Author: tabish
Date: Wed Mar 31 21:21:53 2010
New Revision: 929718
URL: http://svn.apache.org/viewvc?rev=929718&view=rev
Log:
http://issues.apache.org/activemq/browse/AMQNET-239
Updates to better support client authentication when required by the server.
Modified:
activemq/activemq-dotnet/Apache.NMS.ActiveMQ/trunk/src/main/csharp/Transport/Tcp/SslTransport.cs
activemq/activemq-dotnet/Apache.NMS.ActiveMQ/trunk/src/main/csharp/Transport/Tcp/SslTransportFactory.cs
Modified:
activemq/activemq-dotnet/Apache.NMS.ActiveMQ/trunk/src/main/csharp/Transport/Tcp/SslTransport.cs
URL:
http://svn.apache.org/viewvc/activemq/activemq-dotnet/Apache.NMS.ActiveMQ/trunk/src/main/csharp/Transport/Tcp/SslTransport.cs?rev=929718&r1=929717&r2=929718&view=diff
==============================================================================
---
activemq/activemq-dotnet/Apache.NMS.ActiveMQ/trunk/src/main/csharp/Transport/Tcp/SslTransport.cs
(original)
+++
activemq/activemq-dotnet/Apache.NMS.ActiveMQ/trunk/src/main/csharp/Transport/Tcp/SslTransport.cs
Wed Mar 31 21:21:53 2010
@@ -28,7 +28,8 @@ namespace Apache.NMS.ActiveMQ.Transport.
public class SslTransport : TcpTransport
{
private string serverName;
- private string clientCertLocation;
+ private string clientCertSubject;
+ private string clientCertFilename;
private string clientCertPassword;
private bool acceptInvalidBrokerCert = false;
@@ -56,15 +57,21 @@ namespace Apache.NMS.ActiveMQ.Transport.
set { this.serverName = value; }
}
+ public string ClientCertSubject
+ {
+ get { return this.clientCertSubject; }
+ set { this.clientCertSubject = value; }
+ }
+
/// <summary>
/// Indicates the location of the Client Certificate to use when the
Broker
/// is configured for Client Auth (not common). The SslTransport will
supply
/// this certificate to the SslStream via the SelectLocalCertificate
method.
/// </summary>
- public string ClientCertLocation
+ public string ClientCertFilename
{
- get { return this.clientCertLocation; }
- set { this.clientCertLocation = value; }
+ get { return this.clientCertFilename; }
+ set { this.clientCertFilename = value; }
}
/// <summary>
@@ -93,25 +100,19 @@ namespace Apache.NMS.ActiveMQ.Transport.
{
return this.sslStream;
}
-
- LocalCertificateSelectionCallback clientCertSelect = null;
-
- if(this.clientCertLocation != null )
- {
- clientCertSelect = new
LocalCertificateSelectionCallback(SelectLocalCertificate);
- }
this.sslStream = new SslStream(
new NetworkStream(this.socket),
false,
new
RemoteCertificateValidationCallback(ValidateServerCertificate),
- clientCertSelect );
+ new LocalCertificateSelectionCallback(SelectLocalCertificate)
);
try
{
+
string remoteCertName = this.serverName ??
this.RemoteAddress.Host;
Tracer.Debug("Authorizing as Client for Server: " +
remoteCertName);
- sslStream.AuthenticateAsClient(remoteCertName);
+ sslStream.AuthenticateAsClient(remoteCertName,
LoadCertificates(), SslProtocols.Default, false);
Tracer.Debug("Server is Authenticated = " +
sslStream.IsAuthenticated);
Tracer.Debug("Server is Encrypted = " +
sslStream.IsEncrypted);
}
@@ -170,11 +171,50 @@ namespace Apache.NMS.ActiveMQ.Transport.
