client.BeginRead(state.Buffer, 0, StateObject.BufferSize, SecureReceiveCallback, state);
}
catch (Exception e)
{
Console.WriteLine(e.ToString());
}
}
// Notify the Connection of the encrypted TLSStream
public void SetEncrypted(SslStream TLSStream)
{
this.TLSStream = TLSStream;
this.IsEncrypted = true;
}
public void Disconnect()
{
if (_sslWrapper != null)
{
_sslWrapper.Close();
_sslWrapper.Dispose();
_sslWrapper = null;
}
if (_client.Connected)
_client.Close();
if (Disconnected != null)
Disconnected(this, EventArgs.Empty);
}
public void OnAsyncClientConnect(IAsyncResult ar) {
try {
client.EndConnect(ar);
}
catch (Exception) {
Shutdown(false);
}
if (testName == "BasicAsyncClientTest") {
sslStream = new SslStream(client.GetStream(), false);
sslStream.BeginAuthenticateAsClient("localhost", new AsyncCallback(OnAsyncAuthenticateAsClient), null);
}
else if (testName == "IntermediateAsyncClientTest") {
sslStream = new SslStream(client.GetStream(), false);
sslStream.BeginAuthenticateAsClient("localhost", null, null, SslProtocols.Tls, SslStrength.Medium | SslStrength.High, false, new AsyncCallback(OnAsyncAuthenticateAsClient), null);
}
else if (testName == "AdvancedAsyncClientTest") {
sslStream = new SslStream(client.GetStream(), false, clientRemoteCertificateValidationCallback, clientLocalCertificateSelectionCallback);
sslStream.BeginAuthenticateAsClient("localhost", testServer.clientCertificateList, testServer.clientCAChain, SslProtocols.Tls, SslStrength.Medium | SslStrength.High, true, new AsyncCallback(OnAsyncAuthenticateAsClient), null);
}
}
public void BasicServerTest() {
try {
testName = "BasicServerTest";
AcceptConnection(); // sets the client member
sslStream = new SslStream(client.GetStream(), false);
sslStream.AuthenticateAsServer(testServer.serverCertificate);
// Do the server read, and write of the messages
if (DoServerReadWrite()) {
Shutdown(true);
}
else {
Shutdown(false);
}
}
catch (Exception) {
Shutdown(false);
}
}
public void Shutdown(bool passed) {
if (listener != null) {
listener.Stop();
listener = null;
}
if (sslStream != null) {
sslStream.Close();
sslStream = null;
}
if (client != null) {
client.Close();
client = null;
}
if (passed) {
Console.WriteLine("{0} - passed", testName);
}
else {
System.Diagnostics.StackTrace stack = new System.Diagnostics.StackTrace();
Console.WriteLine("{0} - failed - method={1}", testName, stack.GetFrame(1).ToString());
}
// Signal the event to end the test
testComplete.Set();
}
protected void OnAsyncServerAccept(IAsyncResult ar) {
client = listener.EndAcceptTcpClient(ar);
if (testName == "BasicAsyncServerTest") {
sslStream = new SslStream(client.GetStream(), false);
sslStream.BeginAuthenticateAsServer(testServer.serverCertificate, new AsyncCallback(OnAsyncAuthenticateAsServer), null);
}
else if (testName == "IntermediateAsyncServerTest") {
sslStream = new SslStream(client.GetStream(), false);
sslStream.BeginAuthenticateAsServer(testServer.serverCertificate, false, null, SslProtocols.Tls, SslStrength.All, false, new AsyncCallback(OnAsyncAuthenticateAsServer), null);
}
else if (testName == "AdvancedAsyncServerTest") {
sslStream = new SslStream(client.GetStream(), false, serverRemoteCertificateValidationCallback);
sslStream.BeginAuthenticateAsServer(testServer.serverCertificate, true, testServer.serverCAChain, SslProtocols.Tls, SslStrength.All, true, new AsyncCallback(OnAsyncAuthenticateAsServer), null);
}
}
public void AdvancedClientTest() {
//Initialize delegates for certificate callbacks
clientRemoteCertificateValidationCallback = new RemoteCertificateValidationHandler(ValidateRemoteCert);
clientLocalCertificateSelectionCallback = new LocalCertificateSelectionHandler(clientCertificateSelectionCallback);
try {
testName = "AdvancedClientTest";
client = new TcpClient("localhost", 9000);
// Create the SslStream object with the certificate callbacks
sslStream = new SslStream(client.GetStream(), false, clientRemoteCertificateValidationCallback, clientLocalCertificateSelectionCallback);
// Initialize with client certificate list, and client CA chain
sslStream.AuthenticateAsClient("localhost", testServer.clientCertificateList, testServer.clientCAChain, SslProtocols.Tls, SslStrength.Medium | SslStrength.High, true);
// Verify mutual authentication
if (!sslStream.IsMutuallyAuthenticated) {
Console.WriteLine("{0} failed - Stream is not mutally authenticated", testName);
Shutdown(false);
}
// Verify protocol
if (sslStream.SslProtocol != SslProtocols.Tls) {
