C#
Objective-C
C++/CLI
protected virtual string OnPrivateKeyPassword(
bool encryption
)
- (nullable NSString *)onPrivateKeyPassword:(BOOL)encryption;
protected:
virtual String^ OnPrivateKeyPassword(
bool encryption
)
encryption
true if the password is being used for encryption; false if the password is being used for decryption.
The password to use for the password-encrypted private key file.
A call to this method may be generated after a call to SetTlsClientCertificate with a private key file that is password-encrypted, in order to obtain the password.
using Leadtools;
using Leadtools.Dicom;
[StructLayout(LayoutKind.Sequential)]
public struct MSG
{
public IntPtr hwnd;
public uint message;
public IntPtr wParam;
public IntPtr lParam;
public uint time;
public System.Drawing.Point p;
}
public enum WaitReturn
{
Complete,
Timeout,
}
class Utils
{
[DllImport("user32.dll")]
[return: MarshalAs(UnmanagedType.Bool)]
static extern bool PeekMessage(out MSG lpMsg, IntPtr hWnd,
uint wMsgFilterMin, uint wMsgFilterMax,
uint wRemoveMsg);
[DllImport("user32.dll")]
static extern bool TranslateMessage([In] ref MSG lpMsg);
[DllImport("user32.dll")]
static extern IntPtr DispatchMessage([In] ref MSG lpmsg);
const uint PM_REMOVE = 1;
public static WaitReturn WaitForComplete(double mill, WaitHandle wh)
{
TimeSpan goal = new TimeSpan(DateTime.Now.AddMilliseconds(mill).Ticks);
do
{
MSG msg = new MSG();
if (PeekMessage(out msg, IntPtr.Zero, 0, 0, PM_REMOVE))
{
TranslateMessage(ref msg);
DispatchMessage(ref msg);
}
if (wh.WaitOne(new TimeSpan(0, 0, 0), false))
{
return WaitReturn.Complete;
}
if (goal.CompareTo(new TimeSpan(DateTime.Now.Ticks)) < 0)
{
return WaitReturn.Timeout;
}
} while (true);
}
public static void SetupTlsContext(DicomNet net, string certName)
{
string serverCA = Path.Combine(LEAD_VARS.ImagesDir, "ca.pem");
if (net != null)
{
DicomOpenSslContextCreationSettings settings = new DicomOpenSslContextCreationSettings(
DicomSslMethodType.SslV23,
serverCA,
DicomOpenSslVerificationFlags.Peer | DicomOpenSslVerificationFlags.FailIfNoPeerCertificate,
2,
DicomOpenSslOptionsFlags.NoSslV2 | DicomOpenSslOptionsFlags.AllBugWorkarounds
);
net.Initialize(null, DicomNetSecurityMode.Tls, settings);
net.SetTlsClientCertificate(certName, DicomTlsCertificateType.Pem, null);
}
}
}
//
// Secure client (TLS)
//
class Client : DicomNet
{
AutoResetEvent waitEvent = new AutoResetEvent(false);
string clientPEM = Path.Combine(LEAD_VARS.ImagesDir, "client.pem");
public Client()
: base(null, DicomNetSecurityMode.Tls)
{
SetTlsCipherSuiteByIndex(0, DicomTlsCipherSuiteType.DheRsaWithDesCbcSha);
Utils.SetupTlsContext(this, clientPEM);
}
public bool Wait()
{
WaitReturn ret;
ret = Utils.WaitForComplete((5 * 60) * 1000, waitEvent);
return (ret == WaitReturn.Complete);
}
protected override void OnConnect(DicomExceptionCode error)
{
waitEvent.Set();
}
protected override string OnPrivateKeyPassword(bool encryption)
{
return "test";
}
protected override void OnSecureLinkReady(DicomExceptionCode error)
{
waitEvent.Set();
}
}
//
// Secure server (TLS)
//
class ServerConnection : DicomNet
{
string serverPEM = Path.Combine(LEAD_VARS.ImagesDir, "server.pem");
public ServerConnection()
: base(null, DicomNetSecurityMode.Tls)
{
SetTlsCipherSuiteByIndex(0, DicomTlsCipherSuiteType.DheRsaWith3DesEdeCbcSha);
SetTlsClientCertificate(serverPEM, DicomTlsCertificateType.Pem, null);
}
protected override string OnPrivateKeyPassword(bool encryption)
{
return "test";
}
// The OnVerify callback gets called twice, once for each certificate in the certificate chain.
