public static async Task RSASignedCrlCreateWith1Test(SignatureType signature)
{
using (var mock = Setup()) {
IKeyStore keys = mock.Create <KeyDatabase>();
ICrlFactory factory = mock.Create <CrlFactory>();
using (var root = SignatureType.PS512.Create("CN=root", true))
using (var ca1 = root.Create(SignatureType.PS256, "CN=ca1", true))
using (var ca2 = root.Create(SignatureType.PS256, "CN=ca2", true))
using (var leaf1 = ca1.Create(SignatureType.RS256, "CN=leaf1"))
using (var leaf2 = ca1.Create(SignatureType.RS256, "CN=leaf2"))
using (var leaf3 = ca1.Create(SignatureType.RS256, "CN=leaf3")) {
var rootPrivateKey = root.ExportPrivateKey();
var rootPublicKey = rootPrivateKey.GetPublicKey();
var rootKeyHandle = await keys.ImportKeyAsync("ababa", rootPrivateKey,
new KeyStoreProperties { Exportable = true });
var next = DateTime.UtcNow + TimeSpan.FromDays(4);
next = next.Date;
var rootCert = root.ToCertificate(new IssuerPolicies(), rootKeyHandle);
var crl = await factory.CreateCrlAsync(rootCert, signature,
ca1.ToCertificate().YieldReturn(), next);
var privateKey = await keys.ExportKeyAsync(rootKeyHandle);
Assert.True(rootPrivateKey.SameAs(privateKey));
Assert.Equal(next, crl.NextUpdate);
Assert.Equal(root.Subject, crl.Issuer);
Assert.True(crl.IsRevoked(ca1.ToCertificate()));
Assert.False(crl.IsRevoked(ca2.ToCertificate()));
Assert.True(crl.HasValidSignature(rootCert));
}
}
}
/// <summary>
/// Create database
/// </summary>
/// <param name="container"></param>
/// <param name="factory"></param>
/// <param name="logger"></param>
/// <param name="certificates"></param>
public CrlDatabase(IItemContainerFactory container, ICertificateStore certificates,
ICrlFactory factory, ILogger logger)
{
_certificates = certificates ?? throw new ArgumentNullException(nameof(certificates));
_factory = factory ?? throw new ArgumentNullException(nameof(factory));
_logger = logger ?? throw new ArgumentNullException(nameof(logger));
_crls = container.OpenAsync("crls").Result.AsDocuments();
}
