public static DuplexStream CreateStream()
{
var options = new SecurityOptions(SecureProtocol.Tls1, null, new[] { Protocols.Http1 }, ConnectionEnd.Client);
var socket = new SecureSocket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp, options);
return new Mock<DuplexStream>(socket, false).Object;
}
public void Start()
{
// create a new ManualResetEvent. This will be used to make the main application
// thread wait until the full server reply has been received.
m_ResetEvent = new ManualResetEvent(false);
// initialize the security options
SecurityOptions options = new SecurityOptions(
SecureProtocol.Ssl3 | SecureProtocol.Tls1, // use SSL3 or TLS1
null, // do not use client authentication
ConnectionEnd.Client, // this is the client side
CredentialVerification.None, // do not check the certificate -- this should not be used in a real-life application :-)
null, // not used with automatic certificate verification
"www.microsoft.com", // this is the common name of the Microsoft web server
SecurityFlags.Default, // use the default security flags
SslAlgorithms.SECURE_CIPHERS, // only use secure ciphers
null); // do not process certificate requests.
try {
// create the securesocket with the specified security options
m_Socket = new SecureSocket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp, options);
// resolve www.microsoft.com
IPEndPoint endpoint = new IPEndPoint(Dns.GetHostEntry("www.microsoft.com").AddressList[0], 443);
// start connecting to www.microsoft.com
m_Socket.BeginConnect(endpoint, new AsyncCallback(this.OnConnect), null);
// wait until the entire web page has been received
m_ResetEvent.WaitOne();
// close the SecureSocket
m_Socket.Close();
} catch {
OnError("Could not connect to the website");
}
}
/// <summary>
/// Changes the security protocol. This method can only be used to 'upgrade' a connection from no-security to either SSL or TLS.
/// </summary>
/// <param name="options">The new <see cref="SecurityOptions"/> parameters.</param>
/// <exception cref="SecurityException">An error occurs while changing the security protocol.</exception>
/// <remarks>
/// Programs should only call this method if there is no active <see cref="Connect"/>, <see cref="Accept"/>, <see cref="Send"/> or <see cref="Receive"/>!
/// </remarks>
public void ChangeSecurityProtocol(SecurityOptions options) {
if (options == null)
throw new ArgumentNullException();
if (m_Options != null && m_Options.Protocol != SecureProtocol.None)
throw new ArgumentException("Only changing from a normal connection to a secure connection is supported.");
if (base.ProtocolType != ProtocolType.Tcp && options.Protocol != SecureProtocol.None)
throw new SecurityException("Security protocols require underlying TCP connections!");
// check SecurityOptions structure
if (options.Protocol != SecureProtocol.None) {
if (options.Entity == ConnectionEnd.Server && options.Certificate == null)
throw new ArgumentException("The certificate cannot be set to a null reference when creating a server socket.");
if (options.Certificate != null && !options.Certificate.HasPrivateKey())
throw new ArgumentException("If a certificate is specified, it must have a private key.");
if (((int)options.AllowedAlgorithms & (int)SslAlgorithms.NULL_COMPRESSION) == 0)
throw new ArgumentException("The allowed algorithms field must contain at least one compression algorithm.");
if (((int)options.AllowedAlgorithms ^ (int)SslAlgorithms.NULL_COMPRESSION) == 0)
throw new ArgumentException("The allowed algorithms field must contain at least one cipher suite.");
if (options.VerificationType == CredentialVerification.Manual && options.Verifier == null)
throw new ArgumentException("A CertVerifyEventHandler is required when using manual certificate verification.");
