我正在尝试创建一个可以接受安全 SSL 和不安全纯文本连接的服务器(为了向后兼容)。我的代码几乎可以工作,除了从不安全的客户端接收到的第一个传输数据在服务器上丢失了前 5 个字节(字符)。更具体地说,如果我在不安全的连接上传输 30 个字节,当服务器到达OnClientDataReceived()函数时,行“ int iRx = nwStream.EndRead(asyn);”,然后iRx = 25. 从客户端传输的任何后续消息都按预期包含所有发送的字节/字符。我怀疑连接的最初假设是SSLStream可能正在剥离前 5 个字节,然后当它失败时,这 5 个字节已经从缓冲区中提取并且不再可用。有没有人知道我可以采取另一种方法来编写代码,以便服务器可以自动即时切换?
我试图避免执行以下操作:
- 要求客户端使用纯文本连接
NetworkStream,然后请求升级到 SSL 流 - 在两个不同的端口上设置两个
TcpListeners(一个用于安全,一个用于不安全)
这是我的代码:
/// Each client that connects gets an instance of the ConnectedClient class.
Class Pseudo_ConnectedClient
{
//Properties
byte[] Buffer; //Holds temporary buffer of read bytes from BeginRead()
TcpClient TCPClient; //Reference to the connected client
Socket ClientSocket; //The outer Socket Reference of the connected client
StringBuilder CurrentMessage; //concatenated chunks of data in buffer until we have a complete message (ends with <ETX>
Stream Stream; //SSLStream or NetworkStream depending on client
ArrayList MessageQueue; //Array of complete messages received from client that need to be processed
}
/// When a new client connects (OnClientConnection callback is executed), the server creates the ConnectedClient object and stores its
/// reference in a local dictionary, then configures the callbacks for incoming data (WaitForClientData)
void OnClientConnection(IAsyncResult result)
{
TcpListener listener = result.AsyncState as TcpListener;
TcpClient clnt = null;
try
{
if (!IsRunning) //then stop was called, so don't call EndAcceptTcpClient because it will throw and ObjectDisposedException
return;
//Start accepting the next connection...
listener.BeginAcceptTcpClient(this.onClientConnection, listener);
//Get reference to client and set flag to indicate connection accepted.
clnt = listener.EndAcceptTcpClient(result);
//Add the reference to our ArrayList of Connected Clients
ConnectedClient conClnt = new ConnectedClient(clnt);
_clientList.Add(conClnt);
//Configure client to listen for incoming data
WaitForClientData(conClnt);
}
catch (Exception ex)
{
Trace.WriteLine("Server:OnClientConnection: Exception - " + ex.ToString());
}
}
/// WaitForClientData registers the AsyncCallback to handle incoming data from a client (OnClientDataReceieved).
/// If a certificate has been provided, then it listens for clients to connect on an SSLStream and configures the
/// BeginAuthenticateAsServer callback. If no certificate is provided, then it only sets up a NetworkStream
/// and prepares for the BeginRead callback.
private void WaitForClientData(ConnectedClient clnt)
{
if (!IsRunning) return; //Then stop was called, so don't do anything
SslStream sslStream = null;
try
{
if (_pfnClientDataCallBack == null) //then define the call back function to invoke when data is received from a connected client
_pfnClientDataCallBack = new AsyncCallback(OnClientDataReceived);
NetworkStream nwStream = clnt.TCPClient.GetStream();
//Check if we can establish a secure connection
if (this.SSLCertificate != null) //Then we have the ability to make an SSL connection (SSLCertificate is a X509Certificate2 object)
{
if (this.certValidationCallback != null)
sslStream = new SslStream(nwStream, true, this.certValidationCallback);
else
sslStream = new SslStream(nwStream, true);
clnt.Stream = sslStream;
//Start Listening for incoming (secure) data
sslStream.BeginAuthenticateAsServer(this.SSLCertificate, false, SslProtocols.Default, false, onAuthenticateAsServer, clnt);
}
else //No certificate available to make a secure connection, so use insecure (unless not allowed)
{
if (this.RequireSecureConnection == false) //Then we can try to read from the insecure stream
{
clnt.Stream = nwStream;
//Start Listening for incoming (unsecure) data
nwStream.BeginRead(clnt.Buffer, 0, clnt.Buffer.Length, _pfnClientDataCallBack, clnt);
}
else //we can't do anything - report config problem
{
throw new InvalidOperationException("A PFX certificate is not loaded and the server is configured to require a secure connection");
}
}
}
catch (Exception ex)
{
DisconnectClient(clnt);
}
}
/// OnAuthenticateAsServer first checks if the stream is authenticated, if it isn't it gets the TCPClient's reference
/// to the outer NetworkStream (client.TCPClient.GetStream()) - the insecure stream and calls the BeginRead on that.
