private SecurityOptions CreateClientSecurityOptions(SSLComponentData sslData)
{
CertVerifyEventHandler serverCertificateCheckHandler = null;
CertRequestEventHandler clientCertificateRequestHandler = null;
CredentialVerification credentialVerification = CredentialVerification.Auto;
SecureProtocol protocol = SecureProtocol.None;
SslAlgorithms sslAlgs = SslAlgorithms.ALL;
if (((sslData.TargetRequiredOptions & SecurityAssociationOptions.EstablishTrustInTarget) > 0) ||
((sslData.TargetRequiredOptions & SecurityAssociationOptions.EstablishTrustInClient) > 0))
{
protocol = SecureProtocol.Tls1 | SecureProtocol.Ssl3;
sslAlgs = SslAlgorithms.SECURE_CIPHERS;
credentialVerification = CredentialVerification.Manual;
serverCertificateCheckHandler = new CertVerifyEventHandler(this.CheckServerCertAtClient);
clientCertificateRequestHandler = new CertRequestEventHandler(this.GetClientCertAtClient);
}
SecurityOptions result =
new SecurityOptions(protocol,
null, ConnectionEnd.Client,
credentialVerification, serverCertificateCheckHandler,
null, SecurityFlags.Default, sslAlgs,
clientCertificateRequestHandler);
return(result);
}
/// <summary>
/// Initializes a new instance of the SecurityOptions class.
/// </summary>
/// <param name="protocol">One of the <see cref="SecureProtocol"/> values.</param>
/// <param name="cert">A <see cref="Certificate"/> instance.</param>
/// <param name="entity">One of the <see cref="ConnectionEnd"/> values.</param>
/// <param name="verifyType">One of the <see cref="CredentialVerification"/> values.</param>
/// <param name="verifier">The <see cref="CertVerifyEventHandler"/> delegate.</param>
/// <param name="commonName">The common name of the remote computer. This is usually a domain name.</param>
/// <param name="flags">A bitwise combination of the <see cref="SecurityFlags"/> values.</param>
/// <param name="allowed">A bitwise combination of the <see cref="SslAlgorithms"/> values.</param>
/// <param name="requestHandler">The <see cref="CertRequestEventHandler"/> delegate.</param>
public SecurityOptions(SecureProtocol protocol, Certificate cert, ConnectionEnd entity, CredentialVerification verifyType, CertVerifyEventHandler verifier, string commonName, SecurityFlags flags, SslAlgorithms allowed, CertRequestEventHandler requestHandler) {
this.Protocol = protocol;
this.Certificate = cert;
this.Entity = entity;
this.VerificationType = verifyType;
this.Verifier = verifier;
this.CommonName = commonName;
this.Flags = flags;
this.AllowedAlgorithms = allowed;
this.RequestHandler = requestHandler;
}
internal SslConnectionListener(SecurityAssociationOptions requiredOptions,
SecurityAssociationOptions supportedOptions,
IServerSideAuthentication serverAuth,
omg.org.IOP.Codec codec)
{
m_codec = codec;
if (((requiredOptions & SecurityAssociationOptions.NoProtection) > 0) &&
(((supportedOptions & SecurityAssociationOptions.EstablishTrustInTarget) > 0) ||
((supportedOptions & SecurityAssociationOptions.EstablishTrustInClient) > 0)))
{
throw new ArgumentException("unsupported options combination: required no protection and supported EstablishTrustInTarget/Client");
}
SecureProtocol protocol = SecureProtocol.None;
SslAlgorithms allowedCiphers = SslAlgorithms.ALL;
if (((supportedOptions & SecurityAssociationOptions.EstablishTrustInTarget) > 0) ||
((supportedOptions & SecurityAssociationOptions.EstablishTrustInClient) > 0))
{
protocol = SecureProtocol.Tls1 | SecureProtocol.Ssl3;
allowedCiphers = SslAlgorithms.SECURE_CIPHERS;
m_isSecured = true;
}
CredentialVerification clientVerification = CredentialVerification.None;
CertVerifyEventHandler verifyClient = null;
SecurityFlags authFlags = SecurityFlags.Default;
if (((supportedOptions & SecurityAssociationOptions.EstablishTrustInClient) > 0) ||
((requiredOptions & SecurityAssociationOptions.EstablishTrustInClient) > 0))
{
clientVerification = CredentialVerification.Manual;
verifyClient = new CertVerifyEventHandler(this.CheckClientCertAtServer);
}
if ((requiredOptions & SecurityAssociationOptions.EstablishTrustInClient) > 0)
{
authFlags = SecurityFlags.MutualAuthentication;
}
m_sslOpts = new SecurityOptions(protocol, serverAuth.GetServerCertificate(), ConnectionEnd.Server,
clientVerification, verifyClient,
null, authFlags, allowedCiphers, null);
m_serverAuth = serverAuth;
m_supportedOptions = supportedOptions;
m_requiredOptions = requiredOptions;
}
public SecurityOptions(SecureProtocol protocol, ExtensionType[] extensions, Certificate cert,
ConnectionEnd entity, IEnumerable <string> knownProtocols,
CredentialVerification verifyType, CertVerifyEventHandler verifier,
string commonName, SecurityFlags flags, SslAlgorithms allowed,
CertRequestEventHandler requestHandler)
{
this.Protocol = protocol;
this.Certificate = cert;
this.Entity = entity;
this.VerificationType = verifyType;
this.Verifier = verifier;
this.CommonName = commonName;
this.Flags = flags;
this.AllowedAlgorithms = allowed;
this.RequestHandler = requestHandler;
this.KnownProtocols = knownProtocols;
this.Extensions = extensions;
this.ExtensionList = FormExtsList(extensions);
}
/// <summary>
/// Initializes a new instance of the SecurityOptions class.
