private InitialHandshakePayload(ProtocolCapabilities protocolCapabilities, byte[] serverVersion, int connectionId, byte[] authPluginData, string authPluginName) { ProtocolCapabilities = protocolCapabilities; ServerVersion = serverVersion; ConnectionId = connectionId; AuthPluginData = authPluginData; AuthPluginName = authPluginName; }
IDataValueDictionary ISupportedProtocol.GetOrCreateProtocolCapabilities() { if (ProtocolCapabilities == null) { ProtocolCapabilities = new Dictionary <string, DataValue>(); } return(ProtocolCapabilities.ToDataValueDictionary()); }
public void CopyParameters(BitcoinStream from) { if (from == null) { throw new ArgumentNullException(nameof(from)); } ProtocolVersion = from.ProtocolVersion; ConsensusFactory = from.ConsensusFactory; _ProtocolCapabilities = from._ProtocolCapabilities; IsBigEndian = from.IsBigEndian; MaxArraySize = from.MaxArraySize; Type = from.Type; }
public bool IsSupersetOf(ProtocolCapabilities capabilities) { return((!capabilities.SupportCheckSum || SupportCheckSum) && (!capabilities.SupportCompactBlocks || SupportCompactBlocks) && (!capabilities.SupportGetBlock || SupportGetBlock) && (!capabilities.SupportMempoolQuery || SupportMempoolQuery) && (!capabilities.SupportNodeBloom || SupportNodeBloom) && (!capabilities.SupportPingPong || SupportPingPong) && (!capabilities.SupportReject || SupportReject) && (!capabilities.SupportSendHeaders || SupportSendHeaders) && (!capabilities.SupportTimeAddress || SupportTimeAddress) && (!capabilities.SupportWitness || SupportWitness) && (!capabilities.SupportUserAgent || SupportUserAgent) && (!capabilities.SupportCheckSum || SupportCheckSum)); }
private static ByteBufferWriter CreateCapabilitiesPayload(ProtocolCapabilities serverCapabilities, ConnectionSettings cs, bool useCompression, CharacterSet characterSet, ProtocolCapabilities additionalCapabilities = 0) { var writer = new ByteBufferWriter(); writer.Write((int)( ProtocolCapabilities.Protocol41 | (cs.InteractiveSession ? (serverCapabilities & ProtocolCapabilities.Interactive) : 0) | (serverCapabilities & ProtocolCapabilities.LongPassword) | (serverCapabilities & ProtocolCapabilities.Transactions) | ProtocolCapabilities.SecureConnection | (serverCapabilities & ProtocolCapabilities.PluginAuth) | (serverCapabilities & ProtocolCapabilities.PluginAuthLengthEncodedClientData) | ProtocolCapabilities.MultiStatements | ProtocolCapabilities.MultiResults | (cs.AllowLoadLocalInfile ? ProtocolCapabilities.LocalFiles : 0) | (string.IsNullOrWhiteSpace(cs.Database) ? 0 : ProtocolCapabilities.ConnectWithDatabase) | (cs.UseAffectedRows ? 0 : ProtocolCapabilities.FoundRows) | (useCompression ? ProtocolCapabilities.Compress : ProtocolCapabilities.None) | (serverCapabilities & ProtocolCapabilities.ConnectionAttributes) | (serverCapabilities & ProtocolCapabilities.SessionTrack) | (serverCapabilities & ProtocolCapabilities.DeprecateEof) | additionalCapabilities)); writer.Write(0x4000_0000); writer.Write((byte)characterSet); // NOTE: not new byte[19]; see https://github.com/dotnet/roslyn/issues/33088 ReadOnlySpan <byte> padding = new byte[] { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; writer.Write(padding); if ((serverCapabilities & ProtocolCapabilities.LongPassword) == 0) { // MariaDB writes extended capabilities at the end of the padding writer.Write((int)(((long)(serverCapabilities & ProtocolCapabilities.MariaDbComMulti)) >> 32)); } else { writer.Write(0u); } return(writer); }
