Inheritance: SslStreamBase
Exemplo n.º 1
0
 public ClientContext(SslClientStream stream, SecurityProtocolType securityProtocolType, string targetHost, X509CertificateCollection clientCertificates)
     : base(securityProtocolType)
 {
     sslStream = stream;
     base.ClientSettings.Certificates = clientCertificates;
     base.ClientSettings.TargetHost   = targetHost;
 }
Exemplo n.º 2
0
	static string PostStream (Mono.Security.Protocol.Tls.SecurityProtocolType protocol, string url, byte[] buffer)
	{
		Uri uri = new Uri (url);
		string post = "POST " + uri.AbsolutePath + " HTTP/1.0\r\n";
		post += "Content-Type: application/x-www-form-urlencoded\r\n";
		post += "Content-Length: " + (buffer.Length + 5).ToString () + "\r\n";
		post += "Host: " + uri.Host + "\r\n\r\n";
		post += "TEST=";
		byte[] bytes = Encoding.Default.GetBytes (post);

		IPHostEntry host = Dns.Resolve (uri.Host);
		IPAddress ip = host.AddressList [0];
		Socket socket = new Socket (ip.AddressFamily, SocketType.Stream, ProtocolType.Tcp);
		socket.Connect (new IPEndPoint (ip, uri.Port));
		NetworkStream ns = new NetworkStream (socket, false);
		SslClientStream ssl = new SslClientStream (ns, uri.Host, false, protocol);
		ssl.ServerCertValidationDelegate += new CertificateValidationCallback (CertificateValidation);

		ssl.Write (bytes, 0, bytes.Length);
		ssl.Write (buffer, 0, buffer.Length);
		ssl.Flush ();

		StreamReader reader = new StreamReader (ssl, Encoding.UTF8);
		string result = reader.ReadToEnd ();
		int start = result.IndexOf ("\r\n\r\n") + 4;
		start = result.IndexOf ("\r\n\r\n") + 4;
		return result.Substring (start);
	}
Exemplo n.º 3
0
		public ClientContext(
			SslClientStream				stream,
			SecurityProtocolType		securityProtocolType,
			string						targetHost,
			X509CertificateCollection	clientCertificates) 
			: base(securityProtocolType)
		{
			this.sslStream						= stream;
			this.ClientSettings.Certificates	= clientCertificates;
			this.ClientSettings.TargetHost		= targetHost;
		}
Exemplo n.º 4
0
		public override void Open()
		{
			TcpClient plainClient = new TcpClient(hostname, port);
			plainStream = plainClient.GetStream();

			if(secured)
			{
				secureStream = new SslClientStream(stream, hostname, false, SecurityProtocolType.Tls, null);
				secureStream.CheckCertRevocationStatus = true;
				secureStream.ServerCertValidationDelegate += new CertificateValidationCallback(secureStream_OnServerCertValidation);
				stream = secureStream;
				raiseCertificateVerifiedEvent(EventArgs.Empty);
			}
			else
			{
				stream = plainStream;
			}
		}
Exemplo n.º 5
0
	static void Main(string[] args)
	{
		string host = "localhost";
		if (args.Length > 0)
			host = args[0];

		SecurityProtocolType protocol = SecurityProtocolType.Tls;
		if (args.Length > 1) {
			switch (args [1].ToUpper ()) {
			case "SSL":
				protocol = SecurityProtocolType.Ssl3;
				break;
			}
		}

		X509CertificateCollection certificates = null;
		if (args.Length > 2) {
			string password = null;
			if (args.Length > 3)
				password = args [3];

			p12 = Mono.Security.X509.PKCS12.LoadFromFile(args [2], password);

			certificates = new X509CertificateCollection ();
			foreach (Mono.Security.X509.X509Certificate cert in p12.Certificates) {
				certificates.Add(new X509Certificate(cert.RawData));
			}
		}

		TcpClient client = new TcpClient ();
		client.Connect (host, 4433);
 
 		SslClientStream ssl = new SslClientStream (client.GetStream(), host, false, protocol, certificates);
 		ssl.ServerCertValidationDelegate += new CertificateValidationCallback (CertificateValidation);
 		ssl.ClientCertSelectionDelegate += new CertificateSelectionCallback (ClientCertificateSelection);
 		ssl.PrivateKeyCertSelectionDelegate += new PrivateKeySelectionCallback (PrivateKeySelection);
	
		StreamWriter sw = new StreamWriter (ssl, System.Text.Encoding.ASCII);
		sw.WriteLine ("GET /clientcert.aspx{0}", Environment.NewLine);
		sw.Flush ();

		StreamReader sr = new StreamReader (ssl);
		Console.WriteLine (sr.ReadToEnd ());
	}
	// make the actual connection
	// and HELO handshaking
	private void Connect() {
	    Stream stream;
	    if (use_ssl) {
		tcpConnection = new TcpClient( server , 465 );
		stream = new SslClientStream (tcpConnection.GetStream(), server, false);
	    } else {
		tcpConnection = new TcpClient( server , 25 );
		stream = tcpConnection.GetStream();
	    }
	    smtp = new EsmtpStream( stream );
	    
	    // read the server greeting
	    smtp.ReadResponse();
	    smtp.CheckForStatusCode( 220 );
	   
	    // write the HELO command to the server
	    smtp.WriteHelo( Dns.GetHostName() );
	    smtp.WriteAuth( username, password );
	}
Exemplo n.º 7
0
    public static string GetStreamPage(string url)
    {
        Uri uri = new Uri (url);
        if (uri.Scheme != Uri.UriSchemeHttps)
            throw new NotSupportedException ("Stream only works with HTTPS protocol");

