binding-csharp/runtime/src/main/csharp/Org.Apache.Etch.Bindings.Csharp/Util/TlsConnection.cs - etch - Git at Google

 // $Id$
 //
 // Licensed to the Apache Software Foundation (ASF) under one
 // or more contributor license agreements. See the NOTICE file
 // distributed with this work for additional information
 // regarding copyright ownership. The ASF licenses this file
 // to you under the Apache License, Version 2.0 (the
 // "License"); you may not use this file except in compliance
 // with the License. You may obtain a copy of the License at
 //
 //   http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing,
 // software distributed under the License is distributed on an
 // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 // KIND, either express or implied. See the License for the
 // specific language governing permissions and limitations
 // under the License.
 //
 using System;
 using System.Net;
 using System.Net.Security;
 using System.Net.Sockets;
 using System.Security.Authentication;
 using System.Security.Cryptography.X509Certificates;

 namespace Org.Apache.Etch.Bindings.Csharp.Util
 {
     public class TlsConnection : TcpTransport
     {
         /// <summary>
         /// Term on uri which specifies whether server certificate should be authenticated.
         /// </summary>
         public const string AUTH_REQD = "TlsConnection.authReqd";

         /// <summary>
         /// Term on uri which specifies the certificate name of the server.
         /// </summary>
         public const string CERT_NAME = "TlsConnection.certName";

         public TlsConnection(Socket socket, string uri, Resources resources)
             : this(socket, new URL(uri), resources)
         {
             // nothing to do.
         }

         public TlsConnection(Socket socket, URL uri, Resources resources)
             : base(uri, resources)
         {
             SetCertificateName(uri.GetTerm(CERT_NAME, "default"));
             SetAuthReqd(uri.GetBooleanTerm(AUTH_REQD, true));

             if (socket == null)
             {
                 String host = uri.Host;
                 if (host == null)
                     throw new ArgumentNullException("host == null");

                 int? port = uri.Port;
                 if (port == null)
                     throw new ArgumentNullException("port == null");

                 if (port <= 0 || port >= 65536)
                     throw new ArgumentOutOfRangeException("port <= 0 || port >= 65536");

                 this.socket = null;
                 this.host = host;
                 this.port = (int)port;
             }
             else
             {
                 this.socket = socket;
                 this.host = null;
                 this.port = 0;
             }
         }

         private readonly String host;

         private readonly int port;

         public override string ToString()
         {
             Socket s = socket;

             if (s != null)
                 return String.Format("TlsConnection(up, {0}, {1})",
                     s.LocalEndPoint, s.RemoteEndPoint);

             return String.Format("TlsConnection(down, {0}, {1})", host, port);
         }

         protected override bool IsServer()
         {
             return host == null;
         }

         protected override Socket NewSocket()
         {
             IPAddress addr;

             if (host != null)
             {
                 IPAddress[] addrs = Dns.GetHostAddresses(host);
                 if (addrs == null || addrs.Length == 0)
                     throw new ArgumentException("host is invalid");
                 addr = addrs[0];
             }
             else
             {
                 addr = IPAddress.Any;
             }

             IPEndPoint ipe = new IPEndPoint(addr, port);
             Socket socket = new Socket(ipe.AddressFamily, SocketType.Stream, ProtocolType.Tcp);
             socket.Connect(ipe);
             return socket;
         }

         protected override void SetUpSocket()
         {
             base.SetUpSocket();

             if (IsServer())
             {
                 stream = new SslStream(stream, false);
                 try
                 {
                     ((SslStream)stream).AuthenticateAsServer(GetServerCert(certName));
                 }
                 catch (AuthenticationException e)
                 {
                     //Console.WriteLine(" Exception in authenticating certificate ");
                     FireException("Certificate Authentication", e);
                 }
             }
             else
             {
                 stream = new SslStream(stream, false,
                      new RemoteCertificateValidationCallback(ValidateServerCertificate),
                      null);

                 // The server name must match the name on the server certificate.

                 try
                 {
                     ((SslStream)stream).AuthenticateAsClient(certName);
                 }
                 catch (AuthenticationException e)
                 {
                     AuthenticationException e1 = new AuthenticationException(
                         "Remote Certificate Mismatch Error. Problem in setting up"
                         + " SSL Connection. Either disable server authentication by using"
                         + " term TlsConnection.authReqd=false on uri or provide a valid"
                         + " certificate name using term TlsConnection.certName=name on uri.", e);
                     throw e1;
                 }
             }
         }

         private void SetCertificateName(string certName)
         {
             this.certName = certName;
         }

         private string certName;

         private void SetAuthReqd(bool authReqd)
         {
             this.authReqd = authReqd;
         }

         private bool authReqd;

         public  bool ValidateServerCertificate(
            object sender,
            X509Certificate certificate,
            X509Chain chain,
            SslPolicyErrors sslPolicyErrors)
         {
             if (!authReqd)
                 return true;

             if (sslPolicyErrors == SslPolicyErrors.None)
                 return true;

             //Console.WriteLine("Certificate error: {0}", sslPolicyErrors);

