VerifyCertificate Event

Summary

Occurs during the certificate exchange/verification phase of TLS DICOM Security negotiation and optionally controls the verification process.

Syntax

C++

public event VerifyCertificateDelegate VerifyCertificate

Public Event VerifyCertificate As VerifyCertificateDelegate

public:  
   event VerifyCertificateDelegate^ VerifyCertificate

Remarks

TLS Secure DICOM communications between an SCP and an SCU has a handshake process where the SCP and SCU verify each others provided certificates.

The event is called once for each certificate in a certificate change, and provides information about the verification process.

This is useful for determining why a TLS DICOM Secure communication failed to be established.

For more information, refer to VerifyCertificateDelegate and VerifyCertificateEventArgs.

Example

Moves the specified series from an SCP (DICOM Server) to the calling AE (host).

The SCP is accepting unsecured connections.
The host is configured to accept secure connections (TLS).
The VerificateCertificate event is used to display information about the certificate exchange.

using Leadtools; 
using Leadtools.Dicom.Scu; 
using Leadtools.Dicom.Scu.Common; 
using Leadtools.Dicom; 
using Leadtools.Dicom.Common.DataTypes; 
using Leadtools.Dicom.Common.DataTypes.Status; 
 
 
public void MoveSeriesSecure() 
{ 
   DicomEngine.Startup(); 
   DicomNet.Startup(); 
 
   QueryRetrieveScu retrieveSeriesSecure = new QueryRetrieveScu(); 
   FindQuery query = new FindQuery(); 
   DicomScp scp = new DicomScp(); 
 
   // 
   // Change these parameters to reflect the calling AETitle. 
   // 
 
   retrieveSeriesSecure.AETitle = "T20_CLIENT64"; 
   retrieveSeriesSecure.HostPort = 1030; 
   retrieveSeriesSecure.HostAddress = Dns.GetHostEntry(Dns.GetHostName()).AddressList.FirstOrDefault(ip => ip.AddressFamily == AddressFamily.InterNetwork); 
   retrieveSeriesSecure.UseSecureHost = true;   // SCU host is secure 
   retrieveSeriesSecure.SecureHostSettings = new DicomOpenSslContextCreationSettings(DicomSslMethodType.SslV23, @"C:\Certificates\ca.pem", DicomOpenSslVerificationFlags.None, 9, DicomOpenSslOptionsFlags.AllBugWorkarounds); 
 
   // 
   // Change these parameters to reflect the called AETitle (server). 
   // 
 
   scp.AETitle = "L20_PACS_SCP64"; 
   scp.Port = 534; 
   scp.Timeout = 60; 
   scp.PeerAddress = IPAddress.Parse("192.168.5.102"); 
   scp.Secure = false;     // SCP is unsecure 
 
   retrieveSeriesSecure.BeforeCMove += new BeforeCMoveDelegate(retrieveSeriesSecure_BeforeCMove); 
   retrieveSeriesSecure.Moved += new MovedDelegate(retrieveSeriesSecure_Moved); 
   retrieveSeriesSecure.AfterCMove += new AfterCMoveDelegate(retrieveSeriesSecure_AfterCMove); 
   retrieveSeriesSecure.HostReady += RetrieveSeriesSecure_HostReady; 
   retrieveSeriesSecure.AfterSecureLinkReady += RetrieveSeriesSecure_AfterSecureLinkReady; 
   retrieveSeriesSecure.Move(scp, string.Empty, "1.2.840.114257.3.6.5.41964868", "1.2.840.114257.3.6.5.5.4214471"); 
   retrieveSeriesSecure.VerifyCertificate += RetrieveSeriesSecure_VerifyCertificate; 
 
   DicomNet.Shutdown(); 
   DicomEngine.Shutdown(); 
} 
 
private void RetrieveSeriesSecure_VerifyCertificate(object sender, VerifyCertificateEventArgs e) 
{ 
   if (e != null) 
   { 
      Console.WriteLine("VerifyCertificate\n", e.CertificateString); 
 
      if (e.ErrorException.Code != DicomSecurityCertificateExceptionCode.Success) 
      { 
         Console.WriteLine(e.ErrorException.Message); 
      } 
   } 
} 
 
private void RetrieveSeriesSecure_AfterSecureLinkReady(object sender, AfterSecureLinkReadyEventArgs e) 
{ 
   DicomNet net = (DicomNet)sender; 
   if (net != null) 
   { 
      if (e.Error != DicomExceptionCode.Success) 
      { 
         ClientSecureLinkReadyException exception = new ClientSecureLinkReadyException("Secure handshake (TLS) failed.", e.Error); 
         Console.WriteLine("Secure handshake (TLS) failed: code{0}", exception.Code); 
         throw exception; 
      } 
   } 
} 
 
private void RetrieveSeriesSecure_HostReady(object sender, HostReadyEventArgs e) 
{ 
   DicomConnection host = e.ScpHost; 
 
   if (host != null) 
   { 
      Console.WriteLine("HostReady: Host AETitle:{0} Host Port:{1}", e.ScpHost.AETitle, e.ScpHost.HostPort); 
 
