protected string EncryptedServer(out TestCertificatesHolder certificates, out string name)
{
certificates = SetupServerAuthentication();
var dbName = GetDatabaseName();
RegisterClientCertificate(certificates, new Dictionary <string, DatabaseAccess>(), SecurityClearance.ClusterAdmin);
var buffer = new byte[32];
using (var rand = RandomNumberGenerator.Create())
{
rand.GetBytes(buffer);
}
var base64Key = Convert.ToBase64String(buffer);
// sometimes when using `dotnet xunit` we get platform not supported from ProtectedData
try
{
ProtectedData.Protect(Encoding.UTF8.GetBytes("Is supported?"), null, DataProtectionScope.CurrentUser);
}
catch (PlatformNotSupportedException)
{
// so we fall back to a file
Server.ServerStore.Configuration.Security.MasterKeyPath = GetTempFileName();
}
Server.ServerStore.PutSecretKey(base64Key, dbName, true);
name = dbName;
return(Convert.ToBase64String(buffer));
}
public TestCertificatesHolder(TestCertificatesHolder parent, Func <string> getTemporaryFileName)
{
_getServerCertificatePath = () =>
{
var path = getTemporaryFileName();
File.Copy(parent.ServerCertificatePath, path, true);
return(path);
};
_getClientCertificate1Path = () =>
{
var path = getTemporaryFileName();
File.Copy(parent.ClientCertificate1Path, path, true);
return(path);
};
_getClientCertificate2Path = () =>
{
var path = getTemporaryFileName();
File.Copy(parent.ClientCertificate2Path, path, true);
return(path);
};
_getClientCertificate3Path = () =>
{
var path = getTemporaryFileName();
File.Copy(parent.ClientCertificate3Path, path, true);
return(path);
};
ServerCertificate = new Lazy <TrackingX509Certificate2>(() =>
{
try
{
return(new TrackingX509Certificate2(ServerCertificatePath, (string)null, X509KeyStorageFlags.MachineKeySet));
}
catch (CryptographicException e)
{
throw new CryptographicException($"Failed to load the test server certificate from {ServerCertificatePath}.", e);
}
});
ClientCertificate1 = CreateLazy(() => ClientCertificate1Path, 1);
ClientCertificate2 = CreateLazy(() => ClientCertificate2Path, 2);
ClientCertificate3 = CreateLazy(() => ClientCertificate3Path, 3);
}
protected TestCertificatesHolder GenerateAndSaveSelfSignedCertificate(bool createNew = false)
{
var selfSignedCertificatePaths = _selfSignedCertificates;
if (selfSignedCertificatePaths != null && createNew == false)
{
return(ReturnCertificatesHolder(selfSignedCertificatePaths));
}
lock (typeof(TestBase))
{
selfSignedCertificatePaths = _selfSignedCertificates;
if (selfSignedCertificatePaths == null || createNew)
{
_selfSignedCertificates = selfSignedCertificatePaths = Generate();
}
return(ReturnCertificatesHolder(selfSignedCertificatePaths));
}
TestCertificatesHolder ReturnCertificatesHolder(TestCertificatesHolder certificates)
{
return(new TestCertificatesHolder(certificates, GetTempFileName));
}
TestCertificatesHolder Generate()
{
var log = new StringBuilder();
byte[] certBytes;
try
{
certBytes = CertificateUtils.CreateSelfSignedTestCertificate(Environment.MachineName, "RavenTestsServer", log);
}
catch (Exception e)
{
throw new CryptographicException($"Unable to generate the test certificate for the machine '{Environment.MachineName}'. Log: {log}", e);
}
X509Certificate2 serverCertificate;
try
{
serverCertificate = new X509Certificate2(certBytes, (string)null, X509KeyStorageFlags.MachineKeySet);
}
catch (Exception e)
{
throw new CryptographicException($"Unable to load the test certificate for the machine '{Environment.MachineName}'. Log: {log}", e);
}
if (certBytes.Length == 0)
{
throw new CryptographicException($"Test certificate length is 0 bytes. Machine: '{Environment.MachineName}', Log: {log}");
}
string serverCertificatePath = null;
try
{
serverCertificatePath = Path.GetTempFileName();
File.WriteAllBytes(serverCertificatePath, certBytes);
}
catch (Exception e)
{
throw new InvalidOperationException("Failed to write the test certificate to a temp file." +
$"tempFileName = {serverCertificatePath}" +
$"certBytes.Length = {certBytes.Length}" +
$"MachineName = {Environment.MachineName}.", e);
}
GlobalPathsToDelete.Add(serverCertificatePath);
SecretProtection.ValidatePrivateKey(serverCertificatePath, null, certBytes, out var pk);
var clientCertificate1Path = GenerateClientCertificate(1, serverCertificate, pk);
var clientCertificate2Path = GenerateClientCertificate(2, serverCertificate, pk);
var clientCertificate3Path = GenerateClientCertificate(3, serverCertificate, pk);
return(new TestCertificatesHolder(serverCertificatePath, clientCertificate1Path, clientCertificate2Path, clientCertificate3Path));
}
string GenerateClientCertificate(int index, X509Certificate2 serverCertificate, Org.BouncyCastle.Pkcs.AsymmetricKeyEntry pk)
{
CertificateUtils.CreateSelfSignedClientCertificate(
$"{Environment.MachineName}_CC_{index}",
new RavenServer.CertificateHolder
{
Certificate = serverCertificate,
PrivateKey = pk
},
out var certBytes, DateTime.UtcNow.Date.AddYears(5));
string clientCertificatePath = null;
try
{
clientCertificatePath = Path.GetTempFileName();
File.WriteAllBytes(clientCertificatePath, certBytes);
}
catch (Exception e)
{
throw new InvalidOperationException("Failed to write the test certificate to a temp file." +
$"tempFileName = {clientCertificatePath}" +
$"certBytes.Length = {certBytes.Length}" +
$"MachineName = {Environment.MachineName}.", e);
}
GlobalPathsToDelete.Add(clientCertificatePath);
return(clientCertificatePath);
}
}