Ssl validation callback fix

ReferenceType · ReferenceType · commit ec82ec193f59 · 2022-10-02T22:33:43.000+02:00
diff --git a/Benchmarks/SslBenchmark/Program.cs b/Benchmarks/SslBenchmark/Program.cs
@@ -12,6 +12,7 @@
 using System.Threading.Tasks;
 using NetworkLibrary.TCP.SSL.ByteMessage;
 using System.Security.Cryptography.X509Certificates;
+using System.Net.Security;
 
 namespace SslBenchmark
 {
@@ -32,6 +33,9 @@ private static void Bench()
             int totMsgServer = 0;
             int lastTimeStamp = 1;
             int clientAmount = 100;
+            const int numMsg = 10000;
+            var message = new byte[3200];
+            var response = new byte[3200];
 
             var scert = new X509Certificate2("server.pfx", "greenpass");
             var ccert = new X509Certificate2("client.pfx", "greenpass");
@@ -42,31 +46,39 @@ private static void Bench()
             Stopwatch sw2 = new Stopwatch();
             AutoResetEvent testCompletionEvent = new AutoResetEvent(false);
 
-            var message = new byte[3200];
-            var response = new byte[3200];
+            
 
             server.MaxIndexedMemoryPerClient = 1280000000;
             server.DropOnBackPressure = false;
             server.OnBytesReceived += OnServerReceviedMessage;
+            server.RemoteCertificateValidationCallback += ValidateCertAsServer;
             server.StartServer();
 
             Task[] toWait = new Task[clientAmount];
             for (int i = 0; i < clientAmount; i++)
             {
                 var client = new SslByteMessageClient(ccert);
+                client.RemoteCertificateValidationCallback += ValidateCertAsClient;
                 client.BufferProvider = server.BufferProvider;
                 client.OnBytesReceived += (buffer, offset, count) => OnClientReceivedMessage(client, buffer, offset, count);
                 client.MaxIndexedMemory = server.MaxIndexedMemoryPerClient;
                 client.Connect("127.0.0.1", 2008);
                 clients.Add(client);
             }
 
+            bool ValidateCertAsClient(object sender, X509Certificate? certificate, X509Chain? chain, SslPolicyErrors sslPolicyErrors)
+            {
+                return true;
+            }
+            bool ValidateCertAsServer(object sender, X509Certificate? certificate, X509Chain? chain, SslPolicyErrors sslPolicyErrors)
+            {
+                return true;
+            }
             // -----------------------  Bechmark ---------------------------
             Console.WriteLine("Press enter to start");
-            Console.Read();
+            Console.ReadLine();
             sw2.Start();
 
-            const int numMsg = 10000;
             Parallel.ForEach(clients, client =>
             {
                 for (int i = 0; i < numMsg; i++)
@@ -83,7 +95,7 @@ private static void Bench()
                 cl.SendAsync(new byte[502]);
             }
 
-            
+            // -----------------  End of stress test ---------------------
             Console.WriteLine("All messages are dispatched in :" + sw2.ElapsedMilliseconds +
                 "ms. Press enter to see status");
             Console.ReadLine();
@@ -146,9 +158,7 @@ void OnServerReceviedMessage(Guid id, byte[] arg2, int offset, int count)
 
         }
 
-
-
-
+       
     }
 }
 
diff --git a/Benchmarks/SslBenchmark2/Program.cs b/Benchmarks/SslBenchmark2/Program.cs
@@ -34,6 +34,8 @@ private static void CustomSslTest()
             int lastTimeStamp = 1;
             int clientAmount = 100;
             const int numMsg = 10000;
+            var message = new byte[3200];
+            var response = new byte[3200];
 
 
             var scert = new X509Certificate2("server.pfx", "greenpass");
@@ -45,11 +47,7 @@ private static void CustomSslTest()
             Stopwatch sw2 = new Stopwatch();
             AutoResetEvent testCompletionEvent = new AutoResetEvent(false);
 
