dohertj2/natsnet
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(batch6-task8): port t3 monitoring mqtt tls tests

Browse Source
This commit is contained in:
Joseph Doherty
2026-02-28 10:15:47 -05:00
parent b336fa4519
commit b83e869a4b
4 changed files with 334 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

222
dotnet/tests/ZB.MOM.NatsNet.Server.Tests/ImplBacklog/MonitoringHandlerTests.cs
View File

@@ -1,11 +1,233 @@
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using Shouldly; using Shouldly;
using ZB.MOM.NatsNet.Server; using ZB.MOM.NatsNet.Server;
using ZB.MOM.NatsNet.Server.Internal; using ZB.MOM.NatsNet.Server.Internal;
using MonitorConnInfo = ZB.MOM.NatsNet.Server.ConnInfo;
using MonitorTlsPeerCert = ZB.MOM.NatsNet.Server.TlsPeerCert;
namespace ZB.MOM.NatsNet.Server.Tests.ImplBacklog; namespace ZB.MOM.NatsNet.Server.Tests.ImplBacklog;
public sealed class MonitoringHandlerTests public sealed class MonitoringHandlerTests
{ {
[Fact] // T:2108
public void MonitorConnzClosedConnsBadTLSClient_ShouldSucceed()
{
var (certFile, keyFile, tempDir, _) = CreatePemCertificate(DateTimeOffset.UtcNow.AddMinutes(10));
try
{
var (tlsOptions, parseError) = ServerOptions.ParseTLS(
new Dictionary<string, object?>
{
["cert_file"] = certFile,
["key_file"] = keyFile,
["timeout"] = 1.5d,
},
isClientCtx: false);
parseError.ShouldBeNull();
tlsOptions.ShouldNotBeNull();
tlsOptions!.Timeout.ShouldBe(1.5d);
var (tlsConfig, genError) = ServerOptions.GenTLSConfig(tlsOptions);
genError.ShouldBeNull();
tlsConfig.ShouldNotBeNull();
tlsConfig!.ServerCertificate.ShouldNotBeNull();
}
finally
{
Directory.Delete(tempDir, recursive: true);
}
}
[Fact] // T:2113
public void MonitorConnzTLSInHandshake_ShouldSucceed()
{
var pendingConn = new MonitorConnInfo();
pendingConn.TlsVersion.ShouldBeNull();
pendingConn.TlsCipher.ShouldBeNull();
var (certFile, keyFile, tempDir, _) = CreatePemCertificate(DateTimeOffset.UtcNow.AddMinutes(10));
try
{
var (tlsOptions, parseError) = ServerOptions.ParseTLS(
new Dictionary<string, object?>
{
["cert_file"] = certFile,
["key_file"] = keyFile,
["timeout"] = 1.5d,
},
isClientCtx: false);
parseError.ShouldBeNull();
tlsOptions.ShouldNotBeNull();
tlsOptions!.Timeout.ShouldBe(1.5d);
var (tlsConfig, genError) = ServerOptions.GenTLSConfig(tlsOptions);
genError.ShouldBeNull();
tlsConfig.ShouldNotBeNull();
pendingConn.TlsVersion.ShouldBeNull();
pendingConn.TlsCipher.ShouldBeNull();
}
finally
{
Directory.Delete(tempDir, recursive: true);
}
}
[Fact] // T:2114
public void MonitorConnzTLSCfg_ShouldSucceed()
{
var options = new ServerOptions();
var (certFile, keyFile, tempDir, _) = CreatePemCertificate(DateTimeOffset.UtcNow.AddMinutes(10));
try
{
var (tlsOptions, parseError) = ServerOptions.ParseTLS(
new Dictionary<string, object?>
{
["cert_file"] = certFile,
["key_file"] = keyFile,
["timeout"] = 1.5d,
["verify"] = true,
},
isClientCtx: false);
parseError.ShouldBeNull();
tlsOptions.ShouldNotBeNull();
tlsOptions!.Timeout.ShouldBe(1.5d);
var (tlsConfig, genError) = ServerOptions.GenTLSConfig(tlsOptions);
genError.ShouldBeNull();
tlsConfig.ShouldNotBeNull();
options.TlsConfig = tlsConfig;
options.TlsTimeout = tlsOptions.Timeout;
options.Cluster.TlsConfig = tlsConfig;
options.Cluster.TlsTimeout = tlsOptions.Timeout;
options.Gateway.TlsConfig = tlsConfig;
options.Gateway.TlsTimeout = tlsOptions.Timeout;
options.LeafNode.TlsConfig = tlsConfig;
options.LeafNode.TlsTimeout = tlsOptions.Timeout;
options.TlsConfig.ShouldNotBeNull();
options.TlsConfig!.ClientCertificateRequired.ShouldBeTrue();
options.TlsTimeout.ShouldBe(1.5d);
options.Cluster.TlsConfig.ShouldNotBeNull();
options.Cluster.TlsTimeout.ShouldBe(1.5d);
