Author: tabish
Date: Wed Mar 31 21:21:53 2010
New Revision: 929718

URL: http://svn.apache.org/viewvc?rev=929718&view=rev
Log:
http://issues.apache.org/activemq/browse/AMQNET-239

Updates to better support client authentication when required by the server.

Modified:
    
activemq/activemq-dotnet/Apache.NMS.ActiveMQ/trunk/src/main/csharp/Transport/Tcp/SslTransport.cs
    
activemq/activemq-dotnet/Apache.NMS.ActiveMQ/trunk/src/main/csharp/Transport/Tcp/SslTransportFactory.cs

Modified: 
activemq/activemq-dotnet/Apache.NMS.ActiveMQ/trunk/src/main/csharp/Transport/Tcp/SslTransport.cs
URL: 
http://svn.apache.org/viewvc/activemq/activemq-dotnet/Apache.NMS.ActiveMQ/trunk/src/main/csharp/Transport/Tcp/SslTransport.cs?rev=929718&r1=929717&r2=929718&view=diff
==============================================================================
--- 
activemq/activemq-dotnet/Apache.NMS.ActiveMQ/trunk/src/main/csharp/Transport/Tcp/SslTransport.cs
 (original)
+++ 
activemq/activemq-dotnet/Apache.NMS.ActiveMQ/trunk/src/main/csharp/Transport/Tcp/SslTransport.cs
 Wed Mar 31 21:21:53 2010
@@ -28,7 +28,8 @@ namespace Apache.NMS.ActiveMQ.Transport.
     public class SslTransport : TcpTransport
     {
         private string serverName;
-        private string clientCertLocation;
+        private string clientCertSubject;
+        private string clientCertFilename;
         private string clientCertPassword;
         
         private bool acceptInvalidBrokerCert = false;
@@ -56,15 +57,21 @@ namespace Apache.NMS.ActiveMQ.Transport.
             set { this.serverName = value; }
         }
 
+        public string ClientCertSubject
+        {
+            get { return this.clientCertSubject; }
+            set { this.clientCertSubject = value; }
+        }
+
         /// <summary>
         /// Indicates the location of the Client Certificate to use when the 
Broker
         /// is configured for Client Auth (not common).  The SslTransport will 
supply
         /// this certificate to the SslStream via the SelectLocalCertificate 
method.
         /// </summary>
-        public string ClientCertLocation
+        public string ClientCertFilename
         {
-            get { return this.clientCertLocation; }
-            set { this.clientCertLocation = value; }
+            get { return this.clientCertFilename; }
+            set { this.clientCertFilename = value; }
         }
 
         /// <summary>
@@ -93,25 +100,19 @@ namespace Apache.NMS.ActiveMQ.Transport.
             {
                 return this.sslStream;
             }
-            
-            LocalCertificateSelectionCallback clientCertSelect = null;
-            
-            if(this.clientCertLocation != null )
-            {
-                clientCertSelect = new 
LocalCertificateSelectionCallback(SelectLocalCertificate);
-            }
 
             this.sslStream = new SslStream(
                 new NetworkStream(this.socket), 
                 false,
                 new 
RemoteCertificateValidationCallback(ValidateServerCertificate),
-                clientCertSelect );
+                new LocalCertificateSelectionCallback(SelectLocalCertificate) 
);
 
