←Select platform

DicomOpenSslVerificationFlags Enumeration

Summary
Specifies the verification mode to be used.
Syntax
C#
C++/CLI
[FlagsAttribute()] 
public enum DicomOpenSslVerificationFlags   
[FlagsAttribute()] 
public enum class DicomOpenSslVerificationFlags   
Members
ValueMemberDescription
0x00000000None Server mode: No request for a certificate is sent to the client, and the client should not send a certificate. Client mode: If the server sends a certificate, it will be verified, but failure will not terminate communication. This flag should not be used in conjunction with any other flag.
0x00000001Peer Server mode: A request for a certificate is sent to the client. The client can ignore the request, but if the client does send a certificate, it will be verified. If verification fails, communication is terminated. Client mode: If the server sends a certificate, it is verified. If verification fails, communication is terminated.
0x00000002FailIfNoPeerCertificate Server mode: If the client does not send a certificate, or if a certificate is sent that fails verification, then communication is terminated. This flag must be combined with Peer. Client mode: This flag is ignored.
0x00000004ClientOnce Server mode: During initial negotiation, a certificate is requested from the client. During renegotiation, no certificates are requested. This flag must be used with Peer">. Client mode: This flag is ignored.
0x00000007All Internal use only.
Example
C#
using Leadtools; 
using Leadtools.Dicom; 
 
 
[StructLayout(LayoutKind.Sequential)] 
public struct MSG 
{ 
   public IntPtr hwnd; 
   public uint message; 
   public IntPtr wParam; 
   public IntPtr lParam; 
   public uint time; 
   public System.Drawing.Point p; 
} 
 
public enum WaitReturn 
{ 
   Complete, 
   Timeout, 
} 
 
class Utils 
{ 
   [DllImport("user32.dll")] 
   [return: MarshalAs(UnmanagedType.Bool)] 
   static extern bool PeekMessage(out MSG lpMsg, IntPtr hWnd, 
                                  uint wMsgFilterMin, uint wMsgFilterMax, 
                                  uint wRemoveMsg); 
 
   [DllImport("user32.dll")] 
   static extern bool TranslateMessage([In] ref MSG lpMsg); 
   [DllImport("user32.dll")] 
   static extern IntPtr DispatchMessage([In] ref MSG lpmsg); 
 
   const uint PM_REMOVE = 1; 
 
   public static WaitReturn WaitForComplete(double mill, WaitHandle wh) 
   { 
      TimeSpan goal = new TimeSpan(DateTime.Now.AddMilliseconds(mill).Ticks); 
 
      do 
      { 
         MSG msg = new MSG(); 
 
         if (PeekMessage(out msg, IntPtr.Zero, 0, 0, PM_REMOVE)) 
         { 
            TranslateMessage(ref msg); 
            DispatchMessage(ref msg); 
         } 
 
         if (wh.WaitOne(new TimeSpan(0, 0, 0), false)) 
         { 
            return WaitReturn.Complete; 
         } 
 
         if (goal.CompareTo(new TimeSpan(DateTime.Now.Ticks)) < 0) 
         { 
            return WaitReturn.Timeout; 
         } 
 
      } while (true); 
   } 
 
   public static void SetupTlsContext(DicomNet net, string certName) 
   { 
      string serverCA = Path.Combine(LEAD_VARS.ImagesDir, "ca.pem"); 
 
      if (net != null) 
      { 
         DicomOpenSslContextCreationSettings settings = new DicomOpenSslContextCreationSettings( 
            DicomSslMethodType.SslV23, 
            serverCA, 
            DicomOpenSslVerificationFlags.Peer | DicomOpenSslVerificationFlags.FailIfNoPeerCertificate, 
            2, 
            DicomOpenSslOptionsFlags.NoSslV2 | DicomOpenSslOptionsFlags.AllBugWorkarounds 
            ); 
         net.Initialize(null, DicomNetSecurityMode.Tls, settings); 
         net.SetTlsClientCertificate(certName, DicomTlsCertificateType.Pem, null); 
      } 
   } 
} 
 
//  
// Secure client (TLS)  
//  
class Client : DicomNet 
{ 
   AutoResetEvent waitEvent = new AutoResetEvent(false); 
   string clientPEM = Path.Combine(LEAD_VARS.ImagesDir, "client.pem"); 
 
   public Client() 
      : base(null, DicomNetSecurityMode.Tls) 
   { 
      SetTlsCipherSuiteByIndex(0, DicomTlsCipherSuiteType.DheRsaWithDesCbcSha); 
      Utils.SetupTlsContext(this, clientPEM); 
   } 
 
   public bool Wait() 
   { 
      WaitReturn ret; 
 
      ret = Utils.WaitForComplete((5 * 60) * 1000, waitEvent); 
 
      return (ret == WaitReturn.Complete); 
   } 
 
   protected override void OnConnect(DicomExceptionCode error) 
   { 
      waitEvent.Set(); 
   } 
 
   protected override string OnPrivateKeyPassword(bool encryption) 
   { 
      return "test"; 
   } 
 
   protected override void OnSecureLinkReady(DicomExceptionCode error) 
   { 
      waitEvent.Set(); 
   } 
} 
 
