feat(batch9): implement f1 auth and dirstore foundations

2026-02-28 12:12:50 -05:00
parent 26e4729e8b
commit 78d222a86d
6 changed files with 212 additions and 38 deletions
--- a/dotnet/tests/ZB.MOM.NatsNet.Server.Tests/Accounts/DirectoryStoreTests.cs
+++ b/dotnet/tests/ZB.MOM.NatsNet.Server.Tests/Accounts/DirectoryStoreTests.cs
@@ -767,4 +767,47 @@ public sealed class DirectoryStoreTests : IDisposable
            foreach (var s in stores) try { s?.Dispose(); } catch { /* best-effort */ }
        }
    }
+
+    [Fact]
+    public void ValidateDirPath_ExistingDirectory_ReturnsAbsolutePath()
+    {
+        var dir = MakeTempDir();
+
+        var validated = DirJwtStore.ValidateDirPath(dir);
+
+        validated.ShouldBe(Path.GetFullPath(dir));
+    }
+
+    [Fact]
+    public void ValidatePathExists_PathIsFileWhenDirectoryExpected_Throws()
+    {
+        var dir = MakeTempDir();
+        var file = Path.Combine(dir, "token.jwt");
+        File.WriteAllText(file, "jwt");
+
+        Should.Throw<InvalidOperationException>(() => DirJwtStore.ValidatePathExists(file, dir: true));
+    }
+
+    [Fact]
+    public void ExpirationTracker_HeapPrimitives_MaintainIndexAndTracking()
+    {
+        var tracker = new ExpirationTracker(limit: 10, evictOnLimit: true, ttl: TimeSpan.Zero);
+        var a = new JwtItem("A", expiration: 10, hash: [1, 2, 3]);
+        var b = new JwtItem("B", expiration: 20, hash: [4, 5, 6]);
+
+        tracker.Push(a);
+        tracker.Push(b);
+
+        tracker.Len().ShouldBe(2);
+        tracker.Less(0, 1).ShouldBeTrue();
+
+        tracker.Swap(0, 1);
+        tracker.Less(0, 1).ShouldBeFalse();
+
+        var popped = tracker.Pop();
+        popped.PublicKey.ShouldBe("A");
+        tracker.IsTracked("A").ShouldBeFalse();
+        tracker.IsTracked("B").ShouldBeTrue();
+        tracker.Len().ShouldBe(1);
+    }
 }
--- a/dotnet/tests/ZB.MOM.NatsNet.Server.Tests/ServerTests.cs
+++ b/dotnet/tests/ZB.MOM.NatsNet.Server.Tests/ServerTests.cs
@@ -22,6 +22,7 @@ using NSubstitute.ExceptionExtensions;
 using Shouldly;
 using Xunit;
 using ZB.MOM.NatsNet.Server.Auth;
+using ZB.MOM.NatsNet.Server.Internal;

 namespace ZB.MOM.NatsNet.Server.Tests;

@@ -218,6 +219,21 @@ public sealed class ServerTests
        err.ShouldNotBeNull();
    }

+    [Fact]
+    public void MatchesPinnedCert_NullPinnedSet_ReturnsTrue()
+    {
+        var client = new ClientConnection(ClientKind.Client, nc: new MemoryStream());
+        client.MatchesPinnedCert(null).ShouldBeTrue();
+    }
+
+    [Fact]
+    public void MatchesPinnedCert_NoTlsCertificate_ReturnsFalse()
+    {
+        var client = new ClientConnection(ClientKind.Client, nc: new MemoryStream());
+        var pinned = new PinnedCertSet([new string('a', 64)]);
+        client.MatchesPinnedCert(pinned).ShouldBeFalse();
+    }
+
    // =========================================================================
    // GetServerProto
    // =========================================================================