static void Main(string[] args) { var currentDirectory = Directory.GetCurrentDirectory(); using (var runner = new OpenSslRunner( Path.Combine(currentDirectory, "output"), Path.Combine(currentDirectory, "openssl.exe"), Path.Combine(currentDirectory, "openssl.conf"), "http://fake-example.blob.core.windows.net/testca/", 42000)) { if (args.Contains("ocsp", StringComparer.OrdinalIgnoreCase)) { runner.StartOcspResponder(CertificateId.IntermediateOcspSigner, CertificateId.IntermediateOcsp); Console.WriteLine("Press enter to end the process and shut down the OCSP responder."); Console.ReadLine(); } else if (args.Contains("generate", StringComparer.OrdinalIgnoreCase)) { GenerateCertificates(runner); } else { Console.WriteLine("You must specify one argument. Either 'ocsp' or 'generate'."); } } }
public StartOcspResponderContext( string signerId, string issuerId, string logFilePath, OpenSslRunner runner) : base(signerId, issuerId, runner) { LogFilePath = logFilePath; }
public OpenSslContext( string id, string issuerId, OpenSslRunner runner) { Id = id; IssuerId = issuerId; _runner = runner; }
public RevokeCertificateContext( string id, string issuerId, string crlReason, DateTimeOffset?compromiseTime, OpenSslRunner runner) : base(id, issuerId, runner) { CrlReason = crlReason; CompromiseTime = compromiseTime; }
public IssueCertificateContext( string id, string issuerId, string requestExtensions, string extensions, int keyLengthInBits, DateTimeOffset startDate, DateTimeOffset endDate, string signatureAlgorithm, OpenSslRunner runner) : base(id, issuerId, runner) { RequestExtensions = requestExtensions; Extensions = extensions; KeyLengthInBits = keyLengthInBits; StartDate = startDate; EndDate = endDate; SignatureAlgorithm = signatureAlgorithm; }
private static void GenerateRevokedIntermediate(OpenSslRunner runner) { runner.IssueCertificate( CertificateId.IntermediateRevokedCaCompromise, CertificateId.Root, DateTimeOffset.UtcNow.AddMinutes(-2), DateTimeOffset.UtcNow.AddYears(11), null, CertificateExtension.IntermediateCaCertificate); runner.IssueCertificate( CertificateId.LeafBeforeIntermediateRevoked, CertificateId.IntermediateRevokedCaCompromise, DateTimeOffset.UtcNow, DateTimeOffset.UtcNow.AddHours(1), CertificateRequestExtension.CodeSigning, CertificateExtension.LeafCertificate); runner.IssueCertificate( CertificateId.LeafDuringIntermediateRevoked, CertificateId.IntermediateRevokedCaCompromise, DateTimeOffset.UtcNow.AddHours(1), DateTimeOffset.UtcNow.AddHours(3), CertificateRequestExtension.CodeSigning, CertificateExtension.LeafCertificate); runner.IssueCertificate( CertificateId.LeafAfterIntermediateRevoked, CertificateId.IntermediateRevokedCaCompromise, DateTimeOffset.UtcNow.AddHours(3), DateTimeOffset.UtcNow.AddHours(4), CertificateRequestExtension.CodeSigning, CertificateExtension.LeafCertificate); runner.RevokeCertificate( CertificateId.IntermediateRevokedCaCompromise, CertificateId.Root, RevocationReason.CaCompromise, DateTimeOffset.UtcNow.AddHours(2)); runner.IssueCrl(CertificateId.IntermediateRevokedCaCompromise); }
private static void GenerateIntermediateWithBrokenCrl(OpenSslRunner runner) { runner.IssueCertificate( CertificateId.Intermediate404Crl, CertificateId.Root, DateTimeOffset.UtcNow.AddMonths(-1), DateTimeOffset.UtcNow.AddYears(11), null, CertificateExtension.IntermediateCaCertificate); runner.IssueCertificate( CertificateId.Leaf404Crl, CertificateId.Intermediate404Crl, DateTimeOffset.UtcNow, DateTimeOffset.UtcNow.AddYears(10), CertificateRequestExtension.CodeSigning, CertificateExtension.LeafBrokenCrlCertificate); runner.IssueCrl(CertificateId.Intermediate404Crl); }
private static void GenerateIntermediateWithOcsp(OpenSslRunner runner) { runner.IssueCertificate( CertificateId.IntermediateOcsp, CertificateId.Root, DateTimeOffset.UtcNow.AddMonths(-1), DateTimeOffset.UtcNow.AddYears(11), null, CertificateExtension.IntermediateCaCertificate); runner.IssueCertificate( CertificateId.IntermediateOcspSigner, CertificateId.IntermediateOcsp, DateTimeOffset.UtcNow, DateTimeOffset.UtcNow.AddYears(10), null, CertificateExtension.IntermediateOcspCertificate); runner.IssueCertificate( CertificateId.LeafWithOcsp, CertificateId.IntermediateOcsp, DateTimeOffset.UtcNow, DateTimeOffset.UtcNow.AddYears(10), CertificateRequestExtension.CodeSigning, CertificateExtension.LeafUsingOcspCertificate); runner.IssueCertificate( CertificateId.LeafWithOcspRevokedUnspecified, CertificateId.IntermediateOcsp, DateTimeOffset.UtcNow, DateTimeOffset.UtcNow.AddYears(10), CertificateRequestExtension.CodeSigning, CertificateExtension.LeafUsingOcspCertificate); runner.RevokeCertificate( CertificateId.LeafWithOcspRevokedUnspecified, CertificateId.IntermediateOcsp, RevocationReason.Unspecified, null); runner.IssueCrl(CertificateId.IntermediateOcsp, copyOnline: false); }
