feat(lmxproxy): phase 1 — v2 protocol types and domain model

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-21 23:41:56 -04:00
parent 08d2a07d8b
commit 0d63fb1105
87 changed files with 3389 additions and 956 deletions
--- a/lmxproxy/src-reference/ZB.MOM.WW.LmxProxy.Host/Configuration/TlsConfiguration.cs
+++ b/lmxproxy/src-reference/ZB.MOM.WW.LmxProxy.Host/Configuration/TlsConfiguration.cs
@@ -0,0 +1,90 @@
+using System.IO;
+using Serilog;
+
+namespace ZB.MOM.WW.LmxProxy.Host.Configuration
+{
+    /// <summary>
+    ///     Configuration for TLS/SSL settings for secure gRPC communication
+    /// </summary>
+    public class TlsConfiguration
+    {
+        /// <summary>
+        ///     Gets or sets whether TLS is enabled for gRPC communication
+        /// </summary>
+        public bool Enabled { get; set; } = false;
+
+        /// <summary>
+        ///     Gets or sets the path to the server certificate file (.pem or .crt)
+        /// </summary>
+        public string ServerCertificatePath { get; set; } = string.Empty;
+
+        /// <summary>
+        ///     Gets or sets the path to the server private key file (.key)
+        /// </summary>
+        public string ServerKeyPath { get; set; } = string.Empty;
+
+        /// <summary>
+        ///     Gets or sets the path to the certificate authority file for client certificate validation (optional)
+        /// </summary>
+        public string? ClientCaCertificatePath { get; set; }
+
+        /// <summary>
+        ///     Gets or sets whether to require client certificates for mutual TLS
+        /// </summary>
+        public bool RequireClientCertificate { get; set; } = false;
+
+        /// <summary>
+        ///     Gets or sets whether to check certificate revocation
+        /// </summary>
+        public bool CheckCertificateRevocation { get; set; } = true;
+
+        /// <summary>
+        ///     Validates the TLS configuration
+        /// </summary>
+        /// <returns>True if configuration is valid, false otherwise</returns>
+        public bool Validate()
+        {
+            if (!Enabled)
+            {
+                return true; // No validation needed if TLS is disabled
+            }
+
+            if (string.IsNullOrWhiteSpace(ServerCertificatePath))
+            {
+                Log.Error("TLS is enabled but ServerCertificatePath is not configured");
+                return false;
+            }
+
+            if (string.IsNullOrWhiteSpace(ServerKeyPath))
+            {
+                Log.Error("TLS is enabled but ServerKeyPath is not configured");
+                return false;
+            }
+
+            if (!File.Exists(ServerCertificatePath))
+            {
+                Log.Warning("Server certificate file not found: {Path} - will be auto-generated on startup",
+                    ServerCertificatePath);
+            }
+
+            if (!File.Exists(ServerKeyPath))
+            {
+                Log.Warning("Server key file not found: {Path} - will be auto-generated on startup", ServerKeyPath);
+            }
+
+            if (RequireClientCertificate && string.IsNullOrWhiteSpace(ClientCaCertificatePath))
+            {
+                Log.Error("Client certificate is required but ClientCaCertificatePath is not configured");
+                return false;
+            }
+
+            if (!string.IsNullOrWhiteSpace(ClientCaCertificatePath) && !File.Exists(ClientCaCertificatePath))
+            {
+                Log.Warning("Client CA certificate file not found: {Path} - will be auto-generated on startup",
+                    ClientCaCertificatePath);
+            }
+
+            return true;
+        }
+    }
+}