private static void DoTestClientServer(bool fragment)
{
SecureRandom secureRandom = new SecureRandom();
TlsClientProtocol clientProtocol = new TlsClientProtocol(secureRandom);
TlsServerProtocol serverProtocol = new TlsServerProtocol(secureRandom);
clientProtocol.Connect(new MockTlsClient(null));
serverProtocol.Accept(new MockTlsServer());
// pump handshake
bool hadDataFromServer = true;
bool hadDataFromClient = true;
while (hadDataFromServer || hadDataFromClient)
{
hadDataFromServer = PumpData(serverProtocol, clientProtocol, fragment);
hadDataFromClient = PumpData(clientProtocol, serverProtocol, fragment);
}
// send data in both directions
byte[] data = new byte[1024];
secureRandom.NextBytes(data);
WriteAndRead(clientProtocol, serverProtocol, data, fragment);
WriteAndRead(serverProtocol, clientProtocol, data, fragment);
// close the connection
clientProtocol.Close();
PumpData(clientProtocol, serverProtocol, fragment);
serverProtocol.CloseInput();
CheckClosed(serverProtocol);
CheckClosed(clientProtocol);
}
protected void Disposing(bool dispose)
{
if (dispose & !disposed)
{
disposed = true;
if (!(State == ChannelState.Closed || State == ChannelState.ClosedReceived))
{
try
{
CloseAsync().GetAwaiter();
//Task task = CloseAsync();
//Task.WaitAll(task);
}
catch (Exception ex)
{
Console.WriteLine("Exception Dispose/Closing TCP Client {0}", ex.Message);
Console.WriteLine("***** Inner Exception {0} *****", ex.InnerException);
Console.WriteLine("***** Stack Trace {0} *****", ex.InnerException.StackTrace);
}
}
protocol = null;
client = null;
readConnection = null;
writeConnection = null;
}
}
private static void DoTestClientServer(bool fragment)
{
SecureRandom secureRandom = new SecureRandom();
TlsClientProtocol clientProtocol = new TlsClientProtocol(secureRandom);
TlsServerProtocol serverProtocol = new TlsServerProtocol(secureRandom);
clientProtocol.Connect(new MockTlsClient(null));
serverProtocol.Accept(new MockTlsServer());
// pump handshake
bool hadDataFromServer = true;
bool hadDataFromClient = true;
while (hadDataFromServer || hadDataFromClient)
{
hadDataFromServer = PumpData(serverProtocol, clientProtocol, fragment);
hadDataFromClient = PumpData(clientProtocol, serverProtocol, fragment);
}
// send data in both directions
byte[] data = new byte[1024];
secureRandom.NextBytes(data);
WriteAndRead(clientProtocol, serverProtocol, data, fragment);
WriteAndRead(serverProtocol, clientProtocol, data, fragment);
// close the connection
clientProtocol.Close();
PumpData(clientProtocol, serverProtocol, fragment);
CheckClosed(serverProtocol);
CheckClosed(clientProtocol);
}
public async static Task <TlsClientProtocol> PerformSSLHadshakeWithToken(ConnectionState connectionState, CancellationToken token)
{
byte[] random = new byte[128];
var rngProvider = new System.Security.Cryptography.RNGCryptoServiceProvider();
rngProvider.GetBytes(random);
var secureRandomInstance = SecureRandom.GetInstance("SHA256PRNG");
secureRandomInstance.SetSeed(random);
TlsClientProtocol pkiClientProtocol = new TlsClientProtocol(secureRandomInstance);
MyPKITlsClient pkiClient = new MyPKITlsClient();
pkiClientProtocol.Connect(pkiClient);
await SendSelectSslModuleApduAsync(connectionState, token);
await SendSslResetApduAsync(connectionState, token);
while (pkiClient.handshakeFinished != true)
{
int dataAvailable = pkiClientProtocol.GetAvailableOutputBytes();
byte[] data = new byte[dataAvailable];
pkiClientProtocol.ReadOutput(data, 0, dataAvailable);
byte[] response = await SendHandshakeApduAsync(data, connectionState, token);
pkiClientProtocol.OfferInput((byte[])response);
}
return(pkiClientProtocol);
}
private static byte[] WrapApdu(byte[] apdu, TlsClientProtocol tls)
{
byte[] header = { 0x84, 0x00, 0x00, 0x00 };
List <byte> finalApdu = new List <byte>();
tls.OfferOutput(apdu, 0, apdu.Length);
int dataAvailable = tls.GetAvailableOutputBytes();
byte[] wrappedData = new byte[dataAvailable];
tls.ReadOutput(wrappedData, 0, wrappedData.Length);
if (wrappedData.Length <= 255)
{
finalApdu.AddRange(header);
finalApdu.Add((byte)wrappedData.Length);
finalApdu.AddRange(wrappedData);
}
else
{
finalApdu.AddRange(header);
finalApdu.Add((byte)0x00);
finalApdu.Add((byte)(wrappedData.Length >> 8));
finalApdu.Add((byte)wrappedData.Length);
finalApdu.AddRange(wrappedData);
}
return(finalApdu.ToArray());
}
public static Stream WrapWithTls(Stream stream)
{
var client = new MyTlsClient();
var tlsClientProtocol = new TlsClientProtocol(stream, new SecureRandom());
tlsClientProtocol.Connect(client);
return(tlsClientProtocol.Stream);
}
internal static TlsClientProtocol OpenTlsConnection(string hostname, int port, TlsClient client)
{
TcpClient tcp = new TcpClient(hostname, port);
TlsClientProtocol protocol = new TlsClientProtocol(tcp.GetStream(), secureRandom);
protocol.Connect(client);
return protocol;
}
internal static TlsClientProtocol OpenTlsConnection(string hostname, int port, TlsClient client)
{
TcpClient tcp = new TcpClient(hostname, port);
TlsClientProtocol protocol = new TlsClientProtocol(tcp.GetStream(), secureRandom);
protocol.Connect(client);
return(protocol);
}
public static void Main(string[] args)
{
string hostname = "localhost";
int port = 5556;
long time1 = DateTime.UtcNow.Ticks;
/*
* Note: This is the default PSK identity for 'openssl s_server' testing, the server must be
* started with "-psk 6161616161" to make the keys match, and possibly the "-psk_hint"
* option should be present.
