GetFullCertificatePath() static private method

static private GetFullCertificatePath ( string certificateName ) : String
certificateName string
return String
Exemplo n.º 1
0
        // A hack to avoid issues with our test self signed cert.
        // We don't want to require the runner of the test to install the
        // self signed CA, so we just manually compare the server cert
        // with the what the gnatsd server should return to the client
        // in our test.
        //
        // Getting here means SSL is working in the client.
        //
        private bool verifyServerCert(object sender,
                                      X509Certificate certificate, X509Chain chain,
                                      SslPolicyErrors sslPolicyErrors)
        {
            if (sslPolicyErrors == SslPolicyErrors.None)
            {
                return(true);
            }

            X509Certificate serverCert = new X509Certificate(
                UnitTestUtilities.GetFullCertificatePath("server-cert.pem"));

            // UNSAFE hack for testing purposes.
#if NET45
            var isOK = serverCert.GetRawCertDataString().Equals(certificate.GetRawCertDataString());
#else
            var isOK = serverCert.Issuer.Equals(certificate.Issuer);
#endif
            if (isOK)
            {
                return(true);
            }

            return(false);
        }
Exemplo n.º 2
0
        public void TestTlsSuccessWithCert()
        {
            using (NATSServer srv = util.CreateServerWithConfig("tls_1222_verify.conf"))
            {
                Options opts = util.DefaultTestOptions;
                opts.Secure = true;
                opts.Url    = "nats://localhost:1222";
                opts.TLSRemoteCertificationValidationCallback = verifyServerCert;

                // .NET requires the private key and cert in the
                //  same file. 'client.pfx' is generated from:
                //
                // openssl pkcs12 -export -out client.pfx
                //    -inkey client-key.pem -in client-cert.pem
                X509Certificate2 cert = new X509Certificate2(
                    UnitTestUtilities.GetFullCertificatePath("client.pfx"), "password");

                opts.AddCertificate(cert);

                using (IConnection c = new ConnectionFactory().CreateConnection(opts))
                {
                    using (ISyncSubscription s = c.SubscribeSync("foo"))
                    {
                        c.Publish("foo", null);
                        c.Flush();
                        Msg m = s.NextMessage();
                    }
                }
            }
        }
Exemplo n.º 3
0
        public void TestTlsFailWithBadAuth()
        {
            using (NATSServer srv = util.CreateServerWithConfig(TestContext, "tls_1222_user.conf"))
            {
                Options opts = ConnectionFactory.GetDefaultOptions();
                opts.Secure = true;
                opts.Url    = "nats://*****:*****@localhost:1222";
                opts.TLSRemoteCertificationValidationCallback = verifyServerCert;

                // this will fail, because it's not complete - missing the private
                // key.
                opts.AddCertificate(UnitTestUtilities.GetFullCertificatePath(
                                        TestContext, "client-cert.pem"));

                try
                {
                    new ConnectionFactory().CreateConnection(opts);
                }
                catch (NATSException nae)
                {
                    System.Console.WriteLine("Caught expected exception: " + nae.Message);
                    System.Console.WriteLine("Exception output:" + nae);
                    return;
                }

                Assert.Fail("Did not receive exception.");
            }
        }
Exemplo n.º 4
0
        public void TestTlsFailWithBadAuth()
        {
            using (NATSServer srv = util.CreateServerWithConfig("tls_1222_user.conf"))
            {
                Options opts = util.DefaultTestOptions;
                opts.Secure = true;
                opts.Url    = "nats://*****:*****@localhost:1222";
                opts.TLSRemoteCertificationValidationCallback = verifyServerCert;

                // this will fail, because it's not complete - missing the private
                // key.
                opts.AddCertificate(UnitTestUtilities.GetFullCertificatePath("client-cert.pem"));

                Assert.ThrowsAny <NATSException>(() => new ConnectionFactory().CreateConnection(opts));
            }
        }
Exemplo n.º 5
0
        // A hack to avoid issues with our test self signed cert.
        // We don't want to require the runner of the test to install the
        // self signed CA, so we just manually compare the server cert
        // with the what the gnatsd server should return to the client
        // in our test.
        //
        // Getting here means SSL is working in the client.
        //
        private bool verifyServerCert(object sender,
                                      X509Certificate certificate, X509Chain chain,
                                      SslPolicyErrors sslPolicyErrors)
        {
            if (sslPolicyErrors == SslPolicyErrors.None)
            {
                return(true);
            }

            X509Certificate serverCert = new X509Certificate(
                UnitTestUtilities.GetFullCertificatePath(
                    TestContext, "server-cert.pem"));

            // UNSAFE hack for testing purposes.
            if (serverCert.GetRawCertDataString().Equals(certificate.GetRawCertDataString()))
            {
                return(true);
            }

            return(false);
        }