示例#1
0
        public AppleTlsContext(
            MobileAuthenticatedStream parent, MonoTlsSettings settings,
            AppleTlsProvider provider, bool serverMode, string targetHost,
            SSA.SslProtocols enabledProtocols, X509Certificate serverCertificate,
            X509CertificateCollection clientCertificates, bool askForClientCert)
        {
            this.parent             = parent;
            this.settings           = settings;
            this.provider           = provider;
            this.serverMode         = serverMode;
            this.targetHost         = targetHost;
            this.enabledProtocols   = enabledProtocols;
            this.serverCertificate  = serverCertificate;
            this.clientCertificates = clientCertificates;
            this.askForClientCert   = askForClientCert;

            handle       = GCHandle.Alloc(this);
            connectionId = GCHandle.ToIntPtr(handle);
            readFunc     = NativeReadCallback;
            writeFunc    = NativeWriteCallback;

            certificateValidator = CertificateValidationHelper.GetDefaultValidator(settings, provider);

            if (IsServer)
            {
                if (serverCertificate == null)
                {
                    throw new ArgumentNullException("serverCertificate");
                }
            }
        }
示例#2
0
        internal void ValidateCreateContext(bool serverMode, string targetHost, SslProtocols enabledProtocols, X509Certificate serverCertificate, X509CertificateCollection clientCertificates, bool clientCertRequired)
        {
            if (xobileTlsContext != null)
            {
                throw new InvalidOperationException();
            }

            if (serverMode)
            {
                if (serverCertificate == null)
                {
                    throw new ArgumentException("serverCertificate");
                }
            }
            else
            {
                if (targetHost == null)
                {
                    throw new ArgumentException("targetHost");
                }
                if (targetHost.Length == 0)
                {
                    targetHost = "?" + Interlocked.Increment(ref uniqueNameInteger).ToString(NumberFormatInfo.InvariantInfo);
                }
            }

            xobileTlsContext = new AppleTlsContext(this, Settings, Provider, serverMode, targetHost, enabledProtocols, serverCertificate, clientCertificates, clientCertRequired);
        }
示例#3
0
 public WssOptions(System.Security.Cryptography.X509Certificates.X509Certificate2 cer, System.Security.Authentication.SslProtocols pro, bool onlyWss)
 {
     this.sslProtocols_0     = System.Security.Authentication.SslProtocols.Default;
     this.bool_0             = false;
     this.x509Certificate2_0 = cer;
     this.sslProtocols_0     = pro;
     this.bool_0             = onlyWss;
 }
示例#4
0
 public AuthenticateAsyncState(
     System.Net.Security.SslStream stream,
     String targetHost,
     System.Security.Cryptography.X509Certificates.X509CertificateCollection clientCertificates,
     System.Security.Authentication.SslProtocols enabledSslProtocols,
     Boolean checkCertificateRevocation
     )
 {
     this.Stream                     = stream;
     this.TargetHost                 = targetHost;
     this.ClientCertificates         = clientCertificates;
     this.EnabledSslProtocols        = enabledSslProtocols;
     this.CheckCertificateRevocation = checkCertificateRevocation;
 }
示例#5
0
        /// <todo />
        public static Task AuthenticateAsClientAsync(
            this System.Net.Security.SslStream stream,
            String targetHost,
            System.Security.Cryptography.X509Certificates.X509CertificateCollection clientCertificates,
            System.Security.Authentication.SslProtocols enabledSslProtocols,
            Boolean checkCertificateRevocation
            )
        {
            var authArgs = new AuthenticateAsyncState(stream, targetHost, clientCertificates, enabledSslProtocols, checkCertificateRevocation);

            return(Task.Factory.FromAsync(
                       (aArgs, cb, state) => aArgs.Stream.BeginAuthenticateAsClient(aArgs.TargetHost, aArgs.ClientCertificates, aArgs.EnabledSslProtocols, aArgs.CheckCertificateRevocation, cb, state),
                       result => ((System.Net.Security.SslStream)result.AsyncState).EndAuthenticateAsClient(result),
                       authArgs,
                       stream
                       ));
        }
示例#6
0
        //private string GetProtocal()
        public async Task PrepareSsl(HttpConnection httpConnection)
        {
            var stream = new RawStream(_receivePipe.Reader, _sendPipe.Writer);

