public static async Task RSASignedCrlCreateWith1Test(SignatureType signature) { using (var mock = Setup()) { IKeyStore keys = mock.Create <KeyDatabase>(); ICrlFactory factory = mock.Create <CrlFactory>(); using (var root = SignatureType.PS512.Create("CN=root", true)) using (var ca1 = root.Create(SignatureType.PS256, "CN=ca1", true)) using (var ca2 = root.Create(SignatureType.PS256, "CN=ca2", true)) using (var leaf1 = ca1.Create(SignatureType.RS256, "CN=leaf1")) using (var leaf2 = ca1.Create(SignatureType.RS256, "CN=leaf2")) using (var leaf3 = ca1.Create(SignatureType.RS256, "CN=leaf3")) { var rootPrivateKey = root.ExportPrivateKey(); var rootPublicKey = rootPrivateKey.GetPublicKey(); var rootKeyHandle = await keys.ImportKeyAsync("ababa", rootPrivateKey, new KeyStoreProperties { Exportable = true }); var next = DateTime.UtcNow + TimeSpan.FromDays(4); next = next.Date; var rootCert = root.ToCertificate(new IssuerPolicies(), rootKeyHandle); var crl = await factory.CreateCrlAsync(rootCert, signature, ca1.ToCertificate().YieldReturn(), next); var privateKey = await keys.ExportKeyAsync(rootKeyHandle); Assert.True(rootPrivateKey.SameAs(privateKey)); Assert.Equal(next, crl.NextUpdate); Assert.Equal(root.Subject, crl.Issuer); Assert.True(crl.IsRevoked(ca1.ToCertificate())); Assert.False(crl.IsRevoked(ca2.ToCertificate())); Assert.True(crl.HasValidSignature(rootCert)); } } }
/// <summary> /// Create database /// </summary> /// <param name="container"></param> /// <param name="factory"></param> /// <param name="logger"></param> /// <param name="certificates"></param> public CrlDatabase(IItemContainerFactory container, ICertificateStore certificates, ICrlFactory factory, ILogger logger) { _certificates = certificates ?? throw new ArgumentNullException(nameof(certificates)); _factory = factory ?? throw new ArgumentNullException(nameof(factory)); _logger = logger ?? throw new ArgumentNullException(nameof(logger)); _crls = container.OpenAsync("crls").Result.AsDocuments(); }