Skip to content

CSHARP-1000 Fix support for astra custom domain #600

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Nov 7, 2023
Merged

CSHARP-1000 Fix support for astra custom domain #600

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
250fffb
check SANs in Astra custom certificate validator
joao-r-reis Nov 7, 2023
e5fae92
update changelog
joao-r-reis Nov 7, 2023
3e3605f
add test cases for certificates with SAN
joao-r-reis Nov 7, 2023
6d667f9
fix constants
joao-r-reis Nov 7, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,13 @@
# ChangeLog - DataStax C# Driver

## 3.19.4

2023-11-07

### Bug fixes

* [[CSHARP-1000](https://datastax-oss.atlassian.net/browse/CSHARP-1000)] Fix support for Astra custom domains

## 3.19.3

2023-08-31
Expand Down
70 changes: 70 additions & 0 deletions src/Cassandra.Tests/DataStax/Cloud/CustomCaCertificateValidatorTests.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -95,5 +95,75 @@ public void TestCertificateWithWildcardAndNoRootCaInChain()
Assert.AreEqual("*.db.astra.datastax.com", cert.GetNameInfo(X509NameType.SimpleName, false));
Assert.True(new CustomCaCertificateValidator(ca, "3bdf7865-b9af-43d3-b76c-9ed0b57b2c2f-us-east-1.db.astra.datastax.com").Validate(cert, chain, SslPolicyErrors.RemoteCertificateChainErrors | SslPolicyErrors.RemoteCertificateNameMismatch));
}

/// <summary>
/// Positive test validator with custom domain in SAN
/// </summary>
[Test]
public void TestCertificateWithCustomDomainInSan_WithNormalDomain()
{
// customdomain.crt
var customDomainRawData =
"LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZHakNDQkFLZ0F3SUJBZ0lVZlZ5T2trQjVVY0g0dzh0c1NNQ1FadCtWZldjd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dZVXhDekFKQmdOVkJBWVRBbFZUTVE0d0RBWURWUVFJREFWVGRHRjBaVEVOTUFzR0ExVUVCd3dFUTJsMAplVEVRTUE0R0ExVUVDZ3dIUTI5dGNHRnVlVEVMTUFrR0ExVUVDd3dDUWxVeEZqQVVCZ05WQkFNTURTb3VaWGhoCmJYQnNaUzVqYjIweElEQWVCZ2txaGtpRzl3MEJDUUVXRVdGa2JXbHVRR1Y0WVcxd2JHVXVZMjl0TUNBWERUSXoKTVRFd056RTFORE15TlZvWUR6TXdNak13TXpFd01UVTBNekkxV2pDQmhURUxNQWtHQTFVRUJoTUNWVk14RGpBTQpCZ05WQkFnTUJWTjBZWFJsTVEwd0N3WURWUVFIREFSRGFYUjVNUkF3RGdZRFZRUUtEQWREYjIxd1lXNTVNUXN3CkNRWURWUVFMREFKQ1ZURVdNQlFHQTFVRUF3d05LaTVsZUdGdGNHeGxMbU52YlRFZ01CNEdDU3FHU0liM0RRRUoKQVJZUllXUnRhVzVBWlhoaGJYQnNaUzVqYjIwd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFSwpBb0lCQVFDeSs4eGx3WW8rQ1IrZVFUSEZuVURTOGlSLzAyaGM3dlhCUUk2RGkyZ3dVR3pKVzUzUVR4N3MvYkI3Ck84YTVRZEI5RVBPVjREclFZZFZidFMwMFpwRmlhWWJxU1NQeko2bUdsWFFQVjBiWFduWXJGL3NvN295dUpmOVcKdzlGcWxoa1VPd1NUamNxWUNuT3hrSDBHRWx3YzZxUTRTTmFFRVJNcW13K0orb0R2dTljeHlGT1pFb3hPNUhjbQpVU2FEcTNXUkkwVXY0Ky9nQlZNVlVFNVVscVRpQlBUNG9vUDhxTkxheTUrSFRYQTlwRmdzMTlmSTJxdjlkSDlKCmZNcExkc2txMERNemZoZHgrbkdLSDBiVlc5MHdqWWJGbGkwcWVPRWFWNTA2Q012K3A4WlhyWUlWdXIreGZSamQKMUkyN05yVldiTVdMSUFPQ0d3UllwM010T3RmekFnTUJBQUdqZ2dGOE1JSUJlREFkQmdOVkhRNEVGZ1FVdHJNdgpIb1g2c2h2NUo4Ni9jeTNDRmdPVzluUXdnY1VHQTFVZEl3U0J2VENCdW9BVXRyTXZIb1g2c2h2NUo4Ni9jeTNDCkZnT1c5blNoZ1l1a2dZZ3dnWVV4Q3pBSkJnTlZCQVlUQWxWVE1RNHdEQVlEVlFRSURBVlRkR0YwWlRFTk1Bc0cKQTFVRUJ3d0VRMmwwZVRFUU1BNEdBMVVFQ2d3SFEyOXRjR0Z1ZVRFTE1Ba0dBMVVFQ3d3Q1FsVXhGakFVQmdOVgpCQU1NRFNvdVpYaGhiWEJzWlM1amIyMHhJREFlQmdrcWhraUc5dzBCQ1FFV0VXRmtiV2x1UUdWNFlXMXdiR1V1ClkyOXRnaFI5WEk2U1FIbFJ3ZmpEeTJ4SXdKQm0zNVY5WnpBTUJnTlZIUk1FQlRBREFRSC9NQXNHQTFVZER3UUUKQXdJQy9EQTVCZ05WSFJFRU1qQXdnZ3RsZUdGdGNHeGxMbU52YllJTktpNWxlR0Z0Y0d4bExtTnZiWUlTS2k1agpkWE4wYjIxa2IyMWhhVzR1WTI5dE1Ea0dBMVVkRWdReU1EQ0NDMlY0WVcxd2JHVXVZMjl0Z2cwcUxtVjRZVzF3CmJHVXVZMjl0Z2hJcUxtTjFjM1J2YldSdmJXRnBiaTVqYjIwd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFDQkQKYXVManJpRDNoRERmY3FMTUR4MVorT1l3U2UzaGdicXRadGFYUnVEZGlxeFE5dDY5dkxPWGY1WFA5dGxxODZxSQpXWHBtWEpRQ2VodDFnU00rL3lpNW1iQnZxaVl3SUJtblJNeUFIK3A1dzAyU0NxRk92ZTBmYm56VWdMVTBvWWliClFBbXdJdm9oRXJvZ1V6RG05Q01sS1lrdmdjSDhnZGVqbXJBdlNuZGVyMWVjU2ZmendYelFLUjBMSzNjQjQzbUEKK2RJK01Wa3FSbmFxeDdnZVZCaEhLblZVcklnMWQ5UVYwUFM5N0ZSSjkyd2VPY2xiTzl0MkpmOHE3Kzl3S3kybgpUVUtmem5DVkUyNjhOUUNISDhQd0NPUGljYU9IdFBlbWhhN0YrMUcwU1YrNjk1ZFFTOXQ1VE1EUi9JeEk3emFKCnFCRTNEMnVBVGlFaGE5bHFVazA9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K";
var cert = new X509Certificate2(Convert.FromBase64String(customDomainRawData));
var chain = new X509Chain();
chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
chain.Build(cert);
Assert.AreEqual("*.example.com", cert.GetNameInfo(X509NameType.SimpleName, false));
Assert.True(new CustomCaCertificateValidator(cert, "test123.example.com").Validate(cert, chain, SslPolicyErrors.RemoteCertificateChainErrors | SslPolicyErrors.RemoteCertificateNameMismatch));
}