protected override int OnVerify(int ok, string certificateString, DicomSecurityCertificateException ex)
{
string certificateMessageString = "Received Client Certificate:\n" + certificateString;
// Log that the SCP received the Client Certificate
Debug.WriteLine(certificateMessageString);
if (ex.Code != DicomSecurityCertificateExceptionCode.Success)
{
string message = string.Format("Error {0}: {1}", ex.Code, ex.Message);
// Log the error with Client Certificate
Debug.WriteLine(message);
}
return ok;
}
}
class Server : DicomNet
{
string serverPEM = Path.Combine(LEAD_VARS.ImagesDir, "server.pem");
ServerConnection client;
public Server()
: base(null, DicomNetSecurityMode.Tls)
{
SetTlsCipherSuiteByIndex(0, DicomTlsCipherSuiteType.DheRsaWith3DesEdeCbcSha);
Utils.SetupTlsContext(this, serverPEM);
}
protected override void OnAccept(DicomExceptionCode error)
{
client = new ServerConnection();
Utils.SetupTlsContext(client, serverPEM);
Accept(client);
}
protected override string OnPrivateKeyPassword(bool encryption)
{
return "test";
}
protected override void Dispose(bool __p1)
{
client.Dispose();
base.Dispose(__p1);
}
}
public void TLSSecuritySample()
{
//Assert test to check file exists before running code
string clientPEM = Path.Combine(LEAD_VARS.ImagesDir, "ca.pem");
Assert.IsTrue(File.Exists(clientPEM) == true, "Missing file: " + clientPEM);
DicomEngine.Startup();
DicomNet.Startup();
using (Server server = new Server())
{
using (Client client = new Client())
{
server.Listen("127.0.0.1", 104, 1); // start server
client.Connect(null, 1000, "127.0.0.1", 104); // connect to server
if (!client.Wait()) // wait for connection to finish
{
Debug.Fail("Connection timed out");
}
Debug.Assert(client.IsConnected(), "Client not connected");
//
// Wait for authenication
//
if (!client.Wait())
{
Debug.Fail("Connection timed out waiting for authenication");
}
// Once two computers have negotiated the ciphersuite, and have
// authenticated each other, they can begin transferring
// messages and data between them.
//Now we can get detailed information about the Cipher Suite
DicomTlsCipherSuiteType cipherSuite = client.GetTlsCipherSuite();// Can also call GetTlsCipherSuiteByIndex
Debug.WriteLine("Encryption Algorithm is : {0}", client.GetTlsEncryptionAlgorithm(cipherSuite));
Debug.WriteLine("Authentication Algorithm is : {0}", client.GetTlsAuthenticationAlgorithm(cipherSuite));
Debug.WriteLine("Integrity Algorithm is : {0}", client.GetTlsIntegrityAlgorithm(cipherSuite));
Debug.WriteLine("Key Exchange Algorithm is : {0}", client.GetTlsKeyExchangeAlgorithm(cipherSuite));
Debug.WriteLine("Encryption Key Length is : {0}", client.GetTlsEncryptionKeyLength(cipherSuite));
Debug.WriteLine("Mutual Authentication Key Length is : {0}", client.GetTlsMutualAuthenticationKeyLength(cipherSuite));
// Continue with normal dicom communication
client.CloseForced(true);
}
server.CloseForced(true);
}
DicomEngine.Shutdown();
DicomNet.Shutdown();
}
static class LEAD_VARS
{
public const string ImagesDir = @"C:\LEADTOOLS22\Resources\Images";
}