-            var message = new byte[3200];
-            var response = new byte[3200];
-
             server.MaxIndexedMemoryPerClient = 1280000000;
-
             server.ClientSendBufsize = 128000;
             server.ClientReceiveBufsize = 128000;
             server.DropOnBackPressure = false;
diff --git a/Benchmarks/TcpBenchmark/Program.cs b/Benchmarks/TcpBenchmark/Program.cs
@@ -35,6 +35,8 @@ private static void TcpTest()
             int lastTimeStamp = 1;
             int clientAmount = 100;
             const int numMsg = 1000000;
+            var message = new byte[32];
+            var response = new byte[32];
 
 
             ByteMessageTcpServer server = new ByteMessageTcpServer(2008, clientAmount*2);
@@ -43,11 +45,6 @@ private static void TcpTest()
             Stopwatch sw2 = new Stopwatch();
             AutoResetEvent testCompletionEvent = new AutoResetEvent(false);
 
-           
-
-            var message = new byte[32];
-            var response = new byte[32];
-
             server.MaxIndexedMemoryPerClient = 1280000000;
             server.ClientSendBufsize = 128000;
             server.ClientReceiveBufsize = 128000;
@@ -87,7 +84,7 @@ private static void TcpTest()
                 
             });
 
-            // final msg to get the tıme elapsed.
+            // final msg to get the time elapsed.
             foreach (var cl in clients)
             {
                 cl.SendAsync(new byte[502]);
diff --git a/NetworkLibrary/TCP/SSL/SslClient.cs b/NetworkLibrary/TCP/SSL/SslClient.cs
@@ -15,7 +15,7 @@ public class SslClient:TcpClientBase
         #region Fields & Props
 
         public BytesRecieved OnBytesReceived;
-        public RemoteCertificateValidationCallback remoteCertificateValidationCallback;
+        public RemoteCertificateValidationCallback RemoteCertificateValidationCallback;
 
         protected Socket clientSocket;
         protected SslStream sslStream;
@@ -38,7 +38,7 @@ public BufferProvider BufferProvider
         public SslClient(X509Certificate2 certificate)
         {
             this.certificate = certificate;
-            remoteCertificateValidationCallback += DefaultValidationCallbackHandler;
+            RemoteCertificateValidationCallback += DefaultValidationCallbackHandler;
         }
 
         private Socket GetSocket()
@@ -123,14 +123,14 @@ private void CheckBufferProvider()
 
         protected virtual bool ValidateCeriticate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
         {
-           return remoteCertificateValidationCallback.Invoke(sender, certificate, chain, sslPolicyErrors);
+           return RemoteCertificateValidationCallback.Invoke(sender, certificate, chain, sslPolicyErrors);
            
         }
 
         private bool DefaultValidationCallbackHandler(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
         {
-            return true;
-            if (sslPolicyErrors == SslPolicyErrors.None || sslPolicyErrors == SslPolicyErrors.RemoteCertificateChainErrors)
+            //return true;
+            if (sslPolicyErrors == SslPolicyErrors.None)
                 return true;
             return false;
         }
diff --git a/NetworkLibrary/TCP/SSL/SslServer.cs b/NetworkLibrary/TCP/SSL/SslServer.cs
@@ -17,6 +17,8 @@ public class SslServer : TcpServerBase
     {
         public BytesRecieved OnBytesReceived;
         public ClientAccepted OnClientAccepted;
+        public RemoteCertificateValidationCallback RemoteCertificateValidationCallback;
+
         // this returns bool
         public ClientConnectionRequest OnClientRequestedConnection;
 
@@ -34,6 +36,7 @@ public SslServer(int port, int maxClients, X509Certificate2 certificate)
             this.certificate = certificate;
             BufferProvider = new BufferProvider(MaxClients, ClientSendBufsize, MaxClients, ClientReceiveBufsize);
             OnClientRequestedConnection = (socket) => true;
+            RemoteCertificateValidationCallback += DefaultValidationCallback;
         }
 
