activemq-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From tab...@apache.org
Subject svn commit: r929720 - in /activemq/activemq-dotnet/Apache.NMS.Stomp/trunk/src/main/csharp/Transport/Tcp: SslTransport.cs SslTransportFactory.cs
Date Wed, 31 Mar 2010 21:25:06 GMT
Author: tabish
Date: Wed Mar 31 21:25:06 2010
New Revision: 929720

URL: http://svn.apache.org/viewvc?rev=929720&view=rev
Log:
http://issues.apache.org/activemq/browse/AMQNET-239

Updates to better support client authentication when required by the server.

Modified:
    activemq/activemq-dotnet/Apache.NMS.Stomp/trunk/src/main/csharp/Transport/Tcp/SslTransport.cs
    activemq/activemq-dotnet/Apache.NMS.Stomp/trunk/src/main/csharp/Transport/Tcp/SslTransportFactory.cs

Modified: activemq/activemq-dotnet/Apache.NMS.Stomp/trunk/src/main/csharp/Transport/Tcp/SslTransport.cs
URL: http://svn.apache.org/viewvc/activemq/activemq-dotnet/Apache.NMS.Stomp/trunk/src/main/csharp/Transport/Tcp/SslTransport.cs?rev=929720&r1=929719&r2=929720&view=diff
==============================================================================
--- activemq/activemq-dotnet/Apache.NMS.Stomp/trunk/src/main/csharp/Transport/Tcp/SslTransport.cs
(original)
+++ activemq/activemq-dotnet/Apache.NMS.Stomp/trunk/src/main/csharp/Transport/Tcp/SslTransport.cs
Wed Mar 31 21:25:06 2010
@@ -29,7 +29,9 @@ namespace Apache.NMS.Stomp.Transport.Tcp
 {
     public class SslTransport : TcpTransport
     {
-        private string clientCertLocation;
+        private string serverName;
+        private string clientCertSubject;
+        private string clientCertFilename;
         private string clientCertPassword;
         
         private bool acceptInvalidBrokerCert = false;
@@ -47,14 +49,31 @@ namespace Apache.NMS.Stomp.Transport.Tcp
         }
 
         /// <summary>
+        /// Indicates the name of the Server's Certificate.  By default the Host name
+        /// of the remote server is used, however if this doesn't match the name of the
+        /// Server's certificate then this option can be set to override the default.
+        /// </summary>
+        public string ServerName
+        {
+            get { return this.serverName; }
+            set { this.serverName = value; }
+        }
+
+        public string ClientCertSubject
+        {
+            get { return this.clientCertSubject; }
+            set { this.clientCertSubject = value; }
+        }
+
+        /// <summary>
         /// Indicates the location of the Client Certificate to use when the Broker
         /// is configured for Client Auth (not common).  The SslTransport will supply
         /// this certificate to the SslStream via the SelectLocalCertificate method.
         /// </summary>
-        public string ClientCertLocation
+        public string ClientCertFilename
         {
-            get { return this.clientCertLocation; }
-            set { this.clientCertLocation = value; }
+            get { return this.clientCertFilename; }
+            set { this.clientCertFilename = value; }
         }
 
         /// <summary>
@@ -83,24 +102,19 @@ namespace Apache.NMS.Stomp.Transport.Tcp
             {
                 return this.sslStream;
             }
-            
-            LocalCertificateSelectionCallback clientCertSelect = null;
-            
-            if(this.clientCertLocation != null )
-            {
-                clientCertSelect = new LocalCertificateSelectionCallback(SelectLocalCertificate);
-            }
 
             this.sslStream = new SslStream(
                 new NetworkStream(this.socket), 
                 false,
                 new RemoteCertificateValidationCallback(ValidateServerCertificate),
-                clientCertSelect );
+                new LocalCertificateSelectionCallback(SelectLocalCertificate) );
 
             try
             {
-                Tracer.Debug("Authorizing as Client for Server: " + this.RemoteAddress.Host);
-                sslStream.AuthenticateAsClient(this.RemoteAddress.Host);
+
+                string remoteCertName = this.serverName ?? this.RemoteAddress.Host;
+                Tracer.Debug("Authorizing as Client for Server: " + remoteCertName);
+                sslStream.AuthenticateAsClient(remoteCertName, LoadCertificates(), SslProtocols.Default,
false);
                 Tracer.Debug("Server is Authenticated = " + sslStream.IsAuthenticated);
                 Tracer.Debug("Server is Encrypted = " + sslStream.IsEncrypted);         
      
             }
@@ -159,14 +173,53 @@ namespace Apache.NMS.Stomp.Transport.Tcp
                                                        X509Certificate remoteCertificate,