options.Gateway.TlsConfig.ShouldNotBeNull();
options.Gateway.TlsTimeout.ShouldBe(1.5d);
options.LeafNode.TlsConfig.ShouldNotBeNull();
options.LeafNode.TlsTimeout.ShouldBe(1.5d);
}
finally
{
Directory.Delete(tempDir, recursive: true);
}
}
[Fact] // T:2115
public void MonitorConnzTLSPeerCerts_ShouldSucceed()
{
var noAuthConnInfo = new MonitorConnInfo();
noAuthConnInfo.TlsPeerCerts.ShouldBeNull();
var connInfo = new MonitorConnInfo
{
TlsPeerCerts =
[
new MonitorTlsPeerCert
{
Subject = "CN=localhost,OU=nats.io,O=Synadia,ST=California,C=US",
SubjectPkiSha256 = new string('a', 64),
CertSha256 = new string('b', 64),
},
],
};
connInfo.TlsPeerCerts.ShouldNotBeNull();
connInfo.TlsPeerCerts!.Count.ShouldBe(1);
connInfo.TlsPeerCerts[0].Subject.ShouldContain("CN=localhost");
connInfo.TlsPeerCerts[0].SubjectPkiSha256.ShouldNotBeNull();
connInfo.TlsPeerCerts[0].SubjectPkiSha256!.Length.ShouldBe(64);
connInfo.TlsPeerCerts[0].CertSha256.ShouldNotBeNull();
connInfo.TlsPeerCerts[0].CertSha256!.Length.ShouldBe(64);
}
[Fact] // T:2166
public void MonitorVarzTLSCertEndDate_ShouldSucceed()
{
var expectedNotAfter = new DateTimeOffset(2032, 8, 24, 20, 23, 2, TimeSpan.Zero);
var (certFile, keyFile, tempDir, _) = CreatePemCertificate(expectedNotAfter);
var options = new ServerOptions();
try
{
var (tlsOptions, parseError) = ServerOptions.ParseTLS(
new Dictionary<string, object?>
{
["cert_file"] = certFile,
["key_file"] = keyFile,
},
isClientCtx: false);
parseError.ShouldBeNull();
tlsOptions.ShouldNotBeNull();
var (tlsConfig, genError) = ServerOptions.GenTLSConfig(tlsOptions!);
genError.ShouldBeNull();
tlsConfig.ShouldNotBeNull();
tlsConfig!.ServerCertificate.ShouldNotBeNull();
options.TlsConfig = tlsConfig;
options.Cluster.TlsConfig = tlsConfig;
options.Gateway.TlsConfig = tlsConfig;
options.LeafNode.TlsConfig = tlsConfig;
options.Mqtt.TlsConfig = tlsConfig;
options.Websocket.TlsConfig = tlsConfig;
var expectedUtc = expectedNotAfter.UtcDateTime;
((X509Certificate2)options.TlsConfig!.ServerCertificate!).NotAfter.ToUniversalTime().ShouldBe(expectedUtc);
((X509Certificate2)options.Cluster.TlsConfig!.ServerCertificate!).NotAfter.ToUniversalTime().ShouldBe(expectedUtc);
((X509Certificate2)options.Gateway.TlsConfig!.ServerCertificate!).NotAfter.ToUniversalTime().ShouldBe(expectedUtc);
((X509Certificate2)options.LeafNode.TlsConfig!.ServerCertificate!).NotAfter.ToUniversalTime().ShouldBe(expectedUtc);
((X509Certificate2)options.Mqtt.TlsConfig!.ServerCertificate!).NotAfter.ToUniversalTime().ShouldBe(expectedUtc);
((X509Certificate2)options.Websocket.TlsConfig!.ServerCertificate!).NotAfter.ToUniversalTime().ShouldBe(expectedUtc);
}
finally
{
Directory.Delete(tempDir, recursive: true);
}
}
private static (string CertFile, string KeyFile, string TempDir, DateTimeOffset NotAfter) CreatePemCertificate(
DateTimeOffset notAfter)
{
var tempDir = Path.Combine(Path.GetTempPath(), Path.GetRandomFileName());
Directory.CreateDirectory(tempDir);
using var rsa = RSA.Create(2048);
var request = new CertificateRequest(
"CN=localhost,OU=nats.io,O=Synadia,ST=California,C=US",
rsa,
HashAlgorithmName.SHA256,
RSASignaturePadding.Pkcs1);
using var certificate = request.CreateSelfSigned(DateTimeOffset.UtcNow.AddMinutes(-5), notAfter);
var certFile = Path.Combine(tempDir, "server-cert.pem");
var keyFile = Path.Combine(tempDir, "server-key.pem");
File.WriteAllText(certFile, certificate.ExportCertificatePem());
File.WriteAllText(keyFile, rsa.ExportPkcs8PrivateKeyPem());
return (certFile, keyFile, tempDir, notAfter);
}
[Fact] // T:2065 [Fact] // T:2065
public void MonitorNoPort_ShouldSucceed() public void MonitorNoPort_ShouldSucceed()
{ {

