protected static string GenerateAndSaveSelfSignedCertificate()
{
if (_selfSignedCertFileName != null)
{
return(_selfSignedCertFileName);
}
lock (typeof(TestBase))
{
if (_selfSignedCertFileName != null)
{
return(_selfSignedCertFileName);
}
var log = new StringBuilder();
byte[] certBytes;
try
{
certBytes = CertificateUtils.CreateSelfSignedCertificate(Environment.MachineName, "RavenTestsServer", log);
}
catch (Exception e)
{
throw new CryptographicException($"Unable to generate the test certificate for the machine '{Environment.MachineName}'. Log: {log}", e);
}
try
{
new X509Certificate2(certBytes);
}
catch (Exception e)
{
throw new CryptographicException($"Unable to load the test certificate for the machine '{Environment.MachineName}'. Log: {log}", e);
}
if (certBytes.Length == 0)
{
throw new CryptographicException($"Test certificate length is 0 bytes. Machine: '{Environment.MachineName}', Log: {log}");
}
string tempFileName = null;
try
{
tempFileName = Path.GetTempFileName();
File.WriteAllBytes(tempFileName, certBytes);
}
catch (Exception e)
{
throw new InvalidOperationException("Failed to write the test certificate to a temp file." +
$"tempFileName = {tempFileName}" +
$"certBytes.Length = {certBytes.Length}" +
$"MachineName = {Environment.MachineName}.", e);
}
_selfSignedCertFileName = tempFileName;
return(tempFileName);
}
}
protected static string GenerateAndSaveSelfSignedCertificate()
{
if (_selfSignedCertFileName != null)
{
return(_selfSignedCertFileName);
}
lock (typeof(TestBase))
{
if (_selfSignedCertFileName != null)
{
return(_selfSignedCertFileName);
}
var selfCertificate = CertificateUtils.CreateSelfSignedCertificate(Environment.MachineName, "RavenTestsServer");
RequestExecutor.ServerCertificateCustomValidationCallback += (message, certificate2, arg3, arg4) => true;
var tempFileName = Path.GetTempFileName();
byte[] certData = selfCertificate.Export(X509ContentType.Pfx);
File.WriteAllBytes(tempFileName, certData);
_selfSignedCertFileName = tempFileName;
return(tempFileName);
}
}
public async Task CanReplaceClusterCert()
{
var clusterSize = 3;
var databaseName = GetDatabaseName();
var leader = await CreateRaftClusterAndGetLeader(clusterSize, false, useSsl : true);
X509Certificate2 adminCertificate = null;
adminCertificate = AskServerForClientCertificate(_selfSignedCertFileName, new Dictionary <string, DatabaseAccess>(), SecurityClearance.ClusterAdmin, server: leader);
DatabasePutResult databaseResult;
using (var store = new DocumentStore
{
Urls = new[] { leader.WebUrl },
Database = databaseName,
Certificate = adminCertificate,
Conventions =
{
DisableTopologyUpdates = true
}
}.Initialize())
{
var doc = new DatabaseRecord(databaseName);
databaseResult = await store.Maintenance.Server.SendAsync(new CreateDatabaseOperation(doc, clusterSize));
}
Assert.Equal(clusterSize, databaseResult.Topology.AllNodes.Count());
foreach (var server in Servers)
{
await server.ServerStore.Cluster.WaitForIndexNotification(databaseResult.RaftCommandIndex);
}
foreach (var server in Servers.Where(s => databaseResult.NodesAddedTo.Any(n => n == s.WebUrl)))
{
await server.ServerStore.DatabasesLandlord.TryGetOrCreateResourceStore(databaseName);
}
using (var store = new DocumentStore()
{
Urls = new[] { databaseResult.NodesAddedTo[0] },
Database = databaseName,
Certificate = adminCertificate,
Conventions =
{
DisableTopologyUpdates = true
}
}.Initialize())
{
using (var session = store.OpenAsyncSession())
{
await session.StoreAsync(new User { Name = "Karmelush" }, "users/1");
await session.SaveChangesAsync();
}
var certBytes = CertificateUtils.CreateSelfSignedCertificate(Environment.MachineName, "RavenTestsServerReplacementCert");
var newServerCert = new X509Certificate2(certBytes, (string)null, X509KeyStorageFlags.Exportable | X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.MachineKeySet);
var mre = new ManualResetEventSlim();
leader.ServerCertificateChanged += (sender, args) => mre.Set();
var requestExecutor = store.GetRequestExecutor();
using (requestExecutor.ContextPool.AllocateOperationContext(out JsonOperationContext context))
{
var command = new ReplaceClusterCertificateOperation("Replacement Server Cert", certBytes, false)
.GetCommand(store.Conventions, context);
requestExecutor.Execute(command, context);
}
Assert.True(mre.Wait(5000));
Assert.True(leader.Certificate.Certificate.Thumbprint.Equals(newServerCert.Thumbprint));
using (var session = store.OpenSession())
{
var user1 = session.Load <User>("users/1");
Assert.NotNull(user1);
Assert.Equal("Karmelush", user1.Name);
}
}
}
