Esempio n. 1
0
        internal EcdsaCertificate(EVP_PKEY privateKey, X509 certificate, byte[] derCertData, string altNameString, byte[][] chain)
        {
            _certData      = derCertData;
            _key           = privateKey;
            _certificate   = certificate;
            _altNameString = altNameString;
            _chain         = chain ?? new byte[0][];

            _ecKey = EVP_PKEY_get0_EC_KEY(_key);
            var group     = EC_KEY_get0_group(_ecKey);
            var curveName = EC_GROUP_get_curve_name(group);

            _curveName = OBJ_nid2ln(curveName);
            switch (_curveName)
            {
            case "secp256r1":
                _scheme   = SignatureScheme.ecdsa_secp256r1_sha256;
                _hashType = HashType.SHA256;
                break;

            case "secp384r1":
                _scheme   = SignatureScheme.ecdsa_secp384r1_sha384;
                _hashType = HashType.SHA384;
                break;

            case "secp521r1":
                _scheme   = SignatureScheme.ecdsa_secp521r1_sha512;
                _hashType = HashType.SHA512;
                break;

            default:
                ExceptionHelper.ThrowException(new ArgumentException());
                break;
            }
        }
Esempio n. 2
0
 internal override void FromInternal(X509 certificateInformation)
 {
     base.FromInternal(certificateInformation);
     this.ClusterCertificateCommonNames      = certificateInformation.ClusterCertificateCommonNames;
     this.ServerCertificateCommonNames       = certificateInformation.ServerCertificateCommonNames;
     this.ReverseProxyCertificateCommonNames = certificateInformation.ReverseProxyCertificateCommonNames;
 }
Esempio n. 3
0
 internal override void FromInternal(X509 certificateInformation)
 {
     base.FromInternal(certificateInformation);
     this.ClusterCertificateIssuerStores = certificateInformation.ClusterCertificateIssuerStores;
     this.ServerCertificateIssuerStores  = certificateInformation.ServerCertificateIssuerStores;
     this.ClientCertificateIssuerStores  = certificateInformation.ClientCertificateIssuerStores;
 }
Esempio n. 4
0
        internal void GetCerts_TypeChange(out X509 currentCert, out X509 targetCert, int srcThumbprintCount, int srcCnCount, int targetThumbprintCount, int targetCnCount)
        {
            currentCert = null;
            targetCert  = null;

            if (srcThumbprintCount > 0)
            {
                currentCert = ConstructCertByThumbprint(CertThumbprint1, srcThumbprintCount > 1 ? CertThumbprint2 : null);
            }

            if (srcCnCount > 0)
            {
                currentCert = ConstructCertByCn(CertCn1, IssuerThumbprint1, srcCnCount > 1 ? CertCn2 : null, srcCnCount > 1 ? IssuerThumbprint2 : null);
            }

            if (targetThumbprintCount > 0)
            {
                targetCert = ConstructCertByThumbprint(CertThumbprint1, targetThumbprintCount > 1 ? CertThumbprint2 : null);
            }

            if (targetCnCount > 0)
            {
                targetCert = ConstructCertByCn(CertCn1, IssuerThumbprint1, targetCnCount > 1 ? CertCn2 : null, targetCnCount > 1 ? IssuerThumbprint2 : null);
            }
        }
Esempio n. 5
0
        internal static unsafe string GetNameString(X509 certificate)
        {
            var name     = X509_get_subject_name(certificate);
            var altIndex = X509_NAME_get_index_by_NID(name, NID_subject_alt_name, -1);

            if (altIndex < 0)
            {
                altIndex = X509_NAME_get_index_by_NID(name, NID_commonname, -1);
                if (altIndex < 0)
                {
                    return(null);
                }
            }
            var    entry     = X509_NAME_get_entry(name, altIndex);
            var    entryData = X509_NAME_ENTRY_get_data(entry);
            IntPtr buffer;
            var    dataLength = ASN1_STRING_to_UTF8(out buffer, entryData);

            try
            {
                return(Encoding.UTF8.GetString((byte *)buffer, dataLength));
            }
            finally
            {
                CRYPTO_clear_free(buffer, (UIntPtr)dataLength, "Interop.X509_NAME.cs", 42);
            }
        }
Esempio n. 6
0
        internal static X509 ConstructCertByCn(string cn1, string issuers1, string cn2 = null, string issuers2 = null)
        {
            X509 result = new X509()
            {
                ClusterCertificateCommonNames = new ServerCertificateCommonNames()
                {
                    CommonNames = new List <CertificateCommonNameBase>()
                    {
                        new CertificateCommonNameBase()
                        {
                            CertificateCommonName       = cn1,
                            CertificateIssuerThumbprint = issuers1
                        }
                    }
                }
            };

            if (cn2 != null)
            {
                result.ClusterCertificateCommonNames.CommonNames.Add(new CertificateCommonNameBase()
                {
                    CertificateCommonName = cn2, CertificateIssuerThumbprint = issuers2
                });
            }

            return(result);
        }
Esempio n. 7
0
        internal void GetCerts_AddThumbprint(out X509 currentCert, out X509 targetCert, bool addPrimary)
        {
            currentCert = ConstructCertByThumbprint(CertThumbprint1);

            targetCert = ConstructCertByThumbprint(
                addPrimary ? CertThumbprint2 : CertThumbprint1,
                addPrimary ? CertThumbprint1 : CertThumbprint2);
        }
Esempio n. 8
0
        internal void GetCerts_RemoveCn(out X509 currentCert, out X509 targetCert, bool removeCn1)
        {
            currentCert = ConstructCertByCn(CertCn1, IssuerThumbprint1, CertCn2, IssuerThumbprint2);

            targetCert = ConstructCertByCn(
                removeCn1 ? CertCn2 : CertCn1,
                removeCn1 ? IssuerThumbprint2 : IssuerThumbprint1);
        }
Esempio n. 9
0
        internal override X509 ToInternal()
        {
            X509 result = base.ToInternal();

            result.ClusterCertificateIssuerStores = this.ClusterCertificateIssuerStores;
            result.ServerCertificateIssuerStores  = this.ServerCertificateIssuerStores;
            result.ClientCertificateIssuerStores  = this.ClientCertificateIssuerStores;
            return(result);
        }
Esempio n. 10
0
        private AuthorityKeyIdentifier GetAKI()
        {
            if (X509 == null)
            {
                throw new HFCACertificateException("Certificate is null");
            }
            Asn1OctetString akiOc = X509.GetExtensionValue(X509Extensions.AuthorityKeyIdentifier);

            return(AuthorityKeyIdentifier.GetInstance(Asn1Sequence.GetInstance(akiOc.GetOctets())));
        }
Esempio n. 11
0
        internal override X509 ToInternal()
        {
            X509 result = base.ToInternal();

            result.ClusterCertificateCommonNames      = this.ClusterCertificateCommonNames;
            result.ServerCertificateCommonNames       = this.ServerCertificateCommonNames;
            result.ReverseProxyCertificateCommonNames = this.ReverseProxyCertificateCommonNames;

            return(result);
        }
Esempio n. 12
0
        internal void GetCerts_AddCn(out X509 currentCert, out X509 targetCert, bool addCn1)
        {
            currentCert = ConstructCertByCn(CertCn1, IssuerThumbprint1);

            targetCert = ConstructCertByCn(
                addCn1 ? CertCn2 : CertCn1,
                addCn1 ? IssuerThumbprint2 : IssuerThumbprint1,
                addCn1 ? CertCn1 : CertCn2,
                addCn1 ? IssuerThumbprint1 : IssuerThumbprint2);
        }
Esempio n. 13
0
        public static void V_Test_X509_CertIsValidNow()
        {
            Console.WriteLine("Testing X509_CertIsValidNow ...");
            bool   isValid     = false;
            string strCertName = null;

            strCertName = "myuser.cer";
            isValid     = X509.CertIsValidNow(strCertName);
            Console.WriteLine("X509_CertIsValidNow returns " + isValid + " for " + strCertName);
        }
    /// <summary>
    /// Example of a certificate verify function
    /// </summary>
    /// <param name="preverify"></param>
    /// <param name="store">pointer to a WOLFSSL_X509_STORE_CTX</param>
    /// <returns>size of key set</returns>
    public static int my_verify_cb(int preverify, IntPtr store)
    {
        if (store == IntPtr.Zero)
        {
            Console.WriteLine("store is null");
        }

        Console.WriteLine("Status of certificate verify = " + preverify);
        Console.WriteLine("Error value for cert store is " + wolfssl.X509_STORE_CTX_get_error(store));

        /* look at the current cert in store */
        try
        {
            X509 x509 = wolfssl.X509_STORE_CTX_get_current_cert(store);


            Console.WriteLine("Issuer : " + x509.Issuer);
            Console.WriteLine("Subject : " + x509.Subject);

            Console.WriteLine("PEM of certificate:");
            Console.WriteLine(System.Text.Encoding.UTF8.GetString(x509.Export()));

            Console.WriteLine("DER of certificate:");
            Console.WriteLine(BitConverter.ToString(x509.Export(wolfssl.SSL_FILETYPE_ASN1)));

            Console.WriteLine("Public key:");
            Console.WriteLine(BitConverter.ToString(x509.GetPublicKey()));
        }
        catch (Exception e)
        {
            Console.WriteLine("Unable to get X509's" + e);
        }

        /* list all certs in store */
        try
        {
            int    i;
            X509[] x509 = wolfssl.X509_STORE_CTX_get_certs(store);

            for (i = 0; i < x509.Length; i++)
            {
                Console.WriteLine("CERT[" + i + "]");
                Console.WriteLine("Issuer : " + x509[i].Issuer);
                Console.WriteLine("Subject : " + x509[i].Subject);
                Console.WriteLine("");
            }
        }
        catch (Exception e)
        {
            Console.WriteLine("Unable to get X509's" + e);
        }

        /* by returning 1 here we override any failure and report success */
        return(preverify);
    }
Esempio n. 15
0
 internal virtual void FromInternal(X509 certificateInformation)
 {
     if (certificateInformation != null)
     {
         this.ClusterCertificate           = certificateInformation.ClusterCertificate;
         this.ServerCertificate            = certificateInformation.ServerCertificate;
         this.ReverseProxyCertificate      = certificateInformation.ReverseProxyCertificate;
         this.ClientCertificateThumbprints = certificateInformation.ClientCertificateThumbprints;
         this.ClientCertificateCommonNames = certificateInformation.ClientCertificateCommonNames;
     }
 }
Esempio n. 16
0
        private static void GenerateX509Certificate(string password, string filename)
        {
            Log.Information("Generating X509 certificate...");
            filename = Path.Combine(AppContext.BaseDirectory, filename);

            var cert = X509.Generate(subject: AppName, password, X509KeyStorageFlags.Exportable);

            IOFile.WriteAllBytes(filename, cert.Export(X509ContentType.Pkcs12, password));

            Log.Information($"Password: {password}");
            Log.Information($"Certificate exported to {filename}");
        }
Esempio n. 17
0
        protected override ValidationResult IsValid(object value, ValidationContext validationContext)
        {
            if (value != null)
            {
                var cert = (CertificateOptions)value;

                if (!string.IsNullOrEmpty(cert.Pfx) && !X509.TryValidate(cert.Pfx, cert.Password, out var certResult))
                {
                    return(new ValidationResult($"Invalid HTTPs certificate: {certResult}"));
                }
            }

            return(ValidationResult.Success);
        }
Esempio n. 18
0
        public static void V_Test_X509_CertRequest()
        {
            Console.WriteLine("Testing X509_CertRequest ...");
            int nRet = 0;

            nRet = X509.CertRequest("myreq.p10.txt", "mykey.epk", "CN=myuser,O=Test Org,C=AU,L=Sydney,S=NSW", "password", 0);
            if (nRet != 0)
            {
                Console.WriteLine(nRet + " " + General.LastError());
            }
            else
            {
                Console.WriteLine("Success");
            }
        }
Esempio n. 19
0
        public static void V_Test_X509_CertExpiresOn()
        {
            Console.WriteLine("Testing X509_CertExpiresOn ...");
            string strCertName   = null;
            string strDateTime   = null;
            string strDateTime2  = null;
            string strIssuerName = null;
            string strCertOwner  = null;

            strCertName   = "myuser.cer";
            strCertOwner  = X509.CertSubjectName(strCertName, ";");
            strDateTime   = X509.CertIssuedOn(strCertName);
            strDateTime2  = X509.CertExpiresOn(strCertName);
            strIssuerName = X509.CertIssuerName(strCertName, ";");
            Console.WriteLine($"{strCertName} issued for {strCertOwner} on {strDateTime}, expired on {strDateTime2} by {strIssuerName}");
        }
Esempio n. 20
0
        private static ICertificate GetCertificate(EVP_PKEY key, X509 x509, byte[] derCertificateData, string altName, byte[][] certChain)
        {
            var name = OBJ_nid2ln(EVP_PKEY_base_id(key));

