/// <summary>
/// Insert a certificate to this ZCertStore. Note that this will override any existing certificate in the store
/// which has the same public key.
/// </summary>
/// <param name="cert">Certificate to store in ZCertStore.</param>
public void Insert(ZCert cert)
{
lock (certs)
{
certs[cert.PublicTxt] = cert;
}
}
/// <summary>
/// Compare to certificate. Return true if public and private keys are equal.
/// </summary>
/// <param name="obj"></param>
/// <returns>Return true if public and private keys are equal.</returns>
public bool Equals(ZCert obj)
{
if (obj == null)
{
return(false);
}
return(obj.SecretTxt == SecretTxt && obj.PublicTxt == PublicTxt);
}
/// <summary>
/// Duplicate this certificate by doing a deep clone.
/// </summary>
/// <param name="cert">Certificate to deep clone. Public and private keys must not be null.</param>
/// <returns>A copy of the given certificate.</returns>
public ZCert Dup(ZCert cert)
{
if (cert == null)
{
return(null);
}
return(new ZCert((
byte[])cert.PublicKey.Clone(),
cert.SecretKey != null ? (byte[])cert.SecretKey.Clone() : new byte[32])
{
metadata = cert.metadata.ToDictionary(entry => string.Copy(entry.Key), entry => string.Copy(entry.Value))
});
}
private void Load(string path)
{
lock (certs)
{
certs.Clear();
if (Directory.Exists(path))
{
string[] files = Directory.GetFiles(path, "*", SearchOption.TopDirectoryOnly);
foreach (var filename in files)
{
ZCert cert = ZCert.Load(Path.Combine(filename));
if (cert != null && (filename.EndsWith("_secret") || !certs.ContainsKey(cert.PublicTxt)))
{
certs[cert.PublicTxt] = cert;
}
}
}
}
}
private bool AuthenticateCurve(ZAP request, List <byte> metabuf, out int metadataLength)
{
metadataLength = 0;
if (allowAny)
{
if (verbose)
{
Info("zauth: - allowed (CURVE allow any client)");
}
return(true);
}
else
if (certStore != null)
{
ZCert cert = certStore.Lookup(request.ClientTxt);
if (cert != null)
{
Dictionary <string, string> meta = cert.MetaData;
foreach (var pair in meta)
{
string key = pair.Key;
string val = pair.Value;
AddProperty(metabuf, key, val);
}
if (verbose)
{
Info("zauth: - allowed (CURVE) client_key=" + request.ClientTxt.ToString());
}
request.UserId = request.ClientTxt;
return(true);
}
}
if (verbose)
{
Info("zauth: - denied (CURVE) client_key=" + request.ClientTxt.ToString());
}
return(false);
}
/// <summary>
/// Load a certificate from file. This will first try to open the secret file by append _secret to the
/// file name (filename + "_secret"). If the secret file isn't found only the public key is loaded and the secret key will contain 32 zeros.
/// </summary>
/// <param name="filename">Filename (excluding the "_secret" ending).</param>
/// <returns>Return the loaded certificate. OBS! null is returned if the file isn't found.</returns>
public static ZCert Load(string filename)
{
ZCert cert = new ZCert();
// Try first to load secret certificate, which has both keys
// Then fallback to loading public certificate
string filenameSecret = filename + "_secret";
Queue <string> lines;
if (File.Exists(filenameSecret))
{
lines = new Queue <string>(File.ReadAllLines(filenameSecret).ToList());
}
else if (File.Exists(filename))
{
lines = new Queue <string>(File.ReadAllLines(filename).ToList());
}
else
{
return(null);
}
LineRead reader = null;
while (lines.Count > 0)
{
string line = lines.Dequeue();
if (line.TrimStart().StartsWith("#"))
{
continue;
}
if (line.TrimStart().StartsWith("metadata"))
{
reader = (str, c) =>
{
string[] metadata = Split(str);
if (metadata.Length == 2)
{
c.SetMeta(metadata[0].Trim(), metadata[1].Trim(new char[] { '"', ' ', '\t' }));
}
};
}
if (line.TrimStart().StartsWith("curve"))
{
reader = (str, c) =>
{
var key = Split(str);
if (key.Length == 2)
{
if (key[0].Trim() == "public-key")
{
c.PublicTxt = key[1].Trim(new char[] { '"', ' ', '\t' });
}
if (key[0].Trim() == "secret-key")
{
c.SecretTxt = key[1].Trim(new char[] { '"', ' ', '\t' });
}
}
};
}
if (reader != null)
{
reader(line, cert);
}
}
return(cert);
}
/// <summary>
/// Receive a valid ZAP request from the handler socket
/// </summary>
/// <param name="handler"></param>
/// <param name="request"></param>
/// <param name="verbose"></param>
public ZAP(ZSocket handler, ZMessage request, bool verbose)
{
// Store handler socket so we can send a reply easily
this.handler = handler;
Verbose = verbose;
if (request.Count == 0)
{
return;
}
// Get all standard frames off the handler socket
Version = request.Pop().ReadLine();
Sequence = request.Pop().ReadLine();
Domain = request.Pop().ReadLine();
Address = request.Pop().ReadLine();
Identity = request.Pop().ReadLine();
Mechanism = request.Pop().ReadLine();
Mechanism = string.IsNullOrEmpty(Mechanism) ? "" : Mechanism;
Version = string.IsNullOrEmpty(Version) ? "" : Version;
Sequence = string.IsNullOrEmpty(Sequence) ? "" : Sequence;
Domain = string.IsNullOrEmpty(Domain) ? "" : Domain;
Address = string.IsNullOrEmpty(Address) ? "" : Address;
Identity = string.IsNullOrEmpty(Identity) ? "" : Identity;
// If the version is wrong, we're linked with a bogus libzmq, so die
if (Version != "1.0")
{
return;
}
// Get mechanism-specific frames
if (Mechanism == "PLAIN")
{
Username = request.Pop().ReadLine();
Password = request.Pop().ReadLine();
Username = string.IsNullOrEmpty(Username) ? "" : Username;
Password = string.IsNullOrEmpty(Password) ? "" : Password;
}
else
if (Mechanism == "CURVE")
{
ZFrame frame = request.Pop();
if (frame.Length != 32)
{
return;
}
ZCert cert = new ZCert(frame.Read(), new byte[32]);
ClientTxt = cert.PublicTxt;
}
else
if (Mechanism == "GSSAPI")
{
Principal = request.Pop().ReadLine();
}
if (Verbose)
{
ZAuth.Info(string.Format("zauth: ZAP request mechanism={0} ipaddress={1}", Mechanism, Address));
}
}