dohertj2/scadalink-design
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
scadalink-design/deprecated/lmxproxy/src-reference/ZB.MOM.WW.LmxProxy.Host/Configuration/TlsConfiguration.cs
Joseph Doherty 9dccf8e72f deprecate(lmxproxy): move all LmxProxy code, tests, and docs to deprecated/ 
LmxProxy is no longer needed. Moved the entire lmxproxy/ workspace, DCL
adapter files, and related docs to deprecated/. Removed LmxProxy registration
from DataConnectionFactory, project reference from DCL, protocol option from
UI, and cleaned up all requirement docs.
2026-04-08 15:56:23 -04:00

91 lines
3.1 KiB
C#
Raw Permalink Blame History

using System.IO;
using Serilog;
namespace ZB.MOM.WW.LmxProxy.Host.Configuration
{
/// <summary>
/// Configuration for TLS/SSL settings for secure gRPC communication
/// </summary>
public class TlsConfiguration
{
/// <summary>
/// Gets or sets whether TLS is enabled for gRPC communication
/// </summary>
public bool Enabled { get; set; } = false;
/// <summary>
/// Gets or sets the path to the server certificate file (.pem or .crt)
/// </summary>
public string ServerCertificatePath { get; set; } = string.Empty;
/// <summary>
/// Gets or sets the path to the server private key file (.key)
/// </summary>
public string ServerKeyPath { get; set; } = string.Empty;
/// <summary>
/// Gets or sets the path to the certificate authority file for client certificate validation (optional)
/// </summary>
public string? ClientCaCertificatePath { get; set; }
/// <summary>
/// Gets or sets whether to require client certificates for mutual TLS
/// </summary>
public bool RequireClientCertificate { get; set; } = false;
/// <summary>
/// Gets or sets whether to check certificate revocation
/// </summary>
public bool CheckCertificateRevocation { get; set; } = true;
/// <summary>
/// Validates the TLS configuration
/// </summary>
/// <returns>True if configuration is valid, false otherwise</returns>
public bool Validate()
{
if (!Enabled)
{
return true; // No validation needed if TLS is disabled
}
if (string.IsNullOrWhiteSpace(ServerCertificatePath))
{
Log.Error("TLS is enabled but ServerCertificatePath is not configured");
return false;
}
if (string.IsNullOrWhiteSpace(ServerKeyPath))
{
Log.Error("TLS is enabled but ServerKeyPath is not configured");
return false;
}
if (!File.Exists(ServerCertificatePath))
{
Log.Warning("Server certificate file not found: {Path} - will be auto-generated on startup",
ServerCertificatePath);
}
if (!File.Exists(ServerKeyPath))
{
Log.Warning("Server key file not found: {Path} - will be auto-generated on startup", ServerKeyPath);
}
if (RequireClientCertificate && string.IsNullOrWhiteSpace(ClientCaCertificatePath))
{
Log.Error("Client certificate is required but ClientCaCertificatePath is not configured");
return false;
}
if (!string.IsNullOrWhiteSpace(ClientCaCertificatePath) && !File.Exists(ClientCaCertificatePath))
{
Log.Warning("Client CA certificate file not found: {Path} - will be auto-generated on startup",
ClientCaCertificatePath);
}
return true;
}
}
}
Reference in New Issue View Git Blame Copy Permalink