            switch (name)
            {
            case "id-ecPublicKey":
                return(new EcdsaCertificate(key, x509, derCertificateData, altName, certChain));

            case "rsaEncryption":
                return(new RsaCertificate(key, x509, derCertificateData, altName));

            default:
                throw new NotImplementedException();
            }
        }
Esempio n. 21
0
        public unsafe ICertificate LoadPfx12(string filename, string password)
        {
            var    bytes       = System.IO.File.ReadAllBytes(filename);
            IntPtr pk12Pointer = IntPtr.Zero;
            IntPtr stackPtr;

            fixed(byte *ptr = bytes)
            {
                byte *ptr2 = ptr;

                pk12Pointer = d2i_PKCS12(ref pk12Pointer, ref ptr2, bytes.Length);
            }

            try
            {
                EVP_PKEY key;
                X509     x509;
                ThrowOnError(PKCS12_parse(pk12Pointer, password, out key, out x509, out stackPtr));
                var altString     = GetNameString(x509);
                var numberinstack = OPENSSL_sk_num(stackPtr);
                if (numberinstack == -1)
                {
                    numberinstack = 0;
                }
                else
                {
                    numberinstack -= 1;
                    OPENSSL_sk_pop(stackPtr);
                }
                var certlist = new byte[numberinstack][];
                for (int i = 0; i < numberinstack; i++)
                {
                    var currentCert = OPENSSL_sk_pop(stackPtr);
                    certlist[i] = GetCertDER(currentCert);
                    var c = new X509();
                    c.Ptr = currentCert;
                    var tring = GetNameString(c);
                }
                OPENSSL_sk_free(stackPtr);

                return(GetCertificate(key, x509, GetCertDER(x509.Ptr), altString, certlist.Reverse().ToArray()));
            }
            finally
            {
                PKCS12_free(pk12Pointer);
            }
        }
        public static IServiceCollection AddDatabase(this IServiceCollection services, IConfiguration configuration)
        {
            // Registers databases
            services.AddScoped <Database>();
            services.AddScoped <Database1>();
            services.AddScoped <Database2>();
            services.AddScoped <Database3>();
            services.AddScoped <Database4>();
            services.AddScoped <Database5>();

            // Configures database options
            services.Configure <DatabaseOptions>(configuration);

            // Decrypts database connection string
            var rsa = X509.GetRSAPrivateKey(configuration.GetValue <string>(X509.CertFileName), configuration.GetValue <string>(X509.CertFileKey));

            services.Configure <DatabaseOptions>(options => {
                if (!string.IsNullOrEmpty(options.DefaultConnection))
                {
                    options.DefaultConnection = rsa.Decrypt(options.DefaultConnection);
                }
                if (!string.IsNullOrEmpty(options.Connection1))
                {
                    options.Connection1 = rsa.Decrypt(options.Connection1);
                }
                if (!string.IsNullOrEmpty(options.Connection2))
                {
                    options.Connection2 = rsa.Decrypt(options.Connection2);
                }
                if (!string.IsNullOrEmpty(options.Connection3))
                {
                    options.Connection3 = rsa.Decrypt(options.Connection3);
                }
                if (!string.IsNullOrEmpty(options.Connection4))
                {
                    options.Connection4 = rsa.Decrypt(options.Connection4);
                }
                if (!string.IsNullOrEmpty(options.Connection5))
                {
                    options.Connection5 = rsa.Decrypt(options.Connection5);
                }
            });

            return(services);
        }
Esempio n. 23
0
        public static void V_Test_X509_MakeCertSelf()
        {
            Console.WriteLine("Testing X509_MakeCertSelf ...");
            int nRet = 0;

            X509.KeyUsageOptions kuoKeyUsage = default(X509.KeyUsageOptions);

            kuoKeyUsage = X509.KeyUsageOptions.DigitalSignature | X509.KeyUsageOptions.KeyCertSign | X509.KeyUsageOptions.CrlSign;
            nRet        = X509.MakeCertSelf("myca.cer", "myca.epk", 99, 10, "CN=My CA,O=Test Org,OU=Certificate Services", "", kuoKeyUsage, "password", 0);
            if (nRet != 0)
            {
                Console.WriteLine(nRet + " " + General.LastError());
            }
            else
            {
                Console.WriteLine("Success");
            }
        }
Esempio n. 24
0
        private void Create_Click(object sender, RoutedEventArgs e)
        {
            try
            {
                model.Validate();

                Mouse.OverrideCursor = Cursors.Wait;

                var crt = X509.CreateCertificate(model);

                using (var certProvider = new CertProvider()
                {
                    AppendOnly = true
                })
                {
                    certProvider.IsRoot = !model.SignByCertificateAuthority;
                    if (model.SignByCertificateAuthority)
                    {
                        certProvider.IssuerThumbprint = model.CertificateAuthority;
                    }
                    certProvider.Append(crt);
                }

                model.Value = crt;
                Result      = model;
                Close();
            }
            catch (Exception ex)
            {
                if (ex is ValueException vex)
                {
                    MessageBox.Show(vex.Message, "Invalid Value", MessageBoxButton.OK, MessageBoxImage.Warning);
                    this.Focus(vex.PropertyName);
                }
                else
                {
                    MessageBox.Show(ex.Message, "Error", MessageBoxButton.OK, MessageBoxImage.Error);
                }
            }
            finally
            {
                Mouse.OverrideCursor = null;
            }
        }
Esempio n. 25
0
        public static void V_Test_X509_VerifyCert()
        {
            Console.WriteLine("Testing X509_VerifyCert ...");
            // Returns 0 if OK, -1 if fails to validate, or +ve other error
            int nRet = 0;

            nRet = X509.VerifyCert("myuser.cer", "myca.cer");
            if (nRet == 0)
            {
                Console.WriteLine("Verification is OK");
            }
            else if (nRet > 0)
            {
                Console.WriteLine("Error: " + nRet + General.LastError());
            }
            else
            {
                Console.WriteLine("Cert not issued by this Issuer");
            }
        }
        internal void InternalValidateClusterCnUpdateTest(
            string originalCns,
            string updatedCns,
            ClusterManagementErrorCode?expectedErrorCode = null)
        {
            Utility.ValidateExpectedValidationException(
                delegate
            {
                X509 originalSecurity = new X509()
                {
                    ClusterCertificateCommonNames = new ServerCertificateCommonNames()
                    {
                        CommonNames = new List <CertificateCommonNameBase>(originalCns.Split(',').ToList().Select(p => new CertificateCommonNameBase()
                        {
                            CertificateCommonName = p
                        }))
                    }
                };
                X509 updatedSecurity = new X509()
                {
                    ClusterCertificateCommonNames = new ServerCertificateCommonNames()
                    {
                        CommonNames = new List <CertificateCommonNameBase>(updatedCns.Split(',').ToList().Select(p => new CertificateCommonNameBase()
                        {
                            CertificateCommonName = p
                        }))
                    }
                };

                List <string> originalThumbprintsOrCns = StandaloneSettingsValidator.GetClusterCertUniqueThumbprintsOrCommonNames(originalSecurity);
                List <string> updatedThumbprintsOrCns  = StandaloneSettingsValidator.GetClusterCertUniqueThumbprintsOrCommonNames(updatedSecurity);

                StandaloneSettingsValidator.ValidateClusterCertificateThumbprintAndCnUpdate(
                    originalThumbprintsOrCns,
                    updatedThumbprintsOrCns,
                    false,
                    false);
            },
                expectedErrorCode);
        }
Esempio n. 27
0
        public void ConfigureServices(IServiceCollection services)
        {
            services.Configure <CookiePolicyOptions>(options =>
            {
                options.MinimumSameSitePolicy = SameSiteMode.Unspecified;
                options.OnAppendCookie        = cookieContext =>
                                                CheckSameSite(cookieContext.Context, cookieContext.CookieOptions);
                options.OnDeleteCookie = cookieContext =>
                                         CheckSameSite(cookieContext.Context, cookieContext.CookieOptions);
            });

            // uncomment, if you want to add an MVC-based UI
            services.AddControllersWithViews();

            var builder = services.AddIdentityServer()
                          .AddSigningCredential(X509.GetCertificate(Configuration["SigningCertThumprint"])) // signing.crt thumbprint
                          .AddValidationKey(X509.GetCertificate(Configuration["ValidationCertThumbprint"])) // validation.crt thumbprint
                          .AddInMemoryIdentityResources(Config.Ids)
                          .AddInMemoryApiResources(Config.Apis)
                          .AddInMemoryClients(Config.Clients)
                          .AddTestUsers(Config.GetUsers());