}
m_Options = (SecurityOptions)options.Clone();
if (options.Protocol != SecureProtocol.None) {
if (this.Connected)
m_Controller = new SocketController(this, base.InternalSocket, options);
}
}
public SecureTcpClient(string hostname, int port, SecurityOptions options) : this(options) {
if (hostname == null)
{
throw new ArgumentNullException();
}
Connect(hostname, port);
}
public void Connect(string hostname, int port, bool ssl)
{
try {
Host = hostname;
Port = port;
Ssl = ssl;
var protocol = ssl ? SecureProtocol.Tls1 | SecureProtocol.Ssl3 : SecureProtocol.None;
SecurityOptions options = new SecurityOptions(protocol);
options.Certificate = null;
options.Entity = ConnectionEnd.Client;
options.CommonName = hostname;
options.VerificationType = CredentialVerification.Auto;
options.Flags = SecurityFlags.Default;
options.AllowedAlgorithms = SslAlgorithms.SECURE_CIPHERS;
//_Connection = new TcpClient(hostname, port);
_Connection = new SecureTcpClient(hostname, port, options);
_Stream = _Connection.GetStream();
_Reader = new StreamReader(_Stream, System.Text.Encoding.Default);
string info = _Reader.ReadLine();
OnConnected(info);
IsConnected = true;
Host = hostname;
} catch (Exception) {
IsConnected = false;
throw;
}
}
public HttpSocketServer(Func<IDictionary<string, object>, Task> next, IDictionary<string, object> properties)
{
_next = next;
var addresses = (IList<IDictionary<string, object>>)properties["host.Addresses"];
var address = addresses.First();
_port = Int32.Parse(address.Get<string>("port"));
_scheme = address.Get<string>("scheme");
_cancelAccept = new CancellationTokenSource();
_useHandshake = (bool)properties["use-handshake"];
_usePriorities = (bool)properties["use-priorities"];
_useFlowControl = (bool)properties["use-flowControl"];
var extensions = new[] { ExtensionType.Renegotiation, ExtensionType.ALPN };
// protocols should be in order of their priority
_options = _scheme == Uri.UriSchemeHttps ? new SecurityOptions(SecureProtocol.Tls1, extensions, new[] { Protocols.Http2, Protocols.Http204, Protocols.Http1 }, ConnectionEnd.Server)
: new SecurityOptions(SecureProtocol.None, extensions, new[] { Protocols.Http2, Protocols.Http1 }, ConnectionEnd.Server);
_options.VerificationType = CredentialVerification.None;
_options.Certificate = Certificate.CreateFromCerFile(AssemblyName + CertificateFilename);
_options.Flags = SecurityFlags.Default;
_options.AllowedAlgorithms = SslAlgorithms.RSA_AES_256_SHA | SslAlgorithms.NULL_COMPRESSION;
_server = new SecureTcpListener(_port, _options);
ThreadPool.SetMaxThreads(30, 10);
_listenThread = new Thread(Listen);
_listenThread.Start();
}
/// <summary>
/// Initializes a new instance of the SecureTcpListener class with the specified local endpoint.
/// </summary>
/// <param name="localEP">The local endpoint to which to bind the listener Socket.</param>
/// <param name="options">The security options to use.</param>
/// <exception cref="ArgumentNullException"><paramref name="localEP"/> is a null reference (<b>Nothing</b> in Visual Basic).</exception>
/// <remarks><paramref name="localEP"/> specifies the local <see cref="IPEndPoint"/>. This constructor creates an underlying SecureSocket, and binds that SecureSocket to <paramref name="localEP"/>. If you call the Start method, TcpListener will listen for connections on <paramref name="localEP"/>.</remarks>
public SecureTcpListener(IPEndPoint localEP, SecurityOptions options)
{
if (localEP == null)
{
throw new ArgumentNullException();
}
m_LocalEndpoint = localEP;
m_SecurityOptions = options;
}
/// <summary>
/// Initializes a new instance of the SecureTcpListener class with the specified listener SecureSocket.
