public AppleTlsContext(
MobileAuthenticatedStream parent, MonoTlsSettings settings,
AppleTlsProvider provider, bool serverMode, string targetHost,
SSA.SslProtocols enabledProtocols, X509Certificate serverCertificate,
X509CertificateCollection clientCertificates, bool askForClientCert)
{
this.parent = parent;
this.settings = settings;
this.provider = provider;
this.serverMode = serverMode;
this.targetHost = targetHost;
this.enabledProtocols = enabledProtocols;
this.serverCertificate = serverCertificate;
this.clientCertificates = clientCertificates;
this.askForClientCert = askForClientCert;
handle = GCHandle.Alloc(this);
connectionId = GCHandle.ToIntPtr(handle);
readFunc = NativeReadCallback;
writeFunc = NativeWriteCallback;
certificateValidator = CertificateValidationHelper.GetDefaultValidator(settings, provider);
if (IsServer)
{
if (serverCertificate == null)
{
throw new ArgumentNullException("serverCertificate");
}
}
}
internal void ValidateCreateContext(bool serverMode, string targetHost, SslProtocols enabledProtocols, X509Certificate serverCertificate, X509CertificateCollection clientCertificates, bool clientCertRequired)
{
if (xobileTlsContext != null)
{
throw new InvalidOperationException();
}
if (serverMode)
{
if (serverCertificate == null)
{
throw new ArgumentException("serverCertificate");
}
}
else
{
if (targetHost == null)
{
throw new ArgumentException("targetHost");
}
if (targetHost.Length == 0)
{
targetHost = "?" + Interlocked.Increment(ref uniqueNameInteger).ToString(NumberFormatInfo.InvariantInfo);
}
}
xobileTlsContext = new AppleTlsContext(this, Settings, Provider, serverMode, targetHost, enabledProtocols, serverCertificate, clientCertificates, clientCertRequired);
}
public WssOptions(System.Security.Cryptography.X509Certificates.X509Certificate2 cer, System.Security.Authentication.SslProtocols pro, bool onlyWss)
{
this.sslProtocols_0 = System.Security.Authentication.SslProtocols.Default;
this.bool_0 = false;
this.x509Certificate2_0 = cer;
this.sslProtocols_0 = pro;
this.bool_0 = onlyWss;
}
public AuthenticateAsyncState(
System.Net.Security.SslStream stream,
String targetHost,
System.Security.Cryptography.X509Certificates.X509CertificateCollection clientCertificates,
System.Security.Authentication.SslProtocols enabledSslProtocols,
Boolean checkCertificateRevocation
)
{
this.Stream = stream;
this.TargetHost = targetHost;
this.ClientCertificates = clientCertificates;
this.EnabledSslProtocols = enabledSslProtocols;
this.CheckCertificateRevocation = checkCertificateRevocation;
}
/// <todo />
public static Task AuthenticateAsClientAsync(
this System.Net.Security.SslStream stream,
String targetHost,
System.Security.Cryptography.X509Certificates.X509CertificateCollection clientCertificates,
System.Security.Authentication.SslProtocols enabledSslProtocols,
Boolean checkCertificateRevocation
)
{
var authArgs = new AuthenticateAsyncState(stream, targetHost, clientCertificates, enabledSslProtocols, checkCertificateRevocation);
return(Task.Factory.FromAsync(
(aArgs, cb, state) => aArgs.Stream.BeginAuthenticateAsClient(aArgs.TargetHost, aArgs.ClientCertificates, aArgs.EnabledSslProtocols, aArgs.CheckCertificateRevocation, cb, state),
result => ((System.Net.Security.SslStream)result.AsyncState).EndAuthenticateAsClient(result),
authArgs,
stream
));
}
//private string GetProtocal()
public async Task PrepareSsl(HttpConnection httpConnection)
{
var stream = new RawStream(_receivePipe.Reader, _sendPipe.Writer);
// todo: 假如客户端不支持SNI
// Get host name
var wrappedStream = new CustomBufferedStream(stream, 4096);
var clientHelloInfo = await SslTools.PeekClientHello(wrappedStream);
if (clientHelloInfo == null)
{
return;
}
var hostName = clientHelloInfo.Extensions?.FirstOrDefault(o => o.Value.Name == "server_name").Value?.Data;
var protocol = clientHelloInfo.Extensions?.FirstOrDefault(o => o.Value.Name == "ALPN").Value?.Data;
if (!string.IsNullOrEmpty(protocol))
{
string[] stringList = protocol.Split(',');
protocol = stringList[0].Trim();
}
// Select certificate
var certificate = Context.ServiceContext.ServerOptions.SslCertificateProvider.SelectCertificate(hostName);
// Switch to SSL
_sslStream = new SslStream(wrappedStream);
System.Security.Authentication.SslProtocols sslProtocols = SslProtocols.Ssl3 | SslProtocols.Tls | SslProtocols.Tls11 | SslProtocols.Tls12;
