public async Task TlsEndToEnd(string[] oids, RemoteCertificateMode certificateMode)
{
TestCluster testCluster = default;
try
{
var builder = new TestClusterBuilder()
.AddSiloBuilderConfigurator <TlsConfigurator>()
.AddClientBuilderConfigurator <TlsConfigurator>();
var certificate = TestCertificateHelper.CreateSelfSignedCertificate(
CertificateSubjectName, oids);
var encodedCertificate = TestCertificateHelper.ConvertToBase64(certificate);
builder.Properties[CertificateConfigKey] = encodedCertificate;
builder.Properties[ClientCertificateModeKey] = certificateMode.ToString();
testCluster = builder.Build();
await testCluster.DeployAsync();
var client = testCluster.Client;
var grain = client.GetGrain <IPingGrain>("pingu");
var expected = "secret chit chat";
var actual = await grain.Echo(expected);
Assert.Equal(expected, actual);
}
finally
{
if (testCluster != null)
{
await testCluster.StopAllSilosAsync();
testCluster.Dispose();
}
}
}
private static X509Certificate2 ValidateCertificate(X509Certificate2 certificate, RemoteCertificateMode mode)
{
switch (mode)
{
case RemoteCertificateMode.NoCertificate:
return(null);
case RemoteCertificateMode.AllowCertificate:
//if certificate exists but can not be used for client authentication.
if (certificate != null && CertificateLoader.IsCertificateAllowedForClientAuth(certificate))
{
return(certificate);
}
return(null);
case RemoteCertificateMode.RequireCertificate:
EnsureCertificateIsAllowedForClientAuth(certificate);
return(certificate);
default:
throw new ArgumentOutOfRangeException(nameof(mode), mode, null);
}
}
