public ClientContext(SslClientStream stream, SecurityProtocolType securityProtocolType, string targetHost, X509CertificateCollection clientCertificates)
: base(securityProtocolType)
{
sslStream = stream;
base.ClientSettings.Certificates = clientCertificates;
base.ClientSettings.TargetHost = targetHost;
}
static string PostStream (Mono.Security.Protocol.Tls.SecurityProtocolType protocol, string url, byte[] buffer)
{
Uri uri = new Uri (url);
string post = "POST " + uri.AbsolutePath + " HTTP/1.0\r\n";
post += "Content-Type: application/x-www-form-urlencoded\r\n";
post += "Content-Length: " + (buffer.Length + 5).ToString () + "\r\n";
post += "Host: " + uri.Host + "\r\n\r\n";
post += "TEST=";
byte[] bytes = Encoding.Default.GetBytes (post);
IPHostEntry host = Dns.Resolve (uri.Host);
IPAddress ip = host.AddressList [0];
Socket socket = new Socket (ip.AddressFamily, SocketType.Stream, ProtocolType.Tcp);
socket.Connect (new IPEndPoint (ip, uri.Port));
NetworkStream ns = new NetworkStream (socket, false);
SslClientStream ssl = new SslClientStream (ns, uri.Host, false, protocol);
ssl.ServerCertValidationDelegate += new CertificateValidationCallback (CertificateValidation);
ssl.Write (bytes, 0, bytes.Length);
ssl.Write (buffer, 0, buffer.Length);
ssl.Flush ();
StreamReader reader = new StreamReader (ssl, Encoding.UTF8);
string result = reader.ReadToEnd ();
int start = result.IndexOf ("\r\n\r\n") + 4;
start = result.IndexOf ("\r\n\r\n") + 4;
return result.Substring (start);
}
public ClientContext(
SslClientStream stream,
SecurityProtocolType securityProtocolType,
string targetHost,
X509CertificateCollection clientCertificates)
: base(securityProtocolType)
{
this.sslStream = stream;
this.ClientSettings.Certificates = clientCertificates;
this.ClientSettings.TargetHost = targetHost;
}
public override void Open()
{
TcpClient plainClient = new TcpClient(hostname, port);
plainStream = plainClient.GetStream();
if(secured)
{
secureStream = new SslClientStream(stream, hostname, false, SecurityProtocolType.Tls, null);
secureStream.CheckCertRevocationStatus = true;
secureStream.ServerCertValidationDelegate += new CertificateValidationCallback(secureStream_OnServerCertValidation);
stream = secureStream;
raiseCertificateVerifiedEvent(EventArgs.Empty);
}
else
{
stream = plainStream;
}
}
static void Main(string[] args)
{
string host = "localhost";
if (args.Length > 0)
host = args[0];
SecurityProtocolType protocol = SecurityProtocolType.Tls;
if (args.Length > 1) {
switch (args [1].ToUpper ()) {
case "SSL":
protocol = SecurityProtocolType.Ssl3;
break;
}
}
X509CertificateCollection certificates = null;
if (args.Length > 2) {
string password = null;
if (args.Length > 3)
password = args [3];
p12 = Mono.Security.X509.PKCS12.LoadFromFile(args [2], password);
certificates = new X509CertificateCollection ();
foreach (Mono.Security.X509.X509Certificate cert in p12.Certificates) {
certificates.Add(new X509Certificate(cert.RawData));
}
}
TcpClient client = new TcpClient ();
client.Connect (host, 4433);
SslClientStream ssl = new SslClientStream (client.GetStream(), host, false, protocol, certificates);
ssl.ServerCertValidationDelegate += new CertificateValidationCallback (CertificateValidation);
ssl.ClientCertSelectionDelegate += new CertificateSelectionCallback (ClientCertificateSelection);
ssl.PrivateKeyCertSelectionDelegate += new PrivateKeySelectionCallback (PrivateKeySelection);
StreamWriter sw = new StreamWriter (ssl, System.Text.Encoding.ASCII);
sw.WriteLine ("GET /clientcert.aspx{0}", Environment.NewLine);
sw.Flush ();
StreamReader sr = new StreamReader (ssl);
Console.WriteLine (sr.ReadToEnd ());
}
// make the actual connection
// and HELO handshaking
private void Connect() {
Stream stream;
if (use_ssl) {
tcpConnection = new TcpClient( server , 465 );
stream = new SslClientStream (tcpConnection.GetStream(), server, false);
} else {
tcpConnection = new TcpClient( server , 25 );
stream = tcpConnection.GetStream();
}
smtp = new EsmtpStream( stream );
// read the server greeting
smtp.ReadResponse();
smtp.CheckForStatusCode( 220 );
// write the HELO command to the server
smtp.WriteHelo( Dns.GetHostName() );
smtp.WriteAuth( username, password );
}
public static string GetStreamPage(string url)
{
Uri uri = new Uri (url);
if (uri.Scheme != Uri.UriSchemeHttps)
throw new NotSupportedException ("Stream only works with HTTPS protocol");
IPHostEntry host = Dns.Resolve (uri.Host);
IPAddress ip = host.AddressList [0];
Socket socket = new Socket (ip.AddressFamily, SocketType.Stream, ProtocolType.Tcp);
socket.Connect (new IPEndPoint (ip, uri.Port));
NetworkStream ns = new NetworkStream (socket, false);
SslClientStream ssl = new SslClientStream (ns, uri.Host, false, protocol, certificates);
ssl.ServerCertValidationDelegate += new CertificateValidationCallback (CertificateValidation);
StreamWriter sw = new StreamWriter (ssl);
sw.WriteLine ("GET {0} HTTP/1.0{1}", uri.AbsolutePath, Environment.NewLine);
sw.Flush ();
StreamReader sr = new StreamReader (ssl, Encoding.UTF8);
return sr.ReadToEnd ();
}
/***********************************************************************/
/// <summary> Constructs a TCP/IP connection to a server specified in host and port.
