📄 sslfilter.cs
字号:
namespace NCindy.Filter
{
using NCindy;
using NCindy.Buffer;
using NCindy.Util.Logging;
using System;
using System.Net.Security;
using System.Security.Authentication;
using System.Security.Cryptography.X509Certificates;
public sealed class SSLFilter : AuthenticatedFilter
{
private bool checkCertificateRevocation;
private X509CertificateCollection clientCertificates;
private bool clientMode;
private static readonly ILogger log = LogFactory.CreateLogger(MethodBase.GetCurrentMethod().ReflectedType);
private bool needClientAuth;
private readonly SslProtocols sslProtocal;
private readonly SslStream sslStream;
private string targetHost;
public SSLFilter(ISession session, SslProtocols sslProtocal)
{
if (session.SessionType != SessionType.Tcp)
{
throw new ArgumentException("SSLFilter only work with Tcp session.", "session");
}
this.sslProtocal = sslProtocal;
base.session = session;
this.checkCertificateRevocation = false;
this.sslStream = new SslStream(base.innerStream);
}
public override void PacketReceived(ISessionFilterChain filterChain, IPacket packet)
{
if (log.IsInfoEnabled)
{
log.Info("SSLFilter PacketReceived");
}
if ((base.filterState == AuthFilterState.Initial) || (base.session != filterChain.Session))
{
base.PacketReceived(filterChain, packet);
}
else if (base.filterState == AuthFilterState.Authenticating)
{
if (log.IsInfoEnabled)
{
log.Info(string.Format("SSLFilter PacketReceived.Position:{0}, remaining:{1}", packet.Content.Position, packet.Content.Remaining));
}
base.innerStream.WriteToRStream(((AbstractBuffer) packet.Content).InnerByteArray, packet.Content.Position, packet.Content.Remaining);
}
else
{
int capacity = packet.Content.Remaining * 2;
base.innerStream.WriteToRStream(((AbstractBuffer) packet.Content).InnerByteArray, packet.Content.Position, packet.Content.Remaining);
AbstractBuffer buffer = (AbstractBuffer) BufferFactory.GetBuffer(capacity);
buffer.Limit = this.sslStream.Read(buffer.InnerByteArray, 0, capacity);
packet.Content = buffer;
base.PacketReceived(filterChain, packet);
}
}
public override void PacketSend(ISessionFilterChain filterChain, IPacket packet)
{
if ((base.session != filterChain.Session) || (base.filterState == AuthFilterState.Initial))
{
base.PacketSend(filterChain, packet);
}
else
{
this.sslStream.Write(((AbstractBuffer) packet.Content).InnerByteArray, packet.Content.Position, packet.Content.Remaining);
int capacity = packet.Content.Remaining * 2;
AbstractBuffer buffer = (AbstractBuffer) BufferFactory.GetBuffer(capacity);
int num2 = base.innerStream.ReadFromWStream(buffer.InnerByteArray, 0, buffer.Capacity);
buffer.Limit = num2;
packet.Content = buffer;
if (base.filterState != AuthFilterState.Authenticating)
{
base.PacketSend(filterChain, packet);
}
}
}
public override void SessionStateChanged(ISessionFilterChain filterChain)
{
if ((base.session == filterChain.Session) && (base.session.State == SessionState.Closed))
{
this.sslStream.Close();
}
}
public void Start()
{
if (base.filterState != AuthFilterState.Initial)
{
throw new InvalidOperationException("Already started.");
}
lock (this)
{
if (base.filterState == AuthFilterState.Initial)
{
base.filterState = AuthFilterState.Authenticating;
try
{
if (!this.clientMode)
{
throw new NotImplementedException("Server mode is NOT supported now.");
}
this.sslStream.AuthenticateAsClient(this.targetHost, this.clientCertificates, this.sslProtocal, false);
base.filterState = AuthFilterState.Authenticated;
if (log.IsInfoEnabled)
{
log.Info("Authenticate Successful.");
}
}
catch (Exception exception)
{
base.filterState = AuthFilterState.AuthenticateFailed;
log.Error("Start SSLFilter failed.", exception);
throw;
}
}
}
}
public bool CheckCertificateRevocation
{
get
{
return this.checkCertificateRevocation;
}
set
{
this.checkCertificateRevocation = value;
}
}
public X509CertificateCollection ClientCertificates
{
get
{
return this.clientCertificates;
}
set
{
this.clientCertificates = value;
}
}
public bool IsAuthenticated
{
get
{
return (base.filterState == AuthFilterState.Authenticated);
}
}
public bool IsClientMode
{
get
{
return this.clientMode;
}
set
{
this.clientMode = value;
}
}
public bool IsNeedClientAuth
{
get
{
return this.needClientAuth;
}
set
{
this.needClientAuth = value;
}
}
public string TargetHost
{
get
{
return this.targetHost;
}
set
{
this.targetHost = value;
}
}
}
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -