public async Task <X509CertificateCollection> KeyVaultNewKeyPairRequestAsync()
{
Skip.If(!_fixture.KeyVaultInitOk);
X509CertificateCollection certCollection = new X509CertificateCollection();
string[] groups = await _keyVault.GetCertificateGroupIds();
foreach (string group in groups)
{
ApplicationTestData randomApp = _fixture.RandomGenerator.RandomApplicationTestData();
Guid requestId = Guid.NewGuid();
Opc.Ua.Gds.Server.X509Certificate2KeyPair newKeyPair = await _keyVault.NewKeyPairRequestAsync(
group,
requestId.ToString(),
randomApp.ApplicationRecord.ApplicationUri,
randomApp.Subject,
randomApp.DomainNames.ToArray(),
randomApp.PrivateKeyFormat,
randomApp.PrivateKeyPassword);
Assert.NotNull(newKeyPair);
Assert.False(newKeyPair.Certificate.HasPrivateKey);
Assert.True(Opc.Ua.Utils.CompareDistinguishedName(randomApp.Subject, newKeyPair.Certificate.Subject));
Assert.False(Opc.Ua.Utils.CompareDistinguishedName(newKeyPair.Certificate.Issuer, newKeyPair.Certificate.Subject));
X509Certificate2Collection issuerCerts = await _keyVault.GetIssuerCACertificateChainAsync(group);
Assert.NotNull(issuerCerts);
Assert.True(issuerCerts.Count >= 1);
X509TestUtils.VerifyApplicationCertIntegrity(
newKeyPair.Certificate,
newKeyPair.PrivateKey,
randomApp.PrivateKeyPassword,
randomApp.PrivateKeyFormat,
issuerCerts
);
certCollection.Add(newKeyPair.Certificate);
// disable and delete private key from KeyVault (requires set/delete rights)
await _keyVault.AcceptPrivateKeyAsync(group, requestId.ToString());
await _keyVault.DeletePrivateKeyAsync(group, requestId.ToString());
}
return(certCollection);
}
public async Task KeyVaultNewKeyPairLoadThenDeletePrivateKeyAsync()
{
Skip.If(!_fixture.KeyVaultInitOk);
string[] groups = await _keyVault.GetCertificateGroupIds();
foreach (string group in groups)
{
ApplicationTestData randomApp = _fixture.RandomGenerator.RandomApplicationTestData();
Guid requestId = Guid.NewGuid();
Opc.Ua.Gds.Server.X509Certificate2KeyPair newKeyPair = await _keyVault.NewKeyPairRequestAsync(
group,
requestId.ToString(),
randomApp.ApplicationRecord.ApplicationUri,
randomApp.Subject,
randomApp.DomainNames.ToArray(),
randomApp.PrivateKeyFormat,
randomApp.PrivateKeyPassword
);
Assert.NotNull(newKeyPair);
Assert.False(newKeyPair.Certificate.HasPrivateKey);
Assert.True(Opc.Ua.Utils.CompareDistinguishedName(randomApp.Subject, newKeyPair.Certificate.Subject));
Assert.False(Opc.Ua.Utils.CompareDistinguishedName(newKeyPair.Certificate.Issuer, newKeyPair.Certificate.Subject));
X509Certificate2Collection issuerCerts = await _keyVault.GetIssuerCACertificateChainAsync(group);
Assert.NotNull(issuerCerts);
Assert.True(issuerCerts.Count >= 1);
X509TestUtils.VerifyApplicationCertIntegrity(
newKeyPair.Certificate,
newKeyPair.PrivateKey,
randomApp.PrivateKeyPassword,
randomApp.PrivateKeyFormat,
issuerCerts
);
// test to load the key from KeyVault
var privateKey = await _keyVault.LoadPrivateKeyAsync(group, requestId.ToString(), randomApp.PrivateKeyFormat);
X509Certificate2 privateKeyX509;
if (randomApp.PrivateKeyFormat == "PFX")
{
privateKeyX509 = CertificateFactory.CreateCertificateFromPKCS12(privateKey, randomApp.PrivateKeyPassword);
}
else
{
privateKeyX509 = CertificateFactory.CreateCertificateWithPEMPrivateKey(newKeyPair.Certificate, privateKey, randomApp.PrivateKeyPassword);
}
Assert.True(privateKeyX509.HasPrivateKey);
X509TestUtils.VerifyApplicationCertIntegrity(
newKeyPair.Certificate,
privateKey,
randomApp.PrivateKeyPassword,
randomApp.PrivateKeyFormat,
issuerCerts
);
await _keyVault.AcceptPrivateKeyAsync(group, requestId.ToString());
await Assert.ThrowsAsync <KeyVaultErrorException>(async() =>
{
privateKey = await _keyVault.LoadPrivateKeyAsync(group, requestId.ToString(), randomApp.PrivateKeyFormat);
});
await _keyVault.AcceptPrivateKeyAsync(group, requestId.ToString());
await _keyVault.DeletePrivateKeyAsync(group, requestId.ToString());
await Assert.ThrowsAsync <KeyVaultErrorException>(async() =>
{
await _keyVault.DeletePrivateKeyAsync(group, requestId.ToString());
});
await Assert.ThrowsAsync <KeyVaultErrorException>(async() =>
{
privateKey = await _keyVault.LoadPrivateKeyAsync(group, requestId.ToString(), randomApp.PrivateKeyFormat);
});
}
}