             try
             {
+
                 string remoteCertName = this.serverName ?? 
this.RemoteAddress.Host;
                 Tracer.Debug("Authorizing as Client for Server: " + 
remoteCertName);
-                sslStream.AuthenticateAsClient(remoteCertName);
+                sslStream.AuthenticateAsClient(remoteCertName, 
LoadCertificates(), SslProtocols.Default, false);
                 Tracer.Debug("Server is Authenticated = " + 
sslStream.IsAuthenticated);
                 Tracer.Debug("Server is Encrypted = " + 
sslStream.IsEncrypted);                
             }
@@ -170,11 +171,50 @@ namespace Apache.NMS.ActiveMQ.Transport.
                                                        X509Certificate 
remoteCertificate, 
                                                        string[] 
acceptableIssuers)
         {    
-            Tracer.Debug("Client is selecting a local certificate.");
-        
-            X509Certificate2 certificate = new X509Certificate2( 
clientCertLocation, clientCertPassword );
-                        
-            return certificate;
+            Tracer.DebugFormat("Client is selecting a local certificate from 
{0} possibilities.", localCertificates.Count);
+
+            if(localCertificates.Count == 1)
+            {
+                Tracer.Debug("Client has selected certificate with Subject = " 
+ localCertificates[0].Subject);
+                return localCertificates[0];
+            }
+            else if(localCertificates.Count > 1 && this.clientCertSubject != 
null)
+            {
+                foreach(X509Certificate2 certificate in localCertificates)
+                {
+                    Tracer.Debug("Checking Client Certificate := " + 
certificate.ToString());
+                    if(String.Compare(certificate.Subject, 
this.clientCertSubject, true) == 0)
+                    {
+                        Tracer.Debug("Client has selected certificate with 
Subject = " + certificate.Subject);
+                        return certificate;
+                    }
+                }
+            }
+
+            Tracer.Debug("Client did not select a Certificate, returning 
null.");
+            return null;
+        }
+
+        private X509Certificate2Collection LoadCertificates()
+        {
+            X509Certificate2Collection collection = new 
X509Certificate2Collection();
+
+            if(!String.IsNullOrEmpty(this.clientCertFilename))
+            {
+                Tracer.Debug("Attempting to load Client Certificate from file 
:= " + this.clientCertFilename);
+                X509Certificate2 certificate = new 
X509Certificate2(this.clientCertFilename, this.clientCertPassword);
+                Tracer.Debug("Loaded Client Certificate := " + 
certificate.ToString());
+
+                collection.Add(certificate);
+            }
+            else
+            {
+                X509Store store = new X509Store(StoreName.My, 
StoreLocation.CurrentUser);
+
+                collection = store.Certificates;
+            }
+
+            return collection;
         }
         
     }

Modified: 
activemq/activemq-dotnet/Apache.NMS.ActiveMQ/trunk/src/main/csharp/Transport/Tcp/SslTransportFactory.cs
URL: 
http://svn.apache.org/viewvc/activemq/activemq-dotnet/Apache.NMS.ActiveMQ/trunk/src/main/csharp/Transport/Tcp/SslTransportFactory.cs?rev=929718&r1=929717&r2=929718&view=diff
==============================================================================
--- 
activemq/activemq-dotnet/Apache.NMS.ActiveMQ/trunk/src/main/csharp/Transport/Tcp/SslTransportFactory.cs
 (original)
+++ 
activemq/activemq-dotnet/Apache.NMS.ActiveMQ/trunk/src/main/csharp/Transport/Tcp/SslTransportFactory.cs
 Wed Mar 31 21:21:53 2010
@@ -24,7 +24,8 @@ namespace Apache.NMS.ActiveMQ.Transport.
        public class SslTransportFactory : TcpTransportFactory
        {
         private string serverName;
-        private string clientCertLocation;
+        private string clientCertSubject;
+        private string clientCertFilename;
         private string clientCertPassword;
         private bool acceptInvalidBrokerCert = false;
         
@@ -38,10 +39,16 @@ namespace Apache.NMS.ActiveMQ.Transport.
             set { this.serverName = value; }
         }
 
-        public string ClientCertLocation
+        public string ClientCertSubject
         {
-            get { return this.clientCertLocation; }
-            set { this.clientCertLocation = value; }
+            get { return this.clientCertSubject; }
+            set { this.clientCertSubject = value; }
+        }
+
+        public string ClientCertFilename
+        {
+            get { return this.clientCertFilename; }
+            set { this.clientCertFilename = value; }
         }
 
         public string ClientCertPassword
@@ -60,10 +67,12 @@ namespace Apache.NMS.ActiveMQ.Transport.
                {
             Tracer.Debug("Creating new instance of the SSL Transport.");
                        SslTransport transport = new SslTransport(location, 
socket, wireFormat);
-            
-            transport.ClientCertLocation = ClientCertLocation;
-            transport.ClientCertPassword = ClientCertPassword;
-            transport.AcceptInvalidBrokerCert = AcceptInvalidBrokerCert;
+
+            transport.ClientCertSubject = this.clientCertSubject;
+            transport.ClientCertFilename = this.clientCertFilename;
+            transport.ClientCertPassword = this.clientCertPassword;
+            transport.ServerName = this.serverName;
+            transport.AcceptInvalidBrokerCert = this.acceptInvalidBrokerCert;
             
             return transport;
                }               


Reply via email to