void ReplaceHandler(IChannelHandlerContext context, ServerTlsSettings serverTlsSetting) { Contract.Requires(serverTlsSetting != null); var tlsHandler = new TlsHandler(this.sslStreamFactory, serverTlsSetting); context.Channel.Pipeline.Replace(this, nameof(TlsHandler), tlsHandler); }
public X509TlsTenancyHandler(ServerTlsSettings tlsSettings, ISettingsProvider settingsProvider) { Contract.Requires(tlsSettings != null); this.tlsHandler = new TlsHandler(stream => new SslStream(stream, true, ClientCertValidatorCallback), tlsSettings); this.closeFuture = new TaskCompletionSource(); this.settingsProvider = settingsProvider; }
static async Task RunTcpServerAsyncLibuv() { Console.WriteLine("Initializing Server..."); ConsoleLoggerOptions loggeroptions = new ConsoleLoggerOptions() { IncludeScopes = false }; LoggerFactory loggerFactory = new LoggerFactory(); loggerFactory.AddConsole(Microsoft.Extensions.Logging.LogLevel.Error, false); InternalLoggerFactory.DefaultFactory.AddProvider(new ConsoleLoggerProvider((s, level) => true, false)); var dispatcher = new DispatcherEventLoopGroup(); bossGroup = dispatcher; workerGroup = new WorkerEventLoopGroup(dispatcher); X509Certificate2 tlsServerCertificate = new X509Certificate2(@"protocol-gateway.contoso.com.pfx", "password"); IChannel boundChannel = null; try { var bootstrap = new ServerBootstrap(); bootstrap.Group(bossGroup, workerGroup); bootstrap.Channel <TcpServerChannel>(); bootstrap .Option(ChannelOption.SoBacklog, 100) .Handler(new LoggingHandler("SRV_LSTN")) .ChildHandler(new ActionChannelInitializer <IChannel>(channel => { IChannelPipeline pipeline = channel.Pipeline; if (tlsServerCertificate != null) { var tlsSettings = new ServerTlsSettings(tlsServerCertificate, true, true, System.Security.Authentication.SslProtocols.Tls); var handler = new TlsHandler(stream => new System.Net.Security.SslStream(stream, true, ValidateClientCertificate), tlsSettings); pipeline.AddLast("certTls", handler); } pipeline.AddLast("framing-enc", new LengthFieldPrepender(2)); pipeline.AddLast("framing-dec", new LengthFieldBasedFrameDecoder(ushort.MaxValue, 0, 2, 0, 2)); pipeline.AddLast("echo", new EchoServerHandler()); })); boundChannel = await bootstrap.BindAsync(IPAddress.Any, 3382); } catch (Exception e) { Console.WriteLine(e.Message); } finally { //boundChannel.CloseAsync().Wait(); //await bossGroup.ShutdownGracefullyAsync(TimeSpan.FromMilliseconds(100), TimeSpan.FromSeconds(1)); //await workerGroup.ShutdownGracefullyAsync(TimeSpan.FromMilliseconds(100), TimeSpan.FromSeconds(1)); } }
public static TlsHandlerWrapper Server(X509Certificate certificate) { TlsHandlerWrapper wrapper = new TlsHandlerWrapper(); ServerTlsSettings serverTls = new ServerTlsSettings(certificate, true); Func <Stream, SslStream> customSslStream = CreateSslStream; TlsHandler tlsHandler = new TlsHandler(CreateSslStream, serverTls); wrapper.handler = tlsHandler; return(wrapper); }
/** * Configure the pipeline for TLS NPN negotiation to HTTP/2. */ void ConfigureSsl(IChannel ch) { var tlsSettings = new ServerTlsSettings(this.tlsCertificate) { ApplicationProtocols = new List <SslApplicationProtocol>(new[] { SslApplicationProtocol.Http2, SslApplicationProtocol.Http11 }) }; tlsSettings.AllowAnyClientCertificate(); ch.Pipeline.AddLast(new TlsHandler(tlsSettings)); ch.Pipeline.AddLast(new Http2OrHttpHandler()); }
public Task <IChannel> StartAsync() { var bootstrap = new ServerBootstrap(); bootstrap.Group(_bossGroup, _workGroup); if (ServerSettings.UseLibuv) { bootstrap.Channel <TcpServerChannel>(); if (RuntimeInformation.IsOSPlatform(OSPlatform.Linux) || RuntimeInformation.IsOSPlatform(OSPlatform.OSX)) { bootstrap .Option(ChannelOption.SoReuseport, true) .ChildOption(ChannelOption.SoReuseaddr, true); } } else { bootstrap.Channel <TcpServerSocketChannel>(); } var tlsCertificate = new X509Certificate2(Path.Combine(ExampleHelper.ProcessDirectory, "dotnetty.com.pfx"), "password"); bootstrap .Option(ChannelOption.SoBacklog, 1024) //.Option(ChannelOption.Allocator, UnpooledByteBufferAllocator.Default) .Handler(new LoggingHandler("LSTN")) .ChildHandler(new ActionChannelInitializer <IChannel>(ch => { var tlsSettings = new ServerTlsSettings(tlsCertificate) { ApplicationProtocols = new List <SslApplicationProtocol>(new[] { SslApplicationProtocol.Http2, SslApplicationProtocol.Http11 }) }; tlsSettings.AllowAnyClientCertificate(); ch.Pipeline.AddLast(new TlsHandler(tlsSettings)); ch.Pipeline.AddLast(new Http2OrHttpHandler()); })); return(bootstrap.BindAsync(IPAddress.Loopback, PORT)); }
