[ceph.git] / ceph / src / jaegertracing / thrift / lib / netstd / Thrift / Transport / Server / TTlsServerSocketTransport.cs

// Licensed to the Apache Software Foundation(ASF) under one
// or more contributor license agreements.See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership.The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
// 
//     http://www.apache.org/licenses/LICENSE-2.0
// 
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.

using System;
using System.Net;
using System.Net.Security;
using System.Net.Sockets;
using System.Security.Authentication;
using System.Security.Cryptography.X509Certificates;
using System.Threading;
using System.Threading.Tasks;
using Thrift.Transport.Client;

namespace Thrift.Transport.Server
{
    // ReSharper disable once InconsistentNaming
    public class TTlsServerSocketTransport : TServerTransport
    {
        private readonly RemoteCertificateValidationCallback _clientCertValidator;
        private readonly int _clientTimeout = 0;
        private readonly LocalCertificateSelectionCallback _localCertificateSelectionCallback;
        private readonly X509Certificate2 _serverCertificate;
        private readonly SslProtocols _sslProtocols;
        private TcpListener _server;
               
        public TTlsServerSocketTransport(
            TcpListener listener,
            X509Certificate2 certificate,
            RemoteCertificateValidationCallback clientCertValidator = null,
            LocalCertificateSelectionCallback localCertificateSelectionCallback = null,
            SslProtocols sslProtocols = SslProtocols.Tls12)
        {
            if (!certificate.HasPrivateKey)
            {
                throw new TTransportException(TTransportException.ExceptionType.Unknown,
                    "Your server-certificate needs to have a private key");
            }

            _serverCertificate = certificate;
            _clientCertValidator = clientCertValidator;
            _localCertificateSelectionCallback = localCertificateSelectionCallback;
            _sslProtocols = sslProtocols;
            _server = listener;
        }

        public TTlsServerSocketTransport(
            int port,
            X509Certificate2 certificate,
            RemoteCertificateValidationCallback clientCertValidator = null,
            LocalCertificateSelectionCallback localCertificateSelectionCallback = null,
            SslProtocols sslProtocols = SslProtocols.Tls12)
            : this(null, certificate, clientCertValidator, localCertificateSelectionCallback)
        {
            try
            {
                // Create server socket
                _server = new TcpListener(IPAddress.Any, port);
                _server.Server.NoDelay = true;
            }
            catch (Exception)
            {
                _server = null;
                throw new TTransportException($"Could not create ServerSocket on port {port}.");
            }
        }

        public override void Listen()
        {
            // Make sure accept is not blocking
            if (_server != null)
            {
                try
                {
                    _server.Start();
                }
                catch (SocketException sx)
                {
                    throw new TTransportException($"Could not accept on listening socket: {sx.Message}");
                }
            }
        }

        public override bool IsClientPending()
        {
            return _server.Pending();
        }

        protected override async ValueTask<TTransport> AcceptImplementationAsync(CancellationToken cancellationToken)
        {
            if (cancellationToken.IsCancellationRequested)
            {
                return await Task.FromCanceled<TTransport>(cancellationToken);
            }

            if (_server == null)
            {
                throw new TTransportException(TTransportException.ExceptionType.NotOpen, "No underlying server socket.");
            }

            try
            {
                var client = await _server.AcceptTcpClientAsync();
                client.SendTimeout = client.ReceiveTimeout = _clientTimeout;

                //wrap the client in an SSL Socket passing in the SSL cert
                var tTlsSocket = new TTlsSocketTransport(client, _serverCertificate, true, _clientCertValidator,
                    _localCertificateSelectionCallback, _sslProtocols);

                await tTlsSocket.SetupTlsAsync();
                
                return tTlsSocket;
            }
            catch (Exception ex)
            {
                throw new TTransportException(ex.ToString());
            }
        }

        public override void Close()
        {
            if (_server != null)
            {
                try
                {
                    _server.Stop();
                }
                catch (Exception ex)
                {
                    throw new TTransportException($"WARNING: Could not close server socket: {ex}");
                }