/// Starts the reader thread.
///
/// </summary>
/// <param name="host">The host to connect to.
///
/// </param>
/// <param name="port">The port on the host to connect to.
///
/// </param>
/// <param name="semaphoreId">The write semaphore ID to use for the connect
/// </param>
private void connect(System.String host, int port, int semaphoreId)
{
/* Synchronized so all variables are in a consistant state and
* so that another thread isn't doing a connect, disconnect, or clone
* at the same time.
*/
// Wait for active reader to terminate
waitForReader(null);
// Clear the server shutdown notification flag. This should already
// be false unless of course we are reusing the same Connection object
// after a server shutdown notification
unsolSvrShutDnNotification = false;
int semId = acquireWriteSemaphore(semaphoreId);
// Make socket connection to specified host and port
if (port == 0)
{
port = 389;//LdapConnection.DEFAULT_PORT;
}
try
{
if ((in_Renamed == null) || (out_Renamed == null))
{
if(Ssl)
{
this.host = host;
this.port = port;
this.sock = new Socket ( AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.IP);
IPAddress hostadd = Dns.Resolve(host).AddressList[0];
IPEndPoint ephost = new IPEndPoint(hostadd,port);
sock.Connect(ephost);
NetworkStream nstream = new NetworkStream(sock,true);
SslClientStream sslstream = new SslClientStream(
nstream,
host,
false,
Mono.Security.Protocol.Tls.SecurityProtocolType.Ssl3|Mono.Security.Protocol.Tls.SecurityProtocolType.Tls);
sslstream.ServerCertValidationDelegate += new CertificateValidationCallback(ServerCertificateValidation);
// byte[] buffer = new byte[0];
// sslstream.Read(buffer, 0, buffer.Length);
// sslstream.doHandshake();
in_Renamed = (System.IO.Stream) sslstream;
out_Renamed = (System.IO.Stream) sslstream;
}
else{
socket = new System.Net.Sockets.TcpClient(host, port);
in_Renamed = (System.IO.Stream) socket.GetStream();
out_Renamed = (System.IO.Stream) socket.GetStream();
}
}
else
{
Console.WriteLine( "connect input/out Stream specified");
}
}
catch (System.IO.IOException ioe)
{
// Unable to connect to server host:port
// freeWriteSemaphore(semId);
throw new LdapException(ExceptionMessages.CONNECTION_ERROR, new System.Object[]{host, port}, LdapException.CONNECT_ERROR, null, ioe);
}
// Set host and port
this.host = host;
this.port = port;
// start the reader thread
this.startReader();
freeWriteSemaphore(semId);
clientActive = true; // Client is up
return ;
}
/// <summary> StartsTLS, in this package, assumes the caller has:
/// 1) Acquired the writeSemaphore
/// 2) Stopped the reader thread
/// 3) checked that no messages are outstanding on this connection.
///
/// After calling this method upper layers should start the reader
/// by calling startReader()
///
/// In the client.Connection, StartTLS assumes Ldap.LdapConnection will
/// stop and start the reader thread. Connection.StopTLS will stop
/// and start the reader thread.
/// </summary>
/* package */
internal void startTLS()
{
try
{
waitForReader(null);
this.nonTLSBackup = this.socket;
/* this.sock = new Socket ( AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.IP);
IPAddress hostadd = Dns.Resolve(host).AddressList[0];
IPEndPoint ephost = new IPEndPoint(hostadd,port);
sock.Connect(ephost);
*/
// NetworkStream nstream = new NetworkStream(this.socket,true);
SslClientStream sslstream = new SslClientStream(
socket.GetStream(),
// nstream,
host,
false,
Mono.Security.Protocol.Tls.SecurityProtocolType.Ssl3| Mono.Security.Protocol.Tls.SecurityProtocolType.Tls);
sslstream.ServerCertValidationDelegate = new CertificateValidationCallback(ServerCertificateValidation);
this.in_Renamed = (System.IO.Stream) sslstream;
this.out_Renamed = (System.IO.Stream) sslstream;
}
catch (System.IO.IOException ioe)
{
this.nonTLSBackup = null;
throw new LdapException("Could not negotiate a secure connection", LdapException.CONNECT_ERROR, null, ioe);
}
catch (System.Exception uhe)
{
this.nonTLSBackup = null;
throw new LdapException("The host is unknown", LdapException.CONNECT_ERROR, null, uhe);
}
return ;
}
public void RawOpen(int timeout)
{
// Keep track of time remaining; Even though there may be multiple timeout-able calls,
// this allows us to still respect the caller's timeout expectation.
