private InitialHandshakePayload(ProtocolCapabilities protocolCapabilities, byte[] serverVersion, int connectionId, byte[] authPluginData, string authPluginName)
{
ProtocolCapabilities = protocolCapabilities;
ServerVersion = serverVersion;
ConnectionId = connectionId;
AuthPluginData = authPluginData;
AuthPluginName = authPluginName;
}
IDataValueDictionary ISupportedProtocol.GetOrCreateProtocolCapabilities()
{
if (ProtocolCapabilities == null)
{
ProtocolCapabilities = new Dictionary <string, DataValue>();
}
return(ProtocolCapabilities.ToDataValueDictionary());
}
public void CopyParameters(BitcoinStream from)
{
if (from == null)
{
throw new ArgumentNullException(nameof(from));
}
ProtocolVersion = from.ProtocolVersion;
ConsensusFactory = from.ConsensusFactory;
_ProtocolCapabilities = from._ProtocolCapabilities;
IsBigEndian = from.IsBigEndian;
MaxArraySize = from.MaxArraySize;
Type = from.Type;
}
public bool IsSupersetOf(ProtocolCapabilities capabilities)
{
return((!capabilities.SupportCheckSum || SupportCheckSum) &&
(!capabilities.SupportCompactBlocks || SupportCompactBlocks) &&
(!capabilities.SupportGetBlock || SupportGetBlock) &&
(!capabilities.SupportMempoolQuery || SupportMempoolQuery) &&
(!capabilities.SupportNodeBloom || SupportNodeBloom) &&
(!capabilities.SupportPingPong || SupportPingPong) &&
(!capabilities.SupportReject || SupportReject) &&
(!capabilities.SupportSendHeaders || SupportSendHeaders) &&
(!capabilities.SupportTimeAddress || SupportTimeAddress) &&
(!capabilities.SupportWitness || SupportWitness) &&
(!capabilities.SupportUserAgent || SupportUserAgent) &&
(!capabilities.SupportCheckSum || SupportCheckSum));
}
private static ByteBufferWriter CreateCapabilitiesPayload(ProtocolCapabilities serverCapabilities, ConnectionSettings cs, bool useCompression, CharacterSet characterSet, ProtocolCapabilities additionalCapabilities = 0)
{
var writer = new ByteBufferWriter();
writer.Write((int)(
ProtocolCapabilities.Protocol41 |
(cs.InteractiveSession ? (serverCapabilities & ProtocolCapabilities.Interactive) : 0) |
(serverCapabilities & ProtocolCapabilities.LongPassword) |
(serverCapabilities & ProtocolCapabilities.Transactions) |
ProtocolCapabilities.SecureConnection |
(serverCapabilities & ProtocolCapabilities.PluginAuth) |
(serverCapabilities & ProtocolCapabilities.PluginAuthLengthEncodedClientData) |
ProtocolCapabilities.MultiStatements |
ProtocolCapabilities.MultiResults |
(cs.AllowLoadLocalInfile ? ProtocolCapabilities.LocalFiles : 0) |
(string.IsNullOrWhiteSpace(cs.Database) ? 0 : ProtocolCapabilities.ConnectWithDatabase) |
(cs.UseAffectedRows ? 0 : ProtocolCapabilities.FoundRows) |
(useCompression ? ProtocolCapabilities.Compress : ProtocolCapabilities.None) |
(serverCapabilities & ProtocolCapabilities.ConnectionAttributes) |
(serverCapabilities & ProtocolCapabilities.SessionTrack) |
(serverCapabilities & ProtocolCapabilities.DeprecateEof) |
additionalCapabilities));
writer.Write(0x4000_0000);
writer.Write((byte)characterSet);
// NOTE: not new byte[19]; see https://github.com/dotnet/roslyn/issues/33088
ReadOnlySpan <byte> padding = new byte[] { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
writer.Write(padding);
if ((serverCapabilities & ProtocolCapabilities.LongPassword) == 0)
{
// MariaDB writes extended capabilities at the end of the padding
writer.Write((int)(((long)(serverCapabilities & ProtocolCapabilities.MariaDbComMulti)) >> 32));
}
else
{
writer.Write(0u);
}
return(writer);
}
internal static PayloadWriter CapabilitiesPayload(ConnectionSettings cs, ProtocolCapabilities additionalCapabilities = 0)