                _server = null;
            }
        }
    }
}
Commit	Line	Data
f67539c2 TL	1	// Licensed to the Apache Software Foundation(ASF) under one
	2	// or more contributor license agreements.See the NOTICE file
	3	// distributed with this work for additional information
	4	// regarding copyright ownership.The ASF licenses this file
	5	// to you under the Apache License, Version 2.0 (the
	6	// "License"); you may not use this file except in compliance
	7	// with the License. You may obtain a copy of the License at
	8	//
	9	// http://www.apache.org/licenses/LICENSE-2.0
	10	//
	11	// Unless required by applicable law or agreed to in writing,
	12	// software distributed under the License is distributed on an
	13	// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	14	// KIND, either express or implied. See the License for the
	15	// specific language governing permissions and limitations
	16	// under the License.
	17
	18	using System;
	19	using System.Net;
	20	using System.Net.Security;
	21	using System.Net.Sockets;
	22	using System.Security.Authentication;
	23	using System.Security.Cryptography.X509Certificates;
	24	using System.Threading;
	25	using System.Threading.Tasks;
	26	using Thrift.Transport.Client;
	27
	28	namespace Thrift.Transport.Server
	29	{
	30	// ReSharper disable once InconsistentNaming
	31	public class TTlsServerSocketTransport : TServerTransport
	32	{
	33	private readonly RemoteCertificateValidationCallback _clientCertValidator;
	34	private readonly int _clientTimeout = 0;
	35	private readonly LocalCertificateSelectionCallback _localCertificateSelectionCallback;
	36	private readonly X509Certificate2 _serverCertificate;
	37	private readonly SslProtocols _sslProtocols;
	38	private TcpListener _server;
	39
	40	public TTlsServerSocketTransport(
	41	TcpListener listener,
	42	X509Certificate2 certificate,
	43	RemoteCertificateValidationCallback clientCertValidator = null,
	44	LocalCertificateSelectionCallback localCertificateSelectionCallback = null,
	45	SslProtocols sslProtocols = SslProtocols.Tls12)
	46	{
	47	if (!certificate.HasPrivateKey)
	48	{
	49	throw new TTransportException(TTransportException.ExceptionType.Unknown,
	50	"Your server-certificate needs to have a private key");
	51	}
	52
	53	_serverCertificate = certificate;
	54	_clientCertValidator = clientCertValidator;
	55	_localCertificateSelectionCallback = localCertificateSelectionCallback;
	56	_sslProtocols = sslProtocols;
	57	_server = listener;
	58	}
	59
	60	public TTlsServerSocketTransport(
	61	int port,
	62	X509Certificate2 certificate,
	63	RemoteCertificateValidationCallback clientCertValidator = null,
	64	LocalCertificateSelectionCallback localCertificateSelectionCallback = null,
65	SslProtocols sslProtocols = SslProtocols.Tls12)
66	: this(null, certificate, clientCertValidator, localCertificateSelectionCallback)
67	{
68	try
69	{
70	// Create server socket
71	_server = new TcpListener(IPAddress.Any, port);
72	_server.Server.NoDelay = true;
73	}
74	catch (Exception)
75	{
76	_server = null;
77	throw new TTransportException($"Could not create ServerSocket on port {port}.");
78	}
79	}
80
81	public override void Listen()
82	{
83	// Make sure accept is not blocking
84	if (_server != null)
85	{
86	try
87	{
88	_server.Start();
89	}
90	catch (SocketException sx)
91	{
92	throw new TTransportException($"Could not accept on listening socket: {sx.Message}");
93	}
94	}
95	}
96
97	public override bool IsClientPending()
98	{
99	return _server.Pending();
100	}
101
102	protected override async ValueTask<TTransport> AcceptImplementationAsync(CancellationToken cancellationToken)
103	{
104	if (cancellationToken.IsCancellationRequested)
105	{
106	return await Task.FromCanceled<TTransport>(cancellationToken);
107	}
108
109	if (_server == null)
110	{
111	throw new TTransportException(TTransportException.ExceptionType.NotOpen, "No underlying server socket.");
112	}
113
114	try
115	{
116	var client = await _server.AcceptTcpClientAsync();
117	client.SendTimeout = client.ReceiveTimeout = _clientTimeout;
118
119	//wrap the client in an SSL Socket passing in the SSL cert
120	var tTlsSocket = new TTlsSocketTransport(client, _serverCertificate, true, _clientCertValidator,
121	_localCertificateSelectionCallback, _sslProtocols);
122
123	await tTlsSocket.SetupTlsAsync();
124
125	return tTlsSocket;
126	}
127	catch (Exception ex)
128	{
129	throw new TTransportException(ex.ToString());
130	}
131	}
132
133	public override void Close()
134	{
135	if (_server != null)
136	{
137	try
138	{
139	_server.Stop();
140	}
141	catch (Exception ex)
142	{
143	throw new TTransportException($"WARNING: Could not close server socket: {ex}");
144	}
145
146	_server = null;
147	}
148	}
149	}
150	}