Author: arnaudsimon
Date: Thu Oct 23 07:38:56 2008
New Revision: 707381
URL: http://svn.apache.org/viewvc?rev=707381&view=rev
Log:
Qpid-1392: Add SSL support
Added:
incubator/qpid/trunk/qpid/dotnet/client-010/client/transport/network/io/IIoTransport.cs
incubator/qpid/trunk/qpid/dotnet/client-010/client/transport/network/io/IoSSLTransport.cs
Modified:
incubator/qpid/trunk/qpid/dotnet/client-010/client/client/Client.cs
incubator/qpid/trunk/qpid/dotnet/client-010/client/transport/network/io/IoSender.cs
incubator/qpid/trunk/qpid/dotnet/client-010/client/transport/network/io/IoTransport.cs
Modified: incubator/qpid/trunk/qpid/dotnet/client-010/client/client/Client.cs
URL:
http://svn.apache.org/viewvc/incubator/qpid/trunk/qpid/dotnet/client-010/client/client/Client.cs?rev=707381&r1=707380&r2=707381&view=diff
==============================================================================
--- incubator/qpid/trunk/qpid/dotnet/client-010/client/client/Client.cs
(original)
+++ incubator/qpid/trunk/qpid/dotnet/client-010/client/client/Client.cs Thu Oct
23 07:38:56 2008
@@ -52,7 +52,16 @@
}
#region Interface ClientInterface
-
+
+ /// <summary>
+ /// Establishes a connection with a broker using the provided user
auths
+ ///
+ /// </summary>
+ /// <param name="host">Host name on which a broker is deployed</param>
+ /// <param name="port">Broker port </param>
+ /// <param name="virtualHost">virtual host name</param>
+ /// <param name="username">User Name</param>
+ /// <param name="password">Password</param>
public void connect(String host, int port, String virtualHost, String
username, String password)
{
_log.debug(String.Format("Client Connecting to host {0}; port {1};
virtualHost {2}; username {3}", host,
@@ -67,6 +76,32 @@
negotiationComplete.WaitOne();
}
+ /// <summary>
+ /// Establishes a connection with a broker using SSL
+ ///
+ /// </summary>
+ /// <param name="host">Host name on which a broker is deployed</param>
+ /// <param name="port">Broker port </param>
+ /// <param name="virtualHost">virtual host name</param>
+ /// <param name="username">User Name</param>
+ /// <param name="password">Password</param>
+ /// <param name="serverName">Name of the SSL server</param>
+ /// <param name="certPath">Path to the X509 certificate to be used for
client authentication</param>
+ /// <param name="rejectUntrusted">If true connection will not be
established if the broker is not trusted</param>
+ public void connectSSL(String host, int port, String virtualHost,
String username, String password, string serverName, string certPath, bool
rejectUntrusted)
+ {
+ _log.debug(String.Format("Client Connecting to host {0}; port {1};
virtualHost {2}; username {3}", host,
+ port, virtualHost, username));
+ _log.debug(String.Format("SSL paramters: serverName: {0};
certPath: {1}; rejectUntrusted: {2}", serverName, certPath, rejectUntrusted));
+ ConnectionDelegate connectionDelegate = new
ClientConnectionDelegate(this, username, password);
+ ManualResetEvent negotiationComplete = new ManualResetEvent(false);
+ connectionDelegate.setCondition(negotiationComplete);
+ connectionDelegate.VirtualHost = virtualHost;
+ _conn = IoSSLTransport.connect(host, port, serverName, certPath,
rejectUntrusted, connectionDelegate);
+
+ _conn.send(new ProtocolHeader(1, 0, 10));
+ negotiationComplete.WaitOne();
+ }
public void close()
{
Added:
incubator/qpid/trunk/qpid/dotnet/client-010/client/transport/network/io/IIoTransport.cs
URL:
http://svn.apache.org/viewvc/incubator/qpid/trunk/qpid/dotnet/client-010/client/transport/network/io/IIoTransport.cs?rev=707381&view=auto
==============================================================================
---
incubator/qpid/trunk/qpid/dotnet/client-010/client/transport/network/io/IIoTransport.cs
(added)
+++
incubator/qpid/trunk/qpid/dotnet/client-010/client/transport/network/io/IIoTransport.cs
Thu Oct 23 07:38:56 2008
@@ -0,0 +1,57 @@
+/*
+* Licensed to the Apache Software Foundation (ASF) under one
+* or more contributor license agreements. See the NOTICE file
+* distributed with this work for additional information
+* regarding copyright ownership. The ASF licenses this file
+* to you under the Apache License, Version 2.0 (the
+* "License"); you may not use this file except in compliance
+* with the License. You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing,
+* software distributed under the License is distributed on an
+* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+* KIND, either express or implied. See the License for the
+* specific language governing permissions and limitations
+* under the License.
