internal static MSI.MonoLocalCertificateSelectionCallback PublicToMono (LocalCertificateSelectionCallback callback) { if (callback == null) return null; return (t, lc, rc, ai) => callback (null, t, (XX509CertificateCollection)(object)lc, rc, ai); }
static void Main(string[] args) { try { //Client certificate string clientCertificateFile = "c:/certificates/RootCA.cer"; // x509 certificate X509Certificate clientCertificate = new X509Certificate(clientCertificateFile, "secret1"); // define TLS (transport layer security) protocol SslProtocols enabledSSLProtocols = SslProtocols.Tls; //Superseeds the former SslProtocols.Ssl3 //Alternative for validation of client // or collection of X509 certificates X509CertificateCollection certificateCollection = new X509CertificateCollection { clientCertificate }; // Server certificate name "FakeServerName" mentioned inside the ServerSSL certificate // ServerSSL cer issue to "FakeServerName" string serverName = "FakeServerName"; TcpClient clientSocket = new TcpClient("localhost", 6789); Stream unsecuredStream = clientSocket.GetStream(); //No revocation //SslStream sslStream = new SslStream(unsecureStream, leaveInnerStreamOpen, new RemoteCertificateValidationCallback(ValidateServerCertificate), null); //Setup for handling the validation of server // Verify the remote secure socket layer (SSL) certificate used for authentication var userCertificateValidationCallback = new RemoteCertificateValidationCallback(ValidateServerCertificate); // select the local secure socket layer (SSL) certificate used for authentication var localCertificateCallback = new LocalCertificateSelectionCallback(CertificateSelectionCallback); SslStream sslStream = new SslStream(unsecuredStream, false, userCertificateValidationCallback, localCertificateCallback); sslStream.AuthenticateAsClient(serverName, certificateCollection, enabledSSLProtocols, false); // sslStream.AuthenticateAsClient(serverName, certificateCollection, enabledSSLProtocols, true); // client and server runs on different machine StreamReader sr = new StreamReader(sslStream); StreamWriter sw = new StreamWriter(sslStream) { AutoFlush = true }; // enable automatic flushing Console.WriteLine("Client authenticated"); for (int i = 0; i < 5; i++) { Console.WriteLine("Enter your message here:"); string message = Console.ReadLine(); sw.WriteLine(message); string serverAnswer = sr.ReadLine(); Console.WriteLine("Server: " + serverAnswer); } sslStream.Close(); clientSocket.Close(); } catch (Exception e) { Console.WriteLine(e); Console.WriteLine("Press Enter to finish the Client "); Console.ReadKey(); } }
/// <summary> /// Initializes a new instance of the <see cref="TTLSServerSocket" /> class. /// </summary> /// <param name="port">The port where the server runs.</param> /// <param name="clientTimeout">Send/receive timeout.</param> /// <param name="useBufferedSockets">If set to <c>true</c> [use buffered sockets].</param> /// <param name="certificate">The certificate object.</param> /// <param name="clientCertValidator">The certificate validator.</param> /// <param name="localCertificateSelectionCallback">The callback to select which certificate to use.</param> /// <param name="sslProtocols">The SslProtocols value that represents the protocol used for authentication.</param> public TTLSServerSocket( int port, int clientTimeout, bool useBufferedSockets, X509Certificate2 certificate, RemoteCertificateValidationCallback clientCertValidator = null, LocalCertificateSelectionCallback localCertificateSelectionCallback = null, // TODO: Enable Tls11 and Tls12 (TLS 1.1 and 1.2) by default once we start using .NET 4.5+. SslProtocols sslProtocols = SslProtocols.Tls) { if (!certificate.HasPrivateKey) { throw new TTransportException(TTransportException.ExceptionType.Unknown, "Your server-certificate needs to have a private key"); } this.port = port; this.clientTimeout = clientTimeout; this.serverCertificate = certificate; this.useBufferedSockets = useBufferedSockets; this.clientCertValidator = clientCertValidator; this.localCertificateSelectionCallback = localCertificateSelectionCallback; this.sslProtocols = sslProtocols; try { // Create server socket this.server = TSocketVersionizer.CreateTcpListener(this.port); this.server.Server.NoDelay = true; } catch (Exception ex) { server = null; throw new TTransportException("Could not create ServerSocket on port " + this.port + ".", ex); } }
public void SslStream_StreamToStream_DuplicateOptions_Throws() { RemoteCertificateValidationCallback rCallback = (sender, certificate, chain, errors) => { return(true); }; LocalCertificateSelectionCallback lCallback = (sender, host, localCertificates, remoteCertificate, issuers) => { return(null); }; VirtualNetwork network = new VirtualNetwork(); using (var clientStream = new VirtualNetworkStream(network, false)) using (var serverStream = new VirtualNetworkStream(network, true)) using (var client = new SslStream(clientStream, false, rCallback, lCallback, EncryptionPolicy.RequireEncryption)) using (var server = new SslStream(serverStream, false, rCallback)) using (X509Certificate2 certificate = Configuration.Certificates.GetServerCertificate()) { SslClientAuthenticationOptions clientOptions = new SslClientAuthenticationOptions(); clientOptions.RemoteCertificateValidationCallback = AllowAnyServerCertificate; clientOptions.TargetHost = certificate.GetNameInfo(X509NameType.SimpleName, false); SslServerAuthenticationOptions serverOptions = new SslServerAuthenticationOptions(); serverOptions.ServerCertificate = certificate; serverOptions.RemoteCertificateValidationCallback = AllowAnyServerCertificate; Task t1 = Assert.ThrowsAsync <InvalidOperationException>(() => client.AuthenticateAsClientAsync(clientOptions, CancellationToken.None)); Task t2 = Assert.ThrowsAsync <InvalidOperationException>(() => server.AuthenticateAsServerAsync(serverOptions, CancellationToken.None)); Assert.True(Task.WaitAll(new[] { t1, t2 }, TestConfiguration.PassingTestTimeoutMilliseconds)); } }
/// <summary> /// Initializes a new instance of the <see cref="TTLSSocket"/> class. /// </summary> /// <param name="client">An already created TCP-client</param> /// <param name="certificate">The certificate.</param> /// <param name="isServer">if set to <c>true</c> [is server].</param> /// <param name="certValidator">User defined cert validator.</param> /// <param name="localCertificateSelectionCallback">The callback to select which certificate to use.</param> /// <param name="sslProtocols">The SslProtocols value that represents the protocol used for authentication.</param> public TTLSSocket( TcpClient client, X509Certificate certificate, bool isServer = false, RemoteCertificateValidationCallback certValidator = null, LocalCertificateSelectionCallback localCertificateSelectionCallback = null, // TODO: Enable Tls11 and Tls12 (TLS 1.1 and 1.2) by default once we start using .NET 4.5+. SslProtocols sslProtocols = SslProtocols.Tls) { this.client = client; this.certificate = certificate; this.certValidator = certValidator; this.localCertificateSelectionCallback = localCertificateSelectionCallback; this.sslProtocols = sslProtocols; this.isServer = isServer; if (isServer && certificate == null) { throw new ArgumentException("TTLSSocket needs certificate to be used for server", "certificate"); } if (IsOpen) { base.inputStream = client.GetStream(); base.outputStream = client.GetStream(); } }
