Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / packaging / sources / thrift / 1dc265301d7d184438c163afd5bfd93918844603^! / . / lib / csharp / src / Transport / TTLSServerSocket.cs
commit1dc265301d7d184438c163afd5bfd93918844603[log] [tgz]
authorJens Geyer <jensg@apache.org>Sun Apr 05 19:13:29 2015 +0200
committerJens Geyer <jensg@apache.org>Sun Apr 05 19:27:19 2015 +0200
treeaf9ada556bf4911e84de72add62e475dcb64c1c4
parent3815e0b2dcd63ebfe245dcc41022c64a898bd667 [diff] [blame]
THRIFT-3070 Add ability to set the LocalCertificateSelectionCallback
Client: C#
Patch: Hans-Peter Klett <hansk@spectralogic.com>

This closes #415

Added an optional LocalCertificateSelectionCallback. Also cleans up the connection when a secure authentication fails on the server.

diff --git a/lib/csharp/src/Transport/TTLSServerSocket.cs b/lib/csharp/src/Transport/TTLSServerSocket.cs
index 2e2d299..631a593 100644
--- a/lib/csharp/src/Transport/TTLSServerSocket.cs
+++ b/lib/csharp/src/Transport/TTLSServerSocket.cs

@@ -60,6 +60,11 @@
         private RemoteCertificateValidationCallback clientCertValidator;
 
         /// <summary>
+        /// The function to determine which certificate to use.
+        /// </summary>
+        private LocalCertificateSelectionCallback localCertificateSelectionCallback;
+
+        /// <summary>
         /// Initializes a new instance of the <see cref="TTLSServerSocket" /> class.
         /// </summary>
         /// <param name="port">The port where the server runs.</param>
@@ -88,7 +93,14 @@
         /// <param name="useBufferedSockets">If set to <c>true</c> [use buffered sockets].</param>
         /// <param name="certificate">The certificate object.</param>
         /// <param name="clientCertValidator">The certificate validator.</param>
-        public TTLSServerSocket(int port, int clientTimeout, bool useBufferedSockets, X509Certificate2 certificate, RemoteCertificateValidationCallback clientCertValidator = null)
+        /// <param name="localCertificateSelectionCallback">The callback to select which certificate to use.</param>
+        public TTLSServerSocket(
+            int port,
+            int clientTimeout,
+            bool useBufferedSockets,
+            X509Certificate2 certificate,
+            RemoteCertificateValidationCallback clientCertValidator = null,
+            LocalCertificateSelectionCallback localCertificateSelectionCallback = null)
         {
             if (!certificate.HasPrivateKey)
             {
@@ -99,6 +111,7 @@
             this.serverCertificate = certificate;
             this.useBufferedSockets = useBufferedSockets;
             this.clientCertValidator = clientCertValidator;
+            this.localCertificateSelectionCallback = localCertificateSelectionCallback;
             try
             {
                 // Create server socket
@@ -150,7 +163,13 @@
                 client.SendTimeout = client.ReceiveTimeout = this.clientTimeout;
 
                 //wrap the client in an SSL Socket passing in the SSL cert
-                TTLSSocket socket = new TTLSSocket(client, this.serverCertificate, true, this.clientCertValidator);
+                TTLSSocket socket = new TTLSSocket(
+                    client,
+                    this.serverCertificate,
+                    true,
+                    this.clientCertValidator,
+                    this.localCertificateSelectionCallback
+                );
 
                 socket.setupTLS();