Adding SSL support for RabbitMq

Anouar Hassine · Anouar Hassine · commit 77ceb77665ff · 2018-12-06T18:01:16.000+01:00
diff --git a/ReactiveXComponent/Configuration/BusDetails.cs b/ReactiveXComponent/Configuration/BusDetails.cs
@@ -1,4 +1,6 @@
 
+using System.Security.Authentication;
+
 namespace ReactiveXComponent.Configuration
 {
     public class BusDetails
@@ -8,14 +10,30 @@ public BusDetails()
             
         }
 
-        public BusDetails(string username, string password, string host, string virtualHost, int port)
+        public BusDetails(
+            string username, 
+            string password, 
+            string host, 
+            string virtualHost, 
+            int port,
+            bool sslEnabled = false,
+            string sslServerName = "",
+            string sslCertPath = "",
+            string sslCertPassphrase = "",
+            SslProtocols sslProtocol = SslProtocols.Default,
+            bool sslAllowUntrustedServerCertificate = false)
         {
             Username = username;
             Password = password;
             Host = host;
             VirtualHost = virtualHost;
             Port = port;
-
+            SslEnabled = sslEnabled;
+            SslServerName = sslServerName;
+            SslCertPath = sslCertPath;
+            SslCertPassphrase = sslCertPassphrase;
+            SslProtocol = sslProtocol;
+            SslAllowUntrustedServerCertificate = sslAllowUntrustedServerCertificate;
         }
 
         public string Username { get; set; }
@@ -28,14 +46,32 @@ public BusDetails(string username, string password, string host, string virtualH
 
         public int Port { get; set; }
 
+        public bool SslEnabled { get; set; }
+        
+        public string SslServerName { get; set; }
+        
+        public string SslCertPath { get; set; }
+
+        public string SslCertPassphrase { get; set; }
+
+        public SslProtocols SslProtocol { get; set; }
+
+        public bool SslAllowUntrustedServerCertificate { get; set; }
+
         public BusDetails Clone()
         {
             return new BusDetails(
                 Username,
                 Password,
                 Host,
                 VirtualHost,
-                Port);
+                Port,
+                SslEnabled,
+                SslServerName,
+                SslCertPath,
+                SslCertPassphrase,
+                SslProtocol,
+                SslAllowUntrustedServerCertificate);
         }
     }
 }
diff --git a/ReactiveXComponent/Configuration/ConfigurationOverrides.cs b/ReactiveXComponent/Configuration/ConfigurationOverrides.cs
@@ -1,4 +1,5 @@
-﻿using ReactiveXComponent.Common;
+﻿using System.Security.Authentication;
+using ReactiveXComponent.Common;
 
 namespace ReactiveXComponent.Configuration
 {
@@ -15,5 +16,17 @@ public class ConfigurationOverrides
         public string Password { get; set; }
 
         public WebSocketType? WebSocketType { get; set; }
+
+        public bool? SslEnabled { get; set; }
+
+        public string SslServerName { get; set; }
+
+        public string SslCertPath { get; set; }
+
+        public string SslCertPassphrase { get; set; }
+
+        public SslProtocols? SslProtocol { get; set; }
+
+        public bool? SslAllowUntrustedServerCertificate { get; set; }
     }
 }
diff --git a/ReactiveXComponent/Configuration/XCApiTags.cs b/ReactiveXComponent/Configuration/XCApiTags.cs
@@ -29,5 +29,13 @@ public static class XCApiTags
         public const string Json = "Json";
         public const string Bson = "Bson";
         public const string GzipJson = "GzipJson";
+        public const string WebsocketType = "type";
+        public const string VirtualHost = "virtualHost";
+        public const string BusSslEnabled = "sslEnabled";
+        public const string BusSslServerName = "sslServerName";
+        public const string BusSslCertPath = "sslCertPath";
+        public const string BusSslCertPassphrase = "sslCertPassphrase";
+        public const string BusSslProtocol = "sslProtocol";
+        public const string BusSslAllowUntrustedServerCertificate = "sslAllowUntrustedServerCertificate";
     }
 }
diff --git a/ReactiveXComponent/Parser/XCApiConfigParser.cs b/ReactiveXComponent/Parser/XCApiConfigParser.cs
@@ -2,6 +2,7 @@
 using System.Collections.Generic;
 using System.IO;
 using System.Linq;
+using System.Security.Authentication;
 using System.Xml;
 using System.Xml.Linq;
 using ReactiveXComponent.Common;
@@ -182,12 +183,44 @@ public string GetSerializationType()
         public BusDetails GetBusDetails()
         {
             XElement busInfos = _xcApiDescription.GetBusNode()?.FirstOrDefault();
+
+            var sslEnabledString = busInfos?.Attribute(XCApiTags.BusSslEnabled)?.Value;
+            var sslEnabled = false;
+            if (!string.IsNullOrEmpty(sslEnabledString))
+            {
+                bool.TryParse(sslEnabledString, out sslEnabled);
+            }
+
+            var sslServerName = busInfos?.Attribute(XCApiTags.BusSslServerName)?.Value;
+            var sslCertPath = busInfos?.Attribute(XCApiTags.BusSslCertPath)?.Value;
+            var sslCertPassphrase = busInfos?.Attribute(XCApiTags.BusSslCertPassphrase)?.Value;
+
+            var sslProtocolString = busInfos?.Attribute(XCApiTags.BusSslProtocol)?.Value;
+            SslProtocols sslProtocol = SslProtocols.Default;
+            if (!string.IsNullOrEmpty(sslProtocolString))
+            {
+                Enum.TryParse(sslProtocolString, out sslProtocol);
+            }
+
+            var sslAllowUntrustedServerCertificateString = busInfos?.Attribute(XCApiTags.BusSslAllowUntrustedServerCertificate)?.Value;
+            var sslAllowUntrustedServerCertificate = false;
+            if (!string.IsNullOrEmpty(sslAllowUntrustedServerCertificateString))
+            {
+                bool.TryParse(sslAllowUntrustedServerCertificateString, out sslAllowUntrustedServerCertificate);
+            }
+
             var busDetails = new BusDetails(
-                busInfos?.Attribute("user")?.Value,
-                busInfos?.Attribute("password")?.Value,
-                busInfos?.Attribute("host")?.Value,
-                busInfos?.Attribute("virtualHost")?.Value,
-                Convert.ToInt32(busInfos?.Attribute("port")?.Value));
+                busInfos?.Attribute(XCApiTags.User)?.Value,
+                busInfos?.Attribute(XCApiTags.Password)?.Value,
+                busInfos?.Attribute(XCApiTags.Host)?.Value,
+                busInfos?.Attribute(XCApiTags.VirtualHost)?.Value,
+                Convert.ToInt32(busInfos?.Attribute(XCApiTags.Port)?.Value),
+                sslEnabled,
+                sslServerName,
+                sslCertPath,
+                sslCertPassphrase,
+                sslProtocol,
+                sslAllowUntrustedServerCertificate);
 
