From a03bdc7616d61eb9217ff391c60b6ecd741b3a7f Mon Sep 17 00:00:00 2001 From: Craig Lutgen Date: Wed, 31 Jul 2019 13:04:03 -0500 Subject: [PATCH 1/3] Expose server certificate password and client certificate options to MqttServerOptionsBuilder --- .../Client/Options/MqttClientOptionsBuilder.cs | 7 +++++++ .../MQTTnet/Implementations/MqttTcpServerAdapter.cs | 2 +- Source/MQTTnet/Server/IMqttServerCredentials.cs | 6 ++++++ Source/MQTTnet/Server/MqttServerOptionsBuilder.cs | 13 +++++++++++-- .../Server/MqttServerTlsTcpEndpointOptions.cs | 2 ++ 5 files changed, 27 insertions(+), 3 deletions(-) create mode 100644 Source/MQTTnet/Server/IMqttServerCredentials.cs diff --git a/Source/MQTTnet/Client/Options/MqttClientOptionsBuilder.cs b/Source/MQTTnet/Client/Options/MqttClientOptionsBuilder.cs index a7aefd1..65a1ec9 100644 --- a/Source/MQTTnet/Client/Options/MqttClientOptionsBuilder.cs +++ b/Source/MQTTnet/Client/Options/MqttClientOptionsBuilder.cs @@ -139,6 +139,13 @@ namespace MQTTnet.Client.Options return this; } + public MqttClientOptionsBuilder WithCredentials(IMqttClientCredentials credentials) + { + _options.Credentials = credentials; + + return this; + } + public MqttClientOptionsBuilder WithExtendedAuthenticationExchangeHandler(IMqttExtendedAuthenticationExchangeHandler handler) { _options.ExtendedAuthenticationExchangeHandler = handler; diff --git a/Source/MQTTnet/Implementations/MqttTcpServerAdapter.cs b/Source/MQTTnet/Implementations/MqttTcpServerAdapter.cs index 0e28ad0..8ef8c51 100644 --- a/Source/MQTTnet/Implementations/MqttTcpServerAdapter.cs +++ b/Source/MQTTnet/Implementations/MqttTcpServerAdapter.cs @@ -48,7 +48,7 @@ namespace MQTTnet.Implementations throw new ArgumentException("TLS certificate is not set."); } - var tlsCertificate = new X509Certificate2(options.TlsEndpointOptions.Certificate); + var tlsCertificate = new X509Certificate2(options.TlsEndpointOptions.Certificate, options.TlsEndpointOptions.Password.Password); if (!tlsCertificate.HasPrivateKey) { throw new InvalidOperationException("The certificate for TLS encryption must contain the private key."); diff --git a/Source/MQTTnet/Server/IMqttServerCredentials.cs b/Source/MQTTnet/Server/IMqttServerCredentials.cs new file mode 100644 index 0000000..5e75be9 --- /dev/null +++ b/Source/MQTTnet/Server/IMqttServerCredentials.cs @@ -0,0 +1,6 @@ +using System; + +public interface IMqttServerCredentials +{ + String Password { get; } +} diff --git a/Source/MQTTnet/Server/MqttServerOptionsBuilder.cs b/Source/MQTTnet/Server/MqttServerOptionsBuilder.cs index 1fcd981..de6b1a0 100644 --- a/Source/MQTTnet/Server/MqttServerOptionsBuilder.cs +++ b/Source/MQTTnet/Server/MqttServerOptionsBuilder.cs @@ -82,9 +82,10 @@ namespace MQTTnet.Server return this; } - public MqttServerOptionsBuilder WithEncryptionCertificate(byte[] value) + public MqttServerOptionsBuilder WithEncryptionCertificate(byte[] value, IMqttServerCredentials password = null) { _options.TlsEndpointOptions.Certificate = value; + _options.TlsEndpointOptions.Password = password; return this; } @@ -94,6 +95,14 @@ namespace MQTTnet.Server return this; } + public MqttServerOptionsBuilder WithClientCertificate(RemoteCertificateValidationCallback validationCallback = null, bool checkCertificateRevocation = false) + { + _options.TlsEndpointOptions.ClientCertificateRequired = true; + _options.TlsEndpointOptions.CheckCertificateRevocation = checkCertificateRevocation; + _options.TlsEndpointOptions.CertificateValidationCallback = validationCallback; + return this; + } + public MqttServerOptionsBuilder WithoutEncryptedEndpoint() { _options.TlsEndpointOptions.IsEnabled = false; @@ -107,7 +116,7 @@ namespace MQTTnet.Server return this; } #endif - + public MqttServerOptionsBuilder WithStorage(IMqttServerStorage value) { _options.Storage = value; diff --git a/Source/MQTTnet/Server/MqttServerTlsTcpEndpointOptions.cs b/Source/MQTTnet/Server/MqttServerTlsTcpEndpointOptions.cs index 282bef9..8d65230 100644 --- a/Source/MQTTnet/Server/MqttServerTlsTcpEndpointOptions.cs +++ b/Source/MQTTnet/Server/MqttServerTlsTcpEndpointOptions.cs @@ -12,6 +12,8 @@ namespace MQTTnet.Server public byte[] Certificate { get; set; } + public IMqttServerCredentials Password { get; set; } + public bool ClientCertificateRequired { get; set; } public bool CheckCertificateRevocation { get; set; } From 9d63500f95a2ee835a9095bafd02fe91f8e48920 Mon Sep 17 00:00:00 2001 From: Craig Lutgen Date: Wed, 31 Jul 2019 13:27:33 -0500 Subject: [PATCH 2/3] Fix build issue with UWP --- Source/MQTTnet/Server/MqttServerOptionsBuilder.cs | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Source/MQTTnet/Server/MqttServerOptionsBuilder.cs b/Source/MQTTnet/Server/MqttServerOptionsBuilder.cs index de6b1a0..8404271 100644 --- a/Source/MQTTnet/Server/MqttServerOptionsBuilder.cs +++ b/Source/MQTTnet/Server/MqttServerOptionsBuilder.cs @@ -95,13 +95,15 @@ namespace MQTTnet.Server return this; } +#if !WINDOWS_UWP public MqttServerOptionsBuilder WithClientCertificate(RemoteCertificateValidationCallback validationCallback = null, bool checkCertificateRevocation = false) { _options.TlsEndpointOptions.ClientCertificateRequired = true; _options.TlsEndpointOptions.CheckCertificateRevocation = checkCertificateRevocation; - _options.TlsEndpointOptions.CertificateValidationCallback = validationCallback; + _options.TlsEndpointOptions.RemoteCertificateValidationCallback = validationCallback; return this; } +#endif public MqttServerOptionsBuilder WithoutEncryptedEndpoint() { From 59d2a8e551f09e9eb57597798a40e024f3a7147c Mon Sep 17 00:00:00 2001 From: Craig Lutgen Date: Thu, 8 Aug 2019 13:35:14 -0500 Subject: [PATCH 3/3] Changed server crentials property name from password to certificateCredentials --- Source/MQTTnet/Implementations/MqttTcpServerAdapter.cs | 2 +- Source/MQTTnet/Server/MqttServerOptionsBuilder.cs | 4 ++-- Source/MQTTnet/Server/MqttServerTlsTcpEndpointOptions.cs | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Source/MQTTnet/Implementations/MqttTcpServerAdapter.cs b/Source/MQTTnet/Implementations/MqttTcpServerAdapter.cs index 8ef8c51..e3dcab8 100644 --- a/Source/MQTTnet/Implementations/MqttTcpServerAdapter.cs +++ b/Source/MQTTnet/Implementations/MqttTcpServerAdapter.cs @@ -48,7 +48,7 @@ namespace MQTTnet.Implementations throw new ArgumentException("TLS certificate is not set."); } - var tlsCertificate = new X509Certificate2(options.TlsEndpointOptions.Certificate, options.TlsEndpointOptions.Password.Password); + var tlsCertificate = new X509Certificate2(options.TlsEndpointOptions.Certificate, options.TlsEndpointOptions.CertificateCredentials.Password); if (!tlsCertificate.HasPrivateKey) { throw new InvalidOperationException("The certificate for TLS encryption must contain the private key."); diff --git a/Source/MQTTnet/Server/MqttServerOptionsBuilder.cs b/Source/MQTTnet/Server/MqttServerOptionsBuilder.cs index 8404271..5991e7d 100644 --- a/Source/MQTTnet/Server/MqttServerOptionsBuilder.cs +++ b/Source/MQTTnet/Server/MqttServerOptionsBuilder.cs @@ -82,10 +82,10 @@ namespace MQTTnet.Server return this; } - public MqttServerOptionsBuilder WithEncryptionCertificate(byte[] value, IMqttServerCredentials password = null) + public MqttServerOptionsBuilder WithEncryptionCertificate(byte[] value, IMqttServerCredentials credentials = null) { _options.TlsEndpointOptions.Certificate = value; - _options.TlsEndpointOptions.Password = password; + _options.TlsEndpointOptions.CertificateCredentials = credentials; return this; } diff --git a/Source/MQTTnet/Server/MqttServerTlsTcpEndpointOptions.cs b/Source/MQTTnet/Server/MqttServerTlsTcpEndpointOptions.cs index 8d65230..e92d987 100644 --- a/Source/MQTTnet/Server/MqttServerTlsTcpEndpointOptions.cs +++ b/Source/MQTTnet/Server/MqttServerTlsTcpEndpointOptions.cs @@ -12,7 +12,7 @@ namespace MQTTnet.Server public byte[] Certificate { get; set; } - public IMqttServerCredentials Password { get; set; } + public IMqttServerCredentials CertificateCredentials { get; set; } public bool ClientCertificateRequired { get; set; }