Exemplo n.º 1
0
        public void TestTlsSuccessWithCert()
        {
            using (NATSServer srv = NATSServer.CreateWithConfig(Context.Server1.Port, "tls_verify.conf"))
            {
                Options opts = Context.GetTestOptions(Context.Server1.Port);
                opts.Secure = true;
                opts.TLSRemoteCertificationValidationCallback = verifyServerCert;

                // .NET requires the private key and cert in the
                //  same file. 'client.pfx' is generated from:
                //
                // openssl pkcs12 -export -out client.pfx
                //    -inkey client-key.pem -in client-cert.pem
                X509Certificate2 cert = new X509Certificate2(
                    UnitTestUtilities.GetFullCertificatePath("client.pfx"), "password");

                opts.AddCertificate(cert);

                using (IConnection c = Context.ConnectionFactory.CreateConnection(opts))
                {
                    using (ISyncSubscription s = c.SubscribeSync("foo"))
                    {
                        c.Publish("foo", null);
                        c.Flush();
                        Msg m = s.NextMessage();
                    }
                }
            }
        }
Exemplo n.º 2
0
        // A hack to avoid issues with our test self signed cert.
        // We don't want to require the runner of the test to install the
        // self signed CA, so we just manually compare the server cert
        // with the what the gnatsd server should return to the client
        // in our test.
        //
        // Getting here means SSL is working in the client.
        //
        private bool verifyServerCert(object sender,
                                      X509Certificate certificate, X509Chain chain,
                                      SslPolicyErrors sslPolicyErrors)
        {
            if (sslPolicyErrors == SslPolicyErrors.None)
            {
                return(true);
            }

            X509Certificate serverCert = new X509Certificate(
                UnitTestUtilities.GetFullCertificatePath("server-cert.pem"));

            // UNSAFE hack for testing purposes.
#if NET452
            var isOK = serverCert.GetRawCertDataString().Equals(certificate.GetRawCertDataString());
#else
            var isOK = serverCert.Issuer.Equals(certificate.Issuer);
#endif
            if (isOK)
            {
                return(true);
            }

            return(false);
        }
Exemplo n.º 3
0
        public void TestTlsFailWithInvalidServerCert()
        {
            using (NATSServer srv = NATSServer.CreateWithConfig(Context.Server1.Port, "tls_verify.conf"))
            {
                Options opts = Context.GetTestOptions(Context.Server1.Port);
                opts.Secure = true;
                opts.TLSRemoteCertificationValidationCallback = verifyCertAlwaysFail;

                // this will fail, because it's not complete - missing the private
                // key.
                opts.AddCertificate(UnitTestUtilities.GetFullCertificatePath("client-cert.pem"));

                Assert.ThrowsAny <NATSException>(() => Context.ConnectionFactory.CreateConnection(opts));
            }
        }
Exemplo n.º 4
0
        public void TestTlsFailWithBadAuth()
        {
            using (NATSServer srv = NATSServer.CreateWithConfig(Context.Server1.Port, "tls_user.conf"))
            {
                Options opts = Context.GetTestOptions(Context.Server1.Port);
                opts.Secure = true;
                opts.Url    = $"nats://*****:*****@localhost:{Context.Server1.Port}";
                opts.TLSRemoteCertificationValidationCallback = verifyServerCert;

                // this will fail, because it's not complete - missing the private
                // key.
                opts.AddCertificate(UnitTestUtilities.GetFullCertificatePath("client-cert.pem"));

                Assert.ThrowsAny <NATSException>(() => Context.ConnectionFactory.CreateConnection(opts));
            }
        }
Exemplo n.º 5
0
        public void TestTlsFailWithBadAuth()
        {
            using (NATSServer srv = util.CreateServerWithConfig("tls_1222_user.conf"))
            {
                Options opts = util.DefaultTestOptions;
                opts.Secure = true;
                opts.Url    = "nats://*****:*****@localhost:1222";
                opts.TLSRemoteCertificationValidationCallback = verifyServerCert;

                // this will fail, because it's not complete - missing the private
                // key.
                opts.AddCertificate(UnitTestUtilities.GetFullCertificatePath("client-cert.pem"));

                Assert.ThrowsAny <NATSException>(() => new ConnectionFactory().CreateConnection(opts));
            }
        }