await _sslStream.AuthenticateAsServerAsync(certificate, false, sslProtocols, false);
Context.ReceivePipe = new Pipe(new PipeOptions(
pool: _memoryPool
));
Context.SendPipe = new Pipe(new PipeOptions(
pool: _memoryPool
));
httpConnection.ApplicationProtocol = protocol;
}
public AppleTlsContext(
MobileAuthenticatedStream parent, bool serverMode, string targetHost,
SSA.SslProtocols enabledProtocols, X509Certificate serverCertificate,
X509CertificateCollection clientCertificates, bool askForClientCert)
: base(parent, serverMode, targetHost, enabledProtocols,
serverCertificate, clientCertificates, askForClientCert)
{
handle = GCHandle.Alloc(this, GCHandleType.Weak);
readFunc = NativeReadCallback;
writeFunc = NativeWriteCallback;
if (IsServer)
{
if (serverCertificate == null)
{
throw new ArgumentNullException("serverCertificate");
}
}
}
public AppleTlsContext(
MobileAuthenticatedStream parent, bool serverMode, string targetHost,
SSA.SslProtocols enabledProtocols, X509Certificate serverCertificate,
X509CertificateCollection clientCertificates, bool askForClientCert)
: base(parent, serverMode, targetHost, enabledProtocols,
serverCertificate, clientCertificates, askForClientCert)
{
handle = GCHandle.Alloc(this);
connectionId = GCHandle.ToIntPtr(handle);
readFunc = NativeReadCallback;
writeFunc = NativeWriteCallback;
certificateValidator = CertificateValidationHelper.GetDefaultValidator(Settings, Provider);
if (IsServer)
{
if (serverCertificate == null)
{
throw new ArgumentNullException("serverCertificate");
}
}
}
public void AuthenticateAsClient(string targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, bool checkCertificateRevocation)
{
var task = ProcessAuthentication(true, false, targetHost, enabledSslProtocols, null, clientCertificates, false);
task.Wait();
}
public void AuthenticateAsClient (string targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, bool checkCertificateRevocation)
{
ValidateCreateContext (false, targetHost, enabledSslProtocols, null, clientCertificates, false);
ProcessAuthentication (null);
}
public IAsyncResult BeginAuthenticateAsClient (string targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, bool checkCertificateRevocation, AsyncCallback asyncCallback, object asyncState)
{
ValidateCreateContext (false, targetHost, enabledSslProtocols, null, clientCertificates, false);
var result = new LazyAsyncResult (this, asyncState, asyncCallback);
ProcessAuthentication (result);
return result;
}
public virtual System.IAsyncResult BeginAuthenticateAsServer(System.Security.Cryptography.X509Certificates.X509Certificate serverCertificate, bool clientCertificateRequired, System.Security.Authentication.SslProtocols enabledSslProtocols, bool checkCertificateRevocation, System.AsyncCallback asyncCallback, object asyncState)
{
throw null;
}
public virtual System.Threading.Tasks.Task AuthenticateAsServerAsync(System.Security.Cryptography.X509Certificates.X509Certificate serverCertificate, bool clientCertificateRequired, System.Security.Authentication.SslProtocols enabledSslProtocols, bool checkCertificateRevocation)
{
throw null;
}
public virtual void AuthenticateAsServer(System.Security.Cryptography.X509Certificates.X509Certificate serverCertificate, bool clientCertificateRequired, System.Security.Authentication.SslProtocols enabledSslProtocols, bool checkCertificateRevocation)
{
}
public Task AuthenticateAsClientAsync(string targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, bool checkCertificateRevocation)
{
var options = new MonoSslClientAuthenticationOptions {
TargetHost = targetHost,
ClientCertificates = clientCertificates,
EnabledSslProtocols = enabledSslProtocols,
CertificateRevocationCheckMode = checkCertificateRevocation ? X509RevocationMode.Online : X509RevocationMode.NoCheck,
EncryptionPolicy = EncryptionPolicy.RequireEncryption
};
return(ProcessAuthentication(false, options, CancellationToken.None));
}
public void AuthenticateAsServer (X509Certificate serverCertificate, bool clientCertificateRequired, SslProtocols enabledSslProtocols, bool checkCertificateRevocation)
{
ValidateCreateContext (true, string.Empty, enabledSslProtocols, serverCertificate, null, clientCertificateRequired);