        IPHostEntry host = Dns.Resolve (uri.Host);
        IPAddress ip = host.AddressList [0];
        Socket socket = new Socket (ip.AddressFamily, SocketType.Stream, ProtocolType.Tcp);
        socket.Connect (new IPEndPoint (ip, uri.Port));
        NetworkStream ns = new NetworkStream (socket, false);
        SslClientStream ssl = new SslClientStream (ns, uri.Host, false, protocol, certificates);
        ssl.ServerCertValidationDelegate += new CertificateValidationCallback (CertificateValidation);

        StreamWriter sw = new StreamWriter (ssl);
        sw.WriteLine ("GET {0} HTTP/1.0{1}", uri.AbsolutePath, Environment.NewLine);
        sw.Flush ();

        StreamReader sr = new StreamReader (ssl, Encoding.UTF8);
        return sr.ReadToEnd ();
    }
Exemplo n.º 8
0
/***********************************************************************/	
		/// <summary> Constructs a TCP/IP connection to a server specified in host and port.
		/// Starts the reader thread.
		/// 
		/// </summary>
		/// <param name="host">The host to connect to.
		/// 
		/// </param>
		/// <param name="port">The port on the host to connect to.
		/// 
		/// </param>
		/// <param name="semaphoreId">The write semaphore ID to use for the connect
		/// </param>
		private void  connect(System.String host, int port, int semaphoreId)
		{
			/* Synchronized so all variables are in a consistant state and
			* so that another thread isn't doing a connect, disconnect, or clone
			* at the same time.
			*/
			// Wait for active reader to terminate
			waitForReader(null);
			
			// Clear the server shutdown notification flag.  This should already
			// be false unless of course we are reusing the same Connection object
			// after a server shutdown notification
			unsolSvrShutDnNotification = false;
			
			int semId = acquireWriteSemaphore(semaphoreId);
			
			// Make socket connection to specified host and port
			if (port == 0)
			{
				port = 389;//LdapConnection.DEFAULT_PORT;
			}
			
			try
			{
				if ((in_Renamed == null) || (out_Renamed == null))
				{
					if(Ssl)
					{
						this.host = host;
						this.port = port;
						this.sock = 	new Socket ( AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.IP);
						IPAddress hostadd = Dns.Resolve(host).AddressList[0];
						IPEndPoint ephost = new IPEndPoint(hostadd,port);
						sock.Connect(ephost);
						NetworkStream nstream = new NetworkStream(sock,true);
						SslClientStream sslstream = new SslClientStream(
											nstream,
											host,
											false,
											Mono.Security.Protocol.Tls.SecurityProtocolType.Ssl3|Mono.Security.Protocol.Tls.SecurityProtocolType.Tls);
						sslstream.ServerCertValidationDelegate += new CertificateValidationCallback(ServerCertificateValidation);
//						byte[] buffer = new byte[0];
//						sslstream.Read(buffer, 0, buffer.Length);
//						sslstream.doHandshake();												
 						in_Renamed = (System.IO.Stream) sslstream;
						out_Renamed = (System.IO.Stream) sslstream;
					}
					else{
						socket = new System.Net.Sockets.TcpClient(host, port);				
						in_Renamed = (System.IO.Stream) socket.GetStream();
						out_Renamed = (System.IO.Stream) socket.GetStream();
					}
				}
				else
				{
					Console.WriteLine( "connect input/out Stream specified");

				}
			}
			catch (System.IO.IOException ioe)
			{
				// Unable to connect to server host:port
//				freeWriteSemaphore(semId);
				throw new LdapException(ExceptionMessages.CONNECTION_ERROR, new System.Object[]{host, port}, LdapException.CONNECT_ERROR, null, ioe);
			}
			// Set host and port
			this.host = host;
			this.port = port;
			// start the reader thread
			this.startReader();
			freeWriteSemaphore(semId);
			clientActive = true; // Client is up
			return ;
		}
Exemplo n.º 9
0
		/// <summary> StartsTLS, in this package, assumes the caller has:
		/// 1) Acquired the writeSemaphore
		/// 2) Stopped the reader thread
		/// 3) checked that no messages are outstanding on this connection.
		/// 
		/// After calling this method upper layers should start the reader
		/// by calling startReader()
		/// 
		/// In the client.Connection, StartTLS assumes Ldap.LdapConnection will
		/// stop and start the reader thread.  Connection.StopTLS will stop
		/// and start the reader thread.
		/// </summary>
		/* package */
		internal void  startTLS()
		{
			
			try
			{
				waitForReader(null);
				this.nonTLSBackup = this.socket;
/*				this.sock = 	new Socket ( AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.IP);
				IPAddress hostadd = Dns.Resolve(host).AddressList[0];
				IPEndPoint ephost = new IPEndPoint(hostadd,port);
				sock.Connect(ephost);
*/
//				NetworkStream nstream = new NetworkStream(this.socket,true);
				SslClientStream sslstream = new SslClientStream(
									socket.GetStream(),
//									nstream,
									host,
									false,
									Mono.Security.Protocol.Tls.SecurityProtocolType.Ssl3| Mono.Security.Protocol.Tls.SecurityProtocolType.Tls);
				sslstream.ServerCertValidationDelegate = new CertificateValidationCallback(ServerCertificateValidation);
				this.in_Renamed = (System.IO.Stream) sslstream;
				this.out_Renamed = (System.IO.Stream) sslstream;
			}
			catch (System.IO.IOException ioe)
			{
				this.nonTLSBackup = null;
				throw new LdapException("Could not negotiate a secure connection", LdapException.CONNECT_ERROR, null, ioe);
			}
			catch (System.Exception uhe)
			{
				this.nonTLSBackup = null;
				throw new LdapException("The host is unknown", LdapException.CONNECT_ERROR, null, uhe);
			}
			return ;
		}
Exemplo n.º 10
0
        public void RawOpen(int timeout)
        {
            // Keep track of time remaining; Even though there may be multiple timeout-able calls,
            // this allows us to still respect the caller's timeout expectation.
            var attemptStart = DateTime.Now;
            var result = Dns.BeginGetHostAddresses(Host, null, null);

            if (!result.AsyncWaitHandle.WaitOne(timeout, true))
            {
                // Timeout was used up attempting the Dns lookup
                throw new TimeoutException(L10N.DnsLookupTimeout);
            }

            timeout -= Convert.ToInt32((DateTime.Now - attemptStart).TotalMilliseconds);

            var ips = Dns.EndGetHostAddresses(result);
            Socket socket = null;
            Exception lastSocketException = null;

