public void test_PasswordlessSignon()
{
ErrorCode ec;
MQConnection con = connectToServer(address, "", "");
ec = con.DeleteUser(user);
Assert.IsTrue(ec == ErrorCode.EC_NOERROR || ec == ErrorCode.EC_DOESNOTEXIST, "Delete User");
ec = con.CreateUser(user, password, description);
Assert.IsTrue(ec == ErrorCode.EC_NOERROR, "Create User");
ec = con.AddUserIdentity(subject, issuer, user);
Assert.IsTrue(ec == ErrorCode.EC_NOERROR, "AddUserIdentity");
List <X509Identity> ids = new List <X509Identity>();
ec = con.EnumerateUserIdentities(user, ids);
Assert.IsTrue(ec == ErrorCode.EC_NOERROR, "EnumerateUserIdentities");
Assert.IsTrue(ids.Count > 0, "X.509 ID Count");
// TODO: Check the results in the ids
bool idFound = false;
for (int x = 0; x < ids.Count; x++)
{
X509Identity id = ids[0];
if (id.IssuerDN.Equals(issuer) && id.SubjectDN.Equals(subject))
{
idFound = true;
}
}
Assert.IsTrue(idFound, "Identity found in returned X.509 identities");
con.Close();
}
public IntegrationTests(ITestOutputHelper output)
{
this.output = output;
loggerFactory = LoggerFactory.Create(builder => builder.AddDebug());
logger = loggerFactory?.CreateLogger <IntegrationTests>();
localDescription = new ApplicationDescription
{
ApplicationName = "Workstation.UaClient.UnitTests",
ApplicationUri = $"urn:{Dns.GetHostName()}:Workstation.UaClient.UnitTests",
ApplicationType = ApplicationType.Client
};
var pkiPath = Path.Combine(
Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData),
"Workstation.UaClient.UnitTests",
"pki");
certificateStore = new DirectoryStore(pkiPath);
// read x509Identity
var userCert = default(X509Certificate);
var userKey = default(RsaKeyParameters);
var certParser = new X509CertificateParser();
var userCertInfo = new FileInfo(Path.Combine(pkiPath, "user", "certs", "ctt_usrT.der"));
if (userCertInfo.Exists)
{
using (var crtStream = userCertInfo.OpenRead())
{
var c = certParser.ReadCertificate(crtStream);
if (c != null)
{
userCert = c;
}
}
}
var userKeyInfo = new FileInfo(Path.Combine(pkiPath, "user", "private", "ctt_usrT.pem"));
if (userKeyInfo.Exists)
{
using (var keyStream = new StreamReader(userKeyInfo.OpenRead()))
{
var keyReader = new PemReader(keyStream);
var keyPair = keyReader.ReadObject() as AsymmetricCipherKeyPair;
if (keyPair != null)
{
userKey = keyPair.Private as RsaKeyParameters;
}
}
}
if (userCert != null && userKey != null)
{
x509Identity = new X509Identity(userCert, userKey);
}
}
public void CreateNull()
{
var id = new X509Identity(null, null);
id.Certificate
.Should().BeNull();
id.PrivateKey
.Should().BeNull();
}
public void ContainerHostX509PrincipalTest()
{
string name = "ContainerHostX509PrincipalTest";
string address = "amqps://localhost:5676";
X509Certificate2 cert = null;
try
{
cert = GetCertificate(StoreLocation.LocalMachine, StoreName.My, "localhost");
}
catch (PlatformNotSupportedException)
{
// Unix machine, ignored
return;
}
ContainerHost sslHost = new ContainerHost(new Uri(address));
sslHost.Listeners[0].SSL.Certificate = cert;
sslHost.Listeners[0].SSL.ClientCertificateRequired = true;
sslHost.Listeners[0].SSL.RemoteCertificateValidationCallback = (a, b, c, d) => true;
sslHost.Listeners[0].SASL.EnableExternalMechanism = true;
ListenerLink link = null;
var linkProcessor = new TestLinkProcessor();
linkProcessor.OnLinkAttached += a => link = a;
sslHost.RegisterLinkProcessor(linkProcessor);
sslHost.Open();
try
{
var factory = new ConnectionFactory();
factory.SSL.RemoteCertificateValidationCallback = (a, b, c, d) => true;
factory.SSL.ClientCertificates.Add(cert);
factory.SASL.Profile = SaslProfile.External;
var connection = factory.CreateAsync(new Address(address)).Result;
var session = new Session(connection);
var sender = new SenderLink(session, name, name);
sender.Send(new Message("msg1"), SendTimeout);
connection.Close();
Assert.IsTrue(link != null, "link is null");
var listenerConnection = (ListenerConnection)link.Session.Connection;
Assert.IsTrue(listenerConnection.Principal != null, "principal is null");
Assert.IsTrue(listenerConnection.Principal.Identity.AuthenticationType == "X509", "wrong auth type");
X509Identity identity = (X509Identity)listenerConnection.Principal.Identity;
Assert.IsTrue(identity.Certificate != null, "certificate is null");
}
finally
{
sslHost.Close();
}
}
public async Task ConnnectToAllEndpoints()
{
// get or add application certificate.