/// <summary> /// Enables the extension, directing the callback to the appropriate cert selection UI /// </summary> private void Enable() { isExtensionEnabled = true; if (!isPreviousProviderSet) { previousClientCertificateProvider = Fiddler.FiddlerApplication.ClientCertificateProvider; isPreviousProviderSet = true; } Fiddler.FiddlerApplication.ClientCertificateProvider = this.LocalCertificateSelectionCallback; if (enableMenuItem != null) { enableMenuItem.Checked = true; } foreach (var menuItem in secondaryMenuItems) { if (menuItem != null) { menuItem.Enabled = true; } } if (defaultClientCertificate == null && clearDefaultClientCertMenuItem != null) { clearDefaultClientCertMenuItem.Enabled = false; } }
public TTlsSocketTransport(string host, int port, TConfiguration config, int timeout, X509Certificate2 certificate, RemoteCertificateValidationCallback certValidator = null, LocalCertificateSelectionCallback localCertificateSelectionCallback = null, SslProtocols sslProtocols = SslProtocols.Tls12) : base(config) { try { _targetHost = host; var entry = Dns.GetHostEntry(host); if (entry.AddressList.Length == 0) { throw new TTransportException(TTransportException.ExceptionType.Unknown, "unable to resolve host name"); } _host = entry.AddressList[0]; _port = port; _timeout = timeout; _certificate = certificate; _certValidator = certValidator; _localCertificateSelectionCallback = localCertificateSelectionCallback; _sslProtocols = sslProtocols; InitSocket(); } catch (SocketException e) { throw new TTransportException(TTransportException.ExceptionType.Unknown, e.Message, e); } }
internal static SslStream ManageServerRequest(TcpClient client, String connectToIP) { SslStream sslStream = null; try { bool leaveInnerStreamOpen = true; RemoteCertificateValidationCallback validationCallback = new RemoteCertificateValidationCallback(ServerValidationCallback); LocalCertificateSelectionCallback selectionCallback = new LocalCertificateSelectionCallback(ClientCertificateSelectionCallback); EncryptionPolicy encryptionPolicy = EncryptionPolicy.NoEncryption; sslStream = new SslStream(client.GetStream(), leaveInnerStreamOpen, validationCallback, selectionCallback, encryptionPolicy); Console.WriteLine("Client starting handshake"); ClientSideHandshake(sslStream, connectToIP); Console.WriteLine("client finished handshake"); } catch(AuthenticationException ex) { Console.WriteLine("\nAuthentication Exception: " + ex.Message); } catch(Exception ex) { Console.WriteLine("\nError detected: " + ex.Message); } return sslStream; }
public RedisPoolSettings(RedisEndPoint[] endPoints = null, string masterName = null, string password = null, string clientName = null, int connectionTimeout = RedisConstants.DefaultConnectionTimeout, int receiveTimeout = RedisConstants.DefaultReceiveTimeout, int sendTimeout = RedisConstants.DefaultSendTimeout, int maxConnectionCount = RedisConstants.DefaultMaxConnectionCount, int connectionWaitTimeout = RedisConstants.DefaultWaitTimeout, int connectionIdleTimeout = RedisConstants.DefaultIdleTimeout, int readBufferSize = 0, int writeBufferSize = 0, bool heartBeatEnabled = true, int hearBeatIntervalInSecs = RedisConstants.DefaultHeartBeatIntervalSecs, bool useAsyncCompleter = true, bool useSlaveAsMasterIfNoMasterFound = false, bool useSsl = false, LocalCertificateSelectionCallback sslCertificateSelection = null, RemoteCertificateValidationCallback sslCertificateValidation = null) : base(endPoints, masterName, password, clientName, connectionTimeout, receiveTimeout, sendTimeout, connectionWaitTimeout, readBufferSize, writeBufferSize, heartBeatEnabled, hearBeatIntervalInSecs, useSsl, sslCertificateSelection, sslCertificateValidation) { UseAsyncCompleter = useAsyncCompleter; UseSlaveAsMasterIfNoMasterFound = useSlaveAsMasterIfNoMasterFound; ConnectionIdleTimeout = connectionIdleTimeout <= 0 ? 0 : Math.Max(RedisConstants.MinIdleTimeout, Math.Min(RedisConstants.MaxIdleTimeout, connectionIdleTimeout)); MaxConnectionCount = Math.Max(Math.Min(maxConnectionCount, RedisConstants.MaxConnectionCount), RedisConstants.MinConnectionCount); }
public TTlsSocketTransport(string host, int port, TConfiguration config, int timeout, X509Certificate2 certificate, RemoteCertificateValidationCallback certValidator = null, LocalCertificateSelectionCallback localCertificateSelectionCallback = null, SslProtocols sslProtocols = SslProtocols.Tls12) : base(config) { try { var entry = Dns.GetHostEntryAsync(host).ConfigureAwait(false).GetAwaiter().GetResult(); if (entry.AddressList.Length == 0) { throw new TTransportException(TTransportException.ExceptionType.Unknown, "unable to resolve host name"); } var addr = entry.AddressList[0]; _host = new IPAddress(addr.GetAddressBytes(), addr.ScopeId); _port = port; _timeout = timeout; _certificate = certificate; _certValidator = certValidator; _localCertificateSelectionCallback = localCertificateSelectionCallback; _sslProtocols = sslProtocols; InitSocket(); } catch (SocketException e) { throw new TTransportException(TTransportException.ExceptionType.Unknown, e.Message, e); } }
public RedisPoolSettings(string host = RedisConstants.LocalHost, int port = RedisConstants.DefaultPort, string masterName = null, string password = null, string clientName = null, int connectionTimeout = RedisConstants.DefaultConnectionTimeout, int receiveTimeout = RedisConstants.DefaultReceiveTimeout, int sendTimeout = RedisConstants.DefaultSendTimeout, int maxConnectionCount = RedisConstants.DefaultMaxConnectionCount, int connectionWaitTimeout = RedisConstants.DefaultWaitTimeout, int connectionIdleTimeout = RedisConstants.DefaultIdleTimeout, int readBufferSize = 0, int writeBufferSize = 0, bool heartBeatEnabled = true, int hearBeatIntervalInSecs = RedisConstants.DefaultHeartBeatIntervalSecs, bool useAsyncCompleter = true, bool useSlaveAsMasterIfNoMasterFound = false, bool useSsl = false, LocalCertificateSelectionCallback sslCertificateSelection = null, RemoteCertificateValidationCallback sslCertificateValidation = null) : this(new[] { new RedisEndPoint(host, port) }, masterName, password, clientName, connectionTimeout, receiveTimeout, sendTimeout, maxConnectionCount, connectionWaitTimeout, connectionIdleTimeout, readBufferSize, writeBufferSize, heartBeatEnabled, hearBeatIntervalInSecs, useAsyncCompleter, useSlaveAsMasterIfNoMasterFound, useSsl, sslCertificateSelection, sslCertificateValidation) { }