var attemptStart = DateTime.Now;
var result = Dns.BeginGetHostAddresses(Host, null, null);
if (!result.AsyncWaitHandle.WaitOne(timeout, true))
{
// Timeout was used up attempting the Dns lookup
throw new TimeoutException(L10N.DnsLookupTimeout);
}
timeout -= Convert.ToInt32((DateTime.Now - attemptStart).TotalMilliseconds);
var ips = Dns.EndGetHostAddresses(result);
Socket socket = null;
Exception lastSocketException = null;
// try every ip address of the given hostname, use the first reachable one
// make sure not to exceed the caller's timeout expectation by splitting the
// time we have left between all the remaining ip's in the list.
for (var i = 0; i < ips.Length; i++)
{
_log.Trace("Attempting to connect to " + ips[i]);
var ep = new IPEndPoint(ips[i], Port);
socket = new Socket(ep.AddressFamily, SocketType.Stream, ProtocolType.Tcp);
attemptStart = DateTime.Now;
try
{
result = socket.BeginConnect(ep, null, null);
if (!result.AsyncWaitHandle.WaitOne(timeout / (ips.Length - i), true))
{
throw new TimeoutException(L10N.ConnectionTimeout);
}
socket.EndConnect(result);
// connect was successful, leave the loop
break;
}
catch (Exception e)
{
_log.Warn("Failed to connect to " + ips[i]);
timeout -= Convert.ToInt32((DateTime.Now - attemptStart).TotalMilliseconds);
lastSocketException = e;
socket.Close();
socket = null;
}
}
if (socket == null)
{
throw lastSocketException;
}
var baseStream = new NpgsqlNetworkStream(socket, true);
Stream sslStream = null;
// If the PostgreSQL server has SSL connectors enabled Open SslClientStream if (response == 'S') {
if (SSL || (SslMode == SslMode.Require) || (SslMode == SslMode.Prefer))
{
baseStream
.WriteInt32(8)
.WriteInt32(80877103);
// Receive response
var response = (Char)baseStream.ReadByte();
if (response != 'S')
{
if (SslMode == SslMode.Require) {
throw new InvalidOperationException(L10N.SslRequestError);
}
}
else
{
//create empty collection
var clientCertificates = new X509CertificateCollection();
//trigger the callback to fetch some certificates
DefaultProvideClientCertificatesCallback(clientCertificates);
//if (context.UseMonoSsl)
if (!UseSslStream)
{
var sslStreamPriv = new SslClientStream(baseStream, Host, true, SecurityProtocolType.Default, clientCertificates)
{
ClientCertSelectionDelegate = DefaultCertificateSelectionCallback,
ServerCertValidationDelegate = DefaultCertificateValidationCallback,
PrivateKeyCertSelectionDelegate = DefaultPrivateKeySelectionCallback
};
sslStream = sslStreamPriv;
IsSecure = true;
}
else
{
var sslStreamPriv = new SslStream(baseStream, true, DefaultValidateRemoteCertificateCallback);
sslStreamPriv.AuthenticateAsClient(Host, clientCertificates, System.Security.Authentication.SslProtocols.Default, false);
sslStream = sslStreamPriv;
IsSecure = true;
}
}
}
Socket = socket;
BaseStream = baseStream;
//Stream = new BufferedStream(sslStream ?? baseStream, 8192);
Stream = BaseStream;
Buffer = new NpgsqlBuffer(Stream, BufferSize, PGUtil.UTF8Encoding);
_log.DebugFormat("Connected to {0}:{1 }", Host, Port);
}
public virtual IAsyncResult BeginAuthenticateAsClient (string targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, bool checkCertificateRevocation, AsyncCallback asyncCallback, object asyncState)
{
if (IsAuthenticated)
throw new InvalidOperationException ("This SslStream is already authenticated");
SslClientStream s = new SslClientStream (InnerStream, targetHost, !LeaveInnerStreamOpen, GetMonoSslProtocol (enabledSslProtocols), clientCertificates);
s.CheckCertRevocationStatus = checkCertificateRevocation;
// Due to the Mono.Security internal, it cannot reuse
// the delegated argument, as Mono.Security creates
// another instance of X509Certificate which lacks
// private key but is filled the private key via this
// delegate.
s.PrivateKeyCertSelectionDelegate = delegate (X509Certificate cert, string host) {
string hash = cert.GetCertHashString ();
// ... so, we cannot use the delegate argument.
