feat(): add mtls support

Author: sandy2008

src/OpenTelemetry.Exporter.OpenTelemetryProtocol/.publicApi/Stable/PublicAPI.Unshipped.txt

@@ -1,17 +1 @@
-OpenTelemetry.Exporter.OtlpExporterOptions.MtlsOptions.get -> OpenTelemetry.Exporter.OtlpMtlsOptions?
-OpenTelemetry.Exporter.OtlpExporterOptions.MtlsOptions.set -> void
-OpenTelemetry.Exporter.OtlpMtlsOptions
-OpenTelemetry.Exporter.OtlpMtlsOptions.CaCertificatePath.get -> string?
-OpenTelemetry.Exporter.OtlpMtlsOptions.CaCertificatePath.set -> void
-OpenTelemetry.Exporter.OtlpMtlsOptions.ClientCertificatePath.get -> string?
-OpenTelemetry.Exporter.OtlpMtlsOptions.ClientCertificatePath.set -> void
-OpenTelemetry.Exporter.OtlpMtlsOptions.ClientKeyPath.get -> string?
-OpenTelemetry.Exporter.OtlpMtlsOptions.ClientKeyPath.set -> void
-OpenTelemetry.Exporter.OtlpMtlsOptions.EnableCertificateChainValidation.get -> bool
-OpenTelemetry.Exporter.OtlpMtlsOptions.EnableCertificateChainValidation.set -> void
-OpenTelemetry.Exporter.OtlpMtlsOptions.EnableFilePermissionChecks.get -> bool
-OpenTelemetry.Exporter.OtlpMtlsOptions.EnableFilePermissionChecks.set -> void
-OpenTelemetry.Exporter.OtlpMtlsOptions.IsEnabled.get -> bool
-OpenTelemetry.Exporter.OtlpMtlsOptions.OtlpMtlsOptions() -> void
-OpenTelemetry.Exporter.OtlpMtlsOptions.ServerCertificateValidationCallback.get -> System.Func<System.Security.Cryptography.X509Certificates.X509Certificate2!, System.Security.Cryptography.X509Certificates.X509Chain!, System.Net.Security.SslPolicyErrors, bool>?
-OpenTelemetry.Exporter.OtlpMtlsOptions.ServerCertificateValidationCallback.set -> void
+

src/OpenTelemetry.Exporter.OpenTelemetryProtocol/Implementation/OtlpMtlsHttpClientFactory.cs

@@ -72,7 +72,9 @@ public static HttpClient CreateMtlsHttpClient(
             }
 
             // Create HttpClientHandler with mTLS configuration
+#pragma warning disable CA2000 // Dispose objects before losing scope - HttpClientHandler is disposed by HttpClient
             handler = new HttpClientHandler { CheckCertificateRevocationList = true };
+#pragma warning restore CA2000
 
             // Add client certificate if available
             if (clientCertificate != null)
@@ -138,6 +140,10 @@ public static HttpClient CreateMtlsHttpClient(
             // Dispose the base client as we're not using it
             baseClient.Dispose();
 
+            // Dispose certificates as they are no longer needed after being added to the handler
+            caCertificate?.Dispose();
+            clientCertificate?.Dispose();
+
             return mtlsClient;
         }
         catch (Exception ex)

src/OpenTelemetry.Exporter.OpenTelemetryProtocol/OtlpExporterOptions.cs

@@ -154,14 +154,6 @@ public OtlpExportProtocol Protocol
     /// <remarks>Note: This only applies when exporting traces.</remarks>
     public BatchExportProcessorOptions<Activity> BatchExportProcessorOptions { get; set; }
 
-#if NET8_0_OR_GREATER
-    /// <summary>
-    /// Gets or sets the mTLS (mutual TLS) configuration options.
-    /// This property is only available on .NET 8.0 and later versions.
-    /// </summary>
-    public OtlpMtlsOptions? MtlsOptions { get; set; }
-#endif
-
     /// <inheritdoc/>
     public Func<HttpClient> HttpClientFactory
     {
@@ -184,6 +176,14 @@ public Func<HttpClient> HttpClientFactory
     /// </remarks>
     internal bool AppendSignalPathToEndpoint { get; private set; } = true;
 
+#if NET8_0_OR_GREATER
+    /// <summary>
+    /// Gets or sets the mTLS (mutual TLS) configuration options.
+    /// This property is only available on .NET 8.0 and later versions.
+    /// </summary>
+    internal OtlpMtlsOptions? MtlsOptions { get; set; }
+#endif
+
     internal bool HasData
         => this.protocol.HasValue
         || this.endpoint != null

src/OpenTelemetry.Exporter.OpenTelemetryProtocol/OtlpMtlsOptions.cs

@@ -14,7 +14,7 @@ namespace OpenTelemetry.Exporter;
 /// <remarks>
 /// This class is only available on .NET 8.0 and later versions.
 /// </remarks>
-public class OtlpMtlsOptions
+internal class OtlpMtlsOptions
 {
     /// <summary>
     /// Gets or sets the path to the CA certificate file in PEM format.