]>
Commit | Line | Data |
---|---|---|
f67539c2 TL |
1 | // Licensed to the Apache Software Foundation(ASF) under one |
2 | // or more contributor license agreements.See the NOTICE file | |
3 | // distributed with this work for additional information | |
4 | // regarding copyright ownership.The ASF licenses this file | |
5 | // to you under the Apache License, Version 2.0 (the | |
6 | // "License"); you may not use this file except in compliance | |
7 | // with the License. You may obtain a copy of the License at | |
8 | // | |
9 | // http://www.apache.org/licenses/LICENSE-2.0 | |
10 | // | |
11 | // Unless required by applicable law or agreed to in writing, | |
12 | // software distributed under the License is distributed on an | |
13 | // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | |
14 | // KIND, either express or implied. See the License for the | |
15 | // specific language governing permissions and limitations | |
16 | // under the License. | |
17 | ||
18 | using System; | |
19 | using System.Net; | |
20 | using System.Net.Security; | |
21 | using System.Net.Sockets; | |
22 | using System.Security.Authentication; | |
23 | using System.Security.Cryptography.X509Certificates; | |
24 | using System.Threading; | |
25 | using System.Threading.Tasks; | |
26 | using Thrift.Transport.Client; | |
27 | ||
28 | namespace Thrift.Transport.Server | |
29 | { | |
30 | // ReSharper disable once InconsistentNaming | |
31 | public class TTlsServerSocketTransport : TServerTransport | |
32 | { | |
33 | private readonly RemoteCertificateValidationCallback _clientCertValidator; | |
34 | private readonly int _clientTimeout = 0; | |
35 | private readonly LocalCertificateSelectionCallback _localCertificateSelectionCallback; | |
36 | private readonly X509Certificate2 _serverCertificate; | |
37 | private readonly SslProtocols _sslProtocols; | |
38 | private TcpListener _server; | |
39 | ||
40 | public TTlsServerSocketTransport( | |
41 | TcpListener listener, | |
42 | X509Certificate2 certificate, | |
43 | RemoteCertificateValidationCallback clientCertValidator = null, | |
44 | LocalCertificateSelectionCallback localCertificateSelectionCallback = null, | |
45 | SslProtocols sslProtocols = SslProtocols.Tls12) | |
46 | { | |
47 | if (!certificate.HasPrivateKey) | |
48 | { | |
49 | throw new TTransportException(TTransportException.ExceptionType.Unknown, | |
50 | "Your server-certificate needs to have a private key"); | |
51 | } | |
52 | ||
53 | _serverCertificate = certificate; | |
54 | _clientCertValidator = clientCertValidator; | |
55 | _localCertificateSelectionCallback = localCertificateSelectionCallback; | |
56 | _sslProtocols = sslProtocols; | |
57 | _server = listener; | |
58 | } | |
59 | ||
60 | public TTlsServerSocketTransport( | |
61 | int port, | |
62 | X509Certificate2 certificate, | |
63 | RemoteCertificateValidationCallback clientCertValidator = null, | |
64 | LocalCertificateSelectionCallback localCertificateSelectionCallback = null, | |
65 | SslProtocols sslProtocols = SslProtocols.Tls12) | |
66 | : this(null, certificate, clientCertValidator, localCertificateSelectionCallback) | |
67 | { | |
68 | try | |
69 | { | |
70 | // Create server socket | |
71 | _server = new TcpListener(IPAddress.Any, port); | |
72 | _server.Server.NoDelay = true; | |
73 | } | |
74 | catch (Exception) | |
75 | { | |
76 | _server = null; | |
77 | throw new TTransportException($"Could not create ServerSocket on port {port}."); | |
78 | } | |
79 | } | |
80 | ||
81 | public override void Listen() | |
82 | { | |
83 | // Make sure accept is not blocking | |
84 | if (_server != null) | |
85 | { | |
86 | try | |
87 | { | |
88 | _server.Start(); | |
89 | } | |
90 | catch (SocketException sx) | |
91 | { | |
92 | throw new TTransportException($"Could not accept on listening socket: {sx.Message}"); | |
93 | } | |
94 | } | |
95 | } | |
96 | ||
97 | public override bool IsClientPending() | |
98 | { | |
99 | return _server.Pending(); | |
100 | } | |
101 | ||
102 | protected override async ValueTask<TTransport> AcceptImplementationAsync(CancellationToken cancellationToken) | |
103 | { | |
104 | if (cancellationToken.IsCancellationRequested) | |
105 | { | |
106 | return await Task.FromCanceled<TTransport>(cancellationToken); | |
107 | } | |
108 | ||
109 | if (_server == null) | |
110 | { | |
111 | throw new TTransportException(TTransportException.ExceptionType.NotOpen, "No underlying server socket."); | |
112 | } | |
113 | ||
114 | try | |
115 | { | |
116 | var client = await _server.AcceptTcpClientAsync(); | |
117 | client.SendTimeout = client.ReceiveTimeout = _clientTimeout; | |
118 | ||
119 | //wrap the client in an SSL Socket passing in the SSL cert | |
120 | var tTlsSocket = new TTlsSocketTransport(client, _serverCertificate, true, _clientCertValidator, | |
121 | _localCertificateSelectionCallback, _sslProtocols); | |
122 | ||
123 | await tTlsSocket.SetupTlsAsync(); | |
124 | ||
125 | return tTlsSocket; | |
126 | } | |
127 | catch (Exception ex) | |
128 | { | |
129 | throw new TTransportException(ex.ToString()); | |
130 | } | |
131 | } | |
132 | ||
133 | public override void Close() | |
134 | { | |
135 | if (_server != null) | |
136 | { | |
137 | try | |
138 | { | |
139 | _server.Stop(); | |
140 | } | |
141 | catch (Exception ex) | |
142 | { | |
143 | throw new TTransportException($"WARNING: Could not close server socket: {ex}"); | |
144 | } | |
145 | ||
146 | _server = null; | |
147 | } | |
148 | } | |
149 | } | |
150 | } |