question

LacherPaullacherpm-3218 avatar image
0 Votes"
LacherPaullacherpm-3218 asked XingyuZhao-MSFT commented

Microsoft Tutorial Question SslStream Listener_Client

My question(s) are:
1. Am I making any file to replace Arg(0)? ; Instead of Arg(0), Arg(filepath\name) with the listener? Self Validating Certificate????
2. Similar with Arg(1) in the client example ; am I entering the IP to replace the Arg(1) as Arg(IPaddress)?

I plan to convert the code to webforms and send/receive certificate signed encrypted messages(strings) between my desktop and my laptop. I bought a public IP and writing an end to end encrypted content management system in theory. Just getting the console version actively listening/receiving as two apps would be a great start.

Here is a link to a console app how to for sslstream in net5/VB.
system.net.security.sslstream




The actual example(s):

 Imports System.Collections
 Imports System.Net
 Imports System.Net.Sockets
 Imports System.Net.Security
 Imports System.Security.Authentication
 Imports System.Text
 Imports System.Security.Cryptography.X509Certificates
 Imports System.IO
    
 Namespace Examples.System.Net
     Public NotInheritable Class SslTcpServer
         Shared serverCertificate As X509Certificate = Nothing
    
         ' The certificate parameter specifies the name of the file 
         ' containing the machine certificate.
         Public Shared Sub RunServer(certificate As String)
             serverCertificate = X509Certificate.CreateFromCertFile(certificate)
             ' Create a TCP/IP (IPv4) socket And listen for incoming connections.
             Dim listener = New TcpListener(IPAddress.Any, 8080)
             listener.Start()
    
             While True
                 Console.WriteLine("Waiting for a client to connect...")
                 ' Application blocks while waiting for an incoming connection.
                 ' Type CNTL-C to terminate the server.
                 Dim client As TcpClient = listener.AcceptTcpClient()
                 ProcessClient(client)
             End While
         End Sub
         Private Shared Sub ProcessClient(client As TcpClient)
             ' A client has connected. Create the 
             ' SslStream using the client's network stream.
             Dim sslStream = New SslStream(client.GetStream(), False)
    
             Try
    
                 sslStream.AuthenticateAsServer(serverCertificate, clientCertificateRequired:=False, checkCertificateRevocation:=True)
                 ' Display the properties And settings for the authenticated stream.
                 DisplaySecurityLevel(sslStream)
                 DisplaySecurityServices(sslStream)
                 DisplayCertificateInformation(sslStream)
                 DisplayStreamProperties(sslStream)
    
                 ' Set timeouts for the read and write to 5 seconds.
                 sslStream.ReadTimeout = 5000
                 sslStream.WriteTimeout = 5000
    
                 ' Read a message from the client.   
                 Console.WriteLine("Waiting for client message...")
                 Dim messageData As String = ReadMessage(sslStream)
                 Console.WriteLine("Received: {0}", messageData)
    
                 ' Write a message to the client.
                 Dim message As Byte() = Encoding.UTF8.GetBytes("Hello from the server.<EOF>")
                 Console.WriteLine("Sending hello message.")
                 sslStream.Write(message)
             Catch e As AuthenticationException
                 Console.WriteLine("Exception: {0}", e.Message)
    
                 If e.InnerException IsNot Nothing Then
                     Console.WriteLine("Inner exception: {0}", e.InnerException.Message)
                 End If
    
                 Console.WriteLine("Authentication failed - closing the connection.")
                 sslStream.Close()
                 client.Close()
                 Return
             Finally
                 ' The client stream will be closed with the sslStream
                 ' because we specified this behavior when creating
                 ' the sslStream.
                 sslStream.Close()
                 client.Close()
             End Try
         End Sub
    
         Private Shared Function ReadMessage(sslStream As SslStream) As String
    
             ' Read the  message sent by the client.
             ' The client signals the end of the message using the
             ' "<EOF>" marker.
             Dim buffer As Byte() = New Byte(2048) {}
             Dim messageData As StringBuilder = New StringBuilder()
             Dim bytes As Integer = -1
    
             Do
                 ' Read the client's test message.
                 bytes = sslStream.Read(buffer, 0, buffer.Length)
    
                 ' Use decoder class to convert from bytes to UTF8
                 ' in case a character spans two buffers.
                 Dim decoder As Decoder = Encoding.UTF8.GetDecoder()
                 Dim chars As Char() = New Char(decoder.GetCharCount(buffer, 0, bytes) - 1) {}
                 decoder.GetChars(buffer, 0, bytes, chars, 0)
                 messageData.Append(chars)
    