+*/
+using System.IO;
+using System.Net.Sockets;
+
+namespace org.apache.qpid.transport.network.io
+{
+ public interface IIoTransport
+ {
+ Connection Connection
+ {
+ get;
+ set;
+ }
+
+ Receiver<ReceivedPayload<MemoryStream>> Receiver
+ {
+ get;
+ set;
+ }
+
+ IoSender Sender
+ {
+ get;
+ set;
+ }
+
+
+ Stream Stream
+ {
+ get;
+ set;
+ }
+
+ TcpClient Socket
+ {
+ get;
+ set;
+ }
+ }
+}
Added:
incubator/qpid/trunk/qpid/dotnet/client-010/client/transport/network/io/IoSSLTransport.cs
URL:
http://svn.apache.org/viewvc/incubator/qpid/trunk/qpid/dotnet/client-010/client/transport/network/io/IoSSLTransport.cs?rev=707381&view=auto
==============================================================================
---
incubator/qpid/trunk/qpid/dotnet/client-010/client/transport/network/io/IoSSLTransport.cs
(added)
+++
incubator/qpid/trunk/qpid/dotnet/client-010/client/transport/network/io/IoSSLTransport.cs
Thu Oct 23 07:38:56 2008
@@ -0,0 +1,194 @@
+/*
+* Licensed to the Apache Software Foundation (ASF) under one
+* or more contributor license agreements. See the NOTICE file
+* distributed with this work for additional information
+* regarding copyright ownership. The ASF licenses this file
+* to you under the Apache License, Version 2.0 (the
+* "License"); you may not use this file except in compliance
+* with the License. You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing,
+* software distributed under the License is distributed on an
+* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+* KIND, either express or implied. See the License for the
+* specific language governing permissions and limitations
+* under the License.
+*/
+using System;
+using System.IO;
+using System.Net.Security;
+using System.Net.Sockets;
+using System.Security.Authentication;
+using System.Security.Cryptography.X509Certificates;
+using org.apache.qpid.transport.util;
+
+namespace org.apache.qpid.transport.network.io
+{
+ public sealed class IoSSLTransport : IIoTransport
+ {
+ // constants
+ private const int DEFAULT_READ_WRITE_BUFFER_SIZE = 64*1024;
+ private const int TIMEOUT = 60000;
+ private const int QUEUE_SIZE = 1000;
+ // props
+ private static readonly Logger log = Logger.get(typeof
(IoSSLTransport));
+ private Stream m_stream;
+ private IoSender m_sender;
+ private Receiver<ReceivedPayload<MemoryStream>> m_receiver;
+ private TcpClient m_socket;
+ private Connection m_con;
+ private readonly bool _rejectUntrusted;
+
+ public static Connection connect(String host, int port, string
serverName, string certPath, bool rejectUntrusted, ConnectionDelegate conndel)
+ {
+ IIoTransport transport = new IoSSLTransport(host, port,
serverName, certPath, rejectUntrusted, conndel);
+ return transport.Connection;
+ }
+
+ public IoSSLTransport(String host, int port, string serverName, string
certPath, bool rejectUntrusted, ConnectionDelegate conndel)
+ {
+ _rejectUntrusted = rejectUntrusted;
+ createSocket(host, port, serverName, certPath);
+ Sender = new IoSender(this, QUEUE_SIZE, TIMEOUT);
+ Receiver = new IoReceiver(Stream, Socket.ReceiveBufferSize*2,
TIMEOUT);
+ Assembler assembler = new Assembler();
+ InputHandler inputHandler = new
InputHandler(InputHandler.State.PROTO_HDR);
+ Connection = new Connection(assembler, new Disassembler(Sender,
64*1024 - 1), conndel);
