Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Bug]: Mutual TLS on Windows in .NET 9 does not work #1319

Open
jvmdc opened this issue Dec 20, 2024 · 0 comments · May be fixed by #1320
Open

[Bug]: Mutual TLS on Windows in .NET 9 does not work #1319

jvmdc opened this issue Dec 20, 2024 · 0 comments · May be fixed by #1320
Labels
bug Something isn't working

Comments

@jvmdc
Copy link

jvmdc commented Dec 20, 2024

Testcontainers version

4.1.0

Using the latest Testcontainers version?

Yes

Host OS

Windows

Host arch

x86

.NET version

9

Docker version

Client:
Version:           26.1.0-rd
API version:       1.45
Go version:        go1.21.9
Git commit:        cca8e72
Built:             Tue Apr 23 16:26:59 2024
OS/Arch:           windows/amd64
Context:           default
 
Server: Docker Engine - Community
Engine:
  Version:          27.4.1
  API version:      1.47 (minimum version 1.24)
  Go version:       go1.22.10
  Git commit:       c710b88
  Built:            Tue Dec 17 15:45:42 2024
  OS/Arch:          linux/amd64
  Experimental:     false
containerd:
  Version:          1.6.32
  GitCommit:        8b3b7ca2e5ce38e8f31a34f35b2b68ceb8470d89
runc:
  Version:          1.1.12
  GitCommit:        v1.1.12-0-g51d5e94
docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

Docker info

Client:
Version:    26.1.0-rd
Context:    default
Debug Mode: false
Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.11.0
    Path:     C:\Users\<REDACTED>\.docker\cli-plugins\docker-buildx.exe
  compose: Docker Compose (Docker Inc.)
    Version:  v2.19.0
    Path:     C:\Users\<REDACTED>\.docker\cli-plugins\docker-compose.exe
 
Server:
Containers: 0
  Running: 0
  Paused: 0
  Stopped: 0
Images: 12
Server Version: 27.4.1
Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: true
  userxattr: false
Logging Driver: json-file
Cgroup Driver: systemd
Cgroup Version: 2
Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 8b3b7ca2e5ce38e8f31a34f35b2b68ceb8470d89
runc version: v1.1.12-0-g51d5e94
init version: de40ad0
Security Options:
  apparmor
  seccomp
   Profile: builtin
  cgroupns
Kernel Version: 5.15.0-107-generic
Operating System: Ubuntu 22.04.3 LTS
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 4.93GiB
Name: srvp01669
ID: d20cc868-ff21-47f9-9d77-5e49ad9fe27a
Docker Root Dir: /var/lib/docker
Debug Mode: false
Experimental: false
Insecure Registries:
  127.0.0.0/8
Live Restore Enabled: false

What happened?

We're using a TestContainers properties file with the following lines:

docker.host=tcp://<REDACTED>
docker.tls.verify=true

When TestContainers tries to load our client certificate using the X509CertificateLoader.LoadCertificate method (here: https://github.com/testcontainers/testcontainers-dotnet/blob/4.1.0/src/Testcontainers/Builders/MTlsEndpointAuthenticationProvider.cs#L59), it throws an exception. This is happening because the certificate is being exported as PFX aka. PKCS12 which X509CertificateLoader.LoadCertificate does not support, the method X509CertificateLoader.LoadPkcs12 should be used instead.

Relevant log output

System.TypeInitializationException
  HResult=0x80131534
  Message=The type initializer for 'DotNet.Testcontainers.Configurations.TestcontainersSettings' threw an exception.
  Source=Testcontainers
  StackTrace:
   at DotNet.Testcontainers.Configurations.TestcontainersSettings.get_OS()
   at DotNet.Testcontainers.Builders.AbstractBuilder`4.Init()
   at DotNet.Testcontainers.Builders.ContainerBuilder`3.Init()
   at Testcontainers.MsSql.MsSqlBuilder.Init()
   at Testcontainers.MsSql.MsSqlBuilder..ctor()
   at <REDACTED>
 
  This exception was originally thrown at this call stack:
    System.Security.Cryptography.X509Certificates.X509CertificateLoader.LoadCertificate(Interop.Crypt32.CertQueryObjectType, void*)
    System.Security.Cryptography.X509Certificates.X509CertificateLoader.LoadCertificatePal(System.ReadOnlySpan<byte>)
    System.Security.Cryptography.X509Certificates.X509CertificateLoader.LoadCertificate(System.ReadOnlySpan<byte>)
    System.Security.Cryptography.X509Certificates.X509CertificateLoader.LoadCertificate(byte[])
    DotNet.Testcontainers.Builders.MTlsEndpointAuthenticationProvider.GetClientCertificate()
    DotNet.Testcontainers.Builders.MTlsEndpointAuthenticationProvider.GetAuthConfig()
    DotNet.Testcontainers.Builders.DockerEndpointAuthenticationProvider.IsAvailable()
    DotNet.Testcontainers.Configurations.TestcontainersSettings..cctor.AnonymousMethod__2_1(DotNet.Testcontainers.Builders.IDockerEndpointAuthenticationProvider)
    DotNet.Testcontainers.Configurations.TestcontainersSettings.TestcontainersSettings()
 
Inner Exception 1:
CryptographicException: Cannot find the requested object.

Additional information

No response

@jvmdc jvmdc added the bug Something isn't working label Dec 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant