feat(gateway): add MxGateway:Tls options block
This commit is contained in:
Joseph Doherty
@@ -43,4 +43,7 @@ public sealed class GatewayOptions
|
|||||||
/// behaviour (alarms disabled).
|
/// behaviour (alarms disabled).
|
||||||
/// </summary>
|
/// </summary>
|
||||||
public AlarmsOptions Alarms { get; init; } = new();
|
public AlarmsOptions Alarms { get; init; } = new();
|
||||||
|
|
||||||
|
/// <summary>Gets self-signed TLS certificate auto-generation options.</summary>
|
||||||
|
public TlsOptions Tls { get; init; } = new();
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -0,0 +1,22 @@
|
|||||||
|
namespace ZB.MOM.WW.MxGateway.Server.Configuration;
|
||||||
|
|
||||||
|
/// <summary>
|
||||||
|
/// Options controlling the gateway's self-signed certificate auto-generation.
|
||||||
|
/// Only consulted when a Kestrel HTTPS endpoint is configured without its own
|
||||||
|
/// certificate; plaintext deployments never trigger generation.
|
||||||
|
/// </summary>
|
||||||
|
public sealed class TlsOptions
|
||||||
|
{
|
||||||
|
/// <summary>Path to the persisted self-signed PFX. Reused across restarts.</summary>
|
||||||
|
public string SelfSignedCertPath { get; init; } =
|
||||||
|
@"C:\ProgramData\MxGateway\certs\gateway-selfsigned.pfx";
|
||||||
|
|
||||||
|
/// <summary>Lifetime in years of a freshly generated certificate.</summary>
|
||||||
|
public int ValidityYears { get; init; } = 10;
|
||||||
|
|
||||||
|
/// <summary>Extra DNS SANs to embed (e.g. a load-balancer name).</summary>
|
||||||
|
public IReadOnlyList<string> AdditionalDnsNames { get; init; } = [];
|
||||||
|
|
||||||
|
/// <summary>Regenerate the persisted certificate when it has expired.</summary>
|
||||||
|
public bool RegenerateIfExpired { get; init; } = true;
|
||||||
|
}
|
||||||
@@ -0,0 +1,39 @@
|
|||||||
|
using Microsoft.Extensions.Configuration;
|
||||||
|
using ZB.MOM.WW.MxGateway.Server.Configuration;
|
||||||
|
using Xunit;
|
||||||
|
|
||||||
|
namespace ZB.MOM.WW.MxGateway.Tests.Configuration;
|
||||||
|
|
||||||
|
public sealed class TlsOptionsBindingTests
|
||||||
|
{
|
||||||
|
[Fact]
|
||||||
|
public void Defaults_AreApplied_WhenSectionAbsent()
|
||||||
|
{
|
||||||
|
TlsOptions options = new();
|
||||||
|
Assert.Equal(10, options.ValidityYears);
|
||||||
|
Assert.True(options.RegenerateIfExpired);
|
||||||
|
Assert.Empty(options.AdditionalDnsNames);
|
||||||
|
Assert.False(string.IsNullOrWhiteSpace(options.SelfSignedCertPath));
|
||||||
|
}
|
||||||
|
|
||||||
|
[Fact]
|
||||||
|
public void Binds_FromMxGatewayTlsSection()
|
||||||
|
{
|
||||||
|
IConfiguration config = new ConfigurationBuilder()
|
||||||
|
.AddInMemoryCollection(new Dictionary<string, string?>
|
||||||
|
{
|
||||||
|
["MxGateway:Tls:ValidityYears"] = "5",
|
||||||
|
["MxGateway:Tls:SelfSignedCertPath"] = @"C:\tmp\gw.pfx",
|
||||||
|
["MxGateway:Tls:RegenerateIfExpired"] = "false",
|
||||||
|
["MxGateway:Tls:AdditionalDnsNames:0"] = "gw.internal",
|
||||||
|
})
|
||||||
|
.Build();
|
||||||
|
|
||||||
|
GatewayOptions options = config.GetSection(GatewayOptions.SectionName).Get<GatewayOptions>()!;
|
||||||
|
|
||||||
|
Assert.Equal(5, options.Tls.ValidityYears);
|
||||||
|
Assert.Equal(@"C:\tmp\gw.pfx", options.Tls.SelfSignedCertPath);
|
||||||
|
Assert.False(options.Tls.RegenerateIfExpired);
|
||||||
|
Assert.Equal("gw.internal", Assert.Single(options.Tls.AdditionalDnsNames));
|
||||||
|
}
|
||||||
|
}
|
||||||
Reference in New Issue
Block a user