예제 #1
0
            internal int OnVerifyCertThunk(int ok, IntPtr store_ctx)
            {
                X509StoreContext ctx  = new X509StoreContext(store_ctx, false);
                X509Certificate  cert = ctx.CurrentCert;
                int          depth    = ctx.ErrorDepth;
                VerifyResult result   = (VerifyResult)ctx.Error;
                // build the X509Chain from the store
                X509Store store = ctx.Store;

                Core.Stack <X509Object> objStack = store.Objects;
                X509Chain chain = new X509Chain();

                foreach (X509Object obj in objStack)
                {
                    X509Certificate objCert = obj.Certificate;
                    if (objCert != null)
                    {
                        chain.Add(objCert);
                    }
                }
                // Call the managed delegate
                if (OnVerifyCert(this, cert, chain, depth, result))
                {
                    return(1);
                }
                else
                {
                    return(0);
                }
            }
예제 #2
0
        public Core.Stack <X509Name> LoadClientCAFile(string filename)
        {
            IntPtr stack = Native.SSL_load_client_CA_file(filename);

            Core.Stack <X509Name> name_stack = new Core.Stack <X509Name>(stack, true);
            return(name_stack);
        }
예제 #3
0
 /// <summary>
 ///
 /// </summary>
 /// <param name="sk_ext"></param>
 public void AddExtensions(Core.Stack <X509Extension> sk_ext)
 {
     foreach (X509Extension ext in sk_ext)
     {
         AddExtension(ext);
     }
 }
예제 #4
0
        public override void Run(MState state, Core.Stack <byte> args)
        {
            var f = state.Stack.Pop();
            var s = state.Stack.Pop();

            state.Stack.Push(f == s);
        }
예제 #5
0
        public int InternalClientCertificateSelectionCallback(Ssl ssl, out X509Certificate x509_cert, out CryptoKey key)
        {
            int nRet = 0;

            x509_cert = null;
            key       = null;

            Core.Stack <X509Name> name_stack = ssl.CAList;
            string[] strIssuers = new string[name_stack.Count];
            int      count      = 0;

            foreach (X509Name name in name_stack)
            {
                strIssuers[count++] = name.OneLine;
            }

            if (localCertificateSelectionCallback != null)
            {
                X509Certificate cert = localCertificateSelectionCallback(this, targetHost, clientCertificates, ssl.GetPeerCertificate(), strIssuers);
                if (cert != null && cert.HasPrivateKey)
                {
                    x509_cert = cert;
                    key       = cert.PrivateKey;
                    // Addref the cert and private key
                    x509_cert.AddRef();
                    key.AddRef();
                    // return success
                    nRet = 1;
                }
            }

            return(nRet);
        }
예제 #6
0
        public override void Run(MState state, Core.Stack <byte> args)
        {
            var val = state.Stack.Pop();

            if (val)
            {
                state.IP = args.Pop() - 1;
            }
        }
예제 #7
0
        /// <summary>
        /// Add the extensions to the request using X509_REQ_add_extensions().
        /// </summary>
        /// <param name="sk_ext"></param>
        public void AddExtensions(Core.Stack <X509Extension> sk_ext)
        {
            IntPtr stack = Native.sk_new_null();

            foreach (var ext in sk_ext)
            {
                Native.sk_push(stack, ext.Handle);
            }
            Native.ExpectSuccess(Native.X509_REQ_add_extensions(ptr, stack));

            Native.sk_free(stack);
        }
예제 #8
0
        public List <string> GetCipherList()
        {
            List <string> ret = new List <string>();
            SSL_CTX       raw = (SSL_CTX)Marshal.PtrToStructure(ptr, typeof(SSL_CTX));

            Core.Stack <SslCipher> stack = new Core.Stack <SslCipher>(raw.cipher_list, false);
            foreach (SslCipher cipher in stack)
            {
                IntPtr cipher_ptr = Native.SSL_CIPHER_description(cipher.Handle, null, 0);
                if (cipher_ptr != IntPtr.Zero)
                {
                    string strCipher = Marshal.PtrToStringAnsi(cipher_ptr);
                    ret.Add(strCipher);
                    Native.OPENSSL_free(cipher_ptr);
                }
            }
            return(ret);
        }
예제 #9
0
        /// <summary>
        /// Calls PEM_x509_INFO_read_bio()
        /// </summary>
        /// <param name="bio"></param>
        public X509List(BIO bio)
        {
            var sk = Native.ExpectNonNull(
                Native.PEM_X509_INFO_read_bio(bio.Handle, IntPtr.Zero, null, IntPtr.Zero));