*/
//string psk_identity = "Client_identity";
//byte[] psk = new byte[]{ 0x61, 0x61, 0x61, 0x61, 0x61 };
// These correspond to the configuration of MockPskTlsServer
string psk_identity = "client";
byte[] psk = Strings.ToUtf8ByteArray("TLS_TEST_PSK");
BasicTlsPskIdentity pskIdentity = new BasicTlsPskIdentity(psk_identity, psk);
MockPskTlsClient client = new MockPskTlsClient(null, pskIdentity);
TlsClientProtocol protocol = OpenTlsConnection(hostname, port, client);
protocol.Close();
long time2 = DateTime.UtcNow.Ticks;
Console.WriteLine("Elapsed 1: " + (time2 - time1) / TimeSpan.TicksPerMillisecond + "ms");
client = new MockPskTlsClient(client.GetSessionToResume(), pskIdentity);
protocol = OpenTlsConnection(hostname, port, client);
long time3 = DateTime.UtcNow.Ticks;
Console.WriteLine("Elapsed 2: " + (time3 - time2) / TimeSpan.TicksPerMillisecond + "ms");
byte[] req = Encoding.UTF8.GetBytes("GET / HTTP/1.1\r\n\r\n");
Stream tlsStream = protocol.Stream;
tlsStream.Write(req, 0, req.Length);
tlsStream.Flush();
StreamReader reader = new StreamReader(tlsStream);
String line;
while ((line = reader.ReadLine()) != null)
{
Console.WriteLine(">>> " + line);
}
protocol.Close();
}
internal static Stream WrapStream(Stream stream, String hostName)
{
if (GSTlsClient.logger != null)
{
GSTlsClient.logger("Wrapping");
}
TlsClientProtocol tslcp = new TlsClientProtocol(stream, new SecureRandom());
tslcp.Connect(new GSTlsClient(hostName));
return(new DuplexTlsStream(tslcp.Stream));
}
public async static Task EstablishSRPChannelAsync(ConnectionState connectionState, CancellationToken token)
{
string keyAsString;
Settings.GetSrpKey(out keyAsString);
byte[] key = keyAsString.ConvertHexStringToByteArray();
byte[] random = new byte[128];
var rngProvider = new System.Security.Cryptography.RNGCryptoServiceProvider();
rngProvider.GetBytes(random);
var secureRandomInstance = SecureRandom.GetInstance("SHA256PRNG");
secureRandomInstance.SetSeed(random);
TlsClientProtocol srpClientProtocol = new TlsClientProtocol(secureRandomInstance);
var srpClient = new MySrpTlsClient(Encoding.ASCII.GetBytes("user"), key);
srpClientProtocol.Connect(srpClient);
var stream = connectionState.client.GetStream();
byte[] inputBuffer = new byte[4096];
while (srpClient.handshakeFinished != true)
{
int dataAvailable = srpClientProtocol.GetAvailableOutputBytes();
if (dataAvailable != 0)
{
byte[] data = new byte[dataAvailable];
srpClientProtocol.ReadOutput(data, 0, dataAvailable);
await stream.WriteAsync(data, 0, dataAvailable, token);
}
int bytesReceived = await stream.ReadAsync(inputBuffer, 0, inputBuffer.Length, token);
if (bytesReceived != 0)
{
byte[] truncatedInputBuffer = new byte[bytesReceived];
Array.Copy(inputBuffer, 0, truncatedInputBuffer, 0, bytesReceived);
srpClientProtocol.OfferInput(truncatedInputBuffer);
}
}
connectionState.srpClientProtocol = srpClientProtocol;
}
public override async Task CloseAsync()
{
if (State == ChannelState.Closed || State == ChannelState.ClosedReceived)
{
return;
}
State = ChannelState.ClosedReceived;
try
{
if (protocol != null)
{
protocol.Close();
}
}
catch { }
protocol = null;
if (client != null && client.Client != null && (client.Client.Connected && client.Client.Poll(10, SelectMode.SelectRead)))
{
if (client.Client.UseOnlyOverlappedIO)
{
client.Client.DuplicateAndClose(Process.GetCurrentProcess().Id);
}
else
{
client.Close();
}
}
client = null;
if (readConnection != null)
{
readConnection.Dispose();
}
if (writeConnection != null)
{
writeConnection.Dispose();
}
State = ChannelState.Closed;
OnClose?.Invoke(this, new ChannelCloseEventArgs(Id));
await Task.CompletedTask;
}
private static byte[] UnwrapApdu(byte[] response, TlsClientProtocol tls)
{
tls.OfferInput(response);
int dataAvailable = tls.GetAvailableInputBytes();
if (dataAvailable == 0)
{
throw new RemoteProtocolException("Error in APDU response");
}
byte[] unwrappedData = new byte[dataAvailable];
tls.ReadInput(unwrappedData, 0, unwrappedData.Length);
return(unwrappedData);
}
public static TlsClientProtocol ConnectPskTlsClientNonBlocking(string identity, byte[] psk)
{
try
{
