// Initialize all of the default certificates and protocols public SslServer() { // Initialize the Socket serverSocketType = SocketType.Stream; serverProtocolType = ProtocolType.Tcp; if (Microsoft.SPOT.Hardware.SystemInfo.SystemID.SKU == 3) { cert = new X509Certificate(CertificatesAndCAs.emuCert, "NetMF"); ca = new X509Certificate[] { new X509Certificate(CertificatesAndCAs.caEmuCert) }; } else { // Initialize the SslStream cert = new X509Certificate(CertificatesAndCAs.newCert); ca = new X509Certificate[] { new X509Certificate(CertificatesAndCAs.caCert) }; } verify = SslVerification.NoVerification; sslProtocols = new SslProtocols[] { SslProtocols.Default }; // Create a TCP/IP (IPv4) socket and listen for incoming connections. serverSocket = new Socket(AddressFamily.InterNetwork, serverSocketType, serverProtocolType); serverSocket.SetSocketOption(SocketOptionLevel.Socket, SocketOptionName.Linger, false); serverSocket.Bind(new IPEndPoint(IPAddress.Loopback, 0)); serverEp = (IPEndPoint)serverSocket.LocalEndPoint; Debug.Print("Listening for a client to connect..."); serverSocket.Listen(1); }
// Initialize all of the default certificates and protocols public SslServer() { // Initialize the Socket serverSocketType = SocketType.Stream; serverProtocolType = ProtocolType.Tcp; if (Microsoft.SPOT.Hardware.SystemInfo.SystemID.SKU == 3) { cert = new X509Certificate(CertificatesAndCAs.emuCert, "NetMF"); ca = new X509Certificate[] { new X509Certificate(CertificatesAndCAs.caEmuCert) }; } else { // Initialize the SslStream cert = new X509Certificate(CertificatesAndCAs.newCert); ca = new X509Certificate[] { new X509Certificate(CertificatesAndCAs.caCert) }; } verify = SslVerification.NoVerification; sslProtocols = new SslProtocols[] { SslProtocols.Default }; // Create a TCP/IP (IPv4) socket and listen for incoming connections. serverSocket = new Socket(AddressFamily.InterNetwork, serverSocketType, serverProtocolType); serverSocket.SetSocketOption(SocketOptionLevel.Socket, SocketOptionName.Linger, false); serverSocket.Bind(new IPEndPoint(IPAddress.Loopback, 0)); serverEp = (IPEndPoint)serverSocket.LocalEndPoint; Log.Comment("Listening for a client to connect..."); serverSocket.Listen(1); }
public SslServer(X509Certificate certificate, X509Certificate[] ca, SslVerification clientCertificateRequired, SslProtocols[] enabledSslProtocols, bool expectedException) { this.certificate = certificate; this.ca = ca; this.clientCertificateRequired = clientCertificateRequired; this.enabledSslProtocols = enabledSslProtocols; this.expectedException = expectedException; //Get the IPV4 address on this machine which is all that the MF devices support. IPHostEntry hostEntry = Dns.GetHostEntry(""); ipAddress = hostEntry.AddressList[0]; if (ipAddress == null) throw new Exception("No IPV4 address found."); }
public SslClient(IPAddress ipAddress, String targetHost, X509Certificate cert, X509Certificate [] ca, SslVerification verify, SslProtocols[] sslProtocols, bool expectedException) { // Initialize the Socket messageSent = MFUtilities.GetRandomSafeString(2000) + TERMINATOR; // Initialize the port that communication is using port = 11111; this.ipAddress = ipAddress; this.messageSent = "hello" + TERMINATOR; this.targetHost = targetHost; this.cert = cert; this.ca = ca; this.verify = verify; this.sslProtocols = sslProtocols; this.expectedException = expectedException; }