         public override void StartServer()
@@ -80,7 +83,12 @@ protected virtual bool ValidateConnection(Socket clientsocket)
         }
         private bool ValidateCeriticate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
         {
-            if (sslPolicyErrors == SslPolicyErrors.None || sslPolicyErrors == SslPolicyErrors.RemoteCertificateChainErrors)
+            return RemoteCertificateValidationCallback.Invoke(sender, certificate, chain, sslPolicyErrors);
+           
+        }
+        private bool DefaultValidationCallback(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
+        {
+            if (sslPolicyErrors == SslPolicyErrors.None)
                 return true;
             return false;
         }
diff --git a/Tests/UnitTests/ProtocolConsistencyTests.cs b/Tests/UnitTests/ProtocolConsistencyTests.cs
@@ -12,6 +12,7 @@
 using System.Security.Cryptography.X509Certificates;
 using NetworkLibrary.TCP.SSL.ByteMessage;
 using NetworkLibrary.TCP.SSL.Custom;
+using System.Net.Security;
 
 namespace UnitTests
 {
@@ -449,13 +450,14 @@ public void SSlMessageRushConsistencyTest()
             server.MaxIndexedMemoryPerClient = 128000000;
             server.DropOnBackPressure = false;
             server.OnBytesReceived += OnServerReceviedMessage;
-
+            server.RemoteCertificateValidationCallback += ValidateCertAsServer;
             server.StartServer();
 
             Task[] toWait = new Task[clAmount];
             for (int i = 0; i < clAmount; i++)
             {
                 var client = new SslByteMessageClient(ccert);
+                client.RemoteCertificateValidationCallback += ValidateCertAsClient;
                 client.MaxIndexedMemory = server.MaxIndexedMemoryPerClient;
                 client.DropOnCongestion = false;
                 client.OnBytesReceived += (byte[] arg2, int offset, int count) => OnClientReceivedMessage(client, arg2, offset, count);
@@ -467,7 +469,14 @@ public void SSlMessageRushConsistencyTest()
                 clients.TryAdd(client, -1);
             }
 
-            //Task.WaitAll(toWait);
+            bool ValidateCertAsClient(object sender, X509Certificate? certificate, X509Chain? chain, SslPolicyErrors sslPolicyErrors)
+            {
+                return true;
+            }
+            bool ValidateCertAsServer(object sender, X509Certificate? certificate, X509Chain? chain, SslPolicyErrors sslPolicyErrors)
+            {
+                return true;
+            }
 
             Thread.Sleep(1000);
             sw2.Start();
@@ -537,6 +546,7 @@ void OnServerReceviedMessage(Guid id, byte[] arg2, int offset, int count)
         // Send messages between 505-1000000 bytes and validate their order.
         public void SSlRandomSizeConsistencyTest()
         {
+
             const int numMsg = 1000;
             int clAmount = 10;
             int completionCount = clAmount;
@@ -558,13 +568,14 @@ public void SSlRandomSizeConsistencyTest()
             server.MaxIndexedMemoryPerClient = 128000000;
             server.DropOnBackPressure = false;
             server.OnBytesReceived += OnServerReceviedMessage;
-
+            server.RemoteCertificateValidationCallback += ValidateCertAsServer;
             server.StartServer();
 
             Task[] toWait = new Task[clAmount];
             for (int i = 0; i < clAmount; i++)
             {
                 var client = new SslByteMessageClient(ccert);
+                client.RemoteCertificateValidationCallback += ValidateCertAsClient;
                 client.MaxIndexedMemory = server.MaxIndexedMemoryPerClient;
                 client.DropOnCongestion = false;
                 client.OnBytesReceived += (byte[] arg2, int offset, int count) => OnClientReceivedMessage(client, arg2, offset, count);
@@ -575,6 +586,15 @@ public void SSlRandomSizeConsistencyTest()
                 clients.TryAdd(client, -1);
             }
 
+
+            bool ValidateCertAsClient(object sender, X509Certificate? certificate, X509Chain? chain, SslPolicyErrors sslPolicyErrors)
+            {
+                return true;
+            }
+            bool ValidateCertAsServer(object sender, X509Certificate? certificate, X509Chain? chain, SslPolicyErrors sslPolicyErrors)
+            {
+                return true;
+            }
             Task.WaitAll(toWait);
 