            // try every ip address of the given hostname, use the first reachable one
            // make sure not to exceed the caller's timeout expectation by splitting the
            // time we have left between all the remaining ip's in the list.
            for (var i = 0; i < ips.Length; i++)
            {
                _log.Trace("Attempting to connect to " + ips[i]);
                var ep = new IPEndPoint(ips[i], Port);
                socket = new Socket(ep.AddressFamily, SocketType.Stream, ProtocolType.Tcp);
                attemptStart = DateTime.Now;

                try
                {
                    result = socket.BeginConnect(ep, null, null);

                    if (!result.AsyncWaitHandle.WaitOne(timeout / (ips.Length - i), true))
                    {
                        throw new TimeoutException(L10N.ConnectionTimeout);
                    }

                    socket.EndConnect(result);

                    // connect was successful, leave the loop
                    break;
                }
                catch (Exception e)
                {
                    _log.Warn("Failed to connect to " + ips[i]);
                    timeout -= Convert.ToInt32((DateTime.Now - attemptStart).TotalMilliseconds);
                    lastSocketException = e;

                    socket.Close();
                    socket = null;
                }
            }

            if (socket == null)
            {
                throw lastSocketException;
            }

            var baseStream = new NpgsqlNetworkStream(socket, true);
            Stream sslStream = null;

            // If the PostgreSQL server has SSL connectors enabled Open SslClientStream if (response == 'S') {
            if (SSL || (SslMode == SslMode.Require) || (SslMode == SslMode.Prefer))
            {
                baseStream
                    .WriteInt32(8)
                    .WriteInt32(80877103);

                // Receive response
                var response = (Char)baseStream.ReadByte();

                if (response != 'S')
                {
                    if (SslMode == SslMode.Require) {
                        throw new InvalidOperationException(L10N.SslRequestError);
                    }
                }
                else
                {
                    //create empty collection
                    var clientCertificates = new X509CertificateCollection();

                    //trigger the callback to fetch some certificates
                    DefaultProvideClientCertificatesCallback(clientCertificates);

                    //if (context.UseMonoSsl)
                    if (!UseSslStream)
                    {
                        var sslStreamPriv = new SslClientStream(baseStream, Host, true, SecurityProtocolType.Default, clientCertificates)
                        {
                            ClientCertSelectionDelegate = DefaultCertificateSelectionCallback,
                            ServerCertValidationDelegate = DefaultCertificateValidationCallback,
                            PrivateKeyCertSelectionDelegate = DefaultPrivateKeySelectionCallback
                        };

                        sslStream = sslStreamPriv;
                        IsSecure = true;
                    }
                    else
                    {
                        var sslStreamPriv = new SslStream(baseStream, true, DefaultValidateRemoteCertificateCallback);
                        sslStreamPriv.AuthenticateAsClient(Host, clientCertificates, System.Security.Authentication.SslProtocols.Default, false);
                        sslStream = sslStreamPriv;
                        IsSecure = true;
                    }
                }
            }

            Socket = socket;
            BaseStream = baseStream;
            //Stream = new BufferedStream(sslStream ?? baseStream, 8192);
            Stream = BaseStream;
            Buffer = new NpgsqlBuffer(Stream, BufferSize, PGUtil.UTF8Encoding);
            _log.DebugFormat("Connected to {0}:{1 }", Host, Port);
        }
Exemplo n.º 11
0
		public virtual IAsyncResult BeginAuthenticateAsClient (string targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, bool checkCertificateRevocation, AsyncCallback asyncCallback, object asyncState)
		{
			if (IsAuthenticated)
				throw new InvalidOperationException ("This SslStream is already authenticated");

			SslClientStream s = new SslClientStream (InnerStream, targetHost, !LeaveInnerStreamOpen, GetMonoSslProtocol (enabledSslProtocols), clientCertificates);
			s.CheckCertRevocationStatus = checkCertificateRevocation;

			// Due to the Mono.Security internal, it cannot reuse
			// the delegated argument, as Mono.Security creates 
			// another instance of X509Certificate which lacks 
			// private key but is filled the private key via this
			// delegate.
			s.PrivateKeyCertSelectionDelegate = delegate (X509Certificate cert, string host) {
				string hash = cert.GetCertHashString ();
				// ... so, we cannot use the delegate argument.
				foreach (X509Certificate cc in clientCertificates) {
					if (cc.GetCertHashString () != hash)
						continue;
					X509Certificate2 cert2 = cc as X509Certificate2;
					cert2 = cert2 ?? new X509Certificate2 (cc);
					return cert2.PrivateKey;
				}
				return null;
			};