            using (var stack = new Core.Stack <X509CertificateInfo>(sk, true))
            {
                while (stack.Count > 0)
                {
                    using (var xi = stack.Shift())
                    {
                        if (xi.Certificate != null)
                        {
                            Add(xi.Certificate);
                        }
                    }
                }
            }
        }
예제 #10
0
        /// <summary>
        /// Creates a chain from a BIO. Expects the stream to contain
        /// a collection of X509_INFO objects in PEM format by calling
        /// PEM_X509_INFO_read_bio()
        /// </summary>
        /// <param name="bio"></param>
        public X509Chain(BIO bio)
        {
            IntPtr sk = Native.ExpectNonNull(Native.PEM_X509_INFO_read_bio(bio.Handle, IntPtr.Zero, null, IntPtr.Zero));

            using (Core.Stack <X509CertificateInfo> stack = new Core.Stack <X509CertificateInfo>(sk, true))
            {
                while (stack.Count > 0)
                {
                    using (X509CertificateInfo xi = stack.Shift())
                    {
                        X509Certificate cert = xi.Certificate;
                        if (cert != null)
                        {
                            this.Add(cert);
                        }
                    }
                }
            }
        }
예제 #11
0
파일: VM.cs 프로젝트: furesoft/FureOS
        public void Exec(byte[] source)
        {
            var s = new MState();

            while (s.IP < source.Length)
            {
                s.IP += 1;

                var op = (OpCode)source[s.IP];

                if (op == OpCode.Halt)
                {
                    break;
                }
                else
                {
                    bool found = false;
                    foreach (var instr in Instructions)
                    {
                        if (instr.OpCode == op)
                        {
                            found = true;
                            var argstack = new Core.Stack <byte>();

                            for (int i = 0; i < instr.ArgsCount; i++)
                            {
                                s.IP += 1;
                                argstack.Push(source[s.IP]);
                            }
                            instr.Run(s, argstack);
                        }
                    }

                    if (!found)
                    {
                        //Screen.WriteLine("Could not find OpCode: " + (byte)op);
                    }
                }
            }
        }
예제 #12
0
 public Core.Stack<X509Name> LoadClientCAFile(string filename)
 {
     IntPtr stack = Native.SSL_load_client_CA_file(filename);
     Core.Stack<X509Name> name_stack = new Core.Stack<X509Name>(stack, true);
     return name_stack;
 }
예제 #13
0
 public List<string> GetCipherList()
 {
     List<string> ret = new List<string>();
     SSL_CTX raw = (SSL_CTX)Marshal.PtrToStructure(ptr, typeof(SSL_CTX));
     Core.Stack<SslCipher> stack = new Core.Stack<SslCipher>(raw.cipher_list, false);
     foreach (SslCipher cipher in stack)
     {
         IntPtr cipher_ptr = Native.SSL_CIPHER_description(cipher.Handle, null, 0);
         if (cipher_ptr != IntPtr.Zero)
         {
             string strCipher = Marshal.PtrToStringAnsi(cipher_ptr);
             ret.Add(strCipher);
             Native.OPENSSL_free(cipher_ptr);
         }
     }
     return ret;
 }
예제 #14
0
        private void InitializeServerContext(
            X509Certificate serverCertificate,
            bool clientCertificateRequired,
            X509Chain caCerts,
            SslProtocols enabledSslProtocols,
            SslStrength sslStrength,
            bool checkCertificateRevocation)
        {
            if (serverCertificate == null)
            {
                throw new ArgumentNullException("serverCertificate", "Server certificate cannot be null");
            }
            if (!serverCertificate.HasPrivateKey)
            {
                throw new ArgumentException("Server certificate must have a private key", "serverCertificate");
            }

            // Initialize the context
            sslContext = new SslContext(SslMethod.TLSv1_server_method, ConnectionEnd.Server, true, new[] { Protocols.Http2, Protocols.Http1 });

            // Remove support for protocols not specified in the enabledSslProtocols
            if ((enabledSslProtocols & SslProtocols.Ssl2) != SslProtocols.Ssl2)
            {
                sslContext.Options |= SslOptions.SSL_OP_NO_SSLv2;
            }
            if ((enabledSslProtocols & SslProtocols.Ssl3) != SslProtocols.Ssl3 &&
                ((enabledSslProtocols & SslProtocols.Default) != SslProtocols.Default))
            {
                // no SSLv3 support
                sslContext.Options |= SslOptions.SSL_OP_NO_SSLv3;
            }
            if ((enabledSslProtocols & SslProtocols.Tls) != SslProtocols.Tls &&
                (enabledSslProtocols & SslProtocols.Default) != SslProtocols.Default)
            {
                sslContext.Options |= SslOptions.SSL_OP_NO_TLSv1;
            }

