feat(): add mtls support

Author: sandy2008

src/OpenTelemetry.Exporter.OpenTelemetryProtocol/OtlpMtlsOptions.cs

@@ -53,7 +53,8 @@ public Func<
         X509Chain,
         SslPolicyErrors,
         bool
-    >? ServerCertificateValidationCallback { get; set; }
+    >? ServerCertificateValidationCallback
+    { get; set; }
 
     /// <summary>
     /// Gets a value indicating whether mTLS is enabled.

test/OpenTelemetry.Exporter.OpenTelemetryProtocol.Tests/OtlpMtlsCertificateManagerTests.cs

@@ -43,91 +43,91 @@ public class OtlpMtlsCertificateManagerTests
     [Xunit.Fact]
     public void LoadClientCertificate_ThrowsFileNotFoundException_WhenCertificateFileDoesNotExist()
     {
-        var exception = Xunit.Assert.Throws<System.IO.FileNotFoundException>(() =>
-            OpenTelemetry.Exporter.OpenTelemetryProtocol.Implementation.OtlpMtlsCertificateManager.LoadClientCertificate(
+        var exception = Xunit.Assert.Throws<FileNotFoundException>(() =>
+            OpenTelemetryProtocol.Implementation.OtlpMtlsCertificateManager.LoadClientCertificate(
                 "/nonexistent/client.crt",
                 "/nonexistent/client.key"));
 
-        Xunit.Assert.Contains("Certificate file not found", exception.Message, System.StringComparison.OrdinalIgnoreCase);
-        Xunit.Assert.Contains("/nonexistent/client.crt", exception.Message, System.StringComparison.OrdinalIgnoreCase);
+        Xunit.Assert.Contains("Certificate file not found", exception.Message, StringComparison.OrdinalIgnoreCase);
+        Xunit.Assert.Contains("/nonexistent/client.crt", exception.Message, StringComparison.OrdinalIgnoreCase);
     }
 
     [Xunit.Fact]
     public void LoadClientCertificate_ThrowsFileNotFoundException_WhenPrivateKeyFileDoesNotExist()
     {
-        var tempCertFile = System.IO.Path.GetTempFileName();
-        System.IO.File.WriteAllText(tempCertFile, TestCertPem);
+        var tempCertFile = Path.GetTempFileName();
+        File.WriteAllText(tempCertFile, TestCertPem);
 
         try
         {
-            var exception = Xunit.Assert.Throws<System.IO.FileNotFoundException>(() =>
-                OpenTelemetry.Exporter.OpenTelemetryProtocol.Implementation.OtlpMtlsCertificateManager.LoadClientCertificate(
+            var exception = Xunit.Assert.Throws<FileNotFoundException>(() =>
+                OpenTelemetryProtocol.Implementation.OtlpMtlsCertificateManager.LoadClientCertificate(
                     tempCertFile,
                     "/nonexistent/client.key"));
 
-            Xunit.Assert.Contains("Private key file not found", exception.Message, System.StringComparison.OrdinalIgnoreCase);
-            Xunit.Assert.Contains("/nonexistent/client.key", exception.Message, System.StringComparison.OrdinalIgnoreCase);
+            Xunit.Assert.Contains("Private key file not found", exception.Message, StringComparison.OrdinalIgnoreCase);
+            Xunit.Assert.Contains("/nonexistent/client.key", exception.Message, StringComparison.OrdinalIgnoreCase);
         }
         finally
         {
-            System.IO.File.Delete(tempCertFile);
+            File.Delete(tempCertFile);
         }
     }
 
     [Xunit.Fact]
     public void LoadCaCertificate_ThrowsFileNotFoundException_WhenTrustStoreFileDoesNotExist()
     {
-        var exception = Xunit.Assert.Throws<System.IO.FileNotFoundException>(() =>
-            OpenTelemetry.Exporter.OpenTelemetryProtocol.Implementation.OtlpMtlsCertificateManager.LoadCaCertificate("/nonexistent/ca.crt"));
+        var exception = Xunit.Assert.Throws<FileNotFoundException>(() =>
+            OpenTelemetryProtocol.Implementation.OtlpMtlsCertificateManager.LoadCaCertificate("/nonexistent/ca.crt"));
 
