ceph/src/jaegertracing/thrift/lib/csharp/src/Transport/TTLSServerSocket.cs

   1 /**
   2  * Licensed to the Apache Software Foundation (ASF) under one
   3  * or more contributor license agreements. See the NOTICE file
   4  * distributed with this work for additional information
   5  * regarding copyright ownership. The ASF licenses this file
   6  * to you under the Apache License, Version 2.0 (the
   7  * "License"); you may not use this file except in compliance
   8  * with the License. You may obtain a copy of the License at
   9  *
  10  *   http://www.apache.org/licenses/LICENSE-2.0
  11  *
  12  * Unless required by applicable law or agreed to in writing,
  13  * software distributed under the License is distributed on an
  14  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  15  * KIND, either express or implied. See the License for the
  16  * specific language governing permissions and limitations
  17  * under the License.
  18  */
  19
  20 using System;
  21 using System.Net.Security;
  22 using System.Net.Sockets;
  23 using System.Security.Authentication;
  24 using System.Security.Cryptography.X509Certificates;
  25
  26 namespace Thrift.Transport
  27 {
  28     /// <summary>
  29     /// SSL Server Socket Wrapper Class
  30     /// </summary>
  31     public class TTLSServerSocket : TServerTransport
  32     {
  33         /// <summary>
  34         /// Underlying tcp server
  35         /// </summary>
  36         private TcpListener server = null;
  37
  38         /// <summary>
  39         /// The port where the socket listen
  40         /// </summary>
  41         private int port = 0;
  42
  43         /// <summary>
  44         /// Timeout for the created server socket
  45         /// </summary>
  46         private readonly int clientTimeout;
  47
  48         /// <summary>
  49         /// Whether or not to wrap new TSocket connections in buffers
  50         /// </summary>
  51         private bool useBufferedSockets = false;
  52
  53         /// <summary>
  54         /// The servercertificate with the private- and public-key
  55         /// </summary>
  56         private X509Certificate serverCertificate;
  57
  58         /// <summary>
  59         /// The function to validate the client certificate.
  60         /// </summary>
  61         private RemoteCertificateValidationCallback clientCertValidator;
  62
  63         /// <summary>
  64         /// The function to determine which certificate to use.
  65         /// </summary>
  66         private LocalCertificateSelectionCallback localCertificateSelectionCallback;
  67
  68         /// <summary>
  69         /// The SslProtocols value that represents the protocol used for authentication.
  70         /// </summary>
  71         private readonly SslProtocols sslProtocols;
  72
  73         /// <summary>
  74         /// Initializes a new instance of the <see cref="TTLSServerSocket" /> class.
  75         /// </summary>
  76         /// <param name="port">The port where the server runs.</param>
  77         /// <param name="certificate">The certificate object.</param>
  78         public TTLSServerSocket(int port, X509Certificate2 certificate)
  79             : this(port, 0, certificate)
  80         {
  81         }
  82
  83         /// <summary>
  84         /// Initializes a new instance of the <see cref="TTLSServerSocket" /> class.
  85         /// </summary>
  86         /// <param name="port">The port where the server runs.</param>
  87         /// <param name="clientTimeout">Send/receive timeout.</param>
  88         /// <param name="certificate">The certificate object.</param>
  89         public TTLSServerSocket(int port, int clientTimeout, X509Certificate2 certificate)
  90             : this(port, clientTimeout, false, certificate)
  91         {
  92         }
  93
  94         /// <summary>
  95         /// Initializes a new instance of the <see cref="TTLSServerSocket" /> class.