/// <summary> /// Bootstraps the Tcp IoT Hub Gateway for X509 cert based Tls /// </summary> /// <param name="certificate2">Server certificate for Tls</param> /// <param name="threadCount"># of threads to be used</param> /// <param name="cancellationToken">Cancellation flag</param> /// <returns></returns> public async Task RunAsync(X509Certificate2 certificate2, int threadCount, CancellationToken cancellationToken) { Contract.Requires(threadCount > 0); try { var serverTlsSettings = new ServerTlsSettings(certificate2, true, true, System.Security.Authentication.SslProtocols.Tls12); //var tlsHandler = new Tenancy.X509TlsTenancyHandler(serverTlsSettings); var tlsHandler = TlsHandler.Server(certificate2); this.RunAsync(threadCount, cancellationToken, tlsHandler, true); } catch (Exception ex) { //BootstrapperEventSource.Log.Error("Failed to start", ex); this.CloseAsync(); } }
ServerBootstrap SetupBootstrap() { return(new ServerBootstrap() .Group(this.parentEventLoopGroup, this.eventLoopGroup) .Option(ChannelOption.SoBacklog, ListenBacklogSize) .ChildOption(ChannelOption.Allocator, PooledByteBufferAllocator.Default) .ChildOption(ChannelOption.AutoRead, true) .Channel <TcpServerSocketChannel>() .ChildHandler(new ActionChannelInitializer <ISocketChannel>(channel => { if (this.tlsCertificate != null) { var tlsSettings = new ServerTlsSettings(this.tlsCertificate, true, true, System.Security.Authentication.SslProtocols.Tls12); var handler = new Tenancy.X509TlsTenancyHandler(tlsSettings, this.settingsProvider); channel.Pipeline.AddLast("certTls", handler); } var messagingAddressConverter = new ConfigurableMessageAddressConverter(); channel.Pipeline.AddLast(DeviceTopicDecoder.HandlerName, new DeviceTopicDecoder(this.credentialProvider, messagingAddressConverter.TopicTemplates)); channel.Pipeline.AddLast(SocketIoTHubAdapter.HandlerName, new SocketIoTHubAdapter(this.settings, credentialProvider, this.authProvider)); }))); }
ServerBootstrap SetupServerBootstrap() { int maxInboundMessageSize = this.settingsProvider.GetIntegerSetting("MaxInboundMessageSize", DefaultMaxInboundMessageSize); int threadCount = this.settingsProvider.GetIntegerSetting("ThreadCount", DefaultThreadCount); int listenBacklogSize = this.settingsProvider.GetIntegerSetting("ListenBacklogSize", DefaultListenBacklogSize); int parentEventLoopCount = this.settingsProvider.GetIntegerSetting("EventLoopCount", DefaultParentEventLoopCount); var settings = new Settings(this.settingsProvider); MessagingBridgeFactoryFunc bridgeFactory = this.mqttConnectionProvider.Connect; var bootstrap = new ServerBootstrap(); // multithreaded event loop that handles the incoming connection IEventLoopGroup parentEventLoopGroup = new MultithreadEventLoopGroup(parentEventLoopCount); // multithreaded event loop (worker) that handles the traffic of the accepted connections this.eventLoopGroup = new MultithreadEventLoopGroup(threadCount); bootstrap.Group(parentEventLoopGroup, this.eventLoopGroup) .Option(ChannelOption.SoBacklog, listenBacklogSize) // Allow listening socket to force bind to port if previous socket is still in TIME_WAIT // Fixes "address is already in use" errors .Option(ChannelOption.SoReuseaddr, true) .ChildOption(ChannelOption.Allocator, this.byteBufferAllocator) .ChildOption(ChannelOption.AutoRead, AutoRead) // channel that accepts incoming connections .Channel <TcpServerSocketChannel>() // Channel initializer, it is handler that is purposed to help configure a new channel .ChildHandler( new ActionChannelInitializer <ISocketChannel>( channel => { var identityProvider = new DeviceIdentityProvider(this.authenticator, this.clientCredentialsFactory, this.clientCertAuthAllowed); // configure the channel pipeline of the new Channel by adding handlers TlsSettings serverSettings = new ServerTlsSettings( certificate: this.tlsCertificate, negotiateClientCertificate: this.clientCertAuthAllowed ); channel.Pipeline.AddLast( new TlsHandler( stream => new SslStream( stream, true, (sender, remoteCertificate, remoteChain, sslPolicyErrors) => this.RemoteCertificateValidationCallback(identityProvider, remoteCertificate, remoteChain)), serverSettings)); channel.Pipeline.AddLast( MqttEncoder.Instance, new MqttDecoder(true, maxInboundMessageSize), new MqttAdapter( settings, this.sessionProvider, identityProvider, null, bridgeFactory)); })); var mqttWebSocketListener = new MqttWebSocketListener( settings, bridgeFactory, this.authenticator, this.clientCredentialsFactory, () => this.sessionProvider, new MultithreadEventLoopGroup(Environment.ProcessorCount), this.byteBufferAllocator, AutoRead, maxInboundMessageSize, this.clientCertAuthAllowed); this.webSocketListenerRegistry.TryRegister(mqttWebSocketListener); return(bootstrap); }