/// <summary>
/// Positive test validator with custom domain in SAN
/// </summary>
[Test]
public void TestCertificateWithCustomDomainInSan_WithCustomDomain()
{
// customdomain.crt
var customDomainRawData =
"LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZHakNDQkFLZ0F3SUJBZ0lVZlZ5T2trQjVVY0g0dzh0c1NNQ1FadCtWZldjd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dZVXhDekFKQmdOVkJBWVRBbFZUTVE0d0RBWURWUVFJREFWVGRHRjBaVEVOTUFzR0ExVUVCd3dFUTJsMAplVEVRTUE0R0ExVUVDZ3dIUTI5dGNHRnVlVEVMTUFrR0ExVUVDd3dDUWxVeEZqQVVCZ05WQkFNTURTb3VaWGhoCmJYQnNaUzVqYjIweElEQWVCZ2txaGtpRzl3MEJDUUVXRVdGa2JXbHVRR1Y0WVcxd2JHVXVZMjl0TUNBWERUSXoKTVRFd056RTFORE15TlZvWUR6TXdNak13TXpFd01UVTBNekkxV2pDQmhURUxNQWtHQTFVRUJoTUNWVk14RGpBTQpCZ05WQkFnTUJWTjBZWFJsTVEwd0N3WURWUVFIREFSRGFYUjVNUkF3RGdZRFZRUUtEQWREYjIxd1lXNTVNUXN3CkNRWURWUVFMREFKQ1ZURVdNQlFHQTFVRUF3d05LaTVsZUdGdGNHeGxMbU52YlRFZ01CNEdDU3FHU0liM0RRRUoKQVJZUllXUnRhVzVBWlhoaGJYQnNaUzVqYjIwd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFSwpBb0lCQVFDeSs4eGx3WW8rQ1IrZVFUSEZuVURTOGlSLzAyaGM3dlhCUUk2RGkyZ3dVR3pKVzUzUVR4N3MvYkI3Ck84YTVRZEI5RVBPVjREclFZZFZidFMwMFpwRmlhWWJxU1NQeko2bUdsWFFQVjBiWFduWXJGL3NvN295dUpmOVcKdzlGcWxoa1VPd1NUamNxWUNuT3hrSDBHRWx3YzZxUTRTTmFFRVJNcW13K0orb0R2dTljeHlGT1pFb3hPNUhjbQpVU2FEcTNXUkkwVXY0Ky9nQlZNVlVFNVVscVRpQlBUNG9vUDhxTkxheTUrSFRYQTlwRmdzMTlmSTJxdjlkSDlKCmZNcExkc2txMERNemZoZHgrbkdLSDBiVlc5MHdqWWJGbGkwcWVPRWFWNTA2Q012K3A4WlhyWUlWdXIreGZSamQKMUkyN05yVldiTVdMSUFPQ0d3UllwM010T3RmekFnTUJBQUdqZ2dGOE1JSUJlREFkQmdOVkhRNEVGZ1FVdHJNdgpIb1g2c2h2NUo4Ni9jeTNDRmdPVzluUXdnY1VHQTFVZEl3U0J2VENCdW9BVXRyTXZIb1g2c2h2NUo4Ni9jeTNDCkZnT1c5blNoZ1