internal static PayloadWriter CapabilitiesPayload(ConnectionSettings cs, ProtocolCapabilities additionalCapabilities = 0) { var writer = new PayloadWriter(); writer.WriteInt32((int)( ProtocolCapabilities.Protocol41 | ProtocolCapabilities.LongPassword | ProtocolCapabilities.SecureConnection | ProtocolCapabilities.PluginAuth | ProtocolCapabilities.PluginAuthLengthEncodedClientData | ProtocolCapabilities.MultiStatements | ProtocolCapabilities.MultiResults | ProtocolCapabilities.PreparedStatementMultiResults | (string.IsNullOrWhiteSpace(cs.Database) ? 0 : ProtocolCapabilities.ConnectWithDatabase) | (cs.UseAffectedRows ? 0 : ProtocolCapabilities.FoundRows) | (cs.UseCompression ? ProtocolCapabilities.Compress : ProtocolCapabilities.None) | additionalCapabilities)); writer.WriteInt32(0x40000000); writer.WriteByte((byte)CharacterSet.Utf8Mb4Binary); writer.Write(new byte[23]); return(writer); }
private async Task InitSslAsync(ProtocolCapabilities serverCapabilities, ConnectionSettings cs, IOBehavior ioBehavior, CancellationToken cancellationToken) { X509CertificateCollection clientCertificates = null; if (cs.CertificateFile != null) { try { var certificate = new X509Certificate2(cs.CertificateFile, cs.CertificatePassword); #if !NET45 m_clientCertificate = certificate; #endif clientCertificates = new X509CertificateCollection { certificate }; } catch (CryptographicException ex) { if (!File.Exists(cs.CertificateFile)) { throw new MySqlException("Cannot find Certificate File", ex); } throw new MySqlException("Either the Certificate Password is incorrect or the Certificate File is invalid", ex); } } X509Chain caCertificateChain = null; if (cs.CACertificateFile != null) { try { var caCertificate = new X509Certificate2(cs.CACertificateFile); #if !NET45 m_serverCertificate = caCertificate; #endif caCertificateChain = new X509Chain { ChainPolicy = { RevocationMode = X509RevocationMode.NoCheck, VerificationFlags = X509VerificationFlags.AllowUnknownCertificateAuthority } }; caCertificateChain.ChainPolicy.ExtraStore.Add(caCertificate); } catch (CryptographicException ex) { if (!File.Exists(cs.CACertificateFile)) { throw new MySqlException("Cannot find CA Certificate File", ex); } throw new MySqlException("The CA Certificate File is invalid", ex); } } X509Certificate ValidateLocalCertificate(object lcbSender, string lcbTargetHost, X509CertificateCollection lcbLocalCertificates, X509Certificate lcbRemoteCertificate, string[] lcbAcceptableIssuers) => lcbLocalCertificates[0]; bool ValidateRemoteCertificate(object rcbSender, X509Certificate rcbCertificate, X509Chain rcbChain, SslPolicyErrors rcbPolicyErrors) { if (cs.SslMode == MySqlSslMode.Preferred || cs.SslMode == MySqlSslMode.Required) { return(true); } if ((rcbPolicyErrors & SslPolicyErrors.RemoteCertificateChainErrors) != 0 && caCertificateChain != null) { if (caCertificateChain.Build((X509Certificate2)rcbCertificate)) { var chainStatus = caCertificateChain.ChainStatus[0].Status & ~X509ChainStatusFlags.UntrustedRoot; if (chainStatus == X509ChainStatusFlags.NoError) { rcbPolicyErrors &= ~SslPolicyErrors.RemoteCertificateChainErrors; } } } if (cs.SslMode == MySqlSslMode.VerifyCA) { rcbPolicyErrors &= ~SslPolicyErrors.RemoteCertificateNameMismatch; } return(rcbPolicyErrors == SslPolicyErrors.None); } SslStream sslStream; if (clientCertificates == null) { sslStream = new SslStream(m_networkStream, false, ValidateRemoteCertificate); } else { sslStream = new SslStream(m_networkStream, false, ValidateRemoteCertificate, ValidateLocalCertificate); } // SslProtocols.Tls1.2 throws an exception in Windows, see