SimplePskIdentity pskIdentity = new SimplePskIdentity(identity, psk);
PskTlsClient2 pskTlsClient = new PskTlsClient2(pskIdentity);
TlsClientProtocol protocol = new TlsClientProtocol(new SecureRandom());
protocol.Connect(pskTlsClient);
return(protocol);
}
catch (Exception ex)
{
Console.WriteLine("Exception in TLS protocol connnection '{0}'", ex.Message);
throw ex;
}
}
public async Task Connect(string host, int port)
{
_tcpClient = new TcpClient();
await _tcpClient.ConnectAsync(host, port).ConfigureAwait(false);
StartTlsResult sessionInitialized = await TryInitializeSession(_tcpClient.GetStream()).ConfigureAwait(false);
if (!sessionInitialized.Success)
{
throw new Exception("Failed to initialize session.");
}
TlsClientProtocol clientProtocol = new TlsClientProtocol(_tcpClient.GetStream(), SecureRandom.GetInstance("SHA256PRNG"));
clientProtocol.Connect(new BasicTlsClient());
}
public static void RunMainTests(string[] args)
{
string hostname = "localhost";
int port = 5556;
long time1 = DateTime.UtcNow.Ticks;
MockTlsClient client = new MockTlsClient(null);
TlsClientProtocol protocol = OpenTlsConnection(hostname, port, client);
protocol.Close();
long time2 = DateTime.UtcNow.Ticks;
Console.WriteLine("Elapsed 1: " + (time2 - time1) / TimeSpan.TicksPerMillisecond + "ms");
client = new MockTlsClient(client.GetSessionToResume());
protocol = OpenTlsConnection(hostname, port, client);
long time3 = DateTime.UtcNow.Ticks;
Console.WriteLine("Elapsed 2: " + (time3 - time2) / TimeSpan.TicksPerMillisecond + "ms");
byte[] req = Encoding.UTF8.GetBytes("GET / HTTP/1.1\r\n\r\n");
Stream tlsStream = protocol.Stream;
tlsStream.Write(req, 0, req.Length);
tlsStream.Flush();
StreamReader reader = new StreamReader(tlsStream);
String line;
while ((line = reader.ReadLine()) != null)
{
Console.WriteLine(">>> " + line);
}
protocol.Close();
}
public void TestClientServer()
{
SecureRandom secureRandom = new SecureRandom();
PipedStream clientPipe = new PipedStream();
PipedStream serverPipe = new PipedStream(clientPipe);
TlsClientProtocol clientProtocol = new TlsClientProtocol(clientPipe, secureRandom);
TlsServerProtocol serverProtocol = new TlsServerProtocol(serverPipe, secureRandom);
Server server = new Server(serverProtocol);
Thread serverThread = new Thread(new ThreadStart(server.Run));
serverThread.Start();
MockPskTlsClient client = new MockPskTlsClient(null);
clientProtocol.Connect(client);
// NOTE: Because we write-all before we read-any, this length can't be more than the pipe capacity
int length = 1000;
byte[] data = new byte[length];
secureRandom.NextBytes(data);
Stream output = clientProtocol.Stream;
output.Write(data, 0, data.Length);
byte[] echo = new byte[data.Length];
int count = Streams.ReadFully(clientProtocol.Stream, echo);
Assert.AreEqual(count, data.Length);
Assert.IsTrue(Arrays.AreEqual(data, echo));
output.Close();
serverThread.Join();
}
/// <summary>
/// Send a HTTP request to the remote socket
/// </summary>
/// <param name="method"></param>
/// <param name="resource"></param>
/// <param name="httpVersion"></param>
/// <param name="client"></param>
/// <param name="headers"></param>
/// <returns>Response Stream</returns>
public Stream SendHttp(string method, string resource, string data, string httpVersion, TlsClient client, HttpHeaders headers)
{
TlsClientProtocol protocol = new TlsClientProtocol(_tcpClient.GetStream(), new SecureRandom());
try
{
protocol.Connect(client);
}
catch (TlsException)
{
throw new ProtocolVersionNotSupported();
}
// build protocol info, headers & body
StringBuilder sb = new StringBuilder();
sb.AppendLine($"{method.ToUpper()} {resource} HTTP/{httpVersion}");
if (!headers.Contains("host"))
{
headers.Add("Host", _host);
}
sb.AppendLine(headers.ToString());
// append data in case of POST or similar
if (data != null)
{
sb.Append(data);
}
// Console.WriteLine(sb.ToString());
var requestBytes = Encoding.ASCII.GetBytes(sb.ToString());
Stream stream = protocol.Stream;
stream.Write(requestBytes, 0, requestBytes.Length);
stream.Flush();
return(stream);
}
public static TlsClientProtocol ConnectPskTlsClientNonBlocking(this TcpClient client, string identity, byte[] psk)