l1a2dZZ3dnWVV4Q3pBSkJnTlZCQVlUQWxWVE1RNHdEQVlEVlFRSURBVlRkR0YwWlRFTk1Bc0cKQTFVRUJ3d0VRMmwwZVRFUU1BNEdBMVVFQ2d3SFEyOXRjR0Z1ZVRFTE1Ba0dBMVVFQ3d3Q1FsVXhGakFVQmdOVgpCQU1NRFNvdVpYaGhiWEJzWlM1amIyMHhJREFlQmdrcWhraUc5dzBCQ1FFV0VXRmtiV2x1UUdWNFlXMXdiR1V1ClkyOXRnaFI5WEk2U1FIbFJ3ZmpEeTJ4SXdKQm0zNVY5WnpBTUJnTlZIUk1FQlRBREFRSC9NQXNHQTFVZER3UUUKQXdJQy9EQTVCZ05WSFJFRU1qQXdnZ3RsZUdGdGNHeGxMbU52YllJTktpNWxlR0Z0Y0d4bExtTnZiWUlTS2k1agpkWE4wYjIxa2IyMWhhVzR1WTI5dE1Ea0dBMVVkRWdReU1EQ0NDMlY0WVcxd2JHVXVZMjl0Z2cwcUxtVjRZVzF3CmJHVXVZMjl0Z2hJcUxtTjFjM1J2YldSdmJXRnBiaTVqYjIwd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFDQkQKYXVManJpRDNoRERmY3FMTUR4MVorT1l3U2UzaGdicXRadGFYUnVEZGlxeFE5dDY5dkxPWGY1WFA5dGxxODZxSQpXWHBtWEpRQ2VodDFnU00rL3lpNW1iQnZxaVl3SUJtblJNeUFIK3A1dzAyU0NxRk92ZTBmYm56VWdMVTBvWWliClFBbXdJdm9oRXJvZ1V6RG05Q01sS1lrdmdjSDhnZGVqbXJBdlNuZGVyMWVjU2ZmendYelFLUjBMSzNjQjQzbUEKK2RJK01Wa3FSbmFxeDdnZVZCaEhLblZVcklnMWQ5UVYwUFM5N0ZSSjkyd2VPY2xiTzl0MkpmOHE3Kzl3S3kybgpUVUtmem5DVkUyNjhOUUNISDhQd0NPUGljYU9IdFBlbWhhN0YrMUcwU1YrNjk1ZFFTOXQ1VE1EUi9JeEk3emFKCnFCRTNEMnVBVGlFaGE5bHFVazA9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K";
var cert = new X509Certificate2(Convert.FromBase64String(customDomainRawData));
var chain = new X509Chain();
chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
chain.Build(cert);
Assert.AreEqual("*.example.com", cert.GetNameInfo(X509NameType.SimpleName, false));
Assert.True(new CustomCaCertificateValidator(cert, "test123.customdomain.com").Validate(cert, chain, SslPolicyErrors.RemoteCertificateChainErrors | SslPolicyErrors.RemoteCertificateNameMismatch));
}