X509Certificate
remoteCertificate,
string[]
acceptableIssuers)
{
- Tracer.Debug("Client is selecting a local certificate.");
-
- X509Certificate2 certificate = new X509Certificate2(
clientCertLocation, clientCertPassword );
-
- return certificate;
+ Tracer.DebugFormat("Client is selecting a local certificate from
{0} possibilities.", localCertificates.Count);
+
+ if(localCertificates.Count == 1)
+ {
+ Tracer.Debug("Client has selected certificate with Subject = "
+ localCertificates[0].Subject);
+ return localCertificates[0];
+ }
+ else if(localCertificates.Count > 1 && this.clientCertSubject !=
null)
+ {
+ foreach(X509Certificate2 certificate in localCertificates)
+ {
+ Tracer.Debug("Checking Client Certificate := " +
certificate.ToString());
+ if(String.Compare(certificate.Subject,
this.clientCertSubject, true) == 0)
+ {
+ Tracer.Debug("Client has selected certificate with
Subject = " + certificate.Subject);
+ return certificate;
+ }
+ }
+ }
+
+ Tracer.Debug("Client did not select a Certificate, returning
null.");
+ return null;
+ }
+
+ private X509Certificate2Collection LoadCertificates()
+ {
+ X509Certificate2Collection collection = new
X509Certificate2Collection();
+
+ if(!String.IsNullOrEmpty(this.clientCertFilename))
+ {
+ Tracer.Debug("Attempting to load Client Certificate from file
:= " + this.clientCertFilename);
+ X509Certificate2 certificate = new
X509Certificate2(this.clientCertFilename, this.clientCertPassword);
+ Tracer.Debug("Loaded Client Certificate := " +
certificate.ToString());
+
+ collection.Add(certificate);
+ }
+ else
+ {
+ X509Store store = new X509Store(StoreName.My,
StoreLocation.CurrentUser);
+
+ collection = store.Certificates;
+ }
+
+ return collection;
}
}
Modified:
activemq/activemq-dotnet/Apache.NMS.ActiveMQ/trunk/src/main/csharp/Transport/Tcp/SslTransportFactory.cs
URL:
http://svn.apache.org/viewvc/activemq/activemq-dotnet/Apache.NMS.ActiveMQ/trunk/src/main/csharp/Transport/Tcp/SslTransportFactory.cs?rev=929718&r1=929717&r2=929718&view=diff
==============================================================================
---
activemq/activemq-dotnet/Apache.NMS.ActiveMQ/trunk/src/main/csharp/Transport/Tcp/SslTransportFactory.cs
(original)
+++
activemq/activemq-dotnet/Apache.NMS.ActiveMQ/trunk/src/main/csharp/Transport/Tcp/SslTransportFactory.cs
Wed Mar 31 21:21:53 2010
@@ -24,7 +24,8 @@ namespace Apache.NMS.ActiveMQ.Transport.
public class SslTransportFactory : TcpTransportFactory
{
private string serverName;
- private string clientCertLocation;
+ private string clientCertSubject;
+ private string clientCertFilename;
private string clientCertPassword;
private bool acceptInvalidBrokerCert = false;
@@ -38,10 +39,16 @@ namespace Apache.NMS.ActiveMQ.Transport.
set { this.serverName = value; }
}
- public string ClientCertLocation
+ public string ClientCertSubject
{
- get { return this.clientCertLocation; }
- set { this.clientCertLocation = value; }
+ get { return this.clientCertSubject; }
+ set { this.clientCertSubject = value; }
+ }
+
+ public string ClientCertFilename
+ {
+ get { return this.clientCertFilename; }
+ set { this.clientCertFilename = value; }
}
public string ClientCertPassword
@@ -60,10 +67,12 @@ namespace Apache.NMS.ActiveMQ.Transport.
{
Tracer.Debug("Creating new instance of the SSL Transport.");
SslTransport transport = new SslTransport(location,
socket, wireFormat);
-
- transport.ClientCertLocation = ClientCertLocation;
- transport.ClientCertPassword = ClientCertPassword;
- transport.AcceptInvalidBrokerCert = AcceptInvalidBrokerCert;
+
+ transport.ClientCertSubject = this.clientCertSubject;
+ transport.ClientCertFilename = this.clientCertFilename;
+ transport.ClientCertPassword = this.clientCertPassword;
+ transport.ServerName = this.serverName;
+ transport.AcceptInvalidBrokerCert = this.acceptInvalidBrokerCert;
return transport;
}
