Example #1
0
        public static TestCertificate Generate(Action <TestCertificateGenerator> modifyGenerator = null, ChainCertificateRequest chainCertificateRequest = null)
        {
            var certName = GenerateCertificateName();
            var cert     = SigningTestUtility.GenerateCertificateWithKeyInfo(certName, modifyGenerator, chainCertificateRequest: chainCertificateRequest);
            CertificateRevocationList crl = null;

            // create a crl only if the certificate is part of a chain and it is a CA and ConfigureCrl is true
            if (chainCertificateRequest != null && chainCertificateRequest.IsCA && chainCertificateRequest.ConfigureCrl)
            {
                crl = CertificateRevocationList.CreateCrl(cert, chainCertificateRequest.CrlLocalBaseUri);
            }

            var testCertificate = new TestCertificate
            {
                Cert = cert.Certificate,
                Crl  = crl
            };

            return(testCertificate);
        }
Example #2
0
        public static IX509CertificateChain GenerateCertificateChainWithoutTrust(
            int length,
            string crlServerUri,
            string crlLocalUri,
            bool configureLeafCrl = true,
            Action <TestCertificateGenerator> leafCertificateActionGenerator = null,
            bool revokeEndCertificate = false)
        {
            List <TestCertificate>            testCertificates = new();
            X509CertificateChain              certificateChain = new();
            Action <TestCertificateGenerator> actionGenerator  = CertificateModificationGeneratorForCodeSigningEkuCert;
            Action <TestCertificateGenerator> leafGenerator    = leafCertificateActionGenerator ?? actionGenerator;
            X509Certificate2          issuer      = null;
            X509Certificate2          certificate = null;
            CertificateRevocationList crl         = null;

            for (var i = 0; i < length; i++)
            {
                TestCertificate testCertificate;

                if (i == 0) // root CA cert
                {
                    ChainCertificateRequest chainCertificateRequest = new()
                    {
                        ConfigureCrl     = true,
                        CrlLocalBaseUri  = crlLocalUri,
                        CrlServerBaseUri = crlServerUri,
                        IsCA             = true
                    };

                    testCertificate = TestCertificate.Generate(actionGenerator, chainCertificateRequest);

                    testCertificates.Add(testCertificate);

                    issuer = certificate = testCertificate.PublicCertWithPrivateKey;
                }
                else if (i < length - 1) // intermediate CA cert
                {
                    ChainCertificateRequest chainCertificateRequest = new ChainCertificateRequest()
                    {
                        ConfigureCrl     = true,
                        CrlLocalBaseUri  = crlLocalUri,
                        CrlServerBaseUri = crlServerUri,
                        IsCA             = true,
                        Issuer           = issuer
                    };

                    testCertificate = TestCertificate.Generate(actionGenerator, chainCertificateRequest);

                    testCertificates.Add(testCertificate);

                    issuer = certificate = testCertificate.PublicCertWithPrivateKey;

                    if (revokeEndCertificate)
                    {
                        crl = testCertificate.Crl;
                    }
                }
                else // leaf cert
                {
                    ChainCertificateRequest chainCertificateRequest = new()
                    {
                        CrlLocalBaseUri  = crlLocalUri,
                        CrlServerBaseUri = crlServerUri,
                        IsCA             = false,
                        ConfigureCrl     = configureLeafCrl,
                        Issuer           = issuer
                    };

                    testCertificate = TestCertificate.Generate(leafGenerator, chainCertificateRequest);

                    certificate = testCertificate.PublicCertWithPrivateKey;

                    if (revokeEndCertificate)
                    {
                        testCertificates[testCertificates.Count - 1].Crl.RevokeCertificate(certificate);
                    }

                    testCertificates.Add(testCertificate);
                }

                certificateChain.Insert(index: 0, certificate);
            }

            foreach (TestCertificate testCertificate in testCertificates)
            {
                testCertificate.Cert.Dispose();
            }

            return(certificateChain);
        }