/// <summary>
/// Positive test validator without custom domain in SAN
/// </summary>
[Test]
public void TestCertificateWithoutCustomDomainInSan_WithNormalDomain()
{
// example.crt
var rawData =
"LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUU4akNDQTlxZ0F3SUJBZ0lVWHBMT2UrVHpJY0x4SUFHNjVwWjAzbHFpMzFBd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dZVXhDekFKQmdOVkJBWVRBbFZUTVE0d0RBWURWUVFJREFWVGRHRjBaVEVOTUFzR0ExVUVCd3dFUTJsMAplVEVRTUE0R0ExVUVDZ3dIUTI5dGNHRnVlVEVMTUFrR0ExVUVDd3dDUWxVeEZqQVVCZ05WQkFNTURTb3VaWGhoCmJYQnNaUzVqYjIweElEQWVCZ2txaGtpRzl3MEJDUUVXRVdGa2JXbHVRR1Y0WVcxd2JHVXVZMjl0TUNBWERUSXoKTVRFd056RTFORE0wTjFvWUR6TXdNak13TXpFd01UVTBNelEzV2pDQmhURUxNQWtHQTFVRUJoTUNWVk14RGpBTQpCZ05WQkFnTUJWTjBZWFJsTVEwd0N3WURWUVFIREFSRGFYUjVNUkF3RGdZRFZRUUtEQWREYjIxd1lXNTVNUXN3CkNRWURWUVFMREFKQ1ZURVdNQlFHQTFVRUF3d05LaTVsZUdGdGNHeGxMbU52YlRFZ01CNEdDU3FHU0liM0RRRUoKQVJZUllXUnRhVzVBWlhoaGJYQnNaUzVqYjIwd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFSwpBb0lCQVFDeSs4eGx3WW8rQ1IrZVFUSEZuVURTOGlSLzAyaGM3dlhCUUk2RGkyZ3dVR3pKVzUzUVR4N3MvYkI3Ck84YTVRZEI5RVBPVjREclFZZFZidFMwMFpwRmlhWWJxU1NQeko2bUdsWFFQVjBiWFduWXJGL3NvN295dUpmOVcKdzlGcWxoa1VPd1NUamNxWUNuT3hrSDBHRWx3YzZxUTRTTmFFRVJNcW13K0orb0R2dTljeHlGT1pFb3hPNUhjbQpVU2FEcTNXUkkwVXY0Ky9nQlZNVlVFNVVscVRpQlBUNG9vUDhxTkxheTUrSFRYQTlwRmdzMTlmSTJxdjlkSDlKCmZNcExkc2txMERNemZoZHgrbkdLSDBiVlc5MHdqWWJGbGkwcWVPRWFWNTA2Q012K3A4WlhyWUlWdXIreGZSamQKMUkyN05yVldiTVdMSUFPQ0d3UllwM010T3RmekFnTUJBQUdqZ2dGVU1JSUJVREFkQmdOVkhRNEVGZ1FVdHJNdgpIb1g2c2h2NUo4Ni9jeTNDRmdPVzluUXdnY1VHQTFVZEl3U0J2VENCdW9BVXRyTXZIb1g2c2h2NUo4Ni9jeTNDCkZnT1c5blNoZ1l1a2dZZ3dnWVV4Q3pBSkJnTlZCQVlUQWxWVE1RNHdEQVlEVlFRSURBVlRkR0YwWlRFTk1Bc0cKQTFVRUJ3d0VRMmwwZVRFUU1BNEdBMVVFQ2d3SFEyOXRjR0Z1ZVRFTE1Ba0dBMVVFQ3d3Q1FsVXhGakFVQmdOVgpCQU1NRFNvdVpYaGhiWEJzWlM1amIyMHhJREFlQmdrcWhraUc5dzBCQ1FFV0VXRmtiV2x1UUdWNFlXMXdiR1V1ClkyOXRnaFJla3M1NzVQTWh3dkVnQWJybWxuVGVXcUxmVURBTUJnTlZIUk1FQlRBREFRSC9NQXNHQTFVZER3UUUKQXdJQy9EQWxCZ05WSFJFRUhqQWNnZ3RsZUdGdGNHeGxMbU52YllJTktpNWxlR0Z0Y0d4bExtTnZiVEFsQmdOVgpIUklFSGpBY2dndGxlR0Z0Y0d4bExtTnZiWUlOS2k1bGVHRnRjR3hsTG1OdmJUQU5CZ2txaGtpRzl3MEJBUXNGCkFBT0NBUUVBQzVGelZSM0VNODAxRWhBR2dLK2Q2OEpRYkpjZEJyMXloWHVDVUJLYnlYZHRTM1RGTStOdGNGZ3YKUDI0dXFuU05wSjB3SDRwQTdma0IwR0I2dUwvQmNZbHo0S1lTcEJHTWhoZEFyRnJ3S3hsb2tOVGx5RUJma0ovdwpDWWpkZGpzYkFvdUxsc3J6Nzl0VE93aVM3TEJQN1p6NHdqYWdIdkFncmpQTEVwcnhrVkhaNE1nSjVJY0RhdFhtCm5jdTk4NWhvT2VMWmpRRG9OVVpmWWwwdUJoNHNmYnY0OC9WdEJtSjAxVjVEbkVweEJWNUhuRjRIeW9ZTjZ6Y3kKNGZBU2E3ZzU1VTBReGY3T0JBT0NmVGFQbjR5ci9HK3ZDSTN3VWQzU2NzOW9laSttanNpNGJOcW1yR2dGZm5yMApvcWtNQzFtVXNtMEJQVmYveUdRSUpNZmRGSlRNS2c9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==";

