public static async Task RSASignedCrlCreateWith1Test(SignatureType signature)
{
using (var mock = Setup()) {
IKeyStore keys = mock.Create <KeyDatabase>();
ICrlFactory factory = mock.Create <CrlFactory>();
using (var root = SignatureType.PS512.Create("CN=root", true))
using (var ca1 = root.Create(SignatureType.PS256, "CN=ca1", true))
using (var ca2 = root.Create(SignatureType.PS256, "CN=ca2", true))
using (var leaf1 = ca1.Create(SignatureType.RS256, "CN=leaf1"))
using (var leaf2 = ca1.Create(SignatureType.RS256, "CN=leaf2"))
using (var leaf3 = ca1.Create(SignatureType.RS256, "CN=leaf3")) {
var rootPrivateKey = root.ExportPrivateKey();
var rootPublicKey = rootPrivateKey.GetPublicKey();
var rootKeyHandle = await keys.ImportKeyAsync("ababa", rootPrivateKey,
new KeyStoreProperties { Exportable = true });
var next = DateTime.UtcNow + TimeSpan.FromDays(4);
next = next.Date;
var rootCert = root.ToCertificate(new IssuerPolicies(), rootKeyHandle);
var crl = await factory.CreateCrlAsync(rootCert, signature,
ca1.ToCertificate().YieldReturn(), next);
var privateKey = await keys.ExportKeyAsync(rootKeyHandle);
Assert.True(rootPrivateKey.SameAs(privateKey));
Assert.Equal(next, crl.NextUpdate);
Assert.Equal(root.Subject, crl.Issuer);
Assert.True(crl.IsRevoked(ca1.ToCertificate()));
Assert.False(crl.IsRevoked(ca2.ToCertificate()));
Assert.True(crl.HasValidSignature(rootCert));
}
}
}
public static async Task RsaCertificateCreateSelfSignedTestAsync()
{
using (var mock = Setup()) {
IKeyStore keys = mock.Create <KeyDatabase>();
IDigestSigner signer = mock.Create <KeyDatabase>();
ICertificateFactory factory = mock.Create <CertificateFactory>();
KeyHandle issuerKey;
Key issuerPublicKey;
using (var rsa1 = RSA.Create()) {
issuerKey = await keys.ImportKeyAsync("rsa1", rsa1.ToKey(),
new KeyStoreProperties { Exportable = true });
issuerPublicKey = rsa1.ToKey().GetPublicKey();
}
var now = DateTime.UtcNow;
var cert = await factory.CreateCertificateAsync(signer, issuerKey,
X500DistinguishedNameEx.Create("CN=leaf"), issuerPublicKey,
now, now + TimeSpan.FromMinutes(1), SignatureType.RS256, false, sn => {
return(new List <X509Extension>());
});
var privateKey = await keys.ExportKeyAsync(issuerKey);
using (cert) {
var certificate = cert.ToCertificate();
Assert.True(certificate.IsSelfSigned());
Assert.Equal(certificate.GetIssuerSerialNumberAsString(), certificate.GetSerialNumberAsString());
}
}
}