// A hack to avoid issues with our test self signed cert. // We don't want to require the runner of the test to install the // self signed CA, so we just manually compare the server cert // with the what the gnatsd server should return to the client // in our test. // // Getting here means SSL is working in the client. // private bool verifyServerCert(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { if (sslPolicyErrors == SslPolicyErrors.None) { return(true); } X509Certificate serverCert = new X509Certificate( UnitTestUtilities.GetFullCertificatePath("server-cert.pem")); // UNSAFE hack for testing purposes. #if NET45 var isOK = serverCert.GetRawCertDataString().Equals(certificate.GetRawCertDataString()); #else var isOK = serverCert.Issuer.Equals(certificate.Issuer); #endif if (isOK) { return(true); } return(false); }
public void TestTlsSuccessWithCert() { using (NATSServer srv = util.CreateServerWithConfig("tls_1222_verify.conf")) { Options opts = util.DefaultTestOptions; opts.Secure = true; opts.Url = "nats://localhost:1222"; opts.TLSRemoteCertificationValidationCallback = verifyServerCert; // .NET requires the private key and cert in the // same file. 'client.pfx' is generated from: // // openssl pkcs12 -export -out client.pfx // -inkey client-key.pem -in client-cert.pem X509Certificate2 cert = new X509Certificate2( UnitTestUtilities.GetFullCertificatePath("client.pfx"), "password"); opts.AddCertificate(cert); using (IConnection c = new ConnectionFactory().CreateConnection(opts)) { using (ISyncSubscription s = c.SubscribeSync("foo")) { c.Publish("foo", null); c.Flush(); Msg m = s.NextMessage(); } } } }
public void TestTlsFailWithBadAuth() { using (NATSServer srv = util.CreateServerWithConfig(TestContext, "tls_1222_user.conf")) { Options opts = ConnectionFactory.GetDefaultOptions(); opts.Secure = true; opts.Url = "nats://*****:*****@localhost:1222"; opts.TLSRemoteCertificationValidationCallback = verifyServerCert; // this will fail, because it's not complete - missing the private // key. opts.AddCertificate(UnitTestUtilities.GetFullCertificatePath( TestContext, "client-cert.pem")); try { new ConnectionFactory().CreateConnection(opts); } catch (NATSException nae) { System.Console.WriteLine("Caught expected exception: " + nae.Message); System.Console.WriteLine("Exception output:" + nae); return; } Assert.Fail("Did not receive exception."); } }
public void TestTlsFailWithBadAuth() { using (NATSServer srv = util.CreateServerWithConfig("tls_1222_user.conf")) { Options opts = util.DefaultTestOptions; opts.Secure = true; opts.Url = "nats://*****:*****@localhost:1222"; opts.TLSRemoteCertificationValidationCallback = verifyServerCert; // this will fail, because it's not complete - missing the private // key. opts.AddCertificate(UnitTestUtilities.GetFullCertificatePath("client-cert.pem")); Assert.ThrowsAny <NATSException>(() => new ConnectionFactory().CreateConnection(opts)); } }
// A hack to avoid issues with our test self signed cert. // We don't want to require the runner of the test to install the // self signed CA, so we just manually compare the server cert // with the what the gnatsd server should return to the client // in our test. // // Getting here means SSL is working in the client. // private bool verifyServerCert(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { if (sslPolicyErrors == SslPolicyErrors.None) { return(true); } X509Certificate serverCert = new X509Certificate( UnitTestUtilities.GetFullCertificatePath( TestContext, "server-cert.pem")); // UNSAFE hack for testing purposes. if (serverCert.GetRawCertDataString().Equals(certificate.GetRawCertDataString())) { return(true); } return(false); }