EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Intergrating Blackbox SSL into existing application

Also by EldoS: BizCrypto
Components for BizTalk® and SQL Server® Integration Services that let you securely store and transfer information in your business automation solutions.
#14417
Posted: 09/09/2010 03:54:59
by Adam Shaw (Priority Standard support level)
Joined: 09/08/2010
Posts: 10

Hi,

I'am currently trying to implement the Blackbox SSL solution into our existing application, this app currently uses Microsofts .NET SSLStream implementation for secure tcp/ip.

The way it does this is to create a listening .Net Socket and when the EndAccept completes we wrap the new socket in an SSLStream, load the Certificate and call the AuthenticateAsServer method, then call BeginReceive.

I have replaced the SSLStream with ElServerSSLSocket like this..

elServerSSLSocket = new ElServerSSLSocket();
elServerSSLSocket.Socket = this.socket;
elServerSSLSocket.OnCertificateValidate += new SSLCommon.TSBCertificateValidateEvent(ValidateServerCertificate);

TElMemoryCertStorage certStore = new TElMemoryCertStorage();
certStore.Add(this.certificate, false);
elServerSSLSocket.CertStorage = certStore;
elServerSSLSocket.OpenSSLSession();

However the OpenSSLSession call just blocks.

Is this the correct sequence or am I missing something?

The client side is using the Mentalis SSL implementation. I have used your example apps as a proof of concept that we can do this and it works correctly.
#14423
Posted: 09/09/2010 12:21:49
by Eugene Mayevski (EldoS Corp.)

If the sample works, then the problem is in your code, that's clear. The question is what is wrong in the code. Try handing OnError and see whether any error is reported.


Sincerely yours
Eugene Mayevski
#14429
Posted: 09/10/2010 02:27:26
by Adam Shaw (Priority Standard support level)
Joined: 09/08/2010
Posts: 10

I have created a very basic client/server both using BlackBox SSL following roughly what our application does. However I still get the same issue the program blocks on the OpenSSLSession method. I must be missing a step.

Any ideas?

SERVER CODE
*********************************

namespace ServerSSL
{
class Program
{
static void Main(string[] args)
{
SBUtils.Unit.SetLicenseKey("REMOVED");
ServerSSL serverSSL = new ServerSSL("TARS-ASHA-01", 1234);
}

}

public class ServerSSL
{
private string host;
private int port;
private Socket socket;
private IPEndPoint ipEndpoint;

public ServerSSL(string host, int port)
{
this.host = host;
this.port = port;

socket = new Socket(AddressFamily.InterNetwork, System.Net.Sockets.SocketType.Stream, ProtocolType.Tcp);
ipEndpoint = new IPEndPoint(System.Net.Dns.GetHostEntry(host).AddressList[0], this.port);
socket.Bind(ipEndpoint);
socket.Listen(10);
Socket clSocket = socket.Accept();

TElX509Certificate cetificate = GetCertificateDetails();

ElServerSSLSocket elServerSSLSocket = new ElServerSSLSocket(clSocket);

TElMemoryCertStorage certStore = new TElMemoryCertStorage();
certStore.Add(cetificate, false);
elServerSSLSocket.CertStorage = certStore;

elServerSSLSocket.OnCertificateValidate += new SBSSLCommon.TSBCertificateValidateEvent(elServerSSLSocket_OnCertificateValidate);
elServerSSLSocket.OnError += new SBSSLCommon.TSBErrorEvent(elServerSSLSocket_OnError);
elServerSSLSocket.OpenSSLSession();

}

void elServerSSLSocket_OnError(object Sender, int ErrorCode, bool Fatal, bool Remote)
{
throw new NotImplementedException();
}

void elServerSSLSocket_OnCertificateValidate(object Sender, TElX509Certificate X509Certificate, ref bool Validate)
{
throw new NotImplementedException();
}

private TElX509Certificate GetCertificateDetails()
{
TElX509Certificate certificate = new TElX509Certificate();
certificate.LoadFromFileAuto(@"C:\Appserver\AppSettings\Configuration\Certificates\Trax.pfx", "password");

return certificate;
}
}
}

CLIENT CODE
*********************************

namespace ClientSSL
{
class Program
{
static void Main(string[] args)
{
SBUtils.Unit.SetLicenseKey("REMOVED");

