internal static async Task <CertificateValidator> CreateValidatorAsync(TrustListModel trustList)
{
var storePath = "%LocalApplicationData%/OPCVaultTest/pki/";
DeleteDirectory(storePath);
// verify cert with issuer chain
var certValidator = new CertificateValidator();
var issuerTrustList = await CreateTrustListAsync(
storePath + "issuer",
trustList.IssuerCertificates.ToStackModel(),
trustList.IssuerCrls.ToStackModel()
);
var trustedTrustList = await CreateTrustListAsync(
storePath + "trusted",
trustList.TrustedCertificates.ToStackModel(),
trustList.TrustedCrls.ToStackModel()
);
certValidator.Update(issuerTrustList, trustedTrustList, null);
return(certValidator);
}
public async Task CreateCAAndAppCertificatesThenRevokeAll()
{
Skip.If(!_fixture.KeyVaultInitOk);
var certCollection = new X509Certificate2Collection();
for (var i = 0; i < 3; i++)
{
await KeyVaultCreateCACertificateAsync();
for (var v = 0; v < 10; v++)
{
certCollection.AddRange(await KeyVaultSigningRequestAsync());
certCollection.AddRange(await KeyVaultNewKeyPairRequestAsync());
}
}
var groups = await _registry.ListGroupIdsAsync(null, null);
// validate all certificates
foreach (var group in groups.Groups)
{
var trustList = await _services.GetGroupTrustListAsync(group);
var nextPageLink = trustList.NextPageLink;
while (nextPageLink != null)
{
var nextTrustList = await _services.GetGroupTrustListAsync(nextPageLink);
trustList.AddRange(nextTrustList);
nextPageLink = nextTrustList.NextPageLink;
}
var validator = await X509TestUtils.CreateValidatorAsync(trustList);
foreach (var cert in certCollection)
{
validator.Validate(cert);
}
}
// now revoke all certifcates
var revokeCertificates = new X509Certificate2Collection(certCollection).ToServiceModel(null);
foreach (var group in groups.Groups)
{
var unrevokedCertificates = await _services.RevokeCertificatesAsync(revokeCertificates);
Assert.True(unrevokedCertificates.Chain.Count <= revokeCertificates.Chain.Count);
revokeCertificates = unrevokedCertificates;
}
Assert.Empty(revokeCertificates.Chain);
// reload updated trust list from KeyVault
var trustListAllGroups = new TrustListModel {
GroupId = "all"
};
foreach (var group in groups.Groups)
{
var trustList = await _services.GetGroupTrustListAsync(group);
var nextPageLink = trustList.NextPageLink;
while (nextPageLink != null)
{
var nextTrustList = await _services.GetGroupTrustListAsync(nextPageLink);
trustList.AddRange(nextTrustList);
nextPageLink = nextTrustList.NextPageLink;
}
trustListAllGroups.AddRange(trustList);
}
// verify certificates are revoked
{
var validator = await X509TestUtils.CreateValidatorAsync(trustListAllGroups);
foreach (var cert in certCollection)
{
Assert.Throws <Opc.Ua.ServiceResultException>(() => validator.Validate(cert));
}
}
}
