Gets or sets the security (TLS) host settings when doing a C-MOVE to oneself.
public DicomOpenSslContextCreationSettings SecureHostSettings { get; set; }
The security (TLS) host settings when doing a C-MOVE to oneself.
When doing a C-MOVE Move to oneself, the destination AE is the same as the calling AE. In this case, the calling AE (i.e., the host) is listening and accepting incoming connections. Set UseSecureHost to true to make the host accept connections securely using TLS. If UseSecureHost is false (the default behavior), the host accepts connections conventionally, without using TLS security.
If UseSecureHost is true, then the SecureHostSettings properties are used to specify the host security (TLS) settings. Otherwise, the SecureHostSettings properties are ignored.
Both the UseSecureHost and SecureHostSettings properties are only used with the Move methods, where the destination AE is the same as the calling AE.
For more information, see UseSecureHost.
using Leadtools;
using Leadtools.Dicom.Scu;
using Leadtools.Dicom.Scu.Common;
using Leadtools.Dicom;
using Leadtools.Dicom.Common.DataTypes;
using Leadtools.Dicom.Common.DataTypes.Status;
public void MoveSeriesSecure()
{
DicomEngine.Startup();
DicomNet.Startup();
QueryRetrieveScu retrieveSeriesSecure = new QueryRetrieveScu();
FindQuery query = new FindQuery();
DicomScp scp = new DicomScp();
//
// Change these parameters to reflect the calling AETitle.
//
retrieveSeriesSecure.AETitle = "T20_CLIENT64";
retrieveSeriesSecure.HostPort = 1030;
retrieveSeriesSecure.HostAddress = Dns.GetHostEntry(Dns.GetHostName()).AddressList.FirstOrDefault(ip => ip.AddressFamily == AddressFamily.InterNetwork);
retrieveSeriesSecure.UseSecureHost = true; // SCU host is secure
retrieveSeriesSecure.SecureHostSettings = new DicomOpenSslContextCreationSettings(DicomSslMethodType.SslV23, @"C:\Certificates\ca.pem", DicomOpenSslVerificationFlags.None, 9, DicomOpenSslOptionsFlags.AllBugWorkarounds);
//
// Change these parameters to reflect the called AETitle (server).
//
scp.AETitle = "L20_PACS_SCP64";
scp.Port = 534;
scp.Timeout = 60;
scp.PeerAddress = IPAddress.Parse("192.168.5.102");
scp.Secure = false; // SCP is unsecure
retrieveSeriesSecure.BeforeCMove += new BeforeCMoveDelegate(retrieveSeriesSecure_BeforeCMove);
retrieveSeriesSecure.Moved += new MovedDelegate(retrieveSeriesSecure_Moved);
retrieveSeriesSecure.AfterCMove += new AfterCMoveDelegate(retrieveSeriesSecure_AfterCMove);
retrieveSeriesSecure.HostReady += RetrieveSeriesSecure_HostReady;
retrieveSeriesSecure.AfterSecureLinkReady += RetrieveSeriesSecure_AfterSecureLinkReady;
retrieveSeriesSecure.Move(scp, string.Empty, "1.2.840.114257.3.6.5.41964868", "1.2.840.114257.3.6.5.5.4214471");
retrieveSeriesSecure.VerifyCertificate += RetrieveSeriesSecure_VerifyCertificate;
DicomNet.Shutdown();
DicomEngine.Shutdown();
}
private void RetrieveSeriesSecure_VerifyCertificate(object sender, VerifyCertificateEventArgs e)
{
if (e != null)
{
Console.WriteLine("VerifyCertificate\n", e.CertificateString);
if (e.ErrorException.Code != DicomSecurityCertificateExceptionCode.Success)
{
Console.WriteLine(e.ErrorException.Message);
}
}
}
private void RetrieveSeriesSecure_AfterSecureLinkReady(object sender, AfterSecureLinkReadyEventArgs e)
{
DicomNet net = (DicomNet)sender;
if (net != null)
{
if (e.Error != DicomExceptionCode.Success)
{
ClientSecureLinkReadyException exception = new ClientSecureLinkReadyException("Secure handshake (TLS) failed.", e.Error);
Console.WriteLine("Secure handshake (TLS) failed: code{0}", exception.Code);
throw exception;
}
}
}
private void RetrieveSeriesSecure_HostReady(object sender, HostReadyEventArgs e)
{
DicomConnection host = e.ScpHost;
if (host != null)
{
Console.WriteLine("HostReady: Host AETitle:{0} Host Port:{1}", e.ScpHost.AETitle, e.ScpHost.HostPort);
if (host.SecurityMode == DicomNetSecurityMode.Tls)
{
host.PrivateKeyPassword += Host_PrivateKeyPassword;
host.SetTlsClientCertificate(@"C:\Certificates\client.pem", DicomTlsCertificateType.Pem, @"C:\Certificates\client.pem");
host.PrivateKeyPassword -= Host_PrivateKeyPassword;
host.SetTlsCipherSuiteByIndex(0, 0);
host.SetTlsCipherSuiteByIndex(0, DicomTlsCipherSuiteType.DheRsaWithDesCbcSha);
host.SetTlsCipherSuiteByIndex(1, DicomTlsCipherSuiteType.DheRsaWith3DesEdeCbcSha);
host.SetTlsCipherSuiteByIndex(2, DicomTlsCipherSuiteType.DheRsaAes256Sha);
host.SetTlsCipherSuiteByIndex(3, DicomTlsCipherSuiteType.RsaWithAes128CbcSha);
host.SetTlsCipherSuiteByIndex(4, DicomTlsCipherSuiteType.RsaWith3DesEdeCbcSha);
host.SetTlsCipherSuiteByIndex(5, DicomTlsCipherSuiteType.DheRsaWithAes128GcmSha256);
host.SetTlsCipherSuiteByIndex(6, DicomTlsCipherSuiteType.EcdheRsaWithAes128GcmSha256);
host.SetTlsCipherSuiteByIndex(7, DicomTlsCipherSuiteType.DheRsaWithAes256GcmSha384);
host.SetTlsCipherSuiteByIndex(8, DicomTlsCipherSuiteType.EcdheRsaWithAes256GcmSha384);
}
}
}
private void Host_PrivateKeyPassword(object sender, PrivateKeyPasswordEventArgs e)
{
e.PrivateKeyPassword = "test";
}
void retrieveSeriesSecure_BeforeCMove(object sender, BeforeCMoveEventArgs e)
{
Console.WriteLine("Before CMove");
}
void retrieveSeriesSecure_Moved(object sender, MovedEventArgs e)
{
Console.WriteLine(e.Patient.Name.Full);
Console.WriteLine(e.Study.AccessionNumber);
Console.WriteLine(e.Series.Number);
Console.WriteLine(e.Instance.SOPInstanceUID);
Console.WriteLine("==========================================");
}
void retrieveSeriesSecure_AfterCMove(object sender, AfterCMoveEventArgs e)
{
Console.WriteLine("After CMove");
Console.WriteLine("\t{0} Completed", e.Completed);
Console.WriteLine("\t{0} Failed", e.Failed);
Console.WriteLine("\t{0} Warning", e.Warning);
Console.WriteLine("\tStatus: {0}", e.Status);
if (e.Status != DicomCommandStatusType.Success)
{
string statusAllString = e.StatusAll.ToString(StatusFormatFlags.IgnoreStatus, "\n", "\t");
Console.WriteLine(statusAllString);
}
}