      if (host.SecurityMode == DicomNetSecurityMode.Tls) 
      { 
         host.PrivateKeyPassword += Host_PrivateKeyPassword; 
         host.SetTlsClientCertificate(@"C:\Certificates\client.pem", DicomTlsCertificateType.Pem, @"C:\Certificates\client.pem"); 
         host.PrivateKeyPassword -= Host_PrivateKeyPassword; 
 
         host.SetTlsCipherSuiteByIndex(0, 0); 
 
         host.SetTlsCipherSuiteByIndex(0, DicomTlsCipherSuiteType.DheRsaWithDesCbcSha); 
         host.SetTlsCipherSuiteByIndex(1, DicomTlsCipherSuiteType.DheRsaWith3DesEdeCbcSha); 
         host.SetTlsCipherSuiteByIndex(2, DicomTlsCipherSuiteType.DheRsaAes256Sha); 
         host.SetTlsCipherSuiteByIndex(3, DicomTlsCipherSuiteType.RsaWithAes128CbcSha); 
         host.SetTlsCipherSuiteByIndex(4, DicomTlsCipherSuiteType.RsaWith3DesEdeCbcSha); 
         host.SetTlsCipherSuiteByIndex(5, DicomTlsCipherSuiteType.DheRsaWithAes128GcmSha256); 
         host.SetTlsCipherSuiteByIndex(6, DicomTlsCipherSuiteType.EcdheRsaWithAes128GcmSha256); 
         host.SetTlsCipherSuiteByIndex(7, DicomTlsCipherSuiteType.DheRsaWithAes256GcmSha384); 
         host.SetTlsCipherSuiteByIndex(8, DicomTlsCipherSuiteType.EcdheRsaWithAes256GcmSha384); 
      } 
   } 
} 
 
private void Host_PrivateKeyPassword(object sender, PrivateKeyPasswordEventArgs e) 
{ 
   e.PrivateKeyPassword = "test"; 
} 
 
void retrieveSeriesSecure_BeforeCMove(object sender, BeforeCMoveEventArgs e) 
{ 
   Console.WriteLine("Before CMove"); 
} 
 
void retrieveSeriesSecure_Moved(object sender, MovedEventArgs e) 
{ 
   Console.WriteLine(e.Patient.Name.Full); 
   Console.WriteLine(e.Study.AccessionNumber); 
   Console.WriteLine(e.Series.Number); 
   Console.WriteLine(e.Instance.SOPInstanceUID); 
   Console.WriteLine("=========================================="); 
} 
 
void retrieveSeriesSecure_AfterCMove(object sender, AfterCMoveEventArgs e) 
{ 
   Console.WriteLine("After CMove"); 
   Console.WriteLine("\t{0} Completed", e.Completed); 
   Console.WriteLine("\t{0} Failed", e.Failed); 
   Console.WriteLine("\t{0} Warning", e.Warning); 
   Console.WriteLine("\tStatus: {0}", e.Status); 
 
   if (e.Status != DicomCommandStatusType.Success) 
   { 
      string statusAllString = e.StatusAll.ToString(StatusFormatFlags.IgnoreStatus, "\n", "\t"); 
      Console.WriteLine(statusAllString); 
   } 
}

Imports Leadtools 
Imports Leadtools.Dicom.Scu 
Imports Leadtools.Dicom.Scu.Common 
Imports Leadtools.Dicom 
Imports Leadtools.Dicom.Common.DataTypes 
 
Public Sub MoveSeriesSecure() 
    DicomEngine.Startup() 
    DicomNet.Startup() 
 
    Dim retrieveSeriesSecure As New QueryRetrieveScu() 
    Dim query As New FindQuery() 
    Dim scp As New DicomScp() 
 
    ' 
    ' Change these parameters to reflect the calling AETitle. 
    ' 
 
    retrieveSeriesSecure.AETitle = "T20_CLIENT64" 
    retrieveSeriesSecure.HostPort = 1030 
    retrieveSeriesSecure.HostAddress = Dns.GetHostEntry(Dns.GetHostName()).AddressList.FirstOrDefault(Function(ip) ip.AddressFamily = AddressFamily.InterNetwork) 
    retrieveSeriesSecure.UseSecureHost = True ' SCU host is secure 
    retrieveSeriesSecure.SecureHostSettings = New DicomOpenSslContextCreationSettings(DicomSslMethodType.SslV23, "C:\Certificates\ca.pem", DicomOpenSslVerificationFlags.None, 9, DicomOpenSslOptionsFlags.AllBugWorkarounds) 
 
    ' 
    ' Change these parameters to reflect the called AETitle (server). 
    ' 
 
    scp.AETitle = "L20_PACS_SCP64" 
    scp.Port = 534 
    scp.Timeout = 60 
    scp.PeerAddress = IPAddress.Parse("192.168.5.102") 
    scp.Secure = False ' SCP is unsecure 
 
