Fix for pull request #85, added TargetHost property to ClientSslAuthConfiguration class, and refactored

2014-11-03 15:11:43 +09:00 · 2014-11-03 15:11:43 +09:00 · c511f9d7ac
commit c511f9d7ac
parent 1fc568c4e8
2 changed files with 54 additions and 46 deletions
--- a/websocket-sharp/Net/ClientSslAuthConfiguration.cs
+++ b/websocket-sharp/Net/ClientSslAuthConfiguration.cs
@ -34,14 +34,14 @@
 */
 #endregion

+using System.Net.Security;
 using System.Security.Authentication;
 using System.Security.Cryptography.X509Certificates;

 namespace WebSocketSharp.Net
 {
  /// <summary>
-  /// Stores the parameters used in configuring <see cref="System.Net.Security.SslStream"/>
-  /// as a client.
+  /// Stores the parameters used to configure a <see cref="SslStream"/> instance as a client.
  /// </summary>
  public class ClientSslAuthConfiguration
  {
@ -49,39 +49,26 @@ namespace WebSocketSharp.Net

    /// <summary>
    /// Initializes a new instance of the <see cref="ClientSslAuthConfiguration"/> class with
-    /// the specified <paramref name="clientCertificates"/>.
+    /// the specified <paramref name="targetHost"/>.
    /// </summary>
-    /// <param name="clientCertificates">
-    /// A <see cref="X509CertificateCollection"/> that contains client certificates.
+    /// <param name="targetHost">
+    /// A <see cref="string"/> that represents the name of the server that shares
+    /// a secure connection.
    /// </param>
-    public ClientSslAuthConfiguration (X509CertificateCollection clientCertificates)
-      : this (clientCertificates, SslProtocols.Default, false)
+    public ClientSslAuthConfiguration (string targetHost)
+      : this (targetHost, null, SslProtocols.Default, false)
    {
    }

    /// <summary>
    /// Initializes a new instance of the <see cref="ClientSslAuthConfiguration"/> class with
-    /// the specified <paramref name="clientCertificates"/> and
-    /// <paramref name="enabledSslProtocols"/>.
+    /// the specified <paramref name="targetHost"/>, <paramref name="clientCertificates"/>,
+    /// <paramref name="enabledSslProtocols"/>, and <paramref name="checkCertificateRevocation"/>.
    /// </summary>
-    /// <param name="clientCertificates">
-    /// A <see cref="X509CertificateCollection"/> that contains client certificates.
+    /// <param name="targetHost">
+    /// A <see cref="string"/> that represents the name of the server that shares
+    /// a secure connection.
    /// </param>
-    /// <param name="enabledSslProtocols">
-    /// The <see cref="SslProtocols"/> enum value that represents the protocols used for
-    /// authentication.
-    /// </param>
-    public ClientSslAuthConfiguration (
-      X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols)
-      : this (clientCertificates, enabledSslProtocols, false)
-    {
-    }
-
-    /// <summary>
-    /// Initializes a new instance of the <see cref="ClientSslAuthConfiguration"/> class with
-    /// the specified <paramref name="clientCertificates"/>, <paramref name="enabledSslProtocols"/>,
-    /// and <paramref name="checkCertificateRevocation"/>.
-    /// </summary>
    /// <param name="clientCertificates">
    /// A <see cref="X509CertificateCollection"/> that contains client certificates.
    /// </param>
@ -94,10 +81,12 @@ namespace WebSocketSharp.Net
    /// otherwise, <c>false</c>.
    /// </param>
    public ClientSslAuthConfiguration (
+      string targetHost,
      X509CertificateCollection clientCertificates,
      SslProtocols enabledSslProtocols,
      bool checkCertificateRevocation)
    {
+      TargetHost = targetHost;
      ClientCertificates = clientCertificates;
      EnabledSslProtocols = enabledSslProtocols;
      CheckCertificateRevocation = checkCertificateRevocation;
@ -133,6 +122,15 @@ namespace WebSocketSharp.Net
    /// </value>
    public SslProtocols EnabledSslProtocols { get; set; }

+    /// <summary>
+    /// Gets or sets the name of the server that shares a secure connection.
+    /// </summary>
+    /// <value>
+    /// A <see cref="string"/> that represents the name of the server that shares
+    /// a secure connection.
+    /// </value>
+    public string TargetHost { get; set; }
+
    #endregion
  }
 }
--- a/websocket-sharp/WebSocket.cs
+++ b/websocket-sharp/WebSocket.cs
@ -498,16 +498,19 @@ namespace WebSocketSharp
    }

    /// <summary>
-    /// Gets or sets the SSL configuration used to authenticate the server and optionally the client
-    /// on the secure connection.
+    /// Gets or sets the SSL configuration used to authenticate the server and
+    /// optionally the client for secure connection.
    /// </summary>
    /// <value>
-    /// A <see cref="ClientSslAuthConfiguration"/> that represents the SSL configuration used to
-    /// authenticate the server and optionally the client.
+    /// A <see cref="ClientSslAuthConfiguration"/> that represents the configuration
+    /// used to authenticate the server and optionally the client for secure connection,
+    /// or <see langword="null"/> if the <see cref="WebSocket"/> is used as server.
    /// </value>
    public ClientSslAuthConfiguration SslConfiguration {
      get {
-        return _sslConfig;
+        return _client
+               ? (_sslConfig ?? (_sslConfig = new ClientSslAuthConfiguration (_uri.DnsSafeHost)))
+               : null;
      }

      set {
@ -1366,24 +1369,31 @@ namespace WebSocketSharp
      }

      if (_secure) {
-        var sslStream = new SslStream (
-          _stream,
-          false,
-          _certValidationCallback ?? ((sender, certificate, chain, sslPolicyErrors) => true),
-          _certSelectionCallback ??
-            ((sender, targetHost, localCertificates, remoteCertificate, acceptableIssuers) =>
-              null));
+        var conf = SslConfiguration;
+        if (conf.TargetHost != _uri.DnsSafeHost)
+          throw new WebSocketException (
+            CloseStatusCode.TlsHandshakeFailure, "An invalid host name is specified.");
+
+        try {
+          var sslStream = new SslStream (
+            _stream,
+            false,
+            _certValidationCallback ?? ((sender, certificate, chain, sslPolicyErrors) => true),
+            _certSelectionCallback ??
+              ((sender, targetHost, localCertificates, remoteCertificate, acceptableIssuers) =>
+                null));

-        if (_sslConfig == null)
-          sslStream.AuthenticateAsClient (_uri.DnsSafeHost);
-        else
          sslStream.AuthenticateAsClient (
-            _uri.DnsSafeHost,
-            _sslConfig.ClientCertificates,
-            _sslConfig.EnabledSslProtocols,
-            _sslConfig.CheckCertificateRevocation);
+            conf.TargetHost,
+            conf.ClientCertificates,
+            conf.EnabledSslProtocols,
+            conf.CheckCertificateRevocation);

-        _stream = sslStream;
+          _stream = sslStream;
+        }
+        catch (Exception ex) {
+          throw new WebSocketException (CloseStatusCode.TlsHandshakeFailure, ex);
+        }
      }
    }