var cert = new X509Certificate2(Convert.FromBase64String(rawData));
var chain = new X509Chain();
chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
chain.Build(cert);
Assert.AreEqual("*.example.com", cert.GetNameInfo(X509NameType.SimpleName, false));
Assert.True(new CustomCaCertificateValidator(cert, "test123.example.com").Validate(cert, chain, SslPolicyErrors.RemoteCertificateChainErrors | SslPolicyErrors.RemoteCertificateNameMismatch));
}

/// <summary>
/// Negative test validator without custom domain in SAN
/// </summary>
[Test]
public void TestCertificateWithoutCustomDomainInSan_WithCustomDomain()
{
// example.crt
var rawData =
"LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUU4akNDQTlxZ0F3SUJBZ0lVWHBMT2UrVHpJY0x4SUFHNjVwWjAzbHFpMzFBd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dZVXhDekFKQmdOVkJBWVRBbFZUTVE0d0RBWURWUVFJREFWVGRHRjBaVEVOTUFzR0ExVUVCd3dFUTJsMAplVEVRTUE0R0ExVUVDZ3dIUTI5dGNHRnVlVEVMTUFrR0ExVUVDd3dDUWxVeEZqQVVCZ05WQkFNTURTb3VaWGhoCmJYQnNaUzVqYjIweElEQWVCZ2txaGtpRzl3MEJDUUVXRVdGa2JXbHVRR1Y0WVcxd2JHVXVZMjl0TUNBWERUSXoKTVRFd056RTFORE0wTjFvWUR6TXdNak13TXpFd01UVTBNelEzV2pDQmhURUxNQWtHQTFVRUJoTUNWVk14RGpBTQpCZ05WQkFnTUJWTjBZWFJsTVEwd0N3WURWUVFIREFSRGFYUjVNUkF3RGdZRFZRUUtEQWREYjIxd1lXNTVNUXN3CkNRWURWUVFMREFKQ1ZURVdNQlFHQTFVRUF3d05LaTVsZUdGdGNHeGxMbU52YlRFZ01CNEdDU3FHU0liM0RRRUoKQVJZUllXUnRhVzVBWlhoaGJYQnNaUzVqYjIwd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFSwpBb0lCQVFDeSs4eGx3WW8rQ1IrZVFUSEZuVURTOGlSLzAyaGM3dlhCUUk2RGkyZ3dVR3pKVzUzUVR4N3MvYkI3Ck84YTVRZEI5RVBPVjREclFZZFZidFMwMFpwRmlhWWJxU1NQeko2bUdsWFFQVjBiWFduWXJGL3NvN295dUpmOVcKdzlGcWxoa1VPd1NUamNxWUNuT3hrSDBHRWx3YzZxUTRTTmFFRVJNcW13K0orb0R2dTljeHlGT1pFb3hPNUhjbQpVU2FEcTNXUkkwVXY0Ky9nQlZNVlVFNVVscVRpQlBUNG9vUDhxTkxheTUrSFRYQTlwRmdzMTlmSTJxdjlkSDlKCmZNcExkc2txMERNemZoZHgrbkdLSDBiVlc5MHdqWWJGbGkwcWVPRWFWNTA2Q012K3A4WlhyWUlWdXIreGZSamQKMUkyN05yVldiTVdMSUFPQ0d3UllwM010T3RmekFnTUJBQUdqZ2dGVU1JSUJVREFkQmdOVkhRNEVGZ1FVdHJNdgpIb1g2c2h2NUo4Ni9jeTNDRmdPVzluUXdnY1VHQTFVZEl3U0J2VENCdW9BVXRyTXZIb1g2c2h2NUo4Ni9jeTNDCkZnT1c5blNoZ1l1a2dZZ3dnWVV4Q3pBSkJnTlZCQVlUQWxWVE1RNHdEQVlEVlFRSURBVlRkR0YwWlRFTk1Bc0cKQTFVRUJ3d0VRMmwwZVRFUU1BNEdBMVVFQ2d3SFEyOXRjR0Z1ZVRFTE1Ba0dBMVVFQ3d3Q1FsVXhGakFVQmdOVgpCQU1NRFNvdVpYaGhiWEJzWlM1amIyMHhJREFlQmdrcWhraUc5dzBCQ1FFV0VXRmtiV2x1UUdWNFlXMXdiR1V1ClkyOXRnaFJla3M1NzVQTWh3dkVnQWJybWxuVGVXcUxmVURBTUJnTlZIUk1FQlRBREFRSC9NQXNHQTFVZER3UUUKQXdJQy9EQWxCZ05WSFJFRUhqQWNnZ3RsZUdGdGNHeGxMbU52YllJTktpNWxlR0Z0Y0d4bExtTnZiVEFsQmdOVgpIUklFSGpBY2dndGxlR0Z0Y0d4bExtTnZiWUlOS2k1bGVHRnRjR3hsTG1OdmJUQU5CZ2txaGtpRzl3MEJBUXNGCkFBT0NBUUVBQzVGelZSM0VNODAxRWhBR2dLK2Q2OEpRYkpjZEJyMXloWHVDVUJLYnlYZHRTM1RGTStOdGNGZ3YKUDI0dXFuU05wSjB3SDRwQTdma0IwR0I2dUwvQmNZbHo0S1lTcEJHTWhoZEFyRnJ3S3hsb2tOVGx5RUJma0ovdwpDWWpkZGpzYkFvdUxsc3J6Nzl0VE93aVM3TEJQN1p6NHdqYWdIdkFncmpQTEVwcnhrVkhaNE1nSjVJY0RhdFhtCm5jdTk4NWhvT2VMWmpRRG9OVVpmWWwwdUJoNHNmYnY0OC9WdEJtSjAxVjVEbkVweEJWNUhuRjRIeW9ZTjZ6Y3kKNGZBU2E3ZzU1VTBReGY3T0JBT0NmVGFQbjR5ci9HK3ZDSTN3VWQzU2NzOW9laSttanNpNGJOcW1yR2dGZm5yMApvcWtNQzFtVXNtMEJQVmYveUdRSUpNZmRGSlRNS2c9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==";

