Exemplo n.º 1
0
        protected override void OnAccept(DicomExceptionCode error)
        {
            Client client = null;

            if (error == DicomExceptionCode.Success)
            {
                if (IsSecure)
                {
                    client = new Client(this, false);
                    if (client != null)
                    {
                        //Require and verify a client certificate.
                        //Support SSL version 3 or TLS Version 1 for the handshake.
                        //Use trusted certificate authority file to verify the client certificate
                        //Verify the client certificate chain to a maximum depth of 2.
                        DicomOpenSslContextCreationSettings settings = new DicomOpenSslContextCreationSettings(DicomSslMethodType.SslV23,
                                                                                                               _certificationAuthoritiesFileName,
                                                                                                               DicomOpenSslVerificationFlags.Peer |
                                                                                                               DicomOpenSslVerificationFlags.FailIfNoPeerCertificate,
                                                                                                               2,
                                                                                                               DicomOpenSslOptionsFlags.NoSslV2 |
                                                                                                               DicomOpenSslOptionsFlags.AllBugWorkarounds);
#if !LEADTOOLS_V20_OR_LATER
                        client.Initialize(null, DicomNetSecurityeMode.Tls, settings);
#else
                        client.Initialize(null, DicomNetSecurityMode.Tls, settings);
#endif // #if !LEADTOOLS_V20_OR_LATER

                        client.SetTlsCipherSuiteByIndex(0, DicomTlsCipherSuiteType.DheRsaWithDesCbcSha);
                        client.SetTlsCipherSuiteByIndex(1, DicomTlsCipherSuiteType.DheRsaWith3DesEdeCbcSha);
                        client.SetTlsCipherSuiteByIndex(2, DicomTlsCipherSuiteType.DheRsaAes256Sha);

#if LEADTOOLS_V20_OR_LATER
                        // TLS 1.0
                        client.SetTlsCipherSuiteByIndex(3, DicomTlsCipherSuiteType.RsaWithAes128CbcSha);
                        client.SetTlsCipherSuiteByIndex(4, DicomTlsCipherSuiteType.RsaWith3DesEdeCbcSha);

                        // TLS 1.2
                        client.SetTlsCipherSuiteByIndex(5, DicomTlsCipherSuiteType.DheRsaWithAes128GcmSha256);
                        client.SetTlsCipherSuiteByIndex(6, DicomTlsCipherSuiteType.EcdheRsaWithAes128GcmSha256);
                        client.SetTlsCipherSuiteByIndex(7, DicomTlsCipherSuiteType.DheRsaWithAes256GcmSha384);
                        client.SetTlsCipherSuiteByIndex(8, DicomTlsCipherSuiteType.EcdheRsaWithAes256GcmSha384);
#endif // #if LEADTOOLS_V20_OR_LATER

                        client.SetTlsClientCertificate(_serverPEM, DicomTlsCertificateType.Pem, null);
                    }
                }
                else
                {
                    client = new Client(this);
                }

                try
                {
                    Accept(client);
                }
                catch (Exception ex)
                {
                    mf.Log("Connect", string.Format("Connection rejected : {0}", ex.Message));
                    client.Close();
                    return;
                }

                if (!Clients.ContainsKey(client.PeerAddress + "_" + client.PeerPort))
                {
                    Clients.Add(client.PeerAddress + "_" + client.PeerPort, client);
                }
                else
                {
                    mf.Log("Connect", "Connection rejected.  IP already connected: " + client.PeerAddress);
                    client.Close();
                    return;
                }

                if (Clients.Count > _Peers)
                {
                    mf.Log("Connect", "Connection rejected. Max connections reached");
                    client.Close();
                    return;
                }

                if (_Verify)
                {
                    if (!usersDB.FindUser(client.PeerAddress))
                    {
                        Clients.Remove(client.PeerAddress + "_" + client.PeerPort);
                        client.Close();
                        mf.Log("Connect", "Connection rejected.  Unknown User: "******"Connect", "Accepted");
            }
        }