foreach (X509Certificate cc in clientCertificates) {
if (cc.GetCertHashString () != hash)
continue;
X509Certificate2 cert2 = cc as X509Certificate2;
cert2 = cert2 ?? new X509Certificate2 (cc);
return cert2.PrivateKey;
}
return null;
};
#if MONOTOUCH || MONODROID
// Even if validation_callback is null this allows us to verify requests where the user
// does not provide a verification callback but attempts to authenticate with the website
// as a client (see https://bugzilla.xamarin.com/show_bug.cgi?id=18962 for an example)
var helper = new ServicePointManager.ChainValidationHelper (this, targetHost);
helper.ServerCertificateValidationCallback = validation_callback;
s.ServerCertValidation2 += new CertificateValidationCallback2 (helper.ValidateChain);
#else
if (validation_callback != null) {
s.ServerCertValidationDelegate = delegate (X509Certificate cert, int [] certErrors) {
X509Chain chain = new X509Chain ();
X509Certificate2 x2 = (cert as X509Certificate2);
if (x2 == null)
x2 = new X509Certificate2 (cert);
if (!ServicePointManager.CheckCertificateRevocationList)
chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
// SSL specific checks (done by Mono.Security.dll SSL/TLS implementation)
SslPolicyErrors errors = SslPolicyErrors.None;
foreach (int i in certErrors) {
switch (i) {
case -2146762490: // CERT_E_PURPOSE
errors |= SslPolicyErrors.RemoteCertificateNotAvailable;
break;
case -2146762481: // CERT_E_CN_NO_MATCH
errors |= SslPolicyErrors.RemoteCertificateNameMismatch;
break;
default:
errors |= SslPolicyErrors.RemoteCertificateChainErrors;
break;
}
}
chain.Build (x2);
// non-SSL specific X509 checks (i.e. RFC3280 related checks)
foreach (X509ChainStatus status in chain.ChainStatus) {
if (status.Status == X509ChainStatusFlags.NoError)
continue;
if ((status.Status & X509ChainStatusFlags.PartialChain) != 0)
errors |= SslPolicyErrors.RemoteCertificateNotAvailable;
else
errors |= SslPolicyErrors.RemoteCertificateChainErrors;
}
return validation_callback (this, cert, chain, errors);
};
}
#endif
if (selection_callback != null)
s.ClientCertSelectionDelegate = OnCertificateSelection;
ssl_stream = s;
return BeginWrite (new byte [0], 0, 0, asyncCallback, asyncState);
}
public override void Open(NpgsqlConnector context, Int32 timeout)
{
try
{
NpgsqlEventLog.LogMethodEnter(LogLevel.Debug, CLASSNAME, "Open");
/*TcpClient tcpc = new TcpClient();
tcpc.Connect(new IPEndPoint(ResolveIPHost(context.Host), context.Port));
Stream stream = tcpc.GetStream();*/
/*socket.SetSocketOption (SocketOptionLevel.Socket, SocketOptionName.SendTimeout, context.ConnectionTimeout*1000);*/
//socket.Connect(new IPEndPoint(ResolveIPHost(context.Host), context.Port));
/*Socket socket = new Socket(AddressFamily.InterNetwork,SocketType.Stream,ProtocolType.Tcp);
IAsyncResult result = socket.BeginConnect(new IPEndPoint(ResolveIPHost(context.Host), context.Port), null, null);
if (!result.AsyncWaitHandle.WaitOne(context.ConnectionTimeout*1000, false))
{
socket.Close();
throw new Exception(resman.GetString("Exception_ConnectionTimeout"));
}
try
{
socket.EndConnect(result);
}
catch (Exception)
{
socket.Close();
throw;
}
*/
IAsyncResult result;
// Keep track of time remaining; Even though there may be multiple timeout-able calls,
// this allows us to still respect the caller's timeout expectation.
DateTime attemptStart;
attemptStart = DateTime.Now;
result = Dns.BeginGetHostAddresses(context.Host, null, null);
if (!result.AsyncWaitHandle.WaitOne(timeout, true))
{
// Timeout was used up attempting the Dns lookup
throw new TimeoutException(resman.GetString("Exception_DnsLookupTimeout"));
}
timeout -= Convert.ToInt32((DateTime.Now - attemptStart).TotalMilliseconds);
IPAddress[] ips = Dns.EndGetHostAddresses(result);
Socket socket = null;
Exception lastSocketException = null;
// try every ip address of the given hostname, use the first reachable one
// make sure not to exceed the caller's timeout expectation by splitting the
// time we have left between all the remaining ip's in the list.
