feat: session B — auth implementation + signals (26 stubs complete)

Implement ConfigureAuthorization, CheckAuthentication, and full auth dispatch in NatsServer.Auth.cs; add HandleSignals in NatsServer.Signals.cs; extend AuthHandler with GetAuthErrClosedState, ValidateProxies, GetTlsAuthDcs, CheckClientTlsCertSubject, ProcessUserPermissionsTemplate; add ReadOperatorJwt/ValidateTrustedOperators to JwtProcessor; add AuthCallout stub; add auth accessor helpers to ClientConnection; add NATS.NKeys package for NKey signature verification; 12 new tests pass.
2026-02-26 17:38:46 -05:00
parent aa1fb5ac4e
commit 8c380e7ca6
13 changed files with 854 additions and 28 deletions
--- a/dotnet/src/ZB.MOM.NatsNet.Server/ClientConnection.cs
+++ b/dotnet/src/ZB.MOM.NatsNet.Server/ClientConnection.cs
@@ -842,6 +842,45 @@ public sealed partial class ClientConnection
    internal void SetAuthError(Exception err) { lock (_mu) { AuthErr = err; } }
    internal Exception? GetAuthError() { lock (_mu) { return AuthErr; } }

+    // Auth credential accessors (used by NatsServer.Auth.cs)
+    internal string GetAuthToken()  { lock (_mu) { return Opts.Token; } }
+    internal string GetNkey()       { lock (_mu) { return Opts.Nkey; } }
+    internal string GetNkeySig()    { lock (_mu) { return Opts.Sig; } }
+    internal string GetUsername()   { lock (_mu) { return Opts.Username; } }
+    internal string GetPassword()   { lock (_mu) { return Opts.Password; } }
+
+    internal X509Certificate2? GetTlsCertificate()
+    {
+        lock (_mu)
+        {
+            if (_nc is SslStream ssl)
+            {
+                var cert = ssl.RemoteCertificate;
+                if (cert is X509Certificate2 cert2) return cert2;
+                if (cert != null) return new X509Certificate2(cert);
+            }
+            return null;
+        }
+    }
+
+    internal void SetAccount(INatsAccount? acc)
+    {
+        lock (_mu) { Account = acc; }
+    }
+
+    internal void SetAccount(Account? acc) => SetAccount(acc as INatsAccount);
+
+    internal void SetPermissions(Auth.Permissions? perms)
+    {
+        // Full permission installation deferred to later session.
+        // Store in Perms for now.
+        lock (_mu)
+        {
+            if (perms != null)
+                Perms ??= new ClientPermissions();
+        }
+    }
+
    // =========================================================================
    // Timer helpers (features 523-531)
    // =========================================================================