dohertj2/scadalink-design
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4e5b5facec27d5f65a721f21c75096586ac9a693
scadalink-design/lmxproxy/src-reference/ZB.MOM.WW.LmxProxy.Host/Configuration/TlsConfiguration.cs
Joseph Doherty 0d63fb1105 feat(lmxproxy): phase 1 — v2 protocol types and domain model 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-21 23:41:56 -04:00

91 lines
3.1 KiB
C#
Raw Blame History

using System.IO;
using Serilog;
namespace ZB.MOM.WW.LmxProxy.Host.Configuration
{
/// <summary>
/// Configuration for TLS/SSL settings for secure gRPC communication
/// </summary>
public class TlsConfiguration
{
/// <summary>
/// Gets or sets whether TLS is enabled for gRPC communication
/// </summary>
public bool Enabled { get; set; } = false;
/// <summary>
/// Gets or sets the path to the server certificate file (.pem or .crt)
/// </summary>
public string ServerCertificatePath { get; set; } = string.Empty;
/// <summary>
/// Gets or sets the path to the server private key file (.key)
/// </summary>
public string ServerKeyPath { get; set; } = string.Empty;
/// <summary>
/// Gets or sets the path to the certificate authority file for client certificate validation (optional)
/// </summary>
public string? ClientCaCertificatePath { get; set; }
/// <summary>
/// Gets or sets whether to require client certificates for mutual TLS
/// </summary>
public bool RequireClientCertificate { get; set; } = false;
/// <summary>
/// Gets or sets whether to check certificate revocation
/// </summary>
public bool CheckCertificateRevocation { get; set; } = true;
/// <summary>
/// Validates the TLS configuration
/// </summary>
/// <returns>True if configuration is valid, false otherwise</returns>
public bool Validate()
{
if (!Enabled)
{
return true; // No validation needed if TLS is disabled
}
if (string.IsNullOrWhiteSpace(ServerCertificatePath))
{
Log.Error("TLS is enabled but ServerCertificatePath is not configured");
return false;
}
if (string.IsNullOrWhiteSpace(ServerKeyPath))
{
Log.Error("TLS is enabled but ServerKeyPath is not configured");
return false;
}
if (!File.Exists(ServerCertificatePath))
{
Log.Warning("Server certificate file not found: {Path} - will be auto-generated on startup",
ServerCertificatePath);
}
if (!File.Exists(ServerKeyPath))
{
Log.Warning("Server key file not found: {Path} - will be auto-generated on startup", ServerKeyPath);
}
if (RequireClientCertificate && string.IsNullOrWhiteSpace(ClientCaCertificatePath))
{
Log.Error("Client certificate is required but ClientCaCertificatePath is not configured");
return false;
}
if (!string.IsNullOrWhiteSpace(ClientCaCertificatePath) && !File.Exists(ClientCaCertificatePath))
{
Log.Warning("Client CA certificate file not found: {Path} - will be auto-generated on startup",
ClientCaCertificatePath);
}
return true;
}
}
}
Reference in New Issue View Git Blame Copy Permalink