Quellcode durchsuchen

Add TLS certificate password support for MQTTnet.Server.

release/3.x.x
Christian Kratky vor 5 Jahren
Ursprung
Commit
4a7ff9e9ed
4 geänderte Dateien mit 60 neuen und 27 gelöschten Zeilen
  1. +35
    -0
      Source/MQTTnet.Server/Configuration/CertificateSettingsModel.cs
  2. +2
    -21
      Source/MQTTnet.Server/Configuration/TcpEndpointModel.cs
  3. +18
    -4
      Source/MQTTnet.Server/Mqtt/MqttServerService.cs
  4. +5
    -2
      Source/MQTTnet.Server/appsettings.json

+ 35
- 0
Source/MQTTnet.Server/Configuration/CertificateSettingsModel.cs Datei anzeigen

@@ -0,0 +1,35 @@
using System.IO;

namespace MQTTnet.Server.Configuration
{
public class CertificateSettingsModel
{
/// <summary>
/// Path to certificate.
/// </summary>
public string Path { get; set; }
/// <summary>
/// Password of certificate.
/// </summary>
public string Password { get; set; }

/// <summary>
/// Read certificate file.
/// </summary>
public byte[] ReadCertificate()
{
if (string.IsNullOrEmpty(Path) || string.IsNullOrWhiteSpace(Path))
{
throw new FileNotFoundException("No path set");
}

if (!File.Exists(Path))
{
throw new FileNotFoundException($"Could not find Certificate in path: {Path}");
}

return File.ReadAllBytes(Path);
}
}
}

+ 2
- 21
Source/MQTTnet.Server/Configuration/TcpEndpointModel.cs Datei anzeigen

@@ -9,9 +9,9 @@ namespace MQTTnet.Server.Configuration
public class TcpEndPointModel
{
/// <summary>
/// Path to Certificate
/// Certificate settings.
/// </summary>
public string CertificatePath { get; set; }
public CertificateSettingsModel Certificate { get; set; }

/// <summary>
/// Enabled / Disable
@@ -33,25 +33,6 @@ namespace MQTTnet.Server.Configuration
/// </summary>
public int Port { get; set; } = 1883;

/// <summary>
/// Read Certificate file
/// </summary>
/// <returns></returns>
public byte[] ReadCertificate()
{
if (string.IsNullOrEmpty(CertificatePath) || string.IsNullOrWhiteSpace(CertificatePath))
{
throw new FileNotFoundException("No path set");
}

if (!File.Exists(CertificatePath))
{
throw new FileNotFoundException($"Could not find Certificate in path: {CertificatePath}");
}

return File.ReadAllBytes(CertificatePath);
}

/// <summary>
/// Read IPv4
/// </summary>


+ 18
- 4
Source/MQTTnet.Server/Mqtt/MqttServerService.cs Datei anzeigen

@@ -47,7 +47,7 @@ namespace MQTTnet.Server.Mqtt
MqttSubscriptionInterceptor mqttSubscriptionInterceptor,
MqttApplicationMessageInterceptor mqttApplicationMessageInterceptor,
MqttServerStorage mqttServerStorage,
PythonScriptHostService pythonScriptHostService,
PythonScriptHostService pythonScriptHostService,
ILogger<MqttServerService> logger)
{
_settings = mqttSettings ?? throw new ArgumentNullException(nameof(mqttSettings));
@@ -179,7 +179,7 @@ namespace MQTTnet.Server.Mqtt
.WithApplicationMessageInterceptor(_mqttApplicationMessageInterceptor)
.WithSubscriptionInterceptor(_mqttSubscriptionInterceptor)
.WithStorage(_mqttServerStorage);
// Configure unencrypted connections
if (_settings.TcpEndPoint.Enabled)
{
@@ -210,9 +210,23 @@ namespace MQTTnet.Server.Mqtt
{
options
.WithEncryptedEndpoint()
.WithEncryptionSslProtocol(SslProtocols.Tls12)
.WithEncryptionCertificate(_settings.EncryptedTcpEndPoint.ReadCertificate());
.WithEncryptionSslProtocol(SslProtocols.Tls12);
if (!string.IsNullOrEmpty(_settings.EncryptedTcpEndPoint?.Certificate?.Path))
{
IMqttServerCertificateCredentials certificateCredentials = null;

if (!string.IsNullOrEmpty(_settings.EncryptedTcpEndPoint?.Certificate?.Password))
{
certificateCredentials = new MqttServerCertificateCredentials
{
Password = _settings.EncryptedTcpEndPoint.Certificate.Password
};
}

options.WithEncryptionCertificate(_settings.EncryptedTcpEndPoint.Certificate.ReadCertificate(), certificateCredentials);
}
if (_settings.EncryptedTcpEndPoint.TryReadIPv4(out var address4))
{
options.WithEncryptedEndpointBoundIPAddress(address4);


+ 5
- 2
Source/MQTTnet.Server/appsettings.json Datei anzeigen

@@ -27,7 +27,10 @@
"IPv4": "*",
"IPv6": "*",
"Port": 8883,
"CertificatePath": "/absolute/path/to/pfx"
"Certificate": {
"Path": "/absolute/path/to/pfx",
"Password": ""
}
},
"WebSocketEndPoint": {
"Enabled": true,
@@ -63,4 +66,4 @@
}
},
"AllowedHosts": "*"
}
}

Laden…
Abbrechen
Speichern