1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
|
/*
*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*
*/
using System.IO;
using System.Net;
using log4net;
using Apache.Qpid.Client.Qms;
using Org.Mentalis.Security.Ssl;
using MCertificate = Org.Mentalis.Security.Certificates.Certificate;
using MCertificateChain = Org.Mentalis.Security.Certificates.CertificateChain;
namespace Apache.Qpid.Client.Transport.Socket.Blocking
{
/// <summary>
/// Implements a TLS v1.0 connection using the Mentalis.org library
/// </summary>
/// <remarks>
/// It would've been easier to implement this at the StreamFilter
/// level, but unfortunately the Mentalis library doesn't support
/// a passthrough SSL stream class and is tied directly
/// to socket-like classes.
/// </remarks>
class SslSocketConnector : ISocketConnector
{
private static ILog _logger = LogManager.GetLogger(typeof(SslSocketConnector));
private MyTcpClient _tcpClient;
public string LocalEndpoint
{
get { return _tcpClient.LocalEndpoint.ToString(); }
}
public Stream Connect(IBrokerInfo broker)
{
MCertificate cert = GetClientCert(broker);
SecurityOptions options = new SecurityOptions(
SecureProtocol.Tls1, cert, ConnectionEnd.Client
);
if ( broker.SslOptions != null
&& broker.SslOptions.IgnoreValidationErrors )
{
_logger.Warn("Ignoring any certificate validation errors during SSL handshake...");
options.VerificationType = CredentialVerification.None;
}
_tcpClient = new MyTcpClient(broker.Host, broker.Port, options);
return _tcpClient.GetStream();
}
public void Dispose()
{
if ( _tcpClient != null )
{
_tcpClient.Close();
_tcpClient = null;
}
}
private static MCertificate GetClientCert(IBrokerInfo broker)
{
// if a client certificate is configured,
// use that to enable mutual authentication
MCertificate cert = null;
if ( broker.SslOptions != null
&& broker.SslOptions.ClientCertificate != null )
{
cert = MCertificate.CreateFromX509Certificate(
broker.SslOptions.ClientCertificate
);
_logger.DebugFormat("Using Client Certificate for SSL '{0}'", cert.ToString(true));
}
return cert;
}
class MyTcpClient : SecureTcpClient
{
public MyTcpClient(string host, int port, SecurityOptions options)
: base(host, port, options)
{
}
public EndPoint LocalEndpoint
{
get { return Client.LocalEndPoint; }
}
}
}
}
|