+ // Input handler listen to Receiver events
+ Receiver.Received += inputHandler.On_ReceivedBuffer;
+ // Assembler listen to inputhandler events
+ inputHandler.ReceivedEvent += assembler.On_ReceivedEvent;
+ // Connection listen to asembler protocol event
+ Receiver.Closed += Connection.On_ReceivedClosed;
+ Receiver.Exception += Connection.On_ReceivedException;
+ inputHandler.HandlerClosed += Connection.On_ReceivedClosed;
+ inputHandler.ExceptionProcessing +=
Connection.On_ReceivedException;
+ assembler.HandlerClosed += Connection.On_ReceivedClosed;
+ assembler.ExceptionProcessing += Connection.On_ReceivedException;
+ assembler.ReceivedEvent += Connection.On_ReceivedEvent;
+ }
+
+ public Connection Connection
+ {
+ get { return m_con; }
+ set { m_con = value; }
+ }
+
+ public Receiver<ReceivedPayload<MemoryStream>> Receiver
+ {
+ get { return m_receiver; }
+ set { m_receiver = value; }
+ }
+
+ public IoSender Sender
+ {
+ get { return m_sender; }
+ set { m_sender = value; }
+ }
+
+
+ public Stream Stream
+ {
+ get { return m_stream; }
+ set { m_stream = value; }
+ }
+
+ public TcpClient Socket
+ {
+ get { return m_socket; }
+ set { m_socket = value; }
+ }
+
+ #region Private Support Functions
+
+ private void createSocket(String host, int port, string serverName,
string certPath)
+ {
+ TcpClient socket;
+ try
+ {
+ socket = new TcpClient();
+ String noDelay =
Environment.GetEnvironmentVariable("qpid.tcpNoDelay");
+ String writeBufferSize =
Environment.GetEnvironmentVariable("qpid.writeBufferSize");
+ String readBufferSize =
Environment.GetEnvironmentVariable("qpid.readBufferSize");
+ socket.NoDelay = noDelay != null && bool.Parse(noDelay);
+ socket.ReceiveBufferSize = readBufferSize == null
+ ? DEFAULT_READ_WRITE_BUFFER_SIZE
+ : int.Parse(readBufferSize);
+ socket.SendBufferSize = writeBufferSize == null
+ ? DEFAULT_READ_WRITE_BUFFER_SIZE
+ : int.Parse(writeBufferSize);
+
+ log.debug("NoDelay : {0}", socket.NoDelay);
+ log.debug("ReceiveBufferSize : {0}", socket.ReceiveBufferSize);
+ log.debug("SendBufferSize : {0}", socket.SendBufferSize);
+ log.debug("Openning connection with host : {0}; port: {1}",
host, port);
+
+ socket.Connect(host, port);
+ Socket = socket;
+ }
+ catch (Exception e)
+ {
+ throw new TransportException("Error connecting to broker", e);
+ }
+ try
+ {
+ //Initializes a new instance of the SslStream class using the
specified Stream, stream closure behavior, certificate validation delegate and
certificate selection delegate
+ SslStream sslStream = new SslStream(socket.GetStream(), false,
ValidateServerCertificate, LocalCertificateSelection);
+ if (certPath != null)
+ {
+ X509CertificateCollection col = new
X509CertificateCollection();
+ X509Certificate cert =
X509Certificate.CreateFromCertFile(certPath);
+ col.Add(cert);
+ sslStream.AuthenticateAsClient(serverName, col,
SslProtocols.Default, true);
+ }
+ else
+ {
+ sslStream.AuthenticateAsClient(serverName);
+ }
+ Stream = sslStream;
+ }
+ catch (AuthenticationException e)
+ {
+ log.warn("Exception: {0}", e.Message);
+ if (e.InnerException != null)
+ {
+ log.warn("Inner exception: {0}", e.InnerException.Message);
+ }
+ socket.Close();
+ throw new TransportException("Authentication failed - closing
the connection.");
+ }
+ }
+
+ // The following method is invoked by the
RemoteCertificateValidationDelegate.
