Skip to content

Commit 9f22af7

Browse files
joao-r-reisjoao-r-reis
authored
CSHARP-1000 Fix support for astra custom domain (#600)
1 parent faee527 commit 9f22af7

File tree

5 files changed

+200
-12
lines changed

5 files changed

+200
-12
lines changed

CHANGELOG.md

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,13 @@
11
# ChangeLog - DataStax C# Driver
22

3+
## 3.19.4
4+
5+
2023-11-07
6+
7+
### Bug fixes
8+
9+
* [[CSHARP-1000](https://datastax-oss.atlassian.net/browse/CSHARP-1000)] Fix support for Astra custom domains
10+
311
## 3.19.3
412

513
2023-08-31

src/Cassandra.Tests/DataStax/Cloud/CustomCaCertificateValidatorTests.cs

Lines changed: 70 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -95,5 +95,75 @@ public void TestCertificateWithWildcardAndNoRootCaInChain()
9595
Assert.AreEqual("*.db.astra.datastax.com", cert.GetNameInfo(X509NameType.SimpleName, false));
9696
Assert.True(new CustomCaCertificateValidator(ca, "3bdf7865-b9af-43d3-b76c-9ed0b57b2c2f-us-east-1.db.astra.datastax.com").Validate(cert, chain, SslPolicyErrors.RemoteCertificateChainErrors | SslPolicyErrors.RemoteCertificateNameMismatch));
9797
}
98+
99+
/// <summary>
100+
/// Positive test validator with custom domain in SAN
101+
/// </summary>
102+
[Test]
103+
public void TestCertificateWithCustomDomainInSan_WithNormalDomain()
104+
{
105+
// customdomain.crt
106+
var customDomainRawData =
107+
"LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZHakNDQkFLZ0F3SUJBZ0lVZlZ5T2trQjVVY0g0dzh0c1NNQ1FadCtWZldjd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dZVXhDekFKQmdOVkJBWVRBbFZUTVE0d0RBWURWUVFJREFWVGRHRjBaVEVOTUFzR0ExVUVCd3dFUTJsMAplVEVRTUE0R0ExVUVDZ3dIUTI5dGNHRnVlVEVMTUFrR0ExVUVDd3dDUWxVeEZqQVVCZ05WQkFNTURTb3VaWGhoCmJYQnNaUzVqYjIweElEQWVCZ2txaGtpRzl3MEJDUUVXRVdGa2JXbHVRR1Y0WVcxd2JHVXVZMjl0TUNBWERUSXoKTVRFd056RTFORE15TlZvWUR6TXdNak13TXpFd01UVTBNekkxV2pDQmhURUxNQWtHQTFVRUJoTUNWVk14RGpBTQpCZ05WQkFnTUJWTjBZWFJsTVEwd0N3WURWUVFIREFSRGFYUjVNUkF3RGdZRFZRUUtEQWREYjIxd1lXNTVNUXN3CkNRWURWUVFMREFKQ1ZURVdNQlFHQTFVRUF3d05LaTVsZUdGdGNHeGxMbU52YlRFZ01CNEdDU3FHU0liM0RRRUoKQVJZUllXUnRhVzVBWlhoaGJYQnNaUzVqYjIwd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFSwpBb0lCQVFDeSs4eGx3WW8rQ1IrZVFUSEZuVURTOGlSLzAyaGM3dlhCUUk2RGkyZ3dVR3pKVzUzUVR4N3MvYkI3Ck84YTVRZEI5RVBPVjREclFZZFZidFMwMFpwRmlhWWJxU1NQeko2bUdsWFFQVjBiWFduWXJGL3NvN295dUpmOVcKdzlGcWxoa1VPd1NUamNxWUNuT3hrSDBHRWx3YzZxUTRTTmFFRVJNcW13K0orb0R2dTljeHlGT1pFb3hPNUhjbQpVU2FEcTNXUkkwVXY0Ky9nQlZNVlVFNVVscVRpQlBUNG9vUDhxTkxheTUrSFRYQTlwRmdzMTlmSTJxdjlkSDlKCmZNcExkc2txMERNemZoZHgrbkdLSDBiVlc5MHdqWWJGbGkwcWVPRWFWNTA2Q012K3A4WlhyWUlWdXIreGZSamQKMUkyN05yVldiTVdMSUFPQ0d3UllwM010T3RmekFnTUJBQUdqZ2dGOE1JSUJlREFkQmdOVkhRNEVGZ1FVdHJNdgpIb1g2c2h2NUo4Ni9jeTNDRmdPVzluUXdnY1VHQTFVZEl3U0J2VENCdW9BVXRyTXZIb1g2c2h2NUo4Ni9jeTNDCkZnT1c5blNoZ1l1a2dZZ3dnWVV4Q3pBSkJnTlZCQVlUQWxWVE1RNHdEQVlEVlFRSURBVlRkR0YwWlRFTk1Bc0cKQTFVRUJ3d0VRMmwwZVRFUU1BNEdBMVVFQ2d3SFEyOXRjR0Z1ZVRFTE1Ba0dBMVVFQ3d3Q1FsVXhGakFVQmdOVgpCQU1NRFNvdVpYaGhiWEJzWlM1amIyMHhJREFlQmdrcWhraUc5dzBCQ1FFV0VXRmtiV2x1UUdWNFlXMXdiR1V1ClkyOXRnaFI5WEk2U1FIbFJ3ZmpEeTJ4SXdKQm0zNVY5WnpBTUJnTlZIUk1FQlRBREFRSC9NQXNHQTFVZER3UUUKQXdJQy9EQTVCZ05WSFJFRU1qQXdnZ3RsZUdGdGNHeGxMbU52YllJTktpNWxlR0Z0Y0d4bExtTnZiWUlTS2k1agpkWE4wYjIxa2IyMWhhVzR1WTI5dE1Ea0dBMVVkRWdReU1EQ0NDMlY0WVcxd2JHVXVZMjl0Z2cwcUxtVjRZVzF3CmJHVXVZMjl0Z2hJcUxtTjFjM1J2YldSdmJXRnBiaTVqYjIwd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFDQkQKYXVManJpRDNoRERmY3FMTUR4MVorT1l3U2UzaGdicXRadGFYUnVEZGlxeFE5dDY5dkxPWGY1WFA5dGxxODZxSQpXWHBtWEpRQ2VodDFnU00rL3lpNW1iQnZxaVl3SUJtblJNeUFIK3A1dzAyU0NxRk92ZTBmYm56VWdMVTBvWWliClFBbXdJdm9oRXJvZ1V6RG05Q01sS1lrdmdjSDhnZGVqbXJBdlNuZGVyMWVjU2ZmendYelFLUjBMSzNjQjQzbUEKK2RJK01Wa3FSbmFxeDdnZVZCaEhLblZVcklnMWQ5UVYwUFM5N0ZSSjkyd2VPY2xiTzl0MkpmOHE3Kzl3S3kybgpUVUtmem5DVkUyNjhOUUNISDhQd0NPUGljYU9IdFBlbWhhN0YrMUcwU1YrNjk1ZFFTOXQ1VE1EUi9JeEk3emFKCnFCRTNEMnVBVGlFaGE5bHFVazA9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K";
108+
var cert = new X509Certificate2(Convert.FromBase64String(customDomainRawData));
109+
var chain = new X509Chain();
110+
chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
111+
chain.Build(cert);
112+
Assert.AreEqual("*.example.com", cert.GetNameInfo(X509NameType.SimpleName, false));
113+
Assert.True(new CustomCaCertificateValidator(cert, "test123.example.com").Validate(cert, chain, SslPolicyErrors.RemoteCertificateChainErrors | SslPolicyErrors.RemoteCertificateNameMismatch));
114+
}
115+
116+
/// <summary>
117+
/// Positive test validator with custom domain in SAN
118+
/// </summary>
119+
[Test]
120+
public void TestCertificateWithCustomDomainInSan_WithCustomDomain()
121+
{
122+
// customdomain.crt
123+
var customDomainRawData =
124+
"LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZHakNDQkFLZ0F3SUJBZ0lVZlZ5T2trQjVVY0g0dzh0c1NNQ1FadCtWZldjd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dZVXhDekFKQmdOVkJBWVRBbFZUTVE0d0RBWURWUVFJREFWVGRHRjBaVEVOTUFzR0ExVUVCd3dFUTJsMAplVEVRTUE0R0ExVUVDZ3dIUTI5dGNHRnVlVEVMTUFrR0ExVUVDd3dDUWxVeEZqQVVCZ05WQkFNTURTb3VaWGhoCmJYQnNaUzVqYjIweElEQWVCZ2txaGtpRzl3MEJDUUVXRVdGa2JXbHVRR1Y0WVcxd2JHVXVZMjl0TUNBWERUSXoKTVRFd056RTFORE15TlZvWUR6TXdNak13TXpFd01UVTBNekkxV2pDQmhURUxNQWtHQTFVRUJoTUNWVk14RGpBTQpCZ05WQkFnTUJWTjBZWFJsTVEwd0N3WURWUVFIREFSRGFYUjVNUkF3RGdZRFZRUUtEQWREYjIxd1lXNTVNUXN3CkNRWURWUVFMREFKQ1ZURVdNQlFHQTFVRUF3d05LaTVsZUdGdGNHeGxMbU52YlRFZ01CNEdDU3FHU0liM0RRRUoKQVJZUllXUnRhVzVBWlhoaGJYQnNaUzVqYjIwd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFSwpBb0lCQVFDeSs4eGx3WW8rQ1IrZVFUSEZuVURTOGlSLzAyaGM3dlhCUUk2RGkyZ3dVR3pKVzUzUVR4N3MvYkI3Ck84YTVRZEI5RVBPVjREclFZZFZidFMwMFpwRmlhWWJxU1NQeko2bUdsWFFQVjBiWFduWXJGL3NvN295dUpmOVcKdzlGcWxoa1VPd1NUamNxWUNuT3hrSDBHRWx3YzZxUTRTTmFFRVJNcW13K0orb0R2dTljeHlGT1pFb3hPNUhjbQpVU2FEcTNXUkkwVXY0Ky9nQlZNVlVFNVVscVRpQlBUNG9vUDhxTkxheTUrSFRYQTlwRmdzMTlmSTJxdjlkSDlKCmZNcExkc2txMERNemZoZHgrbkdLSDBiVlc5MHdqWWJGbGkwcWVPRWFWNTA2Q012K3A4WlhyWUlWdXIreGZSamQKMUkyN05yVldiTVdMSUFPQ0d3UllwM010T3RmekFnTUJBQUdqZ2dGOE1JSUJlREFkQmdOVkhRNEVGZ1FVdHJNdgpIb1g2c2h2NUo4Ni9jeTNDRmdPVzluUXdnY1VHQTFVZEl3U0J2VENCdW9BVXRyTXZIb1g2c2h2NUo4Ni9jeTNDCkZnT1c5blNoZ1l1a2dZZ3dnWVV4Q3pBSkJnTlZCQVlUQWxWVE1RNHdEQVlEVlFRSURBVlRkR0YwWlRFTk1Bc0cKQTFVRUJ3d0VRMmwwZVRFUU1BNEdBMVVFQ2d3SFEyOXRjR0Z1ZVRFTE1Ba0dBMVVFQ3d3Q1FsVXhGakFVQmdOVgpCQU1NRFNvdVpYaGhiWEJzWlM1amIyMHhJREFlQmdrcWhraUc5dzBCQ1FFV0VXRmtiV2x1UUdWNFlXMXdiR1V1ClkyOXRnaFI5WEk2U1FIbFJ3ZmpEeTJ4SXdKQm0zNVY5WnpBTUJnTlZIUk1FQlRBREFRSC9NQXNHQTFVZER3UUUKQXdJQy9EQTVCZ05WSFJFRU1qQXdnZ3RsZUdGdGNHeGxMbU52YllJTktpNWxlR0Z0Y0d4bExtTnZiWUlTS2k1agpkWE4wYjIxa2IyMWhhVzR1WTI5dE1Ea0dBMVVkRWdReU1EQ0NDMlY0WVcxd2JHVXVZMjl0Z2cwcUxtVjRZVzF3CmJHVXVZMjl0Z2hJcUxtTjFjM1J2YldSdmJXRnBiaTVqYjIwd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFDQkQKYXVManJpRDNoRERmY3FMTUR4MVorT1l3U2UzaGdicXRadGFYUnVEZGlxeFE5dDY5dkxPWGY1WFA5dGxxODZxSQpXWHBtWEpRQ2VodDFnU00rL3lpNW1iQnZxaVl3SUJtblJNeUFIK3A1dzAyU0NxRk92ZTBmYm56VWdMVTBvWWliClFBbXdJdm9oRXJvZ1V6RG05Q01sS1lrdmdjSDhnZGVqbXJBdlNuZGVyMWVjU2ZmendYelFLUjBMSzNjQjQzbUEKK2RJK01Wa3FSbmFxeDdnZVZCaEhLblZVcklnMWQ5UVYwUFM5N0ZSSjkyd2VPY2xiTzl0MkpmOHE3Kzl3S3kybgpUVUtmem5DVkUyNjhOUUNISDhQd0NPUGljYU9IdFBlbWhhN0YrMUcwU1YrNjk1ZFFTOXQ1VE1EUi9JeEk3emFKCnFCRTNEMnVBVGlFaGE5bHFVazA9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K";