#if MONOTOUCH || MONODROID
			// Even if validation_callback is null this allows us to verify requests where the user
			// does not provide a verification callback but attempts to authenticate with the website
			// as a client (see https://bugzilla.xamarin.com/show_bug.cgi?id=18962 for an example)
			var helper = new ServicePointManager.ChainValidationHelper (this, targetHost);
			helper.ServerCertificateValidationCallback = validation_callback;
			s.ServerCertValidation2 += new CertificateValidationCallback2 (helper.ValidateChain);
#else
			if (validation_callback != null) {
				s.ServerCertValidationDelegate = delegate (X509Certificate cert, int [] certErrors) {
					X509Chain chain = new X509Chain ();
					X509Certificate2 x2 = (cert as X509Certificate2);
					if (x2 == null)
						x2 = new X509Certificate2 (cert);

					if (!ServicePointManager.CheckCertificateRevocationList)
						chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;

					// SSL specific checks (done by Mono.Security.dll SSL/TLS implementation) 
					SslPolicyErrors errors = SslPolicyErrors.None;
					foreach (int i in certErrors) {
						switch (i) {
						case -2146762490: // CERT_E_PURPOSE
							errors |= SslPolicyErrors.RemoteCertificateNotAvailable;
							break;
						case -2146762481: // CERT_E_CN_NO_MATCH
							errors |= SslPolicyErrors.RemoteCertificateNameMismatch;
							break;
						default:
							errors |= SslPolicyErrors.RemoteCertificateChainErrors;
							break;
						}
					}

					chain.Build (x2);

					// non-SSL specific X509 checks (i.e. RFC3280 related checks)
					foreach (X509ChainStatus status in chain.ChainStatus) {
						if (status.Status == X509ChainStatusFlags.NoError)
							continue;
						if ((status.Status & X509ChainStatusFlags.PartialChain) != 0)
							errors |= SslPolicyErrors.RemoteCertificateNotAvailable;
						else
							errors |= SslPolicyErrors.RemoteCertificateChainErrors;
					}

					return validation_callback (this, cert, chain, errors);
				};
			}
#endif
			if (selection_callback != null)
				s.ClientCertSelectionDelegate = OnCertificateSelection;

			ssl_stream = s;

			return BeginWrite (new byte [0], 0, 0, asyncCallback, asyncState);
		}
Exemplo n.º 12
0
        public override void Open(NpgsqlConnector context, Int32 timeout)
        {
            try
            {
                NpgsqlEventLog.LogMethodEnter(LogLevel.Debug, CLASSNAME, "Open");

                /*TcpClient tcpc = new TcpClient();
                                tcpc.Connect(new IPEndPoint(ResolveIPHost(context.Host), context.Port));
                                Stream stream = tcpc.GetStream();*/

                /*socket.SetSocketOption (SocketOptionLevel.Socket, SocketOptionName.SendTimeout, context.ConnectionTimeout*1000);*/

                //socket.Connect(new IPEndPoint(ResolveIPHost(context.Host), context.Port));

                /*Socket socket = new Socket(AddressFamily.InterNetwork,SocketType.Stream,ProtocolType.Tcp);

                                IAsyncResult result = socket.BeginConnect(new IPEndPoint(ResolveIPHost(context.Host), context.Port), null, null);

                                if (!result.AsyncWaitHandle.WaitOne(context.ConnectionTimeout*1000, false))
                                {
                                        socket.Close();
                                        throw new Exception(resman.GetString("Exception_ConnectionTimeout"));
                                }

                                try
                                {
                                        socket.EndConnect(result);
                                }
                                catch (Exception)
                                {
                                        socket.Close();
                                        throw;
                                }
                                */

                IAsyncResult result;
                // Keep track of time remaining; Even though there may be multiple timeout-able calls,
                // this allows us to still respect the caller's timeout expectation.
                DateTime attemptStart;

                attemptStart = DateTime.Now;

                result = Dns.BeginGetHostAddresses(context.Host, null, null);

                if (!result.AsyncWaitHandle.WaitOne(timeout, true))
                {
                    // Timeout was used up attempting the Dns lookup
                    throw new TimeoutException(resman.GetString("Exception_DnsLookupTimeout"));
                }

                timeout -= Convert.ToInt32((DateTime.Now - attemptStart).TotalMilliseconds);

                IPAddress[] ips = Dns.EndGetHostAddresses(result);
                Socket socket = null;
                Exception lastSocketException = null;

                // try every ip address of the given hostname, use the first reachable one
                // make sure not to exceed the caller's timeout expectation by splitting the
                // time we have left between all the remaining ip's in the list.
                for (int i = 0 ; i < ips.Length ; i++)
                {
                    NpgsqlEventLog.LogMsg(resman, "Log_ConnectingTo", LogLevel.Debug, ips[i]);

                    IPEndPoint ep = new IPEndPoint(ips[i], context.Port);
                    socket = new Socket(ep.AddressFamily, SocketType.Stream, ProtocolType.Tcp);

                    attemptStart = DateTime.Now;

                    try
                    {
                        result = socket.BeginConnect(ep, null, null);

                        if (!result.AsyncWaitHandle.WaitOne(timeout / (ips.Length - i), true))
                        {
                            throw new TimeoutException(resman.GetString("Exception_ConnectionTimeout"));
                        }

                        socket.EndConnect(result);

                        // connect was successful, leave the loop
                        break;
                    }
                    catch (Exception e)
                    {
                        NpgsqlEventLog.LogMsg(resman, "Log_FailedConnection", LogLevel.Normal, ips[i]);

                        timeout -= Convert.ToInt32((DateTime.Now - attemptStart).TotalMilliseconds);
                        lastSocketException = e;

                        socket.Close();
                        socket = null;
                    }
                }

                if (socket == null)
                {
                    throw lastSocketException;
                }

                //Stream stream = new NetworkStream(socket, true);
                                Stream stream = new NpgsqlNetworkStream(context, socket, true);

                // If the PostgreSQL server has SSL connectors enabled Open SslClientStream if (response == 'S') {
                if (context.SSL || (context.SslMode == SslMode.Require) || (context.SslMode == SslMode.Prefer))
                {
                    PGUtil.WriteInt32(stream, 8);
                    PGUtil.WriteInt32(stream, 80877103);
                    // Receive response