internal static SslStream ManageClientRequest(TcpClient client) { SslStream sslStream = null; try { bool leaveInnerStreamOpen = true; RemoteCertificateValidationCallback validationCallback = new RemoteCertificateValidationCallback(ClientValidationCallback); LocalCertificateSelectionCallback selectionCallback = new LocalCertificateSelectionCallback(ServerCertificateSelectionCallback); EncryptionPolicy encryptionPolicy = EncryptionPolicy.AllowNoEncryption; sslStream = new SslStream(client.GetStream(), leaveInnerStreamOpen, validationCallback, selectionCallback, encryptionPolicy); Console.WriteLine("Server starting handshake"); ServerSideHandshake(sslStream); Console.WriteLine("Server finished handshake"); } catch(Exception ex) { sslStream = null; Console.WriteLine("\nError detected in sslStream: " + ex.Message); } return sslStream; }
private static void ManageRequest(TcpClient client) { try { bool leaveInnerStreamOpen = true; RemoteCertificateValidationCallback validationCallback = ClientValidationCallback; LocalCertificateSelectionCallback selectionCallback = ServerCertificateSelectionCallback; EncryptionPolicy encryptionPolicy = EncryptionPolicy.AllowNoEncryption; //create the SSL stream starting from the NetworkStream associated //with the TcpClient instance _sslStream = new SslStream(client.GetStream(), leaveInnerStreamOpen, validationCallback, selectionCallback, encryptionPolicy); //1. when the client requests it, the handshake begins ServerSideHandshake(); //2. read client's data using the encrypted stream ReadClientData(); } catch (Exception ex) { Console.WriteLine("\nError detected: " + ex.Message); } finally { if (_sslStream != null) { _sslStream.Close(); } client.Close(); } }
public TTlsServerSocketTransport( int port, bool useBufferedSockets, X509Certificate2 certificate, RemoteCertificateValidationCallback clientCertValidator = null, LocalCertificateSelectionCallback localCertificateSelectionCallback = null, SslProtocols sslProtocols = SslProtocols.Tls12) { if (!certificate.HasPrivateKey) { throw new TTransportException(TTransportException.ExceptionType.Unknown, "Your server-certificate needs to have a private key"); } _port = port; _serverCertificate = certificate; _useBufferedSockets = useBufferedSockets; _clientCertValidator = clientCertValidator; _localCertificateSelectionCallback = localCertificateSelectionCallback; _sslProtocols = sslProtocols; try { // Create server socket _server = new TcpListener(IPAddress.Any, _port); _server.Server.NoDelay = true; } catch (Exception) { _server = null; throw new TTransportException($"Could not create ServerSocket on port {port}."); } }
public TTlsSocketTransport(TcpClient client, TConfiguration config, X509Certificate2 certificate, bool isServer = false, RemoteCertificateValidationCallback certValidator = null, LocalCertificateSelectionCallback localCertificateSelectionCallback = null, SslProtocols sslProtocols = SslProtocols.Tls12) : base(config) { _client = client; _certificate = certificate; _certValidator = certValidator; _localCertificateSelectionCallback = localCertificateSelectionCallback; _sslProtocols = sslProtocols; _isServer = isServer; if (isServer && certificate == null) { throw new ArgumentException("TTlsSocketTransport needs certificate to be used for server", nameof(certificate)); } if (IsOpen) { InputStream = client.GetStream(); OutputStream = client.GetStream(); } }
/// <summary> /// Creates a new instance of the TlsaStream class /// </summary> /// <param name="innerStream">The underlying stream on which the encrypted stream should work</param> /// <param name="resolver">A DNSSEC resolver to get the TLSA records</param> /// <param name="enforceTlsaValidation">If true, the use of TLSA records is enforced</param> /// <param name="leaveInnerStreamOpen">If true, the underlying stream will not be closed when this instance is closed</param> /// <param name="userCertificateSelectionCallback"> /// A callback to select client certificates to authenticate the client to /// the server /// </param> public DaneStream(Stream innerStream, IDnsSecResolver resolver, bool enforceTlsaValidation = false, bool leaveInnerStreamOpen = false, LocalCertificateSelectionCallback userCertificateSelectionCallback = null) : base(innerStream, leaveInnerStreamOpen) { _resolver = resolver; _enforceTlsaValidation = enforceTlsaValidation; _sslStream = new SslStream(innerStream, leaveInnerStreamOpen, ValidateRemoteCertificate, userCertificateSelectionCallback); }
/// <summary> /// Enables SSL/TLS 1.2. /// </summary> /// <remarks> Registers the <see cref="Session.TlsCertificateValidationCallback"/> /// and <see cref="Session.TlsCertificateSelectionCallback"/> with the /// SslStream, optionally gets a client side SSL certificate from the local /// certificate store, then authenticates the connection. </remarks> private void EnableTls() { RemoteCertificateValidationCallback validationCallback = new RemoteCertificateValidationCallback(session.TlsCertificateValidationCallback); LocalCertificateSelectionCallback selectionCallback = new LocalCertificateSelectionCallback(session.TlsCertificateSelectionCallback); SslStream sslStream = new SslStream( session.Stream, true, validationCallback, selectionCallback, EncryptionPolicy.RequireEncryption); session.Stream = sslStream; X509Certificate2 certificate = Session.GetCertificateFromStore( string.Format("CN={0}", ServerConfiguration.TlsConfiguration.Certificate)); X509CertificateCollection certificates = new X509CertificateCollection(); if (certificate != null) { certificates.Add(certificate); } ((SslStream)session.Stream).AuthenticateAsClient( ServerConfiguration.Host, certificates, SslProtocols.Tls, ServerConfiguration.TlsConfiguration.CheckCertificateRevocation); }
public MqttNetworkChannel(string remoteHostName, int remotePort, bool secure, X509Certificate caCert, X509Certificate clientCert, MqttSslProtocols sslProtocol, RemoteCertificateValidationCallback userCertificateValidationCallback, LocalCertificateSelectionCallback userCertificateSelectionCallback) { IPAddress ipAddress = (IPAddress)null; try { ipAddress = IPAddress.Parse(remoteHostName); } catch { } if (ipAddress == null) { IPHostEntry hostEntry = Dns.GetHostEntry(remoteHostName); if (hostEntry == null || (uint)hostEntry.AddressList.Length <= 0U) { throw new Exception("No address found for the remote host name"); } int index = 0; while (hostEntry.AddressList[index] == null) { checked { ++index; } } ipAddress = hostEntry.AddressList[index]; } this.remoteHostName = remoteHostName; this.remoteIpAddress = ipAddress; this.remotePort = remotePort; this.secure = secure; this.caCert = caCert; this.clientCert = clientCert; this.sslProtocol = sslProtocol; this.userCertificateValidationCallback = userCertificateValidationCallback; this.userCertificateSelectionCallback = userCertificateSelectionCallback; }