//  
// Secure server (TLS)  
//  
class ServerConnection : DicomNet 
{ 
 
   string serverPEM = Path.Combine(LEAD_VARS.ImagesDir, "server.pem"); 
 
   public ServerConnection() 
      : base(null, DicomNetSecurityMode.Tls) 
   { 
      SetTlsCipherSuiteByIndex(0, DicomTlsCipherSuiteType.DheRsaWith3DesEdeCbcSha); 
      SetTlsClientCertificate(serverPEM, DicomTlsCertificateType.Pem, null); 
   } 
 
   protected override string OnPrivateKeyPassword(bool encryption) 
   { 
      return "test"; 
   } 
 
   // The OnVerify callback gets called twice, once for each certificate in the certificate chain. 
   protected override int OnVerify(int ok, string certificateString, DicomSecurityCertificateException ex) 
   { 
      string certificateMessageString = "Received Client Certificate:\n" + certificateString; 
 
      // Log that the SCP received the Client Certificate 
      Debug.WriteLine(certificateMessageString); 
 
      if (ex.Code != DicomSecurityCertificateExceptionCode.Success) 
      { 
         string message = string.Format("Error {0}: {1}", ex.Code, ex.Message); 
 
         // Log the error with Client Certificate 
         Debug.WriteLine(message); 
      } 
      return ok; 
   } 
} 
 
class Server : DicomNet 
{ 
   string serverPEM = Path.Combine(LEAD_VARS.ImagesDir, "server.pem"); 
 
   ServerConnection client; 
 
   public Server() 
      : base(null, DicomNetSecurityMode.Tls) 
   { 
      SetTlsCipherSuiteByIndex(0, DicomTlsCipherSuiteType.DheRsaWith3DesEdeCbcSha); 
      Utils.SetupTlsContext(this, serverPEM); 
   } 
 
   protected override void OnAccept(DicomExceptionCode error) 
   { 
      client = new ServerConnection(); 
 
      Utils.SetupTlsContext(client, serverPEM); 
 
      Accept(client); 
   } 
 
   protected override string OnPrivateKeyPassword(bool encryption) 
   { 
      return "test"; 
   } 
 
   protected override void Dispose(bool __p1) 
   { 
      client.Dispose(); 
      base.Dispose(__p1); 
   } 
} 
 
public void TLSSecuritySample() 
{ 
   //Assert test to check file exists before running code 
   string clientPEM = Path.Combine(LEAD_VARS.ImagesDir, "ca.pem"); 
   Assert.IsTrue(File.Exists(clientPEM) == true, "Missing file: " + clientPEM); 
 
   DicomEngine.Startup(); 
   DicomNet.Startup(); 
 
   using (Server server = new Server()) 
   { 
      using (Client client = new Client()) 
      { 
         server.Listen("127.0.0.1", 104, 1); // start server  
         client.Connect(null, 1000, "127.0.0.1", 104); // connect to server  
         if (!client.Wait()) // wait for connection to finish  
         { 
            Debug.Fail("Connection timed out"); 
         } 
 
         Debug.Assert(client.IsConnected(), "Client not connected"); 
 
         //  
         // Wait for authenication  
         //  
         if (!client.Wait()) 
         { 
            Debug.Fail("Connection timed out waiting for authenication"); 
         } 
 
         // Once two computers have negotiated the ciphersuite, and have   
         // authenticated each other, they can begin transferring   
         // messages and data between them.  
 
         //Now we can get detailed information about the Cipher Suite   
         DicomTlsCipherSuiteType cipherSuite = client.GetTlsCipherSuite();// Can also call GetTlsCipherSuiteByIndex   
 
         Debug.WriteLine("Encryption Algorithm is : {0}", client.GetTlsEncryptionAlgorithm(cipherSuite)); 
         Debug.WriteLine("Authentication Algorithm is : {0}", client.GetTlsAuthenticationAlgorithm(cipherSuite)); 
         Debug.WriteLine("Integrity Algorithm is : {0}", client.GetTlsIntegrityAlgorithm(cipherSuite)); 
         Debug.WriteLine("Key Exchange Algorithm is : {0}", client.GetTlsKeyExchangeAlgorithm(cipherSuite)); 
         Debug.WriteLine("Encryption Key Length is : {0}", client.GetTlsEncryptionKeyLength(cipherSuite)); 
         Debug.WriteLine("Mutual Authentication Key Length is : {0}", client.GetTlsMutualAuthenticationKeyLength(cipherSuite)); 
 
         // Continue with normal dicom communication  
 
         client.CloseForced(true); 
      } 
      server.CloseForced(true); 
   } 
 
   DicomEngine.Shutdown(); 
   DicomNet.Shutdown(); 
} 
 
static class LEAD_VARS 
{ 
   public const string ImagesDir = @"C:\LEADTOOLS23\Resources\Images"; 
} 
Requirements

Target Platforms

Help Version 23.0.2024.2.29
Products | Support | Contact Us | Intellectual Property Notices
© 1991-2024 LEAD Technologies, Inc. All Rights Reserved.

Leadtools.Dicom Assembly