chore(): mTLS tests: cover CA-only config, server cert validation, and expired cert failure

sandy2008 · sandy2008 · commit 4f19bada7910 · 2025-12-05T11:25:29.000+09:00
diff --git a/test/OpenTelemetry.Exporter.OpenTelemetryProtocol.Tests/OtlpMtlsHttpClientFactoryTests.cs b/test/OpenTelemetry.Exporter.OpenTelemetryProtocol.Tests/OtlpMtlsHttpClientFactoryTests.cs
@@ -42,7 +42,7 @@ public void CreateHttpClient_ConfiguresClientCertificate_WhenValidCertificatePro
         {
             // Create a self-signed certificate for testing
             using var cert = CreateSelfSignedCertificate();
-            var certBytes = cert.Export(System.Security.Cryptography.X509Certificates.X509ContentType.Pfx);
+            var certBytes = cert.Export(X509ContentType.Pfx);
             File.WriteAllBytes(tempCertFile, certBytes);
 
             var options = new OtlpMtlsOptions
@@ -86,6 +86,7 @@ public void CreateHttpClient_ConfiguresServerCertificateValidation_WhenTrustedRo
             var options = new OtlpMtlsOptions
             {
                 CaCertificatePath = tempTrustStoreFile,
+                EnableCertificateChainValidation = false, // Avoid platform-specific chain build differences
             };
 
             using var httpClient = OpenTelemetryProtocol.Implementation.OtlpMtlsHttpClientFactory.CreateMtlsHttpClient(options);
@@ -123,6 +124,7 @@ public void CreateHttpClient_ConfiguresServerValidation_WithCaOnly()
             var options = new OtlpMtlsOptions
             {
                 CaCertificatePath = tempTrustStoreFile,
+                EnableCertificateChainValidation = false, // Avoid platform-specific chain build differences
             };
 
             using var httpClient = OpenTelemetryProtocol.Implementation.OtlpMtlsHttpClientFactory.CreateMtlsHttpClient(options);
@@ -222,14 +224,14 @@ public void CreateMtlsHttpClient_ThrowsArgumentNullException_WhenOptionsIsNull()
         Assert.Equal("mtlsOptions", exception.ParamName);
     }
 
-    private static System.Security.Cryptography.X509Certificates.X509Certificate2 CreateSelfSignedCertificate()
+    private static X509Certificate2 CreateSelfSignedCertificate()
     {
-        using var rsa = System.Security.Cryptography.RSA.Create(2048);
-        var req = new System.Security.Cryptography.X509Certificates.CertificateRequest(
+        using var rsa = RSA.Create(2048);
+        var req = new CertificateRequest(
             "CN=Test Certificate",
             rsa,
-            System.Security.Cryptography.HashAlgorithmName.SHA256,
-            System.Security.Cryptography.RSASignaturePadding.Pkcs1);
+            HashAlgorithmName.SHA256,
+            RSASignaturePadding.Pkcs1);
 
         var cert = req.CreateSelfSigned(
             DateTimeOffset.UtcNow.AddDays(-1),
