Add SslStream Configuration for Client & Server

2014-10-27 17:15:55 +01:00
parent 72867a26da
commit cc0ab61eb9
12 changed files with 182 additions and 31 deletions
--- a/websocket-sharp/Net/ClientCertAuthConfiguration.cs
+++ b/websocket-sharp/Net/ClientCertAuthConfiguration.cs
@@ -0,0 +1,44 @@
+using System.Security.Authentication;
+using System.Security.Cryptography.X509Certificates;
+
+namespace WebSocketSharp
+{
+    public class ClientCertAuthConfiguration
+    {
+        /// <summary>
+        /// Gets or sets the certificate configuration used to authenticate the clients on the secure connection.
+        /// </summary>
+        /// <value>
+        /// A <see cref="X509CertificateCollection"/> that represents the certificate collection used to authenticate
+        /// the clients.
+        /// </value>
+        public X509CertificateCollection clientCertificates { get; set; }
+
+        /// <summary>
+        /// Gets or sets the Ssl protocols type enabled.
+        /// </summary>
+        /// <value>
+        /// The <see cref="SslProtocols"/> value that represents the protocol used for authentication.
+        /// </value>
+        public SslProtocols EnabledSslProtocols { get; set; }
+
+        /// <summary>
+        /// Gets or sets the verification of certificate revocation option.
+        /// </summary>
+        /// <value>
+        /// A Boolean value that specifies whether the certificate revocation list is checked during authentication.
+        /// </value>
+        public bool CheckCertificateRevocation { get; set; }
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="ClientCertAuthConfiguration"/> class.
+        /// </summary>
+        public ClientCertAuthConfiguration(X509CertificateCollection clientCertificates,
+            SslProtocols enabledSslProtocols = SslProtocols.Default, bool checkCertificateRevocation = false)
+        {
+            this.clientCertificates = clientCertificates;
+            this.EnabledSslProtocols = enabledSslProtocols;
+            this.CheckCertificateRevocation = checkCertificateRevocation;
+        }
+    }
+}
--- a/websocket-sharp/Net/EndPointListener.cs
+++ b/websocket-sharp/Net/EndPointListener.cs
@@ -54,7 +54,7 @@ namespace WebSocketSharp.Net
    #region Private Fields

    private List<HttpListenerPrefix>                     _all; // host == '+'
-    private X509Certificate2                             _cert;
+    private ServerCertAuthConfiguration                  _certConfig;
    private static readonly string                       _defaultCertFolderPath;
    private IPEndPoint                                   _endpoint;
    private Dictionary<HttpListenerPrefix, HttpListener> _prefixes;
@@ -83,13 +83,13 @@ namespace WebSocketSharp.Net
      int port,
      bool secure,
      string certificateFolderPath,
-      X509Certificate2 defaultCertificate,
+      ServerCertAuthConfiguration defaultCertificate,
      bool reuseAddress)
    {
      if (secure) {
        _secure = secure;
-        _cert = getCertificate (port, certificateFolderPath, defaultCertificate);
-        if (_cert == null)
+        _certConfig = getCertificate (port, certificateFolderPath, defaultCertificate);
+        if (_certConfig == null)
          throw new ArgumentException ("No server certificate could be found.");
      }

@@ -116,9 +116,10 @@ namespace WebSocketSharp.Net

    #region Public Properties

-    public X509Certificate2 Certificate {
+    public ServerCertAuthConfiguration CertificateConfig
+    {
      get {
-        return _cert;
+        return _certConfig;
      }
    }

@@ -173,8 +174,8 @@ namespace WebSocketSharp.Net
      return rsa;
    }

-    private static X509Certificate2 getCertificate (
-      int port, string certificateFolderPath, X509Certificate2 defaultCertificate)
+    private static ServerCertAuthConfiguration getCertificate(
+      int port, string certificateFolderPath, ServerCertAuthConfiguration defaultCertificate)
    {
      if (certificateFolderPath == null || certificateFolderPath.Length == 0)
        certificateFolderPath = _defaultCertFolderPath;
@@ -186,7 +187,7 @@ namespace WebSocketSharp.Net
          var cert = new X509Certificate2 (cer);
          cert.PrivateKey = createRSAFromFile (key);

-          return cert;
+          return new ServerCertAuthConfiguration(cert);
        }
      }
      catch {
--- a/websocket-sharp/Net/EndPointManager.cs
+++ b/websocket-sharp/Net/EndPointManager.cs
@@ -107,7 +107,7 @@ namespace WebSocketSharp.Net
          port,
          secure,
          httpListener.CertificateFolderPath,
-          httpListener.DefaultCertificate,
+          httpListener.DefaultCertificateConfig,
          httpListener.ReuseAddress);

        eps[port] = epl;
--- a/websocket-sharp/Net/HttpConnection.cs
+++ b/websocket-sharp/Net/HttpConnection.cs
@@ -87,7 +87,10 @@ namespace WebSocketSharp.Net
      var netStream = new NetworkStream (socket, false);
      if (_secure) {
        var sslStream = new SslStream (netStream, false);
-        sslStream.AuthenticateAsServer (listener.Certificate);
+        var certificateConfig = listener.CertificateConfig;
+        sslStream.AuthenticateAsServer(certificateConfig.ServerCertificate,
+            certificateConfig.ClientCertificateRequired, certificateConfig.EnabledSslProtocols,
+            certificateConfig.CheckCertificateRevocation);
        _stream = sslStream;
      }
      else {
--- a/websocket-sharp/Net/HttpListener.cs
+++ b/websocket-sharp/Net/HttpListener.cs
@@ -64,7 +64,7 @@ namespace WebSocketSharp.Net
    private Dictionary<HttpListenerContext, HttpListenerContext> _ctxRegistry;
    private object                                               _ctxRegistrySync;
    private Func<IIdentity, NetworkCredential>                   _credFinder;
-    private X509Certificate2                                     _defaultCert;
+    private ServerCertAuthConfiguration                          _defaultCert;
    private bool                                                 _disposed;
    private bool                                                 _ignoreWriteExceptions;
    private bool                                                 _listening;
@@ -224,7 +224,8 @@ namespace WebSocketSharp.Net
    /// <exception cref="ObjectDisposedException">
    /// This listener has been closed.
    /// </exception>
-    public X509Certificate2 DefaultCertificate {
+    public ServerCertAuthConfiguration DefaultCertificateConfig
+    {
      get {
        CheckDisposed ();
        return _defaultCert;
--- a/websocket-sharp/Net/WebSockets/TcpListenerWebSocketContext.cs
+++ b/websocket-sharp/Net/WebSockets/TcpListenerWebSocketContext.cs
@@ -61,7 +61,7 @@ namespace WebSocketSharp.Net.WebSockets
    #region Internal Constructors

    internal TcpListenerWebSocketContext (
-      TcpClient tcpClient, string protocol, bool secure, X509Certificate certificate, Logger logger)
+      TcpClient tcpClient, string protocol, bool secure, ServerCertAuthConfiguration certificateConfig, Logger logger)
    {
      _tcpClient = tcpClient;
      _secure = secure;
@@ -69,7 +69,9 @@ namespace WebSocketSharp.Net.WebSockets
      var netStream = tcpClient.GetStream ();
      if (secure) {
        var sslStream = new SslStream (netStream, false);
-        sslStream.AuthenticateAsServer (certificate);
+        sslStream.AuthenticateAsServer(certificateConfig.ServerCertificate,
+            certificateConfig.ClientCertificateRequired, certificateConfig.EnabledSslProtocols,
+            certificateConfig.CheckCertificateRevocation);
        _stream = sslStream;
      }
      else {