            // Set the context mode
            sslContext.Mode = SslMode.SSL_MODE_AUTO_RETRY;
            // Set the workaround options
            sslContext.Options = SslOptions.SSL_OP_ALL;
            // Set the client certificate verification callback if we are requiring client certs
            if (clientCertificateRequired)
            {
                sslContext.SetVerify(VerifyMode.SSL_VERIFY_PEER | VerifyMode.SSL_VERIFY_FAIL_IF_NO_PEER_CERT, remoteCertificateSelectionCallback);
            }
            else
            {
                sslContext.SetVerify(VerifyMode.SSL_VERIFY_NONE, null);
            }

            // Set the client certificate max verification depth
            sslContext.SetVerifyDepth(10);
            // Set the certificate store and ca list
            if (caCerts != null)
            {
                // Don't take ownership of the X509Store IntPtr.  When we
                // SetCertificateStore, the context takes ownership of the store pointer.
                var cert_store = new X509Store(caCerts, false);
                sslContext.SetCertificateStore(cert_store);
                Stack<X509Name> name_stack = new Core.Stack<X509Name>();
                foreach (X509Certificate cert in caCerts)
                {
                    X509Name subject = cert.Subject;
                    name_stack.Add(subject);
                }
                // Assign the stack to the context
                sslContext.CAList = name_stack;
            }
            // Set the cipher string
            sslContext.SetCipherList(GetCipherString(false, enabledSslProtocols, sslStrength));
            // Set the certificate
            sslContext.UseCertificate(serverCertificate);
            // Set the private key
            sslContext.UsePrivateKey(serverCertificate.PrivateKey);
            // Set the session id context
            sslContext.SetSessionIdContext(Encoding.ASCII.GetBytes("AppDomainHost: UnitTests12345678"/*AppDomain.CurrentDomain.FriendlyName*/));
        }
예제 #15
0
        private void InitializeServerContext(
            X509Certificate serverCertificate,
            bool clientCertificateRequired,
            X509Chain caCerts,
            SslProtocols enabledSslProtocols,
            SslStrength sslStrength,
            bool checkCertificateRevocation)
        {
            if (serverCertificate == null)
            {
                throw new ArgumentNullException("serverCertificate", "Server certificate cannot be null");
            }
            if (!serverCertificate.HasPrivateKey)
            {
                throw new ArgumentException("Server certificate must have a private key", "serverCertificate");
            }

            // Initialize the context with specified TLS version
            sslContext = new SslContext(SslMethod.TLSv12_server_method, ConnectionEnd.Server, new[] {
                Protocols.Http2,
                Protocols.Http1
            });

            var options = sslContext.Options;

            // Remove support for protocols not specified in the enabledSslProtocols
            if (!EnumExtensions.HasFlag(enabledSslProtocols, SslProtocols.Ssl2))
            {
                options |= SslOptions.SSL_OP_NO_SSLv2;
            }

            if (!EnumExtensions.HasFlag(enabledSslProtocols, SslProtocols.Ssl3))
            {
                options |= SslOptions.SSL_OP_NO_SSLv3;
            }

            if (!EnumExtensions.HasFlag(enabledSslProtocols, SslProtocols.Tls))
            {
                options |= SslOptions.SSL_OP_NO_TLSv1;
            }

            // Set the workaround options
            sslContext.Options = options | SslOptions.SSL_OP_ALL;

            // Set the context mode
            sslContext.Mode = SslMode.SSL_MODE_AUTO_RETRY;

            // Set the client certificate verification callback if we are requiring client certs
            if (clientCertificateRequired)
            {
                sslContext.SetVerify(VerifyMode.SSL_VERIFY_PEER | VerifyMode.SSL_VERIFY_FAIL_IF_NO_PEER_CERT, OnRemoteCertificate);
            }
            else
            {
                sslContext.SetVerify(VerifyMode.SSL_VERIFY_NONE, null);
            }