{
try
{
SimplePskIdentity pskIdentity = new SimplePskIdentity(identity, psk);
PskTlsClient2 pskTlsClient = new PskTlsClient2(pskIdentity);
TlsClientProtocol protocol = new TlsClientProtocol(new SecureRandom());
protocol.Connect(pskTlsClient);
return(protocol);
}
catch (AggregateException ae)
{
string msg = String.Format("AggregateException in TLS protocol connnection '{0}'", ae.Flatten().InnerException.Message);
Console.WriteLine(msg);
throw new Exception(msg, ae.Flatten().InnerException);
}
catch (Exception ex)
{
Console.WriteLine("Exception in TLS protocol connnection '{0}'", ex.Message);
throw ex;
}
}
public void TestClientServer()
{
SecureRandom secureRandom = new SecureRandom();
PipedStream clientPipe = new PipedStream();
PipedStream serverPipe = new PipedStream(clientPipe);
TlsClientProtocol clientProtocol = new TlsClientProtocol(clientPipe, secureRandom);
TlsServerProtocol serverProtocol = new TlsServerProtocol(serverPipe, secureRandom);
Server server = new Server(serverProtocol);
Thread serverThread = new Thread(new ThreadStart(server.Run));
serverThread.Start();
MockSrpTlsClient client = new MockSrpTlsClient(null, MockSrpTlsServer.TEST_IDENTITY, MockSrpTlsServer.TEST_PASSWORD);
clientProtocol.Connect(client);
// NOTE: Because we write-all before we read-any, this length can't be more than the pipe capacity
int length = 1000;
byte[] data = new byte[length];
secureRandom.NextBytes(data);
Stream output = clientProtocol.Stream;
output.Write(data, 0, data.Length);
byte[] echo = new byte[data.Length];
int count = Streams.ReadFully(clientProtocol.Stream, echo);
Assert.AreEqual(count, data.Length);
Assert.IsTrue(Arrays.AreEqual(data, echo));
output.Close();
serverThread.Join();
}
public void Connect(IPAddress IPAddress, UInt16 Port, byte[] PSK, UInt64 ClientID)
{
AssertInitialized();
if (IPAddress == null)
{
throw new ArgumentNullException("IPAddress");
}
if (Port == 0)
{
throw new ArgumentOutOfRangeException("Port", "Must be greater than 0");
}
if (PSK.Length != 32)
{
throw new ArgumentException("Must be 32 bytes", "PSK");
}
if (ClientID == 0)
{
throw new ArgumentOutOfRangeException("ClientID", "Must be greater than 0");
}
this.IPAddress = IPAddress;
try
{
this.ClientID = ClientID;
TcpClient TcpClient = new TcpClient(IPAddress.ToString(), Port);
TlsClientProtocol TlsClientProtocol = new TlsClientProtocol(TcpClient.GetStream(), new SecureRandom());
SteamPSKTLSIdentity SteamPSKTLSIdentity = new SteamPSKTLSIdentity(Encoding.UTF8.GetBytes(PSKIdentity), PSK);
SteamPSKTLSClient Client = new SteamPSKTLSClient(SteamPSKTLSIdentity);
TlsClientProtocol.Connect(Client);
TLSStream = TlsClientProtocol.Stream;
IncomingMessageProcessingThread.Start();
OutgoingMessageProcessingThread.Start();
}
catch (Exception e)
{
ExceptionHandler(e);
}
}
public HttpResponse Do(HttpRequest req)
{
using (var tcpClient = new TcpClient(req.RequestUri.Host, req.RequestUri.Port))
{
if (req.RequestUri.Scheme == Uri.UriSchemeHttps)
{
var protocol = new TlsClientProtocol(tcpClient.GetStream(), new SecureRandom());
var tlsClient = new MyTlsClient();
protocol.Connect(tlsClient);
var stream = protocol.Stream;
WriteRequest(req, stream);
var res = ReadResponse(stream);
protocol.Close();
return(res);
}
else
{
var stream = tcpClient.GetStream();
WriteRequest(req, stream);
var res = ReadResponse(stream);
return(res);
}
}
}
private void Connect()
{
Uri uri =
#if !BESTHTTP_DISABLE_PROXY
CurrentRequest.HasProxy ? CurrentRequest.Proxy.Address :
#endif
CurrentRequest.CurrentUri;
#region TCP Connection
if (Client == null)
{
Client = new TcpClient();
}
if (!Client.Connected)
{
Client.ConnectTimeout = CurrentRequest.ConnectTimeout;
#if NETFX_CORE || (UNITY_WP8 && !UNITY_EDITOR)
Client.UseHTTPSProtocol =
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
!CurrentRequest.UseAlternateSSL &&
#endif
HTTPProtocolFactory.IsSecureProtocol(uri);
#endif
Client.Connect(uri.Host, uri.Port);
if (HTTPManager.Logger.Level <= Logger.Loglevels.Information)
{
HTTPManager.Logger.Information("HTTPConnection", "Connected to " + uri.Host + ":" + uri.Port.ToString());
}
}
