feat(gateway): validate MxGateway:Tls options

2026-06-01 07:19:22 -04:00
parent b8a6695612
commit fe7d1ce1ec
2 changed files with 85 additions and 0 deletions
@@ -26,6 +26,7 @@ public sealed class GatewayOptionsValidator : IValidateOptions<GatewayOptions>
        ValidateDashboard(options.Dashboard, failures);
        ValidateProtocol(options.Protocol, failures);
        ValidateAlarms(options.Alarms, failures);
        ValidateTls(options.Tls, failures);
        return failures.Count == 0
            ? ValidateOptionsResult.Success
@@ -262,6 +263,31 @@ public sealed class GatewayOptionsValidator : IValidateOptions<GatewayOptions>
        }
    }
    private const int MinimumCertValidityYears = 1;
    private const int MaximumCertValidityYears = 100;
    private static void ValidateTls(TlsOptions options, List<string> failures)
    {
        if (options.ValidityYears is < MinimumCertValidityYears or > MaximumCertValidityYears)
        {
            failures.Add(
                $"MxGateway:Tls:ValidityYears must be between {MinimumCertValidityYears} and {MaximumCertValidityYears}.");
        }
        AddIfInvalidPath(
            options.SelfSignedCertPath,
            "MxGateway:Tls:SelfSignedCertPath must be a valid filesystem path.",
            failures);
        foreach (string dns in options.AdditionalDnsNames)
        {
            if (string.IsNullOrWhiteSpace(dns))
            {
                failures.Add("MxGateway:Tls:AdditionalDnsNames entries must be non-blank.");
            }
        }
    }
    private static void ValidateProtocol(ProtocolOptions options, List<string> failures)
    {
        if (options.WorkerProtocolVersion != GatewayContractInfo.WorkerProtocolVersion)
@@ -0,0 +1,59 @@
 using Microsoft.Extensions.Options;
 using ZB.MOM.WW.MxGateway.Server.Configuration;
 namespace ZB.MOM.WW.MxGateway.Tests.Configuration;
 public sealed class GatewayOptionsValidatorTests
 {
    // Constructs the minimal valid GatewayOptions by relying on each sub-option's
    // design-default values; those defaults are validated separately in GatewayOptionsTests.
    private static GatewayOptions ValidOptions() => new();
    private static GatewayOptions CloneWithTls(GatewayOptions source, TlsOptions tls)
        => new()
        {
            Authentication = source.Authentication,
            Ldap = source.Ldap,
            Worker = source.Worker,
            Sessions = source.Sessions,
            Events = source.Events,
            Dashboard = source.Dashboard,
            Protocol = source.Protocol,
            Alarms = source.Alarms,
            Tls = tls,
        };
    [Fact]
    public void Validate_Succeeds_WithDefaultTlsOptions()
    {
        ValidateOptionsResult result = new GatewayOptionsValidator().Validate(null, ValidOptions());
        Assert.True(result.Succeeded);
    }
    [Fact]
    public void Validate_Fails_WhenTlsValidityYearsOutOfRange()
    {
        GatewayOptions withBadTls = CloneWithTls(ValidOptions(), new TlsOptions { ValidityYears = 0 });
        ValidateOptionsResult result = new GatewayOptionsValidator().Validate(null, withBadTls);
        Assert.True(result.Failed);
        Assert.Contains(result.Failures!, f => f.Contains("MxGateway:Tls:ValidityYears"));
    }
    [Fact]
    public void Validate_Fails_WhenTlsValidityYearsTooLarge()
    {
        GatewayOptions withBadTls = CloneWithTls(ValidOptions(), new TlsOptions { ValidityYears = 101 });
        ValidateOptionsResult result = new GatewayOptionsValidator().Validate(null, withBadTls);
        Assert.True(result.Failed);
        Assert.Contains(result.Failures!, f => f.Contains("MxGateway:Tls:ValidityYears"));
    }
    [Fact]
    public void Validate_Fails_WhenAdditionalDnsNameBlank()
    {
        GatewayOptions options = CloneWithTls(ValidOptions(), new TlsOptions { AdditionalDnsNames = [" "] });
        ValidateOptionsResult result = new GatewayOptionsValidator().Validate(null, options);
        Assert.True(result.Failed);
        Assert.Contains(result.Failures!, f => f.Contains("MxGateway:Tls:AdditionalDnsNames"));
    }
 }