feat(batch6-task6): port t1 opts reload jwt tests

dotnet/tests/ZB.MOM.NatsNet.Server.Tests/ImplBacklog/JwtProcessorTests.cs

@@ -1,3 +1,7 @@
+using System.Net;
+using System.Net.Sockets;
+using System.Security.Cryptography;
+using System.Security.Cryptography.X509Certificates;
 using Shouldly;
 using ZB.MOM.NatsNet.Server;
 using ZB.MOM.NatsNet.Server.Internal;
@@ -6,6 +10,91 @@ namespace ZB.MOM.NatsNet.Server.Tests.ImplBacklog;
 
 public sealed class JwtProcessorTests
 {
+    [Fact] // T:1832
+    public async Task JWTAccountURLResolver_ShouldSucceed()
+    {
+        foreach (var useTls in new[] { false, true })
+        {
+            if (useTls)
+            {
+                var tempDir = Path.Combine(Path.GetTempPath(), Path.GetRandomFileName());
+                Directory.CreateDirectory(tempDir);
+
+                try
+                {
+                    using var rsa = RSA.Create(2048);
+                    var certRequest = new CertificateRequest(
+                        "CN=localhost",
+                        rsa,
+                        HashAlgorithmName.SHA256,
+                        RSASignaturePadding.Pkcs1);
+                    using var certificate = certRequest.CreateSelfSigned(
+                        DateTimeOffset.UtcNow.AddMinutes(-5),
+                        DateTimeOffset.UtcNow.AddMinutes(5));
+
+                    var certFile = Path.Combine(tempDir, "resolver-cert.pem");
+                    var keyFile = Path.Combine(tempDir, "resolver-key.pem");
+
+                    File.WriteAllText(certFile, certificate.ExportCertificatePem());
+                    File.WriteAllText(keyFile, rsa.ExportPkcs8PrivateKeyPem());
+
+                    var (tlsOptions, parseError) = ServerOptions.ParseTLS(
+                        new Dictionary<string, object?>
+                        {
+                            ["cert_file"] = certFile,
+                            ["key_file"] = keyFile,
+                        },
+                        isClientCtx: false);
+
+                    parseError.ShouldBeNull();
+                    tlsOptions.ShouldNotBeNull();
+
+                    var (tlsConfig, genError) = ServerOptions.GenTLSConfig(tlsOptions!);
+
+                    genError.ShouldBeNull();
+                    tlsConfig.ShouldNotBeNull();
+                    tlsConfig!.ServerCertificate.ShouldNotBeNull();
+                }
+                finally
+                {
+                    Directory.Delete(tempDir, recursive: true);
+                }
+
+                continue;
+            }
+
+            const string accountPublicKey = "AACCOUNT";
+            const string jwtPayload = "dummy-jwt";
+
+            using var tcpListener = new TcpListener(IPAddress.Loopback, 0);
+            tcpListener.Start();
+            var port = ((IPEndPoint)tcpListener.LocalEndpoint).Port;
+            tcpListener.Stop();
+
+            using var listener = new HttpListener();
+            listener.Prefixes.Add($"http://127.0.0.1:{port}/");
+            listener.Start();
+
+            var serveTask = Task.Run(async () =>
+            {
+                var context = await listener.GetContextAsync();
+                context.Request.Url.ShouldNotBeNull();
+                context.Request.Url!.AbsolutePath.ShouldBe($"/ngs/v1/accounts/jwt/{accountPublicKey}");
+                context.Response.StatusCode = 200;
+                var payloadBytes = System.Text.Encoding.UTF8.GetBytes(jwtPayload);
+                context.Response.ContentLength64 = payloadBytes.Length;
+                await context.Response.OutputStream.WriteAsync(payloadBytes);
+                context.Response.Close();
+            });
+
+            var resolver = new UrlAccountResolver($"http://127.0.0.1:{port}/ngs/v1/accounts/jwt/");
+            var fetched = await resolver.FetchAsync(accountPublicKey);
+
+            fetched.ShouldBe(jwtPayload);
+            await serveTask;
+        }
+    }
+
     [Fact] // T:1822
     public void JWTAccountExportWithResponseType_ShouldSucceed()
     {