/// </summary>
/// <param name="listener">The listener <see cref="SecureSocket"/>.</param>
/// <param name="options">The security options to use.</param>
/// <exception cref="ArgumentNullException"><paramref name="listener"/> is a null reference (<b>Nothing</b> in Visual Basic).</exception>
/// <exception cref="SocketException">An error occurs while reading the LocalEndPoint property.</exception>
/// <exception cref="ObjectDisposedException">The SecureSocket has been closed.</exception>
protected SecureTcpListener(SecureSocket listener, SecurityOptions options)
{
if (listener == null)
{
throw new ArgumentNullException();
}
m_Server = listener;
m_LocalEndpoint = listener.LocalEndPoint;
m_SecurityOptions = options;
}
public void AddHttpsBinding( IPAddress address,
int port,
SecureProtocol protocol,
Certificate cert )
{
SecurityOptions ops = new SecurityOptions( protocol, cert, ConnectionEnd.Server );
AdkSocketBinding listener = this.CreateHttpsListener( ops );
listener.HostAddress = address;
listener.Port = port;
this.AddListener(listener);
}
internal HttpConnectingClient(SecureTcpListener server, SecurityOptions options, AppFunc next,
bool useHandshake, bool usePriorities, bool useFlowControl)
{
_isDisposed = false;
_usePriorities = usePriorities;
_useHandshake = useHandshake;
_useFlowControl = useFlowControl;
_server = server;
_next = next;
_options = options;
_cancelClientHandling = new CancellationTokenSource();
}
internal HttpConnectingClient(SecureTcpListener server, SecurityOptions options,
AppFunc next, bool useHandshake, bool usePriorities,
bool useFlowControl, List<string> listOfRootFiles)
{
_listOfRootFiles = listOfRootFiles;
_usePriorities = usePriorities;
_useHandshake = useHandshake;
_useFlowControl = useFlowControl;
_server = server;
_next = next;
_options = options;
_fileHelper = new FileHelper(ConnectionEnd.Server);
}
/// <summary>
/// Initializes new instance of Http2 server.
/// </summary>
/// <param name="port">Port to listen.</param>
public Http2Server(int port)
{
this.Port = port;
ExtensionType[] extensions = new ExtensionType[] { ExtensionType.Renegotiation, ExtensionType.ALPN };
SecurityOptions options = new SecurityOptions(SecureProtocol.Tls1, extensions, ConnectionEnd.Server);
options.VerificationType = CredentialVerification.None;
options.Certificate = Org.Mentalis.Security.Certificates.Certificate.CreateFromCerFile(@"certificate.pfx");
options.Flags = SecurityFlags.Default;
options.AllowedAlgorithms = SslAlgorithms.RSA_AES_128_SHA | SslAlgorithms.NULL_COMPRESSION;
_server = new SecureTcpListener(Port, options);
}
public SecureHandshaker(SecureSocket socket, SecurityOptions options)
{
InternalSocket = socket;
InternalSocket.OnHandshakeFinish += HandshakeFinishedHandler;
Options = options;
_handshakeFinishedEventRaised = new ManualResetEvent(false);
if (Options.Protocol == SecureProtocol.None)
{
HandshakeFinishedHandler(this, null);
}
}
public Stream Connect(IBrokerInfo broker)
{
MCertificate cert = GetClientCert(broker);
SecurityOptions options = new SecurityOptions(
SecureProtocol.Tls1, cert, ConnectionEnd.Client
);
if ( broker.SslOptions != null
&& broker.SslOptions.IgnoreValidationErrors )
{
_logger.Warn("Ignoring any certificate validation errors during SSL handshake...");
options.VerificationType = CredentialVerification.None;
}
_tcpClient = new MyTcpClient(broker.Host, broker.Port, options);
return _tcpClient.GetStream();
}
public CompatibilityLayer(SocketController controller, SecurityOptions options)
{
m_Buffer = new byte[0];
m_MinVersion = GetMinProtocol(options.Protocol);
m_MaxVersion = GetMaxProtocol(options.Protocol);
this.handshakeMonitor = new SslTlsHandshakeMonitor();
HandshakeLayer layer = null;
if (m_MinVersion.GetVersionInt() == 30)
{ // SSL 3.0
if (options.Entity == ConnectionEnd.Client)
{
layer = new Ssl3ClientHandshakeLayer(null, options);
m_MinLayer = new RecordLayer(controller, layer as ClientHandshakeLayer);
this.handshakeMonitor.Attach(controller.Parent, layer as ClientHandshakeLayer);
}
else
{
layer = new Ssl3ServerHandshakeLayer(null, options);
m_MinLayer = new RecordLayer(controller, layer as ServerHandshakeLayer);
this.handshakeMonitor.Attach(controller.Parent, layer as ServerHandshakeLayer);
}
}
else
{ // TLS 1.0
if (options.Entity == ConnectionEnd.Client)
{
layer = new Tls1ClientHandshakeLayer(null, options);
m_MinLayer = new RecordLayer(controller, layer as ClientHandshakeLayer);
this.handshakeMonitor.Attach(controller.Parent, layer as ClientHandshakeLayer);
}
else
{
layer = new Tls1ServerHandshakeLayer(null, options);
m_MinLayer = new RecordLayer(controller, layer as ServerHandshakeLayer);
this.handshakeMonitor.Attach(controller.Parent, layer as ServerHandshakeLayer);
}
}
m_MinLayer.HandshakeLayer.RecordLayer = m_MinLayer;
m_Options = options;
}
/// <summary>
/// Changes the security protocol. This method can only be used to 'upgrade' a connection from no-security to either SSL or TLS.