{
var writer = new PayloadWriter();
writer.WriteInt32((int)(
ProtocolCapabilities.Protocol41 |
ProtocolCapabilities.LongPassword |
ProtocolCapabilities.SecureConnection |
ProtocolCapabilities.PluginAuth |
ProtocolCapabilities.PluginAuthLengthEncodedClientData |
ProtocolCapabilities.MultiStatements |
ProtocolCapabilities.MultiResults |
ProtocolCapabilities.PreparedStatementMultiResults |
(string.IsNullOrWhiteSpace(cs.Database) ? 0 : ProtocolCapabilities.ConnectWithDatabase) |
(cs.UseAffectedRows ? 0 : ProtocolCapabilities.FoundRows) |
(cs.UseCompression ? ProtocolCapabilities.Compress : ProtocolCapabilities.None) |
additionalCapabilities));
writer.WriteInt32(0x40000000);
writer.WriteByte((byte)CharacterSet.Utf8Mb4Binary);
writer.Write(new byte[23]);
return(writer);
}
private async Task InitSslAsync(ProtocolCapabilities serverCapabilities, ConnectionSettings cs, IOBehavior ioBehavior, CancellationToken cancellationToken)
{
X509CertificateCollection clientCertificates = null;
if (cs.CertificateFile != null)
{
try
{
var certificate = new X509Certificate2(cs.CertificateFile, cs.CertificatePassword);
#if !NET45
m_clientCertificate = certificate;
#endif
clientCertificates = new X509CertificateCollection {
certificate
};
}
catch (CryptographicException ex)
{
if (!File.Exists(cs.CertificateFile))
{
throw new MySqlException("Cannot find Certificate File", ex);
}
throw new MySqlException("Either the Certificate Password is incorrect or the Certificate File is invalid", ex);
}
}
X509Chain caCertificateChain = null;
if (cs.CACertificateFile != null)
{
try
{
var caCertificate = new X509Certificate2(cs.CACertificateFile);
#if !NET45
m_serverCertificate = caCertificate;
#endif
caCertificateChain = new X509Chain
{
ChainPolicy =
{
RevocationMode = X509RevocationMode.NoCheck,
VerificationFlags = X509VerificationFlags.AllowUnknownCertificateAuthority
}
};
caCertificateChain.ChainPolicy.ExtraStore.Add(caCertificate);
}
catch (CryptographicException ex)
{
if (!File.Exists(cs.CACertificateFile))
{
throw new MySqlException("Cannot find CA Certificate File", ex);
}
throw new MySqlException("The CA Certificate File is invalid", ex);
}
}
X509Certificate ValidateLocalCertificate(object lcbSender, string lcbTargetHost, X509CertificateCollection lcbLocalCertificates, X509Certificate lcbRemoteCertificate, string[] lcbAcceptableIssuers) => lcbLocalCertificates[0];
bool ValidateRemoteCertificate(object rcbSender, X509Certificate rcbCertificate, X509Chain rcbChain, SslPolicyErrors rcbPolicyErrors)
{
if (cs.SslMode == MySqlSslMode.Preferred || cs.SslMode == MySqlSslMode.Required)
{
return(true);
}
if ((rcbPolicyErrors & SslPolicyErrors.RemoteCertificateChainErrors) != 0 && caCertificateChain != null)
{
if (caCertificateChain.Build((X509Certificate2)rcbCertificate))
{
var chainStatus = caCertificateChain.ChainStatus[0].Status & ~X509ChainStatusFlags.UntrustedRoot;
if (chainStatus == X509ChainStatusFlags.NoError)
{
rcbPolicyErrors &= ~SslPolicyErrors.RemoteCertificateChainErrors;
}
}
}
if (cs.SslMode == MySqlSslMode.VerifyCA)
{
rcbPolicyErrors &= ~SslPolicyErrors.RemoteCertificateNameMismatch;
}
return(rcbPolicyErrors == SslPolicyErrors.None);
}
SslStream sslStream;
if (clientCertificates == null)
{
sslStream = new SslStream(m_networkStream, false, ValidateRemoteCertificate);
}
else
{
sslStream = new SslStream(m_networkStream, false, ValidateRemoteCertificate, ValidateLocalCertificate);
}
// SslProtocols.Tls1.2 throws an exception in Windows, see https://github.com/mysql-net/MySqlConnector/pull/101
