Add support for X.509 Client Certificates

hivemq · Dec 29, 2023 · 3ea307b · 3ea307b
1 parent 9e89933
commit 3ea307b
Show file tree

Hide file tree

Showing 3 changed files with 46 additions and 1 deletion.
diff --git a/Source/HiveMQtt/Client/HiveMQClientOptionsBuilder.cs b/Source/HiveMQtt/Client/HiveMQClientOptionsBuilder.cs
@@ -15,6 +15,7 @@
  */
 namespace HiveMQtt.Client;
 
+using System.Security.Cryptography.X509Certificates;
 using HiveMQtt.Client.Options;
 
 /// <summary>
@@ -130,6 +131,44 @@ public HiveMQClientOptionsBuilder WithUseTls(bool useTls)
         return this;
     }
 
+    /// <summary>
+    /// Adds an X.509 certificate to be used for client authentication.  This can be called
+    /// multiple times to add multiple certificates.
+    /// </summary>
+    /// <param name="clientCertificate">The client X.509 certificate to be used for client authentication.</param>
+    /// <returns>The HiveMQClientOptionsBuilder instance.</returns>
+    public HiveMQClientOptionsBuilder WithClientCertificate(X509Certificate2 clientCertificate)
+    {
+        this.options.ClientCertificates.Add(clientCertificate);
+        return this;
+    }
+
+    /// <summary>
+    /// Adds a list of X.509 certificates to be used for client authentication.
+    /// </summary>
+    /// <param name="clientCertificates">The list of client X.509 certificates to be used for client authentication.</param>
+    /// <returns>The HiveMQClientOptionsBuilder instance.</returns>
+    public HiveMQClientOptionsBuilder WithClientCertificates(List<X509Certificate2> clientCertificates)
+    {
+        foreach (var certificate in clientCertificates)
+        {
+            this.options.ClientCertificates.Add(certificate);
+        }
+
+        return this;
+    }
+
+    /// <summary>
+    /// Adds an X.509 certificate to be used for client authentication.
+    /// </summary>
+    /// <param name="clientCertificatePath">The path to the client X.509 certificate to be used for client authentication.</param>
+    /// <returns>The HiveMQClientOptionsBuilder instance.</returns>
+    public HiveMQClientOptionsBuilder WithClientCertificate(string clientCertificatePath)
+    {
+        this.options.ClientCertificates.Add(new X509Certificate2(clientCertificatePath));
+        return this;
+    }
+
     /// <summary>
     /// Sets whether to use a clean start.
     /// <para>

diff --git a/Source/HiveMQtt/Client/HiveMQClientSocket.cs b/Source/HiveMQtt/Client/HiveMQClientSocket.cs
@@ -198,6 +198,7 @@ private async Task<bool> CreateTLSConnectionAsync(Stream stream)
         {
             TargetHost = this.Options.Host,
             EnabledSslProtocols = SslProtocols.Tls13 | SslProtocols.Tls12,
+            ClientCertificates = this.Options.ClientCertificates,
         };
 
         if (this.Options.AllowInvalidBrokerCertificates)

diff --git a/Source/HiveMQtt/Client/Options/HiveMQClientOptions.cs b/Source/HiveMQtt/Client/Options/HiveMQClientOptions.cs
@@ -17,7 +17,7 @@ namespace HiveMQtt.Client.Options;
 
 using System;
 using System.Linq;
-
+using System.Security.Cryptography.X509Certificates;
 using HiveMQtt.Client;
 using HiveMQtt.Client.Exceptions;
 
@@ -156,6 +156,11 @@ public HiveMQClientOptions()
     /// </summary>
     public bool UseTLS { get; set; }
 
+    /// <summary>
+    /// Gets or sets the collection of client X509 certificates.
+    /// </summary>
+    public X509CertificateCollection ClientCertificates { get; set; }
+
     /// <summary>
     /// Gets or sets a value indicating whether the MQTT client should allow invalid broker TLS certificates.
     /// </summary>