public RedisManagerSettings(HashSet <RedisEndPoint> endPoints, RedisManagerType managerType = RedisManagerType.MasterSlave, string masterName = null, string password = null, string clientName = null, int connectionTimeout = RedisConstants.DefaultConnectionTimeout, int receiveTimeout = RedisConstants.DefaultReceiveTimeout, int sendTimeout = RedisConstants.DefaultSendTimeout, int maxConnectionCount = RedisConstants.DefaultMaxConnectionCount, int connectionWaitTimeout = RedisConstants.DefaultWaitTimeout, int connectionIdleTimeout = RedisConstants.DefaultIdleTimeout, int readBufferSize = 0, int writeBufferSize = 0, bool heartBeatEnabled = true, int hearBeatIntervalInSecs = RedisConstants.DefaultHeartBeatIntervalSecs, bool useAsyncCompleter = true, bool useSlaveAsMasterIfNoMasterFound = false, bool useSsl = false, LocalCertificateSelectionCallback sslCertificateSelection = null, RemoteCertificateValidationCallback sslCertificateValidation = null) : this(ToEndPointList(endPoints), managerType, masterName, password, clientName, connectionTimeout, receiveTimeout, sendTimeout, maxConnectionCount, connectionWaitTimeout, connectionIdleTimeout, readBufferSize, writeBufferSize, heartBeatEnabled, hearBeatIntervalInSecs, useAsyncCompleter, useSlaveAsMasterIfNoMasterFound, useSsl, sslCertificateSelection, sslCertificateValidation) { }
public TTlsServerSocketTransport( int port, bool useBufferedSockets, bool useFramedTransport, X509Certificate2 certificate, RemoteCertificateValidationCallback clientCertValidator = null, LocalCertificateSelectionCallback localCertificateSelectionCallback = null, SslProtocols sslProtocols = SslProtocols.Tls12) { if (!certificate.HasPrivateKey) { throw new TTransportException(TTransportException.ExceptionType.Unknown, "Your server-certificate needs to have a private key"); } _port = port; _serverCertificate = certificate; _useBufferedSockets = useBufferedSockets; _useFramedTransport = useFramedTransport; _clientCertValidator = clientCertValidator; _localCertificateSelectionCallback = localCertificateSelectionCallback; _sslProtocols = sslProtocols; try { // Create server socket _server = new TcpListener(IPAddress.Any, _port); _server.Server.NoDelay = true; } catch (Exception) { _server = null; throw new TTransportException($"Could not create ServerSocket on port {port}."); } }
internal bool SecureExistingConnection(Session oS, string sCertCN, string sClientCertificateFilename, string sPoolingKey, ref int iHandshakeTime) { RemoteCertificateValidationCallback userCertificateValidationCallback = null; LocalCertificateSelectionCallback userCertificateSelectionCallback = null; Stopwatch stopwatch = Stopwatch.StartNew(); try { this.sPoolKey = sPoolingKey; X509CertificateCollection certificateCollectionFromFile = this.GetCertificateCollectionFromFile(sClientCertificateFilename); if (userCertificateValidationCallback == null) { userCertificateValidationCallback = delegate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { return(ConfirmServerCertificate(oS, sCertCN, certificate, chain, sslPolicyErrors)); }; } if (userCertificateSelectionCallback == null) { userCertificateSelectionCallback = delegate(object sender, string targetHost, X509CertificateCollection localCertificates, X509Certificate remoteCertificate, string[] acceptableIssuers) { return(this.AttachClientCertificate(oS, sender, targetHost, localCertificates, remoteCertificate, acceptableIssuers)); }; } base._httpsStream = new SslStream(new NetworkStream(base._baseSocket, false), false, userCertificateValidationCallback, userCertificateSelectionCallback); base._httpsStream.AuthenticateAsClient(sCertCN, certificateCollectionFromFile, Browser.oAcceptedServerHTTPSProtocols, SDVPApplication.Prefs.GetBoolPref("SDVP.https.checkcertificaterevocation", false)); iHandshakeTime = (int)stopwatch.ElapsedMilliseconds; } catch (Exception exception) { iHandshakeTime = (int)stopwatch.ElapsedMilliseconds; SDVPApplication.DebugSpew(exception.StackTrace + "\n" + exception.Message); return(false); } return(true); }
/// <summary> /// Upgrade a Tcp stream to an Ssl stream using the TLS options provided. /// </summary> public static Stream TcpUpgrade(Stream tcpStream, SslOption options) { var helper = new SslHelper(options); RemoteCertificateValidationCallback remoteCertValidator = options.CertificateValidationCallback ?? helper.CertificateValidationCallback; LocalCertificateSelectionCallback localCertSelector = options.CertificateSelectionCallback ?? helper.CertificateSelectionCallback; var sslStream = new SslStream(tcpStream, false, remoteCertValidator, localCertSelector); void TryAuthenticating(SslOption opts) { sslStream.AuthenticateAsClientAsync(opts.ServerName, opts.Certs, opts.Version, opts.CheckCertificateRevocation).GetAwaiter().GetResult(); } try { TryAuthenticating(options); } catch (ArgumentException e) when(e.ParamName == "sslProtocolType" && options.Version == SslProtocols.None) { // SslProtocols.None is dysfunctional in this environment, possibly due to TLS version restrictions // in the app context, system or .NET version-specific behavior. See rabbitmq/rabbitmq-dotnet-client#764 // for background. options.UseFallbackTlsVersions(); TryAuthenticating(options); } return(sslStream); }
/// <summary> /// Constructs the factory for the case where server identity and also the client identity can be verifyied. /// </summary> /// <param name="hostName">The host the client wants to communicate with. The host name must match with the certificate name.</param> /// <param name="certificates">List of certificates provided by the client. If null, the client is not verified.</param> /// <param name="userCertificateValidationCallback">User provided delegate for validating the certificate supplied by the remote party.</param> /// <param name="userCertificateSelectionCallback">User provided delegate for selecting the certificate used for authentication.</param> public ClientSslFactory(string hostName, X509CertificateCollection certificates, RemoteCertificateValidationCallback userCertificateValidationCallback, LocalCertificateSelectionCallback userCertificateSelectionCallback) { using (EneterTrace.Entering()) { if (string.IsNullOrEmpty(hostName)) { string anError = TracedObject + "failed in constructor because the input parameter 'hostName' was null or empty."; EneterTrace.Error(anError); throw new ArgumentException(anError); } AcceptedProtocols = SslProtocols.Ssl3 | SslProtocols.Tls; #if NETSTANDARD || NET472 AcceptedProtocols |= SslProtocols.Tls11 | SslProtocols.Tls12; #endif #if MONOANDROID || XAMARIN_IOS AcceptedProtocols |= SslProtocols.Tls11 | SslProtocols.Tls12 | SslProtocols.Tls13; #endif myHostName = hostName; myCertificates = certificates; myUserCertificateValidationCallback = userCertificateValidationCallback; myUserCertificateSelectionCallback = userCertificateSelectionCallback; } }