                    Char response = (Char) stream.ReadByte();
                    if (response == 'S')
                    {
                                                //create empty collection
                                                X509CertificateCollection clientCertificates = new X509CertificateCollection();

                                                //trigger the callback to fetch some certificates
                                                context.DefaultProvideClientCertificatesCallback(clientCertificates);

                                                if (context.UseMonoSsl)
                                                {
                                                        stream = new SslClientStream(
                                                                stream,
                                                                context.Host,
                                                                true,
                                                                SecurityProtocolType.Default,
                                                                clientCertificates);

                                                        ((SslClientStream)stream).ClientCertSelectionDelegate =
                                                                new CertificateSelectionCallback(context.DefaultCertificateSelectionCallback);
                                                        ((SslClientStream)stream).ServerCertValidationDelegate =
                                                                new CertificateValidationCallback(context.DefaultCertificateValidationCallback);
                                                        ((SslClientStream)stream).PrivateKeyCertSelectionDelegate =
                                                                new PrivateKeySelectionCallback(context.DefaultPrivateKeySelectionCallback);
                                                }
                                                else
                                                {
                                                        SslStream sstream = new SslStream(stream, true, delegate(object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors errors)
                                                        {
                                                                return context.DefaultValidateRemoteCertificateCallback(cert, chain, errors);
                                                        });
                                                        sstream.AuthenticateAsClient(context.Host, clientCertificates, System.Security.Authentication.SslProtocols.Default, false);
                                                        stream = sstream;
                                                }
                    }
                    else if (context.SslMode == SslMode.Require)
                    {
                        throw new InvalidOperationException(resman.GetString("Exception_Ssl_RequestError"));
                    }
                }

                context.Stream = new BufferedStream(stream);
                context.Socket = socket;

                NpgsqlEventLog.LogMsg(resman, "Log_ConnectedTo", LogLevel.Normal, context.Host, context.Port);
                ChangeState(context, NpgsqlConnectedState.Instance);
            }
            catch (Exception e)
            {
                throw new NpgsqlException(string.Format(resman.GetString("Exception_FailedConnection"), context.Host), e);
            }
        }
        public override void Open(NpgsqlConnector context)
        {
            NpgsqlEventLog.LogMethodEnter(LogLevel.Debug, CLASSNAME, "Open");

            TcpClient tcpc = new TcpClient();
            tcpc.Connect(new IPEndPoint(ResolveIPHost(context.Host), context.Port));
            Stream stream = tcpc.GetStream();

            // If the PostgreSQL server has SSL connectors enabled Open SslClientStream if (response == 'S') {
            if (context.SSL)
            {
                PGUtil.WriteInt32(stream, 8);
                PGUtil.WriteInt32(stream,80877103);
                // Receive response
                Char response = (Char)stream.ReadByte();
                if (response == 'S')
                {
                    stream = new SslClientStream(
                                 tcpc.GetStream(),
                                 context.Host,
                                 true,
                                 Mono.Security.Protocol.Tls.SecurityProtocolType.Default
                             );

                    ((SslClientStream)stream).ClientCertSelectionDelegate = new CertificateSelectionCallback(context.DefaultCertificateSelectionCallback);
                    ((SslClientStream)stream).ServerCertValidationDelegate = new CertificateValidationCallback(context.DefaultCertificateValidationCallback);
                    ((SslClientStream)stream).PrivateKeyCertSelectionDelegate = new PrivateKeySelectionCallback(context.DefaultPrivateKeySelectionCallback);
                }
            }

            context.Stream = stream;

            NpgsqlEventLog.LogMsg(resman, "Log_ConnectedTo", LogLevel.Normal, context.Host, context.Port);
            ChangeState(context, NpgsqlConnectedState.Instance);
        }
		public TlsClientSession (string host, X509Certificate2 clientCert)
		{
			stream = new MemoryStream ();
			if (clientCert == null)
				ssl = new SslClientStream (stream, host, true, SecurityProtocolType.Tls);
			else {
				ssl = new SslClientStream (stream, host, true, SecurityProtocolType.Tls, new X509CertificateCollection (new X509Certificate [] {clientCert}));
				mutual = true;
				ssl.ClientCertSelection += delegate (
					X509CertificateCollection clientCertificates,
				X509Certificate serverCertificate,
				string targetHost,
				X509CertificateCollection serverRequestedCertificates) {
					return clientCertificates [0];
				};
			}
		}
Exemplo n.º 15
0
        public override void Open(NpgsqlConnector context)
        {
            
            try
            {
                
                NpgsqlEventLog.LogMethodEnter(LogLevel.Debug, CLASSNAME, "Open");
    
                /*TcpClient tcpc = new TcpClient();
                tcpc.Connect(new IPEndPoint(ResolveIPHost(context.Host), context.Port));
                Stream stream = tcpc.GetStream();*/
                
                Socket socket = new Socket(AddressFamily.InterNetwork,SocketType.Stream,ProtocolType.Tcp);
                
                /*socket.SetSocketOption (SocketOptionLevel.Socket, SocketOptionName.SendTimeout, context.ConnectionTimeout*1000);*/

                //socket.Connect(new IPEndPoint(ResolveIPHost(context.Host), context.Port));
                
                IAsyncResult result = socket.BeginConnect(new IPEndPoint(ResolveIPHost(context.Host), context.Port), null, null);

                if (!result.AsyncWaitHandle.WaitOne(context.ConnectionTimeout*1000, true))
                {
                    socket.Close();
                    throw new Exception(resman.GetString("Exception_ConnectionTimeout"));
                }

                try
                {
                    socket.EndConnect(result);
                }
                catch (Exception ex)
                {
                    socket.Close();
                    throw;
                }

