]>
Commit | Line | Data |
---|---|---|
f67539c2 TL |
1 | /** |
2 | * Licensed to the Apache Software Foundation (ASF) under one | |
3 | * or more contributor license agreements. See the NOTICE file | |
4 | * distributed with this work for additional information | |
5 | * regarding copyright ownership. The ASF licenses this file | |
6 | * to you under the Apache License, Version 2.0 (the | |
7 | * "License"); you may not use this file except in compliance | |
8 | * with the License. You may obtain a copy of the License at | |
9 | * | |
10 | * http://www.apache.org/licenses/LICENSE-2.0 | |
11 | * | |
12 | * Unless required by applicable law or agreed to in writing, | |
13 | * software distributed under the License is distributed on an | |
14 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | |
15 | * KIND, either express or implied. See the License for the | |
16 | * specific language governing permissions and limitations | |
17 | * under the License. | |
18 | */ | |
19 | ||
20 | using System; | |
21 | using System.Net.Security; | |
22 | using System.Net.Sockets; | |
23 | using System.Security.Authentication; | |
24 | using System.Security.Cryptography.X509Certificates; | |
25 | ||
26 | namespace Thrift.Transport | |
27 | { | |
28 | /// <summary> | |
29 | /// SSL Server Socket Wrapper Class | |
30 | /// </summary> | |
31 | public class TTLSServerSocket : TServerTransport | |
32 | { | |
33 | /// <summary> | |
34 | /// Underlying tcp server | |
35 | /// </summary> | |
36 | private TcpListener server = null; | |
37 | ||
38 | /// <summary> | |
39 | /// The port where the socket listen | |
40 | /// </summary> | |
41 | private int port = 0; | |
42 | ||
43 | /// <summary> | |
44 | /// Timeout for the created server socket | |
45 | /// </summary> | |
46 | private readonly int clientTimeout; | |
47 | ||
48 | /// <summary> | |
49 | /// Whether or not to wrap new TSocket connections in buffers | |
50 | /// </summary> | |
51 | private bool useBufferedSockets = false; | |
52 | ||
53 | /// <summary> | |
54 | /// The servercertificate with the private- and public-key | |
55 | /// </summary> | |
56 | private X509Certificate serverCertificate; | |
57 | ||
58 | /// <summary> | |
59 | /// The function to validate the client certificate. | |
60 | /// </summary> | |
61 | private RemoteCertificateValidationCallback clientCertValidator; | |
62 | ||
63 | /// <summary> | |
64 | /// The function to determine which certificate to use. | |
65 | /// </summary> | |
66 | private LocalCertificateSelectionCallback localCertificateSelectionCallback; | |
67 | ||
68 | /// <summary> | |
69 | /// The SslProtocols value that represents the protocol used for authentication. | |
70 | /// </summary> | |
71 | private readonly SslProtocols sslProtocols; | |
72 | ||
73 | /// <summary> | |
74 | /// Initializes a new instance of the <see cref="TTLSServerSocket" /> class. | |
75 | /// </summary> | |
76 | /// <param name="port">The port where the server runs.</param> | |
77 | /// <param name="certificate">The certificate object.</param> | |
78 | public TTLSServerSocket(int port, X509Certificate2 certificate) | |
79 | : this(port, 0, certificate) | |
80 | { | |
81 | } | |
82 | ||
83 | /// <summary> | |
84 | /// Initializes a new instance of the <see cref="TTLSServerSocket" /> class. | |
85 | /// </summary> | |
86 | /// <param name="port">The port where the server runs.</param> | |
87 | /// <param name="clientTimeout">Send/receive timeout.</param> | |
88 | /// <param name="certificate">The certificate object.</param> | |
89 | public TTLSServerSocket(int port, int clientTimeout, X509Certificate2 certificate) | |
90 | : this(port, clientTimeout, false, certificate) | |
91 | { | |
92 | } | |
93 | ||
94 | /// <summary> | |
95 | /// Initializes a new instance of the <see cref="TTLSServerSocket" /> class. | |
96 | /// </summary> | |
97 | /// <param name="port">The port where the server runs.</param> | |
98 | /// <param name="clientTimeout">Send/receive timeout.</param> | |
99 | /// <param name="useBufferedSockets">If set to <c>true</c> [use buffered sockets].</param> | |