    AddHandler retrieveSeriesSecure.BeforeCMove, AddressOf retrieveSeriesSecure_BeforeCMove 
    AddHandler retrieveSeriesSecure.Moved, AddressOf retrieveSeriesSecure_Moved 
    AddHandler retrieveSeriesSecure.AfterCMove, AddressOf retrieveSeriesSecure_AfterCMove 
    AddHandler retrieveSeriesSecure.HostReady, AddressOf RetrieveSeriesSecure_HostReady 
    AddHandler retrieveSeriesSecure.AfterSecureLinkReady, AddressOf RetrieveSeriesSecure_AfterSecureLinkReady 
    retrieveSeriesSecure.Move(scp, String.Empty, "1.2.840.114257.3.6.5.41964868", "1.2.840.114257.3.6.5.5.4214471") 
 
    DicomNet.Shutdown() 
    DicomEngine.Shutdown() 
End Sub 
 
Private Sub RetrieveSeriesSecure_AfterSecureLinkReady(ByVal sender As Object, ByVal e As AfterSecureLinkReadyEventArgs) 
    Dim net As DicomNet = CType(sender, DicomNet) 
    If net IsNot Nothing Then 
        If e.Error <> DicomExceptionCode.Success Then 
            Dim exception As New ClientSecureLinkReadyException("Secure handshake (TLS) failed.", e.Error) 
            Console.WriteLine("Secure handshake (TLS) failed: code{0}", exception.Code) 
            Throw exception 
        End If 
    End If 
End Sub 
 
Private Sub RetrieveSeriesSecure_HostReady(ByVal sender As Object, ByVal e As HostReadyEventArgs) 
    Dim host As DicomConnection = e.ScpHost 
 
    If host IsNot Nothing Then 
        Console.WriteLine("HostReady: Host AETitle:{0} Host Port:{1}", e.ScpHost.AETitle, e.ScpHost.HostPort) 
 
        If host.SecurityMode = DicomNetSecurityMode.Tls Then 
            AddHandler host.PrivateKeyPassword, AddressOf Host_PrivateKeyPassword 
            host.SetTlsClientCertificate("C:\Certificates\client.pem", DicomTlsCertificateType.Pem, "C:\Certificates\client.pem") 
            RemoveHandler host.PrivateKeyPassword, AddressOf Host_PrivateKeyPassword 
 
            host.SetTlsCipherSuiteByIndex(0, 0) 
 
            host.SetTlsCipherSuiteByIndex(0, DicomTlsCipherSuiteType.DheRsaWithDesCbcSha) 
            host.SetTlsCipherSuiteByIndex(1, DicomTlsCipherSuiteType.DheRsaWith3DesEdeCbcSha) 
            host.SetTlsCipherSuiteByIndex(2, DicomTlsCipherSuiteType.DheRsaAes256Sha) 
            host.SetTlsCipherSuiteByIndex(3, DicomTlsCipherSuiteType.RsaWithAes128CbcSha) 
            host.SetTlsCipherSuiteByIndex(4, DicomTlsCipherSuiteType.RsaWith3DesEdeCbcSha) 
            host.SetTlsCipherSuiteByIndex(5, DicomTlsCipherSuiteType.DheRsaWithAes128GcmSha256) 
            host.SetTlsCipherSuiteByIndex(6, DicomTlsCipherSuiteType.EcdheRsaWithAes128GcmSha256) 
            host.SetTlsCipherSuiteByIndex(7, DicomTlsCipherSuiteType.DheRsaWithAes256GcmSha384) 
            host.SetTlsCipherSuiteByIndex(8, DicomTlsCipherSuiteType.EcdheRsaWithAes256GcmSha384) 
        End If 
    End If 
End Sub 
 
Private Sub Host_PrivateKeyPassword(ByVal sender As Object, ByVal e As PrivateKeyPasswordEventArgs) 
    e.PrivateKeyPassword = "test" 
End Sub 
 
Private Sub retrieveSeriesSecure_BeforeCMove(ByVal sender As Object, ByVal e As BeforeCMoveEventArgs) 
    Console.WriteLine("Before CMove") 
End Sub 
 
Private Sub retrieveSeriesSecure_Moved(ByVal sender As Object, ByVal e As MovedEventArgs) 
    Console.WriteLine(e.Patient.Name.Full) 
    Console.WriteLine(e.Study.AccessionNumber) 
    Console.WriteLine(e.Series.Number) 
    Console.WriteLine(e.Instance.SOPInstanceUID) 
    Console.WriteLine("==========================================") 
End Sub 
 
Private Sub retrieveSeriesSecure_AfterCMove(ByVal sender As Object, ByVal e As AfterCMoveEventArgs) 
    Console.WriteLine("After CMove") 
    Console.WriteLine(Constants.vbTab & "{0} Completed", e.Completed) 
    Console.WriteLine(Constants.vbTab & "{0} Failed", e.Failed) 
    Console.WriteLine(Constants.vbTab & "{0} Warning", e.Warning) 
    Console.WriteLine(Constants.vbTab & "Status: {0}", e.Status) 
End Sub