use SslServerAuthenticationOptions as options directly

Author: kerryjiang

samples/ConfigSample/appsettings.tls.json

@@ -5,10 +5,10 @@
             {
                 "ip": "Any",
                 "port": 4040,
-                "security": "Tls12",
-                "certificateOptions" : {
+                "authenticationOptions" : {
                     "filePath": "supersocket.pfx",
-                    "password": "supersocket"
+                    "password": "supersocket",
+                    "enabledSslProtocols": "Tls12"
                 }
             }
         ]

samples/LiveChat/appsettings.json

@@ -18,10 +18,10 @@
         {
             "ip": "Any",
             "port": 4041,
-            "security": "Tls12",
-            "certificateOptions" : {
+            "authenticationOptions": {
                 "filePath": "supersocket.pfx",
-                "password": "supersocket"
+                "password": "supersocket",
+                "enabledSslProtocols": "Tls12"
             }
         }
     ]

samples/WebSocketServer/appsettings.json

@@ -9,10 +9,10 @@
             {
                 "ip": "Any",
                 "port": 4041,
-                "security": "Tls12",
-                "certificateOptions" : {
+                "authenticationOptions": {
                     "filePath": "supersocket.pfx",
-                    "password": "supersocket"
+                    "password": "supersocket",
+                    "enabledSslProtocols": "Tls12"
                 }
             }
         ]

src/SuperSocket.Primitives/CertificateOptions.cs renamed to src/SuperSocket.Primitives/ServerAuthenticationOptions.cs

@@ -6,11 +6,8 @@
 
 namespace SuperSocket
 {
-    public class CertificateOptions
+    public class ServerAuthenticationOptions : SslServerAuthenticationOptions
     {
-        public X509Certificate Certificate { get; set; }
-
-
         /// <summary>
         /// Gets the certificate file path (pfx).
         /// </summary>
@@ -44,26 +41,15 @@ public class CertificateOptions
         public StoreLocation StoreLocation { get; set; } = StoreLocation.CurrentUser;//The X.509 certificate store used by the current user.
 
 
-        /// <summary>
-        /// Gets a value indicating whether [client certificate required].
-        /// </summary>
-        /// <value>
-        /// <c>true</c> if [client certificate required]; otherwise, <c>false</c>.
-        /// </value>
-        public bool ClientCertificateRequired { get; set; }
-
         /// <summary>
         /// Gets a value that will be used to instantiate the X509Certificate2 object in the CertificateManager
         /// </summary>
         public X509KeyStorageFlags KeyStorageFlags { get; set; }
 
-
-        public RemoteCertificateValidationCallback RemoteCertificateValidationCallback { get; set; }
-
         public void EnsureCertificate()
         {
             // The certificate is there already
-            if (Certificate != null)
+            if (this.ServerCertificate != null)
                 return;            
 
             // load certificate from pfx file
@@ -76,15 +62,15 @@ public void EnsureCertificate()
                     filePath = Path.Combine(AppContext.BaseDirectory, filePath);
                 }
 
-                Certificate = new X509Certificate2(filePath, Password, KeyStorageFlags);
+                ServerCertificate = new X509Certificate2(filePath, Password, KeyStorageFlags);
             }
             else if (!string.IsNullOrEmpty(Thumbprint)) // load certificate from certificate store
             {
                 var store = new X509Store((StoreName)Enum.Parse(typeof(StoreName), StoreName), StoreLocation);
 
                 store.Open(OpenFlags.ReadOnly);
 
-                Certificate = store.Certificates.OfType<X509Certificate2>()
+                ServerCertificate = store.Certificates.OfType<X509Certificate2>()
                     .FirstOrDefault(c => c.Thumbprint.Equals(Thumbprint, StringComparison.OrdinalIgnoreCase));
 
                 store.Close();
@@ -94,5 +80,10 @@ public void EnsureCertificate()
                 throw new Exception($"Either {FilePath} or {Thumbprint} is required to load the certificate.");
             }
         }
+
+        public override string ToString()
+        {
+            return this.EnabledSslProtocols.ToString();
+        }
     }
 }

src/SuperSocket.Server.Abstractions/ListenOptions.cs

@@ -16,9 +16,7 @@ public class ListenOptions
 
         public bool NoDelay { get; set; }
 
-        public SslProtocols Security { get; set; }
-
-        public CertificateOptions CertificateOptions { get; set; }
+        public ServerAuthenticationOptions AuthenticationOptions { get; set; }
 
         public TimeSpan ConnectionAcceptTimeOut { get; set; } = TimeSpan.FromSeconds(5);
 
