public void test_PasswordlessSignon() { ErrorCode ec; MQConnection con = connectToServer(address, "", ""); ec = con.DeleteUser(user); Assert.IsTrue(ec == ErrorCode.EC_NOERROR || ec == ErrorCode.EC_DOESNOTEXIST, "Delete User"); ec = con.CreateUser(user, password, description); Assert.IsTrue(ec == ErrorCode.EC_NOERROR, "Create User"); ec = con.AddUserIdentity(subject, issuer, user); Assert.IsTrue(ec == ErrorCode.EC_NOERROR, "AddUserIdentity"); List <X509Identity> ids = new List <X509Identity>(); ec = con.EnumerateUserIdentities(user, ids); Assert.IsTrue(ec == ErrorCode.EC_NOERROR, "EnumerateUserIdentities"); Assert.IsTrue(ids.Count > 0, "X.509 ID Count"); // TODO: Check the results in the ids bool idFound = false; for (int x = 0; x < ids.Count; x++) { X509Identity id = ids[0]; if (id.IssuerDN.Equals(issuer) && id.SubjectDN.Equals(subject)) { idFound = true; } } Assert.IsTrue(idFound, "Identity found in returned X.509 identities"); con.Close(); }
public IntegrationTests(ITestOutputHelper output) { this.output = output; loggerFactory = LoggerFactory.Create(builder => builder.AddDebug()); logger = loggerFactory?.CreateLogger <IntegrationTests>(); localDescription = new ApplicationDescription { ApplicationName = "Workstation.UaClient.UnitTests", ApplicationUri = $"urn:{Dns.GetHostName()}:Workstation.UaClient.UnitTests", ApplicationType = ApplicationType.Client }; var pkiPath = Path.Combine( Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData), "Workstation.UaClient.UnitTests", "pki"); certificateStore = new DirectoryStore(pkiPath); // read x509Identity var userCert = default(X509Certificate); var userKey = default(RsaKeyParameters); var certParser = new X509CertificateParser(); var userCertInfo = new FileInfo(Path.Combine(pkiPath, "user", "certs", "ctt_usrT.der")); if (userCertInfo.Exists) { using (var crtStream = userCertInfo.OpenRead()) { var c = certParser.ReadCertificate(crtStream); if (c != null) { userCert = c; } } } var userKeyInfo = new FileInfo(Path.Combine(pkiPath, "user", "private", "ctt_usrT.pem")); if (userKeyInfo.Exists) { using (var keyStream = new StreamReader(userKeyInfo.OpenRead())) { var keyReader = new PemReader(keyStream); var keyPair = keyReader.ReadObject() as AsymmetricCipherKeyPair; if (keyPair != null) { userKey = keyPair.Private as RsaKeyParameters; } } } if (userCert != null && userKey != null) { x509Identity = new X509Identity(userCert, userKey); } }
public void CreateNull() { var id = new X509Identity(null, null); id.Certificate .Should().BeNull(); id.PrivateKey .Should().BeNull(); }
public void ContainerHostX509PrincipalTest() { string name = "ContainerHostX509PrincipalTest"; string address = "amqps://localhost:5676"; X509Certificate2 cert = null; try { cert = GetCertificate(StoreLocation.LocalMachine, StoreName.My, "localhost"); } catch (PlatformNotSupportedException) { // Unix machine, ignored return; } ContainerHost sslHost = new ContainerHost(new Uri(address)); sslHost.Listeners[0].SSL.Certificate = cert; sslHost.Listeners[0].SSL.ClientCertificateRequired = true; sslHost.Listeners[0].SSL.RemoteCertificateValidationCallback = (a, b, c, d) => true; sslHost.Listeners[0].SASL.EnableExternalMechanism = true; ListenerLink link = null; var linkProcessor = new TestLinkProcessor(); linkProcessor.OnLinkAttached += a => link = a; sslHost.RegisterLinkProcessor(linkProcessor); sslHost.Open(); try { var factory = new ConnectionFactory(); factory.SSL.RemoteCertificateValidationCallback = (a, b, c, d) => true; factory.SSL.ClientCertificates.Add(cert); factory.SASL.Profile = SaslProfile.External; var connection = factory.CreateAsync(new Address(address)).Result; var session = new Session(connection); var sender = new SenderLink(session, name, name); sender.Send(new Message("msg1"), SendTimeout); connection.Close(); Assert.IsTrue(link != null, "link is null"); var listenerConnection = (ListenerConnection)link.Session.Connection; Assert.IsTrue(listenerConnection.Principal != null, "principal is null"); Assert.IsTrue(listenerConnection.Principal.Identity.AuthenticationType == "X509", "wrong auth type"); X509Identity identity = (X509Identity)listenerConnection.Principal.Identity; Assert.IsTrue(identity.Certificate != null, "certificate is null"); } finally { sslHost.Close(); } }