/// If the stream is authenticated, then it keeps the reference to the SSLStream and calls BeginRead on it.
private void OnAuthenticateAsServer(IAsyncResult result)
{
ConnectedClient clnt = null;
SslStream sslStream = null;
if (this.IsRunning == false) return;
try
{
clnt = result.AsyncState as ConnectedClient;
sslStream = clnt.Stream as SslStream;
if (sslStream.IsAuthenticated)
sslStream.EndAuthenticateAsServer(result);
else //Try and switch to an insecure connections
{
if (this.RequireSecureConnection == false) //Then we are allowed to accept insecure connections
{
if (clnt.TCPClient.Connected)
clnt.Stream = clnt.TCPClient.GetStream();
}
else //Insecure connections are not allowed, close the connection
{
DisconnectClient(clnt);
}
}
}
catch (Exception ex)
{
DisconnectClient(clnt);
}
if( clnt.Stream != null) //Then we have a stream to read, start Async read
clnt.Stream.BeginRead(clnt.Buffer, 0, clnt.Buffer.Length, _pfnClientDataCallBack, clnt);
}
/// OnClientDataReceived callback is triggered by the BeginRead async when data is available from a client.
/// It determines if the stream (as assigned by OnAuthenticateAsServer) is an SSLStream or a NetworkStream
/// and then reads the data out of the stream accordingly. The logic to parse and process the message has
/// been removed because it isn't relevant to the question.
private void OnClientDataReceived(IAsyncResult asyn)
{
try
{
ConnectedClient connectClnt = asyn.AsyncState as ConnectedClient;
if (!connectClnt.TCPClient.Connected) //Then the client is no longer connected >> clean up
{
DisconnectClient(connectClnt);
return;
}
Stream nwStream = null;
if( connectClnt.Stream is SslStream) //Then this client is connected via a secure stream
nwStream = connectClnt.Stream as SslStream;
else //this is a plain text stream
nwStream = connectClnt.Stream as NetworkStream;
// Complete the BeginReceive() asynchronous call by EndReceive() method which
// will return the number of characters written to the stream by the client
int iRx = nwStream.EndRead(asyn); //Returns the numbers of bytes in the read buffer
char[] chars = new char[iRx];
// Extract the characters as a buffer and create a String
Decoder d = ASCIIEncoding.UTF8.GetDecoder();
d.GetChars(connectClnt.Buffer, 0, iRx, chars, 0);
//string data = ASCIIEncoding.ASCII.GetString(buff, 0, buff.Length);
string data = new string(chars);
if (iRx > 0) //Then there was data in the buffer
{
//Append the current packet with any additional data that was already received
connectClnt.CurrentMessage.Append(data);
//Do work here to check for a complete message
//Make sure two complete messages didn't get concatenated in one transmission (mobile devices)
//Add each message to the client's messageQueue
//Clear the currentMessage
//Any partial messsage at the end of the buffer needs to be added to the currentMessage
//Start reading again
nwStream.BeginRead(connectClnt.Buffer, 0, connectClnt.Buffer.Length, OnClientDataReceived, connectClnt);
}
else //zero-length packet received - Disconnecting socket
{
DisconnectClient(connectClnt);
}
}
catch (Exception ex)
{
return;
}
}
什么有效:
- 如果服务器没有证书,则仅使用 NetworkStream,并从客户端接收所有消息的所有字节。
- 如果服务器确实有证书(设置了 SSLStream)并且可以建立安全连接(使用 https:// 的 Web 浏览器)并且收到所有消息的完整消息。
什么不起作用:
- 如果服务器确实具有证书(
SSLStream已设置)并且从客户端建立了不安全的连接,则当从该客户端接收到第一条消息时,代码会正确检测到SSLStream未通过身份验证并切换NetworkStream到TCPClient. 但是,当EndRead为第一条消息调用它时NetworkStream,发送的消息中缺少前 5 个字符(字节),但仅限于第一条消息。只要TCPClient已连接,所有剩余的消息都是完整的。如果客户端断开连接然后重新连接,则第一条消息被剪裁,然后所有后续消息再次正常。
是什么导致前 5 个字节被剪裁,我该如何避免呢?
我的项目目前正在使用 .NET v3.5...如果可以避免的话,我想保持在这个版本并且不升级到 4.0。
后续问题
Damien 下面的回答确实允许我保留那些丢失的 5 个字节,但是,我更愿意在我的代码中坚持使用BeginReadandEndRead方法以避免阻塞。是否有任何好的教程在覆盖这些时显示“最佳实践”?更具体地说,如何使用IAsyncResult对象。我知道我需要添加存储在 RestartableStream 缓冲区中的任何内容,然后进入内部流(基础)以获取其余内容并返回 toral。但自从IAsyncResultobject 是一个自定义类,我无法弄清楚在返回之前可以将 RestartableStream 的 buff 与内部流的 buff 结合起来的通用方式。我是否还需要实现 BeginRead() 以便我知道用户希望将内容存储到的缓冲区?我猜另一个解决方案是,由于丢弃字节问题仅与来自客户端的第一条消息有关(之后我知道是否将其用作 aSSLStream或 a NetworkStream),因此将通过直接调用Read()RestartableStream 的方法来处理第一条消息(暂时阻止代码),然后对于所有未来的消息,使用异步回调来读取内容,就像我现在所做的那样。