             return busDetails;
         }
@@ -197,16 +230,16 @@ public WebSocketEndpoint GetWebSocketEndpoint()
             XElement websocketInfos = _xcApiDescription.GetWebSocketNode()?.FirstOrDefault();
 
             WebSocketType webSocketType;
-            var webSocketTypeString = websocketInfos?.Attribute("type")?.Value;
+            var webSocketTypeString = websocketInfos?.Attribute(XCApiTags.WebsocketType)?.Value;
             if (!Enum.TryParse(webSocketTypeString, out webSocketType))
             {
                 throw new ReactiveXComponentException($"Could not parse communication type: {webSocketTypeString}");
             }
 
             var webSocketEndpoint = new WebSocketEndpoint(
-                websocketInfos?.Attribute("name")?.Value,
-                websocketInfos?.Attribute("host")?.Value,
-                websocketInfos?.Attribute("port")?.Value,
+                websocketInfos?.Attribute(XCApiTags.Name)?.Value,
+                websocketInfos?.Attribute(XCApiTags.Host)?.Value,
+                websocketInfos?.Attribute(XCApiTags.Port)?.Value,
                 webSocketType);
 
             return webSocketEndpoint;
diff --git a/ReactiveXComponent/RabbitMq/RabbitMqConnection.cs b/ReactiveXComponent/RabbitMq/RabbitMqConnection.cs
@@ -50,6 +50,36 @@ public IXCSession CreateSession(ConfigurationOverrides configurationOverrides =
                 busDetails.Password = configurationOverrides.Password;
             }
 
+            if (configurationOverrides.SslEnabled != null)
+            {
+                busDetails.SslEnabled = configurationOverrides.SslEnabled.Value;
+            }
+
+            if (configurationOverrides.SslServerName != null)
+            {
+                busDetails.SslServerName = configurationOverrides.SslServerName;
+            }
+
+            if (configurationOverrides.SslCertPath != null)
+            {
+                busDetails.SslCertPath = configurationOverrides.SslCertPath;
+            }
+
+            if (configurationOverrides.SslCertPassphrase != null)
+            {
+                busDetails.SslCertPassphrase = configurationOverrides.SslCertPassphrase;
+            }
+
+            if (configurationOverrides.SslProtocol != null)
+            {
+                busDetails.SslProtocol = configurationOverrides.SslProtocol.Value;
+            }
+
+            if (configurationOverrides.SslAllowUntrustedServerCertificate != null)
+            {
+                busDetails.SslAllowUntrustedServerCertificate = configurationOverrides.SslAllowUntrustedServerCertificate.Value;
+            }
+
             return new RabbitMqSession(_xcConfiguration, busDetails, _privateCommunicationIdentifier);
         }
     }
diff --git a/ReactiveXComponent/RabbitMq/RabbitMqSession.cs b/ReactiveXComponent/RabbitMq/RabbitMqSession.cs
@@ -1,5 +1,6 @@
 ﻿using System;
 using System.Collections.Generic;
+using System.Net.Security;
 using RabbitMQ.Client;
 using RabbitMQ.Client.Exceptions;
 using ReactiveXComponent.Common;
@@ -39,6 +40,39 @@ private void InitConnection(BusDetails busDetails)
                     Protocol = Protocols.DefaultProtocol
                 };
 
