Options to enable secure RabbitMQ (#27)

* RMQ connection support for SSL/TLS (no certificate check).
* Refactored RabbitMqConnectionFactory to support TLS connection and Port number config.
* Update on IRabbitMqConnectionFactory Summary.

Co-authored-by: JP Leger <[email protected]>

Author: 2 people

src/Messaging/Configuration/ConfigurationKeys.cs

@@ -11,7 +11,8 @@ internal static class ConfigurationKeys
         public static readonly string VirtualHost = "virtualHost";
         public static readonly string Exchange = "exchange";
         public static readonly string ExportRequestQueue = "exportRequestQueue";
-
+        public static readonly string UseSSL = "useSSL";
+        public static readonly string Port = "port";
         public static readonly string[] PublisherRequiredKeys = new[] { EndPoint, Username, Password, VirtualHost, Exchange };
         public static readonly string[] SubscriberRequiredKeys = new[] { EndPoint, Username, Password, VirtualHost, Exchange, ExportRequestQueue };
     }

src/Messaging/RabbitMq/RabbitMqConnectionFactory.cs

@@ -8,6 +8,7 @@
 using Microsoft.Extensions.Logging;
 using Monai.Deploy.Messaging.Common;
 using RabbitMQ.Client;
+using System.Net.Security;
 
 namespace Monai.Deploy.Messaging.RabbitMq
 {
@@ -22,8 +23,10 @@ public interface IRabbitMqConnectionFactory
         /// <param name="username">User name</param>
         /// <param name="password">Password</param>
         /// <param name="virtualHost">Virtual host</param>
+        /// <param name="useSSL">Encrypt communication</param>
+        /// <param name="portnumber">Port Number</param>
         /// <returns>Instance of <see cref="IModel"/>.</returns>
-        IModel CreateChannel(string hostName, string username, string password, string virtualHost);
+        IModel CreateChannel(string hostName, string username, string password, string virtualHost, string useSSL, string portnumber);
     }
 
     public class RabbitMqConnectionFactory : IRabbitMqConnectionFactory, IDisposable
@@ -40,19 +43,20 @@ public RabbitMqConnectionFactory(ILogger<RabbitMqConnectionFactory> logger)
             _connections = new ConcurrentDictionary<string, Lazy<IConnection>>();
         }
 
-        public IModel CreateChannel(string hostName, string username, string password, string virtualHost)
+        public IModel CreateChannel(string hostName, string username, string password, string virtualHost, string useSSL, string portnumber )
         {
             Guard.Against.NullOrWhiteSpace(hostName, nameof(hostName));
             Guard.Against.NullOrWhiteSpace(username, nameof(username));
             Guard.Against.NullOrWhiteSpace(password, nameof(password));
             Guard.Against.NullOrWhiteSpace(virtualHost, nameof(virtualHost));
 
+
             var key = $"{hostName}{username}{HashPassword(password)}{virtualHost}";
 
             var connection = _connections.AddOrUpdate(key,
                 x =>
                 {
-                    return CreatConnection(hostName, username, password, virtualHost, key);
+                    return CreatConnection(hostName, username, password, virtualHost, key, useSSL, portnumber);
                 },
                 (updateKey, updateConnection) =>
                 {
@@ -62,21 +66,38 @@ public IModel CreateChannel(string hostName, string username, string password, s
                     }
                     else
                     {
-                        return CreatConnection(hostName, username, password, virtualHost, key);
+                        return CreatConnection(hostName, username, password, virtualHost, key, useSSL, portnumber);
                     }
                 });
 
             return connection.Value.CreateModel();
         }
 
-        private Lazy<IConnection> CreatConnection(string hostName, string username, string password, string virtualHost, string key)
+        private Lazy<IConnection> CreatConnection(string hostName, string username, string password, string virtualHost, string key, string useSSL, string portnumber)
         {
+            int port;
+            Boolean SslEnabled;
+            Boolean.TryParse(useSSL, out SslEnabled);
+            if (!Int32.TryParse(portnumber, out port))
+            {
+                port = SslEnabled ? 5671 : 5672; // 5671 is default port for SSL/TLS , 5672 is default port for PLAIN.
+            }
+
+            SslOption sslOptions = new SslOption
+            {
+                Enabled = SslEnabled,
+                ServerName = hostName,
+                AcceptablePolicyErrors = SslPolicyErrors.RemoteCertificateNameMismatch | SslPolicyErrors.RemoteCertificateChainErrors | SslPolicyErrors.RemoteCertificateNotAvailable
+            };
+
             var connectionFactory = _connectionFactoriess.GetOrAdd(key, y => new Lazy<ConnectionFactory>(() => new ConnectionFactory()
             {
                 HostName = hostName,
                 UserName = username,
                 Password = password,
-                VirtualHost = virtualHost
+                VirtualHost = virtualHost,
+                Ssl = sslOptions,
+                Port = port
             }));
 
             return new Lazy<IConnection>(() => connectionFactory.Value.CreateConnection());

src/Messaging/RabbitMq/RabbitMqMessagePublisherService.cs

@@ -23,6 +23,8 @@ public class RabbitMqMessagePublisherService : IMessageBrokerPublisherService
         private readonly string _password;
         private readonly string _virtualHost;
         private readonly string _exchange;
+        private readonly string _useSSL = string.Empty;
+        private readonly string _portNumber = string.Empty;
         private bool _disposedValue;
 
         public string Name => "Rabbit MQ Publisher";
@@ -43,6 +45,16 @@ public RabbitMqMessagePublisherService(IOptions<MessageBrokerServiceConfiguratio
             _password = configuration.PublisherSettings[ConfigurationKeys.Password];
             _virtualHost = configuration.PublisherSettings[ConfigurationKeys.VirtualHost];
             _exchange = configuration.PublisherSettings[ConfigurationKeys.Exchange];
+
+            
+            if (configuration.PublisherSettings.ContainsKey(ConfigurationKeys.UseSSL))
+                _useSSL = configuration.PublisherSettings[ConfigurationKeys.UseSSL];
+
+            
+            if (configuration.PublisherSettings.ContainsKey(ConfigurationKeys.Port))
+                _portNumber = configuration.PublisherSettings[ConfigurationKeys.Port];
+
+                
         }
 
         private void ValidateConfiguration(MessageBrokerServiceConfiguration configuration)
@@ -68,7 +80,7 @@ public Task Publish(string topic, Message message)
 
             _logger.PublshingRabbitMq(_endpoint, _virtualHost, _exchange, topic);
 
-            using var channel = _rabbitMqConnectionFactory.CreateChannel(_endpoint, _username, _password, _virtualHost);
+            using var channel = _rabbitMqConnectionFactory.CreateChannel(_endpoint, _username, _password, _virtualHost , _useSSL , _portNumber);
             channel.ExchangeDeclare(_exchange, ExchangeType.Topic, durable: true, autoDelete: false);
 
             var properties = channel.CreateBasicProperties();
@@ -109,4 +121,4 @@ public void Dispose()
             GC.SuppressFinalize(this);
         }
     }
-}
+}

src/Messaging/RabbitMq/RabbitMqMessageSubscriberService.cs

@@ -19,6 +19,8 @@ public class RabbitMqMessageSubscriberService : IMessageBrokerSubscriberService
         private readonly string _endpoint;
         private readonly string _virtualHost;
         private readonly string _exchange;
+        private readonly string _useSSL = string.Empty;
+        private readonly string _portNumber = string.Empty;
         private readonly IModel _channel;
         private bool _disposedValue;
 
@@ -40,8 +42,18 @@ public RabbitMqMessageSubscriberService(IOptions<MessageBrokerServiceConfigurati
             _virtualHost = configuration.SubscriberSettings[ConfigurationKeys.VirtualHost];
             _exchange = configuration.SubscriberSettings[ConfigurationKeys.Exchange];
 
+   
+            if (configuration.SubscriberSettings.ContainsKey(ConfigurationKeys.UseSSL))
+                _useSSL = configuration.SubscriberSettings[ConfigurationKeys.UseSSL];
+
+                
+
+            if (configuration.SubscriberSettings.ContainsKey(ConfigurationKeys.Port))
+                _portNumber = configuration.SubscriberSettings[ConfigurationKeys.Port];
+         
+
             _logger.ConnectingToRabbitMq(Name, _endpoint, _virtualHost);
-            _channel = rabbitMqConnectionFactory.CreateChannel(_endpoint, username, password, _virtualHost);
+            _channel = rabbitMqConnectionFactory.CreateChannel(_endpoint, username, password, _virtualHost , _useSSL , _portNumber);
             _channel.ExchangeDeclare(_exchange, ExchangeType.Topic, durable: true, autoDelete: false);
             _channel.BasicQos(prefetchSize: 0, prefetchCount: 1, global: false);
         }
@@ -233,4 +245,4 @@ private static MessageReceivedEventArgs CreateMessage(string topic, BasicDeliver
                 CancellationToken.None);
         }
     }
-}
+}

src/Messaging/Test/RabbitMq/RabbitMqMessagePublisherServiceTest.cs

@@ -28,7 +28,7 @@ public RabbitMqMessagePublisherServiceTest()
             _connectionFactory = new Mock<IRabbitMqConnectionFactory>();
             _model = new Mock<IModel>();
 
-            _connectionFactory.Setup(p => p.CreateChannel(It.IsAny<string>(), It.IsAny<string>(), It.IsAny<string>(), It.IsAny<string>()))
+            _connectionFactory.Setup(p => p.CreateChannel(It.IsAny<string>(), It.IsAny<string>(), It.IsAny<string>(), It.IsAny<string>(),It.IsAny<string>(),It.IsAny<string>()))
                 .Returns(_model.Object);
         }
 

src/Messaging/Test/RabbitMq/RabbitMqMessageSubscriberServiceTest.cs

@@ -30,7 +30,7 @@ public RabbitMqMessageSubscriberServiceTest()
             _connectionFactory = new Mock<IRabbitMqConnectionFactory>();
             _model = new Mock<IModel>();
 
-            _connectionFactory.Setup(p => p.CreateChannel(It.IsAny<string>(), It.IsAny<string>(), It.IsAny<string>(), It.IsAny<string>()))
+            _connectionFactory.Setup(p => p.CreateChannel(It.IsAny<string>(), It.IsAny<string>(), It.IsAny<string>(), It.IsAny<string>(), It.IsAny<string>(), It.IsAny<string>()))
                 .Returns(_model.Object);
 
         }