-        Xunit.Assert.Contains("CA certificate file not found", exception.Message, System.StringComparison.OrdinalIgnoreCase);
-        Xunit.Assert.Contains("/nonexistent/ca.crt", exception.Message, System.StringComparison.OrdinalIgnoreCase);
+        Xunit.Assert.Contains("CA certificate file not found", exception.Message, StringComparison.OrdinalIgnoreCase);
+        Xunit.Assert.Contains("/nonexistent/ca.crt", exception.Message, StringComparison.OrdinalIgnoreCase);
     }
 
     [Xunit.Fact]
     public void LoadClientCertificate_ThrowsInvalidOperationException_WhenCertificateFileIsEmpty()
     {
-        var tempCertFile = System.IO.Path.GetTempFileName();
-        var tempKeyFile = System.IO.Path.GetTempFileName();
-        System.IO.File.WriteAllText(tempCertFile, string.Empty);
-        System.IO.File.WriteAllText(tempKeyFile, string.Empty);
+        var tempCertFile = Path.GetTempFileName();
+        var tempKeyFile = Path.GetTempFileName();
+        File.WriteAllText(tempCertFile, string.Empty);
+        File.WriteAllText(tempKeyFile, string.Empty);
 
         try
         {
-            var exception = Xunit.Assert.Throws<System.InvalidOperationException>(() =>
-                OpenTelemetry.Exporter.OpenTelemetryProtocol.Implementation.OtlpMtlsCertificateManager.LoadClientCertificate(tempCertFile, tempKeyFile));
+            var exception = Xunit.Assert.Throws<InvalidOperationException>(() =>
+                OpenTelemetryProtocol.Implementation.OtlpMtlsCertificateManager.LoadClientCertificate(tempCertFile, tempKeyFile));
 
             Xunit.Assert.Contains(
                 "Failed to load client certificate",
                 exception.Message,
-                System.StringComparison.OrdinalIgnoreCase);
+                StringComparison.OrdinalIgnoreCase);
         }
         finally
         {
-            System.IO.File.Delete(tempCertFile);
-            System.IO.File.Delete(tempKeyFile);
+            File.Delete(tempCertFile);
+            File.Delete(tempKeyFile);
         }
     }
 
     [Xunit.Fact]
     public void LoadCaCertificate_ThrowsInvalidOperationException_WhenTrustStoreFileIsEmpty()
     {
-        var tempTrustStoreFile = System.IO.Path.GetTempFileName();
-        System.IO.File.WriteAllText(tempTrustStoreFile, string.Empty);
+        var tempTrustStoreFile = Path.GetTempFileName();
+        File.WriteAllText(tempTrustStoreFile, string.Empty);
 
         try
         {
-            var exception = Xunit.Assert.Throws<System.InvalidOperationException>(() =>
-                OpenTelemetry.Exporter.OpenTelemetryProtocol.Implementation.OtlpMtlsCertificateManager.LoadCaCertificate(tempTrustStoreFile));
+            var exception = Xunit.Assert.Throws<InvalidOperationException>(() =>
+                OpenTelemetryProtocol.Implementation.OtlpMtlsCertificateManager.LoadCaCertificate(tempTrustStoreFile));
 
             Xunit.Assert.Contains(
                 "Failed to load CA certificate",
                 exception.Message,
-                System.StringComparison.OrdinalIgnoreCase);
+                StringComparison.OrdinalIgnoreCase);
         }
         finally
         {
-            System.IO.File.Delete(tempTrustStoreFile);
+            File.Delete(tempTrustStoreFile);
         }
     }
 
@@ -138,7 +138,7 @@ public void ValidateCertificateChain_DoesNotThrow_WithValidCertificate()
         using var cert = CreateSelfSignedCertificate();
 
         // Should not throw for self-signed certificate with proper validation
-        var result = OpenTelemetry.Exporter.OpenTelemetryProtocol.Implementation.OtlpMtlsCertificateManager.ValidateCertificateChain(cert, "test certificate");
+        var result = OpenTelemetryProtocol.Implementation.OtlpMtlsCertificateManager.ValidateCertificateChain(cert, "test certificate");
 