            // todo: 假如客户端不支持SNI

            // Get host name
            var wrappedStream   = new CustomBufferedStream(stream, 4096);
            var clientHelloInfo = await SslTools.PeekClientHello(wrappedStream);

            if (clientHelloInfo == null)
            {
                return;
            }

            var hostName = clientHelloInfo.Extensions?.FirstOrDefault(o => o.Value.Name == "server_name").Value?.Data;
            var protocol = clientHelloInfo.Extensions?.FirstOrDefault(o => o.Value.Name == "ALPN").Value?.Data;

            if (!string.IsNullOrEmpty(protocol))
            {
                string[] stringList = protocol.Split(',');
                protocol = stringList[0].Trim();
            }

            // Select certificate
            var certificate = Context.ServiceContext.ServerOptions.SslCertificateProvider.SelectCertificate(hostName);

            // Switch to SSL
            _sslStream = new SslStream(wrappedStream);

            System.Security.Authentication.SslProtocols sslProtocols = SslProtocols.Ssl3 | SslProtocols.Tls | SslProtocols.Tls11 | SslProtocols.Tls12;

            await _sslStream.AuthenticateAsServerAsync(certificate, false, sslProtocols, false);

            Context.ReceivePipe = new Pipe(new PipeOptions(
                                               pool: _memoryPool
                                               ));
            Context.SendPipe = new Pipe(new PipeOptions(
                                            pool: _memoryPool
                                            ));

            httpConnection.ApplicationProtocol = protocol;
        }
示例#7
0
        public AppleTlsContext(
            MobileAuthenticatedStream parent, bool serverMode, string targetHost,
            SSA.SslProtocols enabledProtocols, X509Certificate serverCertificate,
            X509CertificateCollection clientCertificates, bool askForClientCert)
            : base(parent, serverMode, targetHost, enabledProtocols,
                   serverCertificate, clientCertificates, askForClientCert)
        {
            handle    = GCHandle.Alloc(this, GCHandleType.Weak);
            readFunc  = NativeReadCallback;
            writeFunc = NativeWriteCallback;

            if (IsServer)
            {
                if (serverCertificate == null)
                {
                    throw new ArgumentNullException("serverCertificate");
                }
            }
        }
示例#8
0
        public AppleTlsContext(
            MobileAuthenticatedStream parent, bool serverMode, string targetHost,
            SSA.SslProtocols enabledProtocols, X509Certificate serverCertificate,
            X509CertificateCollection clientCertificates, bool askForClientCert)
            : base(parent, serverMode, targetHost, enabledProtocols,
                   serverCertificate, clientCertificates, askForClientCert)
        {
            handle       = GCHandle.Alloc(this);
            connectionId = GCHandle.ToIntPtr(handle);
            readFunc     = NativeReadCallback;
            writeFunc    = NativeWriteCallback;

            certificateValidator = CertificateValidationHelper.GetDefaultValidator(Settings, Provider);

            if (IsServer)
            {
                if (serverCertificate == null)
                {
                    throw new ArgumentNullException("serverCertificate");
                }
            }
        }
示例#9
0
        public void AuthenticateAsClient(string targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, bool checkCertificateRevocation)
        {
            var task = ProcessAuthentication(true, false, targetHost, enabledSslProtocols, null, clientCertificates, false);

            task.Wait();
        }
示例#10
0
		public void AuthenticateAsClient (string targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, bool checkCertificateRevocation)
		{
			ValidateCreateContext (false, targetHost, enabledSslProtocols, null, clientCertificates, false);
			ProcessAuthentication (null);
		}
示例#11
0
		public IAsyncResult BeginAuthenticateAsClient (string targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, bool checkCertificateRevocation, AsyncCallback asyncCallback, object asyncState)
		{
			ValidateCreateContext (false, targetHost, enabledSslProtocols, null, clientCertificates, false);
			var result = new LazyAsyncResult (this, asyncState, asyncCallback);
			ProcessAuthentication (result);
			return result;
		}
 public virtual System.IAsyncResult BeginAuthenticateAsServer(System.Security.Cryptography.X509Certificates.X509Certificate serverCertificate, bool clientCertificateRequired, System.Security.Authentication.SslProtocols enabledSslProtocols, bool checkCertificateRevocation, System.AsyncCallback asyncCallback, object asyncState)
 {
     throw null;
 }
 public virtual System.Threading.Tasks.Task AuthenticateAsServerAsync(System.Security.Cryptography.X509Certificates.X509Certificate serverCertificate, bool clientCertificateRequired, System.Security.Authentication.SslProtocols enabledSslProtocols, bool checkCertificateRevocation)
 {
     throw null;
 }
 public virtual void AuthenticateAsServer(System.Security.Cryptography.X509Certificates.X509Certificate serverCertificate, bool clientCertificateRequired, System.Security.Authentication.SslProtocols enabledSslProtocols, bool checkCertificateRevocation)
 {
 }
示例#15
0
        public Task AuthenticateAsClientAsync(string targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, bool checkCertificateRevocation)
        {
            var options = new MonoSslClientAuthenticationOptions {
                TargetHost                     = targetHost,
                ClientCertificates             = clientCertificates,
                EnabledSslProtocols            = enabledSslProtocols,
                CertificateRevocationCheckMode = checkCertificateRevocation ? X509RevocationMode.Online : X509RevocationMode.NoCheck,
                EncryptionPolicy               = EncryptionPolicy.RequireEncryption
            };

            return(ProcessAuthentication(false, options, CancellationToken.None));
        }
示例#16
0
		public void AuthenticateAsServer (X509Certificate serverCertificate, bool clientCertificateRequired, SslProtocols enabledSslProtocols, bool checkCertificateRevocation)
		{
			ValidateCreateContext (true, string.Empty, enabledSslProtocols, serverCertificate, null, clientCertificateRequired);
			ProcessAuthentication (null);
		}
示例#17
0
        public void AuthenticateAsServer(X509Certificate serverCertificate, bool clientCertificateRequired, SslProtocols enabledSslProtocols, bool checkCertificateRevocation)
        {
            var options = new MonoSslServerAuthenticationOptions {
                ServerCertificate              = serverCertificate,
                ClientCertificateRequired      = clientCertificateRequired,
                EnabledSslProtocols            = enabledSslProtocols,
                CertificateRevocationCheckMode = checkCertificateRevocation ? X509RevocationMode.Online : X509RevocationMode.NoCheck,
                EncryptionPolicy = EncryptionPolicy.RequireEncryption
            };

            var task = ProcessAuthentication(true, options, CancellationToken.None);

            task.Wait();
        }
        public void AuthenticateAsClient(string targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, bool checkCertificateRevocation)
        {
            var options = new MonoSslClientAuthenticationOptions {
                TargetHost                     = targetHost,
                ClientCertificates             = clientCertificates,
                EnabledSslProtocols            = enabledSslProtocols,
                CertificateRevocationCheckMode = checkCertificateRevocation ? X509RevocationMode.Online : X509RevocationMode.NoCheck,
                EncryptionPolicy               = EncryptionPolicy.RequireEncryption
            };

            var task = ProcessAuthentication(true, options, CancellationToken.None);

            try {
                task.Wait();
            } catch (Exception ex) {
                throw HttpWebRequest.FlattenException(ex);
            }
        }
示例#19
0
		public IAsyncResult BeginAuthenticateAsServer (X509Certificate serverCertificate, bool clientCertificateRequired, SslProtocols enabledSslProtocols, bool checkCertificateRevocation, AsyncCallback asyncCallback, object asyncState)
		{
			ValidateCreateContext (true, string.Empty, enabledSslProtocols, serverCertificate, null, clientCertificateRequired);
			var result = new LazyAsyncResult (this, asyncState, asyncCallback);
			ProcessAuthentication (result);
			return result;
		}
示例#20
0
		internal void ValidateCreateContext (bool serverMode, string targetHost, SslProtocols enabledProtocols, X509Certificate serverCertificate, X509CertificateCollection clientCertificates, bool clientCertRequired)
		{
			if (xobileTlsContext != null)
				throw new InvalidOperationException ();

			if (serverMode) {
				if (serverCertificate == null)
					throw new ArgumentException ("serverCertificate");
			} else {				
				if (targetHost == null)
					throw new ArgumentException ("targetHost");
				if (targetHost.Length == 0)
					targetHost = "?" + Interlocked.Increment (ref uniqueNameInteger).ToString (NumberFormatInfo.InvariantInfo);
			}

			xobileTlsContext = CreateContext (this, serverMode, targetHost, enabledProtocols, serverCertificate, clientCertificates, clientCertRequired);
		}
示例#21
0
		public Task AuthenticateAsServerAsync (X509Certificate serverCertificate, bool clientCertificateRequired, SslProtocols enabledSslProtocols, bool checkCertificateRevocation)
		{
			return Task.Factory.FromAsync ((callback, state) => BeginAuthenticateAsServer (serverCertificate, clientCertificateRequired, enabledSslProtocols, checkCertificateRevocation, callback, state), EndAuthenticateAsServer, null);
		}
示例#22
0
		public Task AuthenticateAsClientAsync (string targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, bool checkCertificateRevocation)
		{
			return Task.Factory.FromAsync ((callback, state) => BeginAuthenticateAsClient (targetHost, clientCertificates, enabledSslProtocols, checkCertificateRevocation, callback, state), EndAuthenticateAsClient, null);
		}
示例#23
0
 public WssOptions()
 {
     this.sslProtocols_0 = System.Security.Authentication.SslProtocols.Default;
     this.bool_0         = false;
 }
示例#24
0
        public IAsyncResult BeginAuthenticateAsClient(string targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, bool checkCertificateRevocation, AsyncCallback asyncCallback, object asyncState)
        {
            var task = ProcessAuthentication(false, false, targetHost, enabledSslProtocols, null, clientCertificates, false);

            return(TaskToApm.Begin(task, asyncCallback, asyncState));
        }
示例#25
0
        public IAsyncResult BeginAuthenticateAsClient(string targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, bool checkCertificateRevocation, AsyncCallback asyncCallback, object asyncState)
        {
            var options = new MonoSslClientAuthenticationOptions {
                TargetHost                     = targetHost,
                ClientCertificates             = clientCertificates,
                EnabledSslProtocols            = enabledSslProtocols,
                CertificateRevocationCheckMode = checkCertificateRevocation ? X509RevocationMode.Online : X509RevocationMode.NoCheck,
                EncryptionPolicy               = EncryptionPolicy.RequireEncryption
            };

            var task = ProcessAuthentication(false, options, CancellationToken.None);

            return(TaskToApm.Begin(task, asyncCallback, asyncState));
        }
示例#26
0
        public void AuthenticateAsServer(X509Certificate serverCertificate, bool clientCertificateRequired, SslProtocols enabledSslProtocols, bool checkCertificateRevocation)
        {
            var task = ProcessAuthentication(true, true, string.Empty, enabledSslProtocols, serverCertificate, null, clientCertificateRequired);

            task.Wait();
        }
示例#27
0
        public IAsyncResult BeginAuthenticateAsServer(X509Certificate serverCertificate, bool clientCertificateRequired, SslProtocols enabledSslProtocols, bool checkCertificateRevocation, AsyncCallback asyncCallback, object asyncState)
        {
            var options = new MonoSslServerAuthenticationOptions {
                ServerCertificate              = serverCertificate,
                ClientCertificateRequired      = clientCertificateRequired,
                EnabledSslProtocols            = enabledSslProtocols,
                CertificateRevocationCheckMode = checkCertificateRevocation ? X509RevocationMode.Online : X509RevocationMode.NoCheck,
                EncryptionPolicy = EncryptionPolicy.RequireEncryption
            };

            var task = ProcessAuthentication(false, options, CancellationToken.None);

            return(TaskToApm.Begin(task, asyncCallback, asyncState));
        }
示例#28
0
        public IAsyncResult BeginAuthenticateAsServer(X509Certificate serverCertificate, bool clientCertificateRequired, SslProtocols enabledSslProtocols, bool checkCertificateRevocation, AsyncCallback asyncCallback, object asyncState)
        {
            var task = ProcessAuthentication(false, true, string.Empty, enabledSslProtocols, serverCertificate, null, clientCertificateRequired);

            return(TaskToApm.Begin(task, asyncCallback, asyncState));
        }
示例#29
0
        public Task AuthenticateAsServerAsync(X509Certificate serverCertificate, bool clientCertificateRequired, SslProtocols enabledSslProtocols, bool checkCertificateRevocation)
        {
            var options = new MonoSslServerAuthenticationOptions {
                ServerCertificate              = serverCertificate,
                ClientCertificateRequired      = clientCertificateRequired,
                EnabledSslProtocols            = enabledSslProtocols,
                CertificateRevocationCheckMode = checkCertificateRevocation ? X509RevocationMode.Online : X509RevocationMode.NoCheck,
                EncryptionPolicy = EncryptionPolicy.RequireEncryption
            };

            return(ProcessAuthentication(false, options, CancellationToken.None));
        }
示例#30
0
 public Task AuthenticateAsClientAsync(string targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, bool checkCertificateRevocation)
 {
     return(ProcessAuthentication(false, false, targetHost, enabledSslProtocols, null, clientCertificates, false));
 }
 public virtual void AuthenticateAsClient(string targetHost, System.Security.Cryptography.X509Certificates.X509CertificateCollection clientCertificates, System.Security.Authentication.SslProtocols enabledSslProtocols, bool checkCertificateRevocation)
 {
 }
示例#32
0
 public Task AuthenticateAsServerAsync(X509Certificate serverCertificate, bool clientCertificateRequired, SslProtocols enabledSslProtocols, bool checkCertificateRevocation)
 {
     return(ProcessAuthentication(false, true, string.Empty, enabledSslProtocols, serverCertificate, null, clientCertificateRequired));
 }
 public virtual System.Threading.Tasks.Task AuthenticateAsClientAsync(string targetHost, System.Security.Cryptography.X509Certificates.X509CertificateCollection clientCertificates, System.Security.Authentication.SslProtocols enabledSslProtocols, bool checkCertificateRevocation)
 {
     throw null;
 }
示例#34
0
        async Task ProcessAuthentication(
            bool runSynchronously, bool serverMode, string targetHost, SslProtocols enabledProtocols,
            X509Certificate serverCertificate, X509CertificateCollection clientCertificates, bool clientCertRequired)
        {
            if (serverMode)
            {
                if (serverCertificate == null)
                {
                    throw new ArgumentException(nameof(serverCertificate));
                }
            }
            else
            {
                if (targetHost == null)
                {
                    throw new ArgumentException(nameof(targetHost));
                }
                if (targetHost.Length == 0)
                {
                    targetHost = "?" + Interlocked.Increment(ref uniqueNameInteger).ToString(NumberFormatInfo.InvariantInfo);
                }
            }