@@ -49,7 +47,7 @@ public IPEndPoint ToEndPoint()
 
         public override string ToString()
         {
-            return $"{nameof(Ip)}={Ip}, {nameof(Port)}={Port}, {nameof(Security)}={Security}, {nameof(Path)}={Path}, {nameof(BackLog)}={BackLog}, {nameof(NoDelay)}={NoDelay}";
+            return $"{nameof(Ip)}={Ip}, {nameof(Port)}={Port}, {nameof(AuthenticationOptions)}={AuthenticationOptions}, {nameof(Path)}={Path}, {nameof(BackLog)}={BackLog}, {nameof(NoDelay)}={NoDelay}";
         }
     }
 }

src/SuperSocket.Server/Connection/DefaultConnectionStreamInitializersFactory.cs

@@ -30,7 +30,7 @@ public virtual IEnumerable<IConnectionStreamInitializer> Create(ListenOptions li
         {
             var connectionStreamInitializers = new List<IConnectionStreamInitializer>();
 
-            if (listenOptions.Security != SslProtocols.None)
+            if (listenOptions.AuthenticationOptions != null && listenOptions.AuthenticationOptions.EnabledSslProtocols != SslProtocols.None)
             {
                 connectionStreamInitializers.Add(new NetworkStreamInitializer());
                 connectionStreamInitializers.Add(new SslStreamInitializer());

src/SuperSocket.Server/Connection/SslStreamInitializer.cs

@@ -14,21 +14,13 @@ public class SslStreamInitializer : IConnectionStreamInitializer
 
         public void Setup(ListenOptions listenOptions)
         {
-            var authOptions = new SslServerAuthenticationOptions();
+            var authOptions = listenOptions.AuthenticationOptions;
 
-            authOptions.EnabledSslProtocols = listenOptions.Security;
-
-            if (listenOptions.CertificateOptions.Certificate == null)
+            if (authOptions.ServerCertificate == null)
             {
-                listenOptions.CertificateOptions.EnsureCertificate();
+                authOptions.EnsureCertificate();
             }
 
-            authOptions.ServerCertificate = listenOptions.CertificateOptions.Certificate;
-            authOptions.ClientCertificateRequired = listenOptions.CertificateOptions.ClientCertificateRequired;
-
-            if (listenOptions.CertificateOptions.RemoteCertificateValidationCallback != null)
-                authOptions.RemoteCertificateValidationCallback = listenOptions.CertificateOptions.RemoteCertificateValidationCallback;
-
             _authOptions = authOptions;
         }
 

test/SuperSocket.Tests/GzipSecureHostConfigurator.cs

@@ -36,13 +36,11 @@ public override void Configure(ISuperSocketHostBuilder hostBuilder)
                 {
                     var listener = options.Listeners[0];
 
-                    if (listener.Security == SslProtocols.None)
-                        listener.Security = GetServerEnabledSslProtocols();
-
-                    listener.CertificateOptions = new CertificateOptions
+                    listener.AuthenticationOptions = new ServerAuthenticationOptions
                     {
                         FilePath = "supersocket.pfx",
-                        Password = "supersocket"
+                        Password = "supersocket",
+                        EnabledSslProtocols = GetServerEnabledSslProtocols()
                     };
                 });
             });

test/SuperSocket.Tests/MainTest.cs

@@ -117,7 +117,7 @@ public async Task TestSecurityOptions(string security, SslProtocols protocols, b
                     {
                         configBuilder.AddInMemoryCollection(new Dictionary<string, string>
                         {
-                            { "serverOptions:listeners:0:security", security }
+                            { "serverOptions:listeners:0:authenticationOptions:enabledSslProtocols", security }
                         });
                     })
                     .ConfigureSuperSocket(serverOptions =>
@@ -142,7 +142,7 @@ public async Task TestSecurityOptions(string security, SslProtocols protocols, b
             }
 
             Assert.NotNull(listener);
-            Assert.Equal(protocols, listener.Security);
+            Assert.Equal(protocols, listener.AuthenticationOptions.EnabledSslProtocols);
 
             using (server)
             {

test/SuperSocket.Tests/SecureHostConfigurator.cs

@@ -34,13 +34,11 @@ public override void Configure(ISuperSocketHostBuilder hostBuilder)
                 {
                     var listener = options.Listeners[0];
 
-                    if (listener.Security == SslProtocols.None)
-                        listener.Security = GetServerEnabledSslProtocols();
-                    
-                    listener.CertificateOptions = new CertificateOptions
+                    listener.AuthenticationOptions = new ServerAuthenticationOptions
                     {
                         FilePath = "supersocket.pfx",
-                        Password = "supersocket"
+                        Password = "supersocket",
+                        EnabledSslProtocols = GetServerEnabledSslProtocols()
                     };
                 });
             });