125+
var cert = new X509Certificate2(Convert.FromBase64String(customDomainRawData));
126+
var chain = new X509Chain();
127+
chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
128+
chain.Build(cert);
129+
Assert.AreEqual("*.example.com", cert.GetNameInfo(X509NameType.SimpleName, false));
130+
Assert.True(new CustomCaCertificateValidator(cert, "test123.customdomain.com").Validate(cert, chain, SslPolicyErrors.RemoteCertificateChainErrors | SslPolicyErrors.RemoteCertificateNameMismatch));
131+
}
132+
133+
/// <summary>
134+
/// Positive test validator without custom domain in SAN
135+
/// </summary>
136+
[Test]
137+
public void TestCertificateWithoutCustomDomainInSan_WithNormalDomain()
138+
{
139+
// example.crt
140+
var rawData =
141+
"LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUU4akNDQTlxZ0F3SUJBZ0lVWHBMT2UrVHpJY0x4SUFHNjVwWjAzbHFpMzFBd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dZVXhDekFKQmdOVkJBWVRBbFZUTVE0d0RBWURWUVFJREFWVGRHRjBaVEVOTUFzR0ExVUVCd3dFUTJsMAplVEVRTUE0R0ExVUVDZ3dIUTI5dGNHRnVlVEVMTUFrR0ExVUVDd3dDUWxVeEZqQVVCZ05WQkFNTURTb3VaWGhoCmJYQnNaUzVqYjIweElEQWVCZ2txaGtpRzl3MEJDUUVXRVdGa2JXbHVRR1Y0WVcxd2JHVXVZMjl0TUNBWERUSXoKTVRFd056RTFORE0wTjFvWUR6TXdNak13TXpFd01UVTBNelEzV2pDQmhURUxNQWtHQTFVRUJoTUNWVk14RGpBTQpCZ05WQkFnTUJWTjBZWFJsTVEwd0N3WURWUVFIREFSRGFYUjVNUkF3RGdZRFZRUUtEQWREYjIxd1lXNTVNUXN3CkNRWURWUVFMREFKQ1ZURVdNQlFHQTFVRUF3d05LaTVsZUdGdGNHeGxMbU52YlRFZ01CNEdDU3FHU0liM0RRRUoKQVJZUllXUnRhVzVBWlhoaGJYQnNaUzVqYjIwd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFSwpBb0lCQVFDeSs4eGx3WW8rQ1IrZVFUSEZuVURTOGlSLzAyaGM3dlhCUUk2RGkyZ3dVR3pKVzUzUVR4N3MvYkI3Ck84YTVRZEI5RVBPVjREclFZZFZidFMwMFpwRmlhWWJxU1NQeko2bUdsWFFQVjBiWFduWXJGL3NvN295dUpmOVcKdzlGcWxoa1VPd1NUamNxWUNuT3hrSDBHRWx3YzZxUTRTTmFFRVJNcW13K0orb0R2dTljeHlGT1pFb3hPNUhjbQpVU2FEcTNXUkkwVXY0Ky9nQlZNVlVFNVVscVRpQlBUNG9vUDhxTkxheTUrSFRYQTlwRmdzMTlmSTJxdjlkSDlKCmZNcExkc2txMERNemZoZHgrbkdLSDBiVlc5MHdqWWJGbGkwcWVPRWFWNTA2Q012K3A4WlhyWUlWdXIreGZSamQKMUkyN05yVldiTVdMSUFPQ0d3UllwM010T3RmekFnTUJBQUdqZ2dGVU1JSUJVREFkQmdOVkhRNEVGZ1FVdHJNdgpIb1g2c2h2NUo4Ni9jeTNDRmdPVzluUXdnY1VHQTFVZEl3U0J2VENCdW9BVXRyTXZIb1g2c2h2NUo4Ni9jeTNDCkZnT1c5blNoZ1l1a2dZZ3dnWVV4Q3pBSkJnTlZCQVlUQWxWVE1RNHdEQVlEVlFRSURBVlRkR0YwWlRFTk1Bc0cKQTFVRUJ3d0VRMmwwZVRFUU1BNEdBMVVFQ2d3SFEyOXRjR0Z1ZVRFTE1Ba0dBMVVFQ3d3Q1FsVXhGakFVQmdOVgpCQU1NRFNvdVpYaGhiWEJzWlM1amIyMHhJREFlQmdrcWhraUc5dzBCQ1FFV0VXRmtiV2x1UUdWNFlXMXdiR1V1ClkyOXRnaFJla3M1NzVQTWh3dkVnQWJybWxuVGVXcUxmVURBTUJnTlZIUk1FQlRBREFRSC9NQXNHQTFVZER3UUUKQXdJQy9EQWxCZ05WSFJFRUhqQWNnZ3RsZUdGdGNHeGxMbU52YllJTktpNWxlR0Z0Y0d4bExtTnZiVEFsQmdOVgpIUklFSGpBY2dndGxlR0Z0Y0d4bExtTnZiWUlOS2k1bGVHRnRjR3hsTG1OdmJUQU5CZ2txaGtpRzl3MEJBUXNGCkFBT0NBUUVBQzVGelZSM0VNODAxRWhBR2dLK2Q2OEpRYkpjZEJyMXloWHVDVUJLYnlYZHRTM1RGTStOdGNGZ3YKUDI0dXFuU05wSjB3SDRwQTdma0IwR0I2dUwvQmNZbHo0S1lTcEJHTWhoZEFyRnJ3S3hsb2tOVGx5RUJma0ovdwpDWWpkZGpzYkFvdUxsc3J6Nzl0VE93aVM3TEJQN1p6NHdqYWdIdkFncmpQTEVwcnhrVkhaNE1nSjVJY0RhdFhtCm5jdTk4NWhvT2VMWmpRRG9OVVpmWWwwdUJoNHNmYnY0OC9WdEJtSjAxVjVEbkVweEJWNUhuRjRIeW9ZTjZ6Y3kKNGZBU2E3ZzU1VTBReGY3T0JBT0NmVGFQbjR5ci9HK3ZDSTN3VWQzU2NzOW9laSttanNpNGJOcW1yR2dGZm5yMApvcWtNQzFtVXNtMEJQVmYveUdRSUpNZmRGSlRNS2c9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==";
142+
143+
var cert = new X509Certificate2(Convert.FromBase64String(rawData));
144+
var chain = new X509Chain();
145+
chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
146+
chain.Build(cert);
147+
Assert.AreEqual("*.example.com", cert.GetNameInfo(X509NameType.SimpleName, false));
148+
Assert.True(new CustomCaCertificateValidator(cert, "test123.example.com").Validate(cert, chain, SslPolicyErrors.RemoteCertificateChainErrors | SslPolicyErrors.RemoteCertificateNameMismatch));
149+
}
150+
151+
/// <summary>
152+
/// Negative test validator without custom domain in SAN
153+
/// </summary>
154+
[Test]
155+
public void TestCertificateWithoutCustomDomainInSan_WithCustomDomain()
156+
{
157+
// example.crt
158+
var rawData =
159+
"LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUU4akNDQTlxZ0F3SUJBZ0lVWHBMT2UrVHpJY0x4SUFHNjVwWjAzbHFpMzFBd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dZVXhDekFKQmdOVkJBWVRBbFZUTVE0d0RBWURWUVFJREFWVGRHRjBaVEVOTUFzR0ExVUVCd3dFUTJsMAplVEVRTUE0R0ExVUVDZ3dIUTI5dGNHRnVlVEVMTUFrR0ExVUVDd3dDUWxVeEZqQVVCZ05WQkFNTURTb3VaWGhoCmJYQnNaUzVqYjIweElEQWVCZ2txaGtpRzl3MEJDUUVXRVdGa2JXbHVRR1Y0WVcxd2JHVXVZMjl0TUNBWERUSXoKTVRFd056RTFORE0wTjFvWUR6TXdNak13TXpFd01UVTBNelEzV2pDQmhURUxNQWtHQTFVRUJoTUNWVk14RGpBTQpCZ05WQkFnTUJWTjBZWFJsTVEwd0N3WURWUVFIREFSRGFYUjVNUkF3RGdZRFZRUUtEQWREYjIxd1lXNTVNUXN3CkNRWURWUVFMREFKQ1ZURVdNQlFHQTFVRUF3d05LaTVsZUdGdGNHeGxMbU52YlRFZ01CNEdDU3FHU0liM0RRRUoKQVJZUllXUnRhVzVBWlhoaGJYQnNaUzVqYjIwd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFSwpBb0lCQVFDeSs4eGx3WW8rQ1IrZVFUSEZuVURTOGlSLzAyaGM3dlhCUUk2RGkyZ3dVR3pKVzUzUVR4N3MvYkI3Ck84YTVRZEI5RVBPVjREclFZZFZidFMwMFpwRmlhWWJxU1NQeko2bUdsWFFQVjBiWFduWXJGL3NvN295dUpmOVcKdzlGcWxoa1VPd1NUamNxWUNuT3hrSDBHRWx3YzZxUTRTTmFFRVJNcW13K0orb0R2dTljeHlGT1pFb3hPNUhjbQpVU2FEcTNXUkkwVXY0Ky9nQlZNVlVFNVVscVRpQlBUNG9vUDhxTkxheTUrSFRYQTlwRmdzMTlmSTJxdjlkSDlKCmZNcExkc2txMERNemZoZHgrbkdLSDBiVlc5MHdqWWJGbGkwcWVPRWFWNTA2Q012K3A4WlhyWUlWdXIreGZSamQKMUkyN05yVldiTVdMSUFPQ0d3UllwM010T3RmekFnTUJBQUdqZ2dGVU1JSUJVREFkQmdOVkhRNEVGZ1FVdHJNdgpIb1g2c2h2NUo4Ni9jeTNDRmdPVzluUXdnY1VHQTFVZEl3U0J2VENCdW9BVXRyTXZIb1g2c2h2NUo4Ni9jeTNDCkZnT1c5blNoZ1l1a2dZZ3dnWVV4Q3pBSkJnTlZCQVlUQWxWVE1RNHdEQVlEVlFRSURBVlRkR0YwWlRFTk1Bc0cKQTFVRUJ3d0VRMmwwZVRFUU1BNEdBMVVFQ2d3SFEyOXRjR0Z1ZVRFTE1Ba0dBMVVFQ3d3Q1FsVXhGakFVQmdOVgpCQU1NRFNvdVpYaGhiWEJzWlM1amIyMHhJREFlQmdrcWhraUc5dzBCQ1FFV0VXRmtiV2x1UUdWNFlXMXdiR1V1ClkyOXRnaFJla3M1NzVQTWh3dkVnQWJybWxuVGVXcUxmVURBTUJnTlZIUk1FQlRBREFRSC9NQXNHQTFVZER3UUUKQXdJQy9EQWxCZ05WSFJFRUhqQWNnZ3RsZUdGdGNHeGxMbU52YllJTktpNWxlR0Z0Y0d4bExtTnZiVEFsQmdOVgpIUklFSGpBY2dndGxlR0Z0Y0d4bExtTnZiWUlOS2k1bGVHRnRjR3hsTG1OdmJUQU5CZ2txaGtpRzl3MEJBUXNGCkFBT0NBUUVBQzVGelZSM0VNODAxRWhBR2dLK2Q2OEpRYkpjZEJyMXloWHVDVUJLYnlYZHRTM1RGTStOdGNGZ3YKUDI0dXFuU05wSjB3SDRwQTdma0IwR0I2dUwvQmNZbHo0S1lTcEJHTWhoZEFyRnJ3S3hsb2tOVGx5RUJma0ovdwpDWWpkZGpzYkFvdUxsc3J6Nzl0VE93aVM3TEJQN1p6NHdqYWdIdkFncmpQTEVwcnhrVkhaNE1nSjVJY0RhdFhtCm5jdTk4NWhvT2VMWmpRRG9OVVpmWWwwdUJoNHNmYnY0OC9WdEJtSjAxVjVEbkVweEJWNUhuRjRIeW9ZTjZ6Y3kKNGZBU2E3ZzU1VTBReGY3T0JBT0NmVGFQbjR5ci9HK3ZDSTN3VWQzU2NzOW9laSttanNpNGJOcW1yR2dGZm5yMApvcWtNQzFtVXNtMEJQVmYveUdRSUpNZmRGSlRNS2c9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==";
160+
161+
var cert = new X509Certificate2(Convert.FromBase64String(rawData));
162+
var chain = new X509Chain();
163+
chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
164+
chain.Build(cert);
165+
Assert.AreEqual("*.example.com", cert.GetNameInfo(X509NameType.SimpleName, false));
166+
Assert.False(new CustomCaCertificateValidator(cert, "test123.customdomain.com").Validate(cert, chain, SslPolicyErrors.RemoteCertificateChainErrors | SslPolicyErrors.RemoteCertificateNameMismatch));
167+
}
98168
}
99169
}