                Stream stream = new NetworkStream(socket, true);

    
                               
                // If the PostgreSQL server has SSL connectors enabled Open SslClientStream if (response == 'S') {
                if (context.SSL || (context.SslMode == SslMode.Require) || (context.SslMode == SslMode.Prefer))
                {
                    PGUtil.WriteInt32(stream, 8);
                    PGUtil.WriteInt32(stream,80877103);
                    // Receive response
                    
                    Char response = (Char)stream.ReadByte();
                    if (response == 'S')
                    {
                        stream = new SslClientStream(
                                    stream,
                                    context.Host,
                                    true,
                                    Mono.Security.Protocol.Tls.SecurityProtocolType.Default
                                );
    
                        ((SslClientStream)stream).ClientCertSelectionDelegate = new CertificateSelectionCallback(context.DefaultCertificateSelectionCallback);
                        ((SslClientStream)stream).ServerCertValidationDelegate = new CertificateValidationCallback(context.DefaultCertificateValidationCallback);
                        ((SslClientStream)stream).PrivateKeyCertSelectionDelegate = new PrivateKeySelectionCallback(context.DefaultPrivateKeySelectionCallback);
                    }
                    else if (context.SslMode == SslMode.Require)
                        throw new InvalidOperationException(resman.GetString("Exception_Ssl_RequestError"));
                    
                }
    
                context.Stream = new BufferedStream(stream);
                context.Socket = socket;
                
    
                NpgsqlEventLog.LogMsg(resman, "Log_ConnectedTo", LogLevel.Normal, context.Host, context.Port);
                ChangeState(context, NpgsqlConnectedState.Instance);
                
                
            }
            catch (Exception e)
            {
                throw new NpgsqlException(e.Message, e);
            }
        }
Exemplo n.º 16
0
	public static void Main (string[] args) 
	{
		if (args.Length == 0) {
			Usage ("Missing arguments");
			return;
		}

		ArrayList urls = new ArrayList ();
		foreach (string arg in args) {
			switch (arg) {
				// protocol
				case "--any":
					protocol = Mono.Security.Protocol.Tls.SecurityProtocolType.Default;
					break;
				case "--ssl":
				case "--ssl3":
					protocol = Mono.Security.Protocol.Tls.SecurityProtocolType.Ssl3;
					break;
				case "--tls":
				case "--tls1":
					protocol = Mono.Security.Protocol.Tls.SecurityProtocolType.Tls;
					break;
				// options
				case "--time":
					time = true;
					break;
				case "--show":
					show = true;
					break;
				case "--help":
					Usage (null);
					return;
				// credentials, certificates, urls or bad options
				default:
					if (arg.StartsWith ("--read:")) {
						string rval = arg.Substring (7);
						if (rval == "loop")
							readloop = true;
						else
							read = Int32.Parse (rval);
						continue;
					}
					else if (arg.StartsWith ("--write:")) {
						string wval = arg.Substring (8);
						if (wval == "loop")
							writeloop = true;
						else
							write = Int32.Parse (wval);
						continue;
					}
					else if (arg.StartsWith ("--")) {
						Usage ("Invalid option " + arg);
						return;
					}
					urls.Add (arg);
					break;
			}
		}

		if (readloop && writeloop) {
			Usage ("Can't loop on both read and write");
			return;
		}
		int loop = 1;
		if (readloop || writeloop) {
			// this is it meant to be stopped manually 
			loop = Int32.MaxValue;
		}

		if (urls.Count == 0) {
			Usage ("no URL were specified");
			return;
		}

		for (int i = 0; i < loop; i++) {
			if (readloop || writeloop)
				Console.WriteLine ("*** LOOP {0} ***", i);

			foreach (string url in urls) {
				Console.WriteLine ("{0}{1}", Environment.NewLine, url);
				string content = null;
				DateTime start = DateTime.Now;
				
				Uri uri = new Uri (url);
				if (uri.Scheme != Uri.UriSchemeHttps)
					throw new NotSupportedException ("Stream only works with HTTPS protocol");
				ControlledNetworkStream ns = null;

				try {
					IPHostEntry host = Dns.Resolve (uri.Host);
					IPAddress ip = host.AddressList [0];
					Socket socket = new Socket (ip.AddressFamily, SocketType.Stream, ProtocolType.Tcp);
					socket.Connect (new IPEndPoint (ip, uri.Port));
					ns = new ControlledNetworkStream (socket, false);
					ns.MaximumRead = (readloop) ? i : read;
					ns.MaximumWrite = (writeloop) ? i : write;
					SslClientStream ssl = new SslClientStream (ns, uri.Host, false, protocol);
					ssl.ServerCertValidationDelegate += new CertificateValidationCallback (CertificateValidation);

					StreamWriter sw = new StreamWriter (ssl);
					sw.WriteLine ("GET {0}{1}", uri.AbsolutePath, Environment.NewLine);
					sw.Flush ();

					StreamReader sr = new StreamReader (ssl, Encoding.UTF8);
					content = sr.ReadToEnd ();
				}
				catch (Exception e) {
					// HResult is protected - but very useful in debugging
					PropertyInfo pi = e.GetType ().GetProperty ("HResult", BindingFlags.NonPublic | BindingFlags.GetProperty | BindingFlags.Instance);
					Console.WriteLine ("FAILED: #{0}", (int)pi.GetValue (e, null));
					Console.WriteLine (e.ToString ());
					if (ns != null) {
						Console.WriteLine ("Bytes Read:  {0}", ns.CurrentRead);
						Console.WriteLine ("Max Read:    {0}", ns.MaximumRead);
						Console.WriteLine ("Bytes Write: {0}", ns.CurrentWrite);
						Console.WriteLine ("Max Write:   {0}", ns.MaximumWrite);
					}
				}