public SslServer(X509Certificate certificate, X509Certificate[] ca, SslVerification clientCertificateRequired, SslProtocols[] enabledSslProtocols, bool expectedException) { this.certificate = certificate; this.ca = ca; this.clientCertificateRequired = clientCertificateRequired; this.enabledSslProtocols = enabledSslProtocols; this.expectedException = expectedException; //Get the IPV4 address on this machine which is all that the MF devices support. IPHostEntry hostEntry = Dns.GetHostEntry(""); ipAddress = hostEntry.AddressList[0]; if (ipAddress == null) { throw new Exception("No IPV4 address found."); } }
public SslClient() { // Initialize the Socket clientSocketType = SocketType.Stream; clientProtocolType = ProtocolType.Tcp; if (Microsoft.SPOT.Hardware.SystemInfo.SystemID.SKU == 3) { cert = new X509Certificate(CertificatesAndCAs.emuCert, "NetMF"); ca = new X509Certificate[] { new X509Certificate(CertificatesAndCAs.caEmuCert) }; targetHost = "ZACHL-SBA1.redmond.corp.microsoft.com"; } else { cert = new X509Certificate(CertificatesAndCAs.newCert); ca = new X509Certificate[] { new X509Certificate(CertificatesAndCAs.caCert) }; targetHost = "Device.Microsoft.Com"; } verify = SslVerification.CertificateRequired; sslProtocols = new SslProtocols[] { SslProtocols.Default }; }
internal void Authenticate(bool isServer, string targetHost, X509Certificate certificate, X509Certificate[] ca, SslVerification verify, params SslProtocols[] sslProtocols) { SslProtocols vers = (SslProtocols)0; if (-1 != _sslContext) throw new InvalidOperationException(); for (int i = sslProtocols.Length - 1; i >= 0; i--) { vers |= sslProtocols[i]; } _isServer = isServer; try { if (isServer) { _sslContext = SslNative.SecureServerInit((int)vers, (int)verify, certificate, ca); SslNative.SecureAccept(_sslContext, _socket); } else { _sslContext = SslNative.SecureClientInit((int)vers, (int)verify, certificate, ca); SslNative.SecureConnect(_sslContext, targetHost, _socket); } } catch { if (_sslContext != -1) { SslNative.ExitSecureContext(_sslContext); _sslContext = -1; } throw; } }
public void AuthenticateAsServer(X509Certificate cert, SslVerification verify, params SslProtocols[] sslProtocols) { AuthenticateAsServer(cert, null, verify, sslProtocols); }
public extern int AuthenticateAsClient(int socketHandle, string targetHost, X509Certificate caCertificate, X509Certificate clientCertificate, SslProtocols sslProtocols, SslVerification sslVerification);
public void AuthenticateAsClient(string targetHost, X509Certificate cert, X509Certificate[] ca, SslVerification verify, params SslProtocols[] sslProtocols) { Authenticate(false, targetHost, cert, ca, verify, sslProtocols); }
public void AuthenticateAsServer(X509Certificate cert, X509Certificate[] ca, SslVerification verify, params SslProtocols[] sslProtocols) { Authenticate(true, "", cert, ca, verify, sslProtocols); }
internal void Authenticate(bool isServer, string targetHost, X509Certificate certificate, X509Certificate[] ca, SslVerification verify, params SslProtocols[] sslProtocols) { SslProtocols vers = (SslProtocols)0; if (-1 != _sslContext) { throw new InvalidOperationException(); } for (int i = sslProtocols.Length - 1; i >= 0; i--) { vers |= sslProtocols[i]; } _isServer = isServer; try { if (isServer) { throw new NotImplementedException(); //_sslContext = SslNative.SecureServerInit((int)vers, (int)verify, certificate, ca); //SslNative.SecureAccept(_sslContext, _socket); } else { bool secMethodSSL3 = false; bool secMethodTLS1 = false; for (int iProtocol = 0; iProtocol < sslProtocols.Length; iProtocol++) { switch (sslProtocols[iProtocol]) { case SslProtocols.None: throw new ArgumentException("sslProtocols"); case SslProtocols.SSLv3: secMethodSSL3 = true; break; case SslProtocols.TLSv1: secMethodTLS1 = true; break; case SslProtocols.Default: secMethodSSL3 = true; secMethodTLS1 = true; break; } } byte sslProtocolOption = 0; if (secMethodSSL3 && secMethodTLS1) { sslProtocolOption = 4; /* SL_SO_SEC_METHOD_SSLv3_TLSV1_2 */ } else if (secMethodSSL3) { sslProtocolOption = 0; /* SL_SO_SEC_METHOD_SSLV3 */ } else if (secMethodTLS1) { sslProtocolOption = 1; /* SL_SO_SEC_METHOD_TLSV1 */ } else { throw new ArgumentException("sslProtocols"); } /* NOTE: we now pass a message to the socket asking it to reconnect as SSL (using our specific SSL options) -- and then have it update its handle! * we should also make sure that no other sockets are opened during the operation--so that no other threads sneak in and steal the last socket handle. */ byte[] addressAndHandle = new byte[10]; /* fill bytes 0-7 with our socket's target IP address, so we know where to connect to! */ addressAndHandle[2] = (byte)((((IPEndPoint)_socket.RemoteEndPoint).Port >> 8) & 0xFF); addressAndHandle[3] = (byte)(((IPEndPoint)_socket.RemoteEndPoint).Port & 0xFF); Array.Copy(((IPEndPoint)_socket.RemoteEndPoint).Address.GetAddressBytes(), 0, addressAndHandle, 4, 4); // byte 8 is our sslProtocolOption addressAndHandle[8] = sslProtocolOption; // byte 9 will be our handle (new handle as output) addressAndHandle[9] = 0xFF; // default handle to 0xFF to represent "no handle" // request "upgrade to SSL/TLS" by closing the current socket and re-connecting via SSL/TLS _socket.GetSocketOption(SocketOptionLevel.Socket, (SocketOptionName)0x400002, addressAndHandle); if (addressAndHandle[9] == 0xFF) { // could not upgrade/re-connect to SSL throw new Exception(); /* NOTE: what is the correct exception? */ } else { _socket.m_Handle = addressAndHandle[9]; } _sslContext = 0; /* SSL is now enabled on this socket */ } } catch { if (_sslContext != -1) { /* TODO: if we could not connect via SSL, do we need to reconnect as non-secure? */ _sslContext = -1; } throw; } }
internal void Authenticate(bool isServer, string targetHost, X509Certificate certificate, X509Certificate[] ca, SslVerification verify, params SslProtocols[] sslProtocols) { SslProtocols vers = (SslProtocols)0; if (-1 != _sslContext) { throw new InvalidOperationException(); } for (int i = sslProtocols.Length - 1; i >= 0; i--) { vers |= sslProtocols[i]; } _isServer = isServer; try { if (isServer) { _sslContext = SslNative.SecureServerInit((int)vers, (int)verify, certificate, ca); SslNative.SecureAccept(_sslContext, _socket); } else { _sslContext = SslNative.SecureClientInit((int)vers, (int)verify, certificate, ca); SslNative.SecureConnect(_sslContext, targetHost, _socket); } } catch { if (_sslContext != -1) { SslNative.ExitSecureContext(_sslContext); _sslContext = -1; } throw; } }
public void AuthenticateAsClient(string targetHost, X509Certificate caCertificate, X509Certificate clientCertificate, SslProtocols sslProtocols, SslVerification sslVerification) => this.sslHandle = this.ni.AuthenticateAsClient(this._socket.m_Handle, targetHost, caCertificate, clientCertificate, sslProtocols, sslVerification);
public void AuthenticateAsClient(string targetHost, X509Certificate cert, SslVerification verify, params SslProtocols[] sslProtocols) { AuthenticateAsClient(targetHost, cert, CertificateStore.CACertificates, verify, sslProtocols); }