public void MicrosoftCertificateAuthority_Sign_CngEcdsa256_CertificateAuthorityRequestResponse_Issued()
{
string templateName = "ServerAuthentication-CngEcdsa";
int keysize = 256;
string commonName = "domain.com";
WindowsApi api = WindowsApi.Cng;
CipherAlgorithm cipher = CipherAlgorithm.ECDSA;
KeyUsage keyUsage = KeyUsage.ServerAuthentication;
CertificateSubject subject = new CertificateSubject(commonName);
Win32CertificateProvider provider = new Win32CertificateProvider();
CertificateRequest csr = provider.CreateCsrKeyPair(subject, cipher, keysize, api, SigningRequestProtocol.Pkcs10);
MicrosoftCertificateAuthority ca = new MicrosoftCertificateAuthority(new MicrosoftCertificateAuthorityOptions()
{
AuthenticationRealm = domain,
AuthenticationType = MicrosoftCertificateAuthorityAuthenticationType.UsernamePassword,
HashAlgorithm = HashAlgorithm.SHA256,
ServerName = caServerName,
CommonName = caCommonName,
Username = username,
Password = password
});
CertificateAuthorityRequestResponse response = ca.Sign(csr, templateName, keyUsage);
Assert.AreEqual(CertificateRequestStatus.Issued, response.CertificateRequestStatus);
}
public static void ClassInitialize(TestContext testContext)
{
Win32CertificateProvider certificateProvider = new Win32CertificateProvider();
CertificateSubject subject = new CertificateSubject("Win32CertificateProviderTests.Cng.Rsa.2048");
certificateProvider.CreateSelfSignedCertificate(subject, CipherAlgorithm.RSA, 2048, WindowsApi.Cng);
}
public void CertificateRequest_Constructor_NullSubject_ArgumentNullException()
{
ICertificateProvider provider = new Win32CertificateProvider();
CertificateSubject subject = null;
List <string> san = new List <string>();
new CertificateRequest(subject);
}
public void Win32CertificateProvider_GetCngKey_CngRsa_ReturnsCngKey()
{
X509Certificate2 cert = GetCertificate("Win32CertificateProviderTests.Cng.Rsa.2048");
Win32CertificateProvider provider = new Win32CertificateProvider();
CngKey key = provider.GetCngKey(cert);
Assert.IsNotNull(key.UniqueName);
}
public void Win32CertificateProvider_CreateCsrKeyPair_CryptoApiEcdh_AlgorithmNotSupportedByProviderException()
{
int keysize = 2048;
string commonName = "domain.com";
WindowsApi api = WindowsApi.CryptoApi;
CipherAlgorithm cipher = CipherAlgorithm.ECDH;
CertificateSubject subject = new CertificateSubject(commonName);
Win32CertificateProvider provider = new Win32CertificateProvider();
provider.CreateCsrKeyPair(subject, cipher, keysize, api, SigningRequestProtocol.Pkcs10);
}
public void Win32CertificateProvider_CreateCsrKeyPair_ManagedPrivateKey_IsTrue()
{
int keysize = 256;
string commonName = "domain.com";
WindowsApi api = WindowsApi.Cng;
CipherAlgorithm cipher = CipherAlgorithm.ECDSA;
CertificateSubject subject = new CertificateSubject(commonName);
Win32CertificateProvider provider = new Win32CertificateProvider();
CertificateRequest csr = provider.CreateCsrKeyPair(subject, cipher, keysize, api, SigningRequestProtocol.Pkcs10);
Assert.IsTrue(csr.ManagedPrivateKey);
}
public void Win32CertificateProvider_CreateCsrKeyPair_CngEcdh256_EncodedCsr_IsNotNull()
{
int keysize = 256;
string commonName = "domain.com";
WindowsApi api = WindowsApi.Cng;
CipherAlgorithm cipher = CipherAlgorithm.ECDH;
CertificateSubject subject = new CertificateSubject(commonName);
Win32CertificateProvider provider = new Win32CertificateProvider();
CertificateRequest csr = provider.CreateCsrKeyPair(subject, cipher, keysize, api, SigningRequestProtocol.Pkcs10);
Assert.IsNotNull(csr.EncodedCsr);
}
private void InitializeApp(IServiceCollection services, AppSettings appSettings)
{
//singleton pattern here was a huge mistake, i'm going to fix this.