				TimeSpan ts = (DateTime.Now - start);
				if ((show) && (content != null)) {
					Console.WriteLine ("{0}{1}{0}", Environment.NewLine, content);
				}
				if (time) {
					Console.WriteLine ("Time: " + ts.ToString ());
				}
			}
		}
	}
Exemplo n.º 17
0
		public TlsClientSession (string host, X509Certificate2 clientCert, X509ServiceCertificateAuthentication auth)
		{
			stream = new MemoryStream ();
			if (clientCert == null)
				ssl = new SslClientStream (stream, host, true, SecurityProtocolType.Tls);
			else {
				ssl = new SslClientStream (stream, host, true, SecurityProtocolType.Tls, new X509CertificateCollection (new X509Certificate [] {clientCert}));
				mutual = true;
				ssl.ClientCertSelection += delegate (
					X509CertificateCollection clientCertificates,
				X509Certificate serverCertificate,
				string targetHost,
				X509CertificateCollection serverRequestedCertificates) {
					return clientCertificates [0];
				};
			}
			X509CertificateValidator v = null;
			switch (auth.CertificateValidationMode) {
			case X509CertificateValidationMode.None:
				v = X509CertificateValidator.None;
				break;
			case X509CertificateValidationMode.PeerTrust:
				v = X509CertificateValidator.PeerTrust;
				break;
			case X509CertificateValidationMode.ChainTrust:
				v = X509CertificateValidator.ChainTrust;
				break;
			case X509CertificateValidationMode.PeerOrChainTrust:
				v = X509CertificateValidator.PeerOrChainTrust;
				break;
			case X509CertificateValidationMode.Custom:
				v = auth.CustomCertificateValidator;
				break;
			}
			ssl.ServerCertValidationDelegate = delegate (X509Certificate certificate, int [] certificateErrors) {
				v.Validate (new X509Certificate2 (certificate)); // will throw SecurityTokenvalidationException if invalid.
				return true;
				};
		}
Exemplo n.º 18
0
		public virtual IAsyncResult BeginAuthenticateAsClient (string targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, bool checkCertificateRevocation, AsyncCallback asyncCallback, object asyncState)
		{
			if (IsAuthenticated)
				throw new InvalidOperationException ("This SslStream is already authenticated");

			SslClientStream s = new SslClientStream (InnerStream, targetHost, !LeaveInnerStreamOpen, GetMonoSslProtocol (enabledSslProtocols), clientCertificates);
			s.CheckCertRevocationStatus = checkCertificateRevocation;

			// Due to the Mono.Security internal, it cannot reuse
			// the delegated argument, as Mono.Security creates 
			// another instance of X509Certificate which lacks 
			// private key but is filled the private key via this
			// delegate.
			s.PrivateKeyCertSelectionDelegate = delegate (X509Certificate cert, string host) {
				string hash = cert.GetCertHashString ();
				// ... so, we cannot use the delegate argument.
				foreach (X509Certificate cc in clientCertificates) {
					if (cc.GetCertHashString () != hash)
						continue;
					X509Certificate2 cert2 = cc as X509Certificate2;
					cert2 = cert2 ?? new X509Certificate2 (cc);
					return cert2.PrivateKey;
				}
				return null;
			};

			// Even if validation_callback is null this allows us to verify requests where the user
			// does not provide a verification callback but attempts to authenticate with the website
			// as a client (see https://bugzilla.xamarin.com/show_bug.cgi?id=18962 for an example)
			s.ServerCertValidation2 += (mcerts) => {
				X509CertificateCollection certs = null;
				if (mcerts != null) {
					certs = new X509CertificateCollection ();
					for (int i = 0; i < mcerts.Count; i++)
						certs.Add (new X509Certificate2 (mcerts [i].RawData));
				}
				return ((ChainValidationHelper)certificateValidator).ValidateChain (targetHost, certs);
			};
			s.ClientCertSelectionDelegate = OnCertificateSelection;

			ssl_stream = s;

			return BeginWrite (new byte [0], 0, 0, asyncCallback, asyncState);
		}
Exemplo n.º 19
0
		static X509CertificateCollection GetCertificatesFromSslSession (string url) 
		{
			Uri uri = new Uri (url);
			IPHostEntry host = Dns.Resolve (uri.Host);
			IPAddress ip = host.AddressList [0];
			Socket socket = new Socket (ip.AddressFamily, SocketType.Stream, ProtocolType.Tcp);
			socket.Connect (new IPEndPoint (ip, uri.Port));
			NetworkStream ns = new NetworkStream (socket, false);
			SslClientStream ssl = new SslClientStream (ns, uri.Host, false, Mono.Security.Protocol.Tls.SecurityProtocolType.Default, null);
			ssl.ServerCertValidationDelegate += new CertificateValidationCallback (CertificateValidation);

			try {
				// we don't really want to write to the server (as we don't know
				// the protocol it using) but we must send something to be sure the
				// SSL handshake is done (so we receive the X.509 certificates).
				StreamWriter sw = new StreamWriter (ssl);
				sw.WriteLine (Environment.NewLine);
				sw.Flush ();
				socket.Poll (30000, SelectMode.SelectRead);
			}
			finally {
				socket.Close ();
			}

			// we need a little reflection magic to get this information
			PropertyInfo pi = typeof (SslStreamBase).GetProperty ("ServerCertificates", BindingFlags.Instance | BindingFlags.NonPublic);
			if (pi == null) {
				Console.WriteLine ("Sorry but you need a newer version of Mono.Security.dll to use this feature.");
				return null;
			}
			return (X509CertificateCollection) pi.GetValue (ssl, null);
		}
Exemplo n.º 20
0
        public override void Open(NpgsqlConnector context)
        {
            try
            {
                NpgsqlEventLog.LogMethodEnter(LogLevel.Debug, CLASSNAME, "Open");