internal bool SecureExistingConnection(Session oS, string sCertCN, string sClientCertificateFilename, string sPoolingKey, ref int iHandshakeTime) { RemoteCertificateValidationCallback userCertificateValidationCallback = null; LocalCertificateSelectionCallback userCertificateSelectionCallback = null; Stopwatch stopwatch = Stopwatch.StartNew(); try { this.sPoolKey = sPoolingKey; X509CertificateCollection certificateCollectionFromFile = this.GetCertificateCollectionFromFile(sClientCertificateFilename); if (userCertificateValidationCallback == null) { userCertificateValidationCallback = (sender, certificate, chain, sslPolicyErrors) => ConfirmServerCertificate(oS, sCertCN, certificate, chain, sslPolicyErrors); } if (userCertificateSelectionCallback == null) { userCertificateSelectionCallback = (sender, targetHost, localCertificates, remoteCertificate, acceptableIssuers) => this.AttachClientCertificate(oS, sender, targetHost, localCertificates, remoteCertificate, acceptableIssuers); } base._httpsStream = new SslStream(new NetworkStream(base._baseSocket, false), false, userCertificateValidationCallback, userCertificateSelectionCallback); base._httpsStream.AuthenticateAsClient(sCertCN, certificateCollectionFromFile, CONFIG.oAcceptedServerHTTPSProtocols, false); iHandshakeTime = (int)stopwatch.ElapsedMilliseconds; } catch (Exception exception) { iHandshakeTime = (int)stopwatch.ElapsedMilliseconds; FiddlerApplication.DebugSpew(exception.StackTrace + "\n" + exception.Message); FiddlerApplication.Log.LogFormat("fiddler.network.https> Failed to secure existing connection for {0}. {1}{2}", new object[] { sCertCN, exception.Message, (exception.InnerException != null) ? (" InnerException: " + exception.InnerException.ToString()) : "." }); return(false); } return(true); }
/// <summary> /// Initializes a new instance of the <see cref="TTLSServerSocket" /> class. /// </summary> /// <param name="port">The port where the server runs.</param> /// <param name="clientTimeout">Send/receive timeout.</param> /// <param name="useBufferedSockets">If set to <c>true</c> [use buffered sockets].</param> /// <param name="certificate">The certificate object.</param> /// <param name="clientCertValidator">The certificate validator.</param> /// <param name="localCertificateSelectionCallback">The callback to select which certificate to use.</param> public TTLSServerSocket( int port, int clientTimeout, bool useBufferedSockets, X509Certificate2 certificate, RemoteCertificateValidationCallback clientCertValidator = null, LocalCertificateSelectionCallback localCertificateSelectionCallback = null) { if (!certificate.HasPrivateKey) { throw new TTransportException(TTransportException.ExceptionType.Unknown, "Your server-certificate needs to have a private key"); } this.port = port; this.serverCertificate = certificate; this.useBufferedSockets = useBufferedSockets; this.clientCertValidator = clientCertValidator; this.localCertificateSelectionCallback = localCertificateSelectionCallback; try { // Create server socket server = new TcpListener(System.Net.IPAddress.Any, this.port); server.Server.NoDelay = true; } catch (Exception) { server = null; throw new TTransportException("Could not create ServerSocket on port " + port + "."); } }
public SslStream(Stream innerStream, bool leaveStreamOpen, RemoteCertificateValidationCallback certValidationCallback, LocalCertificateSelectionCallback certSelectionCallback) : base(innerStream, leaveStreamOpen) { // they are nullable. validation_callback = certValidationCallback; selection_callback = certSelectionCallback; }
public async Task SslStream_StreamToStream_DuplicateOptions_Throws() { RemoteCertificateValidationCallback rCallback = (sender, certificate, chain, errors) => { return(true); }; LocalCertificateSelectionCallback lCallback = (sender, host, localCertificates, remoteCertificate, issuers) => { return(null); }; (Stream clientStream, Stream serverStream) = TestHelper.GetConnectedStreams(); using (clientStream) using (serverStream) using (var client = new SslStream(clientStream, false, rCallback, lCallback, EncryptionPolicy.RequireEncryption)) using (var server = new SslStream(serverStream, false, rCallback)) using (X509Certificate2 certificate = Configuration.Certificates.GetServerCertificate()) { SslClientAuthenticationOptions clientOptions = new SslClientAuthenticationOptions(); clientOptions.RemoteCertificateValidationCallback = AllowAnyServerCertificate; clientOptions.TargetHost = certificate.GetNameInfo(X509NameType.SimpleName, false); SslServerAuthenticationOptions serverOptions = new SslServerAuthenticationOptions(); serverOptions.ServerCertificate = certificate; serverOptions.RemoteCertificateValidationCallback = AllowAnyServerCertificate; Task t1 = Assert.ThrowsAsync <InvalidOperationException>(() => client.AuthenticateAsClientAsync(clientOptions, CancellationToken.None)); Task t2 = Assert.ThrowsAsync <InvalidOperationException>(() => server.AuthenticateAsServerAsync(serverOptions, CancellationToken.None)); await TestConfiguration.WhenAllOrAnyFailedWithTimeout(t1, t2); } }
static XLocalCertificateSelectionCallback ConvertCallback(LocalCertificateSelectionCallback callback) { if (callback == null) { return(null); } return((s, t, lc, rc, ai) => callback(s, t, lc, rc, ai)); }
///<summary>Construct an SslOption specifying both the server cannonical name ///and the client's certificate path. ///</summary> public SslOption(string serverName, string certPath, bool enabled) { m_serverName = serverName; m_certPath = certPath; m_enabled = enabled; CertificateValidationCallback = null; CertificateSelectionCallback = null; }
public SslMllpNetworkSream( Stream innerStream, bool leaveInnerStreamOpen, RemoteCertificateValidationCallback userCertificateValidationCallback, LocalCertificateSelectionCallback userCertificateSelectionCallback) : base( innerStream, leaveInnerStreamOpen, userCertificateValidationCallback, userCertificateSelectionCallback) { }
internal static MSI.MonoLocalCertificateSelectionCallback PublicToMono(LocalCertificateSelectionCallback callback) { if (callback == null) { return(null); } return((t, lc, rc, ai) => callback(null, t, (XX509CertificateCollection)(object)lc, rc, ai)); }
/// <summary> /// Initializes a new instance of the <see cref="TTLSSocket"/> class. /// </summary> /// <param name="host">The host, where the socket should connect to.</param> /// <param name="port">The port.</param> /// <param name="certificatePath">The certificate path.</param> /// <param name="certValidator">User defined cert validator.</param> /// <param name="localCertificateSelectionCallback">The callback to select which certificate to use.</param> public TTLSSocket( string host, int port, string certificatePath, RemoteCertificateValidationCallback certValidator = null, LocalCertificateSelectionCallback localCertificateSelectionCallback = null) : this(host, port, 0, X509Certificate.CreateFromCertFile(certificatePath), certValidator, localCertificateSelectionCallback) { }