https://github.com/mysql-net/MySqlConnector/pull/101 var sslProtocols = SslProtocols.Tls | SslProtocols.Tls11; if (!Utility.IsWindows()) { sslProtocols |= SslProtocols.Tls12; } var checkCertificateRevocation = cs.SslMode == MySqlSslMode.VerifyFull; var initSsl = new PayloadData(new ArraySegment <byte>(HandshakeResponse41Packet.InitSsl(serverCapabilities, cs, m_useCompression))); await SendReplyAsync(initSsl, ioBehavior, cancellationToken).ConfigureAwait(false); try { if (ioBehavior == IOBehavior.Asynchronous) { await sslStream.AuthenticateAsClientAsync(m_hostname, clientCertificates, sslProtocols, checkCertificateRevocation).ConfigureAwait(false); } else { #if NETSTANDARD1_3 await sslStream.AuthenticateAsClientAsync(m_hostname, clientCertificates, sslProtocols, checkCertificateRevocation).ConfigureAwait(false); #else sslStream.AuthenticateAsClient(m_hostname, clientCertificates, sslProtocols, checkCertificateRevocation); #endif } var sslByteHandler = new StreamByteHandler(sslStream); m_payloadHandler.ByteHandler = sslByteHandler; m_isSecureConnection = true; } catch (Exception ex) { sslStream.Dispose(); ShutdownSocket(); m_hostname = ""; lock (m_lock) m_state = State.Failed; if (ex is AuthenticationException) { throw new MySqlException("SSL Authentication Error", ex); } if (ex is IOException && clientCertificates != null) { throw new MySqlException("MySQL Server rejected client certificate", ex); } throw; } }
private static ByteBufferWriter CreateCapabilitiesPayload(ProtocolCapabilities serverCapabilities, ConnectionSettings cs, bool useCompression, CharacterSet characterSet, ProtocolCapabilities additionalCapabilities = 0) { var writer = new ByteBufferWriter(); writer.Write((int)( ProtocolCapabilities.Protocol41 | (cs.InteractiveSession ? (serverCapabilities & ProtocolCapabilities.Interactive) : 0) | ProtocolCapabilities.LongPassword | (serverCapabilities & ProtocolCapabilities.Transactions) | ProtocolCapabilities.SecureConnection | (serverCapabilities & ProtocolCapabilities.PluginAuth) | (serverCapabilities & ProtocolCapabilities.PluginAuthLengthEncodedClientData) | ProtocolCapabilities.MultiStatements | ProtocolCapabilities.MultiResults | ProtocolCapabilities.LocalFiles | (string.IsNullOrWhiteSpace(cs.Database) ? 0 : ProtocolCapabilities.ConnectWithDatabase) | (cs.UseAffectedRows ? 0 : ProtocolCapabilities.FoundRows) | (useCompression ? ProtocolCapabilities.Compress : ProtocolCapabilities.None) | (serverCapabilities & ProtocolCapabilities.ConnectionAttributes) | (serverCapabilities & ProtocolCapabilities.SessionTrack) | (serverCapabilities & ProtocolCapabilities.DeprecateEof) | additionalCapabilities)); writer.Write(0x4000_0000); writer.Write((byte)characterSet); writer.Write(s_padding); return(writer); }
public static PayloadData CreateWithSsl(ProtocolCapabilities serverCapabilities, ConnectionSettings cs, bool useCompression, CharacterSet characterSet) => CreateCapabilitiesPayload(serverCapabilities, cs, useCompression, characterSet, ProtocolCapabilities.Ssl).ToPayloadData();
