/* * do_server() */ private void do_server(int build_mode, string[] args) { int i = 1; int port = 4433; uint options = axtls.SSL_DISPLAY_CERTS; bool quiet = false; string password = null; string private_key_file = null; /* organise the cert/ca_cert lists */ int cert_size = SSLUtil.MaxCerts(); int ca_cert_size = SSLUtil.MaxCACerts(); string[] cert = new string[cert_size]; string[] ca_cert = new string[ca_cert_size]; int cert_index = 0; int ca_cert_index = 0; while (i < args.Length) { if (args[i] == "-accept") { if (i >= args.Length - 1) { print_server_options(build_mode, args[i]); } port = Int32.Parse(args[++i]); } else if (args[i] == "-quiet") { quiet = true; options &= ~(uint)axtls.SSL_DISPLAY_CERTS; } else if (build_mode >= axtls.SSL_BUILD_SERVER_ONLY) { if (args[i] == "-cert") { if (i >= args.Length - 1 || cert_index >= cert_size) { print_server_options(build_mode, args[i]); } cert[cert_index++] = args[++i]; } else if (args[i] == "-key") { if (i >= args.Length - 1) { print_server_options(build_mode, args[i]); } private_key_file = args[++i]; options |= axtls.SSL_NO_DEFAULT_KEY; } else if (args[i] == "-pass") { if (i >= args.Length - 1) { print_server_options(build_mode, args[i]); } password = args[++i]; } else if (build_mode >= axtls.SSL_BUILD_ENABLE_VERIFICATION) { if (args[i] == "-verify") { options |= axtls.SSL_CLIENT_AUTHENTICATION; } else if (args[i] == "-CAfile") { if (i >= args.Length - 1 || ca_cert_index >= ca_cert_size) { print_server_options(build_mode, args[i]); } ca_cert[ca_cert_index++] = args[++i]; } else if (build_mode == axtls.SSL_BUILD_FULL_MODE) { if (args[i] == "-debug") { options |= axtls.SSL_DISPLAY_BYTES; } else if (args[i] == "-state") { options |= axtls.SSL_DISPLAY_STATES; } else if (args[i] == "-show-rsa") { options |= axtls.SSL_DISPLAY_RSA; } else { print_server_options(build_mode, args[i]); } } else { print_server_options(build_mode, args[i]); } } else { print_server_options(build_mode, args[i]); } } else { print_server_options(build_mode, args[i]); } i++; } /* Create socket for incoming connections */ IPEndPoint ep = new IPEndPoint(IPAddress.Any, port); TcpListener server_sock = new TcpListener(ep); server_sock.Start(); /********************************************************************** * This is where the interesting stuff happens. Up until now we've * just been setting up sockets etc. Now we do the SSL handshake. **********************************************************************/ SSLServer ssl_ctx = new SSLServer( options, axtls.SSL_DEFAULT_SVR_SESS); if (ssl_ctx == null) { Console.Error.WriteLine("Error: Server context is invalid"); Environment.Exit(1); } if (private_key_file != null) { int obj_type = axtls.SSL_OBJ_RSA_KEY; if (private_key_file.EndsWith(".p8")) { obj_type = axtls.SSL_OBJ_PKCS8; } else if (private_key_file.EndsWith(".p12")) { obj_type = axtls.SSL_OBJ_PKCS12; } if (ssl_ctx.ObjLoad(obj_type, private_key_file, password) != axtls.SSL_OK) { Console.Error.WriteLine("Private key '" + private_key_file + "' is undefined."); Environment.Exit(1); } } for (i = 0; i < cert_index; i++) { if (ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CERT, cert[i], null) != axtls.SSL_OK) { Console.WriteLine("Certificate '" + cert[i] + "' is undefined."); Environment.Exit(1); } } for (i = 0; i < ca_cert_index; i++) { if (ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CACERT, ca_cert[i], null) != axtls.SSL_OK) { Console.WriteLine("Certificate '" + cert[i] + "' is undefined."); Environment.Exit(1); } } byte[] buf = null; int res; for (;;) { if (!quiet) { Console.WriteLine("ACCEPT"); } Socket client_sock = server_sock.AcceptSocket(); SSL ssl = ssl_ctx.Connect(client_sock); /* do the actual SSL handshake */ while ((res = ssl_ctx.Read(ssl, out buf)) == axtls.SSL_OK) { /* check when the connection has been established */ if (ssl.HandshakeStatus() == axtls.SSL_OK) { break; } /* could do something else here */ } if (res == axtls.SSL_OK) /* connection established and ok */ { if (!quiet) { display_session_id(ssl); display_cipher(ssl); } /* now read (and display) whatever the client sends us */ for (;;) { /* keep reading until we get something interesting */ while ((res = ssl_ctx.Read(ssl, out buf)) == axtls.SSL_OK) { /* could do something else here */ } if (res < axtls.SSL_OK) { if (!quiet) { Console.WriteLine("CONNECTION CLOSED"); } break; } /* convert to string */ char[] str = new char[res]; for (i = 0; i < res; i++) { str[i] = (char)buf[i]; } Console.Write(str); } } else if (!quiet) { SSLUtil.DisplayError(res); } /* client was disconnected or the handshake failed. */ ssl.Dispose(); client_sock.Close(); } /* ssl_ctx.Dispose(); */ }