diff options
Diffstat (limited to 'qpid/dotnet/Qpid.Client/Client/Transport/Socket/Blocking/SslSocketConnector.cs')
-rw-r--r-- | qpid/dotnet/Qpid.Client/Client/Transport/Socket/Blocking/SslSocketConnector.cs | 107 |
1 files changed, 107 insertions, 0 deletions
diff --git a/qpid/dotnet/Qpid.Client/Client/Transport/Socket/Blocking/SslSocketConnector.cs b/qpid/dotnet/Qpid.Client/Client/Transport/Socket/Blocking/SslSocketConnector.cs new file mode 100644 index 0000000000..8436e6fc4f --- /dev/null +++ b/qpid/dotnet/Qpid.Client/Client/Transport/Socket/Blocking/SslSocketConnector.cs @@ -0,0 +1,107 @@ +/* + * + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +using System.IO; +using System.Net; +using log4net; +using Apache.Qpid.Client.Qms; +using Org.Mentalis.Security.Ssl; +using MCertificate = Org.Mentalis.Security.Certificates.Certificate; +using MCertificateChain = Org.Mentalis.Security.Certificates.CertificateChain; + +namespace Apache.Qpid.Client.Transport.Socket.Blocking +{ + /// <summary> + /// Implements a TLS v1.0 connection using the Mentalis.org library + /// </summary> + /// <remarks> + /// It would've been easier to implement this at the StreamFilter + /// level, but unfortunately the Mentalis library doesn't support + /// a passthrough SSL stream class and is tied directly + /// to socket-like classes. + /// </remarks> + class SslSocketConnector : ISocketConnector + { + private static ILog _logger = LogManager.GetLogger(typeof(SslSocketConnector)); + private MyTcpClient _tcpClient; + + public string LocalEndpoint + { + get { return _tcpClient.LocalEndpoint.ToString(); } + } + + public Stream Connect(IBrokerInfo broker) + { + MCertificate cert = GetClientCert(broker); + SecurityOptions options = new SecurityOptions( + SecureProtocol.Tls1, cert, ConnectionEnd.Client + ); + if ( broker.SslOptions != null + && broker.SslOptions.IgnoreValidationErrors ) + { + _logger.Warn("Ignoring any certificate validation errors during SSL handshake..."); + options.VerificationType = CredentialVerification.None; + } + + _tcpClient = new MyTcpClient(broker.Host, broker.Port, options); + return _tcpClient.GetStream(); + } + + public void Dispose() + { + if ( _tcpClient != null ) + { + _tcpClient.Close(); + _tcpClient = null; + } + } + + private static MCertificate GetClientCert(IBrokerInfo broker) + { + // if a client certificate is configured, + // use that to enable mutual authentication + MCertificate cert = null; + if ( broker.SslOptions != null + && broker.SslOptions.ClientCertificate != null ) + { + cert = MCertificate.CreateFromX509Certificate( + broker.SslOptions.ClientCertificate + ); + _logger.DebugFormat("Using Client Certificate for SSL '{0}'", cert.ToString(true)); + } + return cert; + } + + class MyTcpClient : SecureTcpClient + { + public MyTcpClient(string host, int port, SecurityOptions options) + : base(host, port, options) + { + } + + public EndPoint LocalEndpoint + { + get { return Client.LocalEndPoint; } + } + + } + + } +} |