/// <summary> /// Initializes a new instance of the <see cref="TTLSSocket"/> class. /// </summary> /// <param name="host">The host, where the socket should connect to.</param> /// <param name="port">The port.</param> /// <param name="certificate">The certificate.</param> /// <param name="certValidator">User defined cert validator.</param> /// <param name="localCertificateSelectionCallback">The callback to select which certificate to use.</param> public TTLSSocket( string host, int port, X509Certificate certificate, RemoteCertificateValidationCallback certValidator = null, LocalCertificateSelectionCallback localCertificateSelectionCallback = null) : this(host, port, 0, certificate, certValidator, localCertificateSelectionCallback) { }
/// <summary> /// Constructor /// </summary> /// <param name="brokerHostName">Broker Host Name or IP Address</param> /// <param name="brokerPort">Broker port</param> /// <param name="caCert">CA certificate for secure connection</param> /// <param name="clientCert">Client certificate</param> /// <param name="sslProtocol">SSL/TLS protocol version</param> /// <param name="userCertificateValidationCallback">A RemoteCertificateValidationCallback delegate responsible for validating the certificate supplied by the remote party</param> /// <param name="userCertificateSelectionCallback">A LocalCertificateSelectionCallback delegate responsible for selecting the certificate used for authentication</param> public MqttSecureClient(string brokerHostName, int brokerPort, X509Certificate caCert, X509Certificate clientCert, MqttSslProtocol sslProtocol, RemoteCertificateValidationCallback userCertificateValidationCallback, LocalCertificateSelectionCallback userCertificateSelectionCallback) : base(brokerHostName, brokerPort, true) { this.settings.Port = MqttSettings.MQTT_BROKER_DEFAULT_PORT; this.settings.SslPort = this.brokerPort; this.InitSecureChannel(caCert, clientCert, sslProtocol, userCertificateValidationCallback, userCertificateSelectionCallback); }
public TLSStream(Stream innerStream, bool leaveInnerStreamOpen, RemoteCertificateValidationCallback userCertificateValidationCallback, LocalCertificateSelectionCallback userCertificateSelectionCallback) : base(innerStream, leaveInnerStreamOpen) { _validationCallback = userCertificateValidationCallback; _selectionCallback = userCertificateSelectionCallback; }
public DotNetSslStreamImpl ( Stream innerStream, bool leaveInnerStreamOpen, RemoteCertificateValidationCallback userCertificateValidationCallback, LocalCertificateSelectionCallback userCertificateSelectionCallback) { impl = new SslStream ( innerStream, leaveInnerStreamOpen, userCertificateValidationCallback, userCertificateSelectionCallback); }
public TTlsSocketClientTransport(IPAddress host, int port, string certificatePath, RemoteCertificateValidationCallback certValidator = null, LocalCertificateSelectionCallback localCertificateSelectionCallback = null, SslProtocols sslProtocols = SslProtocols.Tls12) : this(host, port, 0, new X509Certificate2(certificatePath), certValidator, localCertificateSelectionCallback, sslProtocols) { }
public DotNetSslStreamImpl ( Stream innerStream, bool leaveInnerStreamOpen, DotNetTlsProvider provider, RemoteCertificateValidationCallback userCertificateValidationCallback, LocalCertificateSelectionCallback userCertificateSelectionCallback) { this.provider = provider; impl = new SslStream ( innerStream, leaveInnerStreamOpen, userCertificateValidationCallback, userCertificateSelectionCallback); }
public SslStream( NetworkStream innerStream, bool leaveInnerStreamOpen, RemoteCertificateValidationCallback userCertificateValidationCallback, LocalCertificateSelectionCallback userCertificateSelectionCallback) : base(innerStream, leaveInnerStreamOpen, userCertificateValidationCallback, userCertificateSelectionCallback) { }
public SslStream(Stream innerStream, bool leaveInnerStreamOpen, RemoteCertificateValidationCallback userCertificateValidationCallback, LocalCertificateSelectionCallback userCertificateSelectionCallback, EncryptionPolicy encryptionPolicy) : base(innerStream, leaveInnerStreamOpen) { if (((encryptionPolicy != EncryptionPolicy.RequireEncryption) && (encryptionPolicy != EncryptionPolicy.AllowNoEncryption)) && (encryptionPolicy != EncryptionPolicy.NoEncryption)) { throw new ArgumentException(SR.GetString("net_invalid_enum", new object[] { "EncryptionPolicy" }), "encryptionPolicy"); } this._userCertificateValidationCallback = userCertificateValidationCallback; this._userCertificateSelectionCallback = userCertificateSelectionCallback; RemoteCertValidationCallback certValidationCallback = new RemoteCertValidationCallback(this.userCertValidationCallbackWrapper); LocalCertSelectionCallback certSelectionCallback = (userCertificateSelectionCallback == null) ? null : new LocalCertSelectionCallback(this.userCertSelectionCallbackWrapper); this._SslState = new SslState(innerStream, certValidationCallback, certSelectionCallback, encryptionPolicy); }
// constructors /// <summary> /// Initializes a new instance of the <see cref="SslStreamSettings"/> class. /// </summary> /// <param name="checkCertificateRevocation">Whether to check for certificate revocation.</param> /// <param name="clientCertificates">The client certificates.</param> /// <param name="clientCertificateSelectionCallback">The client certificate selection callback.</param> /// <param name="enabledProtocols">The enabled protocols.</param> /// <param name="serverCertificateValidationCallback">The server certificate validation callback.</param> public SslStreamSettings( Optional<bool> checkCertificateRevocation = default(Optional<bool>), Optional<IEnumerable<X509Certificate>> clientCertificates = default(Optional<IEnumerable<X509Certificate>>), Optional<LocalCertificateSelectionCallback> clientCertificateSelectionCallback = default(Optional<LocalCertificateSelectionCallback>), Optional<SslProtocols> enabledProtocols = default(Optional<SslProtocols>), Optional<RemoteCertificateValidationCallback> serverCertificateValidationCallback = default(Optional<RemoteCertificateValidationCallback>)) { _checkCertificateRevocation = checkCertificateRevocation.WithDefault(true); _clientCertificates = Ensure.IsNotNull(clientCertificates.WithDefault(Enumerable.Empty<X509Certificate>()), "clientCertificates").ToList(); _clientCertificateSelectionCallback = clientCertificateSelectionCallback.WithDefault(null); _enabledSslProtocols = enabledProtocols.WithDefault(SslProtocols.Tls12 | SslProtocols.Tls11 | SslProtocols.Tls); _serverCertificateValidationCallback = serverCertificateValidationCallback.WithDefault(null); }