src/Cassandra.Tests/DataStax/Cloud/certs/customdomain.crt

Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,30 @@
1+
-----BEGIN CERTIFICATE-----
2+
MIIFGjCCBAKgAwIBAgIUfVyOkkB5UcH4w8tsSMCQZt+VfWcwDQYJKoZIhvcNAQEL
3+
BQAwgYUxCzAJBgNVBAYTAlVTMQ4wDAYDVQQIDAVTdGF0ZTENMAsGA1UEBwwEQ2l0
4+
eTEQMA4GA1UECgwHQ29tcGFueTELMAkGA1UECwwCQlUxFjAUBgNVBAMMDSouZXhh
5+
bXBsZS5jb20xIDAeBgkqhkiG9w0BCQEWEWFkbWluQGV4YW1wbGUuY29tMCAXDTIz
6+
MTEwNzE1NDMyNVoYDzMwMjMwMzEwMTU0MzI1WjCBhTELMAkGA1UEBhMCVVMxDjAM
7+
BgNVBAgMBVN0YXRlMQ0wCwYDVQQHDARDaXR5MRAwDgYDVQQKDAdDb21wYW55MQsw
8+
CQYDVQQLDAJCVTEWMBQGA1UEAwwNKi5leGFtcGxlLmNvbTEgMB4GCSqGSIb3DQEJ
9+
ARYRYWRtaW5AZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
10+
AoIBAQCy+8xlwYo+CR+eQTHFnUDS8iR/02hc7vXBQI6Di2gwUGzJW53QTx7s/bB7
11+
O8a5QdB9EPOV4DrQYdVbtS00ZpFiaYbqSSPzJ6mGlXQPV0bXWnYrF/so7oyuJf9W
12+
w9FqlhkUOwSTjcqYCnOxkH0GElwc6qQ4SNaEERMqmw+J+oDvu9cxyFOZEoxO5Hcm
13+
USaDq3WRI0Uv4+/gBVMVUE5UlqTiBPT4ooP8qNLay5+HTXA9pFgs19fI2qv9dH9J
14+
fMpLdskq0DMzfhdx+nGKH0bVW90wjYbFli0qeOEaV506CMv+p8ZXrYIVur+xfRjd
15+
1I27NrVWbMWLIAOCGwRYp3MtOtfzAgMBAAGjggF8MIIBeDAdBgNVHQ4EFgQUtrMv
16+
HoX6shv5J86/cy3CFgOW9nQwgcUGA1UdIwSBvTCBuoAUtrMvHoX6shv5J86/cy3C
17+
FgOW9nShgYukgYgwgYUxCzAJBgNVBAYTAlVTMQ4wDAYDVQQIDAVTdGF0ZTENMAsG
18+
A1UEBwwEQ2l0eTEQMA4GA1UECgwHQ29tcGFueTELMAkGA1UECwwCQlUxFjAUBgNV
19+
BAMMDSouZXhhbXBsZS5jb20xIDAeBgkqhkiG9w0BCQEWEWFkbWluQGV4YW1wbGUu
20+
Y29tghR9XI6SQHlRwfjDy2xIwJBm35V9ZzAMBgNVHRMEBTADAQH/MAsGA1UdDwQE
21+
AwIC/DA5BgNVHREEMjAwggtleGFtcGxlLmNvbYINKi5leGFtcGxlLmNvbYISKi5j
22+
dXN0b21kb21haW4uY29tMDkGA1UdEgQyMDCCC2V4YW1wbGUuY29tgg0qLmV4YW1w
23+
bGUuY29tghIqLmN1c3RvbWRvbWFpbi5jb20wDQYJKoZIhvcNAQELBQADggEBACBD
24+
auLjriD3hDDfcqLMDx1Z+OYwSe3hgbqtZtaXRuDdiqxQ9t69vLOXf5XP9tlq86qI
25+
WXpmXJQCeht1gSM+/yi5mbBvqiYwIBmnRMyAH+p5w02SCqFOve0fbnzUgLU0oYib
26+
QAmwIvohErogUzDm9CMlKYkvgcH8gdejmrAvSnder1ecSffzwXzQKR0LK3cB43mA
27+
+dI+MVkqRnaqx7geVBhHKnVUrIg1d9QV0PS97FRJ92weOclbO9t2Jf8q7+9wKy2n
28+
TUKfznCVE268NQCHH8PwCOPicaOHtPemha7F+1G0SV+695dQS9t5TMDR/IxI7zaJ
29+
qBE3D2uATiEha9lqUk0=
30+
-----END CERTIFICATE-----

