/// <summary>
/// Use this constructor to add SSL over the top of the connection.
/// </summary>
/// <param name="Client"></param>
/// <param name="log"></param>
/// <param name="bReportAllMsgData"></param>
/// <param name="msgs"></param>
/// <param name="ssl_settings"></param>
public TCP_ClientContext(TcpClient Client, TraceSource log, bool bReportAllMsgData, CommLogMessages msgs, SSL_Settings ssl_settings)
: base(msgs)
{
basicConstructorSetup(Client, log, bReportAllMsgData, msgs);
if (ssl_settings != null)
{
try
{
SslStream ssl_stream = ssl_settings.StartSSL_Connection(Stream, log, ConnectionID, msgs);
Stream = ssl_stream;
}
catch (Exception e)
{
//any excption means that the SSL negotiation failed.
Client.Close();
Stream.Dispose();
}
}
//start reading immediately
Stream.BeginRead(Buffer, 0, Buffer.Length, this.OnClientRead, null);
}
private void basicConstructorSetup(TcpClient Client, TraceSource log, bool bReportAllMsgData, CommLogMessages msgs)
{
_ConnectionID = GetNewConnID();
TheLogTrace = log;
_bConnected = true;
this.Client = Client;
base.bReportAllMsgData = bReportAllMsgData;
Client.NoDelay = true; //set this to true so that the server is very responsive (gets rid of latency, at the expense of network efficiency)
Stream = Client.GetStream();
LogMsg(TraceEventType.Information, logMsgs.msgNewTCP_Client);
}
/// <summary>
/// Use this constructor when no SSL is required.
/// </summary>
/// <param name="Client"></param>
/// <param name="log"></param>
/// <param name="bReportAllMsgData"></param>
/// <param name="msgs"></param>
public TCP_ClientContext(TcpClient Client, TraceSource log, bool bReportAllMsgData, CommLogMessages msgs) : base(msgs)
{
basicConstructorSetup(Client, log, bReportAllMsgData, msgs);
//start reading immediately
Stream.BeginRead(Buffer, 0, Buffer.Length, this.OnClientRead, null);
}
public SSL_Settings sslSettings = null; //if this is null, TLS will not be used.
/// <summary>
///
/// </summary>
/// <param name="trace">Trace source for logging</param>
/// <param name="Msgs">Used for overriding the default log messages</param>
/// <param name="optionalVerboseData">Set to true if extra verbose logging should be used</param>
public TCPconnManager(TraceSource trace, CommLogMessages Msgs, bool optionalVerboseData = false)
{
logMsgs = Msgs;
LogTrace = trace;
bVerboseData = optionalVerboseData;
}
public ClientContext(CommLogMessages msgs)
{
logMsgs = msgs;
}
private X509Certificate dSelectLocalCertificate(object sender, string targetHost,
X509CertificateCollection localCertificates, X509Certificate remoteCertificate,
string[] acceptableIssuers, TraceSource log, int LogID, CommLogMessages msgs) //note the final three parameters are "curried" http://stackoverflow.com/questions/14324803/passing-delegate-function-with-extra-parameters
{
return(localCert);
}
private bool dValidatePeerCertificate(object sender, X509Certificate PeerCertificate,
X509Chain PeerCertificateChain, SslPolicyErrors sslPolicyErrors,
TraceSource log, int LogID, CommLogMessages msgs) //note the final three parameters are "curried" http://stackoverflow.com/questions/14324803/passing-delegate-function-with-extra-parameters
{
/*Console.WriteLine("ValidateClientCertificate Callback.");
* Console.WriteLine("Sender: {0}", sender);
* Console.WriteLine("ClientCertificate: {0}", ClientCertificate);
* Console.WriteLine("ClientCertificateChain: {0}", ClientCertificateChain);*/
bool finalPass = true;
try
{
if (sslPolicyErrors == SslPolicyErrors.RemoteCertificateNotAvailable)
{
if (requirePeerCert == true)
{
finalPass = false;
log.TraceEvent(TraceEventType.Warning, LogID, "Ssl Policy Errors: " + sslPolicyErrors.ToString() + ". Aborting connection.");
}
}
else if (sslPolicyErrors != SslPolicyErrors.None)
{
finalPass = false;
log.TraceEvent(TraceEventType.Warning, LogID, "Ssl Policy Errors: " + sslPolicyErrors.ToString() + ". Aborting connection.");
}
if ((requirePeerCert == true) || (!server))
{
X509Certificate2 peerCert = new X509Certificate2(PeerCertificate);
//check certificate name
if (peerName != null)
{
if (peerName != peerCert.GetNameInfo(X509NameType.SimpleName, false))
{
finalPass = false;
log.TraceEvent(TraceEventType.Warning, LogID, "Certificate common name mismatch. Expected: " + peerName + ", found: " + peerCert.GetNameInfo(X509NameType.SimpleName, false) + ". Aborting connection.");
}
}
//check if client certificate matches one of our accepted certificates
if (expectedPeerCert != null)
{
if (!CheckCollectionForPeerCert(peerCert))
{
finalPass = false;
log.TraceEvent(TraceEventType.Warning, LogID, "Peer certificate is not in list of acceptable certificates: " + peerCert.GetNameInfo(X509NameType.SimpleName, false) + ". Aborting connection.");
}
}
//check if client certificate has the expected signers
if (peerSigners != null)
{
if (!CheckPeerCertSigners(peerCert, PeerCertificateChain))
{
finalPass = false;
log.TraceEvent(TraceEventType.Warning, LogID, "Peer certificate does not have the proper signers. Aborting connection.");
}
}
}
}
catch (Exception e)
{
finalPass = false;
log.TraceEvent(TraceEventType.Warning, LogID, "Exception caught when validating the peer certificate. Aborting connection. " + e.ToString());
}
// Do not allow this client to communicate with unauthenticated servers.