public SslStream(Stream innerStream, bool leaveInnerStreamOpen, RemoteCertificateValidationCallback userCertificateValidationCallback, LocalCertificateSelectionCallback userCertificateSelectionCallback, EncryptionPolicy encryptionPolicy) : base(innerStream, leaveInnerStreamOpen) { if (encryptionPolicy != EncryptionPolicy.RequireEncryption && encryptionPolicy != EncryptionPolicy.AllowNoEncryption && encryptionPolicy != EncryptionPolicy.NoEncryption) { throw new ArgumentException(SR.Format(SR.net_invalid_enum, "EncryptionPolicy"), nameof(encryptionPolicy)); } _userCertificateValidationCallback = userCertificateValidationCallback; _userCertificateSelectionCallback = userCertificateSelectionCallback; RemoteCertValidationCallback _userCertValidationCallbackWrapper = new RemoteCertValidationCallback(UserCertValidationCallbackWrapper); LocalCertSelectionCallback _userCertSelectionCallbackWrapper = userCertificateSelectionCallback == null ? null : new LocalCertSelectionCallback(UserCertSelectionCallbackWrapper); _sslState = new SslState(innerStream, _userCertValidationCallbackWrapper, _userCertSelectionCallbackWrapper, encryptionPolicy); }
public void open() { try { X509Store store = new X509Store(StoreLocation.LocalMachine); store.Open(OpenFlags.ReadOnly); X509CertificateCollection certificates = new X509CertificateCollection(); certificates.AddRange(store.Certificates); client = new TcpClient(); client.Connect("gateway.sandbox.push.apple.com", 2195); LocalCertificateSelectionCallback localCallBack = new LocalCertificateSelectionCallback(APNSLocalCert.SelectLocalCertificate); stream = new SslStream(client.GetStream(), false, (sender, cert, chain, sslPolicyErrors) => true, localCallBack); stream.AuthenticateAsClient("gateway.sandbox.push.apple.com", certificates, System.Security.Authentication.SslProtocols.Tls, false); } catch (Exception ex) { Console.Write(ex.Message); } }
// constructors /// <summary> /// Initializes a new instance of the <see cref="SslStreamSettings"/> class. /// </summary> /// <param name="checkCertificateRevocation">Whether to check for certificate revocation.</param> /// <param name="clientCertificates">The client certificates.</param> /// <param name="clientCertificateSelectionCallback">The client certificate selection callback.</param> /// <param name="enabledProtocols">The enabled protocols.</param> /// <param name="serverCertificateValidationCallback">The server certificate validation callback.</param> public SslStreamSettings( Optional<bool> checkCertificateRevocation = default(Optional<bool>), Optional<IEnumerable<X509Certificate>> clientCertificates = default(Optional<IEnumerable<X509Certificate>>), Optional<LocalCertificateSelectionCallback> clientCertificateSelectionCallback = default(Optional<LocalCertificateSelectionCallback>), Optional<SslProtocols> enabledProtocols = default(Optional<SslProtocols>), Optional<RemoteCertificateValidationCallback> serverCertificateValidationCallback = default(Optional<RemoteCertificateValidationCallback>)) { _checkCertificateRevocation = checkCertificateRevocation.WithDefault(true); _clientCertificates = Ensure.IsNotNull(clientCertificates.WithDefault(Enumerable.Empty<X509Certificate>()), "clientCertificates").ToList(); _clientCertificateSelectionCallback = clientCertificateSelectionCallback.WithDefault(null); #if NETSTANDARD1_6 #pragma warning disable 618 _enabledSslProtocols = enabledProtocols.WithDefault(SslProtocols.Tls | SslProtocols.Ssl3); #pragma warning restore #else _enabledSslProtocols = enabledProtocols.WithDefault(SslProtocols.Default); #endif _serverCertificateValidationCallback = serverCertificateValidationCallback.WithDefault(null); }
public TTlsSocketClientTransport(TcpClient client, X509Certificate2 certificate, bool isServer = false, RemoteCertificateValidationCallback certValidator = null, LocalCertificateSelectionCallback localCertificateSelectionCallback = null, SslProtocols sslProtocols = SslProtocols.Tls12) { _client = client; _certificate = certificate; _certValidator = certValidator; _localCertificateSelectionCallback = localCertificateSelectionCallback; _sslProtocols = sslProtocols; _isServer = isServer; if (isServer && certificate == null) { throw new ArgumentException("TTlsSocketClientTransport needs certificate to be used for server", "certificate"); } if (IsOpen) { InputStream = client.GetStream(); OutputStream = client.GetStream(); } }
public SslStream (Stream innerStream, bool leaveInnerStreamOpen, RemoteCertificateValidationCallback userCertificateValidationCallback, LocalCertificateSelectionCallback userCertificateSelectionCallback, EncryptionPolicy encryptionPolicy) : this (innerStream, leaveInnerStreamOpen, userCertificateValidationCallback, userCertificateSelectionCallback) { }
public static Stream CreateClientSslStream(ConnectionBase connection, Stream baseStream, X509Certificate2Collection clientCertificates, RemoteCertificateValidationCallback serverCertificateValidationCallback, LocalCertificateSelectionCallback clientCertificateSelectionCallback) { var sslStream = new SslStream(baseStream, false, serverCertificateValidationCallback, clientCertificateSelectionCallback); try { sslStream.AuthenticateAsClient(connection.host, clientCertificates, SslProtocols.Default, true); return sslStream; } catch (AuthenticationException) { sslStream.Close(); throw; } }
static XLocalCertificateSelectionCallback ConvertCallback (LocalCertificateSelectionCallback callback) { if (callback == null) return null; return (s, t, lc, rc, ai) => callback (s, t, lc, rc, ai); }
public SslStream (Stream innerStream, bool leaveInnerStreamOpen, RemoteCertificateValidationCallback userCertificateValidationCallback, LocalCertificateSelectionCallback userCertificateSelectionCallback) : base (innerStream, leaveInnerStreamOpen) { provider = GetProvider (); var settings = MonoTlsSettings.CopyDefaultSettings (); settings.RemoteCertificateValidationCallback = MNS.Private.CallbackHelpers.PublicToMono (userCertificateValidationCallback); settings.ClientCertificateSelectionCallback = MNS.Private.CallbackHelpers.PublicToMono (userCertificateSelectionCallback); impl = provider.CreateSslStream (innerStream, leaveInnerStreamOpen, settings); }
public InitiateUpgradeAsyncResult(SslStreamSecurityUpgradeInitiator initiator, AsyncCallback callback, object state) : base(callback, state) { this.initiator = initiator; if (initiator.clientToken != null) { this.clientCertificates = new X509CertificateCollection(); this.clientCertificates.Add(initiator.clientToken.Certificate); this.selectionCallback = SslStreamSecurityUpgradeInitiator.ClientCertificateSelectionCallback; } }
public SslStream(Stream innerStream, bool leaveInnerStreamOpen, RemoteCertificateValidationCallback userCertificateValidationCallback, LocalCertificateSelectionCallback userCertificateSelectionCallback, EncryptionPolicy encryptionPolicy) : base (default(Stream), default(bool)) { Contract.Ensures(innerStream.CanWrite == true); }
