dohertj2/natsnet
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(batch1): implement jwt wipe and nonce-required internal logic

Browse Source
This commit is contained in:
Joseph Doherty
2026-02-28 06:30:23 -05:00
parent f9b582dcca
commit d8d71eab95
8 changed files with 161 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
dotnet/src/ZB.MOM.NatsNet.Server/Auth/AuthHandler.cs
View File

@@ -269,7 +269,7 @@ public static partial class AuthHandler
/// </summary> /// </summary>
public static void WipeSlice(Span<byte> buf) public static void WipeSlice(Span<byte> buf)
{ {
buf.Fill((byte)'x'); JwtProcessor.WipeSlice(buf);
} }
/// <summary> /// <summary>

9
dotnet/src/ZB.MOM.NatsNet.Server/Auth/JwtProcessor.cs
View File

@@ -31,6 +31,15 @@ public static class JwtProcessor
/// </summary> /// </summary>
public const string JwtPrefix = "eyJ"; public const string JwtPrefix = "eyJ";
/// <summary>
/// Wipes a byte slice by filling with <c>'x'</c>.
/// Mirrors Go <c>wipeSlice</c>.
/// </summary>
public static void WipeSlice(Span<byte> buf)
{
buf.Fill((byte)'x');
}
/// <summary> /// <summary>
/// Validates that the given IP host address is allowed by the user claims source CIDRs. /// Validates that the given IP host address is allowed by the user claims source CIDRs.
/// Returns true if the host is within any of the allowed CIDRs, or if no CIDRs are specified. /// Returns true if the host is within any of the allowed CIDRs, or if no CIDRs are specified.

23
dotnet/src/ZB.MOM.NatsNet.Server/NatsServer.Listeners.cs
View File

@@ -61,10 +61,29 @@ public sealed partial class NatsServer
/// <summary> /// <summary>
/// Returns true if this server requires clients to send a nonce for auth. /// Returns true if this server requires clients to send a nonce for auth.
/// Stub — full implementation in session 11. /// Mirrors Go <c>Server.NonceRequired()</c>.
/// Mirrors Go <c>Server.nonceRequired()</c>. /// Mirrors Go <c>Server.nonceRequired()</c>.
/// </summary> /// </summary>
private bool NonceRequired() => false; private bool NonceRequired()
{
_mu.EnterReadLock();
try
{
return NonceRequiredInternal();
}
finally
{
_mu.ExitReadLock();
}
}
/// <summary>
/// Returns true if this server requires clients to send a nonce for auth.
/// Lock should be held by caller for strict Go parity.
/// Mirrors Go <c>Server.nonceRequired()</c>.
/// </summary>
internal bool NonceRequiredInternal()
=> GetOpts().AlwaysEnableNonce || (_nkeys?.Count > 0) || _trustedKeys != null || _proxiesKeyPairs.Count > 0;
/// <summary> /// <summary>
/// Fills <paramref name="nonce"/> with random bytes. /// Fills <paramref name="nonce"/> with random bytes.

4
dotnet/tests/ZB.MOM.NatsNet.Server.Tests/Auth/JwtProcessorTests.cs
View File

@@ -40,7 +40,7 @@ public class JwtProcessorTests
public void WipeSlice_FillsWithX() public void WipeSlice_FillsWithX()
{ {
var buf = new byte[] { 0x01, 0x02, 0x03 }; var buf = new byte[] { 0x01, 0x02, 0x03 };
AuthHandler.WipeSlice(buf); JwtProcessor.WipeSlice(buf);
buf.ShouldAllBe(b => b == (byte)'x'); buf.ShouldAllBe(b => b == (byte)'x');
} }
@@ -48,7 +48,7 @@ public class JwtProcessorTests
public void WipeSlice_EmptyBuffer_NoOp() public void WipeSlice_EmptyBuffer_NoOp()
{ {
var buf = Array.Empty<byte>(); var buf = Array.Empty<byte>();
AuthHandler.WipeSlice(buf); JwtProcessor.WipeSlice(buf);
} }
// ========================================================================= // =========================================================================

87
dotnet/tests/ZB.MOM.NatsNet.Server.Tests/Server/NonceRequiredTests.cs Normal file
View File