else if (HTTPManager.Logger.Level <= Logger.Loglevels.Information)
{
HTTPManager.Logger.Information("HTTPConnection", "Already connected to " + uri.Host + ":" + uri.Port.ToString());
}
#endregion
lock (HTTPManager.Locker)
StartTime = DateTime.UtcNow;
if (Stream == null)
{
bool isSecure = HTTPProtocolFactory.IsSecureProtocol(CurrentRequest.CurrentUri);
#if !BESTHTTP_DISABLE_PROXY
#region Proxy Handling
if (HasProxy && (!Proxy.IsTransparent || (isSecure && Proxy.NonTransparentForHTTPS)))
{
Stream = Client.GetStream();
var outStream = new BinaryWriter(Stream);
bool retry;
do
{
// If we have to becouse of a authentication request, we will switch it to true
retry = false;
outStream.SendAsASCII(string.Format("CONNECT {0}:{1} HTTP/1.1", CurrentRequest.CurrentUri.Host, CurrentRequest.CurrentUri.Port));
outStream.Write(HTTPRequest.EOL);
outStream.SendAsASCII("Proxy-Connection: Keep-Alive");
outStream.Write(HTTPRequest.EOL);
outStream.SendAsASCII("Connection: Keep-Alive");
outStream.Write(HTTPRequest.EOL);
outStream.SendAsASCII(string.Format("Host: {0}:{1}", CurrentRequest.CurrentUri.Host, CurrentRequest.CurrentUri.Port));
outStream.Write(HTTPRequest.EOL);
// Proxy Authentication
if (HasProxy && Proxy.Credentials != null)
{
switch (Proxy.Credentials.Type)
{
case AuthenticationTypes.Basic:
// With Basic authentication we don't want to wait for a challange, we will send the hash with the first request
outStream.Write(string.Format("Proxy-Authorization: {0}", string.Concat("Basic ", Convert.ToBase64String(Encoding.UTF8.GetBytes(Proxy.Credentials.UserName + ":" + Proxy.Credentials.Password)))).GetASCIIBytes());
outStream.Write(HTTPRequest.EOL);
break;
case AuthenticationTypes.Unknown:
case AuthenticationTypes.Digest:
var digest = DigestStore.Get(Proxy.Address);
if (digest != null)
{
string authentication = digest.GenerateResponseHeader(CurrentRequest, Proxy.Credentials);
if (!string.IsNullOrEmpty(authentication))
{
outStream.Write(string.Format("Proxy-Authorization: {0}", authentication).GetASCIIBytes());
outStream.Write(HTTPRequest.EOL);
}
}
break;
}
}
outStream.Write(HTTPRequest.EOL);
// Make sure to send all the wrote data to the wire
outStream.Flush();
CurrentRequest.ProxyResponse = new HTTPResponse(CurrentRequest, Stream, false, false);
// Read back the response of the proxy
if (!CurrentRequest.ProxyResponse.Receive(-1, true))
{
throw new Exception("Connection to the Proxy Server failed!");
}
if (HTTPManager.Logger.Level <= Logger.Loglevels.Information)
{
HTTPManager.Logger.Information("HTTPConnection", "Proxy returned - status code: " + CurrentRequest.ProxyResponse.StatusCode + " message: " + CurrentRequest.ProxyResponse.Message);
}
switch (CurrentRequest.ProxyResponse.StatusCode)
{
// Proxy authentication required
// http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.8
case 407:
{
string authHeader = DigestStore.FindBest(CurrentRequest.ProxyResponse.GetHeaderValues("proxy-authenticate"));
if (!string.IsNullOrEmpty(authHeader))
{
var digest = DigestStore.GetOrCreate(Proxy.Address);
digest.ParseChallange(authHeader);
if (Proxy.Credentials != null && digest.IsUriProtected(Proxy.Address) && (!CurrentRequest.HasHeader("Proxy-Authorization") || digest.Stale))
{
retry = true;
}
}
break;
}
default:
if (!CurrentRequest.ProxyResponse.IsSuccess)
{
throw new Exception(string.Format("Proxy returned Status Code: \"{0}\", Message: \"{1}\" and Response: {2}", CurrentRequest.ProxyResponse.StatusCode, CurrentRequest.ProxyResponse.Message, CurrentRequest.ProxyResponse.DataAsText));
}
break;
}
} while (retry);
}
#endregion
#endif // #if !BESTHTTP_DISABLE_PROXY
// We have to use CurrentRequest.CurrentUri here, becouse uri can be a proxy uri with a different protocol
if (isSecure)
{
#region SSL Upgrade
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
if (CurrentRequest.UseAlternateSSL)
{
var handler = new TlsClientProtocol(Client.GetStream(), new Org.BouncyCastle.Security.SecureRandom());
// http://tools.ietf.org/html/rfc3546#section-3.1
// It is RECOMMENDED that clients include an extension of type "server_name" in the client hello whenever they locate a server by a supported name type.