/// </summary>
/// <param name="protocol">One of the <see cref="SecureProtocol"/> values.</param>
/// <param name="cert">A <see cref="Certificate"/> instance.</param>
/// <param name="entity">One of the <see cref="ConnectionEnd"/> values.</param>
/// <param name="verifyType">One of the <see cref="CredentialVerification"/> values.</param>
/// <param name="verifier">The <see cref="CertVerifyEventHandler"/> delegate.</param>
/// <param name="commonName">The common name of the remote computer. This is usually a domain name.</param>
/// <param name="flags">A bitwise combination of the <see cref="SecurityFlags"/> values.</param>
/// <param name="allowed">A bitwise combination of the <see cref="SslAlgorithms"/> values.</param>
/// <param name="requestHandler">The <see cref="CertRequestEventHandler"/> delegate.</param>
public SecurityOptions(SecureProtocol protocol, Certificate cert, ConnectionEnd entity, CredentialVerification verifyType, CertVerifyEventHandler verifier, string commonName, SecurityFlags flags, SslAlgorithms allowed, CertRequestEventHandler requestHandler)
{
this.Protocol = protocol;
this.Certificate = cert;
this.Entity = entity;
this.VerificationType = verifyType;
this.Verifier = verifier;
this.CommonName = commonName;
this.Flags = flags;
this.AllowedAlgorithms = allowed;
this.RequestHandler = requestHandler;
}
internal SslConnectionListener(SecurityAssociationOptions requiredOptions,
SecurityAssociationOptions supportedOptions,
IServerSideAuthentication serverAuth,
omg.org.IOP.Codec codec) {
m_codec = codec;
if (((requiredOptions & SecurityAssociationOptions.NoProtection) > 0) &&
(((supportedOptions & SecurityAssociationOptions.EstablishTrustInTarget) > 0) ||
((supportedOptions & SecurityAssociationOptions.EstablishTrustInClient) > 0))) {
throw new ArgumentException("unsupported options combination: required no protection and supported EstablishTrustInTarget/Client");
}
SecureProtocol protocol = SecureProtocol.None;
SslAlgorithms allowedCiphers = SslAlgorithms.ALL;
if (((supportedOptions & SecurityAssociationOptions.EstablishTrustInTarget) > 0) ||
((supportedOptions & SecurityAssociationOptions.EstablishTrustInClient) > 0)) {
protocol = SecureProtocol.Tls1 | SecureProtocol.Ssl3;
allowedCiphers = SslAlgorithms.SECURE_CIPHERS;
m_isSecured = true;
}
CredentialVerification clientVerification = CredentialVerification.None;
CertVerifyEventHandler verifyClient = null;
SecurityFlags authFlags = SecurityFlags.Default;
if (((supportedOptions & SecurityAssociationOptions.EstablishTrustInClient) > 0) ||
((requiredOptions & SecurityAssociationOptions.EstablishTrustInClient) > 0)) {
clientVerification = CredentialVerification.Manual;
verifyClient = new CertVerifyEventHandler(this.CheckClientCertAtServer);
}
if ((requiredOptions & SecurityAssociationOptions.EstablishTrustInClient) > 0) {
authFlags = SecurityFlags.MutualAuthentication;
}
m_sslOpts = new SecurityOptions(protocol, serverAuth.GetServerCertificate(), ConnectionEnd.Server,
clientVerification, verifyClient,
null, authFlags, allowedCiphers, null);
m_serverAuth = serverAuth;
m_supportedOptions = supportedOptions;
m_requiredOptions = requiredOptions;
}
private SecurityOptions CreateClientSecurityOptions(SSLComponentData sslData) {
CertVerifyEventHandler serverCertificateCheckHandler = null;
CertRequestEventHandler clientCertificateRequestHandler = null;
CredentialVerification credentialVerification = CredentialVerification.Auto;
SecureProtocol protocol = SecureProtocol.None;
SslAlgorithms sslAlgs = SslAlgorithms.ALL;
if (((sslData.TargetRequiredOptions & SecurityAssociationOptions.EstablishTrustInTarget) > 0) ||
((sslData.TargetRequiredOptions & SecurityAssociationOptions.EstablishTrustInClient) > 0)) {
protocol = SecureProtocol.Tls1 | SecureProtocol.Ssl3;
sslAlgs = SslAlgorithms.SECURE_CIPHERS;
credentialVerification = CredentialVerification.Manual;
serverCertificateCheckHandler = new CertVerifyEventHandler(this.CheckServerCertAtClient);
clientCertificateRequestHandler = new CertRequestEventHandler(this.GetClientCertAtClient);
}
SecurityOptions result =
new SecurityOptions(protocol,
null, ConnectionEnd.Client,
credentialVerification, serverCertificateCheckHandler,
null, SecurityFlags.Default, sslAlgs,
clientCertificateRequestHandler);
return result;
}
public SecurityOptions(SecureProtocol protocol, ExtensionType[] extensions, Certificate cert,
ConnectionEnd entity, IEnumerable<string> knownProtocols,
CredentialVerification verifyType, CertVerifyEventHandler verifier,
string commonName, SecurityFlags flags, SslAlgorithms allowed,
CertRequestEventHandler requestHandler)
{
this.Protocol = protocol;
this.Certificate = cert;
this.Entity = entity;
this.VerificationType = verifyType;
this.Verifier = verifier;
this.CommonName = commonName;
this.Flags = flags;
this.AllowedAlgorithms = allowed;
this.RequestHandler = requestHandler;
this.KnownProtocols = knownProtocols;
this.Extensions = extensions;
this.ExtensionList = FormExtsList(extensions);
}