ProcessAuthentication (null);
}
public void AuthenticateAsServer(X509Certificate serverCertificate, bool clientCertificateRequired, SslProtocols enabledSslProtocols, bool checkCertificateRevocation)
{
var options = new MonoSslServerAuthenticationOptions {
ServerCertificate = serverCertificate,
ClientCertificateRequired = clientCertificateRequired,
EnabledSslProtocols = enabledSslProtocols,
CertificateRevocationCheckMode = checkCertificateRevocation ? X509RevocationMode.Online : X509RevocationMode.NoCheck,
EncryptionPolicy = EncryptionPolicy.RequireEncryption
};
var task = ProcessAuthentication(true, options, CancellationToken.None);
task.Wait();
}
public void AuthenticateAsClient(string targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, bool checkCertificateRevocation)
{
var options = new MonoSslClientAuthenticationOptions {
TargetHost = targetHost,
ClientCertificates = clientCertificates,
EnabledSslProtocols = enabledSslProtocols,
CertificateRevocationCheckMode = checkCertificateRevocation ? X509RevocationMode.Online : X509RevocationMode.NoCheck,
EncryptionPolicy = EncryptionPolicy.RequireEncryption
};
var task = ProcessAuthentication(true, options, CancellationToken.None);
try {
task.Wait();
} catch (Exception ex) {
throw HttpWebRequest.FlattenException(ex);
}
}
public IAsyncResult BeginAuthenticateAsServer (X509Certificate serverCertificate, bool clientCertificateRequired, SslProtocols enabledSslProtocols, bool checkCertificateRevocation, AsyncCallback asyncCallback, object asyncState)
{
ValidateCreateContext (true, string.Empty, enabledSslProtocols, serverCertificate, null, clientCertificateRequired);
var result = new LazyAsyncResult (this, asyncState, asyncCallback);
ProcessAuthentication (result);
return result;
}
internal void ValidateCreateContext (bool serverMode, string targetHost, SslProtocols enabledProtocols, X509Certificate serverCertificate, X509CertificateCollection clientCertificates, bool clientCertRequired)
{
if (xobileTlsContext != null)
throw new InvalidOperationException ();
if (serverMode) {
if (serverCertificate == null)
throw new ArgumentException ("serverCertificate");
} else {
if (targetHost == null)
throw new ArgumentException ("targetHost");
if (targetHost.Length == 0)
targetHost = "?" + Interlocked.Increment (ref uniqueNameInteger).ToString (NumberFormatInfo.InvariantInfo);
}
xobileTlsContext = CreateContext (this, serverMode, targetHost, enabledProtocols, serverCertificate, clientCertificates, clientCertRequired);
}
public Task AuthenticateAsServerAsync (X509Certificate serverCertificate, bool clientCertificateRequired, SslProtocols enabledSslProtocols, bool checkCertificateRevocation)
{
return Task.Factory.FromAsync ((callback, state) => BeginAuthenticateAsServer (serverCertificate, clientCertificateRequired, enabledSslProtocols, checkCertificateRevocation, callback, state), EndAuthenticateAsServer, null);
}
public Task AuthenticateAsClientAsync (string targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, bool checkCertificateRevocation)
{
return Task.Factory.FromAsync ((callback, state) => BeginAuthenticateAsClient (targetHost, clientCertificates, enabledSslProtocols, checkCertificateRevocation, callback, state), EndAuthenticateAsClient, null);
}
public WssOptions()
{
this.sslProtocols_0 = System.Security.Authentication.SslProtocols.Default;
this.bool_0 = false;
}
public IAsyncResult BeginAuthenticateAsClient(string targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, bool checkCertificateRevocation, AsyncCallback asyncCallback, object asyncState)
{
var task = ProcessAuthentication(false, false, targetHost, enabledSslProtocols, null, clientCertificates, false);
return(TaskToApm.Begin(task, asyncCallback, asyncState));
}
public IAsyncResult BeginAuthenticateAsClient(string targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, bool checkCertificateRevocation, AsyncCallback asyncCallback, object asyncState)
{
var options = new MonoSslClientAuthenticationOptions {
TargetHost = targetHost,
ClientCertificates = clientCertificates,
EnabledSslProtocols = enabledSslProtocols,
CertificateRevocationCheckMode = checkCertificateRevocation ? X509RevocationMode.Online : X509RevocationMode.NoCheck,
EncryptionPolicy = EncryptionPolicy.RequireEncryption
