1、SSLSocket Server
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.IO;
using System.Net;
using System.Net.Sockets;
using System.Net.Security;
using System.Security.Authentication;
using System.Security.Cryptography.X509Certificates;
namespace SSLSocket
{
class SSLSocketServer
{
static X509Certificate serverCertificate = null;
static String delimiter = "=========================================================";
public static void RunServer(String ip,int port,String p12Path)
{
serverCertificate = new X509Certificate2(p12Path, "sslTestPwd");
TcpListener listener = new TcpListener(IPAddress.Parse(ip), port);
listener.Start();
while (true)
{
try
{
TcpClient client = listener.AcceptTcpClient();
ProcessClient(client);
}
catch(Exception ex)
{
Console.WriteLine(ex);
}
}
}
static void ProcessClient(TcpClient client)
{
SslStream sslStream = new SslStream(client.GetStream(), false);
try
{
//sslStream.AuthenticateAsServer(serverCertificate, false, SslProtocols.Tls | SslProtocols.Ssl2 | SslProtocols.Ssl3 | SslProtocols.None, true);
sslStream.AuthenticateAsServer(serverCertificate, false, SslProtocols.Ssl2 | SslProtocols.Ssl3, true);
DisplaySecurityLevel(sslStream);
DisplayCertificateInformation(sslStream);
sslStream.ReadTimeout = 5000;
sslStream.WriteTimeout = 5000;
string messageData = ReadMessage(sslStream);
Console.WriteLine(delimiter);
Console.WriteLine("收到信息: {0}", messageData);
Console.WriteLine(delimiter);
//byte[] message = Encoding.UTF8.GetBytes("Hello from the server.");
//Console.WriteLine("Sending hello message.");
//sslStream.Write(message);
}
catch (AuthenticationException e)
{
Console.WriteLine("Exception: {0}", e.Message);
if (e.InnerException != null)
{
Console.WriteLine("Inner exception: {0}", e.InnerException.Message);
}
Console.WriteLine("Authentication failed - closing the connection.");
sslStream.Close();
client.Close();
return;
}
finally
{
sslStream.Close();
client.Close();
}
}
static string ReadMessage(SslStream sslStream)
{
byte[] buffer = new byte[2048];
StringBuilder messageData = new StringBuilder();
int bytes = -1;
do
{
bytes = sslStream.Read(buffer, 0, buffer.Length);
Decoder decoder = Encoding.UTF8.GetDecoder();
char[] chars = new char[decoder.GetCharCount(buffer, 0, bytes)];
decoder.GetChars(buffer, 0, bytes, chars, 0);
messageData.Append(chars);
if (messageData.ToString().IndexOf("") != -1)
{
break;
}
}
while (bytes != 0);
return messageData.ToString();
}
static void DisplaySecurityLevel(SslStream stream)
{
Console.WriteLine(delimiter);
Console.WriteLine("通讯协议: {0}", stream.SslProtocol);
Console.WriteLine("加密算法: {0} strength {1}", stream.CipherAlgorithm, stream.CipherStrength);
Console.WriteLine("哈希算法: {0} strength {1}", stream.HashAlgorithm, stream.HashStrength);
Console.WriteLine("密钥交换算法: {0} strength {1}", stream.KeyExchangeAlgorithm, stream.KeyExchangeStrength);
Console.WriteLine(delimiter);
}
static void DisplayCertificateInformation(SslStream stream)
{
Console.WriteLine(delimiter);
Console.WriteLine("证书吊销列表检查: {0}", stream.CheckCertRevocationStatus);
X509Certificate localCertificate = stream.LocalCertificate;
if (stream.LocalCertificate != null)
{
Console.WriteLine("本地证书签发者: {0}", localCertificate.Subject);
Console.WriteLine("本地证书有效期: {0}~{1}", localCertificate.GetEffectiveDateString(),
localCertificate.GetExpirationDateString());
}
else
{
Console.WriteLine("本地证书为空");
}
X509Certificate remoteCertificate = stream.RemoteCertificate;
if (stream.RemoteCertificate != null)
{
Console.WriteLine("远程证书签发者: {0}", remoteCertificate.Subject);
Console.WriteLine("远程证书有效期: {0}至{1}", remoteCertificate.GetEffectiveDateString(),
remoteCertificate.GetExpirationDateString());
}
else
{
Console.WriteLine("远程证书为空");
}
Console.WriteLine(delimiter);
}
}
}
2、SSLSocket Client
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Net;
using System.Net.Sockets;
using System.Net.Security;
using System.Security.Authentication;
using System.Security.Cryptography.X509Certificates;
namespace SSLSocketClient
{
class SSLSocketClient
{
//回调函数验证证书
public static bool ValidateServerCertificate(
object sender,
X509Certificate certificate,
X509Chain chain,
SslPolicyErrors sslPolicyErrors)
{
if (sslPolicyErrors == SslPolicyErrors.None)
{
return true;
}
if (sslPolicyErrors == SslPolicyErrors.RemoteCertificateNameMismatch || sslPolicyErrors == SslPolicyErrors.RemoteCertificateChainErrors)
{
return true;
}
return false;
}
public static void SendMessage(string ip, int port,String certPath, String msg)
{
TcpClient client = new TcpClient(ip, port);
SslStream sslStream = new SslStream(client.GetStream(),
false, new RemoteCertificateValidationCallback(ValidateServerCertificate), null);
X509CertificateCollection certs = new X509CertificateCollection();
X509Certificate cert = X509Certificate.CreateFromCertFile(certPath);
certs.Add(cert);
try
{
sslStream.AuthenticateAsClient("AtlasTiger", certs, SslProtocols.Tls, false);
//sslStream.AuthenticateAsClient("AtlasTiger", certs, SslProtocols.Ssl3, false);
//sslStream.AuthenticateAsClient("AtlasTiger", certs, SslProtocols.Ssl2, false);
//sslStream.AuthenticateAsClient("AtlasTiger", certs, SslProtocols.None, false);
}
catch (AuthenticationException e)
{
Console.WriteLine("Authentication failed : " + e);
client.Close();
return;
}
byte[] messsage = Encoding.UTF8.GetBytes(msg);
sslStream.Write(messsage);
sslStream.Flush();
client.Close();
}
}
}