public MqttClientOptions()

in dotnet/src/Azure.Iot.Operations.Protocol/Models/MqttClientOptions.cs [25:119]


        public MqttClientOptions(MqttConnectionSettings cs)
        {
            ClientId = cs.ClientId;
            KeepAlivePeriod = cs.KeepAlive;
            ProtocolVersion = MqttProtocolVersion.V500;
            CleanSession = cs.CleanStart;
            SessionExpiryInterval = (uint)cs.SessionExpiry.TotalSeconds;
            ReceiveMaximum = cs.ReceiveMaximum;

            if (!string.IsNullOrEmpty(cs.Username))
            {
                Credentials = !string.IsNullOrEmpty(cs.PasswordFile)
                    ? new MqttClientCredentials(cs.Username, File.ReadAllBytes(cs.PasswordFile))
                    : (IMqttClientCredentialsProvider)new MqttClientCredentials(cs.Username);
            }

            if (!string.IsNullOrEmpty(cs.SatAuthFile))
            {
                AuthenticationMethod = "K8S-SAT";
                AuthenticationData = File.ReadAllBytes(cs.SatAuthFile);
                AddUserProperty("tokenFilePath", cs.SatAuthFile);
            }

            if (!cs.UseTls)
            {
                ChannelOptions = new MqttClientTcpOptions(cs.HostName, cs.TcpPort)
                {
                    TlsOptions = new MqttClientTlsOptions()
                    {
                        UseTls = false
                    }
                };
            }
            else
            {
                try
                {
                    MqttClientTlsOptions tlsParams = new()
                    {
                        SslProtocol = System.Security.Authentication.SslProtocols.Tls12 | System.Security.Authentication.SslProtocols.Tls13
                    };

                    X509Certificate2Collection caCerts = [];
                    if (cs.TrustChain != null)
                    {
                        tlsParams.TrustChain = cs.TrustChain;
                    }
                    else if (!string.IsNullOrEmpty(cs.CaFile))
                    {
                        caCerts.ImportFromPemFile(cs.CaFile);
                        tlsParams.TrustChain = caCerts;
                        tlsParams.RevocationMode = X509RevocationMode.NoCheck;
                    }

                    List<X509Certificate2> certs = [];
                    if (!string.IsNullOrEmpty(cs.CertFile) && !string.IsNullOrEmpty(cs.KeyFile))
                    {
                        X509Certificate2 cert = X509ClientCertificateLocator.Load(cs.CertFile, cs.KeyFile, cs.KeyPasswordFile);
                        if (!cert.HasPrivateKey)
                        {
                            throw new SecurityException("Provided certificate is missing the private key information.");
                        }
                        certs.Add(cert);
                    }

                    if (cs.ClientCertificate is not null)
                    {
                        certs.Add(cs.ClientCertificate);
                    }

                    tlsParams.ClientCertificatesProvider = new DefaultMqttCertificatesProvider(certs);
                    tlsParams.UseTls = true;

                    ChannelOptions = new MqttClientTcpOptions(cs.HostName, cs.TcpPort)
                    {
                        TlsOptions = tlsParams,
                    };
                }
                catch (SecurityException ex) // cert is missing private key
                {
                    throw AkriMqttException.GetConfigurationInvalidException(nameof(MqttConnectionSettings), cs, ex.Message, ex);
                }
                catch (ArgumentException ex) // cert expired
                {
                    throw new AkriMqttException(ex.Message, ex)
                    {
                        Kind = AkriMqttErrorKind.StateInvalid,
                        IsShallow = true,
                        IsRemote = false,
                        PropertyName = nameof(MqttConnectionSettings),
                        PropertyValue = cs,
                    };
                }
            }
        }