};
var task = ProcessAuthentication(false, options, CancellationToken.None);
return(TaskToApm.Begin(task, asyncCallback, asyncState));
}
public void AuthenticateAsServer(X509Certificate serverCertificate, bool clientCertificateRequired, SslProtocols enabledSslProtocols, bool checkCertificateRevocation)
{
var task = ProcessAuthentication(true, true, string.Empty, enabledSslProtocols, serverCertificate, null, clientCertificateRequired);
task.Wait();
}
public IAsyncResult BeginAuthenticateAsServer(X509Certificate serverCertificate, bool clientCertificateRequired, SslProtocols enabledSslProtocols, bool checkCertificateRevocation, AsyncCallback asyncCallback, object asyncState)
{
var options = new MonoSslServerAuthenticationOptions {
ServerCertificate = serverCertificate,
ClientCertificateRequired = clientCertificateRequired,
EnabledSslProtocols = enabledSslProtocols,
CertificateRevocationCheckMode = checkCertificateRevocation ? X509RevocationMode.Online : X509RevocationMode.NoCheck,
EncryptionPolicy = EncryptionPolicy.RequireEncryption
};
var task = ProcessAuthentication(false, options, CancellationToken.None);
return(TaskToApm.Begin(task, asyncCallback, asyncState));
}
public IAsyncResult BeginAuthenticateAsServer(X509Certificate serverCertificate, bool clientCertificateRequired, SslProtocols enabledSslProtocols, bool checkCertificateRevocation, AsyncCallback asyncCallback, object asyncState)
{
var task = ProcessAuthentication(false, true, string.Empty, enabledSslProtocols, serverCertificate, null, clientCertificateRequired);
return(TaskToApm.Begin(task, asyncCallback, asyncState));
}
public Task AuthenticateAsServerAsync(X509Certificate serverCertificate, bool clientCertificateRequired, SslProtocols enabledSslProtocols, bool checkCertificateRevocation)
{
var options = new MonoSslServerAuthenticationOptions {
ServerCertificate = serverCertificate,
ClientCertificateRequired = clientCertificateRequired,
EnabledSslProtocols = enabledSslProtocols,
CertificateRevocationCheckMode = checkCertificateRevocation ? X509RevocationMode.Online : X509RevocationMode.NoCheck,
EncryptionPolicy = EncryptionPolicy.RequireEncryption
};
return(ProcessAuthentication(false, options, CancellationToken.None));
}
public Task AuthenticateAsClientAsync(string targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, bool checkCertificateRevocation)
{
return(ProcessAuthentication(false, false, targetHost, enabledSslProtocols, null, clientCertificates, false));
}
public virtual void AuthenticateAsClient(string targetHost, System.Security.Cryptography.X509Certificates.X509CertificateCollection clientCertificates, System.Security.Authentication.SslProtocols enabledSslProtocols, bool checkCertificateRevocation)
{
}
public Task AuthenticateAsServerAsync(X509Certificate serverCertificate, bool clientCertificateRequired, SslProtocols enabledSslProtocols, bool checkCertificateRevocation)
{
return(ProcessAuthentication(false, true, string.Empty, enabledSslProtocols, serverCertificate, null, clientCertificateRequired));
}
public virtual System.Threading.Tasks.Task AuthenticateAsClientAsync(string targetHost, System.Security.Cryptography.X509Certificates.X509CertificateCollection clientCertificates, System.Security.Authentication.SslProtocols enabledSslProtocols, bool checkCertificateRevocation)
{
throw null;
}
async Task ProcessAuthentication(
bool runSynchronously, bool serverMode, string targetHost, SslProtocols enabledProtocols,
X509Certificate serverCertificate, X509CertificateCollection clientCertificates, bool clientCertRequired)
{
if (serverMode)
{
if (serverCertificate == null)
{
throw new ArgumentException(nameof(serverCertificate));
}
}
else
{
if (targetHost == null)
{
throw new ArgumentException(nameof(targetHost));
}
if (targetHost.Length == 0)
{
targetHost = "?" + Interlocked.Increment(ref uniqueNameInteger).ToString(NumberFormatInfo.InvariantInfo);
}
}
if (lastException != null)
{
lastException.Throw();
}
var asyncRequest = new AsyncHandshakeRequest(this, runSynchronously);
if (Interlocked.CompareExchange(ref asyncHandshakeRequest, asyncRequest, null) != null)
{
throw new InvalidOperationException("Invalid nested call.");
}
// Make sure no other async requests can be started during the handshake.