return(finalPass);
}
private LocalCertificateSelectionCallback setupLocalCertSelectionCallback(TraceSource log, int LogID, CommLogMessages msgs)
{
LocalCertSelectionCallback _SelectLocalCertificate = new LocalCertSelectionCallback(dSelectLocalCertificate);
if (SelectLocalCertificate != null)
{
_SelectLocalCertificate = SelectLocalCertificate;
}
LocalCertificateSelectionCallback lcsCallback =
(sender, targetHost, localCertificates, remoteCertificate, acceptableIssuers) =>
_SelectLocalCertificate(sender, targetHost, localCertificates, remoteCertificate, acceptableIssuers,
log, LogID, msgs);
return(lcsCallback);
}
private RemoteCertificateValidationCallback setupRemoteCertValidationCallback(TraceSource log, int LogID, CommLogMessages msgs)
{
RemoteCertValidationCallback _ValidatePeerCallback = new RemoteCertValidationCallback(dValidatePeerCertificate);
if (ValidatePeerCallback != null)
{
_ValidatePeerCallback = ValidatePeerCallback;
}
RemoteCertificateValidationCallback rcvCallback =
(sender, ClientCertificate, ClientCertificateChain, sslPolicyErrors) =>
_ValidatePeerCallback(sender, ClientCertificate, ClientCertificateChain, sslPolicyErrors, log, LogID, msgs);
return(rcvCallback);
}
public SslStream StartSSL_Connection(Stream stream, TraceSource log, int LogID, CommLogMessages msgs)
{
SslStream sslStream;
RemoteCertificateValidationCallback rcvCallback = setupRemoteCertValidationCallback(log, LogID, msgs);
LocalCertificateSelectionCallback lcsCallback = setupLocalCertSelectionCallback(log, LogID, msgs);
/*RemoteCertificateValidationCallback _ValidatePeerCallback =
* new RemoteCertificateValidationCallback(
* (sender, ClientCertificate, ClientCertificateChain, sslPolicyErrors) =>
* dValidatePeerCertificate(sender, ClientCertificate, ClientCertificateChain, sslPolicyErrors, log, LogID, msgs));
*
* LocalCertificateSelectionCallback _SelectLocalCertificate = new LocalCertificateSelectionCallback (
* (sender, targetHost, localCertificates, remoteCertificate, acceptableIssuers) =>
* dSelectLocalCertificate( sender, targetHost, localCertificates, remoteCertificate, acceptableIssuers,
* log, LogID, msgs));*/
sslStream = new SslStream(stream, LeaveConnectionOpen, rcvCallback, lcsCallback, encPolicy);
try
{
log.TraceEvent(TraceEventType.Verbose, LogID, "Starting SSL authentication with peer.");
if (server)
{
sslStream.AuthenticateAsServer(localCert, requirePeerCert, protocolsAllowed, checkCertRevocation);
}
else
{
X509CertificateCollection col = new X509CertificateCollection();
if (localCert != null)
{
col.Add(localCert);
}
sslStream.AuthenticateAsClient(peerName, col, protocolsAllowed, checkCertRevocation);
}
sslStream.ReadTimeout = readTimeout;
sslStream.WriteTimeout = writeTimeOut;
//okay, we are up!
if (sslStream.RemoteCertificate != null)
{
log.TraceEvent(TraceEventType.Verbose, LogID, "SSL authentication succeeded, connected to peer with certificate: " + sslStream.RemoteCertificate.Subject);
}
else
{
log.TraceEvent(TraceEventType.Verbose, LogID, "SSL authentication succeeded, connected to peer without a certificate");
}
}
catch (Exception e)
{
log.TraceEvent(TraceEventType.Warning, LogID, "SSL server connection caught exception: " + e.ToString());
throw e;
}
return(sslStream);
}