LiteDbConfigurationRepository configurationRepository = new LiteDbConfigurationRepository(databaseLocator.GetConfigurationRepositoryConnectionString());
appConfig = configurationRepository.GetAppConfig();
ActiveDirectoryRepository activeDirectory = new ActiveDirectoryRepository();
EncryptionProvider cipher = new EncryptionProvider(appConfig.EncryptionKey);
services.AddSingleton <EncryptionProvider>(cipher);
services.AddSingleton <IActiveDirectoryAuthenticator>(activeDirectory);
services.AddSingleton <IActiveDirectoryRepository>(activeDirectory);
IdentityAuthenticationLogic identityAuthenticationLogic = new IdentityAuthenticationLogic(configurationRepository, activeDirectory);
services.AddSingleton <IdentityAuthenticationLogic>();
ICertificateRepository certificateRepository = new LiteDbCertificateRepository(databaseLocator.GetCertificateRepositoryConnectionString());
RuntimeCacheRepository runtimeCacheRepository = null;
LiteDbAuditRepository auditRepository = new LiteDbAuditRepository(databaseLocator.GetAuditRepositoryConnectionString());
IAuditLogic auditLogic = new AuditLogic(auditRepository, configurationRepository);
services.AddSingleton <IAuditLogic>(auditLogic);
IAuthorizationLogic authorizationLogic = new AuthorizationLogic(configurationRepository, auditLogic);
IScriptManagementLogic scriptManagement = new ScriptManagementLogic(configurationRepository, authorizationLogic);
services.AddSingleton <IScriptManagementLogic>(scriptManagement);
IPowershellEngine powershellEngine = new PowershellEngine(auditLogic, scriptManagement);
services.AddSingleton <IPowershellEngine>(powershellEngine);
RoleManagementLogic roleManagementLogic = new RoleManagementLogic(configurationRepository, authorizationLogic);
services.AddSingleton <RoleManagementLogic>(roleManagementLogic);
UserManagementLogic userManagementLogic = new UserManagementLogic(configurationRepository, authorizationLogic);
services.AddSingleton <UserManagementLogic>(userManagementLogic);
SecurityPrincipalLogic securityPrincipalLogic = new SecurityPrincipalLogic(roleManagementLogic, userManagementLogic);
services.AddSingleton <SecurityPrincipalLogic>();
AdcsTemplateLogic adcsTemplateLogic = new AdcsTemplateLogic(configurationRepository, activeDirectory);
services.AddSingleton <AdcsTemplateLogic>(adcsTemplateLogic);
services.AddSingleton <IAuthorizationLogic>(authorizationLogic);
services.AddSingleton <IConfigurationRepository>(configurationRepository);
ICertificateProvider certificateProvider = new Win32CertificateProvider();
services.AddSingleton <ICertificateProvider>(certificateProvider);
services.AddSingleton <ICertificateRepository>(certificateRepository);
ActiveDirectoryIdentityProviderLogic activeDirectoryIdentityProviderLogic = new ActiveDirectoryIdentityProviderLogic(configurationRepository);
services.AddSingleton <ActiveDirectoryIdentityProviderLogic>(activeDirectoryIdentityProviderLogic);
certificateManagementLogic = new CertificateManagementLogic(
configurationRepository,
certificateRepository,
authorizationLogic,
auditLogic,
securityPrincipalLogic,
cipher);
services.AddSingleton <CertificateManagementLogic>(certificateManagementLogic);
PrivateCertificateProcessing privateCertificateProcessing = new PrivateCertificateProcessing(certificateRepository, configurationRepository, certificateProvider, authorizationLogic, adcsTemplateLogic, auditLogic);
services.AddSingleton <IPrivateCertificateProcessing>(privateCertificateProcessing);
services.AddSingleton <NodeLogic>(new NodeLogic(configurationRepository, authorizationLogic, activeDirectoryIdentityProviderLogic, powershellEngine, auditLogic, certificateManagementLogic, privateCertificateProcessing));
services.AddSingleton <IRuntimeConfigurationState>(
new RuntimeConfigurationState(configurationRepository, runtimeCacheRepository)
{
InitialSetupComplete = initialSetupComplete
});
services.AddSingleton <IClientsideConfigurationProvider>(new ClientsideConfigurationProvider(configurationRepository));
services.AddSingleton <AnalyticsLogic>(new AnalyticsLogic(configurationRepository, certificateRepository, auditRepository));
services.AddSingleton <DataRenderingProvider>(new DataRenderingProvider());
oidcLogic = new OpenIdConnectIdentityProviderLogic(configurationRepository, authorizationLogic);
services.AddSingleton <IOpenIdConnectIdentityProviderLogic>(oidcLogic);
}
public void CertificateRequest_Constructor_ValidInput_EncodedCsrPublicPropertySet()
{
CertificateSubject subject = new CertificateSubject("domain.com");
ICertificateProvider provider = new Win32CertificateProvider();
}
