public enum DicomSslMethodType
typedef NS_ENUM(NSInteger, LTDicomSslMethodType) {
LTDicomSslMethodTypeSslV2 = 0x01,
LTDicomSslMethodTypeSslV3 = 0x02,
LTDicomSslMethodTypeTlsV1 = 0x03,
LTDicomSslMethodTypeSslV23 = 0x04,
};
public enum class DicomSslMethodType
Value | Member | Description |
---|---|---|
1 | SslV2 | Use Secure Sockets Layer (SSL) Version 2. Avoid using SSL Version 2 because this version is known to have security flaws. |
2 | SslV3 | Use Secure Sockets Layer (SSL) Version 3. |
3 | TlsV1 | Use Transport Layer Security (TLS) Version 1. |
4 | SslV23 | Use a compatible security verification mode. This mode can handle any of the three modes (SslV2, SslV3, TlsV1). |
using Leadtools;
using Leadtools.Dicom;
[StructLayout(LayoutKind.Sequential)]
public struct MSG
{
public IntPtr hwnd;
public uint message;
public IntPtr wParam;
public IntPtr lParam;
public uint time;
public System.Drawing.Point p;
}
public enum WaitReturn
{
Complete,
Timeout,
}
class Utils
{
[DllImport("user32.dll")]
[return: MarshalAs(UnmanagedType.Bool)]
static extern bool PeekMessage(out MSG lpMsg, IntPtr hWnd,
uint wMsgFilterMin, uint wMsgFilterMax,
uint wRemoveMsg);
[DllImport("user32.dll")]
static extern bool TranslateMessage([In] ref MSG lpMsg);
[DllImport("user32.dll")]
static extern IntPtr DispatchMessage([In] ref MSG lpmsg);
const uint PM_REMOVE = 1;
public static WaitReturn WaitForComplete(double mill, WaitHandle wh)
{
TimeSpan goal = new TimeSpan(DateTime.Now.AddMilliseconds(mill).Ticks);
do
{
MSG msg = new MSG();
if (PeekMessage(out msg, IntPtr.Zero, 0, 0, PM_REMOVE))
{
TranslateMessage(ref msg);
DispatchMessage(ref msg);
}
if (wh.WaitOne(new TimeSpan(0, 0, 0), false))
{
return WaitReturn.Complete;
}
if (goal.CompareTo(new TimeSpan(DateTime.Now.Ticks)) < 0)
{
return WaitReturn.Timeout;
}
} while (true);
}
public static void SetupTlsContext(DicomNet net, string certName)
{
string serverCA = Path.Combine(LEAD_VARS.ImagesDir, "ca.pem");
if (net != null)
{
DicomOpenSslContextCreationSettings settings = new DicomOpenSslContextCreationSettings(
DicomSslMethodType.SslV23,
serverCA,
DicomOpenSslVerificationFlags.Peer | DicomOpenSslVerificationFlags.FailIfNoPeerCertificate,
2,
DicomOpenSslOptionsFlags.NoSslV2 | DicomOpenSslOptionsFlags.AllBugWorkarounds
);
net.Initialize(null, DicomNetSecurityMode.Tls, settings);
net.SetTlsClientCertificate(certName, DicomTlsCertificateType.Pem, null);
}
}
}
//
// Secure client (TLS)
//
class Client : DicomNet
{
AutoResetEvent waitEvent = new AutoResetEvent(false);
string clientPEM = Path.Combine(LEAD_VARS.ImagesDir, "client.pem");
public Client()
: base(null, DicomNetSecurityMode.Tls)
{
SetTlsCipherSuiteByIndex(0, DicomTlsCipherSuiteType.DheRsaWithDesCbcSha);
Utils.SetupTlsContext(this, clientPEM);
}
public bool Wait()
{
WaitReturn ret;
ret = Utils.WaitForComplete((5 * 60) * 1000, waitEvent);
return (ret == WaitReturn.Complete);
}
protected override void OnConnect(DicomExceptionCode error)
{
waitEvent.Set();
}
protected override string OnPrivateKeyPassword(bool encryption)
{
return "test";
}
protected override void OnSecureLinkReady(DicomExceptionCode error)
{
waitEvent.Set();
}
}
//
// Secure server (TLS)
//
class ServerConnection : DicomNet
{
string serverPEM = Path.Combine(LEAD_VARS.ImagesDir, "server.pem");
public ServerConnection()
: base(null, DicomNetSecurityMode.Tls)
{
SetTlsCipherSuiteByIndex(0, DicomTlsCipherSuiteType.DheRsaWith3DesEdeCbcSha);
SetTlsClientCertificate(serverPEM, DicomTlsCertificateType.Pem, null);
}
protected override string OnPrivateKeyPassword(bool encryption)
{
return "test";
}
// The OnVerify callback gets called twice, once for each certificate in the certificate chain.
