Added a proper ssl configuration. Created a new example project (for showing variance of ssl configurations).

Anton Vorontsov · Anton Vorontsov · commit 7a38d16ca9f6 · 2020-05-17T03:52:06.000+03:00
diff --git a/RabbitMQ.Client.Core.DependencyInjection.sln b/RabbitMQ.Client.Core.DependencyInjection.sln
@@ -47,6 +47,8 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Examples.AdvancedConfigurat
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Examples.BatchMessageHandler", "examples\Examples.BatchMessageHandler\Examples.BatchMessageHandler.csproj", "{BC9BE326-AEFE-42F2-B592-80126188514D}"
 EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Example.SslProducer", "examples\Example.SslProducer\Example.SslProducer.csproj", "{863CDE58-B16B-4058-8C48-DB78058DDDC9}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -81,6 +83,10 @@ Global
 		{BC9BE326-AEFE-42F2-B592-80126188514D}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{BC9BE326-AEFE-42F2-B592-80126188514D}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{BC9BE326-AEFE-42F2-B592-80126188514D}.Release|Any CPU.Build.0 = Release|Any CPU
+		{863CDE58-B16B-4058-8C48-DB78058DDDC9}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{863CDE58-B16B-4058-8C48-DB78058DDDC9}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{863CDE58-B16B-4058-8C48-DB78058DDDC9}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{863CDE58-B16B-4058-8C48-DB78058DDDC9}.Release|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -94,6 +100,7 @@ Global
 		{85907F19-00B0-4BA6-9B7C-0452A174903D} = {9D0289B2-C566-46CC-A53A-471BCBA0F277}
 		{0C713913-8D54-49E7-AADD-45497216E2EF} = {04EFD8F7-5120-4072-9728-64203F6F4873}
 		{BC9BE326-AEFE-42F2-B592-80126188514D} = {04EFD8F7-5120-4072-9728-64203F6F4873}
+		{863CDE58-B16B-4058-8C48-DB78058DDDC9} = {04EFD8F7-5120-4072-9728-64203F6F4873}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {0EBBD182-65B2-47F9-ABBE-64B5B8C9652F}
diff --git a/examples/Example.SslProducer/Example.SslProducer.csproj b/examples/Example.SslProducer/Example.SslProducer.csproj
@@ -0,0 +1,24 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+    <PropertyGroup>
+        <OutputType>Exe</OutputType>
+        <TargetFramework>netcoreapp3.1</TargetFramework>
+    </PropertyGroup>
+
+    <ItemGroup>
+        <PackageReference Include="Microsoft.Extensions.Configuration" Version="3.1.3" />
+        <PackageReference Include="Microsoft.Extensions.Configuration.Json" Version="3.1.3" />
+    </ItemGroup>
+    
+    <ItemGroup>
+      <ProjectReference Include="..\..\src\RabbitMQ.Client.Core.DependencyInjection\RabbitMQ.Client.Core.DependencyInjection.csproj" />
+    </ItemGroup>
+    
+    <ItemGroup>
+      <None Remove="appsettings.json" />
+      <Content Include="appsettings.json">
+        <CopyToOutputDirectory>Always</CopyToOutputDirectory>
+      </Content>
+    </ItemGroup>
+
+</Project>
diff --git a/examples/Example.SslProducer/Program.cs b/examples/Example.SslProducer/Program.cs
@@ -0,0 +1,92 @@
+﻿using System.Collections.Generic;
+using System.IO;
+using System.Net.Security;
+using System.Threading.Tasks;
+using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.DependencyInjection;
+using RabbitMQ.Client.Core.DependencyInjection;
+using RabbitMQ.Client.Core.DependencyInjection.Configuration;
+using RabbitMQ.Client.Core.DependencyInjection.Services;
+
+namespace Example.SslProducer
+{
+    public static class Program
+    {
+        public static IConfiguration Configuration { get; set; }
+
+        public static async Task Main()
+        {
+            var builder = new ConfigurationBuilder()
+                .SetBasePath(Directory.GetCurrentDirectory())
+                .AddJsonFile("appsettings.json", optional: false, reloadOnChange: true);
+            Configuration = builder.Build();
+
+            var serviceCollection = new ServiceCollection();
+            ConfigureServices(serviceCollection);
+
+            var serviceProvider = serviceCollection.BuildServiceProvider();
+            var queueService = serviceProvider.GetRequiredService<IQueueService>();
+
+            for (var i = 0; i < 10; i++)
+            {
+                var message = new
+                {
+                    Name = "Custom message",
+                    Flag = true,
+                    Index = i,
+                    Numbers = new[] { 1, 2, 3 }
+                };
+                await queueService.SendAsync(message, "exchange.name", "routing.key");
+            }
+        }
+
+        static void ConfigureServices(IServiceCollection services)
+        {
+            // You can either use a json configuration or bind options by yourself.
