protected string EncryptedServer(out TestCertificatesHolder certificates, out string name) { certificates = SetupServerAuthentication(); var dbName = GetDatabaseName(); RegisterClientCertificate(certificates, new Dictionary <string, DatabaseAccess>(), SecurityClearance.ClusterAdmin); var buffer = new byte[32]; using (var rand = RandomNumberGenerator.Create()) { rand.GetBytes(buffer); } var base64Key = Convert.ToBase64String(buffer); // sometimes when using `dotnet xunit` we get platform not supported from ProtectedData try { ProtectedData.Protect(Encoding.UTF8.GetBytes("Is supported?"), null, DataProtectionScope.CurrentUser); } catch (PlatformNotSupportedException) { // so we fall back to a file Server.ServerStore.Configuration.Security.MasterKeyPath = GetTempFileName(); } Server.ServerStore.PutSecretKey(base64Key, dbName, true); name = dbName; return(Convert.ToBase64String(buffer)); }
public TestCertificatesHolder(TestCertificatesHolder parent, Func <string> getTemporaryFileName) { _getServerCertificatePath = () => { var path = getTemporaryFileName(); File.Copy(parent.ServerCertificatePath, path, true); return(path); }; _getClientCertificate1Path = () => { var path = getTemporaryFileName(); File.Copy(parent.ClientCertificate1Path, path, true); return(path); }; _getClientCertificate2Path = () => { var path = getTemporaryFileName(); File.Copy(parent.ClientCertificate2Path, path, true); return(path); }; _getClientCertificate3Path = () => { var path = getTemporaryFileName(); File.Copy(parent.ClientCertificate3Path, path, true); return(path); }; ServerCertificate = new Lazy <TrackingX509Certificate2>(() => { try { return(new TrackingX509Certificate2(ServerCertificatePath, (string)null, X509KeyStorageFlags.MachineKeySet)); } catch (CryptographicException e) { throw new CryptographicException($"Failed to load the test server certificate from {ServerCertificatePath}.", e); } }); ClientCertificate1 = CreateLazy(() => ClientCertificate1Path, 1); ClientCertificate2 = CreateLazy(() => ClientCertificate2Path, 2); ClientCertificate3 = CreateLazy(() => ClientCertificate3Path, 3); }
protected TestCertificatesHolder GenerateAndSaveSelfSignedCertificate(bool createNew = false) { var selfSignedCertificatePaths = _selfSignedCertificates; if (selfSignedCertificatePaths != null && createNew == false) { return(ReturnCertificatesHolder(selfSignedCertificatePaths)); } lock (typeof(TestBase)) { selfSignedCertificatePaths = _selfSignedCertificates; if (selfSignedCertificatePaths == null || createNew) { _selfSignedCertificates = selfSignedCertificatePaths = Generate(); } return(ReturnCertificatesHolder(selfSignedCertificatePaths)); } TestCertificatesHolder ReturnCertificatesHolder(TestCertificatesHolder certificates) { return(new TestCertificatesHolder(certificates, GetTempFileName)); } TestCertificatesHolder Generate() { var log = new StringBuilder(); byte[] certBytes; try { certBytes = CertificateUtils.CreateSelfSignedTestCertificate(Environment.MachineName, "RavenTestsServer", log); } catch (Exception e) { throw new CryptographicException($"Unable to generate the test certificate for the machine '{Environment.MachineName}'. Log: {log}", e); } X509Certificate2 serverCertificate; try { serverCertificate = new X509Certificate2(certBytes, (string)null, X509KeyStorageFlags.MachineKeySet); } catch (Exception e) { throw new CryptographicException($"Unable to load the test certificate for the machine '{Environment.MachineName}'. Log: {log}", e); } if (certBytes.Length == 0) { throw new CryptographicException($"Test certificate length is 0 bytes. Machine: '{Environment.MachineName}', Log: {log}"); } string serverCertificatePath = null; try { serverCertificatePath = Path.GetTempFileName(); File.WriteAllBytes(serverCertificatePath, certBytes); } catch (Exception e) { throw new InvalidOperationException("Failed to write the test certificate to a temp file." + $"tempFileName = {serverCertificatePath}" + $"certBytes.Length = {certBytes.Length}" + $"MachineName = {Environment.MachineName}.", e); } GlobalPathsToDelete.Add(serverCertificatePath); SecretProtection.ValidatePrivateKey(serverCertificatePath, null, certBytes, out var pk); var clientCertificate1Path = GenerateClientCertificate(1, serverCertificate, pk); var clientCertificate2Path = GenerateClientCertificate(2, serverCertificate, pk); var clientCertificate3Path = GenerateClientCertificate(3, serverCertificate, pk); return(new TestCertificatesHolder(serverCertificatePath, clientCertificate1Path, clientCertificate2Path, clientCertificate3Path)); } string GenerateClientCertificate(int index, X509Certificate2 serverCertificate, Org.BouncyCastle.Pkcs.AsymmetricKeyEntry pk) { CertificateUtils.CreateSelfSignedClientCertificate( $"{Environment.MachineName}_CC_{index}", new RavenServer.CertificateHolder { Certificate = serverCertificate, PrivateKey = pk }, out var certBytes, DateTime.UtcNow.Date.AddYears(5)); string clientCertificatePath = null; try { clientCertificatePath = Path.GetTempFileName(); File.WriteAllBytes(clientCertificatePath, certBytes); } catch (Exception e) { throw new InvalidOperationException("Failed to write the test certificate to a temp file." + $"tempFileName = {clientCertificatePath}" + $"certBytes.Length = {certBytes.Length}" + $"MachineName = {Environment.MachineName}.", e); } GlobalPathsToDelete.Add(clientCertificatePath); return(clientCertificatePath); } }