我在MSDN上看到了示例程序:Asynchronous Socket如下所示。我已经尝试过该程序并正常运行。是否可以修改异步套接字以支持TLS / SSL?怎么做?
using System;
using System.Net;
using System.Net.Sockets;
using System.Text;
using System.Threading;
// State object for reading client data asynchronously
public class StateObject {
// Client socket.
public Socket workSocket = null;
// Size of receive buffer.
public const int BufferSize = 1024;
// Receive buffer.
public byte[] buffer = new byte[BufferSize];
// Received data string.
public StringBuilder sb = new StringBuilder();
}
public class AsynchronousSocketListener {
// Thread signal.
public static ManualResetEvent allDone = new ManualResetEvent(false);
public static void StartListening() {
// Data buffer for incoming data.
byte[] bytes = new Byte[1024];
// Establish the local endpoint for the socket.
// The DNS name of the computer
// running the listener is "host.contoso.com".
IPHostEntry ipHostInfo = Dns.Resolve(Dns.GetHostName());
IPAddress ipAddress = ipHostInfo.AddressList[0];
IPEndPoint localEndPoint = new IPEndPoint(ipAddress, 11000);
// Create a TCP/IP socket.
Socket listener = new Socket(AddressFamily.InterNetwork,
SocketType.Stream, ProtocolType.Tcp );
// Bind the socket to the local endpoint and listen for incoming connections.
try {
listener.Bind(localEndPoint);
listener.Listen(100);
while (true) {
// Set the event to nonsignaled state.
allDone.Reset();
// Start an asynchronous socket to listen for connections.
Console.WriteLine("Waiting for a connection...");
listener.BeginAccept(new AsyncCallback(AcceptCallback), listener );
// Wait until a connection is made before continuing.
allDone.WaitOne();
}
}
catch (Exception e) {
Console.WriteLine(e.ToString());
}
Console.WriteLine("\nPress ENTER to continue...");
Console.Read();
}
public static void AcceptCallback(IAsyncResult ar) {
// Signal the main thread to continue.
allDone.Set();
// Get the socket that handles the client request.
Socket listener = (Socket) ar.AsyncState;
Socket handler = listener.EndAccept(ar);
// Create the state object.
StateObject state = new StateObject();
state.workSocket = handler;
handler.BeginReceive( state.buffer, 0, StateObject.BufferSize, 0,
new AsyncCallback(ReadCallback), state);
}
public static void ReadCallback(IAsyncResult ar) {
String content = String.Empty;
// Retrieve the state object and the handler socket
// from the asynchronous state object.
StateObject state = (StateObject) ar.AsyncState;
Socket handler = state.workSocket;
// Read data from the client socket.
int bytesRead = handler.EndReceive(ar);
if (bytesRead > 0) {
// There might be more data, so store the data received so far.
state.sb.Append(Encoding.ASCII.GetString(
state.buffer,0,bytesRead));
// Check for end-of-file tag. If it is not there, read
// more data.
content = state.sb.ToString();
if (content.IndexOf("<EOF>") > -1) {
// All the data has been read from the
// client. Display it on the console.
Console.WriteLine("Read {0} bytes from socket. \n Data : {1}",
content.Length, content );
// Echo the data back to the client.
Send(handler, content);
}
else {
// Not all data received. Get more.
handler.BeginReceive(state.buffer, 0, StateObject.BufferSize, 0,
new AsyncCallback(ReadCallback), state);
}
}
}
private static void Send(Socket handler, String data) {
// Convert the string data to byte data using ASCII encoding.
byte[] byteData = Encoding.ASCII.GetBytes(data);
// Begin sending the data to the remote device.
handler.BeginSend(byteData, 0, byteData.Length, 0,
new AsyncCallback(SendCallback), handler);
}
private static void SendCallback(IAsyncResult ar) {
try {
// Retrieve the socket from the state object.
Socket handler = (Socket) ar.AsyncState;
// Complete sending the data to the remote device.
int bytesSent = handler.EndSend(ar);
Console.WriteLine("Sent {0} bytes to client.", bytesSent);
handler.Shutdown(SocketShutdown.Both);
handler.Close();
}
catch (Exception e) {
Console.WriteLine(e.ToString());
}
}
public static int Main(String[] args) {
StartListening();
return 0;
}
}
答案 0 :(得分:2)
不确定如何在C#中执行此操作,但可以完成in Java using the SSLEngine。通常认为该API难以编程。所以,是的,可以使用异步套接字进行SSL / TLS,但我不确定Java的SSLEngine是等价的。也许在C#中还有另一个(更好的?)API。
在这条路径上几乎不可避免地遇到一些问题(基于Java经验,但这在C#中同样适用):
虽然SSLSocket倾向于在与正常Socket类似的行为方面做得很公平,但由于SSL / TLS的性质,存在轻微的边缘情况。对于异步I / O,这些差异的影响更为重要。 this (rather long) answer to "Properly closing SSLSocket" (in Java)中描述了其中一些问题。
此外,某些SSL / TLS行为相对于应用程序层已经定义不明确,并且对异步行为有点麻烦。我考虑了客户端证书重新协商(或一般的重新协商)。使用SSL / TLS,任何一方原则上都可以启动重新协商握手。例如,如果您只使用Apache Httpd中的客户端证书保护一个目录,或者只有一部分Web应用程序在Java容器中需要CLIENT-CERT,则会执行此操作。使用客户端证书身份验证时,即使IIS默认使用重新协商。这包括在SSL / TLS连接期间进行第二次握手(有效地从客户端获取更多信息:客户端证书)。
当它工作时(通常使用阻止I / O),流量看起来像这样(这里有SSL和HTTP层):
C->S SSL Client Hello
S->C SSL Server Hello, Certificate, Server Hello Done
C->S SSL Client Key Exchange, Change Cipher Spec, Finished
S->C SSL Change Cipher Spec
(then encrypted)
C->S SSL Finished
C->S HTTP GET /.../
S->C SSL Hello Request
C->S SSL Client Hello
S->C SSL Server Hello, Certificate, Certificate Request, Server Hello Done
C->S SSL Certificate, Client Key Exchange, Certificate Verify, Change Cipher
Spec, Finished
S->C SSL Change Cipher Spec
C->S SSL Finished
S->C HTTP 200 OK
在异步模式下重新协商非常棘手,因为重新协商应该同时应用于流量的两端。因此,SSL / TLS会话的基础属性可能在应用程序层使用期间发生变化(通常不希望处理此问题)。假设某些SSL / TLS设置,一方仍然可以发送数据,同时重新协商,从而影响双方。
所有这些的实施可能很困难,例如,如Grizzly issue所示。
答案 1 :(得分:2)
我自己一直在寻找一个答案来支持使用C#通过tcp / ip套接字支持TLS / SSL并运行this using Stream Sockets
答案 2 :(得分:0)
直接套接字通信适用于会话 OSI模型层。 TLS和SSL在演示文稿层(高于会话)工作。所以不,AFAIK你不能直接使用套接字并具有SSL或TLS级别的安全性。
答案 3 :(得分:0)
在.NET中,使用SslStream类。它拥有在.NET中构建SSL客户端/服务器所需的一切。很容易集成。适用于所有版本的.NET。