public static void Main() { using (Socket clientSocket = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp)) { // Addressing IPAddress ipAddress = IPAddress.Parse(dottedServerIPAddress); IPEndPoint serverEndPoint = new IPEndPoint(ipAddress, port); // Connecting Debug.Print("Connecting to server " + serverEndPoint + "."); clientSocket.Connect(serverEndPoint); Debug.Print("Connected to server."); using (SslStream sslStream = new SslStream(clientSocket)) { X509Certificate rootCA = new X509Certificate(Resources.GetBytes(Resources.BinaryResources.MyRootCA)); X509Certificate clientCert = new X509Certificate(Resources.GetBytes(Resources.BinaryResources.MyRootCA)); sslStream.AuthenticateAsClient("MyServerName", // Hostname needs to match CN of server cert clientCert, // Authenticate client new X509Certificate[] { rootCA }, // CA certs for verification SslVerification.CertificateRequired, // Verify server SslProtocols.Default // Protocols that may be required ); // Sending byte[] messageBytes = Encoding.UTF8.GetBytes("Hello World!"); sslStream.Write(messageBytes, 0, messageBytes.Length); } }// the socket will be closed here }
// Initialize all of the default certificates and protocols public SslServer() { // Initialize the Socket serverSocketType = SocketType.Stream; serverProtocolType = ProtocolType.Tcp; if (Microsoft.SPOT.Hardware.SystemInfo.SystemID.SKU == 3) { cert = new X509Certificate(CertificatesAndCAs.emuCert, "NetMF"); ca = new X509Certificate[] { new X509Certificate(CertificatesAndCAs.caEmuCert) }; } else { // Initialize the SslStream cert = new X509Certificate(CertificatesAndCAs.newCert); ca = new X509Certificate[] { new X509Certificate(CertificatesAndCAs.caCert) }; } verify = SslVerification.NoVerification; sslProtocols = new SslProtocols[] { SslProtocols.Default }; // Create a TCP/IP (IPv4) socket and listen for incoming connections. serverSocket = new Socket(AddressFamily.InterNetwork, serverSocketType, serverProtocolType); serverSocket.SetSocketOption(SocketOptionLevel.Socket, SocketOptionName.Linger, false); serverSocket.Bind(new IPEndPoint(IPAddress.Loopback, 0)); serverEp = (IPEndPoint)serverSocket.LocalEndPoint; Log.Comment("Listening for a client to connect..."); serverSocket.Listen(1); }
public static void Main() { using (Socket listeningSocket = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp)) { listeningSocket.Bind(new IPEndPoint(IPAddress.Any, port)); Debug.Print("Listening for a client..."); listeningSocket.Listen(1); using (Socket communicationSocket = listeningSocket.Accept()) { Debug.Print("Connected to client."); using (SslStream sslStream = new SslStream(communicationSocket)) { X509Certificate serverCert = new X509Certificate(Resources.GetBytes(Resources.BinaryResources.MyServer)); X509Certificate rootCA = new X509Certificate(Resources.GetBytes(Resources.BinaryResources.MyRootCA)); sslStream.AuthenticateAsServer(serverCert, // To authenticate the server new X509Certificate[] { rootCA }, // CA certificates SslVerification.CertificateRequired, // Verify client SslProtocols.Default // Protocols that may be used ); //wait infinitely to get a response sslStream.ReadTimeout = -1; byte[] inBuffer = new byte[1000]; int count = sslStream.Read(inBuffer, 0, inBuffer.Length); string message = new string(Encoding.UTF8.GetChars(inBuffer)); Debug.Print("Received '" + message + "'."); } } } }
public MFTestResults AddThenGetCACertificate() { bool testResult = true; try { Log.Comment("Add Certificates, then Get those that were added"); X509Certificate cert1a = new X509Certificate(CertificatesAndCAs.caCert); X509Certificate cert2a = new X509Certificate(CertificatesAndCAs.newCert); CertificateStore.AddCACertificate("cert1", cert1a); CertificateStore.AddCACertificate("cert2", cert2a); Log.Comment("Get the certificates and make sure they are what we put in"); X509Certificate cert1 = CertificateStore.GetCACertificate("cert1"); X509Certificate cert2 = CertificateStore.GetCACertificate("cert2"); testResult &= Tools.CertificateCompare(cert1, cert1a); testResult &= Tools.CertificateCompare(cert2, cert2a); Log.Comment("clean up the cert that was added."); CertificateStore.RemoveCACertificate("cert1"); CertificateStore.RemoveCACertificate("cert2"); } finally { CertificateStore.ClearAllCertificates(); } return (testResult ? MFTestResults.Pass : MFTestResults.Fail); }
/// <summary> /// Retrieves a page from a Web server, using a simple GET request. /// </summary> public static void Main() { // Root CA Certificate needed to validate HTTPS servers. byte[] ca = Resource1.GetBytes( Resource1.BinaryResources.VerisignCA); X509Certificate[] caCerts = new X509Certificate[] { new X509Certificate(ca) }; // Initialize the default webproxy to be used by all // HttpWebRequests. // Change the proxy address to fit your environment. HttpWebRequest.DefaultWebProxy = new WebProxy("itgproxy.dns.microsoft.com", true); // Print the HTTP data from each of the following pages. PrintHttpData("http://autos.msn.com/default.aspx", null); PrintHttpData("http://www.nytimes.com/", null); // Test SSL connection with no certificate verification PrintHttpData("https://www.google.com/accounts/ManageAccount/", null); // Read from secure webpages by using the Verisign Root CA // certificate that is stored in the Resource1.resx file. PrintHttpData("https://www.google.com/accounts/ManageAccount/", caCerts); }
static public bool CertificateCompare(X509Certificate cert1, X509Certificate cert2) { if( cert1 == null || cert2 == null ) { Log.Comment("One of the certificates is null"); return false; } byte [] cert1Bytes = cert1.GetRawCertData(); byte [] cert2Bytes = cert2.GetRawCertData(); return CertificateCompare(cert1Bytes, cert2Bytes); }
internal bool Update(string certName, X509Certificate cert) { int idx = m_names.IndexOf(certName); if (-1 == idx) return false; ExtendedWeakReference ewr = ExtendedWeakReference.Recover(typeof(_CertStore_), (uint)m_values[idx]); if (ewr == null) return false; ewr.Target = cert; ewr.PushBackIntoRecoverList(); return true; }
public InitializeResult Initialize() { try { X509Certificate cert = new X509Certificate(CertificatesAndCAs.caCert); } catch (System.NotSupportedException) { Log.Comment("If this feature throws an exception then it is assumed that it isn't supported on this device type"); return InitializeResult.Skip; } CertificateStore.ClearAllCertificates(); return InitializeResult.ReadyToGo; }
public SslServer(X509Certificate certificate, X509Certificate[] ca, SslVerification clientCertificateRequired, SslProtocols[] enabledSslProtocols, bool expectedException) { this.certificate = certificate; this.ca = ca; this.clientCertificateRequired = clientCertificateRequired; this.enabledSslProtocols = enabledSslProtocols; this.expectedException = expectedException; //Get the IPV4 address on this machine which is all that the MF devices support. IPHostEntry hostEntry = Dns.GetHostEntry(""); ipAddress = hostEntry.AddressList[0]; if (ipAddress == null) throw new Exception("No IPV4 address found."); }
public SslClient(IPAddress ipAddress, String targetHost, X509Certificate cert, X509Certificate [] ca, SslVerification verify, SslProtocols[] sslProtocols, bool expectedException) { // Initialize the Socket messageSent = MFUtilities.GetRandomSafeString(2000) + TERMINATOR; // Initialize the port that communication is using port = 11111; this.ipAddress = ipAddress; this.messageSent = "hello" + TERMINATOR; this.targetHost = targetHost; this.cert = cert; this.ca = ca; this.verify = verify; this.sslProtocols = sslProtocols; this.expectedException = expectedException; }
public InitializeResult Initialize() { Log.Comment("Adding set up for the tests"); try { X509Certificate cert = new X509Certificate(CertificatesAndCAs.caCert); } catch (NotSupportedException) { Log.Comment("If this feature throws an exception then it is assumed that it isn't supported on this device type"); return InitializeResult.Skip; } return InitializeResult.ReadyToGo; }
public InitializeResult Initialize() { try { X509Certificate cert = new X509Certificate(CertificatesAndCAs.caCert); } catch (NotSupportedException) { Log.Comment("If this feature throws an exception then it is assumed that it isn't supported on this device type"); return InitializeResult.Skip; } Log.Comment("Adding set up for the tests."); Log.Comment("Thus debugging without knowing if there is a cert in flash without starting from scratch is disasterous."); CertificateStore.ClearAllCertificates(); Debug.GC(true); return InitializeResult.ReadyToGo; }
public MFTestResults ConstructorValid() { MFTestResults testResult = MFTestResults.Fail; Log.Comment("Create an X509 Certificate. No Exceptions should be thrown."); try { X509Certificate cert = new X509Certificate(CertificatesAndCAs.caCert); testResult = MFTestResults.Pass; } catch (Exception e) { Log.Comment("Failed to create a valid certificate with exception: " + e.ToString()); testResult = MFTestResults.Fail; } return testResult; }
public MFTestResults ConstructorInvalidFuzzed() { MFTestResults testResult = MFTestResults.Fail; Log.Comment("Create a fuzzed X509 Certificate. Should throw exception."); try { X509Certificate cert = new X509Certificate(CertificatesAndCAs.fuzzedCert); Log.Comment("Did not throw exception creating fuzzed Cert."); } catch (Exception e) { Log.Comment("Correctly threw exception creating fuzzed cert: " + e.ToString()); testResult = MFTestResults.Pass; } return testResult; }
internal bool Add(string certName, X509Certificate cert) { if (-1 != m_names.IndexOf(certName)) return false; m_names.Add(certName); uint idx = GetNextFreeIndex(); m_values.Add(idx); ExtendedWeakReference ewr = ExtendedWeakReference.RecoverOrCreate(typeof(_CertStore_), (uint)idx, ExtendedWeakReference.c_SurvivePowerdown); ewr.Priority = (int)ExtendedWeakReference.PriorityLevel.Critical; ewr.Target = cert; ewr.PushBackIntoRecoverList(); return true; }
public SslClient() { // Initialize the Socket clientSocketType = SocketType.Stream; clientProtocolType = ProtocolType.Tcp; if (Microsoft.SPOT.Hardware.SystemInfo.SystemID.SKU == 3) { cert = new X509Certificate(CertificatesAndCAs.emuCert, "NetMF"); ca = new X509Certificate[] { new X509Certificate(CertificatesAndCAs.caEmuCert) }; targetHost = "ZACHL-SBA1.redmond.corp.microsoft.com"; } else { cert = new X509Certificate(CertificatesAndCAs.newCert); ca = new X509Certificate[] { new X509Certificate(CertificatesAndCAs.caCert) }; targetHost = "Device.Microsoft.Com"; } verify = SslVerification.CertificateRequired; sslProtocols = new SslProtocols[] { SslProtocols.Default }; }
internal void Authenticate(bool isServer, string targetHost, X509Certificate certificate, X509Certificate[] ca, SslVerification verify, params SslProtocols[] sslProtocols) { SslProtocols vers = (SslProtocols)0; if (-1 != _sslContext) throw new InvalidOperationException(); for (int i = sslProtocols.Length - 1; i >= 0; i--) { vers |= sslProtocols[i]; } _isServer = isServer; try { if (isServer) { _sslContext = SslNative.SecureServerInit((int)vers, (int)verify, certificate, ca); SslNative.SecureAccept(_sslContext, _socket); } else { _sslContext = SslNative.SecureClientInit((int)vers, (int)verify, certificate, ca); SslNative.SecureConnect(_sslContext, targetHost, _socket); } } catch { if (_sslContext != -1) { SslNative.ExitSecureContext(_sslContext); _sslContext = -1; } throw; } }
public void UpdateCertificates(X509Certificate cert, X509Certificate[] ca) { if(_sslContext == -1) throw new InvalidOperationException(); SslNative.UpdateCertificates(_sslContext, cert, ca); }
public void AuthenticateAsServer(X509Certificate cert, X509Certificate[] ca, SslVerification verify, params SslProtocols[] sslProtocols) { Authenticate(true, "", cert, ca, verify, sslProtocols); }