                                                        string[] acceptableIssuers)
         {    
-            Tracer.Debug("Client is selecting a local certificate.");
-        
-            X509Certificate2 certificate = new X509Certificate2( clientCertLocation, clientCertPassword
);
-                        
-            return certificate;
+            Tracer.DebugFormat("Client is selecting a local certificate from {0} possibilities.",
localCertificates.Count);
+
+            if(localCertificates.Count == 1)
+            {
+                Tracer.Debug("Client has selected certificate with Subject = " + localCertificates[0].Subject);
+                return localCertificates[0];
+            }
+            else if(localCertificates.Count > 1 && this.clientCertSubject != null)
+            {
+                foreach(X509Certificate2 certificate in localCertificates)
+                {
+                    Tracer.Debug("Checking Client Certificate := " + certificate.ToString());
+                    if(String.Compare(certificate.Subject, this.clientCertSubject, true)
== 0)
+                    {
+                        Tracer.Debug("Client has selected certificate with Subject = " +
certificate.Subject);
+                        return certificate;
+                    }
+                }
+            }
+
+            Tracer.Debug("Client did not select a Certificate, returning null.");
+            return null;
+        }
+
+        private X509Certificate2Collection LoadCertificates()
+        {
+            X509Certificate2Collection collection = new X509Certificate2Collection();
+
+            if(!String.IsNullOrEmpty(this.clientCertFilename))
+            {
+                Tracer.Debug("Attempting to load Client Certificate from file := " + this.clientCertFilename);
+                X509Certificate2 certificate = new X509Certificate2(this.clientCertFilename,
this.clientCertPassword);
+                Tracer.Debug("Loaded Client Certificate := " + certificate.ToString());
+
+                collection.Add(certificate);
+            }
+            else
+            {
+                X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
+
+                collection = store.Certificates;
+            }
+
+            return collection;
         }
         
     }
 }
 
-#endif
+#endif
\ No newline at end of file

Modified: activemq/activemq-dotnet/Apache.NMS.Stomp/trunk/src/main/csharp/Transport/Tcp/SslTransportFactory.cs
URL: http://svn.apache.org/viewvc/activemq/activemq-dotnet/Apache.NMS.Stomp/trunk/src/main/csharp/Transport/Tcp/SslTransportFactory.cs?rev=929720&r1=929719&r2=929720&view=diff
==============================================================================
--- activemq/activemq-dotnet/Apache.NMS.Stomp/trunk/src/main/csharp/Transport/Tcp/SslTransportFactory.cs
(original)
+++ activemq/activemq-dotnet/Apache.NMS.Stomp/trunk/src/main/csharp/Transport/Tcp/SslTransportFactory.cs
Wed Mar 31 21:25:06 2010
@@ -23,7 +23,9 @@ namespace Apache.NMS.Stomp.Transport.Tcp
 {
 	public class SslTransportFactory : TcpTransportFactory
 	{
-        private string clientCertLocation;
+        private string serverName;
+        private string clientCertSubject;
+        private string clientCertFilename;
         private string clientCertPassword;
         private bool acceptInvalidBrokerCert = false;
         
@@ -31,10 +33,22 @@ namespace Apache.NMS.Stomp.Transport.Tcp
         {
         }
 
-        public string ClientCertLocation
+        public string ServerName
         {
-            get { return this.clientCertLocation; }
-            set { this.clientCertLocation = value; }
+            get { return this.serverName; }
+            set { this.serverName = value; }
+        }
+
+        public string ClientCertSubject
+        {
+            get { return this.clientCertSubject; }
+            set { this.clientCertSubject = value; }
+        }
+
+        public string ClientCertFilename
+        {
+            get { return this.clientCertFilename; }
+            set { this.clientCertFilename = value; }
         }
 
         public string ClientCertPassword
@@ -55,9 +69,11 @@ namespace Apache.NMS.Stomp.Transport.Tcp
 #if !NETCF
             SslTransport transport = new SslTransport(location, socket, wireFormat);
             
-            transport.ClientCertLocation = ClientCertLocation;
-            transport.ClientCertPassword = ClientCertPassword;
-            transport.AcceptInvalidBrokerCert = AcceptInvalidBrokerCert;
+            transport.ClientCertSubject = this.clientCertSubject;
+            transport.ClientCertFilename = this.clientCertFilename;
+            transport.ClientCertPassword = this.clientCertPassword;
+            transport.ServerName = this.serverName;
+            transport.AcceptInvalidBrokerCert = this.acceptInvalidBrokerCert;
             
             return transport;
 #else



Mime
View raw message