private SecurityOptions CreateClientSecurityOptions(SSLComponentData sslData) { CertVerifyEventHandler serverCertificateCheckHandler = null; CertRequestEventHandler clientCertificateRequestHandler = null; CredentialVerification credentialVerification = CredentialVerification.Auto; SecureProtocol protocol = SecureProtocol.None; SslAlgorithms sslAlgs = SslAlgorithms.ALL; if (((sslData.TargetRequiredOptions & SecurityAssociationOptions.EstablishTrustInTarget) > 0) || ((sslData.TargetRequiredOptions & SecurityAssociationOptions.EstablishTrustInClient) > 0)) { protocol = SecureProtocol.Tls1 | SecureProtocol.Ssl3; sslAlgs = SslAlgorithms.SECURE_CIPHERS; credentialVerification = CredentialVerification.Manual; serverCertificateCheckHandler = new CertVerifyEventHandler(this.CheckServerCertAtClient); clientCertificateRequestHandler = new CertRequestEventHandler(this.GetClientCertAtClient); } SecurityOptions result = new SecurityOptions(protocol, null, ConnectionEnd.Client, credentialVerification, serverCertificateCheckHandler, null, SecurityFlags.Default, sslAlgs, clientCertificateRequestHandler); return(result); }
/// <summary><see cref="Ch.Elca.Iiop.IClientTransportFactory.CreateTransport(IIorProfile)"/></summary> public IClientTransport CreateTransport(IIorProfile profile) { if (profile.ProfileId != TAG_INTERNET_IOP.ConstVal) { throw new INTERNAL(734, CompletionStatus.Completed_No); } object sslComponentDataObject = GetSSLComponent(profile, m_codec); if (sslComponentDataObject == null) { throw new INTERNAL(734, CompletionStatus.Completed_No); } SSLComponentData sslComponent = (SSLComponentData)sslComponentDataObject; IInternetIiopProfile targetProfile = (IInternetIiopProfile)profile; int port = sslComponent.GetPort(); SecurityOptions options = CreateClientSecurityOptions(sslComponent); IPAddress asIpAddress; IClientTransport result = IPAddress.TryParse(targetProfile.HostName, out asIpAddress) ? new SslClientTransport(asIpAddress, port, options) : new SslClientTransport(targetProfile.HostName, port, options); result.ReceiveTimeOut = m_receiveTimeOut; result.SendTimeOut = m_sendTimeOut; return(result); }
/// <summary><see cref="Ch.Elca.Iiop.IServerTransportFactory.GetListenPoints(object)"/></summary> public object[] GetListenPoints(Ch.Elca.Iiop.IiopChannelData chanData) { ArrayList listenpoints = new ArrayList(); for (int i = 0; i < chanData.AdditionalTaggedComponents.Length; i++) { if (chanData.AdditionalTaggedComponents[i].tag == TAG_SSL_SEC_TRANS.ConstVal) { SSLComponentData sslComp = (SSLComponentData)m_codec.decode_value(chanData.AdditionalTaggedComponents[i].component_data, SSLComponentData.TypeCode); listenpoints.Add(new omg.org.IIOP.ListenPoint(chanData.HostName, sslComp.Port)); } } return(listenpoints.ToArray()); }
/// <summary><see cref="Ch.Elca.Iiop.IServerConnectionListener.StartListening"</summary> public int StartListening(IPAddress bindTo, int listeningPortSuggestion, out TaggedComponent[] taggedComponents) { if (!m_isInitalized) { throw CreateNotInitalizedException(); } if (m_listenerActive) { throw CreateAlreadyListeningException(); } int resultPort = listeningPortSuggestion; m_listener = new SecureTcpListener(bindTo, listeningPortSuggestion, m_sslOpts); // start TCP-Listening m_listener.Start(); if (listeningPortSuggestion == 0) { // auto-assign port selected resultPort = ((IPEndPoint)m_listener.LocalEndpoint).Port; } if (m_isSecured) { // create ssl tagged component SSLComponentData sslData = new SSLComponentData(Convert.ToInt16(m_supportedOptions), Convert.ToInt16(m_requiredOptions), (short)resultPort); taggedComponents = new TaggedComponent[] { new TaggedComponent(TAG_SSL_SEC_TRANS.ConstVal, m_codec.encode_value(sslData)) }; resultPort = 0; // don't allow unsecured connections -> port is in ssl components } else { taggedComponents = new TaggedComponent[0]; } m_listenerActive = true; // start the handler thread m_listenerThread.Start(); return(resultPort); }
/// <summary><see cref="Ch.Elca.Iiop.IServerConnectionListener.StartListening"</summary> public int StartListening(IPAddress bindTo, int listeningPortSuggestion, out TaggedComponent[] taggedComponents) { if (!m_isInitalized) { throw CreateNotInitalizedException(); } if (m_listenerActive) { throw CreateAlreadyListeningException(); } int resultPort = listeningPortSuggestion; m_listener = new SecureTcpListener(bindTo, listeningPortSuggestion, m_sslOpts); // start TCP-Listening m_listener.Start(); if (listeningPortSuggestion == 0) { // auto-assign port selected resultPort = ((IPEndPoint)m_listener.LocalEndpoint).Port; } if (m_isSecured) { // create ssl tagged component SSLComponentData sslData = new SSLComponentData(Convert.ToInt16(m_supportedOptions), Convert.ToInt16(m_requiredOptions), (short)resultPort); taggedComponents = new TaggedComponent[] { new TaggedComponent(TAG_SSL_SEC_TRANS.ConstVal, m_codec.encode_value(sslData)) }; resultPort = 0; // don't allow unsecured connections -> port is in ssl components } else { taggedComponents = new TaggedComponent[0]; } m_listenerActive = true; // start the handler thread m_listenerThread.Start(); return resultPort; }
private SecurityOptions CreateClientSecurityOptions(SSLComponentData sslData) { CertVerifyEventHandler serverCertificateCheckHandler = null; CertRequestEventHandler clientCertificateRequestHandler = null; CredentialVerification credentialVerification = CredentialVerification.Auto; SecureProtocol protocol = SecureProtocol.None; SslAlgorithms sslAlgs = SslAlgorithms.ALL; if (((sslData.TargetRequiredOptions & SecurityAssociationOptions.EstablishTrustInTarget) > 0) || ((sslData.TargetRequiredOptions & SecurityAssociationOptions.EstablishTrustInClient) > 0)) { protocol = SecureProtocol.Tls1 | SecureProtocol.Ssl3; sslAlgs = SslAlgorithms.SECURE_CIPHERS; credentialVerification = CredentialVerification.Manual; serverCertificateCheckHandler = new CertVerifyEventHandler(this.CheckServerCertAtClient); clientCertificateRequestHandler = new CertRequestEventHandler(this.GetClientCertAtClient); } SecurityOptions result = new SecurityOptions(protocol, null, ConnectionEnd.Client, credentialVerification, serverCertificateCheckHandler, null, SecurityFlags.Default, sslAlgs, clientCertificateRequestHandler); return result; }
public override IorProfile GetProfileForAddr(byte[] objectKey, Codec codec) { InternetIiopProfile result = new InternetIiopProfile(Version, Host, 0, objectKey); SSLComponentData sslComp = new SSLComponentData(SecurityAssociationOptions.EstablishTrustInClient, SecurityAssociationOptions.EstablishTrustInTarget, (short)Port); TaggedComponent sslTaggedComp = new TaggedComponent(TAG_SSL_SEC_TRANS.ConstVal, codec.encode_value(sslComp)); result.AddTaggedComponent(sslTaggedComp); return result; }