                 ' Check for EOF or an empty message.
                 If messageData.ToString().IndexOf("<EOF>") <> -1 Then
                     Exit Do
                 End If
             Loop While bytes <> 0
    
             Return messageData.ToString()
         End Function
    
         Private Shared Sub DisplaySecurityLevel(stream As SslStream)
             Console.WriteLine("Cipher: {0} strength {1}", stream.CipherAlgorithm, stream.CipherStrength)
             Console.WriteLine("Hash: {0} strength {1}", stream.HashAlgorithm, stream.HashStrength)
             Console.WriteLine("Key exchange: {0} strength {1}", stream.KeyExchangeAlgorithm, stream.KeyExchangeStrength)
             Console.WriteLine("Protocol: {0}", stream.SslProtocol)
         End Sub
    
         Private Shared Sub DisplaySecurityServices(stream As SslStream)
             Console.WriteLine("Is authenticated: {0} as server? {1}", stream.IsAuthenticated, stream.IsServer)
             Console.WriteLine("IsSigned: {0}", stream.IsSigned)
             Console.WriteLine("Is Encrypted: {0}", stream.IsEncrypted)
         End Sub
    
         Private Shared Sub DisplayStreamProperties(stream As SslStream)
             Console.WriteLine("Can read: {0}, write {1}", stream.CanRead, stream.CanWrite)
             Console.WriteLine("Can timeout: {0}", stream.CanTimeout)
         End Sub
    
         Private Shared Sub DisplayCertificateInformation(stream As SslStream)
             Console.WriteLine("Certificate revocation list checked: {0}", stream.CheckCertRevocationStatus)
             Dim localCertificate As X509Certificate = stream.LocalCertificate
    
             If stream.LocalCertificate IsNot Nothing Then
                 Console.WriteLine("Local cert was issued to {0} and is valid from {1} until {2}.", localCertificate.Subject, localCertificate.GetEffectiveDateString(), localCertificate.GetExpirationDateString())
             Else
                 Console.WriteLine("Local certificate is null.")
             End If
    
             ' Display the properties of the client's certificate.
             Dim remoteCertificate As X509Certificate = stream.RemoteCertificate
    
             If stream.RemoteCertificate IsNot Nothing Then
                 Console.WriteLine("Remote cert was issued to {0} and is valid from {1} until {2}.", remoteCertificate.Subject, remoteCertificate.GetEffectiveDateString(), remoteCertificate.GetExpirationDateString())
             Else
                 Console.WriteLine("Remote certificate is null.")
             End If
         End Sub
    
         Private Shared Sub DisplayUsage()
             Console.WriteLine("To start the server specify:")
             Console.WriteLine("serverSync certificateFile.cer")
             Environment.[Exit](1)
         End Sub
    
         Public Shared Function Main(ByVal args As String()) As Integer
             Dim certificate As String
    
             If args Is Nothing OrElse args.Length < 1 Then
                 DisplayUsage()
             End If
    
             certificate = args(0)
             RunServer(certificate)
             Return 0
         End Function
     End Class
 End Namespace


The Client:

 Imports System.Collections
 Imports System.Net
 Imports System.Net.Security
 Imports System.Net.Sockets
 Imports System.Security.Authentication
 Imports System.Text
 Imports System.Security.Cryptography.X509Certificates
 Imports System.IO
    
 Namespace Examples.System.Net
    
     Public Class SslTcpClient
            
         ' The following method is invoked by the RemoteCertificateValidationDelegate.
         Public Shared Function ValidateServerCertificate(
             sender As Object, 
             certificate As X509Certificate, 
             chain As X509Chain, 
             sslPolicyErrors As SslPolicyErrors) As Boolean
                
             If sslPolicyErrors = SslPolicyErrors.None Then Return True
    
             Console.WriteLine("Certificate error: {0}", sslPolicyErrors)
    
             ' Do not allow this client to communicate with unauthenticated servers.
             Return False
         End Function
         Public Shared Sub RunClient(machineName As String, serverName As String)
    
             ' Create a TCP/IP client socket.
             ' machineName is the host running the server application.
             Dim client = New TcpClient(machineName, 443)
             Console.WriteLine("Client connected.")
    