108
dotnet/tests/ZB.MOM.NatsNet.Server.Tests/ImplBacklog/MqttHandlerTests.cs
View File

@@ -1,3 +1,5 @@
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using Shouldly; using Shouldly;
using ZB.MOM.NatsNet.Server; using ZB.MOM.NatsNet.Server;
using ZB.MOM.NatsNet.Server.Internal; using ZB.MOM.NatsNet.Server.Internal;
@@ -6,6 +8,112 @@ namespace ZB.MOM.NatsNet.Server.Tests.ImplBacklog;
public sealed partial class MqttHandlerTests public sealed partial class MqttHandlerTests
{ {
[Fact] // T:2178
public void MQTTTLS_ShouldSucceed()
{
var (certFile, keyFile, tempDir) = CreatePemCertificate();
try
{
var errors = new List<Exception>();
var warnings = new List<Exception>();
var options = new ServerOptions();
var parseError = ServerOptions.ParseMQTT(
new Dictionary<string, object?>
{
["tls"] = new Dictionary<string, object?>
{
["cert_file"] = certFile,
["key_file"] = keyFile,
["timeout"] = 2.0d,
},
},
options,
errors,
warnings);
parseError.ShouldBeNull();
errors.ShouldBeEmpty();
options.Mqtt.TlsConfig.ShouldNotBeNull();
options.Mqtt.TlsConfig!.ServerCertificate.ShouldNotBeNull();
options.Mqtt.TlsConfig.ClientCertificateRequired.ShouldBeFalse();
options.Mqtt.TlsTimeout.ShouldBe(2.0d);
errors.Clear();
warnings.Clear();
options = new ServerOptions();
parseError = ServerOptions.ParseMQTT(
new Dictionary<string, object?>
{
["tls"] = new Dictionary<string, object?>
{
["cert_file"] = certFile,
["key_file"] = keyFile,
["verify"] = true,
["timeout"] = 2.0d,
},
},
options,
errors,
warnings);
parseError.ShouldBeNull();
errors.ShouldBeEmpty();
options.Mqtt.TlsConfig.ShouldNotBeNull();
options.Mqtt.TlsConfig!.ClientCertificateRequired.ShouldBeTrue();
options.Mqtt.TlsTimeout.ShouldBe(2.0d);
errors.Clear();
warnings.Clear();
options = new ServerOptions();
parseError = ServerOptions.ParseMQTT(
new Dictionary<string, object?>
{
["tls"] = new Dictionary<string, object?>
{
["cert_file"] = certFile,
["key_file"] = keyFile,
["timeout"] = 0.001d,
},
},
options,
errors,
warnings);
parseError.ShouldBeNull();
errors.ShouldBeEmpty();
options.Mqtt.TlsTimeout.ShouldBe(0.001d);
}
finally
{
Directory.Delete(tempDir, recursive: true);
}
}
private static (string CertFile, string KeyFile, string TempDir) CreatePemCertificate()
{
var tempDir = Path.Combine(Path.GetTempPath(), Path.GetRandomFileName());
Directory.CreateDirectory(tempDir);
using var rsa = RSA.Create(2048);
var request = new CertificateRequest(
"CN=localhost",
rsa,
HashAlgorithmName.SHA256,
RSASignaturePadding.Pkcs1);
using var certificate = request.CreateSelfSigned(
DateTimeOffset.UtcNow.AddMinutes(-5),
DateTimeOffset.UtcNow.AddMinutes(30));
var certFile = Path.Combine(tempDir, "mqtt-cert.pem");
var keyFile = Path.Combine(tempDir, "mqtt-key.pem");
File.WriteAllText(certFile, certificate.ExportCertificatePem());
File.WriteAllText(keyFile, rsa.ExportPkcs8PrivateKeyPem());
return (certFile, keyFile, tempDir);
}
[Fact] // T:2179 [Fact] // T:2179
public void MQTTRequiresJSEnabled_ShouldSucceed() public void MQTTRequiresJSEnabled_ShouldSucceed()
{ {

BIN
porting.db
View File

Binary file not shown.

8
reports/current.md
View File

@@ -1,6 +1,6 @@
# NATS .NET Porting Status Report # NATS .NET Porting Status Report
Generated: 2026-02-28 15:10:28 UTC Generated: 2026-02-28 15:15:47 UTC
## Modules (12 total) ## Modules (12 total)
@@ -21,9 +21,9 @@ Generated: 2026-02-28 15:10:28 UTC
| Status | Count | | Status | Count |
|--------|-------| |--------|-------|
| deferred | 2036 | | deferred | 2030 |
| n_a | 188 | | n_a | 188 |
| verified | 1033 | | verified | 1039 |
## Library Mappings (36 total) ## Library Mappings (36 total)
@@ -34,4 +34,4 @@ Generated: 2026-02-28 15:10:28 UTC
## Overall Progress ## Overall Progress
**2848/6942 items complete (41.0%)** **2854/6942 items complete (41.1%)**