var cert = new X509Certificate2(Convert.FromBase64String(rawData));
var chain = new X509Chain();
chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
chain.Build(cert);
Assert.AreEqual("*.example.com", cert.GetNameInfo(X509NameType.SimpleName, false));
Assert.False(new CustomCaCertificateValidator(cert, "test123.customdomain.com").Validate(cert, chain, SslPolicyErrors.RemoteCertificateChainErrors | SslPolicyErrors.RemoteCertificateNameMismatch));
}
}
}
30 changes: 30 additions & 0 deletions src/Cassandra.Tests/DataStax/Cloud/certs/customdomain.crt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgIUfVyOkkB5UcH4w8tsSMCQZt+VfWcwDQYJKoZIhvcNAQEL
BQAwgYUxCzAJBgNVBAYTAlVTMQ4wDAYDVQQIDAVTdGF0ZTENMAsGA1UEBwwEQ2l0
eTEQMA4GA1UECgwHQ29tcGFueTELMAkGA1UECwwCQlUxFjAUBgNVBAMMDSouZXhh
bXBsZS5jb20xIDAeBgkqhkiG9w0BCQEWEWFkbWluQGV4YW1wbGUuY29tMCAXDTIz
MTEwNzE1NDMyNVoYDzMwMjMwMzEwMTU0MzI1WjCBhTELMAkGA1UEBhMCVVMxDjAM
BgNVBAgMBVN0YXRlMQ0wCwYDVQQHDARDaXR5MRAwDgYDVQQKDAdDb21wYW55MQsw
CQYDVQQLDAJCVTEWMBQGA1UEAwwNKi5leGFtcGxlLmNvbTEgMB4GCSqGSIb3DQEJ
ARYRYWRtaW5AZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQCy+8xlwYo+CR+eQTHFnUDS8iR/02hc7vXBQI6Di2gwUGzJW53QTx7s/bB7
O8a5QdB9EPOV4DrQYdVbtS00ZpFiaYbqSSPzJ6mGlXQPV0bXWnYrF/so7oyuJf9W
w9FqlhkUOwSTjcqYCnOxkH0GElwc6qQ4SNaEERMqmw+J+oDvu9cxyFOZEoxO5Hcm
USaDq3WRI0Uv4+/gBVMVUE5UlqTiBPT4ooP8qNLay5+HTXA9pFgs19fI2qv9dH9J
fMpLdskq0DMzfhdx+nGKH0bVW90wjYbFli0qeOEaV506CMv+p8ZXrYIVur+xfRjd
1I27NrVWbMWLIAOCGwRYp3MtOtfzAgMBAAGjggF8MIIBeDAdBgNVHQ4EFgQUtrMv
HoX6shv5J86/cy3CFgOW9nQwgcUGA1UdIwSBvTCBuoAUtrMvHoX6shv5J86/cy3C
FgOW9nShgYukgYgwgYUxCzAJBgNVBAYTAlVTMQ4wDAYDVQQIDAVTdGF0ZTENMAsG
A1UEBwwEQ2l0eTEQMA4GA1UECgwHQ29tcGFueTELMAkGA1UECwwCQlUxFjAUBgNV
BAMMDSouZXhhbXBsZS5jb20xIDAeBgkqhkiG9w0BCQEWEWFkbWluQGV4YW1wbGUu
Y29tghR9XI6SQHlRwfjDy2xIwJBm35V9ZzAMBgNVHRMEBTADAQH/MAsGA1UdDwQE
AwIC/DA5BgNVHREEMjAwggtleGFtcGxlLmNvbYINKi5leGFtcGxlLmNvbYISKi5j
dXN0b21kb21haW4uY29tMDkGA1UdEgQyMDCCC2V4YW1wbGUuY29tgg0qLmV4YW1w
bGUuY29tghIqLmN1c3RvbWRvbWFpbi5jb20wDQYJKoZIhvcNAQELBQADggEBACBD
auLjriD3hDDfcqLMDx1Z+OYwSe3hgbqtZtaXRuDdiqxQ9t69vLOXf5XP9tlq86qI
WXpmXJQCeht1gSM+/yi5mbBvqiYwIBmnRMyAH+p5w02SCqFOve0fbnzUgLU0oYib