  96         /// </summary>
  97         /// <param name="port">The port where the server runs.</param>
  98         /// <param name="clientTimeout">Send/receive timeout.</param>
  99         /// <param name="useBufferedSockets">If set to <c>true</c> [use buffered sockets].</param>
 100         /// <param name="certificate">The certificate object.</param>
 101         /// <param name="clientCertValidator">The certificate validator.</param>
 102         /// <param name="localCertificateSelectionCallback">The callback to select which certificate to use.</param>
 103         /// <param name="sslProtocols">The SslProtocols value that represents the protocol used for authentication.</param>
 104         public TTLSServerSocket(
 105             int port,
 106             int clientTimeout,
 107             bool useBufferedSockets,
 108             X509Certificate2 certificate,
 109             RemoteCertificateValidationCallback clientCertValidator = null,
 110             LocalCertificateSelectionCallback localCertificateSelectionCallback = null,
 111             // TODO: Enable Tls11 and Tls12 (TLS 1.1 and 1.2) by default once we start using .NET 4.5+.
 112             SslProtocols sslProtocols = SslProtocols.Tls)
 113         {
 114             if (!certificate.HasPrivateKey)
 115             {
 116                 throw new TTransportException(TTransportException.ExceptionType.Unknown, "Your server-certificate needs to have a private key");
 117             }
 118
 119             this.port = port;
 120             this.clientTimeout = clientTimeout;
 121             this.serverCertificate = certificate;
 122             this.useBufferedSockets = useBufferedSockets;
 123             this.clientCertValidator = clientCertValidator;
 124             this.localCertificateSelectionCallback = localCertificateSelectionCallback;
 125             this.sslProtocols = sslProtocols;
 126             try
 127             {
 128                 // Create server socket
 129                 this.server = TSocketVersionizer.CreateTcpListener(this.port);
 130                 this.server.Server.NoDelay = true;
 131             }
 132             catch (Exception ex)
 133             {
 134                 server = null;
 135                 throw new TTransportException("Could not create ServerSocket on port " + this.port + ".", ex);
 136             }
 137         }
 138
 139         /// <summary>
 140         /// Starts the server.
 141         /// </summary>
 142         public override void Listen()
 143         {
 144             // Make sure accept is not blocking
 145             if (this.server != null)
 146             {
 147                 try
 148                 {
 149                     this.server.Start();
 150                 }
 151                 catch (SocketException sx)
 152                 {
 153                     throw new TTransportException("Could not accept on listening socket: " + sx.Message, sx);
 154                 }
 155             }
 156         }
 157
 158         /// <summary>
 159         /// Callback for Accept Implementation
 160         /// </summary>
 161         /// <returns>
 162         /// TTransport-object.
 163         /// </returns>
 164         protected override TTransport AcceptImpl()
 165         {
 166             if (this.server == null)
 167             {
 168                 throw new TTransportException(TTransportException.ExceptionType.NotOpen, "No underlying server socket.");
 169             }
 170
 171             try
 172             {
 173                 TcpClient client = this.server.AcceptTcpClient();
 174                 client.SendTimeout = client.ReceiveTimeout = this.clientTimeout;
 175
 176                 //wrap the client in an SSL Socket passing in the SSL cert
 177                 TTLSSocket socket = new TTLSSocket(
 178                     client,
 179                     this.serverCertificate,
 180                     true,
 181                     this.clientCertValidator,
 182                     this.localCertificateSelectionCallback,
 183                     this.sslProtocols);
 184
 185                 socket.setupTLS();
 186
 187                 if (useBufferedSockets)
 188                 {
 189                     TBufferedTransport trans = new TBufferedTransport(socket);
 190                     return trans;
 191                 }
 192                 else
 193                 {
 194                     return socket;
 195                 }
 196
 197             }
 198             catch (Exception ex)
 199             {
 200                 throw new TTransportException(ex.ToString(), ex);
 201             }
 202         }
 203
 204         /// <summary>
 205         /// Stops the Server
 206         /// </summary>
 207         public override void Close()
 208         {
 209             if (this.server != null)
 210             {
 211                 try
 212                 {
 213                     this.server.Stop();
 214                 }
 215                 catch (Exception ex)
 216                 {
 217                     throw new TTransportException("WARNING: Could not close server socket: " + ex, ex);
 218                 }
 219                 this.server = null;
 220             }
 221         }
 222     }
 223 }