         // For self-signed certificates, validation may fail, but method should not throw
         Xunit.Assert.True(result || !result); // Just check that it returns a boolean
@@ -150,13 +150,13 @@ public void ValidateCertificateChain_ThrowsInvalidOperationException_WhenCertifi
         // Create an expired certificate for testing
         using var cert = CreateExpiredCertificate();
 
-        var exception = Xunit.Assert.Throws<System.InvalidOperationException>(() =>
-            OpenTelemetry.Exporter.OpenTelemetryProtocol.Implementation.OtlpMtlsCertificateManager.ValidateCertificateChain(cert, "expired certificate"));
+        var exception = Xunit.Assert.Throws<InvalidOperationException>(() =>
+            OpenTelemetryProtocol.Implementation.OtlpMtlsCertificateManager.ValidateCertificateChain(cert, "expired certificate"));
 
         Xunit.Assert.Contains(
             "Certificate chain validation failed",
             exception.Message,
-            System.StringComparison.OrdinalIgnoreCase);
+            StringComparison.OrdinalIgnoreCase);
     }
 
     [Xunit.Fact]
@@ -166,7 +166,7 @@ public void ValidateCertificateChain_ReturnsResult_WithValidCertificate()
         using var cert = CreateSelfSignedCertificate();
 
         // Should return a boolean result
-        var result = OpenTelemetry.Exporter.OpenTelemetryProtocol.Implementation.OtlpMtlsCertificateManager.ValidateCertificateChain(cert, "test certificate");
+        var result = OpenTelemetryProtocol.Implementation.OtlpMtlsCertificateManager.ValidateCertificateChain(cert, "test certificate");
 
         // The result can be true or false, but the method should not throw
         Xunit.Assert.True(result || !result);
@@ -182,8 +182,8 @@ private static System.Security.Cryptography.X509Certificates.X509Certificate2 Cr
             System.Security.Cryptography.RSASignaturePadding.Pkcs1);
 
         var cert = req.CreateSelfSigned(
-            System.DateTimeOffset.UtcNow.AddDays(-1),
-            System.DateTimeOffset.UtcNow.AddDays(30));
+            DateTimeOffset.UtcNow.AddDays(-1),
+            DateTimeOffset.UtcNow.AddDays(30));
         return cert;
     }
 
@@ -198,8 +198,8 @@ private static System.Security.Cryptography.X509Certificates.X509Certificate2 Cr
 
         // Create a certificate that expired yesterday
         var cert = req.CreateSelfSigned(
-            System.DateTimeOffset.UtcNow.AddDays(-30),
-            System.DateTimeOffset.UtcNow.AddDays(-1));
+            DateTimeOffset.UtcNow.AddDays(-30),
+            DateTimeOffset.UtcNow.AddDays(-1));
         return cert;
     }
 }

test/OpenTelemetry.Exporter.OpenTelemetryProtocol.Tests/OtlpMtlsHttpClientFactoryTests.cs

@@ -10,128 +10,128 @@ public class OtlpMtlsHttpClientFactoryTests
     [Xunit.Fact]
     public void CreateHttpClient_ReturnsHttpClient_WhenMtlsIsDisabled()
     {
-        var baseFactory = () => new System.Net.Http.HttpClient();
-        var options = new OpenTelemetry.Exporter.OtlpMtlsOptions(); // Disabled by default
+        var baseFactory = () => new HttpClient();
+        var options = new OtlpMtlsOptions(); // Disabled by default
 
-        using var httpClient = OpenTelemetry.Exporter.OpenTelemetryProtocol.Implementation.OtlpMtlsHttpClientFactory.CreateMtlsHttpClient(options, baseFactory);
+        using var httpClient = OpenTelemetryProtocol.Implementation.OtlpMtlsHttpClientFactory.CreateMtlsHttpClient(options, baseFactory);
 
         Xunit.Assert.NotNull(httpClient);
-        Xunit.Assert.IsType<System.Net.Http.HttpClient>(httpClient);
+        Xunit.Assert.IsType<HttpClient>(httpClient);
     }
 