for (int i = 0 ; i < ips.Length ; i++)
{
NpgsqlEventLog.LogMsg(resman, "Log_ConnectingTo", LogLevel.Debug, ips[i]);
IPEndPoint ep = new IPEndPoint(ips[i], context.Port);
socket = new Socket(ep.AddressFamily, SocketType.Stream, ProtocolType.Tcp);
attemptStart = DateTime.Now;
try
{
result = socket.BeginConnect(ep, null, null);
if (!result.AsyncWaitHandle.WaitOne(timeout / (ips.Length - i), true))
{
throw new TimeoutException(resman.GetString("Exception_ConnectionTimeout"));
}
socket.EndConnect(result);
// connect was successful, leave the loop
break;
}
catch (Exception e)
{
NpgsqlEventLog.LogMsg(resman, "Log_FailedConnection", LogLevel.Normal, ips[i]);
timeout -= Convert.ToInt32((DateTime.Now - attemptStart).TotalMilliseconds);
lastSocketException = e;
socket.Close();
socket = null;
}
}
if (socket == null)
{
throw lastSocketException;
}
//Stream stream = new NetworkStream(socket, true);
Stream stream = new NpgsqlNetworkStream(context, socket, true);
// If the PostgreSQL server has SSL connectors enabled Open SslClientStream if (response == 'S') {
if (context.SSL || (context.SslMode == SslMode.Require) || (context.SslMode == SslMode.Prefer))
{
PGUtil.WriteInt32(stream, 8);
PGUtil.WriteInt32(stream, 80877103);
// Receive response
Char response = (Char) stream.ReadByte();
if (response == 'S')
{
//create empty collection
X509CertificateCollection clientCertificates = new X509CertificateCollection();
//trigger the callback to fetch some certificates
context.DefaultProvideClientCertificatesCallback(clientCertificates);
if (context.UseMonoSsl)
{
stream = new SslClientStream(
stream,
context.Host,
true,
SecurityProtocolType.Default,
clientCertificates);
((SslClientStream)stream).ClientCertSelectionDelegate =
new CertificateSelectionCallback(context.DefaultCertificateSelectionCallback);
((SslClientStream)stream).ServerCertValidationDelegate =
new CertificateValidationCallback(context.DefaultCertificateValidationCallback);
((SslClientStream)stream).PrivateKeyCertSelectionDelegate =
new PrivateKeySelectionCallback(context.DefaultPrivateKeySelectionCallback);
}
else
{
SslStream sstream = new SslStream(stream, true, delegate(object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors errors)
{
return context.DefaultValidateRemoteCertificateCallback(cert, chain, errors);
});
sstream.AuthenticateAsClient(context.Host, clientCertificates, System.Security.Authentication.SslProtocols.Default, false);
stream = sstream;
}
}
else if (context.SslMode == SslMode.Require)
{
throw new InvalidOperationException(resman.GetString("Exception_Ssl_RequestError"));
}
}
context.Stream = new BufferedStream(stream);
context.Socket = socket;
NpgsqlEventLog.LogMsg(resman, "Log_ConnectedTo", LogLevel.Normal, context.Host, context.Port);
ChangeState(context, NpgsqlConnectedState.Instance);
}
catch (Exception e)
{
throw new NpgsqlException(string.Format(resman.GetString("Exception_FailedConnection"), context.Host), e);
}
}
public override void Open(NpgsqlConnector context)
{
NpgsqlEventLog.LogMethodEnter(LogLevel.Debug, CLASSNAME, "Open");
TcpClient tcpc = new TcpClient();
tcpc.Connect(new IPEndPoint(ResolveIPHost(context.Host), context.Port));
Stream stream = tcpc.GetStream();
// If the PostgreSQL server has SSL connectors enabled Open SslClientStream if (response == 'S') {
if (context.SSL)
{
PGUtil.WriteInt32(stream, 8);
PGUtil.WriteInt32(stream,80877103);
// Receive response
Char response = (Char)stream.ReadByte();
if (response == 'S')
{
stream = new SslClientStream(
tcpc.GetStream(),
context.Host,
true,
Mono.Security.Protocol.Tls.SecurityProtocolType.Default
);
((SslClientStream)stream).ClientCertSelectionDelegate = new CertificateSelectionCallback(context.DefaultCertificateSelectionCallback);
((SslClientStream)stream).ServerCertValidationDelegate = new CertificateValidationCallback(context.DefaultCertificateValidationCallback);
((SslClientStream)stream).PrivateKeyCertSelectionDelegate = new PrivateKeySelectionCallback(context.DefaultPrivateKeySelectionCallback);
}
}
context.Stream = stream;
NpgsqlEventLog.LogMsg(resman, "Log_ConnectedTo", LogLevel.Normal, context.Host, context.Port);
ChangeState(context, NpgsqlConnectedState.Instance);
}
public TlsClientSession (string host, X509Certificate2 clientCert)
{
stream = new MemoryStream ();
if (clientCert == null)
ssl = new SslClientStream (stream, host, true, SecurityProtocolType.Tls);
else {
ssl = new SslClientStream (stream, host, true, SecurityProtocolType.Tls, new X509CertificateCollection (new X509Certificate [] {clientCert}));
mutual = true;
ssl.ClientCertSelection += delegate (
X509CertificateCollection clientCertificates,
X509Certificate serverCertificate,
string targetHost,
X509CertificateCollection serverRequestedCertificates) {
return clientCertificates [0];
};
}
}