             // Do not allow this client to communicate with unauthenticated servers.
             return false;
         }

         private  X509Certificate GetServerCert(string certName)
         {
             X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
             store.Open(OpenFlags.ReadOnly);
             X509CertificateCollection coll = store.Certificates.Find(X509FindType.FindBySubjectName, certName, true);
             return coll[0];
         }
     }
 }
	// $Id$
	//
	// Licensed to the Apache Software Foundation (ASF) under one
	// or more contributor license agreements. See the NOTICE file
	// distributed with this work for additional information
	// regarding copyright ownership. The ASF licenses this file
	// to you under the Apache License, Version 2.0 (the
	// "License"); you may not use this file except in compliance
	// with the License. You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing,
	// software distributed under the License is distributed on an
	// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	// KIND, either express or implied. See the License for the
	// specific language governing permissions and limitations
	// under the License.
	//
	using System;
	using System.Net;
	using System.Net.Security;
	using System.Net.Sockets;
	using System.Security.Authentication;
	using System.Security.Cryptography.X509Certificates;

	namespace Org.Apache.Etch.Bindings.Csharp.Util
	{
	public class TlsConnection : TcpTransport
	{
	/// <summary>
	/// Term on uri which specifies whether server certificate should be authenticated.
	/// </summary>
	public const string AUTH_REQD = "TlsConnection.authReqd";

	/// <summary>
	/// Term on uri which specifies the certificate name of the server.
	/// </summary>
	public const string CERT_NAME = "TlsConnection.certName";

	public TlsConnection(Socket socket, string uri, Resources resources)
	: this(socket, new URL(uri), resources)
	{
	// nothing to do.
	}

	public TlsConnection(Socket socket, URL uri, Resources resources)
	: base(uri, resources)
	{
	SetCertificateName(uri.GetTerm(CERT_NAME, "default"));
	SetAuthReqd(uri.GetBooleanTerm(AUTH_REQD, true));

	if (socket == null)
	{
	String host = uri.Host;
	if (host == null)
	throw new ArgumentNullException("host == null");

	int? port = uri.Port;
	if (port == null)
	throw new ArgumentNullException("port == null");

	if (port <= 0 \|\| port >= 65536)
	throw new ArgumentOutOfRangeException("port <= 0 \|\| port >= 65536");

	this.socket = null;
	this.host = host;
	this.port = (int)port;
	}
	else
	{
	this.socket = socket;
	this.host = null;
	this.port = 0;
	}
	}

	private readonly String host;

	private readonly int port;

	public override string ToString()
	{
	Socket s = socket;

	if (s != null)
	return String.Format("TlsConnection(up, {0}, {1})",
	s.LocalEndPoint, s.RemoteEndPoint);

	return String.Format("TlsConnection(down, {0}, {1})", host, port);
	}

	protected override bool IsServer()
	{
	return host == null;
	}

	protected override Socket NewSocket()
	{
	IPAddress addr;

	if (host != null)
	{
	IPAddress[] addrs = Dns.GetHostAddresses(host);
	if (addrs == null \|\| addrs.Length == 0)
	throw new ArgumentException("host is invalid");
	addr = addrs[0];
	}
	else
	{
	addr = IPAddress.Any;
	}

	IPEndPoint ipe = new IPEndPoint(addr, port);
	Socket socket = new Socket(ipe.AddressFamily, SocketType.Stream, ProtocolType.Tcp);
	socket.Connect(ipe);
	return socket;
	}

	protected override void SetUpSocket()
	{
	base.SetUpSocket();

	if (IsServer())
	{
	stream = new SslStream(stream, false);
	try
	{
	((SslStream)stream).AuthenticateAsServer(GetServerCert(certName));
	}
	catch (AuthenticationException e)
	{
	//Console.WriteLine(" Exception in authenticating certificate ");
	FireException("Certificate Authentication", e);
	}
	}
	else
	{
	stream = new SslStream(stream, false,
	new RemoteCertificateValidationCallback(ValidateServerCertificate),
	null);

	// The server name must match the name on the server certificate.

	try
	{
	((SslStream)stream).AuthenticateAsClient(certName);
	}
	catch (AuthenticationException e)
	{
	AuthenticationException e1 = new AuthenticationException(
	"Remote Certificate Mismatch Error. Problem in setting up"
	+ " SSL Connection. Either disable server authentication by using"
	+ " term TlsConnection.authReqd=false on uri or provide a valid"
	+ " certificate name using term TlsConnection.certName=name on uri.", e);
	throw e1;
	}
	}
	}

	private void SetCertificateName(string certName)
	{
	this.certName = certName;
	}

	private string certName;

	private void SetAuthReqd(bool authReqd)
	{
	this.authReqd = authReqd;
	}

	private bool authReqd;

	public bool ValidateServerCertificate(
	object sender,
	X509Certificate certificate,
	X509Chain chain,
	SslPolicyErrors sslPolicyErrors)
	{
	if (!authReqd)
	return true;

	if (sslPolicyErrors == SslPolicyErrors.None)
	return true;

	//Console.WriteLine("Certificate error: {0}", sslPolicyErrors);

	// Do not allow this client to communicate with unauthenticated servers.
	return false;
	}

	private X509Certificate GetServerCert(string certName)
	{
	X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
	store.Open(OpenFlags.ReadOnly);
	X509CertificateCollection coll = store.Certificates.Find(X509FindType.FindBySubjectName, certName, true);
	return coll[0];
	}
	}
	}