@@ -0,0 +1,87 @@
// Copyright 2012-2026 The NATS Authors
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
using System.Reflection;
using Shouldly;
using ZB.MOM.NatsNet.Server.Auth;
namespace ZB.MOM.NatsNet.Server.Tests.Server;
public sealed class NonceRequiredTests
{
[Fact]
public void NonceRequiredInternal_NoConditions_ReturnsFalse()
{
var server = CreateServer();
server.NonceRequiredInternal().ShouldBeFalse();
}
[Fact]
public void NonceRequiredInternal_AlwaysEnableNonceOptionSet_ReturnsTrue()
{
var server = CreateServer();
var opts = server.GetOpts();
opts.AlwaysEnableNonce = true;
server.SetOpts(opts);
server.NonceRequiredInternal().ShouldBeTrue();
}
[Fact]
public void NonceRequiredInternal_NkeysConfigured_ReturnsTrue()
{
var server = CreateServer();
SetPrivateField(server, "_nkeys", new Dictionary<string, NkeyUser>
{
["UAEXAMPLE"] = new() { Nkey = "UAEXAMPLE" },
});
server.NonceRequiredInternal().ShouldBeTrue();
}
[Fact]
public void NonceRequiredInternal_TrustedKeysPresent_ReturnsTrue()
{
var server = CreateServer();
SetPrivateField(server, "_trustedKeys", new List<string> { "OPKEY" });
server.NonceRequiredInternal().ShouldBeTrue();
}
[Fact]
public void NonceRequiredInternal_ProxiesKeyPairsPresent_ReturnsTrue()
{
var server = CreateServer();
var proxiesField = typeof(NatsServer).GetField("_proxiesKeyPairs", BindingFlags.Instance | BindingFlags.NonPublic);
proxiesField.ShouldNotBeNull();
var proxies = proxiesField!.GetValue(server).ShouldBeOfType<List<object>>();
proxies.Add(new object());
server.NonceRequiredInternal().ShouldBeTrue();
}
private static NatsServer CreateServer()
{
var (server, error) = NatsServer.NewServer(new ServerOptions());
error.ShouldBeNull();
server.ShouldNotBeNull();
return server!;
}
private static void SetPrivateField<T>(NatsServer server, string fieldName, T value)
{
var field = typeof(NatsServer).GetField(fieldName, BindingFlags.Instance | BindingFlags.NonPublic);
field.ShouldNotBeNull();
field!.SetValue(server, value);
}
}

BIN
porting.db
View File

Binary file not shown.

8
reports/current.md
View File

@@ -1,6 +1,6 @@
# NATS .NET Porting Status Report # NATS .NET Porting Status Report
Generated: 2026-02-28 11:05:07 UTC Generated: 2026-02-28 11:30:24 UTC
## Modules (12 total) ## Modules (12 total)
@@ -12,10 +12,10 @@ Generated: 2026-02-28 11:05:07 UTC
| Status | Count | | Status | Count |
|--------|-------| |--------|-------|
| deferred | 2375 | | deferred | 2373 |
| n_a | 24 | | n_a | 24 |
| stub | 1 | | stub | 1 |
| verified | 1273 | | verified | 1275 |
## Unit Tests (3257 total) ## Unit Tests (3257 total)
@@ -34,4 +34,4 @@ Generated: 2026-02-28 11:05:07 UTC
## Overall Progress ## Overall Progress
**2475/6942 items complete (35.7%)** **2477/6942 items complete (35.7%)**

37
reports/report_f9b582d.md Normal file
View File

@@ -0,0 +1,37 @@
# NATS .NET Porting Status Report
Generated: 2026-02-28 11:30:24 UTC
## Modules (12 total)
| Status | Count |
|--------|-------|
| verified | 12 |
## Features (3673 total)
| Status | Count |
|--------|-------|
| deferred | 2373 |
| n_a | 24 |
| stub | 1 |
| verified | 1275 |
## Unit Tests (3257 total)
| Status | Count |
|--------|-------|
| deferred | 2091 |
| n_a | 187 |
| verified | 979 |
## Library Mappings (36 total)
| Status | Count |
|--------|-------|
| mapped | 36 |
## Overall Progress
**2477/6942 items complete (35.7%)**