ElClientSSLSocket elClientSSLSocket = new ElClientSSLSocket();
elClientSSLSocket.SSLEnabled = true;
Socket socket = new Socket(AddressFamily.InterNetwork, System.Net.Sockets.SocketType.Stream, ProtocolType.Tcp);
IPEndPoint ipEndpoint = new IPEndPoint(System.Net.Dns.GetHostEntry("TARS-ASHA-01").AddressList[0], 1234);

TElX509Certificate certificate = new TElX509Certificate();
certificate.LoadFromFileAuto(@"C:\Appserver\AppSettings\Configuration\Certificates\Trax.pfx", "password");

elClientSSLSocket.Socket = socket;
TElMemoryCertStorage certStore = new TElMemoryCertStorage();
certStore.Add(certificate, false);
elClientSSLSocket.CertStorage = certStore;

elClientSSLSocket.Connect(ipEndpoint);

}
}
}
#14440
Posted: 09/13/2010 00:27:14
by Ken Ivanov (EldoS Corp.)

You should use ElServerSSLSocket object for listening purposes as well as for connection purposes (i.e., it's ElServerSSLSocket object whose Bind()/Listen()/Accept() methods are to be called). Please use the server sample as a guide on creating a "native" listening socket and binding it to ElServerSSLSocket (see buttonStart_Click() event handler).
#14447
Posted: 09/13/2010 09:17:29
by Adam Shaw (Priority Standard support level)
Joined: 09/08/2010
Posts: 10

Yes, I sort of understood that I had to use the Bind/List/Accept on ElServerSSLSocket.

However our current SSL implementation uses SSLStream which allows you to pass in a connect socket and then initiate the SSL handshake.

Our current design has to allow for both server and client sockets through the same code.

The problem we currently have is that ESSLServer's EndAccept method returns a type of ESSLServer which I have implemented like this

ElSSLSocket newSocket = socket.EndAccept(ar);

var bp = SocketFactory.CreateBufferProcessoritsConfiguration.BufferProcessor);

return new ClientSslSocket((ElClientSSLSocket)newSocket, bp, socketSecurity.Certificate);

However our ClientSslSocket class would then need to call OpenSSLSession however this is only available on the ElSSlServer class not ElSSlClient.

Also our ClientSslSocket class needs to call BeginConnect as it is used both as a server and a client.

Is there no way to use and established .Net socket connection and enable SSL?
#14448
Posted: 09/13/2010 11:21:28
by Ken Ivanov (EldoS Corp.)

Thank you for the explanation.

There is no way to attach SSL sockets to the already connected native transport socket out-of-the-box. I will check whether we could extend our implementation with this functionality for you.
#14449
Posted: 09/13/2010 13:53:21
by Ken Ivanov (EldoS Corp.)

I think that we will extend the components with the feature you described. This will take a few days.
#14467
Posted: 09/16/2010 01:32:38
by Adam Shaw (Priority Standard support level)
Joined: 09/08/2010
Posts: 10

Thank you very much, this change would be very helpful to us. Do you have an estimate of when you are likely to release this change to help us set the businesses expectations?
#14472
Posted: 09/16/2010 08:42:45
by Ken Ivanov (EldoS Corp.)

I suppose that we will provide the updated components to you tomorrow.
#14487
Posted: 09/17/2010 08:51:56
by Ken Ivanov (EldoS Corp.)

I have created a Helpdesk ticket for you and posted the updated components there.
Also by EldoS: BizCrypto
Components for BizTalk® and SQL Server® Integration Services that let you securely store and transfer information in your business automation solutions.

Reply

Statistics

Topic viewed 3025 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!