public void AuthenticateAsServer(X509Certificate cert, SslVerification verify, params SslProtocols[] sslProtocols) { AuthenticateAsServer(cert, CertificateStore.CACertificates, verify, sslProtocols); }
public void AuthenticateAsClient(string targetHost, X509Certificate cert, X509Certificate[] ca, SslVerification verify, params SslProtocols[] sslProtocols) { Authenticate(false, targetHost, cert, ca, verify, sslProtocols); }
public void AuthenticateAsClient(string targetHost, X509Certificate cert, SslVerification verify, params SslProtocols[] sslProtocols) { AuthenticateAsClient(targetHost, cert, CertificateStore.CACertificates, verify, sslProtocols); }
public MFTestResults GetRawDataNewCert() { MFTestResults testResult = MFTestResults.Fail; Log.Comment("Get the raw data from the valid certificate"); try { X509Certificate cert = new X509Certificate(CertificatesAndCAs.newCert); byte[] rawCert = cert.GetRawCertData(); if (Tools.CertificateCompare(CertificatesAndCAs.newCert, rawCert)) testResult = MFTestResults.Pass; } catch (Exception e) { Log.Comment("Incorrectly threw exception calling GetRawCertData: " + e.ToString()); testResult = MFTestResults.Fail; } return testResult; }
internal static extern void UpdateCertificates(int contextHandle, X509Certificate certificate, X509Certificate[] ca);
public MFTestResults IssuerGetCaCert() { MFTestResults testResult = MFTestResults.Fail; Log.Comment("Get the Issuer field of a valid certificate"); try { X509Certificate cert = new X509Certificate(CertificatesAndCAs.caCert); string issuer = cert.Issuer; Log.Comment("TODO: Validate the issuer here"); Log.Comment("The issuer is: " + issuer); testResult = MFTestResults.Pass; } catch (Exception e) { Log.Comment("Incorrectly threw exception calling Issuer: " + e.ToString()); testResult = MFTestResults.Fail; } return testResult; }
public MFTestResults ConstructorInvalidNull() { MFTestResults testResult = MFTestResults.Fail; Log.Comment("Create a null X509 Certificate. Should throw exception."); try { X509Certificate cert = new X509Certificate(null); } catch (Exception e) { Log.Comment("Correctly threw exception creating null cert: " + e.ToString()); testResult = MFTestResults.Pass; } return testResult; }
public MFTestResults SubjectGetNewCert() { MFTestResults testResult = MFTestResults.Fail; Log.Comment("Get the Subject field of a valid certificate"); try { X509Certificate cert = new X509Certificate(CertificatesAndCAs.newCert); string subject = cert.Subject; Log.Comment("TODO: Validate the subject here"); Log.Comment("The subject is: " + subject); testResult = MFTestResults.Pass; } catch (Exception e) { Log.Comment("Incorrectly threw exception calling Subject: " + e.ToString()); testResult = MFTestResults.Fail; } return testResult; }
public static bool UpdateCACertificate(string certName, X509Certificate cert) { int idx = s_CACertData.Names.IndexOf(certName); if (-1 == idx) return false; s_CACertData.Values[idx] = cert; s_ewrCALookup.Target = s_CACertData; s_ewrCALookup.PushBackIntoRecoverList(); if (OnCACertificateChange != null) { OnCACertificateChange(CertificateNotificationType.Updated, certName); } return true; }
internal static extern int SecureClientInit(int sslProtocols, int sslCertVerify, X509Certificate certificate, X509Certificate[] ca);
public MFTestResults GetExpirationDateNewCert() { MFTestResults testResult = MFTestResults.Fail; Log.Comment("Get the Expiration Date field of a valid certificate"); try { X509Certificate cert = new X509Certificate(CertificatesAndCAs.newCert); DateTime date = cert.GetExpirationDate(); Log.Comment("TODO: Validate the DateTime here"); Log.Comment("The DateTime is: " + date.ToString()); testResult = MFTestResults.Pass; } catch (Exception e) { Log.Comment("Incorrectly threw exception calling Date: " + e.ToString()); testResult = MFTestResults.Fail; } return testResult; }