gogrlx/nats-server
1
0
Fork 0
mirror of https://github.com/gogrlx/nats-server.git synced 2026-04-02 03:38:42 -07:00
Code Issues Packages Projects Releases Wiki Activity

certstore feature with windows credential manager

Browse Source
This commit is contained in:
Todd Beets
2022-10-12 16:33:23 -07:00
parent e582f01674
commit e1fd61778f
12 changed files with 1298 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
test/configs/certs/tlsauth/certstore/client.p12 Normal file
View File

Binary file not shown.

2
test/configs/certs/tlsauth/certstore/delete-cert-from-store.ps1 Normal file
View File

@@ -0,0 +1,2 @@
$issuer="Synadia Communications Inc."
Get-ChildItem Cert:\CurrentUser\My | Where-Object {$_.Issuer -match $issuer} | Remove-Item

5
test/configs/certs/tlsauth/certstore/import-p12-client.ps1 Normal file
View File

@@ -0,0 +1,5 @@
$fileLocale = $PSScriptRoot + "\client.p12"
$Pass = ConvertTo-SecureString -String 's3cr3t' -Force -AsPlainText
$User = "whatever"
$Cred = New-Object -TypeName "System.Management.Automation.PSCredential" -ArgumentList $User, $Pass
Import-PfxCertificate -FilePath $filelocale -CertStoreLocation Cert:\CurrentUser\My -Password $Cred.Password

5
test/configs/certs/tlsauth/certstore/import-p12-server.ps1 Normal file
View File

@@ -0,0 +1,5 @@
$fileLocale = $PSScriptRoot + "\server.p12"
$Pass = ConvertTo-SecureString -String 's3cr3t' -Force -AsPlainText
$User = "whatever"
$Cred = New-Object -TypeName "System.Management.Automation.PSCredential" -ArgumentList $User, $Pass
Import-PfxCertificate -FilePath $filelocale -CertStoreLocation Cert:\CurrentUser\My -Password $Cred.Password

22
test/configs/certs/tlsauth/certstore/pkcs12.md Normal file
View File

@@ -0,0 +1,22 @@
# PKCS12 Files
Refresh PKCS12 files when test certificates and keys (PEM files) are refreshed (e.g. expiry workflow)
- `client.p12` is a p12/pfx packaging of `client.pem` and `client-key.pem`
`openssl pkcs12 -export -inkey ./client-key.pem -in ./client.pem -out client.p12`
> Note: set the PKCS12 bundle password to `s3cr3t` as required by provisioning scripts
## Cert Store Provisioning Scripts
Windows cert store supports p12/pfx bundle for certificate-with-key import. Windows cert store tests will execute
a Powershell script to import relevant PKCS12 bundle into the Windows store before the test. Equivalent to:
`powershell.exe -command "& '..\test\configs\certs\tlsauth\certstore\import-<client,server>-p12.ps1'"`
The `delete-cert-from-store.ps1` script deletes imported certificates from the Windows store (if present) that can
cause side-effects and impact the validity of different use tests.
> Note: Tests are configured for "current user" store context. Execute tests with appropriate Windows permissions
> (e.g. as Admin) if adding tests with "local machine" store context specified.

BIN
test/configs/certs/tlsauth/certstore/server.p12 Normal file
View File

Binary file not shown.