var localCertificate = this.localDescription.GetCertificate();
if (localCertificate == null)
{
throw new ServiceResultException(StatusCodes.BadSecurityChecksFailed, "Application certificate is missing.");
}
// discover available endpoints of server.
var getEndpointsRequest = new GetEndpointsRequest
{
EndpointUrl = this.endpointUrl,
ProfileUris = new[] { TransportProfileUris.UaTcpTransport }
};
Console.WriteLine($"Discovering endpoints of '{getEndpointsRequest.EndpointUrl}'.");
var getEndpointsResponse = await UaTcpDiscoveryClient.GetEndpointsAsync(getEndpointsRequest);
// for each endpoint and user identity type, try creating a session and reading a few nodes.
foreach (var selectedEndpoint in getEndpointsResponse.Endpoints.OrderBy(e => e.SecurityLevel))
{
foreach (var selectedTokenPolicy in selectedEndpoint.UserIdentityTokens)
{
IUserIdentity selectedUserIdentity;
switch (selectedTokenPolicy.TokenType)
{
case UserTokenType.UserName:
selectedUserIdentity = new UserNameIdentity("root", "secret");
break;
case UserTokenType.Certificate:
selectedUserIdentity = new X509Identity(localCertificate);
break;
default:
selectedUserIdentity = new AnonymousIdentity();
break;
}
var channel = new UaTcpSessionChannel(
this.localDescription,
localCertificate,
selectedUserIdentity,
selectedEndpoint);
Console.WriteLine($"Creating session with endpoint '{channel.RemoteEndpoint.EndpointUrl}'.");
Console.WriteLine($"SecurityPolicy: '{channel.RemoteEndpoint.SecurityPolicyUri}'.");
Console.WriteLine($"SecurityMode: '{channel.RemoteEndpoint.SecurityMode}'.");
Console.WriteLine($"UserIdentityToken: '{channel.UserIdentity}'.");
try
{
await channel.OpenAsync();
Console.WriteLine($"Closing session '{channel.SessionId}'.");
await channel.CloseAsync();
}
catch (Exception ex)
{
Console.WriteLine($"Error opening session '{channel.SessionId}'. {ex.Message}");
}
}
}
}
public async Task SessionTimeoutCausesFault()
{
// get or add application certificate.
var localCertificate = this.localDescription.GetCertificate();
if (localCertificate == null)
{
throw new ServiceResultException(StatusCodes.BadSecurityChecksFailed, "Application certificate is missing.");
}
// discover available endpoints of server.
var getEndpointsRequest = new GetEndpointsRequest
{
EndpointUrl = this.endpointUrl,
ProfileUris = new[] { TransportProfileUris.UaTcpTransport }
};
Console.WriteLine($"Discovering endpoints of '{getEndpointsRequest.EndpointUrl}'.");
var getEndpointsResponse = await UaTcpDiscoveryClient.GetEndpointsAsync(getEndpointsRequest);
var selectedEndpoint = getEndpointsResponse.Endpoints.OrderBy(e => e.SecurityLevel).Last();
var selectedTokenType = selectedEndpoint.UserIdentityTokens[0].TokenType;
IUserIdentity selectedUserIdentity;
switch (selectedTokenType)
{
case UserTokenType.UserName:
selectedUserIdentity = new UserNameIdentity("root", "secret");
break;
case UserTokenType.Certificate:
selectedUserIdentity = new X509Identity(localCertificate);
break;
default:
selectedUserIdentity = new AnonymousIdentity();
break;
}
var channel = new UaTcpSessionChannel(
this.localDescription,
localCertificate,
selectedUserIdentity,
selectedEndpoint,
sessionTimeout: 10000);
Console.WriteLine($"Creating session with endpoint '{channel.RemoteEndpoint.EndpointUrl}'.");
Console.WriteLine($"SecurityPolicy: '{channel.RemoteEndpoint.SecurityPolicyUri}'.");
Console.WriteLine($"SecurityMode: '{channel.RemoteEndpoint.SecurityMode}'.");
await channel.OpenAsync();
Console.WriteLine($"Activated session '{channel.SessionId}'.");
// server should close session due to inactivity
await Task.Delay(20000);
// should throw exception
var readRequest = new ReadRequest {
NodesToRead = new[] { new ReadValueId {
NodeId = NodeId.Parse(VariableIds.Server_ServerStatus_CurrentTime), AttributeId = AttributeIds.Value
} }
};
await channel.ReadAsync(readRequest);
Console.WriteLine($"Closing session '{channel.SessionId}'.");
await channel.CloseAsync();
}