var sslProtocols = SslProtocols.Tls | SslProtocols.Tls11;
if (!Utility.IsWindows())
{
sslProtocols |= SslProtocols.Tls12;
}
var checkCertificateRevocation = cs.SslMode == MySqlSslMode.VerifyFull;
var initSsl = new PayloadData(new ArraySegment <byte>(HandshakeResponse41Packet.InitSsl(serverCapabilities, cs, m_useCompression)));
await SendReplyAsync(initSsl, ioBehavior, cancellationToken).ConfigureAwait(false);
try
{
if (ioBehavior == IOBehavior.Asynchronous)
{
await sslStream.AuthenticateAsClientAsync(m_hostname, clientCertificates, sslProtocols, checkCertificateRevocation).ConfigureAwait(false);
}
else
{
#if NETSTANDARD1_3
await sslStream.AuthenticateAsClientAsync(m_hostname, clientCertificates, sslProtocols, checkCertificateRevocation).ConfigureAwait(false);
#else
sslStream.AuthenticateAsClient(m_hostname, clientCertificates, sslProtocols, checkCertificateRevocation);
#endif
}
var sslByteHandler = new StreamByteHandler(sslStream);
m_payloadHandler.ByteHandler = sslByteHandler;
m_isSecureConnection = true;
}
catch (Exception ex)
{
sslStream.Dispose();
ShutdownSocket();
m_hostname = "";
lock (m_lock)
m_state = State.Failed;
if (ex is AuthenticationException)
{
throw new MySqlException("SSL Authentication Error", ex);
}
if (ex is IOException && clientCertificates != null)
{
throw new MySqlException("MySQL Server rejected client certificate", ex);
}
throw;
}
}
private static ByteBufferWriter CreateCapabilitiesPayload(ProtocolCapabilities serverCapabilities, ConnectionSettings cs, bool useCompression, CharacterSet characterSet, ProtocolCapabilities additionalCapabilities = 0)
{
var writer = new ByteBufferWriter();
writer.Write((int)(
ProtocolCapabilities.Protocol41 |
(cs.InteractiveSession ? (serverCapabilities & ProtocolCapabilities.Interactive) : 0) |
ProtocolCapabilities.LongPassword |
(serverCapabilities & ProtocolCapabilities.Transactions) |
ProtocolCapabilities.SecureConnection |
(serverCapabilities & ProtocolCapabilities.PluginAuth) |
(serverCapabilities & ProtocolCapabilities.PluginAuthLengthEncodedClientData) |
ProtocolCapabilities.MultiStatements |
ProtocolCapabilities.MultiResults |
ProtocolCapabilities.LocalFiles |
(string.IsNullOrWhiteSpace(cs.Database) ? 0 : ProtocolCapabilities.ConnectWithDatabase) |
(cs.UseAffectedRows ? 0 : ProtocolCapabilities.FoundRows) |
(useCompression ? ProtocolCapabilities.Compress : ProtocolCapabilities.None) |
(serverCapabilities & ProtocolCapabilities.ConnectionAttributes) |
(serverCapabilities & ProtocolCapabilities.SessionTrack) |
(serverCapabilities & ProtocolCapabilities.DeprecateEof) |
additionalCapabilities));
writer.Write(0x4000_0000);
writer.Write((byte)characterSet);
writer.Write(s_padding);
return(writer);
}
public static PayloadData CreateWithSsl(ProtocolCapabilities serverCapabilities, ConnectionSettings cs, bool useCompression, CharacterSet characterSet) => CreateCapabilitiesPayload(serverCapabilities, cs, useCompression, characterSet, ProtocolCapabilities.Ssl).ToPayloadData();
private async Task InitSslAsync(ProtocolCapabilities serverCapabilities, ConnectionSettings cs, IOBehavior ioBehavior, CancellationToken cancellationToken)
{
X509Certificate2 certificate;
try
{
certificate = new X509Certificate2(cs.CertificateFile, cs.CertificatePassword);
}
catch (CryptographicException ex)
{
if (!File.Exists(cs.CertificateFile))
{
throw new MySqlException("Cannot find SSL Certificate File", ex);
}
throw new MySqlException("Either the SSL Certificate Password is incorrect or the SSL Certificate File is invalid", ex);
