public async Task TlsBasicEndToEnd()
{
TestCluster testCluster = default;
try
{
var builder = new TestClusterBuilder()
.AddSiloBuilderConfigurator <TlsConfigurator>()
.AddClientBuilderConfigurator <TlsConfigurator>();
var certificate = TestCertificateHelper.CreateSelfSignedCertificate(
CertificateSubjectName,
new[] { TestCertificateHelper.ClientAuthenticationOid, TestCertificateHelper.ServerAuthenticationOid });
var encodedCertificate = TestCertificateHelper.ConvertToBase64(certificate);
builder.Properties[CertificateConfigKey] = encodedCertificate;
testCluster = builder.Build();
await testCluster.DeployAsync();
var client = testCluster.Client;
var grain = client.GetGrain <IPingGrain>("pingu");
var expected = "secret chit chat";
var actual = await grain.Echo(expected);
Assert.Equal(expected, actual);
}
finally
{
await testCluster?.StopAllSilosAsync();
testCluster?.Dispose();
}
}
public void CanCreateCertificates()
{
var original = TestCertificateHelper.CreateSelfSignedCertificate(
CertificateSubjectName,
new[] { TestCertificateHelper.ClientAuthenticationOid, TestCertificateHelper.ServerAuthenticationOid });
var encoded = TestCertificateHelper.ConvertToBase64(original);
var decoded = TestCertificateHelper.ConvertFromBase64(encoded);
Assert.Equal(original, decoded);
}
public void Configure(IConfiguration configuration, IClientBuilder clientBuilder)
{
clientBuilder.ConfigureApplicationParts(parts => parts.AddApplicationPart(typeof(IPingGrain).Assembly));
var encodedCertificate = configuration[CertificateConfigKey];
var localCertificate = TestCertificateHelper.ConvertFromBase64(encodedCertificate);
clientBuilder.UseTls(localCertificate, options =>
{
options.SslProtocols = System.Security.Authentication.SslProtocols.Tls12;
options.RemoteCertificateValidation = (remoteCertificate, chain, errors) =>
{
return(true);
};
options.OnAuthenticateAsClient = (connection, sslOptions) =>
{
sslOptions.TargetHost = CertificateSubjectName;
};
});
}
public async Task TlsEndToEnd(string[] oids, RemoteCertificateMode certificateMode)
{
TestCluster testCluster = default;
try
{
var builder = new TestClusterBuilder()
.AddSiloBuilderConfigurator <TlsConfigurator>()
.AddClientBuilderConfigurator <TlsConfigurator>();
var certificate = TestCertificateHelper.CreateSelfSignedCertificate(
CertificateSubjectName, oids);
var encodedCertificate = TestCertificateHelper.ConvertToBase64(certificate);
builder.Properties[CertificateConfigKey] = encodedCertificate;
builder.Properties[ClientCertificateModeKey] = certificateMode.ToString();
testCluster = builder.Build();
await testCluster.DeployAsync();
var client = testCluster.Client;
var grain = client.GetGrain <IPingGrain>("pingu");
var expected = "secret chit chat";
var actual = await grain.Echo(expected);
Assert.Equal(expected, actual);
}
finally
{
if (testCluster != null)
{
await testCluster.StopAllSilosAsync();
testCluster.Dispose();
}
}
}
public void Configure(ISiloBuilder hostBuilder)
{
hostBuilder.ConfigureApplicationParts(parts => parts.AddApplicationPart(typeof(IPingGrain).Assembly));
var config = hostBuilder.GetConfiguration();
var encodedCertificate = config[CertificateConfigKey];
var localCertificate = TestCertificateHelper.ConvertFromBase64(encodedCertificate);
var certificateModeString = config[ClientCertificateModeKey];
var certificateMode = (RemoteCertificateMode)Enum.Parse(typeof(RemoteCertificateMode), certificateModeString);
hostBuilder.UseTls(localCertificate, options =>
{
options.SslProtocols = System.Security.Authentication.SslProtocols.Tls12;
options.AllowAnyRemoteCertificate();
options.RemoteCertificateMode = RemoteCertificateMode.AllowCertificate;
options.ClientCertificateMode = certificateMode;
options.OnAuthenticateAsClient = (connection, sslOptions) =>
{
sslOptions.TargetHost = CertificateSubjectName;
};
});
}