/// <summary> /// Initializes a new instance of the <see cref="TcpServer"/> class. /// </summary> /// <param name="configString">Config string of the <see cref="TcpServer"/>. See <see cref="DefaultConfigurationString"/> for format.</param> public TlsServer(string configString) : base(TransportProtocol.Tcp, configString) { m_defaultCertificateChecker = new SimpleCertificateChecker(); m_localCertificateSelectionCallback = DefaultLocalCertificateSelectionCallback; #if MONO // Tls12 is not supported under Mono as of v3.8.0 m_enabledSslProtocols = SslProtocols.Tls; #else m_enabledSslProtocols = SslProtocols.Tls12; #endif m_checkCertificateRevocation = true; m_trustedCertificatesPath = DefaultTrustedCertificatesPath; m_payloadAware = DefaultPayloadAware; m_payloadMarker = Payload.DefaultMarker; m_integratedSecurity = DefaultIntegratedSecurity; m_ignoreInvalidCredentials = DefaultIgnoreInvalidCredentials; m_allowDualStackSocket = DefaultAllowDualStackSocket; m_maxSendQueueSize = DefaultMaxSendQueueSize; m_clientInfoLookup = new ConcurrentDictionary<Guid, TlsClientInfo>(); m_acceptHandler = (sender, args) => ProcessAccept(args); }
/// <summary> /// Secures the stream using SSL/TLS. /// The socket is secured immediately following any pending reads/writes already in the queue. /// Any reads/writes scheduled after this call will travel over a secure connection. /// /// Note: You must use the LocalCertificateSelectionCallback to return the required certificate for a server. /// /// If TLS fails to authenticate, the event WillCloseWithException will fire with the reason. /// </summary> /// <param name="rcvc"> /// A RemoteCertificateValidationCallback delegate responsible for /// validating the certificate supplied by the remote party. /// Pass null if you don't need this functionality. /// </param> /// <param name="lcsc"> /// A LocalCertificateSelectionCallback delegate responsible for /// selecting the certificate used for authentication. /// Pass null if you don't need this functionality. /// </param> public void StartTLSAsServer(X509Certificate serverCertificate, RemoteCertificateValidationCallback rcvc, LocalCertificateSelectionCallback lcsc) { // Update tls variables - we'll need to refer to these later when we actually start tls isTLSClient = false; localCertificate = serverCertificate; tlsRemoteCallback = rcvc; tlsLocalCallback = lcsc; // Inject StartTLS packets into read and write queues. // Once all pending reads and writes have completed, the StartTLS procedure will commence. AsyncSpecialPacket startTlsPacket = new AsyncSpecialPacket(true); readQueue.Enqueue(startTlsPacket); writeQueue.Enqueue(startTlsPacket); // Queue calls to MaybeDequeueRead and MaybeDequeueWrite ThreadPool.QueueUserWorkItem(new WaitCallback(MaybeDequeueRead)); ThreadPool.QueueUserWorkItem(new WaitCallback(MaybeDequeueWrite)); }
/// <summary> /// Initializes a new instance of the <see cref="TTLSSocket"/> class. /// </summary> /// <param name="host">The host, where the socket should connect to.</param> /// <param name="port">The port.</param> /// <param name="certificatePath">The certificate path.</param> /// <param name="certValidator">User defined cert validator.</param> /// <param name="localCertificateSelectionCallback">The callback to select which certificate to use.</param> /// <param name="sslProtocols">The SslProtocols value that represents the protocol used for authentication.</param> public TTLSSocket( string host, int port, string certificatePath, RemoteCertificateValidationCallback certValidator = null, LocalCertificateSelectionCallback localCertificateSelectionCallback = null, SslProtocols sslProtocols = SslProtocols.Tls) : this(host, port, 0, X509Certificate.CreateFromCertFile(certificatePath), certValidator, localCertificateSelectionCallback, sslProtocols) { }
public SslStream (Stream innerStream, bool leaveInnerStreamOpen, RemoteCertificateValidationCallback userCertificateValidationCallback, LocalCertificateSelectionCallback userCertificateSelectionCallback) : base (innerStream, leaveInnerStreamOpen) { // they are nullable. validation_callback = userCertificateValidationCallback; selection_callback = userCertificateSelectionCallback; }
/// <summary> /// Initializes a new instance of the <see cref="TcpServer"/> class. /// </summary> /// <param name="configString">Config string of the <see cref="TcpServer"/>. See <see cref="DefaultConfigurationString"/> for format.</param> public SslServer(string configString) : base(TransportProtocol.Tcp, configString) { m_localCertificateSelectionCallback = DefaultLocalCertificateSelectionCallback; m_enabledSslProtocols = SslProtocols.None; m_checkCertificateRevocation = true; m_payloadAware = DefaultPayloadAware; m_payloadMarker = Payload.DefaultMarker; m_allowDualStackSocket = DefaultAllowDualStackSocket; m_tcpClients = new ConcurrentDictionary<Guid, TransportProvider<SslStream>>(); m_acceptHandler = (sender, args) => ProcessAccept(); }
/// <summary> /// Initializes a new instance of the <see cref="TTLSSocket"/> class. /// </summary> /// <param name="host">The host, where the socket should connect to.</param> /// <param name="port">The port.</param> /// <param name="certificate">The certificate.</param> /// <param name="certValidator">User defined cert validator.</param> /// <param name="localCertificateSelectionCallback">The callback to select which certificate to use.</param> /// <param name="sslProtocols">The SslProtocols value that represents the protocol used for authentication.</param> public TTLSSocket( string host, int port, X509Certificate certificate = null, RemoteCertificateValidationCallback certValidator = null, LocalCertificateSelectionCallback localCertificateSelectionCallback = null, SslProtocols sslProtocols = SslProtocols.Tls) : this(host, port, 0, certificate, certValidator, localCertificateSelectionCallback, sslProtocols) { }
public SslStream(System.IO.Stream innerStream, bool leaveInnerStreamOpen, RemoteCertificateValidationCallback userCertificateValidationCallback, LocalCertificateSelectionCallback userCertificateSelectionCallback) { }
/// <summary> /// Initializes a new instance of the <see cref="TTLSSocket"/> class. /// </summary> /// <param name="host">The host, where the socket should connect to.</param> /// <param name="port">The port.</param> /// <param name="timeout">The timeout.</param> /// <param name="certificate">The certificate.</param> /// <param name="certValidator">User defined cert validator.</param> /// <param name="localCertificateSelectionCallback">The callback to select which certificate to use.</param> /// <param name="sslProtocols">The SslProtocols value that represents the protocol used for authentication.</param> public TTLSSocket( string host, int port, int timeout, X509Certificate certificate, RemoteCertificateValidationCallback certValidator = null, LocalCertificateSelectionCallback localCertificateSelectionCallback = null, SslProtocols sslProtocols = SslProtocols.Tls) { this.host = host; this.port = port; this.timeout = timeout; this.certificate = certificate; this.certValidator = certValidator; this.localCertificateSelectionCallback = localCertificateSelectionCallback; this.sslProtocols = sslProtocols; InitSocket(); }