List <string> hostNames = new List <string>(1);
hostNames.Add(CurrentRequest.CurrentUri.Host);
handler.Connect(new LegacyTlsClient(CurrentRequest.CurrentUri,
CurrentRequest.CustomCertificateVerifyer == null ? new AlwaysValidVerifyer() : CurrentRequest.CustomCertificateVerifyer,
CurrentRequest.CustomClientCredentialsProvider,
hostNames));
Stream = handler.Stream;
}
else
#endif
{
#if !NETFX_CORE && !UNITY_WP8
SslStream sslStream = new SslStream(Client.GetStream(), false, (sender, cert, chain, errors) =>
{
return(CurrentRequest.CallCustomCertificationValidator(cert, chain));
});
if (!sslStream.IsAuthenticated)
{
sslStream.AuthenticateAsClient(CurrentRequest.CurrentUri.Host);
}
Stream = sslStream;
#else
Stream = Client.GetStream();
#endif
}
#endregion
}
else
{
Stream = Client.GetStream();
}
}
}
public async static Task <byte[]> ReadXrpTransaction(uint length, ConnectionState connectionState, CancellationToken token, TlsClientProtocol tls)
{
List <byte> apdu = new List <byte>();
byte[] header = { 0x80, 0xE0, 0x01, 0x00 };
byte[] response;
uint chunksToRead;
uint chunkSize = 128;
uint remainingLength = length;
List <byte> transaction = new List <byte>();
chunksToRead = length / chunkSize;
if ((length % chunkSize) != 0)
{
chunksToRead++;
}
for (int i = 0; i < chunksToRead; i++)
{
apdu.Clear();
apdu.AddRange(header);
apdu.Add(0x02);
apdu.Add((byte)(i >> 8));
apdu.Add((byte)i);
response = await SendWrappedAPDU(apdu.ToArray(), chunkSize, connectionState, token, tls);
if (remainingLength < chunkSize)
{
response = response.Take((int)remainingLength).ToArray();
}
transaction.AddRange(response);
remainingLength -= chunkSize;
}
return(transaction.ToArray());
}
public async static Task <RippleTransactionInfo> GetXrpTransactionDetails(ConnectionState connectionState, CancellationToken token, TlsClientProtocol tls)
{
byte[] apdu = { 0x80, 0xE0, 0x00, 0x00 };
byte[] response;
try
{
response = await SendWrappedAPDU(apdu, 7, connectionState, token, tls);
}
catch (Non9000SwException)
{
throw new TransactionNotActiveException();
}
RippleTransactionInfo transactionInfo = new RippleTransactionInfo();
if (response[0] != 0x00)
{
transactionInfo.transactionTooBigToDisplay = true;
}
else
{
transactionInfo.transactionTooBigToDisplay = false;
}
transactionInfo.currentOffset = Helper.MakeUint16(response, 1);
transactionInfo.remainingTime = Helper.MakeUint32(response, 3);
return(transactionInfo);
}
public async static Task SelectXrpApp(ConnectionState connectionState, CancellationToken token, TlsClientProtocol tls)
{
byte[] apdu = { 0x00, 0xA4, 0x04, 0x00, 0x09, 0x58, 0x52, 0x50, 0x41, 0x50, 0x50, 0x4C, 0x45, 0x54 };
try
{
await SendWrappedAPDU(apdu, 0, connectionState, token, tls);
}
catch (Non9000SwException)
{
throw new AppNotPresentException();
}
}
public async static Task <Int64[]> GetBtcInputAmounts(uint numberOfInputs, ConnectionState connectionState, CancellationToken token, TlsClientProtocol tls)
{
List <byte> apdu = new List <byte>();
byte[] header = { 0xE0, 0xE0, 0x02, 0x00 };
byte[] response;
Int64[] amounts;
amounts = new Int64[numberOfInputs];
apdu.Clear();
apdu.AddRange(header);
response = await SendWrappedAPDU(apdu.ToArray(), (numberOfInputs * 8), connectionState, token, tls);
for (int j = 0; j < numberOfInputs; j++)
{
amounts[j] = Helper.MakeInt64(response, j * 8);
}
return(amounts);
}
public async static Task SelectBtcApp(ConnectionState connectionState, CancellationToken token, TlsClientProtocol tls)
{
byte[] apdu = { 0x00, 0xA4, 0x04, 0x00, 0x09, 0x42, 0x54, 0x43, 0x41, 0x50, 0x50, 0x4C, 0x45, 0x54 };
await SendWrappedAPDU(apdu, 0, connectionState, token, tls);
}
private async static Task <byte[]> SendWrappedAPDU(byte[] apdu, uint expectedLength,
ConnectionState connectionState, CancellationToken token, TlsClientProtocol tls)
{
byte[] wrappedApdu = WrapApdu(apdu, tls);
byte[] response = await SendApduAsync(wrappedApdu, connectionState, token);
if ((response[response.Length - 1] != 0x00) || (response[response.Length - 2] != 0x90))
{
throw new RemoteProtocolException("Invalid APDU response");
}
response = response.Take(response.Count() - 2).ToArray();
response = UnwrapApdu(response, tls);
if ((response[response.Length - 1] != 0x00) || (response[response.Length - 2] != 0x90))
{
throw new Non9000SwException("Invalid APDU response");
}
if ((response.Length) != expectedLength + 2)
{