public override void Open(NpgsqlConnector context)
{
try
{
NpgsqlEventLog.LogMethodEnter(LogLevel.Debug, CLASSNAME, "Open");
/*TcpClient tcpc = new TcpClient();
tcpc.Connect(new IPEndPoint(ResolveIPHost(context.Host), context.Port));
Stream stream = tcpc.GetStream();*/
Socket socket = new Socket(AddressFamily.InterNetwork,SocketType.Stream,ProtocolType.Tcp);
/*socket.SetSocketOption (SocketOptionLevel.Socket, SocketOptionName.SendTimeout, context.ConnectionTimeout*1000);*/
//socket.Connect(new IPEndPoint(ResolveIPHost(context.Host), context.Port));
IAsyncResult result = socket.BeginConnect(new IPEndPoint(ResolveIPHost(context.Host), context.Port), null, null);
if (!result.AsyncWaitHandle.WaitOne(context.ConnectionTimeout*1000, true))
{
socket.Close();
throw new Exception(resman.GetString("Exception_ConnectionTimeout"));
}
try
{
socket.EndConnect(result);
}
catch (Exception ex)
{
socket.Close();
throw;
}
Stream stream = new NetworkStream(socket, true);
// If the PostgreSQL server has SSL connectors enabled Open SslClientStream if (response == 'S') {
if (context.SSL || (context.SslMode == SslMode.Require) || (context.SslMode == SslMode.Prefer))
{
PGUtil.WriteInt32(stream, 8);
PGUtil.WriteInt32(stream,80877103);
// Receive response
Char response = (Char)stream.ReadByte();
if (response == 'S')
{
stream = new SslClientStream(
stream,
context.Host,
true,
Mono.Security.Protocol.Tls.SecurityProtocolType.Default
);
((SslClientStream)stream).ClientCertSelectionDelegate = new CertificateSelectionCallback(context.DefaultCertificateSelectionCallback);
((SslClientStream)stream).ServerCertValidationDelegate = new CertificateValidationCallback(context.DefaultCertificateValidationCallback);
((SslClientStream)stream).PrivateKeyCertSelectionDelegate = new PrivateKeySelectionCallback(context.DefaultPrivateKeySelectionCallback);
}
else if (context.SslMode == SslMode.Require)
throw new InvalidOperationException(resman.GetString("Exception_Ssl_RequestError"));
}
context.Stream = new BufferedStream(stream);
context.Socket = socket;
NpgsqlEventLog.LogMsg(resman, "Log_ConnectedTo", LogLevel.Normal, context.Host, context.Port);
ChangeState(context, NpgsqlConnectedState.Instance);
}
catch (Exception e)
{
throw new NpgsqlException(e.Message, e);
}
}
public static void Main (string[] args)
{
if (args.Length == 0) {
Usage ("Missing arguments");
return;
}
ArrayList urls = new ArrayList ();
foreach (string arg in args) {
switch (arg) {
// protocol
case "--any":
protocol = Mono.Security.Protocol.Tls.SecurityProtocolType.Default;
break;
case "--ssl":
case "--ssl3":
protocol = Mono.Security.Protocol.Tls.SecurityProtocolType.Ssl3;
break;
case "--tls":
case "--tls1":
protocol = Mono.Security.Protocol.Tls.SecurityProtocolType.Tls;
break;
// options
case "--time":
time = true;
break;
case "--show":
show = true;
break;
case "--help":
Usage (null);
return;
// credentials, certificates, urls or bad options
default:
if (arg.StartsWith ("--read:")) {
string rval = arg.Substring (7);
if (rval == "loop")
readloop = true;
else
read = Int32.Parse (rval);
continue;
}
else if (arg.StartsWith ("--write:")) {
string wval = arg.Substring (8);
if (wval == "loop")
writeloop = true;
else
write = Int32.Parse (wval);
continue;
}
else if (arg.StartsWith ("--")) {
Usage ("Invalid option " + arg);
return;
}
urls.Add (arg);
break;
}
}
if (readloop && writeloop) {
Usage ("Can't loop on both read and write");
return;
}
int loop = 1;
if (readloop || writeloop) {
// this is it meant to be stopped manually
loop = Int32.MaxValue;
}
if (urls.Count == 0) {
Usage ("no URL were specified");
return;
}
for (int i = 0; i < loop; i++) {
if (readloop || writeloop)
Console.WriteLine ("*** LOOP {0} ***", i);
foreach (string url in urls) {
Console.WriteLine ("{0}{1}", Environment.NewLine, url);
string content = null;
DateTime start = DateTime.Now;
Uri uri = new Uri (url);
if (uri.Scheme != Uri.UriSchemeHttps)
throw new NotSupportedException ("Stream only works with HTTPS protocol");
ControlledNetworkStream ns = null;
try {
IPHostEntry host = Dns.Resolve (uri.Host);
IPAddress ip = host.AddressList [0];
Socket socket = new Socket (ip.AddressFamily, SocketType.Stream, ProtocolType.Tcp);
socket.Connect (new IPEndPoint (ip, uri.Port));
ns = new ControlledNetworkStream (socket, false);
ns.MaximumRead = (readloop) ? i : read;
ns.MaximumWrite = (writeloop) ? i : write;
SslClientStream ssl = new SslClientStream (ns, uri.Host, false, protocol);
ssl.ServerCertValidationDelegate += new CertificateValidationCallback (CertificateValidation);
StreamWriter sw = new StreamWriter (ssl);
sw.WriteLine ("GET {0}{1}", uri.AbsolutePath, Environment.NewLine);
sw.Flush ();
StreamReader sr = new StreamReader (ssl, Encoding.UTF8);
content = sr.ReadToEnd ();
}
catch (Exception e) {
// HResult is protected - but very useful in debugging