/// </summary>
/// <param name="options">The new <see cref="SecurityOptions"/> parameters.</param>
/// <exception cref="SecurityException">An error occurs while changing the security protocol.</exception>
/// <remarks>
/// Programs should only call this method if there is no active <see cref="Connect"/>, <see cref="Accept"/>, <see cref="Send"/> or <see cref="Receive"/>!
/// </remarks>
public void ChangeSecurityProtocol(SecurityOptions options)
{
if (options == null)
{
throw new ArgumentNullException();
}
if (m_Options != null && m_Options.Protocol != SecureProtocol.None)
{
throw new ArgumentException("Only changing from a normal connection to a secure connection is supported.");
}
if (base.ProtocolType != ProtocolType.Tcp && options.Protocol != SecureProtocol.None)
{
throw new SecurityException("Security protocols require underlying TCP connections!");
}
// check SecurityOptions structure
if (options.Protocol != SecureProtocol.None)
{
if (options.Entity == ConnectionEnd.Server && options.Certificate == null)
{
throw new ArgumentException("The certificate cannot be set to a null reference when creating a server socket.");
}
if (options.Certificate != null && !options.Certificate.HasPrivateKey())
{
throw new ArgumentException("If a certificate is specified, it must have a private key.");
}
if (((int)options.AllowedAlgorithms & (int)SslAlgorithms.NULL_COMPRESSION) == 0)
{
throw new ArgumentException("The allowed algorithms field must contain at least one compression algorithm.");
}
if (((int)options.AllowedAlgorithms ^ (int)SslAlgorithms.NULL_COMPRESSION) == 0)
{
throw new ArgumentException("The allowed algorithms field must contain at least one cipher suite.");
}
if (options.VerificationType == CredentialVerification.Manual && options.Verifier == null)
{
throw new ArgumentException("A CertVerifyEventHandler is required when using manual certificate verification.");
}
}
m_Options = (SecurityOptions)options.Clone();
if (options.Protocol != SecureProtocol.None)
{
if (this.Connected)
{
m_Controller = new SocketController(this, base.InternalSocket, options);
}
}
}
public CompatibilityLayer(SocketController controller, SecurityOptions options) {
m_Buffer = new byte[0];
m_MinVersion = GetMinProtocol(options.Protocol);
m_MaxVersion = GetMaxProtocol(options.Protocol);
if (m_MinVersion.GetVersionInt() == 30) { // SSL 3.0
if (options.Entity == ConnectionEnd.Client)
m_MinLayer = new RecordLayer(controller, new Ssl3ClientHandshakeLayer(null, options));
else
m_MinLayer = new RecordLayer(controller, new Ssl3ServerHandshakeLayer(null, options));
} else { // TLS 1.0
if (options.Entity == ConnectionEnd.Client)
m_MinLayer = new RecordLayer(controller, new Tls1ClientHandshakeLayer(null, options));
else
m_MinLayer = new RecordLayer(controller, new Tls1ServerHandshakeLayer(null, options));
}
m_MinLayer.HandshakeLayer.RecordLayer = m_MinLayer;
m_Options = options;
}
public HandshakeLayer(RecordLayer recordLayer, SecurityOptions options) {
m_Disposed = false;
m_Options = options;
m_IsNegotiating = true;
m_RNG = new RNGCryptoServiceProvider();
m_RecordLayer = recordLayer;
m_State = HandshakeType.Nothing;
m_IncompleteMessage = new byte[0];
m_LocalMD5Hash = new MD5CryptoServiceProvider();
m_LocalSHA1Hash = new SHA1CryptoServiceProvider();
m_RemoteMD5Hash = new MD5CryptoServiceProvider();
m_RemoteSHA1Hash = new SHA1CryptoServiceProvider();
m_CertSignHash = new MD5SHA1CryptoServiceProvider();
m_CertSignHash.Protocol = this.GetProtocol();
if (options.Entity == ConnectionEnd.Server && ((int)options.Flags & (int)SecurityFlags.MutualAuthentication) != 0)