     [Xunit.Fact]
     public void CreateHttpClient_ThrowsFileNotFoundException_WhenCertificateFileDoesNotExist()
     {
-        var baseFactory = () => new System.Net.Http.HttpClient();
-        var options = new OpenTelemetry.Exporter.OtlpMtlsOptions { ClientCertificatePath = "/nonexistent/client.crt" };
+        var baseFactory = () => new HttpClient();
+        var options = new OtlpMtlsOptions { ClientCertificatePath = "/nonexistent/client.crt" };
 
-        var exception = Xunit.Assert.Throws<System.IO.FileNotFoundException>(() =>
-            OpenTelemetry.Exporter.OpenTelemetryProtocol.Implementation.OtlpMtlsHttpClientFactory.CreateMtlsHttpClient(options, baseFactory));
+        var exception = Xunit.Assert.Throws<FileNotFoundException>(() =>
+            OpenTelemetryProtocol.Implementation.OtlpMtlsHttpClientFactory.CreateMtlsHttpClient(options, baseFactory));
 
-        Xunit.Assert.Contains("Certificate file not found", exception.Message, System.StringComparison.OrdinalIgnoreCase);
+        Xunit.Assert.Contains("Certificate file not found", exception.Message, StringComparison.OrdinalIgnoreCase);
     }
 
     [Xunit.Fact]
     public void CreateHttpClient_ConfiguresClientCertificate_WhenValidCertificateProvided()
     {
-        var tempCertFile = System.IO.Path.GetTempFileName();
+        var tempCertFile = Path.GetTempFileName();
         try
         {
             // Create a self-signed certificate for testing
             using var cert = CreateSelfSignedCertificate();
             var certBytes = cert.Export(System.Security.Cryptography.X509Certificates.X509ContentType.Pfx, "testpassword");
-            System.IO.File.WriteAllBytes(tempCertFile, certBytes);
+            File.WriteAllBytes(tempCertFile, certBytes);
 
-            var baseFactory = () => new System.Net.Http.HttpClient();
-            var options = new OpenTelemetry.Exporter.OtlpMtlsOptions
+            var baseFactory = () => new HttpClient();
+            var options = new OtlpMtlsOptions
             {
                 ClientCertificatePath = tempCertFile,
 
                 // Note: Password support would need to be added to OtlpMtlsOptions
                 EnableCertificateChainValidation = false, // Ignore validation for test cert
             };
 
-            using var httpClient = OpenTelemetry.Exporter.OpenTelemetryProtocol.Implementation.OtlpMtlsHttpClientFactory.CreateMtlsHttpClient(options, baseFactory);
+            using var httpClient = OpenTelemetryProtocol.Implementation.OtlpMtlsHttpClientFactory.CreateMtlsHttpClient(options, baseFactory);
 
             Xunit.Assert.NotNull(httpClient);
 
             // Verify the HttpClientHandler has client certificates configured
-            var handlerField = typeof(System.Net.Http.HttpClient).GetField(
+            var handlerField = typeof(HttpClient).GetField(
                 "_handler",
                 System.Reflection.BindingFlags.NonPublic | System.Reflection.BindingFlags.Instance);
-            if (handlerField?.GetValue(httpClient) is System.Net.Http.HttpClientHandler handler)
+            if (handlerField?.GetValue(httpClient) is HttpClientHandler handler)
             {
                 Xunit.Assert.NotEmpty(handler.ClientCertificates);
             }
         }
         finally
         {
-            if (System.IO.File.Exists(tempCertFile))
+            if (File.Exists(tempCertFile))
             {
-                System.IO.File.Delete(tempCertFile);
+                File.Delete(tempCertFile);
             }
         }
     }
 
     [Xunit.Fact]
     public void CreateHttpClient_ConfiguresServerCertificateValidation_WhenTrustedRootCertificatesProvided()
     {
-        var tempTrustStoreFile = System.IO.Path.GetTempFileName();
+        var tempTrustStoreFile = Path.GetTempFileName();
         try
         {
             // Create a self-signed certificate for testing as trusted root
             using var trustedCert = CreateSelfSignedCertificate();
-            var trustedCertPem = System.Convert.ToBase64String(trustedCert.Export(System.Security.Cryptography.X509Certificates.X509ContentType.Cert));
+            var trustedCertPem = Convert.ToBase64String(trustedCert.Export(System.Security.Cryptography.X509Certificates.X509ContentType.Cert));
             var pemContent =
                 $"-----BEGIN CERTIFICATE-----\n{trustedCertPem}\n-----END CERTIFICATE-----";
-            System.IO.File.WriteAllText(tempTrustStoreFile, pemContent);
+            File.WriteAllText(tempTrustStoreFile, pemContent);
 