100 | /// <param name="certificate">The certificate object.</param> | |
101 | /// <param name="clientCertValidator">The certificate validator.</param> | |
102 | /// <param name="localCertificateSelectionCallback">The callback to select which certificate to use.</param> | |
103 | /// <param name="sslProtocols">The SslProtocols value that represents the protocol used for authentication.</param> | |
104 | public TTLSServerSocket( | |
105 | int port, | |
106 | int clientTimeout, | |
107 | bool useBufferedSockets, | |
108 | X509Certificate2 certificate, | |
109 | RemoteCertificateValidationCallback clientCertValidator = null, | |
110 | LocalCertificateSelectionCallback localCertificateSelectionCallback = null, | |
111 | // TODO: Enable Tls11 and Tls12 (TLS 1.1 and 1.2) by default once we start using .NET 4.5+. | |
112 | SslProtocols sslProtocols = SslProtocols.Tls) | |
113 | { | |
114 | if (!certificate.HasPrivateKey) | |
115 | { | |
116 | throw new TTransportException(TTransportException.ExceptionType.Unknown, "Your server-certificate needs to have a private key"); | |
117 | } | |
118 | ||
119 | this.port = port; | |
120 | this.clientTimeout = clientTimeout; | |
121 | this.serverCertificate = certificate; | |
122 | this.useBufferedSockets = useBufferedSockets; | |
123 | this.clientCertValidator = clientCertValidator; | |
124 | this.localCertificateSelectionCallback = localCertificateSelectionCallback; | |
125 | this.sslProtocols = sslProtocols; | |
126 | try | |
127 | { | |
128 | // Create server socket | |
129 | this.server = TSocketVersionizer.CreateTcpListener(this.port); | |
130 | this.server.Server.NoDelay = true; | |
131 | } | |
132 | catch (Exception ex) | |
133 | { | |
134 | server = null; | |
135 | throw new TTransportException("Could not create ServerSocket on port " + this.port + ".", ex); | |
136 | } | |
137 | } | |
138 | ||
139 | /// <summary> | |
140 | /// Starts the server. | |
141 | /// </summary> | |
142 | public override void Listen() | |
143 | { | |
144 | // Make sure accept is not blocking | |
145 | if (this.server != null) | |
146 | { | |
147 | try | |
148 | { | |
149 | this.server.Start(); | |
150 | } | |
151 | catch (SocketException sx) | |
152 | { | |
153 | throw new TTransportException("Could not accept on listening socket: " + sx.Message, sx); | |
154 | } | |
155 | } | |
156 | } | |
157 | ||
158 | /// <summary> | |
159 | /// Callback for Accept Implementation | |
160 | /// </summary> | |
161 | /// <returns> | |
162 | /// TTransport-object. | |
163 | /// </returns> | |
164 | protected override TTransport AcceptImpl() | |
165 | { | |
166 | if (this.server == null) | |
167 | { | |
168 | throw new TTransportException(TTransportException.ExceptionType.NotOpen, "No underlying server socket."); | |
169 | } | |
170 | ||
171 | try | |
172 | { | |
173 | TcpClient client = this.server.AcceptTcpClient(); | |
174 | client.SendTimeout = client.ReceiveTimeout = this.clientTimeout; | |
175 | ||
176 | //wrap the client in an SSL Socket passing in the SSL cert | |
177 | TTLSSocket socket = new TTLSSocket( | |
178 | client, | |
179 | this.serverCertificate, | |
180 | true, | |
181 | this.clientCertValidator, | |
182 | this.localCertificateSelectionCallback, | |
183 | this.sslProtocols); | |
184 | ||
185 | socket.setupTLS(); | |
186 | ||
187 | if (useBufferedSockets) | |
188 | { | |
189 | TBufferedTransport trans = new TBufferedTransport(socket); | |
190 | return trans; | |
191 | } | |
192 | else | |
193 | { | |
194 | return socket; | |
195 | } | |
196 | ||
197 | } | |
198 | catch (Exception ex) | |
199 | { | |
200 | throw new TTransportException(ex.ToString(), ex); | |
201 | } | |
202 | } | |
203 | ||
204 | /// <summary> | |
205 | /// Stops the Server | |
206 | /// </summary> | |
207 | public override void Close() | |
208 | { | |
209 | if (this.server != null) | |
210 | { | |
211 | try | |
212 | { | |
213 | this.server.Stop(); | |
214 | } | |
215 | catch (Exception ex) | |
216 | { | |
217 | throw new TTransportException("WARNING: Could not close server socket: " + ex, ex); | |
218 | } | |
219 | this.server = null; | |
220 | } | |
221 | } | |
222 | } | |
223 | } |