watfordgnf/DockerTest.md

## DockerTest.md

      
    Raw
  

              DockerTest.md
            
          
    Created a self signed cert for the test:
$  openssl req -newkey rsa:4096 -nodes -sha512 -x509 -days 3650 -nodes -out nats.pem -keyout nats-priv.pem
...
$ ls *.pem
nats.pem  nats-priv.pem

Ran a docker container with NATS on linux:
PS> docker run -d --name=nats-tls -p 4222:4222 -v D:\scratch\natstls:/var/nats nats:linux -DV -tls -tlscert /var/nats/nats.pem -tlskey /var/nats/nats-priv.pem

Ran the NatsTlsTest program:
PS> & .\NatsTlsTest.exe

PS> docker logs nats-tls
[1] 2019/05/17 15:38:32.644884 [INF] Starting nats-server version 1.4.1
[1] 2019/05/17 15:38:32.645003 [DBG] Go build version go1.11.5
[1] 2019/05/17 15:38:32.645041 [INF] Git commit [3e64f0b]
[1] 2019/05/17 15:38:32.645363 [INF] Listening for client connections on 0.0.0.0:4222
[1] 2019/05/17 15:38:32.645394 [INF] TLS required for client connections
[1] 2019/05/17 15:38:32.645401 [DBG] Server id is LvE8NmEnCH1VjPEc9ulDqE
[1] 2019/05/17 15:38:32.645405 [INF] Server is ready
[1] 2019/05/17 15:38:53.878764 [DBG] A.B.C.D:60120 - cid:1 - Client connection created
[1] 2019/05/17 15:38:53.879252 [DBG] A.B.C.D:60120 - cid:1 - Starting TLS client connection handshake
[1] 2019/05/17 15:38:53.973282 [DBG] A.B.C.D:60120 - cid:1 - TLS handshake complete
[1] 2019/05/17 15:38:53.973376 [DBG] A.B.C.D:60120 - cid:1 - TLS version 1.2, cipher suite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
[1] 2019/05/17 15:38:54.155621 [TRC] A.B.C.D:60120 - cid:1 - ->> [CONNECT {"auth_token":null,"lang":".NET","name":null,"pass":[REDACTED],"pedantic":false,"protocol":1,"ssl_required":true,"user":null,"verbose":false,"version":"0.0.1"}]
[1] 2019/05/17 15:38:54.156326 [TRC] A.B.C.D:60120 - cid:1 - ->> [PING]
[1] 2019/05/17 15:38:54.156366 [TRC] A.B.C.D:60120 - cid:1 - <<- [PONG]
[1] 2019/05/17 15:38:54.209407 [TRC] A.B.C.D:60120 - cid:1 - ->> [PUB test 12]
[1] 2019/05/17 15:38:54.209466 [TRC] A.B.C.D:60120 - cid:1 - ->> MSG_PAYLOAD: [Hello World!]
[1] 2019/05/17 15:38:54.209507 [DBG] A.B.C.D:60120 - cid:1 - Client connection closed


## NatsTlsTestProgram.cs
namespace NatsTlsTest
{
    using NATS.Client;
    using System.Linq;
    using System.Net;
    using System.Net.Security;
    using System.Security.Cryptography.X509Certificates;
    using System.Text;

    class Program
    {
        static void Main(string[] args)
        {
            ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

            Options options = ConnectionFactory.GetDefaultOptions();
            options.Url = args.ElementAtOrDefault(0) ?? "nats://127.0.0.1:4222";
            options.Secure = true;
            options.TLSRemoteCertificationValidationCallback = OnCertificationValidation;

            var factory = new ConnectionFactory();
            using (IConnection connection = factory.CreateConnection(options))
            {
                connection.Publish("test", Encoding.UTF8.GetBytes("Hello World!"));
            }
        }

        private static bool OnCertificationValidation(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) => true;
    }
}
	namespace NatsTlsTest
	{
	using NATS.Client;
	using System.Linq;
	using System.Net;
	using System.Net.Security;
	using System.Security.Cryptography.X509Certificates;
	using System.Text;

	class Program
	{
	static void Main(string[] args)
	{
	ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

	Options options = ConnectionFactory.GetDefaultOptions();
	options.Url = args.ElementAtOrDefault(0) ?? "nats://127.0.0.1:4222";
	options.Secure = true;
	options.TLSRemoteCertificationValidationCallback = OnCertificationValidation;

	var factory = new ConnectionFactory();
	using (IConnection connection = factory.CreateConnection(options))
	{
	connection.Publish("test", Encoding.UTF8.GetBytes("Hello World!"));
	}
	}

	private static bool OnCertificationValidation(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) => true;
	}
	}