PropertyInfo pi = e.GetType ().GetProperty ("HResult", BindingFlags.NonPublic | BindingFlags.GetProperty | BindingFlags.Instance);
Console.WriteLine ("FAILED: #{0}", (int)pi.GetValue (e, null));
Console.WriteLine (e.ToString ());
if (ns != null) {
Console.WriteLine ("Bytes Read: {0}", ns.CurrentRead);
Console.WriteLine ("Max Read: {0}", ns.MaximumRead);
Console.WriteLine ("Bytes Write: {0}", ns.CurrentWrite);
Console.WriteLine ("Max Write: {0}", ns.MaximumWrite);
}
}
TimeSpan ts = (DateTime.Now - start);
if ((show) && (content != null)) {
Console.WriteLine ("{0}{1}{0}", Environment.NewLine, content);
}
if (time) {
Console.WriteLine ("Time: " + ts.ToString ());
}
}
}
}
public TlsClientSession (string host, X509Certificate2 clientCert, X509ServiceCertificateAuthentication auth)
{
stream = new MemoryStream ();
if (clientCert == null)
ssl = new SslClientStream (stream, host, true, SecurityProtocolType.Tls);
else {
ssl = new SslClientStream (stream, host, true, SecurityProtocolType.Tls, new X509CertificateCollection (new X509Certificate [] {clientCert}));
mutual = true;
ssl.ClientCertSelection += delegate (
X509CertificateCollection clientCertificates,
X509Certificate serverCertificate,
string targetHost,
X509CertificateCollection serverRequestedCertificates) {
return clientCertificates [0];
};
}
X509CertificateValidator v = null;
switch (auth.CertificateValidationMode) {
case X509CertificateValidationMode.None:
v = X509CertificateValidator.None;
break;
case X509CertificateValidationMode.PeerTrust:
v = X509CertificateValidator.PeerTrust;
break;
case X509CertificateValidationMode.ChainTrust:
v = X509CertificateValidator.ChainTrust;
break;
case X509CertificateValidationMode.PeerOrChainTrust:
v = X509CertificateValidator.PeerOrChainTrust;
break;
case X509CertificateValidationMode.Custom:
v = auth.CustomCertificateValidator;
break;
}
ssl.ServerCertValidationDelegate = delegate (X509Certificate certificate, int [] certificateErrors) {
v.Validate (new X509Certificate2 (certificate)); // will throw SecurityTokenvalidationException if invalid.
return true;
};
}
public virtual IAsyncResult BeginAuthenticateAsClient (string targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, bool checkCertificateRevocation, AsyncCallback asyncCallback, object asyncState)
{
if (IsAuthenticated)
throw new InvalidOperationException ("This SslStream is already authenticated");
SslClientStream s = new SslClientStream (InnerStream, targetHost, !LeaveInnerStreamOpen, GetMonoSslProtocol (enabledSslProtocols), clientCertificates);
s.CheckCertRevocationStatus = checkCertificateRevocation;
// Due to the Mono.Security internal, it cannot reuse
// the delegated argument, as Mono.Security creates
// another instance of X509Certificate which lacks
// private key but is filled the private key via this
// delegate.
s.PrivateKeyCertSelectionDelegate = delegate (X509Certificate cert, string host) {
string hash = cert.GetCertHashString ();
// ... so, we cannot use the delegate argument.
foreach (X509Certificate cc in clientCertificates) {
if (cc.GetCertHashString () != hash)
continue;
X509Certificate2 cert2 = cc as X509Certificate2;
cert2 = cert2 ?? new X509Certificate2 (cc);
return cert2.PrivateKey;
}
return null;
};
// Even if validation_callback is null this allows us to verify requests where the user
// does not provide a verification callback but attempts to authenticate with the website
// as a client (see https://bugzilla.xamarin.com/show_bug.cgi?id=18962 for an example)
s.ServerCertValidation2 += (mcerts) => {
X509CertificateCollection certs = null;
if (mcerts != null) {
certs = new X509CertificateCollection ();
for (int i = 0; i < mcerts.Count; i++)
certs.Add (new X509Certificate2 (mcerts [i].RawData));
}
return ((ChainValidationHelper)certificateValidator).ValidateChain (targetHost, certs);
};
s.ClientCertSelectionDelegate = OnCertificateSelection;
ssl_stream = s;
return BeginWrite (new byte [0], 0, 0, asyncCallback, asyncState);
}
static X509CertificateCollection GetCertificatesFromSslSession (string url)
{
Uri uri = new Uri (url);
IPHostEntry host = Dns.Resolve (uri.Host);
IPAddress ip = host.AddressList [0];
Socket socket = new Socket (ip.AddressFamily, SocketType.Stream, ProtocolType.Tcp);
socket.Connect (new IPEndPoint (ip, uri.Port));
NetworkStream ns = new NetworkStream (socket, false);
SslClientStream ssl = new SslClientStream (ns, uri.Host, false, Mono.Security.Protocol.Tls.SecurityProtocolType.Default, null);
ssl.ServerCertValidationDelegate += new CertificateValidationCallback (CertificateValidation);
try {
// we don't really want to write to the server (as we don't know
// the protocol it using) but we must send something to be sure the
// SSL handshake is done (so we receive the X.509 certificates).