-            var baseFactory = () => new System.Net.Http.HttpClient();
-            var options = new OpenTelemetry.Exporter.OtlpMtlsOptions
+            var baseFactory = () => new HttpClient();
+            var options = new OtlpMtlsOptions
             {
                 CaCertificatePath = tempTrustStoreFile,
             };
 
-            using var httpClient = OpenTelemetry.Exporter.OpenTelemetryProtocol.Implementation.OtlpMtlsHttpClientFactory.CreateMtlsHttpClient(options, baseFactory);
+            using var httpClient = OpenTelemetryProtocol.Implementation.OtlpMtlsHttpClientFactory.CreateMtlsHttpClient(options, baseFactory);
 
             Xunit.Assert.NotNull(httpClient);
 
             // Verify the HttpClientHandler has server certificate validation configured
-            var handlerField = typeof(System.Net.Http.HttpClient).GetField(
+            var handlerField = typeof(HttpClient).GetField(
                 "_handler",
                 System.Reflection.BindingFlags.NonPublic | System.Reflection.BindingFlags.Instance);
-            if (handlerField?.GetValue(httpClient) is System.Net.Http.HttpClientHandler handler)
+            if (handlerField?.GetValue(httpClient) is HttpClientHandler handler)
             {
                 Xunit.Assert.NotNull(handler.ServerCertificateCustomValidationCallback);
             }
         }
         finally
         {
-            if (System.IO.File.Exists(tempTrustStoreFile))
+            if (File.Exists(tempTrustStoreFile))
             {
-                System.IO.File.Delete(tempTrustStoreFile);
+                File.Delete(tempTrustStoreFile);
             }
         }
     }
 
     [Xunit.Fact]
     public void CreateMtlsHttpClient_ThrowsArgumentNullException_WhenBaseFactoryIsNull()
     {
-        var options = new OpenTelemetry.Exporter.OtlpMtlsOptions();
+        var options = new OtlpMtlsOptions();
 
-        var exception = Xunit.Assert.Throws<System.ArgumentNullException>(() =>
-            OpenTelemetry.Exporter.OpenTelemetryProtocol.Implementation.OtlpMtlsHttpClientFactory.CreateMtlsHttpClient(options, null!));
+        var exception = Xunit.Assert.Throws<ArgumentNullException>(() =>
+            OpenTelemetryProtocol.Implementation.OtlpMtlsHttpClientFactory.CreateMtlsHttpClient(options, null!));
 
         Xunit.Assert.Equal("baseFactory", exception.ParamName);
     }
 
     [Xunit.Fact]
     public void CreateMtlsHttpClient_ThrowsArgumentNullException_WhenOptionsIsNull()
     {
-        var baseFactory = () => new System.Net.Http.HttpClient();
+        var baseFactory = () => new HttpClient();
 
-        var exception = Xunit.Assert.Throws<System.ArgumentNullException>(() =>
-            OpenTelemetry.Exporter.OpenTelemetryProtocol.Implementation.OtlpMtlsHttpClientFactory.CreateMtlsHttpClient(null!, baseFactory));
+        var exception = Xunit.Assert.Throws<ArgumentNullException>(() =>
+            OpenTelemetryProtocol.Implementation.OtlpMtlsHttpClientFactory.CreateMtlsHttpClient(null!, baseFactory));
 
         Xunit.Assert.Equal("mtlsOptions", exception.ParamName);
     }
@@ -146,8 +146,8 @@ private static System.Security.Cryptography.X509Certificates.X509Certificate2 Cr
             System.Security.Cryptography.RSASignaturePadding.Pkcs1);
 
         var cert = req.CreateSelfSigned(
-            System.DateTimeOffset.UtcNow.AddDays(-1),
-            System.DateTimeOffset.UtcNow.AddDays(30));
+            DateTimeOffset.UtcNow.AddDays(-1),
+            DateTimeOffset.UtcNow.AddDays(30));
         return cert;
     }
 }