Console.WriteLine("{0} failed - negotiated a non Tls connection", testName);
Shutdown(false);
}
// Verify cipher strength
if (sslStream.CipherStrength < 256) {
Console.WriteLine("{0} failed - negotiated less that 256bit cipher", testName);
Console.WriteLine("Cipher={0}\nCipherStrength = {1}", sslStream.CipherAlgorithm.ToString(), sslStream.CipherStrength);
Shutdown(false);
}
// Verify cipher
if (sslStream.CipherAlgorithm != CipherAlgorithmType.Aes256) {
Console.WriteLine("{0} failed - negotiatied cipher wasn't Aes256", testName);
Console.WriteLine("Cipher was {0}, expected {0}", sslStream.CipherAlgorithm.ToString(), CipherAlgorithmType.Aes256.ToString());
Shutdown(false);
}
if (DoClientReadWrite()) {
Shutdown(true);
}
else {
Shutdown(false);
}
}
catch (Exception ex) {
Shutdown(false);
Console.WriteLine(ex);
}
}
public void IntermediateClientTest() {
try {
testName = "IntermediateClientTest";
client = new TcpClient("localhost", 9000);
sslStream = new SslStream(client.GetStream(), false);
sslStream.AuthenticateAsClient("localhost", null, null, SslProtocols.Tls, SslStrength.Medium | SslStrength.High, false);
if (sslStream.SslProtocol != SslProtocols.Tls) {
Console.WriteLine("{0} failed - negotiated a non Tls connection", testName);
Shutdown(false);
return;
}
if (sslStream.CipherStrength < 256) {
Console.WriteLine("{0} failed - negotiated less that 256bit cipher", testName);
Console.WriteLine("Cipher={0}\nCipherStrength = {1}", sslStream.CipherAlgorithm.ToString(), sslStream.CipherStrength);
Shutdown(false);
return;
}
if (sslStream.CipherAlgorithm != CipherAlgorithmType.Aes256) {
Console.WriteLine("{0} failed - negotiatied cipher wasn't Aes256", testName);
Console.WriteLine("Cipher was {0}, expected {0}", sslStream.CipherAlgorithm.ToString(), CipherAlgorithmType.Aes256.ToString());
Shutdown(false);
return;
}
if (DoClientReadWrite()) {
Shutdown(true);
}
else {
Shutdown(false);
}
}
catch (Exception ex) {
Shutdown(false);
Console.WriteLine(ex);
}
}
public void BasicClientTest() {
try {
testName = "BasicClientTest";
client = new TcpClient("localhost", 9000);
sslStream = new SslStream(client.GetStream(), false);
sslStream.AuthenticateAsClient("localhost");
if (DoClientReadWrite()) {
Shutdown(true);
}
else {
Shutdown(false);
}
}
catch (Exception) {
Shutdown(false);
}
}
public void AdvancedServerTest() {
serverRemoteCertificateValidationCallback = new RemoteCertificateValidationHandler(ValidateRemoteCert);
try {
testName = "AdvancedServerTest";
AcceptConnection(); // sets the client member
sslStream = new SslStream(client.GetStream(), false, serverRemoteCertificateValidationCallback);
sslStream.AuthenticateAsServer(testServer.serverCertificate, true, testServer.serverCAChain, SslProtocols.Tls, SslStrength.All, true);
// Verify mutual authentication
if (!sslStream.IsMutuallyAuthenticated) {
Console.WriteLine("{0} failed - stream is not mutually authenticated", testName);
Shutdown(false);
return;
}
// Verify protocol
if (sslStream.SslProtocol != SslProtocols.Tls) {
Console.WriteLine("{0} failed - negotiated non Tls connection", testName);
Shutdown(false);
return;
}
// Verify cipher strength
if (sslStream.CipherStrength < 256) {
Console.WriteLine("{0} failed - negotiated less than 256bit cipher", testName);
Shutdown(false);
return;
}
// Do the server read, and write of the messages
if (DoServerReadWrite()) {
Shutdown(true);
}
else {
Shutdown(false);
}
}
catch (Exception) {
Shutdown(false);
}
}
public void IntermediateServerTest() {
try {
testName = "IntermediateServerTest";
AcceptConnection(); // sets the client member
sslStream = new SslStream(client.GetStream(), false);
sslStream.AuthenticateAsServer(testServer.serverCertificate, false, null, SslProtocols.Tls, SslStrength.All, false);
// Verify protocol
if (sslStream.SslProtocol != SslProtocols.Tls) {
Console.WriteLine("{0} failed - negotiated non Tls connection", testName);
Shutdown(false);
return;
}
// Verify cipher strength
if (sslStream.CipherStrength < 256) {
Console.WriteLine("{0} failed - negotiated less than 256bit cipher", testName);
Shutdown(false);
return;
}
//Verify cipher
if (sslStream.CipherAlgorithm != CipherAlgorithmType.Aes256) {
Console.WriteLine("{0} failed - negotiated cipher was not AES256", testName);
Shutdown(false);
return;
}
// Do the server read, and write of the messages
if (DoServerReadWrite()) {
Shutdown(true);
}
else {
Shutdown(false);
}
}
catch (Exception) {
Shutdown(false);
}
}
