Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
IoTSharp
IoTSharp
提交
887c1116
IoTSharp
项目概览
IoTSharp
/
IoTSharp
9 个月 前同步成功
通知
15
Star
2
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
IoTSharp
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
887c1116
编写于
10月 12, 2022
作者:
麦壳饼
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
通过X509证书携带的信息验证身份 #812
上级
f343eeef
变更
4
隐藏空白更改
内联
并排
Showing
4 changed file
with
48 addition
and
6 deletion
+48
-6
IoTSharp/Extensions/MqttExtension.cs
IoTSharp/Extensions/MqttExtension.cs
+35
-1
IoTSharp/IoTSharp.csproj
IoTSharp/IoTSharp.csproj
+1
-0
IoTSharp/Services/MQTTService.cs
IoTSharp/Services/MQTTService.cs
+10
-3
IoTSharp/appsettings.PostgreSql.json
IoTSharp/appsettings.PostgreSql.json
+2
-2
未找到文件。
IoTSharp/Extensions/MqttExtension.cs
浏览文件 @
887c1116
...
...
@@ -19,6 +19,8 @@ using MQTTnet.AspNetCore.Routing;
using
IoTSharp.Data
;
using
Newtonsoft.Json.Linq
;
using
IoTSharp.Contracts
;
using
System.Net.Security
;
using
System.Runtime.ConstrainedExecution
;
namespace
IoTSharp
{
...
...
@@ -40,13 +42,45 @@ namespace IoTSharp
if
(
broker
.
CACertificate
!=
null
)
{
broker
.
CACertificate
.
LoadCAToRoot
();
}
options
.
WithEncryptedEndpoint
();
options
.
WithEncryptedEndpointPort
(
broker
.
TlsPort
);
if
(
broker
.
BrokerCertificate
!=
null
)
{
options
.
WithEncryptionCertificate
(
broker
.
Broker
Certificate
.
Export
(
X509ContentType
.
Pfx
)).
WithEncryptionSslProtocol
(
broker
.
SslProtocol
);
options
.
WithEncryptionCertificate
(
broker
.
CA
Certificate
.
Export
(
X509ContentType
.
Pfx
)).
WithEncryptionSslProtocol
(
broker
.
SslProtocol
);
}
options
.
WithClientCertificate
((
object
sender
,
X509Certificate
?
certificate
,
X509Chain
?
chain
,
SslPolicyErrors
sslPolicyErrors
)
=>
{
bool
result
=
false
;
try
{
//如果CA跟证书是受信任, 这里就是None。
if
(
sslPolicyErrors
==
SslPolicyErrors
.
None
)
{
result
=
true
;
}
else
if
(
sslPolicyErrors
==
SslPolicyErrors
.
RemoteCertificateChainErrors
&&
chain
.
ChainStatus
.
Count
()==
1
&&
chain
.
ChainStatus
.
First
().
Status
==
X509ChainStatusFlags
.
UntrustedRoot
)
{
//如果有是远程证书链有问题, 并且只有 UntrustedRoot 时,内部开始验证客户端是不是由本机CA证书颁发的
chain
.
ChainPolicy
.
RevocationMode
=
X509RevocationMode
.
NoCheck
;
chain
.
ChainPolicy
.
VerificationFlags
=
X509VerificationFlags
.
NoFlag
;
chain
.
ChainPolicy
.
TrustMode
=
X509ChainTrustMode
.
CustomRootTrust
;
chain
.
ChainPolicy
.
CustomTrustStore
.
Add
(
broker
.
CACertificate
);
if
(
chain
.
Build
((
X509Certificate2
)
certificate
))
//如果是本CA办法, 则能构建成功, 如果是其他CA办法,则失败。
{
//确认跟证书在当前
result
=
chain
.
ChainElements
.
Cast
<
X509ChainElement
>().
Any
(
a
=>
a
.
Certificate
.
Thumbprint
==
broker
.
CACertificate
.
Thumbprint
);
}
}
}
catch
{
}
return
result
;
});
}
else
{
...
...
IoTSharp/IoTSharp.csproj
浏览文件 @
887c1116
...
...
@@ -236,6 +236,7 @@
<ProjectReference Include="..\IoTSharp.EventBus\IoTSharp.EventBus.csproj" />
<ProjectReference Include="..\IoTSharp.Extensions.AspNetCore\IoTSharp.Extensions.AspNetCore.csproj" />
<ProjectReference Include="..\IoTSharp.Extensions.EFCore\IoTSharp.Extensions.EFCore.csproj" />
<ProjectReference Include="..\IoTSharp.Extensions.X509\IoTSharp.Extensions.X509.csproj" />
<ProjectReference Include="..\IoTSharp.Extensions\IoTSharp.Extensions.csproj" />
<ProjectReference Include="..\IoTSharp.Interpreter\IoTSharp.Interpreter.csproj" />
<ProjectReference Include="..\IoTSharp.TaskActions\IoTSharp.TaskActions.csproj" />
...
...
IoTSharp/Services/MQTTService.cs
浏览文件 @
887c1116
...
...
@@ -167,10 +167,17 @@ namespace IoTSharp.Services
}
else
{
_logger
.
LogInformation
(
$"ClientId=
{
obj
.
ClientId
}
,Endpoint=
{
obj
.
Endpoint
}
,Username=
{
obj
.
UserName
}
,Password=
{
obj
.
Password
}
"
);
string
_thumbprint
=
string
.
Empty
;
if
(
_settings
.
MqttBroker
.
EnableTls
)
{
_thumbprint
=
e
.
ClientCertificate
?.
Thumbprint
;
}
_logger
.
LogInformation
(
$"ClientId=
{
obj
.
ClientId
}
,Endpoint=
{
obj
.
Endpoint
}
,Username=
{
obj
.
UserName
}
,Password=
{
obj
.
Password
}
"
);
var
mcr
=
_dbContextcv
.
DeviceIdentities
.
Include
(
d
=>
d
.
Device
).
AsSplitQuery
().
FirstOrDefault
(
mc
=>
mc
.
IdentityType
==
IdentityType
.
AccessToken
&&
mc
.
IdentityId
==
obj
.
UserName
||
mc
.
IdentityType
==
IdentityType
.
DevicePassword
&&
mc
.
IdentityId
==
obj
.
UserName
&&
mc
.
IdentityValue
==
obj
.
Password
);
(
mc
.
IdentityType
==
IdentityType
.
AccessToken
&&
mc
.
IdentityId
==
obj
.
UserName
)
||
(
mc
.
IdentityType
==
IdentityType
.
X509Certificate
&&
mc
.
IdentityId
==
_thumbprint
)
||
(
mc
.
IdentityType
==
IdentityType
.
DevicePassword
&&
mc
.
IdentityId
==
obj
.
UserName
&&
mc
.
IdentityValue
==
obj
.
Password
)
);
if
(
mcr
!=
null
)
{
try
...
...
IoTSharp/appsettings.PostgreSql.json
浏览文件 @
887c1116
...
...
@@ -12,8 +12,8 @@
"TelemetryStorage"
:
"Server=localhost;Database=IoTSharp20222;Username=postgres;Password=future;"
},
"MqttBroker"
:
{
"EnableTls"
:
true
,
"SslProtocol"
:
12288
"EnableTls"
:
true
},
"JwtKey"
:
"iotsharpiotsharpiotsharpiotsharpiotsharp"
,
"JwtExpireHours"
:
3
,
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录