StreamWriter sw = new StreamWriter (ssl);
sw.WriteLine (Environment.NewLine);
sw.Flush ();
socket.Poll (30000, SelectMode.SelectRead);
}
finally {
socket.Close ();
}
// we need a little reflection magic to get this information
PropertyInfo pi = typeof (SslStreamBase).GetProperty ("ServerCertificates", BindingFlags.Instance | BindingFlags.NonPublic);
if (pi == null) {
Console.WriteLine ("Sorry but you need a newer version of Mono.Security.dll to use this feature.");
return null;
}
return (X509CertificateCollection) pi.GetValue (ssl, null);
}
public override void Open(NpgsqlConnector context)
{
try
{
NpgsqlEventLog.LogMethodEnter(LogLevel.Debug, CLASSNAME, "Open");
/*TcpClient tcpc = new TcpClient();
tcpc.Connect(new IPEndPoint(ResolveIPHost(context.Host), context.Port));
Stream stream = tcpc.GetStream();*/
/*socket.SetSocketOption (SocketOptionLevel.Socket, SocketOptionName.SendTimeout, context.ConnectionTimeout*1000);*/
//socket.Connect(new IPEndPoint(ResolveIPHost(context.Host), context.Port));
/*Socket socket = new Socket(AddressFamily.InterNetwork,SocketType.Stream,ProtocolType.Tcp);
IAsyncResult result = socket.BeginConnect(new IPEndPoint(ResolveIPHost(context.Host), context.Port), null, null);
if (!result.AsyncWaitHandle.WaitOne(context.ConnectionTimeout*1000, true))
{
socket.Close();
throw new Exception(resman.GetString("Exception_ConnectionTimeout"));
}
try
{
socket.EndConnect(result);
}
catch (Exception)
{
socket.Close();
throw;
}
*/
IPAddress[] ips = ResolveIPHost(context.Host);
Socket socket = null;
// try every ip address of the given hostname, use the first reachable one
foreach (IPAddress ip in ips)
{
NpgsqlEventLog.LogMsg(resman, "Log_ConnectingTo", LogLevel.Debug, ip);
IPEndPoint ep = new IPEndPoint(ip, context.Port);
socket = new Socket(ep.AddressFamily, SocketType.Stream, ProtocolType.Tcp);
try
{
IAsyncResult result = socket.BeginConnect(ep, null, null);
if (!result.AsyncWaitHandle.WaitOne(context.ConnectionTimeout*1000, true))
{
socket.Close();
throw new Exception(resman.GetString("Exception_ConnectionTimeout"));
}
socket.EndConnect(result);
// connect was successful, leave the loop
break;
}
catch (Exception)
{
NpgsqlEventLog.LogMsg(resman, "Log_FailedConnection", LogLevel.Normal, ip);
socket.Close();
}
}
if (socket == null || !socket.Connected)
{
throw new Exception(string.Format(resman.GetString("Exception_FailedConnection"), context.Host));
}
//Stream stream = new NetworkStream(socket, true);
Stream stream = new NpgsqlNetworkStream(context, socket, true);
// If the PostgreSQL server has SSL connectors enabled Open SslClientStream if (response == 'S') {
if (context.SSL || (context.SslMode == SslMode.Require) || (context.SslMode == SslMode.Prefer))
{
PGUtil.WriteInt32(stream, 8);
PGUtil.WriteInt32(stream, 80877103);
// Receive response
Char response = (Char) stream.ReadByte();
if (response == 'S')
{
//create empty collection
X509CertificateCollection clientCertificates = new X509CertificateCollection();
//trigger the callback to fetch some certificates
context.DefaultProvideClientCertificatesCallback(clientCertificates);
stream = new SslClientStream(
stream,
context.Host,
true,
SecurityProtocolType.Default,
clientCertificates);
((SslClientStream) stream).ClientCertSelectionDelegate =
new CertificateSelectionCallback(context.DefaultCertificateSelectionCallback);
((SslClientStream) stream).ServerCertValidationDelegate =
new CertificateValidationCallback(context.DefaultCertificateValidationCallback);
((SslClientStream) stream).PrivateKeyCertSelectionDelegate =
new PrivateKeySelectionCallback(context.DefaultPrivateKeySelectionCallback);
}
else if (context.SslMode == SslMode.Require)
{
throw new InvalidOperationException(resman.GetString("Exception_Ssl_RequestError"));
}
}
context.Stream = new BufferedStream(stream);
context.Socket = socket;
NpgsqlEventLog.LogMsg(resman, "Log_ConnectedTo", LogLevel.Normal, context.Host, context.Port);
ChangeState(context, NpgsqlConnectedState.Instance);
}
//FIXME: Exceptions that come from what we are handling should be wrapped - e.g. an error connecting to
//the server should definitely be presented to the uesr as an NpgsqlError. Exceptions from userland should
//be passed untouched - e.g. ThreadAbortException because the user started this in a thread they created and
//then aborted should be passed through.
//Are there any others that should be pass through? Alternatively, are there a finite number that should
//be wrapped?
catch (ThreadAbortException)
{
throw;
}
catch (Exception e)
{
throw new NpgsqlException(e.Message, e);
}
}
protected override void OnStart()
{
Socket socket = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);
socket.Connect(_server);
this.InitializeNetworkStream(socket);
if (this.UseTls)
{
SslClientStream secureStream = new SslClientStream(base.NetworkStream, "localhost", true, Mono.Security.Protocol.Tls.SecurityProtocolType.Tls);
secureStream.ServerCertValidationDelegate = new CertificateValidationCallback(CertValidationCallback);
base.SecureStream = secureStream;
}
SendMoreData();
byte[] readBuffer = new byte[ReadBufferSize];
this.BeginRead(readBuffer, 0, readBuffer.Length, new AsyncCallback(BeginReadCallback), readBuffer);
}