if (Interlocked.CompareExchange(ref asyncReadRequest, asyncRequest, null) != null)
{
throw new InvalidOperationException("Invalid nested call.");
}
if (Interlocked.CompareExchange(ref asyncWriteRequest, asyncRequest, null) != null)
{
throw new InvalidOperationException("Invalid nested call.");
}
AsyncProtocolResult result;
try {
lock (ioLock) {
if (xobileTlsContext != null)
{
throw new InvalidOperationException();
}
readBuffer.Reset();
writeBuffer.Reset();
xobileTlsContext = CreateContext(
serverMode, targetHost, enabledProtocols, serverCertificate,
clientCertificates, clientCertRequired);
}
try {
result = await asyncRequest.StartOperation(CancellationToken.None).ConfigureAwait(false);
} catch (Exception ex) {
result = new AsyncProtocolResult(SetException(GetSSPIException(ex)));
}
} finally {
lock (ioLock) {
readBuffer.Reset();
writeBuffer.Reset();
asyncWriteRequest = null;
asyncReadRequest = null;
asyncHandshakeRequest = null;
}
}
if (result.Error != null)
{
result.Error.Throw();
}
}
public virtual System.IAsyncResult BeginAuthenticateAsClient(string targetHost, System.Security.Cryptography.X509Certificates.X509CertificateCollection clientCertificates, System.Security.Authentication.SslProtocols enabledSslProtocols, bool checkCertificateRevocation, System.AsyncCallback asyncCallback, object asyncState)
{
throw null;
}
public virtual void AuthenticateAsClient(string targetHost, System.Security.Cryptography.X509Certificates.X509CertificateCollection clientCertificates, System.Security.Authentication.SslProtocols enabledSslProtocols, bool checkCertificateRevocation)
{
throw new PlatformNotSupportedException();
}
public virtual void AuthenticateAsServer(System.Security.Cryptography.X509Certificates.X509Certificate serverCertificate, bool clientCertificateRequired, System.Security.Authentication.SslProtocols enabledSslProtocols, bool checkCertificateRevocation)
{
throw new PlatformNotSupportedException();
}
public AppleTlsContext(
MobileAuthenticatedStream parent, MonoTlsSettings settings,
AppleTlsProvider provider, bool serverMode, string targetHost,
SSA.SslProtocols enabledProtocols, X509Certificate serverCertificate,
X509CertificateCollection clientCertificates, bool askForClientCert)
{
this.parent = parent;
this.settings = settings;
this.provider = provider;
this.serverMode = serverMode;
this.targetHost = targetHost;
this.enabledProtocols = enabledProtocols;
this.serverCertificate = serverCertificate;
this.clientCertificates = clientCertificates;
this.askForClientCert = askForClientCert;
handle = GCHandle.Alloc (this);
connectionId = GCHandle.ToIntPtr (handle);
readFunc = NativeReadCallback;
writeFunc = NativeWriteCallback;
// a bit higher than the default maximum fragment size
readBuffer = new byte [16384];
writeBuffer = new byte [16384];
certificateValidator = CertificateValidationHelper.GetDefaultValidator (settings, provider);
if (IsServer) {
if (serverCertificate == null)
throw new ArgumentNullException ("serverCertificate");
}
}