                /*TcpClient tcpc = new TcpClient();
                tcpc.Connect(new IPEndPoint(ResolveIPHost(context.Host), context.Port));
                Stream stream = tcpc.GetStream();*/

                /*socket.SetSocketOption (SocketOptionLevel.Socket, SocketOptionName.SendTimeout, context.ConnectionTimeout*1000);*/

                //socket.Connect(new IPEndPoint(ResolveIPHost(context.Host), context.Port));

                /*Socket socket = new Socket(AddressFamily.InterNetwork,SocketType.Stream,ProtocolType.Tcp);

                IAsyncResult result = socket.BeginConnect(new IPEndPoint(ResolveIPHost(context.Host), context.Port), null, null);

                if (!result.AsyncWaitHandle.WaitOne(context.ConnectionTimeout*1000, true))
                {
                    socket.Close();
                    throw new Exception(resman.GetString("Exception_ConnectionTimeout"));
                }

                try
                {
                    socket.EndConnect(result);
                }
                catch (Exception)
                {
                    socket.Close();
                    throw;
                }
                */

                IPAddress[] ips = ResolveIPHost(context.Host);
                Socket socket = null;

                // try every ip address of the given hostname, use the first reachable one
                foreach (IPAddress ip in ips)
                {
                    NpgsqlEventLog.LogMsg(resman, "Log_ConnectingTo", LogLevel.Debug, ip);

                    IPEndPoint ep = new IPEndPoint(ip, context.Port);
                    socket = new Socket(ep.AddressFamily, SocketType.Stream, ProtocolType.Tcp);

                    try
                    {
                        IAsyncResult result = socket.BeginConnect(ep, null, null);

                        if (!result.AsyncWaitHandle.WaitOne(context.ConnectionTimeout*1000, true))
                        {
                            socket.Close();
                            throw new Exception(resman.GetString("Exception_ConnectionTimeout"));
                        }

                        socket.EndConnect(result);

                        // connect was successful, leave the loop
                        break;
                    }
                    catch (Exception)
                    {
                        NpgsqlEventLog.LogMsg(resman, "Log_FailedConnection", LogLevel.Normal, ip);
                        socket.Close();
                    }
                }

                if (socket == null || !socket.Connected)
                {
                    throw new Exception(string.Format(resman.GetString("Exception_FailedConnection"), context.Host));
                }

                //Stream stream = new NetworkStream(socket, true);
                Stream stream = new NpgsqlNetworkStream(context, socket, true);

                // If the PostgreSQL server has SSL connectors enabled Open SslClientStream if (response == 'S') {
                if (context.SSL || (context.SslMode == SslMode.Require) || (context.SslMode == SslMode.Prefer))
                {
                    PGUtil.WriteInt32(stream, 8);
                    PGUtil.WriteInt32(stream, 80877103);
                    // Receive response

                    Char response = (Char) stream.ReadByte();
                    if (response == 'S')
                    {
                        //create empty collection
                        X509CertificateCollection clientCertificates = new X509CertificateCollection();

                        //trigger the callback to fetch some certificates
                        context.DefaultProvideClientCertificatesCallback(clientCertificates);

                        stream = new SslClientStream(
                            stream,
                            context.Host,
                            true,
                            SecurityProtocolType.Default,
                            clientCertificates);

                        ((SslClientStream) stream).ClientCertSelectionDelegate =
                            new CertificateSelectionCallback(context.DefaultCertificateSelectionCallback);
                        ((SslClientStream) stream).ServerCertValidationDelegate =
                            new CertificateValidationCallback(context.DefaultCertificateValidationCallback);
                        ((SslClientStream) stream).PrivateKeyCertSelectionDelegate =
                            new PrivateKeySelectionCallback(context.DefaultPrivateKeySelectionCallback);
                    }
                    else if (context.SslMode == SslMode.Require)
                    {
                        throw new InvalidOperationException(resman.GetString("Exception_Ssl_RequestError"));
                    }
                }

                context.Stream = new BufferedStream(stream);
                context.Socket = socket;

                NpgsqlEventLog.LogMsg(resman, "Log_ConnectedTo", LogLevel.Normal, context.Host, context.Port);
                ChangeState(context, NpgsqlConnectedState.Instance);
            }
                //FIXME: Exceptions that come from what we are handling should be wrapped - e.g. an error connecting to
                //the server should definitely be presented to the uesr as an NpgsqlError. Exceptions from userland should
                //be passed untouched - e.g. ThreadAbortException because the user started this in a thread they created and
                //then aborted should be passed through.
                //Are there any others that should be pass through? Alternatively, are there a finite number that should
                //be wrapped?
            catch (ThreadAbortException)
            {
                throw;
            }
            catch (Exception e)
            {
                throw new NpgsqlException(e.Message, e);
            }
        }
Exemplo n.º 21
0
		protected override void OnStart()
		{
			Socket socket = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);
			socket.Connect(_server);

			this.InitializeNetworkStream(socket);

			if (this.UseTls)
			{
				SslClientStream secureStream = new SslClientStream(base.NetworkStream, "localhost", true, Mono.Security.Protocol.Tls.SecurityProtocolType.Tls);
				secureStream.ServerCertValidationDelegate = new CertificateValidationCallback(CertValidationCallback);
				base.SecureStream = secureStream;
			}

			SendMoreData();

			byte[] readBuffer = new byte[ReadBufferSize];
			this.BeginRead(readBuffer, 0, readBuffer.Length, new AsyncCallback(BeginReadCallback), readBuffer);
		}