QAmwIvohErogUzDm9CMlKYkvgcH8gdejmrAvSnder1ecSffzwXzQKR0LK3cB43mA
+dI+MVkqRnaqx7geVBhHKnVUrIg1d9QV0PS97FRJ92weOclbO9t2Jf8q7+9wKy2n
TUKfznCVE268NQCHH8PwCOPicaOHtPemha7F+1G0SV+695dQS9t5TMDR/IxI7zaJ
qBE3D2uATiEha9lqUk0=
-----END CERTIFICATE-----
29 changes: 29 additions & 0 deletions src/Cassandra.Tests/DataStax/Cloud/certs/example.crt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
-----BEGIN CERTIFICATE-----
MIIE8jCCA9qgAwIBAgIUXpLOe+TzIcLxIAG65pZ03lqi31AwDQYJKoZIhvcNAQEL
BQAwgYUxCzAJBgNVBAYTAlVTMQ4wDAYDVQQIDAVTdGF0ZTENMAsGA1UEBwwEQ2l0
eTEQMA4GA1UECgwHQ29tcGFueTELMAkGA1UECwwCQlUxFjAUBgNVBAMMDSouZXhh
bXBsZS5jb20xIDAeBgkqhkiG9w0BCQEWEWFkbWluQGV4YW1wbGUuY29tMCAXDTIz
MTEwNzE1NDM0N1oYDzMwMjMwMzEwMTU0MzQ3WjCBhTELMAkGA1UEBhMCVVMxDjAM
BgNVBAgMBVN0YXRlMQ0wCwYDVQQHDARDaXR5MRAwDgYDVQQKDAdDb21wYW55MQsw
CQYDVQQLDAJCVTEWMBQGA1UEAwwNKi5leGFtcGxlLmNvbTEgMB4GCSqGSIb3DQEJ
ARYRYWRtaW5AZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQCy+8xlwYo+CR+eQTHFnUDS8iR/02hc7vXBQI6Di2gwUGzJW53QTx7s/bB7
O8a5QdB9EPOV4DrQYdVbtS00ZpFiaYbqSSPzJ6mGlXQPV0bXWnYrF/so7oyuJf9W
w9FqlhkUOwSTjcqYCnOxkH0GElwc6qQ4SNaEERMqmw+J+oDvu9cxyFOZEoxO5Hcm
USaDq3WRI0Uv4+/gBVMVUE5UlqTiBPT4ooP8qNLay5+HTXA9pFgs19fI2qv9dH9J
fMpLdskq0DMzfhdx+nGKH0bVW90wjYbFli0qeOEaV506CMv+p8ZXrYIVur+xfRjd
1I27NrVWbMWLIAOCGwRYp3MtOtfzAgMBAAGjggFUMIIBUDAdBgNVHQ4EFgQUtrMv
HoX6shv5J86/cy3CFgOW9nQwgcUGA1UdIwSBvTCBuoAUtrMvHoX6shv5J86/cy3C
FgOW9nShgYukgYgwgYUxCzAJBgNVBAYTAlVTMQ4wDAYDVQQIDAVTdGF0ZTENMAsG
A1UEBwwEQ2l0eTEQMA4GA1UECgwHQ29tcGFueTELMAkGA1UECwwCQlUxFjAUBgNV
BAMMDSouZXhhbXBsZS5jb20xIDAeBgkqhkiG9w0BCQEWEWFkbWluQGV4YW1wbGUu
Y29tghReks575PMhwvEgAbrmlnTeWqLfUDAMBgNVHRMEBTADAQH/MAsGA1UdDwQE
AwIC/DAlBgNVHREEHjAcggtleGFtcGxlLmNvbYINKi5leGFtcGxlLmNvbTAlBgNV
HRIEHjAcggtleGFtcGxlLmNvbYINKi5leGFtcGxlLmNvbTANBgkqhkiG9w0BAQsF
AAOCAQEAC5FzVR3EM801EhAGgK+d68JQbJcdBr1yhXuCUBKbyXdtS3TFM+NtcFgv
P24uqnSNpJ0wH4pA7fkB0GB6uL/BcYlz4KYSpBGMhhdArFrwKxlokNTlyEBfkJ/w
CYjddjsbAouLlsrz79tTOwiS7LBP7Zz4wjagHvAgrjPLEprxkVHZ4MgJ5IcDatXm
ncu985hoOeLZjQDoNUZfYl0uBh4sfbv48/VtBmJ01V5DnEpxBV5HnF4HyoYN6zcy
4fASa7g55U0Qxf7OBAOCfTaPn4yr/G+vCI3wUd3Scs9oei+mjsi4bNqmrGgFfnr0
oqkMC1mUsm0BPVf/yGQIJMfdFJTMKg==
-----END CERTIFICATE-----
Loading