}
Func <object, string, X509CertificateCollection, X509Certificate, string[], X509Certificate> localCertificateCb =
(lcbSender, lcbTargetHost, lcbLocalCertificates, lcbRemoteCertificate, lcbAcceptableIssuers) => lcbLocalCertificates[0];
Func <object, X509Certificate, X509Chain, SslPolicyErrors, bool> remoteCertificateCb =
(rcbSender, rcbCertificate, rcbChain, rcbPolicyErrors) =>
{
switch (rcbPolicyErrors)
{
case SslPolicyErrors.None:
return(true);
case SslPolicyErrors.RemoteCertificateNameMismatch:
return(cs.SslMode != MySqlSslMode.VerifyFull);
default:
return(cs.SslMode == MySqlSslMode.Required);
}
};
var sslStream = new SslStream(m_networkStream, false,
new RemoteCertificateValidationCallback(remoteCertificateCb),
new LocalCertificateSelectionCallback(localCertificateCb));
var clientCertificates = new X509CertificateCollection {
certificate
};
// SslProtocols.Tls1.2 throws an exception in Windows, see https://github.com/mysql-net/MySqlConnector/pull/101
var sslProtocols = SslProtocols.Tls | SslProtocols.Tls11;
if (!RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
{
sslProtocols |= SslProtocols.Tls12;
}
var checkCertificateRevocation = cs.SslMode == MySqlSslMode.VerifyFull;
var initSsl = new PayloadData(new ArraySegment <byte>(HandshakeResponse41Packet.InitSsl(serverCapabilities, cs)));
await SendReplyAsync(initSsl, ioBehavior, cancellationToken).ConfigureAwait(false);
try
{
if (ioBehavior == IOBehavior.Asynchronous)
{
await sslStream.AuthenticateAsClientAsync(m_hostname, clientCertificates, sslProtocols, checkCertificateRevocation).ConfigureAwait(false);
}
else
{
#if NETSTANDARD1_3
await sslStream.AuthenticateAsClientAsync(m_hostname, clientCertificates, sslProtocols, checkCertificateRevocation).ConfigureAwait(false);
#else
sslStream.AuthenticateAsClient(m_hostname, clientCertificates, sslProtocols, checkCertificateRevocation);
#endif
}
var sslByteHandler = new StreamByteHandler(sslStream);
m_payloadHandler.ByteHandler = sslByteHandler;
}
catch (AuthenticationException ex)
{
ShutdownSocket();
m_hostname = "";
m_state = State.Failed;
throw new MySqlException("SSL Authentication Error", ex);
}
}
private static PayloadWriter CreateCapabilitiesPayload(ProtocolCapabilities serverCapabilities, ConnectionSettings cs, bool useCompression, ProtocolCapabilities additionalCapabilities = 0)
{
var writer = new PayloadWriter();
writer.WriteInt32((int)(
ProtocolCapabilities.Protocol41 |
ProtocolCapabilities.LongPassword |
ProtocolCapabilities.SecureConnection |
(serverCapabilities & ProtocolCapabilities.PluginAuth) |
(serverCapabilities & ProtocolCapabilities.PluginAuthLengthEncodedClientData) |
ProtocolCapabilities.MultiStatements |
ProtocolCapabilities.MultiResults |
ProtocolCapabilities.LocalFiles |
(string.IsNullOrWhiteSpace(cs.Database) ? 0 : ProtocolCapabilities.ConnectWithDatabase) |
(cs.UseAffectedRows ? 0 : ProtocolCapabilities.FoundRows) |
(useCompression ? ProtocolCapabilities.Compress : ProtocolCapabilities.None) |
(serverCapabilities & ProtocolCapabilities.ConnectionAttributes) |
(serverCapabilities & ProtocolCapabilities.DeprecateEof) |
additionalCapabilities));
writer.WriteInt32(0x4000_0000);
writer.WriteByte((byte)CharacterSet.Utf8Mb4Binary);
writer.Write(new byte[23]);
return(writer);
}
public static byte[] InitSsl(ProtocolCapabilities serverCapabilities, ConnectionSettings cs, bool useCompression)
{
return(CreateCapabilitiesPayload(serverCapabilities, cs, useCompression, ProtocolCapabilities.Ssl).ToBytes());
}