m_MutualAuthentication = true;
else
m_MutualAuthentication = false;
}
/// <summary>
/// Opens the stream
/// </summary>
public override void Open()
{
SecurityOptions opts = null;
if(secured)
{
opts = new SecurityOptions(SecureProtocol.Tls1);
opts.Protocol = SecureProtocol.Tls1;
opts.Certificate = null;
opts.AllowedAlgorithms = SslAlgorithms.SECURE_CIPHERS;
opts.VerificationType = CredentialVerification.Manual;
opts.Verifier = new CertVerifyEventHandler(stream_OnCertVerify);
opts.Flags = SecurityFlags.Default;
}
else
{
opts = new SecurityOptions(SecureProtocol.None);
}
SecureTcpClient cli = new SecureTcpClient(hostname, port, opts);
stream = cli.GetStream();
}
/// <summary>
/// Initializes a new instance of the SecureSocket class.
/// </summary>
/// <param name="accepted">The accepted <see cref="Socket"/> instance.</param>
/// <param name="options">The <see cref="SecurityOptions"/> to use.</param>
/// <exception cref="SecurityException">An error occurs while changing the security protocol.</exception>
internal SecureSocket(Socket accepted, SecurityOptions options) : base(accepted) {
m_SentShutdownNotification = false;
ChangeSecurityProtocol(options);
}
/// <summary>
/// Initializes a new instance of the SecureSocket class.
/// </summary>
/// <param name="addressFamily">One of the <see cref="AddressFamily"/> values.</param>
/// <param name="socketType">One of the <see cref="SocketType"/> values.</param>
/// <param name="protocolType">One of the <see cref="ProtocolType"/> values.</param>
/// <param name="options">The <see cref="SecurityOptions"/> to use.</param>
/// <exception cref="SecurityException">An error occurs while changing the security protocol.</exception>
public SecureSocket(AddressFamily addressFamily, SocketType socketType, ProtocolType protocolType, SecurityOptions options) : base(addressFamily, socketType, protocolType) {
m_SentShutdownNotification = false;
ChangeSecurityProtocol(options);
}
/// <summary>
/// Initializes a new instance of the SecureSocket class.
/// </summary>
/// <param name="addressFamily">One of the <see cref="AddressFamily"/> values.</param>
/// <param name="socketType">One of the <see cref="SocketType"/> values.</param>
/// <param name="protocolType">One of the <see cref="ProtocolType"/> values.</param>
/// <param name="options">The <see cref="SecurityOptions"/> to use.</param>
/// <exception cref="SecurityException">An error occurs while changing the security protocol.</exception>
public SecureSocket(AddressFamily addressFamily, SocketType socketType,
ProtocolType protocolType, SecurityOptions options)
: base(addressFamily, socketType, protocolType)
{
SelectedProtocol = String.Empty;
m_SentShutdownNotification = false;
ChangeSecurityProtocol(options);
this.m_Controller = new SocketController(this, base.InternalSocket, m_Options);
}
/// <summary>
/// Initializes a new instance of <see cref="SecureTcpClient"/> bound to the specified local endpoint.
/// </summary>
/// <param name="localEP">The IPEndPoint to which you bind the TCP Socket.</param>
/// <param name="options">The security options to use.</param>
/// <exception cref="ArgumentNullException"><paramref name="localEP"/> is null (<b>Nothing</b> in Visual Basic).</exception>
/// <exception cref="SocketException">An operating system error occurs while accessing the Socket.</exception>
public SecureTcpClient(IPEndPoint localEP, SecurityOptions options)
: this(options)
{
m_Client.Bind(localEP);
}
/// <summary>
/// Initializes a new instance of the <see cref="SecureTcpClient"/> class.
