public async Task <X509CertificateCollection> KeyVaultNewKeyPairRequestAsync() { Skip.If(!_fixture.KeyVaultInitOk); X509CertificateCollection certCollection = new X509CertificateCollection(); string[] groups = await _keyVault.GetCertificateGroupIds(); foreach (string group in groups) { ApplicationTestData randomApp = _fixture.RandomGenerator.RandomApplicationTestData(); Guid requestId = Guid.NewGuid(); Opc.Ua.Gds.Server.X509Certificate2KeyPair newKeyPair = await _keyVault.NewKeyPairRequestAsync( group, requestId.ToString(), randomApp.ApplicationRecord.ApplicationUri, randomApp.Subject, randomApp.DomainNames.ToArray(), randomApp.PrivateKeyFormat, randomApp.PrivateKeyPassword); Assert.NotNull(newKeyPair); Assert.False(newKeyPair.Certificate.HasPrivateKey); Assert.True(Opc.Ua.Utils.CompareDistinguishedName(randomApp.Subject, newKeyPair.Certificate.Subject)); Assert.False(Opc.Ua.Utils.CompareDistinguishedName(newKeyPair.Certificate.Issuer, newKeyPair.Certificate.Subject)); X509Certificate2Collection issuerCerts = await _keyVault.GetIssuerCACertificateChainAsync(group); Assert.NotNull(issuerCerts); Assert.True(issuerCerts.Count >= 1); X509TestUtils.VerifyApplicationCertIntegrity( newKeyPair.Certificate, newKeyPair.PrivateKey, randomApp.PrivateKeyPassword, randomApp.PrivateKeyFormat, issuerCerts ); certCollection.Add(newKeyPair.Certificate); // disable and delete private key from KeyVault (requires set/delete rights) await _keyVault.AcceptPrivateKeyAsync(group, requestId.ToString()); await _keyVault.DeletePrivateKeyAsync(group, requestId.ToString()); } return(certCollection); }
public async Task KeyVaultNewKeyPairLoadThenDeletePrivateKeyAsync() { Skip.If(!_fixture.KeyVaultInitOk); string[] groups = await _keyVault.GetCertificateGroupIds(); foreach (string group in groups) { ApplicationTestData randomApp = _fixture.RandomGenerator.RandomApplicationTestData(); Guid requestId = Guid.NewGuid(); Opc.Ua.Gds.Server.X509Certificate2KeyPair newKeyPair = await _keyVault.NewKeyPairRequestAsync( group, requestId.ToString(), randomApp.ApplicationRecord.ApplicationUri, randomApp.Subject, randomApp.DomainNames.ToArray(), randomApp.PrivateKeyFormat, randomApp.PrivateKeyPassword ); Assert.NotNull(newKeyPair); Assert.False(newKeyPair.Certificate.HasPrivateKey); Assert.True(Opc.Ua.Utils.CompareDistinguishedName(randomApp.Subject, newKeyPair.Certificate.Subject)); Assert.False(Opc.Ua.Utils.CompareDistinguishedName(newKeyPair.Certificate.Issuer, newKeyPair.Certificate.Subject)); X509Certificate2Collection issuerCerts = await _keyVault.GetIssuerCACertificateChainAsync(group); Assert.NotNull(issuerCerts); Assert.True(issuerCerts.Count >= 1); X509TestUtils.VerifyApplicationCertIntegrity( newKeyPair.Certificate, newKeyPair.PrivateKey, randomApp.PrivateKeyPassword, randomApp.PrivateKeyFormat, issuerCerts ); // test to load the key from KeyVault var privateKey = await _keyVault.LoadPrivateKeyAsync(group, requestId.ToString(), randomApp.PrivateKeyFormat); X509Certificate2 privateKeyX509; if (randomApp.PrivateKeyFormat == "PFX") { privateKeyX509 = CertificateFactory.CreateCertificateFromPKCS12(privateKey, randomApp.PrivateKeyPassword); } else { privateKeyX509 = CertificateFactory.CreateCertificateWithPEMPrivateKey(newKeyPair.Certificate, privateKey, randomApp.PrivateKeyPassword); } Assert.True(privateKeyX509.HasPrivateKey); X509TestUtils.VerifyApplicationCertIntegrity( newKeyPair.Certificate, privateKey, randomApp.PrivateKeyPassword, randomApp.PrivateKeyFormat, issuerCerts ); await _keyVault.AcceptPrivateKeyAsync(group, requestId.ToString()); await Assert.ThrowsAsync <KeyVaultErrorException>(async() => { privateKey = await _keyVault.LoadPrivateKeyAsync(group, requestId.ToString(), randomApp.PrivateKeyFormat); }); await _keyVault.AcceptPrivateKeyAsync(group, requestId.ToString()); await _keyVault.DeletePrivateKeyAsync(group, requestId.ToString()); await Assert.ThrowsAsync <KeyVaultErrorException>(async() => { await _keyVault.DeletePrivateKeyAsync(group, requestId.ToString()); }); await Assert.ThrowsAsync <KeyVaultErrorException>(async() => { privateKey = await _keyVault.LoadPrivateKeyAsync(group, requestId.ToString(), randomApp.PrivateKeyFormat); }); } }