dohertj2/natsdotnet
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
edf9ed770ef3ad008ba6a8af8247b4fa0e861575
natsdotnet/src/NATS.Server/Tls/OcspPeerMessages.cs
Joseph Doherty c30e67a69d Fix E2E test gaps and add comprehensive E2E + parity test suites 
- Fix pull consumer fetch: send original stream subject in HMSG (not inbox)
  so NATS client distinguishes data messages from control messages
- Fix MaxAge expiry: add background timer in StreamManager for periodic pruning
- Fix JetStream wire format: Go-compatible anonymous objects with string enums,
  proper offset-based pagination for stream/consumer list APIs
- Add 42 E2E black-box tests (core messaging, auth, TLS, accounts, JetStream)
- Add ~1000 parity tests across all subsystems (gaps closure)
- Update gap inventory docs to reflect implementation status
2026-03-12 14:09:23 -04:00

86 lines
7.2 KiB
C#
Raw Blame History

namespace NATS.Server.Tls;
public static class OcspPeerMessages
{
// Returned errors
public const string ErrIllegalPeerOptsConfig = "expected map to define OCSP peer options, got [%T]";
public const string ErrIllegalCacheOptsConfig = "expected map to define OCSP peer cache options, got [%T]";
public const string ErrParsingPeerOptFieldGeneric = "error parsing tls peer config, unknown field [%q]";
public const string ErrParsingPeerOptFieldTypeConversion = "error parsing tls peer config, conversion error: %s";
public const string ErrParsingCacheOptFieldTypeConversion = "error parsing OCSP peer cache config, conversion error: %s";
public const string ErrUnableToPlugTLSEmptyConfig = "unable to plug TLS verify connection, config is nil";
public const string ErrMTLSRequired = "OCSP peer verification for client connections requires TLS verify (mTLS) to be enabled";
public const string ErrUnableToPlugTLSClient = "unable to register client OCSP verification";
public const string ErrUnableToPlugTLSServer = "unable to register server OCSP verification";
public const string ErrCannotWriteCompressed = "error writing to compression writer: %w";
public const string ErrCannotReadCompressed = "error reading compression reader: %w";
public const string ErrTruncatedWrite = "short write on body (%d != %d)";
public const string ErrCannotCloseWriter = "error closing compression writer: %w";
public const string ErrParsingCacheOptFieldGeneric = "error parsing OCSP peer cache config, unknown field [%q]";
public const string ErrUnknownCacheType = "error parsing OCSP peer cache config, unknown type [%s]";
public const string ErrInvalidChainlink = "invalid chain link";
public const string ErrBadResponderHTTPStatus = "bad OCSP responder http status: [%d]";
public const string ErrNoAvailOCSPServers = "no available OCSP servers";
public const string ErrFailedWithAllRequests = "exhausted OCSP responders: %w";
// Direct logged errors
public const string ErrLoadCacheFail = "Unable to load OCSP peer cache: %s";
public const string ErrSaveCacheFail = "Unable to save OCSP peer cache: %s";
public const string ErrBadCacheTypeConfig = "Unimplemented OCSP peer cache type [%v]";
public const string ErrResponseCompressFail = "Unable to compress OCSP response for key [%s]: %s";
public const string ErrResponseDecompressFail = "Unable to decompress OCSP response for key [%s]: %s";
public const string ErrPeerEmptyNoEvent = "Peer certificate is nil, cannot send OCSP peer reject event";
public const string ErrPeerEmptyAutoReject = "Peer certificate is nil, rejecting OCSP peer";
// Debug information
public const string DbgPlugTLSForKind = "Plugging TLS OCSP peer for [%s]";
public const string DbgNumServerChains = "Peer OCSP enabled: %d TLS server chain(s) will be evaluated";
public const string DbgNumClientChains = "Peer OCSP enabled: %d TLS client chain(s) will be evaluated";
public const string DbgLinksInChain = "Chain [%d]: %d total link(s)";
public const string DbgSelfSignedValid = "Chain [%d] is self-signed, thus peer is valid";
public const string DbgValidNonOCSPChain = "Chain [%d] has no OCSP eligible links, thus peer is valid";
