private static bool ValidateClientCertificate(
object sender,
X509Certificate certificate,
X509Chain chain,
SslPolicyErrors errors)
{
StringBuilder builder = new StringBuilder();
builder.AppendFormat("SslPolicyErrors: {0}\r\n", errors);
if (certificate != null)
{
builder.AppendFormat("Subject: {0}\r\n", certificate.Subject);
builder.AppendFormat("Issuer: {0}\r\n", certificate.Issuer);
builder.AppendFormat("Hash: {0}", BitConverter.ToString(certificate.GetCertHash()));
}
Console.WriteLine(builder.ToString());
SslStream sslStream = sender as SslStream;
SslClientCertificateInfo.Add(sslStream.GetHashCode(), builder.ToString());
if (errors == SslPolicyErrors.RemoteCertificateNotAvailable)
{
// Do not allow the server to communicate with unauthenticated clients.
return(false);
}
return(true);
}
private Stream CreateDefaultResponseStream()
{
// Option 1: SSL certificate info.
string responseContent;
if (SslClientCertificateInfo.TryGet(networkStream.GetHashCode(), out responseContent))
{
return(GetStringStream(responseContent));
}
// TODO: Check is file exists to avoid having to catch an exception.
try
{
// Option 2: README.md file content.
return(GetFileStream("README.md"));
}
catch (FileNotFoundException)
{
// Option 3: Default Unicode string.
return(GetStringStream(String.Format("¿ñoño? {0}", DateTime.Now)));
}
}
private static void OnAccept(IAsyncResult asyncResult)
{
HeyLogger logger = new HeyLogger();
Socket socketListener = asyncResult.AsyncState as Socket;
SslStream sslStream = null;
string clientName = null;
try
{
using (Socket clientSocket = socketListener.EndAccept(asyncResult))
{
socketListener.BeginAccept(OnAccept, socketListener);
clientName = clientSocket.RemoteEndPoint.ToString();
logger.WriteTransportLine(String.Format("Client connected from {0}\r\n", clientName));
NetworkStream networkStream = new NetworkStream(clientSocket);
// Plain connection before upgrading to SSL?
//message = ReadMessage(networkStream);
//Console.WriteLine(message);
RemoteCertificateValidationCallback callback = null;
if (settings.ClientCertificateRequired)
{
callback = new RemoteCertificateValidationCallback(ValidateClientCertificate);
}
sslStream = new SslStream(
networkStream,
false,
callback,
null);
sslStream.AuthenticateAsServer(
serverCertificate,
settings.ClientCertificateRequired,
SslProtocols.Default,
false);
switch (settings.Protocol)
{
case ApplicationLayerProtocol.Http:
DoHttp(logger, sslStream, clientSocket);
break;
case ApplicationLayerProtocol.Ws:
DoWs(logger, sslStream, clientSocket);
break;
default:
DoUndefined(sslStream);
break;
}
}
}
catch (Exception ex)
{
logger.WriteErrorLine(ex.Message);
}
finally
{
logger.WriteTransportLine(String.Format("Disconnected from {0}\r\n", clientName));
if (sslStream != null)
{
SslClientCertificateInfo.Remove(sslStream.GetHashCode());
}
}
}