             ' Create an SSL stream that will close the client's stream.
             Dim sslStream = New SslStream(
                 client.GetStream(), False, 
                 New RemoteCertificateValidationCallback(AddressOf ValidateServerCertificate), Nothing)
    
             ' The server name must match the name on the server certificate.
             Try
                 sslStream.AuthenticateAsClient(serverName)
             Catch e As AuthenticationException
                 Console.WriteLine("Exception: {0}", e.Message)
    
                 If e.InnerException IsNot Nothing Then
                     Console.WriteLine("Inner exception: {0}", e.InnerException.Message)
                 End If
    
                 Console.WriteLine("Authentication failed - closing the connection.")
                 client.Close()
                 Return
             End Try
                
             ' Encode a test message into a byte array.
             ' Signal the end of the message using the "<EOF>".
             Dim messsage As Byte() = Encoding.UTF8.GetBytes("Hello from the client.<EOF>")
                
             ' Send hello message to the server.
             sslStream.Write(messsage)
             sslStream.Flush()
             ' Read message from the server.
             Dim serverMessage = ReadMessage(sslStream)
             Console.WriteLine("Server says: {0}", serverMessage)
    
             ' Close the client connection
             client.Close()
             Console.WriteLine("Client closed.")
         End Sub
            
         Private Shared Function ReadMessage(sslStream As SslStream) As String
    
             ' Read the  message sent by the server.
             ' The end of the message is signaled using the "<EOF>" marker.
             Dim buffer = New Byte(2048) {}
             Dim messageData = New StringBuilder()
             Dim bytes As Integer
    
             Do
                 bytes = sslStream.Read(buffer, 0, buffer.Length)
    
                 ' Use Decoder class to convert from bytes to UTF8
                 ' in case a character spans two buffers.        
                 Dim decoder As Decoder = Encoding.UTF8.GetDecoder()
                 Dim chars = New Char(decoder.GetCharCount(buffer, 0, bytes) - 1) {}
                 decoder.GetChars(buffer, 0, bytes, chars, 0)
                 messageData.Append(chars)
    
                 ' Check for EOF.
                 If messageData.ToString().IndexOf("<EOF>") <> -1 Then Exit Do
                    
             Loop While bytes <> 0
    
             Return messageData.ToString()
    
         End Function
    
         Private Shared Sub DisplayUsage()
    
             Console.WriteLine("To start the client specify:")
             Console.WriteLine("clientSync machineName [serverName]")
             Environment.[Exit](1)
    
         End Sub
    
         Public Shared Function Main(args As String()) As Integer
    
             Dim serverCertificateName As String
             Dim machineName As String
    
             If args Is Nothing OrElse args.Length < 1 Then
                 DisplayUsage()
             End If
    
             ' User can specify the machine name and server name.
             ' Server name must match the name on the server's certificate. 
             machineName = args(0)
    
             If args.Length < 2 Then
                 serverCertificateName = machineName
             Else
                 serverCertificateName = args(1)
             End If
    
             SslTcpClient.RunClient(machineName, serverCertificateName)
    
             Return 0
    
         End Function
    
     End Class
    
 End Namespace


dotnet-visual-basic
· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @LacherPaullacherpm-3218 ,
Take a look at the following reference.
SSLStream example - how do I get certificates that work?
The code in the reference is C#, and you can convert it to VB. NET.


0 Votes 0 ·

Hello!,
I've seen that example. The one supplied I've probably made more progress with and reminiscent of class. I'm not getting any certificates showing after looking through mmc. It might be the .pfx I'm missing. I'm not certain what is the purpose of pvk2pfx.exe. The server says can't extract public key out of .resulting .cer certs.
I've been saving the separate examples as .cmd then typing certificateFile after .cmd in prompt. Should I place folder destinations before each %1 to import certificates where needed?


makecert.exe ^
-n "CN=localhost, CA=Name, O=AS, OU=Dev, L=Mantua, S=Ohio, C=US" ^
-r ^
-pe ^
-a sha512 ^
-len 4096 ^
-cy authority ^
-sv %1.pvk ^
%1.cer

pvk2pfx.exe ^
-pvk %1.pvk ^
-spc %1.cer ^
-pfx %1.pfx ^
-po 1234

/////////////////////////////////////////////////////////////////
makecert.exe ^
-n "CN=localhost.com" -iv CARoot.pvk -ic CARoot.cer ^
-pe ^
-a sha512 ^
-len 4096 ^
-sky exchange ^
-eku 1.3.6.1.5.5.7.3.1 ^
-sv %1.pvk ^
%1.cer

pvk2pfx.exe ^
-pvk %1.pvk ^
-spc %1.cer ^
-pfx %1.pfx ^
-po 1234

0 Votes 0 ·

Even with Powershell. I got a key certificate to the app folder, but the server script just ignores everything. Begining to debate whether it's from having IIS active at one point.

123733-screenshot-168.png


0 Votes 0 ·
screenshot-168.png (303.9 KiB)
Show more comments

0 Answers