            // Set the client certificate max verification depth
            sslContext.SetVerifyDepth(10);
            // Set the certificate store and ca list
            if (caCerts != null)
            {
                // Don't take ownership of the X509Store IntPtr.  When we
                // SetCertificateStore, the context takes ownership of the store pointer.
                sslContext.SetCertificateStore(new X509Store(caCerts, false));
                var name_stack = new Core.Stack <X509Name>();
                foreach (var cert in caCerts)
                {
                    var subject = cert.Subject;
                    name_stack.Add(subject);
                }
                // Assign the stack to the context
                sslContext.CAList = name_stack;
            }
            // Set the cipher string
            sslContext.SetCipherList(SslCipher.MakeString(enabledSslProtocols, sslStrength));
            // Set the certificate
            sslContext.UseCertificate(serverCertificate);
            // Set the private key
            sslContext.UsePrivateKey(serverCertificate.PrivateKey);
            // Set the session id context
            sslContext.SetSessionIdContext(Encoding.ASCII.GetBytes(AppDomain.CurrentDomain.FriendlyName));
        }
예제 #16
0
        private void InitializeServerContext(
            X509Certificate serverCertificate,
            bool clientCertificateRequired,
            X509Chain caCerts,
            SslProtocols enabledSslProtocols,
            SslStrength sslStrength,
            bool checkCertificateRevocation)
        {
            if (serverCertificate == null)
            {
                throw new ArgumentNullException("serverCertificate", "Server certificate cannot be null");
            }
            if (!serverCertificate.HasPrivateKey)
            {
                throw new ArgumentException("Server certificate must have a private key", "serverCertificate");
            }

            // Initialize the context
            sslContext = new SslContext(SslMethod.SSLv23_server_method);

            // Remove support for protocols not specified in the enabledSslProtocols
            if ((enabledSslProtocols & SslProtocols.Ssl2) != SslProtocols.Ssl2)
            {
                sslContext.Options |= SslOptions.SSL_OP_NO_SSLv2;
            }
            if ((enabledSslProtocols & SslProtocols.Ssl3) != SslProtocols.Ssl3 &&
                ((enabledSslProtocols & SslProtocols.Default) != SslProtocols.Default))
            {
                // no SSLv3 support
                sslContext.Options |= SslOptions.SSL_OP_NO_SSLv3;
            }
            if ((enabledSslProtocols & SslProtocols.Tls) != SslProtocols.Tls &&
                (enabledSslProtocols & SslProtocols.Default) != SslProtocols.Default)
            {
                sslContext.Options |= SslOptions.SSL_OP_NO_TLSv1;
            }
            /*
            // Initialize the context with the specified ssl version
            switch (enabledSslProtocols)
            {
                case SslProtocols.None:
                    throw new ArgumentException("SslProtocol.None is not supported", "enabledSslProtocols");
                    break;
                case SslProtocols.Ssl2:
                    sslContext = new SslContext(SslMethod.SSLv2_server_method);
                    break;
                case SslProtocols.Ssl3:
                case SslProtocols.Default:
                    sslContext = new SslContext(SslMethod.SSLv3_server_method);
                    break;
                case SslProtocols.Tls:
                    sslContext = new SslContext(SslMethod.TLSv1_server_method);
                    break;
            }
            */
            // Set the context mode
            sslContext.Mode = SslMode.SSL_MODE_AUTO_RETRY;
            // Set the workaround options
            sslContext.Options = SslOptions.SSL_OP_ALL;
            // Set the client certificate verification callback if we are requiring client certs
            if (clientCertificateRequired)
            {
                sslContext.SetVerify(VerifyMode.SSL_VERIFY_PEER | VerifyMode.SSL_VERIFY_FAIL_IF_NO_PEER_CERT, remoteCertificateSelectionCallback);
            }
            else
            {
                sslContext.SetVerify(VerifyMode.SSL_VERIFY_NONE, null);
            }

            // Set the client certificate max verification depth
            sslContext.SetVerifyDepth(10);
            // Set the certificate store and ca list
            if (caCerts != null)
            {
                // Don't take ownership of the X509Store IntPtr.  When we
                // SetCertificateStore, the context takes ownership of the store pointer.
                X509Store cert_store = new X509Store(caCerts, false);
                sslContext.SetCertificateStore(cert_store);
                Core.Stack<X509Name> name_stack = new Core.Stack<X509Name>();
                foreach (X509Certificate cert in caCerts)
                {
                    X509Name subject = cert.Subject;
                    name_stack.Add(subject);
                }
                // Assign the stack to the context
                sslContext.CAList = name_stack;
            }
            // Set the cipher string
            sslContext.SetCipherList(GetCipherString(false, enabledSslProtocols, sslStrength));
            // Set the certificate
            sslContext.UseCertificate(serverCertificate);
            // Set the private key
            sslContext.UsePrivateKey(serverCertificate.PrivateKey);
            // Set the session id context
            sslContext.SetSessionIdContext(Encoding.ASCII.GetBytes(AppDomain.CurrentDomain.FriendlyName));
        }