/// </summary>
/// <param name="options">The security options to use.</param>
public SecureTcpClient(SecurityOptions options)
{
m_Client = new SecureSocket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp, options);
}
private void DownloadFile(Url url, int choice)
{
SecurityOptions options = new SecurityOptions(SecureProtocol.None);;
m_Socket = new SecureSocket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp, options);
// connect to the FTP server using a normal TCP connection
m_Socket.Connect(new IPEndPoint(Dns.GetHostEntry(url.Host).AddressList[0], url.Port));
// wait for the server hello
ReceiveReply();
// if the user selected to use the AUTH command..
if (choice == 2) {
// ..send the command to the server and start the SSL handshake
DoAuthCommand(url.Host);
}
// log on and quit
if (!SendCommand("USER " + url.Username))
return;
if (!SendCommand("PASS " + url.Password))
return;
if (!SendCommand("QUIT"))
return;
// clean up
m_Socket.Shutdown(SocketShutdown.Both);
m_Socket.Close();
}
/// <summary>
/// Initializes a new instance of the SecureTcpListener class with the specified listener SecureSocket.
/// </summary>
/// <param name="listener">The listener <see cref="SecureSocket"/>.</param>
/// <param name="options">The security options to use.</param>
/// <exception cref="ArgumentNullException"><paramref name="listener"/> is a null reference (<b>Nothing</b> in Visual Basic).</exception>
/// <exception cref="SocketException">An error occurs while reading the LocalEndPoint property.</exception>
/// <exception cref="ObjectDisposedException">The SecureSocket has been closed.</exception>
protected SecureTcpListener(SecureSocket listener, SecurityOptions options)
{
if (listener == null)
throw new ArgumentNullException();
m_Server = listener;
m_LocalEndpoint = listener.LocalEndPoint;
m_SecurityOptions = options;
}
/// <summary>
/// Initializes a new instance of the SecureTcpListener class that listens on the specified port.
/// </summary>
/// <param name="port">The port on which to listen. If this number is 0, the system will assign an open port.</param>
/// <param name="options">The security options to use.</param>
/// <exception cref="ArgumentOutOfRangeException">The port parameter is not between MinPort and MaxPort.</exception>
/// <remarks><paramref name="port"/> specifies the local port number on which you intend to listen. When you call Start, SecureTcpListener uses the default network interface to listen for connections on the specified port.</remarks>
public SecureTcpListener(int port, SecurityOptions options) : this(IPAddress.Any, port, options)
{
}
public Ssl3ServerHandshakeLayer(RecordLayer recordLayer, SecurityOptions options)
: base(recordLayer, options)
{
}
public ClientHandshakeLayer(RecordLayer recordLayer, SecurityOptions options)
: base(recordLayer, options)
{
this.clientHelloExts = options.ExtensionList;
}
private void DoAuthCommand(string cn)
{
// send the AUTH command
if (!SendCommand("AUTH TLS")) {
Console.WriteLine("The server does not support SSL/TLS authentication -- exiting.");
return;
}
// if the server accepted our command, start the SSL/TLs connection
SecurityOptions options = new SecurityOptions(SecureProtocol.Ssl3 | SecureProtocol.Tls1);
options.AllowedAlgorithms = SslAlgorithms.SECURE_CIPHERS;
options.CommonName = cn;
options.VerificationType = CredentialVerification.Manual;
options.Verifier = new CertVerifyEventHandler(this.OnVerify);
m_Socket.ChangeSecurityProtocol(options);
}
/// <summary>
/// Initializes a new instance of the SecureTcpListener class that listens on the specified port.
