-
Notifications
You must be signed in to change notification settings - Fork 24
/
WithTlsSettings.cs
38 lines (32 loc) · 1.37 KB
/
WithTlsSettings.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
using System.Diagnostics;
using System.Security;
using System.Security.Cryptography.X509Certificates;
namespace MQTTnet.Client.Extensions;
public static partial class MqttNetExtensions
{
public static MqttClientOptionsBuilder WithTlsSettings(this MqttClientOptionsBuilder builder, MqttConnectionSettings cs)
{
if (cs.UseTls)
{
var tlsParams = new MqttClientTlsOptionsBuilder();
tlsParams.WithSslProtocols(System.Security.Authentication.SslProtocols.Tls12 | System.Security.Authentication.SslProtocols.Tls13);
if (!string.IsNullOrEmpty(cs.CaFile))
{
tlsParams.WithCertificateValidationHandler(ea => X509ChainValidator.ValidateChain(ea, cs.CaFile!));
}
if (!string.IsNullOrEmpty(cs.CertFile) && !string.IsNullOrEmpty(cs.KeyFile))
{
List<X509Certificate2> certs = new();
X509Certificate2 cert = X509ClientCertificateLocator.Load(cs.CertFile, cs.KeyFile, cs.KeyFilePassword!);
if (!cert.HasPrivateKey)
{
throw new SecurityException("Provided Cert Has not Private Key");
}
certs.Add(cert);
tlsParams.WithClientCertificates(certs);
}
builder.WithTlsOptions(tlsParams.Build());
}
return builder;
}
}