            // not recommended for production - you need to store your key material somewhere secure
            if (Environment.IsDevelopment())
            {
                builder.AddDeveloperSigningCredential();
            }

            services.AddAuthentication()
            .AddGoogle("Google", options =>
            {
                options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;
                options.SaveTokens   = true;
                options.ClientId     = Config.GoogleClientId;
                options.ClientSecret = Config.GoogleClientSecrect;
                //options.CorrelationCookie.SameSite = SameSiteMode.Lax;
            });
        }
Esempio n. 28
0
        public static void V_Test_X509_MakeCert()
        {
            Console.WriteLine("Testing X509_MakeCert ...");
            int    nRet                 = 0;
            string strNewCertFile       = null;
            string strIssuerCert        = null;
            string strSubjectPubKeyFile = null;
            string strIssuerPriKeyFile  = null;
            string strPassword          = null;
            int    nCertNum             = 0;
            int    nYearsValid          = 0;
            string strDistName          = null;
            string strEmail             = null;

            strNewCertFile       = "myuser.cer";
            strIssuerCert        = "myca.cer";
            strSubjectPubKeyFile = "myuser.pub";
            strIssuerPriKeyFile  = "myca.epk";
            strPassword          = "******";
            //!!
            nCertNum    = 0x101;
            nYearsValid = 4;
            strDistName = "CN=My User,O=Test Org,OU=Unit,C=AU,L=My Town,S=State,[email protected]";
            strEmail    = "*****@*****.**";

            nRet = X509.MakeCert(strNewCertFile, strIssuerCert, strSubjectPubKeyFile, strIssuerPriKeyFile, nCertNum, nYearsValid, strDistName, strEmail, 0, strPassword,
                                 0);
            if (nRet != 0)
            {
                Console.WriteLine(nRet + " " + General.LastError());
            }
            else
            {
                Console.WriteLine("Success, created X.509 cert " + strNewCertFile);
            }
        }
Esempio n. 29
0
        internal void VerifyFlow_TypeChange(X509 currentCert, X509 targetCert, List <CertificateClusterUpgradeStep> steps)
        {
            Assert.AreEqual(3, steps.Count);

            int           srcThumbprintCount    = currentCert.ClusterCertificate == null ? 0 : (currentCert.ClusterCertificate.ThumbprintSecondary != null ? 2 : 1);
            int           srcCnCount            = currentCert.ClusterCertificateCommonNames == null ? 0 : (currentCert.ClusterCertificateCommonNames.CommonNames.Count > 1 ? 2: 1);
            int           targetThumbprintCount = targetCert.ClusterCertificate == null ? 0 : (targetCert.ClusterCertificate.ThumbprintSecondary != null ? 2 : 1);
            int           targetCnCount         = targetCert.ClusterCertificateCommonNames == null ? 0 : (targetCert.ClusterCertificateCommonNames.CommonNames.Count > 1 ? 2 : 1);
            int           totalThumbprintCount  = srcThumbprintCount + targetThumbprintCount;
            int           totalCnCount          = srcCnCount + targetCnCount;
            int           totalCount            = totalThumbprintCount + totalCnCount;
            List <string> srcThumbprints        = srcThumbprintCount == 0 ? new List <string>() : currentCert.ClusterCertificate.ToThumbprintList();
            List <string> srcCns                  = srcCnCount == 0 ? new List <string>() : currentCert.ClusterCertificateCommonNames.CommonNames.Select(p => p.CertificateCommonName).ToList();
            List <string> targetThumbprints       = targetThumbprintCount == 0 ? new List <string>() : targetCert.ClusterCertificate.ToThumbprintList();
            Dictionary <string, string> targetCns = targetCnCount == 0 ? new Dictionary <string, string>() : targetCert.ClusterCertificateCommonNames.CommonNames.ToDictionary(p => p.CertificateCommonName, p => p.CertificateIssuerThumbprint);
            List <string> allThumbprints          = srcThumbprints.Concat(targetThumbprints).ToList();
            List <string> allCns                  = srcCns.Concat(targetCns.Keys).ToList();

            CertificateClusterUpgradeStep step = steps[0];

            Assert.AreEqual(totalCount, step.ThumbprintWhiteList.Count + step.CommonNameWhiteList.Count);
            Assert.AreEqual(totalThumbprintCount, step.ThumbprintWhiteList.Count);
            Assert.IsTrue(allThumbprints.All(p => step.ThumbprintWhiteList.Contains(p)));
            Assert.AreEqual(totalCnCount, step.CommonNameWhiteList.Count);
            Assert.IsTrue(allCns.All(p => step.CommonNameWhiteList.Keys.Contains(p)));
            Assert.IsFalse(step.CommonNameWhiteList.Values.Any(p => p == null));

            Assert.AreSame(currentCert.ClusterCertificate, step.ThumbprintLoadList);
            Assert.AreSame(currentCert.ClusterCertificateCommonNames, step.CommonNameLoadList);

            Assert.AreSame(currentCert.ClusterCertificate, step.ThumbprintFileStoreSvcList);
            Assert.AreSame(currentCert.ClusterCertificateCommonNames, step.CommonNameFileStoreSvcList);

            step = steps[1];

            Assert.AreEqual(totalCount, step.ThumbprintWhiteList.Count + step.CommonNameWhiteList.Count);
            Assert.AreEqual(totalThumbprintCount, step.ThumbprintWhiteList.Count);
            Assert.IsTrue(allThumbprints.All(p => step.ThumbprintWhiteList.Contains(p)));
            Assert.AreEqual(totalCnCount, step.CommonNameWhiteList.Count);
            Assert.IsTrue(allCns.All(p => step.CommonNameWhiteList.Keys.Contains(p)));
            Assert.IsFalse(step.CommonNameWhiteList.Values.Any(p => p == null));

            Assert.AreSame(targetCert.ClusterCertificate, step.ThumbprintLoadList);
            Assert.AreSame(targetCert.ClusterCertificateCommonNames, step.CommonNameLoadList);

            Assert.AreEqual(totalThumbprintCount, step.ThumbprintFileStoreSvcList.ToThumbprintList().Count);
            Assert.IsTrue(allThumbprints.All(p => step.ThumbprintFileStoreSvcList.ToThumbprintList().Contains(p)));
            Assert.AreEqual(totalCnCount, step.CommonNameFileStoreSvcList.CommonNames.Count);
            Assert.IsTrue(allCns.All(p => step.CommonNameFileStoreSvcList.CommonNames.Select(q => q.CertificateCommonName).Contains(p)));

            step = steps[2];

            List <string> finalThumbprintWhiteList       = step.ThumbprintWhiteList == null ? new List <string>() : step.ThumbprintWhiteList;
            Dictionary <string, string> finalCnWhiteList = step.CommonNameWhiteList == null ? new Dictionary <string, string>() : step.CommonNameWhiteList;

            Assert.AreEqual(targetThumbprintCount + targetCnCount, finalThumbprintWhiteList.Count + finalCnWhiteList.Count);
            Assert.AreEqual(targetThumbprintCount, finalThumbprintWhiteList.Count);
            Assert.IsTrue(targetThumbprints.All(p => finalThumbprintWhiteList.Contains(p)));
            Assert.AreEqual(targetCnCount, finalCnWhiteList.Count);
            Assert.IsTrue(targetCns.Keys.All(p => finalCnWhiteList.Keys.Contains(p)));
            Assert.IsTrue(targetCns.Values.All(p => finalCnWhiteList.Values.Contains(p)));
            Assert.IsFalse(targetCns.Values.Any(p => p == null));

            Assert.AreSame(targetCert.ClusterCertificate, step.ThumbprintLoadList);
            Assert.AreSame(targetCert.ClusterCertificateCommonNames, step.CommonNameLoadList);

            Assert.AreSame(targetCert.ClusterCertificate, step.ThumbprintFileStoreSvcList);
            Assert.AreSame(targetCert.ClusterCertificateCommonNames, step.CommonNameFileStoreSvcList);
        }
Esempio n. 30
0
        internal void GetCerts_Swap(out X509 currentCert, out X509 targetCert)
        {
            currentCert = ConstructCertByThumbprint(CertThumbprint1, CertThumbprint2);

            targetCert = ConstructCertByThumbprint(CertThumbprint2, CertThumbprint1);
        }
Esempio n. 31
0
 public static X509Certificate ToX509Certificate(X509.X509Certificate x509Cert)
 {
     return new X509Certificate(x509Cert.GetEncoded());
 }