/// </summary>
/// <param name="port">The port on which to listen. If this number is 0, the system will assign an open port.</param>
/// <param name="options">The security options to use.</param>
/// <exception cref="ArgumentOutOfRangeException">The port parameter is not between MinPort and MaxPort.</exception>
/// <remarks><paramref name="port"/> specifies the local port number on which you intend to listen. When you call Start, SecureTcpListener uses the default network interface to listen for connections on the specified port.</remarks>
public SecureTcpListener(int port, SecurityOptions options)
: this(IPAddress.Any, port, options)
{
}
/// <summary>
/// Initializes a new instance of <see cref="SecureTcpClient"/> bound to the specified local endpoint.
/// </summary>
/// <param name="localEP">The IPEndPoint to which you bind the TCP Socket.</param>
/// <param name="options">The security options to use.</param>
/// <exception cref="ArgumentNullException"><paramref name="localEP"/> is null (<b>Nothing</b> in Visual Basic).</exception>
/// <exception cref="SocketException">An operating system error occurs while accessing the Socket.</exception>
public SecureTcpClient(IPEndPoint localEP, SecurityOptions options) : this(options) {
m_Client.Bind(localEP);
}
/// <summary>
/// Initializes a new instance of the SecureSocket class.
/// </summary>
/// <param name="addressFamily">One of the <see cref="AddressFamily"/> values.</param>
/// <param name="socketType">One of the <see cref="SocketType"/> values.</param>
/// <param name="protocolType">One of the <see cref="ProtocolType"/> values.</param>
/// <param name="options">The <see cref="SecurityOptions"/> to use.</param>
/// <exception cref="SecurityException">An error occurs while changing the security protocol.</exception>
public SecureSocket(AddressFamily addressFamily, SocketType socketType, ProtocolType protocolType, SecurityOptions options) : base(addressFamily, socketType, protocolType)
{
m_SentShutdownNotification = false;
ChangeSecurityProtocol(options);
}
/// <summary>
/// Initializes a new instance of the <see cref="SecureTcpClient"/> class.
/// </summary>
/// <param name="options">The security options to use.</param>
public SecureTcpClient(SecurityOptions options)
{
m_Client = new SecureSocket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp, options);
}
/// <summary>
/// Initializes a new instance of the SecureSocket class.
/// </summary>
/// <param name="accepted">The accepted <see cref="Socket"/> instance.</param>
/// <param name="options">The <see cref="SecurityOptions"/> to use.</param>
/// <exception cref="SecurityException">An error occurs while changing the security protocol.</exception>
internal SecureSocket(Socket accepted, SecurityOptions options) : base(accepted)
{
m_SentShutdownNotification = false;
ChangeSecurityProtocol(options);
}
/// <summary>
/// Initializes a new instance of the <see cref="SecureTcpClient"/> class and connects to the specified port on the specified host.
/// </summary>
/// <param name="hostname">DNS name of the remote host to which you intend to connect.</param>
/// <param name="port">Port number of the remote host to which you intend to connect.</param>
/// <param name="options">The security options to use.</param>
/// <exception cref="ArgumentNullException"><paramref name="hostname"/> is null (<b>Nothing</b> in Visual Basic).</exception>
/// <exception cref="ArgumentOutOfRangeException"><paramref name="port"/> is less than MinPort -or- <paramref name="port"/> is greater than MaxPort.</exception>
/// <exception cref="SocketException">An error is encountered when resolving <paramref name="hostname"/> -or- an error occurred while connecting to the remote host.</exception>
/// <exception cref="SecurityException">The security negotiation failed.</exception>
public SecureTcpClient(string hostname, int port, SecurityOptions options)
: this(options)
{
if (hostname == null)
throw new ArgumentNullException();
Connect(hostname, port);
}
public HttpSocketServer(Func<IDictionary<string, object>, Task> next, IDictionary<string, object> properties)
{
_next = next;
var addresses = (IList<IDictionary<string, object>>)properties[OwinConstants.CommonKeys.Addresses];
var address = addresses.First();
_port = Int32.Parse(address.Get<string>("port"));
_scheme = address.Get<string>("scheme");