static async Task <Tuple <EmbeddedChannel, SslStream> > SetupStreamAndChannelAsync(bool isClient, IEventExecutor executor, IWriteStrategy writeStrategy, SslProtocols protocol, List <Task> writeTasks, string targetHost) { IChannelHandler tlsHandler = isClient ? (IChannelHandler) new TlsHandler(stream => new SslStream(stream, true, (sender, certificate, chain, errors) => { Assert.Equal(targetHost, certificate.Issuer.Replace("CN=", string.Empty)); return(true); }), new ClientTlsSettings(protocol, false, new List <X509Certificate>(), targetHost)) : new SniHandler(stream => new SslStream(stream, true, (sender, certificate, chain, errors) => true), new ServerTlsSniSettings(CertificateSelector)); //var ch = new EmbeddedChannel(new LoggingHandler("BEFORE"), tlsHandler, new LoggingHandler("AFTER")); var ch = new EmbeddedChannel(tlsHandler); if (!isClient) { // check if in the beginning snihandler exists in the pipeline, but not tls handler Assert.NotNull(ch.Pipeline.Get <SniHandler>()); Assert.Null(ch.Pipeline.Get <TlsHandler>()); } IByteBuffer readResultBuffer = Unpooled.Buffer(4 * 1024); Func <ArraySegment <byte>, Task <int> > readDataFunc = async output => { if (writeTasks.Count > 0) { await Task.WhenAll(writeTasks).WithTimeout(TestTimeout); writeTasks.Clear(); } if (readResultBuffer.ReadableBytes < output.Count) { if (ch.Active) { await ReadOutboundAsync(async() => ch.ReadOutbound <IByteBuffer>(), output.Count - readResultBuffer.ReadableBytes, readResultBuffer, TestTimeout, readResultBuffer.ReadableBytes != 0? 0 : 1); } } int read = Math.Min(output.Count, readResultBuffer.ReadableBytes); readResultBuffer.ReadBytes(output.Array, output.Offset, read); return(read); }; var mediationStream = new MediationStream(readDataFunc, input => { Task task = executor.SubmitAsync(() => writeStrategy.WriteToChannelAsync(ch, input)).Unwrap(); writeTasks.Add(task); return(task); }); var driverStream = new SslStream(mediationStream, true, (_1, _2, _3, _4) => true); if (isClient) { ServerTlsSettings serverTlsSettings = CertificateSelector(targetHost).Result; await Task.Run(() => driverStream.AuthenticateAsServerAsync(serverTlsSettings.Certificate, false, protocol | serverTlsSettings.EnabledProtocols, false).WithTimeout(TimeSpan.FromSeconds(5))); } else { await Task.Run(() => driverStream.AuthenticateAsClientAsync(targetHost, null, protocol, false)).WithTimeout(TimeSpan.FromSeconds(5)); } writeTasks.Clear(); return(Tuple.Create(ch, driverStream)); }
public async Task RunAsync2(int threadCount, CancellationToken cancellationToken, X509Certificate2 cert = null, ServerTlsSettings serverTlsSettings = null, RemoteCertificateValidationCallback rcvb = null) { Contract.Requires(threadCount > 0); try { //BootstrapperEventSource.Log.Info("Starting", null); //PerformanceCounters.ConnectionsEstablishedTotal.RawValue = 0; //PerformanceCounters.ConnectionsCurrent.RawValue = 0; this.parentEventLoopGroup = new MultithreadEventLoopGroup(1); this.eventLoopGroup = new MultithreadEventLoopGroup(threadCount); ChannelHandlerAdapter handler = null; if (cert != null && serverTlsSettings != null) { handler = new TlsHandler(stream => new SslStream(stream, true, rcvb), serverTlsSettings); } else { handler = new DataBasedTenancyHandler(); } ServerBootstrap bootstrap = this.SetupBootstrap(handler); //BootstrapperEventSource.Log.Info($"Initializing TLS endpoint on port {this.settings.ListeningPort.ToString()} with certificate {this.tlsCertificate.Thumbprint}.", null); this.serverChannel = await bootstrap.BindAsync(IPAddress.Any, rcvb != null?this.settings.SecureListeningPort : this.settings.ListeningPort); this.serverChannel.CloseCompletion.LinkOutcome(this.closeCompletionSource); cancellationToken.Register(this.CloseAsync); //BootstrapperEventSource.Log.Info("Started", null); } catch (Exception ex) { //BootstrapperEventSource.Log.Error("Failed to start", ex); this.CloseAsync(); } }