src/Cassandra.Tests/DataStax/Cloud/certs/example.crt

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,29 @@
1+
-----BEGIN CERTIFICATE-----
2+
MIIE8jCCA9qgAwIBAgIUXpLOe+TzIcLxIAG65pZ03lqi31AwDQYJKoZIhvcNAQEL
3+
BQAwgYUxCzAJBgNVBAYTAlVTMQ4wDAYDVQQIDAVTdGF0ZTENMAsGA1UEBwwEQ2l0
4+
eTEQMA4GA1UECgwHQ29tcGFueTELMAkGA1UECwwCQlUxFjAUBgNVBAMMDSouZXhh
5+
bXBsZS5jb20xIDAeBgkqhkiG9w0BCQEWEWFkbWluQGV4YW1wbGUuY29tMCAXDTIz
6+
MTEwNzE1NDM0N1oYDzMwMjMwMzEwMTU0MzQ3WjCBhTELMAkGA1UEBhMCVVMxDjAM
7+
BgNVBAgMBVN0YXRlMQ0wCwYDVQQHDARDaXR5MRAwDgYDVQQKDAdDb21wYW55MQsw
8+
CQYDVQQLDAJCVTEWMBQGA1UEAwwNKi5leGFtcGxlLmNvbTEgMB4GCSqGSIb3DQEJ
9+
ARYRYWRtaW5AZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
10+
AoIBAQCy+8xlwYo+CR+eQTHFnUDS8iR/02hc7vXBQI6Di2gwUGzJW53QTx7s/bB7
11+
O8a5QdB9EPOV4DrQYdVbtS00ZpFiaYbqSSPzJ6mGlXQPV0bXWnYrF/so7oyuJf9W
12+
w9FqlhkUOwSTjcqYCnOxkH0GElwc6qQ4SNaEERMqmw+J+oDvu9cxyFOZEoxO5Hcm
13+
USaDq3WRI0Uv4+/gBVMVUE5UlqTiBPT4ooP8qNLay5+HTXA9pFgs19fI2qv9dH9J
14+
fMpLdskq0DMzfhdx+nGKH0bVW90wjYbFli0qeOEaV506CMv+p8ZXrYIVur+xfRjd
15+
1I27NrVWbMWLIAOCGwRYp3MtOtfzAgMBAAGjggFUMIIBUDAdBgNVHQ4EFgQUtrMv
16+
HoX6shv5J86/cy3CFgOW9nQwgcUGA1UdIwSBvTCBuoAUtrMvHoX6shv5J86/cy3C
17+
FgOW9nShgYukgYgwgYUxCzAJBgNVBAYTAlVTMQ4wDAYDVQQIDAVTdGF0ZTENMAsG
18+
A1UEBwwEQ2l0eTEQMA4GA1UECgwHQ29tcGFueTELMAkGA1UECwwCQlUxFjAUBgNV
19+
BAMMDSouZXhhbXBsZS5jb20xIDAeBgkqhkiG9w0BCQEWEWFkbWluQGV4YW1wbGUu
20+
Y29tghReks575PMhwvEgAbrmlnTeWqLfUDAMBgNVHRMEBTADAQH/MAsGA1UdDwQE
21+
AwIC/DAlBgNVHREEHjAcggtleGFtcGxlLmNvbYINKi5leGFtcGxlLmNvbTAlBgNV
22+
HRIEHjAcggtleGFtcGxlLmNvbYINKi5leGFtcGxlLmNvbTANBgkqhkiG9w0BAQsF
23+
AAOCAQEAC5FzVR3EM801EhAGgK+d68JQbJcdBr1yhXuCUBKbyXdtS3TFM+NtcFgv
24+
P24uqnSNpJ0wH4pA7fkB0GB6uL/BcYlz4KYSpBGMhhdArFrwKxlokNTlyEBfkJ/w
25+
CYjddjsbAouLlsrz79tTOwiS7LBP7Zz4wjagHvAgrjPLEprxkVHZ4MgJ5IcDatXm
26+
ncu985hoOeLZjQDoNUZfYl0uBh4sfbv48/VtBmJ01V5DnEpxBV5HnF4HyoYN6zcy
27+
4fASa7g55U0Qxf7OBAOCfTaPn4yr/G+vCI3wUd3Scs9oei+mjsi4bNqmrGgFfnr0
28+
oqkMC1mUsm0BPVf/yGQIJMfdFJTMKg==
29+
-----END CERTIFICATE-----

0 commit comments

Comments
 (0)