throw new RemoteProtocolException("Invalid APDU response");
}
return(response.Take(response.Count() - 2).ToArray());
}
public void RunTest(TlsTestConfig config)
{
CheckTlsVersion(config.clientMinimumVersion);
CheckTlsVersion(config.clientOfferVersion);
CheckTlsVersion(config.serverMaximumVersion);
CheckTlsVersion(config.serverMinimumVersion);
SecureRandom secureRandom = new SecureRandom();
PipedStream clientPipe = new PipedStream();
PipedStream serverPipe = new PipedStream(clientPipe);
NetworkStream clientNet = new NetworkStream(clientPipe);
NetworkStream serverNet = new NetworkStream(serverPipe);
TlsClientProtocol clientProtocol = new TlsClientProtocol(clientNet, secureRandom);
TlsServerProtocol serverProtocol = new TlsServerProtocol(serverNet, secureRandom);
TlsTestClientImpl clientImpl = new TlsTestClientImpl(config);
TlsTestServerImpl serverImpl = new TlsTestServerImpl(config);
Server server = new Server(this, serverProtocol, serverImpl);
Thread serverThread = new Thread(new ThreadStart(server.Run));
serverThread.Start();
Exception caught = null;
try
{
clientProtocol.Connect(clientImpl);
// NOTE: Because we write-all before we read-any, this length can't be more than the pipe capacity
int length = 1000;
byte[] data = new byte[length];
secureRandom.NextBytes(data);
Stream output = clientProtocol.Stream;
output.Write(data, 0, data.Length);
byte[] echo = new byte[data.Length];
int count = Streams.ReadFully(clientProtocol.Stream, echo);
Assert.AreEqual(count, data.Length);
Assert.IsTrue(Arrays.AreEqual(data, echo));
output.Close();
}
catch (Exception e)
{
caught = e;
LogException(caught);
}
server.AllowExit();
serverThread.Join();
Assert.IsTrue(clientNet.IsClosed, "Client Stream not closed");
Assert.IsTrue(serverNet.IsClosed, "Server Stream not closed");
Assert.AreEqual(config.expectFatalAlertConnectionEnd, clientImpl.FirstFatalAlertConnectionEnd, "Client fatal alert connection end");
Assert.AreEqual(config.expectFatalAlertConnectionEnd, serverImpl.FirstFatalAlertConnectionEnd, "Server fatal alert connection end");
Assert.AreEqual(config.expectFatalAlertDescription, clientImpl.FirstFatalAlertDescription, "Client fatal alert description");
Assert.AreEqual(config.expectFatalAlertDescription, serverImpl.FirstFatalAlertDescription, "Server fatal alert description");
if (config.expectFatalAlertConnectionEnd == -1)
{
Assert.IsNull(caught, "Unexpected client exception");
Assert.IsNull(server.mCaught, "Unexpected server exception");
}
}
public ConnectionState()
{
client = null;
srpClientProtocol = null;
}
private void Connect()
{
Uri uri = CurrentRequest.HasProxy ? CurrentRequest.Proxy.Address : CurrentRequest.CurrentUri;
if (Client == null)
{
Client = new TcpClient();
}
if (!Client.Connected)
{
Client.ConnectTimeout = CurrentRequest.ConnectTimeout;
#if NETFX_CORE
Client.UseHTTPSProtocol = !CurrentRequest.UseAlternateSSL && HTTPProtocolFactory.IsSecureProtocol(uri);
// On WinRT and >WP8 we use the more secure Tls12 protocol, but on WP8 only Ssl is available...
#if UNITY_WP_8_1 || UNITY_METRO_8_1
Client.HTTPSProtocol = (int)SocketProtectionLevel.Tls12;
#else
Client.HTTPSProtocol = (int)SocketProtectionLevel.Ssl;
#endif
#endif
Client.Connect(uri.Host, uri.Port);
HTTPManager.Logger.Information("HTTPConnection", "Connected to " + uri.Host);
}
else
{
HTTPManager.Logger.Information("HTTPConnection", "Already connected to " + uri.Host);
}
lock (HTTPManager.Locker)
StartTime = DateTime.UtcNow;
if (Stream == null)
{
if (HasProxy && !Proxy.IsTransparent)
{
Stream = Client.GetStream();
var outStream = new BinaryWriter(Stream);
outStream.Write(string.Format("CONNECT {0}:{1} HTTP/1.1", CurrentRequest.CurrentUri.Host, CurrentRequest.CurrentUri.Port).GetASCIIBytes());
outStream.Write(HTTPRequest.EOL);
outStream.Write(string.Format("Proxy-Connection: Keep-Alive"));
outStream.Write(HTTPRequest.EOL);
outStream.Write(string.Format("Connection: Keep-Alive"));
outStream.Write(HTTPRequest.EOL);
outStream.Write(string.Format("Host: {0}:{1}", CurrentRequest.CurrentUri.Host, CurrentRequest.CurrentUri.Port).GetASCIIBytes());
outStream.Write(HTTPRequest.EOL);
outStream.Write(HTTPRequest.EOL);
outStream.Flush();
CurrentRequest.ProxyResponse = new HTTPProxyResponse(CurrentRequest, Stream, false, false);
if (!CurrentRequest.ProxyResponse.Receive())
{
throw new Exception("Connection to the Proxy Server failed!");
}
// TODO: check & handle proxy status code?