_useHandshake = (bool)properties["use-handshake"];
_usePriorities = (bool)properties["use-priorities"];
_useFlowControl = (bool)properties["use-flowControl"];
int securePort;
try
{
securePort = int.Parse(ConfigurationManager.AppSettings["securePort"]);
}
catch (Exception)
{
Http2Logger.LogError("Incorrect port in the config file!" + ConfigurationManager.AppSettings["securePort"]);
return;
}
if (_port == securePort && _scheme == Uri.UriSchemeHttp
|| _port != securePort && _scheme == Uri.UriSchemeHttps)
{
Http2Logger.LogError("Invalid scheme or port! Use https for secure port.");
return;
}
var extensions = new[] { ExtensionType.Renegotiation, ExtensionType.ALPN };
// protocols should be in order of their priority
_options = _port == securePort ? new SecurityOptions(SecureProtocol.Tls1, extensions, new[] { Protocols.Http2, Protocols.Http1 }, ConnectionEnd.Server)
: new SecurityOptions(SecureProtocol.None, extensions, new[] { Protocols.Http2, Protocols.Http1 }, ConnectionEnd.Server);
_options.VerificationType = CredentialVerification.None;
_options.Certificate = Certificate.CreateFromCerFile(AssemblyName + CertificateFilename);
_options.Flags = SecurityFlags.Default;
_options.AllowedAlgorithms = SslAlgorithms.RSA_AES_256_SHA | SslAlgorithms.NULL_COMPRESSION;
_server = new SecureTcpListener(_port, _options);
ThreadPool.SetMaxThreads(30, 10);
Listen();
}
/// <summary>
/// Initializes a new instance of the SecureTcpListener class that listens to the specified IP address and port.
/// </summary>
/// <param name="localaddr">The local IP address.</param>
/// <param name="port">The port on which to listen.</param>
/// <param name="options">The security options to use.</param>
/// <exception cref="ArgumentNullException"><paramref name="localaddr"/> is a null reference (<b>Nothing</b> in Visual Basic).</exception>
/// <exception cref="ArgumentOutOfRangeException"><paramref name="port"/> is not between MinPort and MaxPort.</exception>
public SecureTcpListener(IPAddress localaddr, int port, SecurityOptions options)
: this(new IPEndPoint(localaddr, port), options)
{
}
/// <summary>
/// Changes the security protocol. This method can only be used to 'upgrade' a connection from no-security to either SSL or TLS.
/// </summary>
/// <param name="options">The new <see cref="SecurityOptions"/> parameters.</param>
/// <exception cref="SecurityException">An error occurs while changing the security protocol.</exception>
/// <remarks>
/// Programs should only call this method if there is no active <see cref="Read"/> or <see cref="Write"/>!
/// </remarks>
public void ChangeSecurityProtocol(SecurityOptions options)
{
Socket.ChangeSecurityProtocol(options);
}
/// <summary>
/// Initializes a new instance of the SecureTcpListener class that listens to the specified IP address and port.
/// </summary>
/// <param name="localaddr">The local IP address.</param>
/// <param name="port">The port on which to listen.</param>
/// <param name="options">The security options to use.</param>
/// <exception cref="ArgumentNullException"><paramref name="localaddr"/> is a null reference (<b>Nothing</b> in Visual Basic).</exception>
/// <exception cref="ArgumentOutOfRangeException"><paramref name="port"/> is not between MinPort and MaxPort.</exception>
public SecureTcpListener(IPAddress localaddr, int port, SecurityOptions options) : this(new IPEndPoint(localaddr, port), options)
{
}
/// <summary>
/// Initializes a new instance of the SecureTcpListener class with the specified local endpoint.
/// </summary>
/// <param name="localEP">The local endpoint to which to bind the listener Socket.</param>
/// <param name="options">The security options to use.</param>
/// <exception cref="ArgumentNullException"><paramref name="localEP"/> is a null reference (<b>Nothing</b> in Visual Basic).</exception>
/// <remarks><paramref name="localEP"/> specifies the local <see cref="IPEndPoint"/>. This constructor creates an underlying SecureSocket, and binds that SecureSocket to <paramref name="localEP"/>. If you call the Start method, TcpListener will listen for connections on <paramref name="localEP"/>.</remarks>
public SecureTcpListener(IPEndPoint localEP, SecurityOptions options)
{
if (localEP == null)
throw new ArgumentNullException();
m_LocalEndpoint = localEP;
m_SecurityOptions = options;
}