            if (lastException != null)
            {
                lastException.Throw();
            }

            var asyncRequest = new AsyncHandshakeRequest(this, runSynchronously);

            if (Interlocked.CompareExchange(ref asyncHandshakeRequest, asyncRequest, null) != null)
            {
                throw new InvalidOperationException("Invalid nested call.");
            }
            // Make sure no other async requests can be started during the handshake.
            if (Interlocked.CompareExchange(ref asyncReadRequest, asyncRequest, null) != null)
            {
                throw new InvalidOperationException("Invalid nested call.");
            }
            if (Interlocked.CompareExchange(ref asyncWriteRequest, asyncRequest, null) != null)
            {
                throw new InvalidOperationException("Invalid nested call.");
            }

            AsyncProtocolResult result;

            try {
                lock (ioLock) {
                    if (xobileTlsContext != null)
                    {
                        throw new InvalidOperationException();
                    }
                    readBuffer.Reset();
                    writeBuffer.Reset();

                    xobileTlsContext = CreateContext(
                        serverMode, targetHost, enabledProtocols, serverCertificate,
                        clientCertificates, clientCertRequired);
                }

                try {
                    result = await asyncRequest.StartOperation(CancellationToken.None).ConfigureAwait(false);
                } catch (Exception ex) {
                    result = new AsyncProtocolResult(SetException(GetSSPIException(ex)));
                }
            } finally {
                lock (ioLock) {
                    readBuffer.Reset();
                    writeBuffer.Reset();
                    asyncWriteRequest     = null;
                    asyncReadRequest      = null;
                    asyncHandshakeRequest = null;
                }
            }

            if (result.Error != null)
            {
                result.Error.Throw();
            }
        }
 public virtual System.IAsyncResult BeginAuthenticateAsClient(string targetHost, System.Security.Cryptography.X509Certificates.X509CertificateCollection clientCertificates, System.Security.Authentication.SslProtocols enabledSslProtocols, bool checkCertificateRevocation, System.AsyncCallback asyncCallback, object asyncState)
 {
     throw null;
 }
示例#36
0
 public virtual void AuthenticateAsClient(string targetHost, System.Security.Cryptography.X509Certificates.X509CertificateCollection clientCertificates, System.Security.Authentication.SslProtocols enabledSslProtocols, bool checkCertificateRevocation)
 {
     throw new PlatformNotSupportedException();
 }
示例#37
0
 public virtual void AuthenticateAsServer(System.Security.Cryptography.X509Certificates.X509Certificate serverCertificate, bool clientCertificateRequired, System.Security.Authentication.SslProtocols enabledSslProtocols, bool checkCertificateRevocation)
 {
     throw new PlatformNotSupportedException();
 }
示例#38
0
        public AppleTlsContext(
            MobileAuthenticatedStream parent, MonoTlsSettings settings,
            AppleTlsProvider provider, bool serverMode, string targetHost,
            SSA.SslProtocols enabledProtocols, X509Certificate serverCertificate,
            X509CertificateCollection clientCertificates, bool askForClientCert)
        {
            this.parent = parent;
            this.settings = settings;
            this.provider = provider;
            this.serverMode = serverMode;
            this.targetHost = targetHost;
            this.enabledProtocols = enabledProtocols;
            this.serverCertificate = serverCertificate;
            this.clientCertificates = clientCertificates;
            this.askForClientCert = askForClientCert;

            handle = GCHandle.Alloc (this);
            connectionId = GCHandle.ToIntPtr (handle);
            readFunc = NativeReadCallback;
            writeFunc = NativeWriteCallback;

            // a bit higher than the default maximum fragment size
            readBuffer = new byte [16384];
            writeBuffer = new byte [16384];

            certificateValidator = CertificateValidationHelper.GetDefaultValidator (settings, provider);

            if (IsServer) {
                if (serverCertificate == null)
                    throw new ArgumentNullException ("serverCertificate");
            }
        }