+                if (busDetails.SslEnabled)
+                {
+                    _factory.Ssl.Enabled = true;
+
+                    _factory.Ssl.ServerName = busDetails.SslServerName;
+
+                    if (!string.IsNullOrEmpty(busDetails.SslCertPath))
+                    {
+                        _factory.Ssl.CertPath = busDetails.SslCertPath;
+                    }
+
+                    if (!string.IsNullOrEmpty(busDetails.SslCertPassphrase))
+                    {
+                        _factory.Ssl.CertPassphrase = busDetails.SslCertPassphrase;
+                    }
+
+                    _factory.Ssl.Version = busDetails.SslProtocol;
+
+                    if (busDetails.SslAllowUntrustedServerCertificate)
+                    {
+                        _factory.Ssl.CertificateValidationCallback += (sender, certificate, chain, errors) =>
+                        {
+                            if ((errors & SslPolicyErrors.RemoteCertificateNameMismatch) == SslPolicyErrors.RemoteCertificateNameMismatch ||
+                                (errors & SslPolicyErrors.RemoteCertificateNotAvailable) == SslPolicyErrors.RemoteCertificateNotAvailable)
+                            {
+                                return false;
+                            }
+
+                            return true;
+                        };
+                    }
+                }
+
                 _connection = _factory?.CreateConnection();
 
                 _connection.ConnectionShutdown += ConnectionOnConnectionShutdown;
diff --git a/ReactiveXComponentTest/Configuration/ConfigurationTests.cs b/ReactiveXComponentTest/Configuration/ConfigurationTests.cs
@@ -1,5 +1,6 @@
 ﻿using System;
 using System.IO;
+using System.Security.Authentication;
 using NFluent;
 using NUnit.Framework;
 using ReactiveXComponent.Common;
@@ -77,7 +78,13 @@ public void GetBusDetailsTest()
             Check.That(busDetails.VirtualHost).IsEqualTo("myVirtualHost");
             Check.That(busDetails.Username).IsEqualTo("guest");
             Check.That(busDetails.Password).IsEqualTo("guest");
-            Check.That(busDetails.Port).IsEqualTo(5672);
+            Check.That(busDetails.Port).IsEqualTo(5671);
+            Check.That(busDetails.SslEnabled).IsTrue();
+            Check.That(busDetails.SslServerName).IsEqualTo("XComponent RMq");
+            Check.That(busDetails.SslCertPath).IsEqualTo("some_cert_path");
+            Check.That(busDetails.SslCertPassphrase).IsEqualTo("some_cert_pass");
+            Check.That(busDetails.SslProtocol).IsEqualTo(SslProtocols.Default);
+            Check.That(busDetails.SslAllowUntrustedServerCertificate).IsTrue();
         }
 
         [Test]
diff --git a/ReactiveXComponentTest/RabbitMqTestApi.xcApi b/ReactiveXComponentTest/RabbitMqTestApi.xcApi
@@ -3,7 +3,7 @@
   <threading />
   <serialization>Binary</serialization>
   <communication>
-    <bus name="rabbitmq" host="127.0.0.1" virtualHost="myVirtualHost" port="5672" user="guest" password="guest" type="RABBIT_MQ" />
+    <bus name="rabbitmq" host="127.0.0.1" virtualHost="myVirtualHost" port="5671" user="guest" password="guest" type="RABBIT_MQ" sslEnabled="True" sslServerName="XComponent RMq" sslCertPath="some_cert_path" sslCertPassphrase="some_cert_pass" sslProtocol="Default" sslAllowUntrustedServerCertificate="True" />
   </communication>
   <clientAPICommunication>
     <publish componentCode="-69981087" stateMachineCode="-829536631" eventType="UPDATE" topicType="output" communicationType="BUS" stateCode="0" eventCode="9" event="XComponent.HelloWorld.UserObject.SayHello" communication="rabbitmq">

Original file line number	Diff line number	Diff line change
`@@ -29,5 +29,13 @@ public static class XCApiTags`
`29`	`29`	`public const string Json = "Json";`
`30`	`30`	`public const string Bson = "Bson";`
`31`	`31`	`public const string GzipJson = "GzipJson";`
	`32`	`+ public const string WebsocketType = "type";`
	`33`	`+ public const string VirtualHost = "virtualHost";`
	`34`	`+ public const string BusSslEnabled = "sslEnabled";`
	`35`	`+ public const string BusSslServerName = "sslServerName";`
	`36`	`+ public const string BusSslCertPath = "sslCertPath";`
	`37`	`+ public const string BusSslCertPassphrase = "sslCertPassphrase";`
	`38`	`+ public const string BusSslProtocol = "sslProtocol";`
	`39`	`+ public const string BusSslAllowUntrustedServerCertificate = "sslAllowUntrustedServerCertificate";`
`32`	`40`	`}`
`33`	`41`	`}`