forked from testcontainers/testcontainers-dotnet
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathMTlsEndpointAuthenticationProvider.cs
66 lines (60 loc) · 2.99 KB
/
MTlsEndpointAuthenticationProvider.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
namespace DotNet.Testcontainers.Builders
{
using System;
using System.IO;
using System.Linq;
using System.Security.Cryptography.X509Certificates;
using Docker.DotNet.X509;
using DotNet.Testcontainers.Configurations;
using JetBrains.Annotations;
/// <inheritdoc cref="IDockerRegistryAuthenticationProvider" />
[PublicAPI]
internal sealed class MTlsEndpointAuthenticationProvider : TlsEndpointAuthenticationProvider
{
/// <summary>
/// Initializes a new instance of the <see cref="MTlsEndpointAuthenticationProvider" /> class.
/// </summary>
public MTlsEndpointAuthenticationProvider()
: this(EnvironmentConfiguration.Instance, PropertiesFileConfiguration.Instance)
{
}
/// <summary>
/// Initializes a new instance of the <see cref="MTlsEndpointAuthenticationProvider" /> class.
/// </summary>
/// <param name="customConfigurations">A list of custom configurations.</param>
public MTlsEndpointAuthenticationProvider(params ICustomConfiguration[] customConfigurations)
: base(customConfigurations)
{
}
/// <inheritdoc />
public override bool IsApplicable()
{
var certificatesFiles = new[] { ClientCertificateFileName, ClientCertificateKeyFileName };
return TlsEnabled && TlsVerifyEnabled && certificatesFiles.Select(fileName => Path.Combine(CertificatesDirectoryPath, fileName)).All(File.Exists);
}
/// <inheritdoc />
public override IDockerEndpointAuthenticationConfiguration GetAuthConfig()
{
var credentials = new CertificateCredentials(GetClientCertificate());
credentials.ServerCertificateValidationCallback = ServerCertificateValidationCallback;
return new DockerEndpointAuthenticationConfiguration(DockerEngine, credentials);
}
/// <inheritdoc />
protected override X509Certificate2 GetClientCertificate()
{
var clientCertificateFilePath = Path.Combine(CertificatesDirectoryPath, ClientCertificateFileName);
var clientCertificateKeyFilePath = Path.Combine(CertificatesDirectoryPath, ClientCertificateKeyFileName);
// The certificate must be exported to PFX on Windows to avoid "No credentials are available in the security package":
// https://stackoverflow.com/questions/72096812/loading-x509certificate2-from-pem-file-results-in-no-credentials-are-available/72101855#72101855.
#if NETSTANDARD
return Polyfills.X509Certificate2.CreateFromPemFile(clientCertificateFilePath, clientCertificateKeyFilePath);
#elif NET9_0_OR_GREATER
var certificate = X509Certificate2.CreateFromPemFile(clientCertificateFilePath, clientCertificateKeyFilePath);
return OperatingSystem.IsWindows() ? X509CertificateLoader.LoadPkcs12(certificate.Export(X509ContentType.Pfx), null) : certificate;
#elif NET6_0_OR_GREATER
var certificate = X509Certificate2.CreateFromPemFile(clientCertificateFilePath, clientCertificateKeyFilePath);
return OperatingSystem.IsWindows() ? new X509Certificate2(certificate.Export(X509ContentType.Pfx)) : certificate;
#endif
}
}
}