}
// We have to use CurrentRequest.CurrentUri here, becouse uri can be a proxy uri with a different protocol
if (HTTPProtocolFactory.IsSecureProtocol(CurrentRequest.CurrentUri))
{
// On WP8 there are no Mono, so we must use the 'alternate' TlsHandlers
if (CurrentRequest.UseAlternateSSL)
{
var handler = new TlsClientProtocol(Client.GetStream(), new Org.BouncyCastle.Security.SecureRandom());
if (CurrentRequest.CustomCertificateVerifyer == null)
{
handler.Connect(new LegacyTlsClient(new AlwaysValidVerifyer()));
}
else
{
handler.Connect(new LegacyTlsClient(CurrentRequest.CustomCertificateVerifyer));
}
Stream = handler.Stream;
}
else
{
#if !UNITY_WP8 && !NETFX_CORE
SslStream sslStream = new SslStream(Client.GetStream(), false, (sender, cert, chain, errors) =>
{
return(CurrentRequest.CallCustomCertificationValidator(cert, chain));
});
if (!sslStream.IsAuthenticated)
{
sslStream.AuthenticateAsClient(uri.Host);
}
Stream = sslStream;
#else
Stream = Client.GetStream();
#endif
}
}
else
{
Stream = Client.GetStream();
}
}
}
public override async Task OnConnectedAsync(ConnectionContext connection)
{
Logger.Debug($"Connecting to {_proxySettings.RemoteHost}:{_proxySettings.RemotePort}");
var proxyClient = new TcpClient();
await proxyClient.ConnectAsync(_proxySettings.RemoteHost, _proxySettings.RemotePort);
var ogStream = proxyClient.GetStream();
Stream proxyStream = ogStream;
if (_proxySettings.Secure)
{
var protocol = new TlsClientProtocol(proxyStream, new Org.BouncyCastle.Security.SecureRandom());
protocol.Connect(new BlazeTlsClient());
proxyStream = protocol.Stream;
}
var blazeProtocol = new BlazeProxyProtocol();
var localReader = connection.CreateReader();
var localWriter = connection.CreateWriter();
var remoteReader = new ProtocolReader(proxyStream);
var remoteWriter = new ProtocolWriter(proxyStream);
while (true)
{
try
{
var result = await localReader.ReadAsync(blazeProtocol);
var message = result.Message;
if (message != null)
{
var header = message.Header;
Logger.Debug(
$"Client -> Proxy; Length:{header.Length} Component:{header.Component} Command:0x{header.Command:X2} ErrorCode:{header.ErrorCode} MessageType:{header.MessageType} MessageId:{header.MessageId}");
var requestPayload = message.Payload;
if (!requestPayload.IsEmpty)
{
if (!_parser.TryParseBody(requestPayload))
{
Logger.Error("Failed to parse request message");
}
}
await remoteWriter.WriteAsync(blazeProtocol, message);
}
if (result.IsCompleted)
{
break;
}
}
finally
{
localReader.Advance();
}
do
{
try
{
var result = await remoteReader.ReadAsync(blazeProtocol);
var message = result.Message;
if (message != null)
{
var header = message.Header;
Logger.Debug(
$"Proxy <- Server; Length:{header.Length} Component:{header.Component} Command:0x{header.Command:X2} ErrorCode:{header.ErrorCode} MessageType:{header.MessageType} MessageId:{header.MessageId}");
var responsePayload = message.Payload;
if (!responsePayload.IsEmpty)
{
if (!_parser.TryParseBody(responsePayload))
{
Logger.Error("Failed to parse response message");
}
}
await localWriter.WriteAsync(blazeProtocol, message);
}
if (result.IsCompleted)
{
break;
}
}
finally
{
remoteReader.Advance();
}
} while (ogStream.DataAvailable);
}
}
public async static Task <EthereumTransactionInfo> GetEthTransactionDetails(ConnectionState connectionState, CancellationToken token, TlsClientProtocol tls)
{
byte[] apdu = { 0x80, 0xE0, 0x00, 0x00 };
byte[] response;
try
{
response = await SendWrappedAPDU(apdu, 29, connectionState, token, tls);
}
catch (Non9000SwException)
{
throw new TransactionNotActiveException();
}
EthereumTransactionInfo transactionInfo = new EthereumTransactionInfo();
transactionInfo.type = Helper.MakeUint16(response, 0);
if (response[2] != 0x00)
{
transactionInfo.transactionTooBigToDisplay = true;
}
else
{
transactionInfo.transactionTooBigToDisplay = false;
}
transactionInfo.currentOffset = Helper.MakeUint16(response, 3);
transactionInfo.address = new byte[20];
Array.Copy(response, 5, transactionInfo.address, 0, 20);
transactionInfo.remainingTime = Helper.MakeUint32(response, 25);
return(transactionInfo);
}