             // Messages starts here

Original file line number	Diff line number	Diff line change
`@@ -15,7 +15,7 @@ public class SslClient:TcpClientBase`
`15`	`15`	`#region Fields & Props`
`16`	`16`
`17`	`17`	`public BytesRecieved OnBytesReceived;`
`18`		`- public RemoteCertificateValidationCallback remoteCertificateValidationCallback;`
	`18`	`+ public RemoteCertificateValidationCallback RemoteCertificateValidationCallback;`
`19`	`19`
`20`	`20`	`protected Socket clientSocket;`
`21`	`21`	`protected SslStream sslStream;`
`@@ -38,7 +38,7 @@ public BufferProvider BufferProvider`
`38`	`38`	`public SslClient(X509Certificate2 certificate)`
`39`	`39`	`{`
`40`	`40`	`this.certificate = certificate;`
`41`		`- remoteCertificateValidationCallback += DefaultValidationCallbackHandler;`
	`41`	`+ RemoteCertificateValidationCallback += DefaultValidationCallbackHandler;`
`42`	`42`	`}`
`43`	`43`
`44`	`44`	`private Socket GetSocket()`
`@@ -123,14 +123,14 @@ private void CheckBufferProvider()`
`123`	`123`
`124`	`124`	`protected virtual bool ValidateCeriticate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)`
`125`	`125`	`{`
`126`		`- return remoteCertificateValidationCallback.Invoke(sender, certificate, chain, sslPolicyErrors);`
	`126`	`+ return RemoteCertificateValidationCallback.Invoke(sender, certificate, chain, sslPolicyErrors);`
`127`	`127`
`128`	`128`	`}`
`129`	`129`
`130`	`130`	`private bool DefaultValidationCallbackHandler(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)`
`131`	`131`	`{`
`132`		`- return true;`
`133`		`- if (sslPolicyErrors == SslPolicyErrors.None \|\| sslPolicyErrors == SslPolicyErrors.RemoteCertificateChainErrors)`
	`132`	`+ //return true;`
	`133`	`+ if (sslPolicyErrors == SslPolicyErrors.None)`
`134`	`134`	`return true;`
`135`	`135`	`return false;`
`136`	`136`	`}`
Original file line number	Diff line number	Diff line change
`@@ -17,6 +17,8 @@ public class SslServer : TcpServerBase`
`17`	`17`	`{`
`18`	`18`	`public BytesRecieved OnBytesReceived;`
`19`	`19`	`public ClientAccepted OnClientAccepted;`
	`20`	`+ public RemoteCertificateValidationCallback RemoteCertificateValidationCallback;`
	`21`	`+`
`20`	`22`	`// this returns bool`
`21`	`23`	`public ClientConnectionRequest OnClientRequestedConnection;`
`22`	`24`
`@@ -34,6 +36,7 @@ public SslServer(int port, int maxClients, X509Certificate2 certificate)`
`34`	`36`	`this.certificate = certificate;`
`35`	`37`	`BufferProvider = new BufferProvider(MaxClients, ClientSendBufsize, MaxClients, ClientReceiveBufsize);`
`36`	`38`	`OnClientRequestedConnection = (socket) => true;`
	`39`	`+ RemoteCertificateValidationCallback += DefaultValidationCallback;`
`37`	`40`	`}`
`38`	`41`
`39`	`42`	`public override void StartServer()`
`@@ -80,7 +83,12 @@ protected virtual bool ValidateConnection(Socket clientsocket)`
`80`	`83`	`}`
`81`	`84`	`private bool ValidateCeriticate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)`
`82`	`85`	`{`
`83`		`- if (sslPolicyErrors == SslPolicyErrors.None \|\| sslPolicyErrors == SslPolicyErrors.RemoteCertificateChainErrors)`
	`86`	`+ return RemoteCertificateValidationCallback.Invoke(sender, certificate, chain, sslPolicyErrors);`
	`87`	`+`
	`88`	`+ }`
	`89`	`+ private bool DefaultValidationCallback(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)`
	`90`	`+ {`
	`91`	`+ if (sslPolicyErrors == SslPolicyErrors.None)`
`84`	`92`	`return true;`
`85`	`93`	`return false;`
`86`	`94`	`}`