public ServerHandshakeSession(SecurityParameters securityParameters) : base(securityParameters) { if (securityParameters.ServerCertificateSelectionCallback != null) { _certificateSelectionCallback = securityParameters.ServerCertificateSelectionCallback; } else { _certificateSelectionCallback = DefaultCertificateSelectionCallback; } if (securityParameters.ServerCertificateValidationCallback != null) { _certificateValidationCallback = securityParameters.ServerCertificateValidationCallback; } _availableCertificates = new List <X509CertificateCollection>(); _availableCertificates.AddRange(securityParameters.AvailableCertificates); _availablePrivateKeys = new List <CertificatePrivateKey>(); _availablePrivateKeys.AddRange(securityParameters.AvailablePrivateKeys); if (securityParameters.ClientCertificateTypes.Count > 0) { _certificateRequest = new HandshakeCertificateRequest(_version); _certificateRequest.CertificateTypes.AddRange(securityParameters.ClientCertificateTypes); _certificateRequest.SignatureAndHashAlgorithms.AddRange(_pluginManager.GetSupportedSignatureAndHashAlgorithms()); _certificateRequest.CertificateAuthorities.AddRange(securityParameters.ClientCertificateAuthorities); } }
/// <summary> /// Call back to override server certificate validation /// </summary> /// <param name="sender"></param> /// <param name="certificate"></param> /// <param name="chain"></param> /// <param name="sslPolicyErrors"></param> /// <returns></returns> internal bool ValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { //if user callback is registered then do it if (ServerCertificateValidationCallback != null) { var args = new CertificateValidationEventArgs { Certificate = certificate, Chain = chain, SslPolicyErrors = sslPolicyErrors }; //why is the sender null? ServerCertificateValidationCallback.InvokeParallel(this, args); return(args.IsValid); } if (sslPolicyErrors == SslPolicyErrors.None) { return(true); } //By default //do not allow this client to communicate with unauthenticated servers. return(false); }
public SecureClient Build(ServerCertificateValidationCallback serverCertificateValidationCallback = null, X509CertificateCollection clientCertificateCollection = null, SslProtocols sslProtocols = SslProtocols.Tls12) { return(new SecureClient(loggerFactory, serializer, orderingService, cancellationToken, sendIdempotencyService, receiveIdempotencyService, delaySequenceGenerator, millisecondsIntervalForPacketResend, serverCertificateValidationCallback, sslProtocols, clientCertificateCollection, keepAliveTimeOut, maximumNumberOfKeepAliveMisses, keepAliveResponseTimeOut)); }
public ClientHandshakeSession(SecurityParameters securityParameters) : base(securityParameters) { if (securityParameters.ServerCertificateValidationCallback != null) { _certificateValidationCallback = securityParameters.ServerCertificateValidationCallback; } else { _certificateValidationCallback = new ServerCertificateValidationCallback(DefaultCertificateValidationCallback); } if (securityParameters.ClientCertificateSelectionCallback != null) { _certificateSelectionCallback = securityParameters.ClientCertificateSelectionCallback; } else { _certificateSelectionCallback = new ClientCertificateSelectionCallback(DefaultCertificateSelectionCallback); } HandshakeClientHello clientHello = new HandshakeClientHello(_maxVersion); clientHello.CipherSuites.AddRange(_supportedCipherSuites); clientHello.CompressionMethods.AddRange(_supportedCompressions); clientHello.Extensions.Add(new HelloSignatureAlgorithmsExtension(_pluginManager.GetSupportedSignatureAndHashAlgorithms())); OutputMessage(clientHello); _connectionState.ClientRandom = clientHello.Random.GetBytes(); }
private SqlConnectionPoolKey(SqlConnectionPoolKey key) : base(key) { _credential = key.Credential; _accessToken = key.AccessToken; _serverCertificateValidationCallback = key._serverCertificateValidationCallback; _clientCertificateRetrievalCallback = key._clientCertificateRetrievalCallback; CalculateHashCode(); }
public void RegisterServerCertificateValidationCallback(string host, ServerCertificateValidationCallback callback) { if (this._ServerCertHandlers.ContainsKey(host)) { this._ServerCertHandlers[host] = callback; return; } this._ServerCertHandlers.Add(host, callback); }
public TlsNetworkTransport(CancellationToken cancellationToken, ILoggerFactory loggerFactory, ServerCertificateValidationCallback serverCertificateValidationCallback, SslProtocols sslProtocols, X509CertificateCollection clientCertificateCollection) { Init(loggerFactory, cancellationToken); this.serverCertificateValidationCallback = serverCertificateValidationCallback; this.sslProtocols = sslProtocols; this.clientCertificateCollection = clientCertificateCollection; }
public SecureClient(ILoggerFactory loggerFactory, ISerializer serializer, IOrderingService orderingService, CancellationToken cancellationToken, ISendIdempotencyService <Guid, Packet> sendIdempotencyService, IReceiveIdempotencyService <string> receiveIdempotencyService, ISequenceGenerator delaySequenceGenerator, int millisecondsIntervalForPacketResend, ServerCertificateValidationCallback serverCertificateValidationCallback, SslProtocols sslProtocols, X509CertificateCollection clientCertificateCollection, int keepAliveTimeOut, int maximumNumberOfKeepAliveMisses, int keepAliveResponseTimeOut) { this.serverCertificateValidationCallback = serverCertificateValidationCallback; this.sslProtocols = sslProtocols; this.clientCertificateCollection = clientCertificateCollection; Init(loggerFactory, serializer, orderingService, cancellationToken, sendIdempotencyService, receiveIdempotencyService, delaySequenceGenerator, millisecondsIntervalForPacketResend, keepAliveTimeOut, maximumNumberOfKeepAliveMisses, keepAliveResponseTimeOut); }
internal SqlConnectionPoolKey(string connectionString, SqlCredential credential, string accessToken, ServerCertificateValidationCallback serverCertificateValidationCallback, ClientCertificateRetrievalCallback clientCertificateRetrievalCallback, SqlClientOriginalNetworkAddressInfo originalNetworkAddressInfo) : base(connectionString) { Debug.Assert(_credential == null || _accessToken == null, "Credential and AccessToken can't have the value at the same time."); _credential = credential; _accessToken = accessToken; _serverCertificateValidationCallback = serverCertificateValidationCallback; _clientCertificateRetrievalCallback = clientCertificateRetrievalCallback; _originalNetworkAddressInfo = originalNetworkAddressInfo; CalculateHashCode(); }
/// <summary> /// Call back to override server certificate validation /// </summary> /// <param name="sender"></param> /// <param name="certificate"></param> /// <param name="chain"></param> /// <param name="sslPolicyErrors"></param> /// <returns></returns> internal bool ValidateServerCertificate( object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { //if user callback is registered then do it if (ServerCertificateValidationCallback != null) { var args = new CertificateValidationEventArgs { Certificate = certificate, Chain = chain, SslPolicyErrors = sslPolicyErrors }; Delegate[] invocationList = ServerCertificateValidationCallback.GetInvocationList(); Task[] handlerTasks = new Task[invocationList.Length]; for (int i = 0; i < invocationList.Length; i++) { handlerTasks[i] = ((Func <object, CertificateValidationEventArgs, Task>)invocationList[i])(null, args); } Task.WhenAll(handlerTasks).Wait(); return(args.IsValid); } if (sslPolicyErrors == SslPolicyErrors.None) { return(true); } //By default //do not allow this client to communicate with unauthenticated servers. return(false); }
/// <summary> /// Call back to override server certificate validation /// </summary> /// <param name="sender">The sender object.</param> /// <param name="sessionArgs">The http session.</param> /// <param name="certificate">The remote certificate.</param> /// <param name="chain">The certificate chain.</param> /// <param name="sslPolicyErrors">Ssl policy errors</param> /// <returns>Return true if valid certificate.</returns> internal bool ValidateServerCertificate(object sender, SessionEventArgsBase sessionArgs, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { // if user callback is registered then do it if (ServerCertificateValidationCallback != null) { var args = new CertificateValidationEventArgs(sessionArgs, certificate, chain, sslPolicyErrors); // why is the sender null? ServerCertificateValidationCallback.InvokeAsync(this, args, ExceptionFunc).Wait(); return(args.IsValid); } if (sslPolicyErrors == SslPolicyErrors.None) { return(true); } // By default // do not allow this client to communicate with unauthenticated servers. return(true); }
/// <summary> /// Invocator for ServerCertificateValidationCallback event. /// </summary> /// <param name="sender"></param> /// <param name="e"></param> protected virtual void OnServerCertificateValidationCallback(object sender, CertificateValidationEventArgs e) { ServerCertificateValidationCallback?.Invoke(sender, e); }
public ServerHandshakeSession(SecurityParameters securityParameters, ILogger logger) : base(securityParameters, logger) { if (securityParameters.ServerCertificateSelectionCallback != null) { _certificateSelectionCallback = securityParameters.ServerCertificateSelectionCallback; } else { _certificateSelectionCallback = new ServerCertificateSelectionCallback(DefaultCertificateSelectionCallback); } if (securityParameters.ServerCertificateValidationCallback != null) { _certificateValidationCallback = securityParameters.ServerCertificateValidationCallback; } _availableCertificates = new List<X509CertificateCollection>(); _availableCertificates.AddRange(securityParameters.AvailableCertificates); _availablePrivateKeys = new List<CertificatePrivateKey>(); _availablePrivateKeys.AddRange(securityParameters.AvailablePrivateKeys); if (securityParameters.ClientCertificateTypes.Count > 0) { _certificateRequest = new HandshakeCertificateRequest(_version); _certificateRequest.CertificateTypes.AddRange(securityParameters.ClientCertificateTypes); _certificateRequest.SignatureAndHashAlgorithms.AddRange(_pluginManager.GetSupportedSignatureAndHashAlgorithms()); _certificateRequest.CertificateAuthorities.AddRange(securityParameters.ClientCertificateAuthorities); } }
public ClientHandshakeSession(SecurityParameters securityParameters, ILogger logger = null) : base(securityParameters, logger) { if (securityParameters.ServerCertificateValidationCallback != null) { _certificateValidationCallback = securityParameters.ServerCertificateValidationCallback; } else { _certificateValidationCallback = new ServerCertificateValidationCallback(DefaultCertificateValidationCallback); } if (securityParameters.ClientCertificateSelectionCallback != null) { _certificateSelectionCallback = securityParameters.ClientCertificateSelectionCallback; } else { _certificateSelectionCallback = new ClientCertificateSelectionCallback(DefaultCertificateSelectionCallback); } var clientHello = new HandshakeClientHello(_maxVersion); // add ciphersuites clientHello.CipherSuites.AddRange(_supportedCipherSuites.Select(cs => (CipherSuiteId)cs)); // add compressions clientHello.CompressionMethods.AddRange(_supportedCompressions); // add signature and hash algorithms //var sigHashAlgorithms = _pluginManager.GetSupportedSignatureAndHashAlgorithms(); //clientHello.Extensions.Add(new HelloSignatureAlgorithmsExtension(new[] { (ushort)0x0403 })); clientHello.Extensions.Add(new HelloSignatureAlgorithmsExtension(new[] { new SignatureAndHashAlgorithm() { HashAlgorithm = HashAlgorithmType.Sha256, SignatureAlgorithm = SignatureAlgorithmType.Ecdsa } })); //if (sigHashAlgorithms.Any(s => BitConverter.GetBytes(s)[0] == 0x03)) //{ // clientHello.Extensions.Add(new HelloEccExtension(0x0000)); //} // get curve name from client certificate, only add the Curve Extension that corresponds to the client certificate // otherwise the meter may take the curve from the first transmitted extension (ignoring the curve of the certificate) var cert = securityParameters.AvailableCertificates.First()[0]; var data = Asn1Object.FromByteArray(cert.GetKeyAlgorithmParameters()); this.logger?.Debug($"Client certificate's key algorithm parameters {data}, here an OID is expepcted"); var oid = new DerObjectIdentifier(data.ToString()); var curveName = Org.BouncyCastle.Asn1.Sec.SecNamedCurves.GetName(oid); if (curveName.ToUpperInvariant() == "SECP256R1") { clientHello.Extensions.Add(new HelloEccExtension(EccNamedCurve.Secp256R1)); } else if (curveName.ToUpperInvariant() == "BRAINPOOLP256R1") { clientHello.Extensions.Add(new HelloEccExtension(EccNamedCurve.BrainpoolP256R1)); } else { throw new NotSupportedException($"ECC Curve {curveName} is not supported"); } this.logger?.Debug($"Creating ClientHello with max version {_maxVersion}, " + $"supported cipher suites {string.Join(",", _supportedCipherSuites.Select(cs => $"{cs:X2}"))}, " + $"compression methods {string.Join(",", _supportedCompressions.Select(c => $"{c:X2}"))}, " + $"extension {string.Join(",", clientHello.Extensions.Select(ex => ex))} "); this.OutputMessage(clientHello); _connectionState.ClientRandom = clientHello.Random.GetBytes(); }
public ClientHandshakeSession(SecurityParameters securityParameters) : base(securityParameters) { if (securityParameters.ServerCertificateValidationCallback != null) { _certificateValidationCallback = securityParameters.ServerCertificateValidationCallback; } else { _certificateValidationCallback = new ServerCertificateValidationCallback(DefaultCertificateValidationCallback); } if (securityParameters.ClientCertificateSelectionCallback != null) { _certificateSelectionCallback = securityParameters.ClientCertificateSelectionCallback; } else { _certificateSelectionCallback = new ClientCertificateSelectionCallback(DefaultCertificateSelectionCallback); } var clientHello = new HandshakeClientHello(_maxVersion); // add ciphersuites clientHello.CipherSuites.AddRange(_supportedCipherSuites.Select(cs => (CipherSuiteId)cs)); // add compressions clientHello.CompressionMethods.AddRange(_supportedCompressions); // add supported elliptic curves clientHello.Extensions.Add( new HelloEccExtension( new[] { EccNamedCurve.Secp256R1, EccNamedCurve.Secp384R1, EccNamedCurve.BrainpoolP256R1, EccNamedCurve.BrainpoolP384R1, EccNamedCurve.BrainpoolP512R1 })); // add elyptic curves point format clientHello.Extensions.Add( new HelloEccPointFormatsExtension(EccPointFormats.Uncompressed)); // add signature and hash algorithms clientHello.Extensions.Add( new HelloSignatureAlgorithmsExtension( new[] { new SignatureAndHashAlgorithm() { HashAlgorithm = HashAlgorithmType.Sha256, SignatureAlgorithm = SignatureAlgorithmType.Ecdsa }, new SignatureAndHashAlgorithm() { HashAlgorithm = HashAlgorithmType.Sha384, SignatureAlgorithm = SignatureAlgorithmType.Ecdsa }, new SignatureAndHashAlgorithm() { HashAlgorithm = HashAlgorithmType.Sha512, SignatureAlgorithm = SignatureAlgorithmType.Ecdsa }, })); this.logger?.Debug($"Creating ClientHello with max version {_maxVersion}, " + $"supported cipher suites {string.Join(",", _supportedCipherSuites?.Select(cs => $"{cs}"))}, " + $"compression methods {string.Join(",", _supportedCompressions?.Select(c => $"{c}"))}, " + $"extension {string.Join(",", clientHello.Extensions?.Select(ex => ex))} "); this.OutputMessage(clientHello); _connectionState.ClientRandom = clientHello.Random.GetBytes(); }