带TLS/SSL的异步套接字
本文关键字:异步 套接字 SSL TLS | 更新日期: 2023-09-27 18:20:58
我在MSDN上看到了以下示例程序:异步套接字。我试过这个程序,运行正常。是否可以修改异步套接字以支持TLS/SSL?怎么做?
using System;
using System.Net;
using System.Net.Sockets;
using System.Text;
using System.Threading;
// State object for reading client data asynchronously
public class StateObject {
// Client socket.
public Socket workSocket = null;
// Size of receive buffer.
public const int BufferSize = 1024;
// Receive buffer.
public byte[] buffer = new byte[BufferSize];
// Received data string.
public StringBuilder sb = new StringBuilder();
}
public class AsynchronousSocketListener {
// Thread signal.
public static ManualResetEvent allDone = new ManualResetEvent(false);
public static void StartListening() {
// Data buffer for incoming data.
byte[] bytes = new Byte[1024];
// Establish the local endpoint for the socket.
// The DNS name of the computer
// running the listener is "host.contoso.com".
IPHostEntry ipHostInfo = Dns.Resolve(Dns.GetHostName());
IPAddress ipAddress = ipHostInfo.AddressList[0];
IPEndPoint localEndPoint = new IPEndPoint(ipAddress, 11000);
// Create a TCP/IP socket.
Socket listener = new Socket(AddressFamily.InterNetwork,
SocketType.Stream, ProtocolType.Tcp );
// Bind the socket to the local endpoint and listen for incoming connections.
try {
listener.Bind(localEndPoint);
listener.Listen(100);
while (true) {
// Set the event to nonsignaled state.
allDone.Reset();
// Start an asynchronous socket to listen for connections.
Console.WriteLine("Waiting for a connection...");
listener.BeginAccept(new AsyncCallback(AcceptCallback), listener );
// Wait until a connection is made before continuing.
allDone.WaitOne();
}
}
catch (Exception e) {
Console.WriteLine(e.ToString());
}
Console.WriteLine("'nPress ENTER to continue...");
Console.Read();
}
public static void AcceptCallback(IAsyncResult ar) {
// Signal the main thread to continue.
allDone.Set();
// Get the socket that handles the client request.
Socket listener = (Socket) ar.AsyncState;
Socket handler = listener.EndAccept(ar);
// Create the state object.
StateObject state = new StateObject();
state.workSocket = handler;
handler.BeginReceive( state.buffer, 0, StateObject.BufferSize, 0,
new AsyncCallback(ReadCallback), state);
}
public static void ReadCallback(IAsyncResult ar) {
String content = String.Empty;
// Retrieve the state object and the handler socket
// from the asynchronous state object.
StateObject state = (StateObject) ar.AsyncState;
Socket handler = state.workSocket;
// Read data from the client socket.
int bytesRead = handler.EndReceive(ar);
if (bytesRead > 0) {
// There might be more data, so store the data received so far.
state.sb.Append(Encoding.ASCII.GetString(
state.buffer,0,bytesRead));
// Check for end-of-file tag. If it is not there, read
// more data.
content = state.sb.ToString();
if (content.IndexOf("<EOF>") > -1) {
// All the data has been read from the
// client. Display it on the console.
Console.WriteLine("Read {0} bytes from socket. 'n Data : {1}",
content.Length, content );
// Echo the data back to the client.
Send(handler, content);
}
else {
// Not all data received. Get more.
handler.BeginReceive(state.buffer, 0, StateObject.BufferSize, 0,
new AsyncCallback(ReadCallback), state);
}
}
}
private static void Send(Socket handler, String data) {
// Convert the string data to byte data using ASCII encoding.
byte[] byteData = Encoding.ASCII.GetBytes(data);
// Begin sending the data to the remote device.
handler.BeginSend(byteData, 0, byteData.Length, 0,
new AsyncCallback(SendCallback), handler);
}
private static void SendCallback(IAsyncResult ar) {
try {
// Retrieve the socket from the state object.
Socket handler = (Socket) ar.AsyncState;
// Complete sending the data to the remote device.
int bytesSent = handler.EndSend(ar);
Console.WriteLine("Sent {0} bytes to client.", bytesSent);
handler.Shutdown(SocketShutdown.Both);
handler.Close();
}
catch (Exception e) {
Console.WriteLine(e.ToString());
}
}
public static int Main(String[] args) {
StartListening();
return 0;
}
}
不知道如何在C#中实现,但可以使用SSLEngine在Java中实现。这个API通常被认为很难编程。因此,是的,可以使用SSL/TLS的异步套接字,但我不确定Java的SSLEngine的等价物是什么。也许在C#中还有另一个(更好的?)API。
在这条路上,你几乎不可避免地会遇到一些问题(基于Java经验,但这在C#中也同样适用):
虽然SSLSocket s的行为与正常Socket s相似,但由于SSL/TLS的性质,存在轻微的边缘情况。对于异步I/O,这些差异的影响更为重要。其中一些问题在这个(相当长的)对"正确关闭SSLSocket"(Java)的回答中进行了描述。
此外,一些SSL/TLS行为在应用层方面已经定义不清,异步行为会变得更加混乱。我有客户证书重新协商(或一般重新协商)的想法。使用SSL/TLS,任何一方原则上都可以发起重新协商握手。例如,如果您在Apache Httpd中只使用客户端证书保护一个目录,或者如果web应用程序的一部分在Java容器中只需要CLIENT-CERT,则可以执行此操作。在使用客户端证书身份验证时,默认情况下,即使IIS也会使用重新协商。这包括在SSL/TLS连接期间进行第二次握手(有效地从客户端获取更多信息:其客户端证书)。
当它工作时(通常带有阻塞I/O),流量看起来是这样的(这里是SSL和HTTP层):
C->S SSL Client Hello
S->C SSL Server Hello, Certificate, Server Hello Done
C->S SSL Client Key Exchange, Change Cipher Spec, Finished
S->C SSL Change Cipher Spec
(then encrypted)
C->S SSL Finished
C->S HTTP GET /.../
S->C SSL Hello Request
C->S SSL Client Hello
S->C SSL Server Hello, Certificate, Certificate Request, Server Hello Done
C->S SSL Certificate, Client Key Exchange, Certificate Verify, Change Cipher
Spec, Finished
S->C SSL Change Cipher Spec
C->S SSL Finished
S->C HTTP 200 OK
异步模式下的重新协商非常棘手,因为重新协商应该同时适用于流量的双方。因此,SSL/TLS会话的底层属性可能会在应用层使用过程中发生变化(通常不希望应用层处理此问题)。在重新协商发生时,一方可能仍然在假设某些SSL/TLS设置的情况下发送数据,从而影响双方。
所有这一切的实现都可能很困难,例如,正如Grizzly的这个问题所示。
我自己也在寻找一个使用C#支持tcp/ip套接字上的TLS/SSL的答案,并使用流套接字
直接套接字通信在会话OSI模型层上工作。TLS和SSL在演示层(高于会话)工作。所以,不,AFAIK您不能直接使用套接字,并且具有SSL或TLS级别的安全性。
查看OSI模型
在.NET中,使用SslStream类。它拥有在.NET中构建SSL客户端/服务器所需的一切。非常容易集成。适用于所有版本的.NET.