public async Task ConnnectToAllEndpoints() { // get or add application certificate. var localCertificate = this.localDescription.GetCertificate(); if (localCertificate == null) { throw new ServiceResultException(StatusCodes.BadSecurityChecksFailed, "Application certificate is missing."); } // discover available endpoints of server. var getEndpointsRequest = new GetEndpointsRequest { EndpointUrl = this.endpointUrl, ProfileUris = new[] { TransportProfileUris.UaTcpTransport } }; Console.WriteLine($"Discovering endpoints of '{getEndpointsRequest.EndpointUrl}'."); var getEndpointsResponse = await UaTcpDiscoveryClient.GetEndpointsAsync(getEndpointsRequest); // for each endpoint and user identity type, try creating a session and reading a few nodes. foreach (var selectedEndpoint in getEndpointsResponse.Endpoints.OrderBy(e => e.SecurityLevel)) { foreach (var selectedTokenPolicy in selectedEndpoint.UserIdentityTokens) { IUserIdentity selectedUserIdentity; switch (selectedTokenPolicy.TokenType) { case UserTokenType.UserName: selectedUserIdentity = new UserNameIdentity("root", "secret"); break; case UserTokenType.Certificate: selectedUserIdentity = new X509Identity(localCertificate); break; default: selectedUserIdentity = new AnonymousIdentity(); break; } var channel = new UaTcpSessionChannel( this.localDescription, localCertificate, selectedUserIdentity, selectedEndpoint); Console.WriteLine($"Creating session with endpoint '{channel.RemoteEndpoint.EndpointUrl}'."); Console.WriteLine($"SecurityPolicy: '{channel.RemoteEndpoint.SecurityPolicyUri}'."); Console.WriteLine($"SecurityMode: '{channel.RemoteEndpoint.SecurityMode}'."); Console.WriteLine($"UserIdentityToken: '{channel.UserIdentity}'."); try { await channel.OpenAsync(); Console.WriteLine($"Closing session '{channel.SessionId}'."); await channel.CloseAsync(); } catch (Exception ex) { Console.WriteLine($"Error opening session '{channel.SessionId}'. {ex.Message}"); } } } }
public async Task SessionTimeoutCausesFault() { // get or add application certificate. var localCertificate = this.localDescription.GetCertificate(); if (localCertificate == null) { throw new ServiceResultException(StatusCodes.BadSecurityChecksFailed, "Application certificate is missing."); } // discover available endpoints of server. var getEndpointsRequest = new GetEndpointsRequest { EndpointUrl = this.endpointUrl, ProfileUris = new[] { TransportProfileUris.UaTcpTransport } }; Console.WriteLine($"Discovering endpoints of '{getEndpointsRequest.EndpointUrl}'."); var getEndpointsResponse = await UaTcpDiscoveryClient.GetEndpointsAsync(getEndpointsRequest); var selectedEndpoint = getEndpointsResponse.Endpoints.OrderBy(e => e.SecurityLevel).Last(); var selectedTokenType = selectedEndpoint.UserIdentityTokens[0].TokenType; IUserIdentity selectedUserIdentity; switch (selectedTokenType) { case UserTokenType.UserName: selectedUserIdentity = new UserNameIdentity("root", "secret"); break; case UserTokenType.Certificate: selectedUserIdentity = new X509Identity(localCertificate); break; default: selectedUserIdentity = new AnonymousIdentity(); break; } var channel = new UaTcpSessionChannel( this.localDescription, localCertificate, selectedUserIdentity, selectedEndpoint, sessionTimeout: 10000); Console.WriteLine($"Creating session with endpoint '{channel.RemoteEndpoint.EndpointUrl}'."); Console.WriteLine($"SecurityPolicy: '{channel.RemoteEndpoint.SecurityPolicyUri}'."); Console.WriteLine($"SecurityMode: '{channel.RemoteEndpoint.SecurityMode}'."); await channel.OpenAsync(); Console.WriteLine($"Activated session '{channel.SessionId}'."); // server should close session due to inactivity await Task.Delay(20000); // should throw exception var readRequest = new ReadRequest { NodesToRead = new[] { new ReadValueId { NodeId = NodeId.Parse(VariableIds.Server_ServerStatus_CurrentTime), AttributeId = AttributeIds.Value } } }; await channel.ReadAsync(readRequest); Console.WriteLine($"Closing session '{channel.SessionId}'."); await channel.CloseAsync(); }