+ public bool ValidateServerCertificate(
+ object sender,
+ X509Certificate certificate,
+ X509Chain chain,
+ SslPolicyErrors sslPolicyErrors)
+ {
+ bool result = true;
+ if (sslPolicyErrors != SslPolicyErrors.None && _rejectUntrusted )
+ {
+ log.warn("Certificate error: {0}", sslPolicyErrors);
+ // Do not allow this client to communicate with
unauthenticated servers.
+ result = false;
+ }
+ return result;
+ }
+
+ public X509Certificate LocalCertificateSelection(
+ Object sender,
+ string targetHost,
+ X509CertificateCollection localCertificates,
+ X509Certificate remoteCertificate,
+ string[] acceptableIssuers
+ )
+ {
+ return remoteCertificate;
+ }
+
+ #endregion
+ }
+}
Modified:
incubator/qpid/trunk/qpid/dotnet/client-010/client/transport/network/io/IoSender.cs
URL:
http://svn.apache.org/viewvc/incubator/qpid/trunk/qpid/dotnet/client-010/client/transport/network/io/IoSender.cs?rev=707381&r1=707380&r2=707381&view=diff
==============================================================================
---
incubator/qpid/trunk/qpid/dotnet/client-010/client/transport/network/io/IoSender.cs
(original)
+++
incubator/qpid/trunk/qpid/dotnet/client-010/client/transport/network/io/IoSender.cs
Thu Oct 23 07:38:56 2008
@@ -18,7 +18,6 @@
*/
using System;
using System.IO;
-using System.Net.Sockets;
using System.Threading;
using common.org.apache.qpid.transport.util;
using org.apache.qpid.transport.util;
@@ -28,14 +27,14 @@
public sealed class IoSender : IIOSender<MemoryStream>
{
private static readonly Logger log = Logger.get(typeof (IoReceiver));
- private readonly NetworkStream bufStream;
+ private readonly Stream bufStream;
private bool closed;
private readonly Mutex mutClosed = new Mutex();
private readonly CircularBuffer<byte[]> queue;
private readonly Thread thread;
private readonly int timeout;
private readonly MemoryStream _tobeSent = new MemoryStream();
- public IoSender(IoTransport transport, int queueSize, int timeout)
+ public IoSender(IIoTransport transport, int queueSize, int timeout)
{
this.timeout = timeout;
bufStream = transport.Stream;
Modified:
incubator/qpid/trunk/qpid/dotnet/client-010/client/transport/network/io/IoTransport.cs
URL:
http://svn.apache.org/viewvc/incubator/qpid/trunk/qpid/dotnet/client-010/client/transport/network/io/IoTransport.cs?rev=707381&r1=707380&r2=707381&view=diff
==============================================================================
---
incubator/qpid/trunk/qpid/dotnet/client-010/client/transport/network/io/IoTransport.cs
(original)
+++
incubator/qpid/trunk/qpid/dotnet/client-010/client/transport/network/io/IoTransport.cs
Thu Oct 23 07:38:56 2008
@@ -31,7 +31,7 @@
/// SO_RCVBUF - qpid.readBufferSize
/// SO_SNDBUF - qpid.writeBufferSize
/// </summary>
- public sealed class IoTransport
+ public sealed class IoTransport : IIoTransport
{
// constants
private const int DEFAULT_READ_WRITE_BUFFER_SIZE = 64*1024;
@@ -39,7 +39,7 @@
private const int QUEUE_SIZE = 1000;
// props
private static readonly Logger log = Logger.get(typeof (IoTransport));
- private NetworkStream m_stream;
+ private Stream m_stream;
private IoSender m_sender;
private Receiver<ReceivedPayload<MemoryStream>> m_receiver;
private TcpClient m_socket;
@@ -92,7 +92,7 @@
}
- public NetworkStream Stream
+ public Stream Stream
{
get { return m_stream; }
set { m_stream = value; }