private async Task InitSslAsync(ProtocolCapabilities serverCapabilities, ConnectionSettings cs, IOBehavior ioBehavior, CancellationToken cancellationToken) { X509Certificate2 certificate; try { certificate = new X509Certificate2(cs.CertificateFile, cs.CertificatePassword); } catch (CryptographicException ex) { if (!File.Exists(cs.CertificateFile)) { throw new MySqlException("Cannot find SSL Certificate File", ex); } throw new MySqlException("Either the SSL Certificate Password is incorrect or the SSL Certificate File is invalid", ex); } Func <object, string, X509CertificateCollection, X509Certificate, string[], X509Certificate> localCertificateCb = (lcbSender, lcbTargetHost, lcbLocalCertificates, lcbRemoteCertificate, lcbAcceptableIssuers) => lcbLocalCertificates[0]; Func <object, X509Certificate, X509Chain, SslPolicyErrors, bool> remoteCertificateCb = (rcbSender, rcbCertificate, rcbChain, rcbPolicyErrors) => { switch (rcbPolicyErrors) { case SslPolicyErrors.None: return(true); case SslPolicyErrors.RemoteCertificateNameMismatch: return(cs.SslMode != MySqlSslMode.VerifyFull); default: return(cs.SslMode == MySqlSslMode.Required); } }; var sslStream = new SslStream(m_networkStream, false, new RemoteCertificateValidationCallback(remoteCertificateCb), new LocalCertificateSelectionCallback(localCertificateCb)); var clientCertificates = new X509CertificateCollection { certificate }; // SslProtocols.Tls1.2 throws an exception in Windows, see https://github.com/mysql-net/MySqlConnector/pull/101 var sslProtocols = SslProtocols.Tls | SslProtocols.Tls11; if (!RuntimeInformation.IsOSPlatform(OSPlatform.Windows)) { sslProtocols |= SslProtocols.Tls12; } var checkCertificateRevocation = cs.SslMode == MySqlSslMode.VerifyFull; var initSsl = new PayloadData(new ArraySegment <byte>(HandshakeResponse41Packet.InitSsl(serverCapabilities, cs))); await SendReplyAsync(initSsl, ioBehavior, cancellationToken).ConfigureAwait(false); try { if (ioBehavior == IOBehavior.Asynchronous) { await sslStream.AuthenticateAsClientAsync(m_hostname, clientCertificates, sslProtocols, checkCertificateRevocation).ConfigureAwait(false); } else { #if NETSTANDARD1_3 await sslStream.AuthenticateAsClientAsync(m_hostname, clientCertificates, sslProtocols, checkCertificateRevocation).ConfigureAwait(false); #else sslStream.AuthenticateAsClient(m_hostname, clientCertificates, sslProtocols, checkCertificateRevocation); #endif } var sslByteHandler = new StreamByteHandler(sslStream); m_payloadHandler.ByteHandler = sslByteHandler; } catch (AuthenticationException ex) { ShutdownSocket(); m_hostname = ""; m_state = State.Failed; throw new MySqlException("SSL Authentication Error", ex); } }
private static PayloadWriter CreateCapabilitiesPayload(ProtocolCapabilities serverCapabilities, ConnectionSettings cs, bool useCompression, ProtocolCapabilities additionalCapabilities = 0) { var writer = new PayloadWriter(); writer.WriteInt32((int)( ProtocolCapabilities.Protocol41 | ProtocolCapabilities.LongPassword | ProtocolCapabilities.SecureConnection | (serverCapabilities & ProtocolCapabilities.PluginAuth) | (serverCapabilities & ProtocolCapabilities.PluginAuthLengthEncodedClientData) | ProtocolCapabilities.MultiStatements | ProtocolCapabilities.MultiResults | ProtocolCapabilities.LocalFiles | (string.IsNullOrWhiteSpace(cs.Database) ? 0 : ProtocolCapabilities.ConnectWithDatabase) | (cs.UseAffectedRows ? 0 : ProtocolCapabilities.FoundRows) | (useCompression ? ProtocolCapabilities.Compress : ProtocolCapabilities.None) | (serverCapabilities & ProtocolCapabilities.ConnectionAttributes) | (serverCapabilities & ProtocolCapabilities.DeprecateEof) | additionalCapabilities)); writer.WriteInt32(0x4000_0000); writer.WriteByte((byte)CharacterSet.Utf8Mb4Binary); writer.Write(new byte[23]); return(writer); }
public static byte[] InitSsl(ProtocolCapabilities serverCapabilities, ConnectionSettings cs, bool useCompression) { return(CreateCapabilitiesPayload(serverCapabilities, cs, useCompression, ProtocolCapabilities.Ssl).ToBytes()); }