private static void GenerateCertificates(OpenSslRunner runner) { if (Directory.Exists(runner.OutputDirectoryPath)) { Directory.Delete(runner.OutputDirectoryPath, recursive: true); } runner.IssueCertificate( CertificateId.Root, CertificateId.Root, DateTimeOffset.UtcNow.AddYears(-1), DateTimeOffset.UtcNow.AddYears(20), null, CertificateExtension.RootCaCertificate); GenerateIntermediateWithOcsp(runner); GenerateIntermediateWithBrokenCrl(runner); GenerateNormalIntermediate(runner); GenerateRevokedIntermediate(runner); runner.IssueCrl(CertificateId.Root); }
public IssueCrlContext(string id, OpenSslRunner runner) : base(id, id, runner) { }
private static void GenerateNormalIntermediate(OpenSslRunner runner) { runner.IssueCertificate( CertificateId.Intermediate, CertificateId.Root, DateTimeOffset.UtcNow.AddMonths(-1), DateTimeOffset.UtcNow.AddYears(11), null, CertificateExtension.IntermediateCaCertificate); runner.IssueCertificate( CertificateId.Leaf1, CertificateId.Intermediate, DateTimeOffset.UtcNow, DateTimeOffset.UtcNow.AddYears(10), CertificateRequestExtension.CodeSigning, CertificateExtension.LeafCertificate); runner.IssueCertificate( CertificateId.Leaf2, CertificateId.Intermediate, DateTimeOffset.UtcNow, DateTimeOffset.UtcNow.AddYears(10), CertificateRequestExtension.CodeSigning, CertificateExtension.LeafCertificate); runner.IssueCertificate( CertificateId.LeafWithNoEku, CertificateId.Intermediate, DateTimeOffset.UtcNow, DateTimeOffset.UtcNow.AddYears(10), null, CertificateExtension.LeafCertificate); runner.IssueCertificate( CertificateId.LeafExpired, CertificateId.Intermediate, DateTimeOffset.UtcNow.AddHours(-2), DateTimeOffset.UtcNow.AddHours(-1), CertificateRequestExtension.CodeSigning, CertificateExtension.LeafCertificate); runner.IssueCertificate( CertificateId.LeafNotYetValid, CertificateId.Intermediate, DateTimeOffset.UtcNow.AddYears(9), DateTimeOffset.UtcNow.AddYears(10), CertificateRequestExtension.CodeSigning, CertificateExtension.LeafCertificate); runner.IssueCertificate( CertificateId.Leaf1024BitKeyLength, CertificateId.Intermediate, DateTimeOffset.UtcNow, DateTimeOffset.UtcNow.AddYears(10), CertificateRequestExtension.CodeSigning, CertificateExtension.LeafCertificate, keyLengthInBits: 1024); runner.IssueCertificate( CertificateId.LeafSha1, CertificateId.Intermediate, DateTimeOffset.UtcNow, DateTimeOffset.UtcNow.AddYears(10), CertificateRequestExtension.CodeSigning, CertificateExtension.LeafCertificate, signatureAlgorithm: SignatureAlgorithm.Sha1); runner.IssueCertificate( CertificateId.LeafNotCodeSigning, CertificateId.Intermediate, DateTimeOffset.UtcNow, DateTimeOffset.UtcNow.AddYears(10), CertificateRequestExtension.NotCodeSigning, CertificateExtension.LeafCertificate); runner.IssueCertificate( CertificateId.LeafNoCrlDistributionPoint, CertificateId.Intermediate, DateTimeOffset.UtcNow, DateTimeOffset.UtcNow.AddYears(10), CertificateRequestExtension.CodeSigning, CertificateExtension.LeafNoCrlCertificate); var allRevoked = new[] { new { Id = CertificateId.LeafRevokedUnspecified, Reason = RevocationReason.Unspecified, CompromiseTime = (DateTimeOffset?)null }, new { Id = CertificateId.LeafRevokedKeyCompromise, Reason = RevocationReason.KeyCompromise, CompromiseTime = (DateTimeOffset?)DateTimeOffset.UtcNow }, new { Id = CertificateId.LeafRevokedCaCompromise, Reason = RevocationReason.CaCompromise, CompromiseTime = (DateTimeOffset?)DateTimeOffset.UtcNow }, new { Id = CertificateId.LeafRevokedAffiliationChanged, Reason = RevocationReason.AffiliationChanged, CompromiseTime = (DateTimeOffset?)null }, new { Id = CertificateId.LeafRevokedSuperseded, Reason = RevocationReason.Superseded, CompromiseTime = (DateTimeOffset?)null }, new { Id = CertificateId.LeafRevokedCessationOfOperation, Reason = RevocationReason.CessationOfOperation, CompromiseTime = (DateTimeOffset?)null }, new { Id = CertificateId.LeafRevokedCertificateHold, Reason = RevocationReason.CertificateHold, CompromiseTime = (DateTimeOffset?)null }, new { Id = CertificateId.LeafRevokedRemoveFromCrl, Reason = RevocationReason.RemoveFromCrl, CompromiseTime = (DateTimeOffset?)null }, }; foreach (var revoked in allRevoked) { runner.IssueCertificate( revoked.Id, CertificateId.Intermediate, DateTimeOffset.UtcNow, DateTimeOffset.UtcNow.AddYears(10), CertificateRequestExtension.CodeSigning, CertificateExtension.LeafCertificate); runner.RevokeCertificate( revoked.Id, CertificateId.Intermediate, revoked.Reason, revoked.CompromiseTime); } runner.IssueCrl(CertificateId.Intermediate); }