public const string DbgChainIsOCSPEligible = "Chain [%d] has %d OCSP eligible link(s)";
public const string DbgChainIsOCSPValid = "Chain [%d] is OCSP valid for all eligible links, thus peer is valid";
public const string DbgNoOCSPValidChains = "No OCSP valid chains, thus peer is invalid";
public const string DbgCheckingCacheForCert = "Checking OCSP peer cache for [%s], key [%s]";
public const string DbgCurrentResponseCached = "Cached OCSP response is current, status [%s]";
public const string DbgExpiredResponseCached = "Cached OCSP response is expired, status [%s]";
public const string DbgOCSPValidPeerLink = "OCSP verify pass for [%s]";
public const string DbgCachingResponse = "Caching OCSP response for [%s], key [%s]";
public const string DbgAchievedCompression = "OCSP response compression ratio: [%f]";
public const string DbgCacheHit = "OCSP peer cache hit for key [%s]";
public const string DbgCacheMiss = "OCSP peer cache miss for key [%s]";
public const string DbgPreservedRevocation = "Revoked OCSP response for key [%s] preserved by cache policy";
public const string DbgDeletingCacheResponse = "Deleting OCSP peer cached response for key [%s]";
public const string DbgStartingCache = "Starting OCSP peer cache";
public const string DbgStoppingCache = "Stopping OCSP peer cache";
public const string DbgLoadingCache = "Loading OCSP peer cache [%s]";
public const string DbgNoCacheFound = "No OCSP peer cache found, starting with empty cache";
public const string DbgSavingCache = "Saving OCSP peer cache [%s]";
public const string DbgCacheSaved = "Saved OCSP peer cache successfully (%d bytes)";
public const string DbgMakingCARequest = "Trying OCSP responder url [%s]";
public const string DbgResponseExpired = "OCSP response NextUpdate [%s] is before now [%s] with clockskew [%s]";
public const string DbgResponseTTLExpired = "OCSP response cache expiry [%s] is before now [%s] with clockskew [%s]";
public const string DbgResponseFutureDated = "OCSP response ThisUpdate [%s] is before now [%s] with clockskew [%s]";
public const string DbgCacheSaveTimerExpired = "OCSP peer cache save timer expired";
public const string DbgCacheDirtySave = "OCSP peer cache is dirty, saving";
public const string MsgTLSClientRejectConnection = "client not OCSP valid";
public const string MsgTLSServerRejectConnection = "server not OCSP valid";
public const string ErrCAResponderCalloutFail = "Attempt to obtain OCSP response from CA responder for [%s] failed: %s";
public const string ErrNewCAResponseNotCurrent = "New OCSP CA response obtained for [%s] but not current";
public const string ErrCAResponseParseFailed = "Could not parse OCSP CA response for [%s]: %s";
public const string ErrOCSPInvalidPeerLink = "OCSP verify fail for [%s] with CA status [%s]";
public const string MsgAllowWhenCAUnreachableOccurred = "Failed to obtain OCSP CA response for [%s] but AllowWhenCAUnreachable set; no cached revocation so allowing";
public const string MsgAllowWhenCAUnreachableOccurredCachedRevoke = "Failed to obtain OCSP CA response for [%s] but AllowWhenCAUnreachable set; cached revocation exists so rejecting";
public const string MsgAllowWarnOnlyOccurred = "OCSP verify fail for [%s] but WarnOnly is true so allowing";
public const string MsgCacheOnline = "OCSP peer cache online, type [%s]";
public const string MsgCacheOffline = "OCSP peer cache offline, type [%s]";
public const string MsgFailedOCSPResponseFetch = "Failed OCSP response fetch";
public const string MsgOCSPResponseNotEffective = "OCSP response not in effectivity window";
public const string MsgFailedOCSPResponseParse = "Failed OCSP response parse";
public const string MsgOCSPResponseInvalidStatus = "Invalid OCSP response status: %s";
public const string MsgOCSPResponseDelegationInvalid = "Invalid OCSP response delegation: %s";
public const string MsgCachedOCSPResponseInvalid = "Invalid cached OCSP response for [%s] with fingerprint [%s]";
}
Reference in New Issue View Git Blame Copy Permalink