protected override int OnVerify(int ok, string certificateString, DicomSecurityCertificateException ex)
{
string certificateMessageString = "Received Client Certificate:\n" + certificateString;
// Log that the SCP received the Client Certificate
Debug.WriteLine(certificateMessageString);
if (ex.Code != DicomSecurityCertificateExceptionCode.Success)
{
string message = string.Format("Error {0}: {1}", ex.Code, ex.Message);
// Log the error with Client Certificate
Debug.WriteLine(message);
}
return ok;
}
}
class Server : DicomNet
{
string serverPEM = Path.Combine(LEAD_VARS.ImagesDir, "server.pem");
ServerConnection client;
public Server()
: base(null, DicomNetSecurityMode.Tls)
{
SetTlsCipherSuiteByIndex(0, DicomTlsCipherSuiteType.DheRsaWith3DesEdeCbcSha);
Utils.SetupTlsContext(this, serverPEM);
}
protected override void OnAccept(DicomExceptionCode error)
{
client = new ServerConnection();
Utils.SetupTlsContext(client, serverPEM);
Accept(client);
}
protected override string OnPrivateKeyPassword(bool encryption)
{
return "test";
}
protected override void Dispose(bool __p1)
{
client.Dispose();
base.Dispose(__p1);
}
}
public void TLSSecuritySample()
{
//Assert test to check file exists before running code
string clientPEM = Path.Combine(LEAD_VARS.ImagesDir, "ca.pem");
Assert.IsTrue(File.Exists(clientPEM) == true, "Missing file: " + clientPEM);
DicomEngine.Startup();
DicomNet.Startup();
using (Server server = new Server())
{
using (Client client = new Client())
{
server.Listen("127.0.0.1", 104, 1); // start server
client.Connect(null, 1000, "127.0.0.1", 104); // connect to server
if (!client.Wait()) // wait for connection to finish
{
Debug.Fail("Connection timed out");
}
Debug.Assert(client.IsConnected(), "Client not connected");
//
// Wait for authenication
//
if (!client.Wait())
{
Debug.Fail("Connection timed out waiting for authenication");
}
// Once two computers have negotiated the ciphersuite, and have
// authenticated each other, they can begin transferring
// messages and data between them.
//Now we can get detailed information about the Cipher Suite
DicomTlsCipherSuiteType cipherSuite = client.GetTlsCipherSuite();// Can also call GetTlsCipherSuiteByIndex
Debug.WriteLine("Encryption Algorithm is : {0}", client.GetTlsEncryptionAlgorithm(cipherSuite));
Debug.WriteLine("Authentication Algorithm is : {0}", client.GetTlsAuthenticationAlgorithm(cipherSuite));
Debug.WriteLine("Integrity Algorithm is : {0}", client.GetTlsIntegrityAlgorithm(cipherSuite));
Debug.WriteLine("Key Exchange Algorithm is : {0}", client.GetTlsKeyExchangeAlgorithm(cipherSuite));
Debug.WriteLine("Encryption Key Length is : {0}", client.GetTlsEncryptionKeyLength(cipherSuite));
Debug.WriteLine("Mutual Authentication Key Length is : {0}", client.GetTlsMutualAuthenticationKeyLength(cipherSuite));
// Continue with normal dicom communication
client.CloseForced(true);
}
server.CloseForced(true);
}
DicomEngine.Shutdown();
DicomNet.Shutdown();
}
static class LEAD_VARS
{
public const string ImagesDir = @"C:\LEADTOOLS22\Resources\Images";
}
Help Collections
Raster .NET | C API | C++ Class Library | HTML5 JavaScript
Document .NET | C API | C++ Class Library | HTML5 JavaScript
Medical .NET | C API | C++ Class Library | HTML5 JavaScript
Medical Web Viewer .NET
Multimedia
Direct Show .NET | C API | Filters
Media Foundation .NET | C API | Transforms
Supported Platforms
.NET, Java, Android, and iOS/macOS Assemblies
Imaging, Medical, and Document
C API/C++ Class Libraries
Imaging, Medical, and Document
HTML5 JavaScript Libraries
Imaging, Medical, and Document