2 * Licensed to the Apache Software Foundation (ASF) under one
3 * or more contributor license agreements. See the NOTICE file
4 * distributed with this work for additional information
5 * regarding copyright ownership. The ASF licenses this file
6 * to you under the Apache License, Version 2.0 (the
7 * "License"); you may not use this file except in compliance
8 * with the License. You may obtain a copy of the License at
10 * http://www.apache.org/licenses/LICENSE-2.0
12 * Unless required by applicable law or agreed to in writing,
13 * software distributed under the License is distributed on an
14 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15 * KIND, either express or implied. See the License for the
16 * specific language governing permissions and limitations
21 using System.Net.Security;
22 using System.Net.Sockets;
23 using System.Security.Authentication;
24 using System.Security.Cryptography.X509Certificates;
26 namespace Thrift.Transport
29 /// SSL Server Socket Wrapper Class
31 public class TTLSServerSocket : TServerTransport
34 /// Underlying tcp server
36 private TcpListener server = null;
39 /// The port where the socket listen
44 /// Timeout for the created server socket
46 private readonly int clientTimeout;
49 /// Whether or not to wrap new TSocket connections in buffers
51 private bool useBufferedSockets = false;
54 /// The servercertificate with the private- and public-key
56 private X509Certificate serverCertificate;
59 /// The function to validate the client certificate.
61 private RemoteCertificateValidationCallback clientCertValidator;
64 /// The function to determine which certificate to use.
66 private LocalCertificateSelectionCallback localCertificateSelectionCallback;
69 /// The SslProtocols value that represents the protocol used for authentication.
71 private readonly SslProtocols sslProtocols;
74 /// Initializes a new instance of the <see cref="TTLSServerSocket" /> class.
76 /// <param name="port">The port where the server runs.</param>
77 /// <param name="certificate">The certificate object.</param>
78 public TTLSServerSocket(int port, X509Certificate2 certificate)
79 : this(port, 0, certificate)
84 /// Initializes a new instance of the <see cref="TTLSServerSocket" /> class.
86 /// <param name="port">The port where the server runs.</param>
87 /// <param name="clientTimeout">Send/receive timeout.</param>
88 /// <param name="certificate">The certificate object.</param>
89 public TTLSServerSocket(int port, int clientTimeout, X509Certificate2 certificate)
90 : this(port, clientTimeout, false, certificate)
95 /// Initializes a new instance of the <see cref="TTLSServerSocket" /> class.
97 /// <param name="port">The port where the server runs.</param>
98 /// <param name="clientTimeout">Send/receive timeout.</param>
99 /// <param name="useBufferedSockets">If set to <c>true</c> [use buffered sockets].</param>
100 /// <param name="certificate">The certificate object.</param>
101 /// <param name="clientCertValidator">The certificate validator.</param>
102 /// <param name="localCertificateSelectionCallback">The callback to select which certificate to use.</param>
103 /// <param name="sslProtocols">The SslProtocols value that represents the protocol used for authentication.</param>
104 public TTLSServerSocket(
107 bool useBufferedSockets,
108 X509Certificate2 certificate,
109 RemoteCertificateValidationCallback clientCertValidator = null,
110 LocalCertificateSelectionCallback localCertificateSelectionCallback = null,
111 // TODO: Enable Tls11 and Tls12 (TLS 1.1 and 1.2) by default once we start using .NET 4.5+.
112 SslProtocols sslProtocols = SslProtocols.Tls)
114 if (!certificate.HasPrivateKey)
116 throw new TTransportException(TTransportException.ExceptionType.Unknown, "Your server-certificate needs to have a private key");
120 this.clientTimeout = clientTimeout;
121 this.serverCertificate = certificate;
122 this.useBufferedSockets = useBufferedSockets;
123 this.clientCertValidator = clientCertValidator;
124 this.localCertificateSelectionCallback = localCertificateSelectionCallback;
125 this.sslProtocols = sslProtocols;
128 // Create server socket
129 this.server = TSocketVersionizer.CreateTcpListener(this.port);
130 this.server.Server.NoDelay = true;
135 throw new TTransportException("Could not create ServerSocket on port " + this.port + ".", ex);
140 /// Starts the server.
142 public override void Listen()
144 // Make sure accept is not blocking
145 if (this.server != null)
151 catch (SocketException sx)
153 throw new TTransportException("Could not accept on listening socket: " + sx.Message, sx);
159 /// Callback for Accept Implementation
162 /// TTransport-object.
164 protected override TTransport AcceptImpl()
166 if (this.server == null)
168 throw new TTransportException(TTransportException.ExceptionType.NotOpen, "No underlying server socket.");
173 TcpClient client = this.server.AcceptTcpClient();
174 client.SendTimeout = client.ReceiveTimeout = this.clientTimeout;
176 //wrap the client in an SSL Socket passing in the SSL cert
177 TTLSSocket socket = new TTLSSocket(
179 this.serverCertificate,
181 this.clientCertValidator,
182 this.localCertificateSelectionCallback,
187 if (useBufferedSockets)
189 TBufferedTransport trans = new TBufferedTransport(socket);
200 throw new TTransportException(ex.ToString(), ex);
207 public override void Close()
209 if (this.server != null)
217 throw new TTransportException("WARNING: Could not close server socket: " + ex, ex);