+            var rabbitMqConfiguration = Configuration.GetSection("RabbitMq");
+            // There are both examples of json and manual configuration.
+            //var rabbitMqConfiguration = GetClientOptions();
+            
+            var exchangeOptions = GetExchangeOptions();
+            
+            services.AddRabbitMqClient(rabbitMqConfiguration)
+                .AddProductionExchange("exchange.name", exchangeOptions);
+        }
+
+        static RabbitMqClientOptions GetClientOptions() =>
+            new RabbitMqClientOptions
+            {
+                UserName = "guest",
+                Password = "guest",
+                TcpEndpoints = new List<RabbitMqTcpEndpoint>
+                {
+                    new RabbitMqTcpEndpoint
+                    {
+                        HostName = "127.0.0.1",
+                        Port = 5671,
+                        SslOption = new RabbitMqSslOption
+                        {
+                            Enabled = true,
+                            ServerName = "yourCA",
+                            CertificatePath = "/path/tp/client-key-store.p12",
+                            CertificatePassphrase = "yourPathPhrase",
+                            AcceptablePolicyErrors = SslPolicyErrors.RemoteCertificateChainErrors | SslPolicyErrors.RemoteCertificateNameMismatch
+                        }
+                    }
+                }
+            };
+
+        static RabbitMqExchangeOptions GetExchangeOptions() =>
+            new RabbitMqExchangeOptions
+            {
+                Queues = new List<RabbitMqQueueOptions>
+                {
+                    new RabbitMqQueueOptions
+                    {
+                        Name = "myqueue",
+                        RoutingKeys = new HashSet<string> { "routing.key" }
+                    }
+                }
+            };
+    }
+}
diff --git a/examples/Example.SslProducer/appsettings.json b/examples/Example.SslProducer/appsettings.json
@@ -0,0 +1,27 @@
+{
+    "RabbitMq": {
+        "TcpEndpoints": [
+            {
+                "HostName": "127.0.0.1",
+                "Port": 5671,
+                "SslOption": {
+                    "Enabled": true,
+                    "ServerName": "yourCA",
+                    "CertificatePath": "/path/tp/client-key-store.p12",
+                    "CertificatePassphrase": "yourPathPhrase",
+                    "AcceptablePolicyErrors": "RemoteCertificateChainErrors, RemoteCertificateNameMismatch"
+                }
+            }
+        ],
+        "UserName": "guest",
+        "Password": "guest"
+    },
+    "RabbitMqExchange": {
+        "Queues": [
+            {
+                "Name": "myqueue",
+                "RoutingKeys": [ "routing.key" ]
+            }
+        ]
+    }
+}
diff --git a/src/RabbitMQ.Client.Core.DependencyInjection/Configuration/RabbitMqSslOption.cs b/src/RabbitMQ.Client.Core.DependencyInjection/Configuration/RabbitMqSslOption.cs
@@ -1,3 +1,5 @@
+using System.Net.Security;
+
 namespace RabbitMQ.Client.Core.DependencyInjection.Configuration
 {
     /// <summary>
@@ -14,10 +16,23 @@ public class RabbitMqSslOption
         /// Path to the certificate.
         /// </summary>
         public string CertificatePath { get; set; }
+        
+        /// <summary>
+        /// A passphrase for the certificate.
+        /// </summary>
+        public string CertificatePassphrase { get; set; }
 
         /// <summary>
         /// Flag that defines if certificate should be used.
         /// </summary>
         public bool Enabled { get; set; } = true;
+        
+        /// <summary>
+        /// Acceptable policy errors.
+        /// </summary>
+        /// <remarks>
+        /// SslPolicyErrors is a flag enum, so you can have multiple set values.
+        /// </remarks>
+        public SslPolicyErrors? AcceptablePolicyErrors { get; set; }
     }
 }
diff --git a/src/RabbitMQ.Client.Core.DependencyInjection/Services/RabbitMqConnectionFactory.cs b/src/RabbitMQ.Client.Core.DependencyInjection/Services/RabbitMqConnectionFactory.cs
@@ -66,6 +66,16 @@ static IConnection CreateConnectionWithTcpEndpoints(RabbitMqClientOptions option
                 if (sslOption != null)
                 {
                     var convertedOption = new SslOption(sslOption.ServerName, sslOption.CertificatePath, sslOption.Enabled);
+                    if (!string.IsNullOrEmpty(sslOption.CertificatePassphrase))
+                    {
+                        convertedOption.CertPassphrase = sslOption.CertificatePassphrase;
+                    }
+
+                    if (sslOption.AcceptablePolicyErrors != null)
+                    {
+                        convertedOption.AcceptablePolicyErrors = sslOption.AcceptablePolicyErrors.Value;
+                    }
+
                     clientEndpoints.Add(new AmqpTcpEndpoint(endpoint.HostName, endpoint.Port, convertedOption));
                 }
                 else
