/// <summary> /// Create revoker /// </summary> /// <param name="store"></param> /// <param name="issuer"></param> /// <param name="crls"></param> public CertificateRevoker(ICertificateStore store, ICertificateIssuer issuer, ICrlRepository crls) { _store = store ?? throw new ArgumentNullException(nameof(store)); _crls = crls ?? throw new ArgumentNullException(nameof(crls)); _issuer = issuer ?? throw new ArgumentNullException(nameof(issuer)); }
/// <summary> /// Setup mock /// </summary> /// <param name="mock"></param> /// <param name="provider"></param> private static AutoMock Setup( Func <IEnumerable <IDocumentInfo <VariantValue> >, string, IEnumerable <IDocumentInfo <VariantValue> > > provider, out ICertificateIssuer issuer, out Mock <IKeyVaultClient> client) { var keyVault = client = new Mock <IKeyVaultClient>(); var config = new Mock <IKeyVaultConfig>(); config.SetReturnsDefault(kTestVaultUri); config.SetReturnsDefault(true); var mock = AutoMock.GetLoose(builder => { builder.RegisterType <NewtonSoftJsonConverters>().As <IJsonSerializerConverterProvider>(); builder.RegisterType <NewtonSoftJsonSerializer>().As <IJsonSerializer>(); builder.RegisterInstance <IQueryEngine>(new QueryEngineAdapter(provider)); builder.RegisterType <MemoryDatabase>().SingleInstance().As <IDatabaseServer>(); builder.RegisterType <ItemContainerFactory>().As <IItemContainerFactory>(); builder.RegisterType <KeyVaultKeyHandleSerializer>().As <IKeyHandleSerializer>(); builder.RegisterType <CertificateDatabase>().As <ICertificateRepository>(); builder.RegisterType <CertificateFactory>().As <ICertificateFactory>(); builder.RegisterMock(config); builder.RegisterMock(keyVault); builder.RegisterType <KeyVaultServiceClient>().UsingConstructor( typeof(ICertificateRepository), typeof(ICertificateFactory), typeof(IKeyVaultConfig), typeof(IJsonSerializer), typeof(IKeyVaultClient)) .As <ICertificateIssuer>(); }); issuer = mock.Create <ICertificateIssuer>(); return(mock); }
/// <summary> /// Create services /// </summary> /// <param name="serializer"></param> /// <param name="workflow"></param> /// <param name="issuer"></param> public KeyPairRequestHandler(IKeyHandleSerializer serializer, IRequestWorkflow workflow, ICertificateIssuer issuer) { _serializer = serializer ?? throw new ArgumentNullException(nameof(serializer)); _issuer = issuer ?? throw new ArgumentNullException(nameof(issuer)); _workflow = workflow ?? throw new ArgumentNullException(nameof(workflow)); }
public async Task RevokeRSAIssuersTest() { using (var mock = AutoMock.GetLoose()) { // Setup Setup(mock, HandleQuery); ICertificateIssuer service = mock.Create <CertificateIssuer>(); var rootca = await service.NewRootCertificateAsync("rootca", X500DistinguishedNameEx.Create("CN=rootca"), DateTime.UtcNow, TimeSpan.FromDays(5), new CreateKeyParams { KeySize = 2048, Type = KeyType.RSA }, new IssuerPolicies { IssuedLifetime = TimeSpan.FromHours(3) }); var intca = await service.NewIssuerCertificateAsync("rootca", "intca", X500DistinguishedNameEx.Create("CN=intca"), DateTime.UtcNow, new CreateKeyParams { KeySize = 2048, Type = KeyType.RSA }, new IssuerPolicies { IssuedLifetime = TimeSpan.FromHours(2) }); var footca1 = await service.NewIssuerCertificateAsync("intca", "footca1", X500DistinguishedNameEx.Create("CN=footca"), DateTime.UtcNow, new CreateKeyParams { KeySize = 2048, Type = KeyType.RSA }, new IssuerPolicies { IssuedLifetime = TimeSpan.FromHours(1) }); var footca2 = await service.NewIssuerCertificateAsync("intca", "footca2", X500DistinguishedNameEx.Create("CN=footca"), DateTime.UtcNow, new CreateKeyParams { KeySize = 2048, Type = KeyType.RSA }, new IssuerPolicies { IssuedLifetime = TimeSpan.FromHours(1) }); // Run ICertificateRevoker revoker = mock.Create <CertificateRevoker>(); await revoker.RevokeCertificateAsync(footca1.SerialNumber); await revoker.RevokeCertificateAsync(footca2.SerialNumber); ICertificateStore store = mock.Create <CertificateDatabase>(); var foundi = await store.FindLatestCertificateAsync("intca"); var found1 = await store.FindLatestCertificateAsync("footca1"); var found2 = await store.FindLatestCertificateAsync("footca2"); ICrlEndpoint crls = mock.Create <CrlDatabase>(); // Get crl chain for intca and rootca var chainr = await crls.GetCrlChainAsync(intca.SerialNumber); // Assert Assert.NotNull(foundi); Assert.NotNull(found1); Assert.NotNull(found2); Assert.Null(foundi.Revoked); Assert.NotNull(found1.Revoked); Assert.NotNull(found2.Revoked); Assert.NotNull(chainr); Assert.NotEmpty(chainr); Assert.Equal(2, chainr.Count()); Assert.True(chainr.ToArray()[1].HasValidSignature(intca)); Assert.True(chainr.ToArray()[0].HasValidSignature(rootca)); Assert.True(chainr.Last().IsRevoked(footca1)); Assert.True(chainr.Last().IsRevoked(footca2)); Assert.False(chainr.First().IsRevoked(intca)); } }
/// <summary> /// Create services /// </summary> /// <param name="groups"></param> /// <param name="issuer"></param> /// <param name="logger"></param> public TrustGroupServices(IGroupRepository groups, ICertificateIssuer issuer, ILogger logger) { _groups = groups ?? throw new ArgumentNullException(nameof(groups)); _issuer = issuer ?? throw new ArgumentNullException(nameof(issuer)); _logger = logger ?? throw new ArgumentNullException(nameof(logger)); }
public async Task RevokeECCIssuerAndECCIssuersTestAsync() { using (var mock = Setup(HandleQuery)) { ICertificateIssuer service = mock.Create <CertificateIssuer>(); var rootca = await service.NewRootCertificateAsync("rootca", X500DistinguishedNameEx.Create("CN=rootca"), DateTime.UtcNow, TimeSpan.FromDays(5), new CreateKeyParams { KeySize = 2048, Type = KeyType.ECC, Curve = CurveType.P384 }, new IssuerPolicies { IssuedLifetime = TimeSpan.FromHours(3) }); var intca = await service.NewIssuerCertificateAsync("rootca", "intca", X500DistinguishedNameEx.Create("CN=intca"), DateTime.UtcNow, new CreateKeyParams { KeySize = 2048, Type = KeyType.ECC, Curve = CurveType.P384 }, new IssuerPolicies { IssuedLifetime = TimeSpan.FromHours(2) }); var footca1 = await service.NewIssuerCertificateAsync("intca", "footca1", X500DistinguishedNameEx.Create("CN=footca"), DateTime.UtcNow, new CreateKeyParams { KeySize = 2048, Type = KeyType.ECC, Curve = CurveType.P384 }, new IssuerPolicies { IssuedLifetime = TimeSpan.FromHours(1) }); var footca2 = await service.NewIssuerCertificateAsync("intca", "footca2", X500DistinguishedNameEx.Create("CN=footca"), DateTime.UtcNow, new CreateKeyParams { KeySize = 2048, Type = KeyType.ECC, Curve = CurveType.P384 }, new IssuerPolicies { IssuedLifetime = TimeSpan.FromHours(1) }); // Run ICertificateRevoker revoker = mock.Create <CertificateRevoker>(); await revoker.RevokeCertificateAsync(intca.SerialNumber); ICertificateStore store = mock.Create <CertificateDatabase>(); var foundi = await store.FindLatestCertificateAsync("intca"); var found1 = await store.FindLatestCertificateAsync("footca1"); var found2 = await store.FindLatestCertificateAsync("footca2"); ICrlEndpoint crls = mock.Create <CrlDatabase>(); // Get crl for root var chainr = await crls.GetCrlChainAsync(rootca.SerialNumber); // Assert Assert.NotNull(foundi); Assert.NotNull(found1); Assert.NotNull(found2); Assert.NotNull(foundi.Revoked); Assert.NotNull(found1.Revoked); Assert.NotNull(found2.Revoked); Assert.NotNull(chainr); Assert.Single(chainr); Assert.True(chainr.Single().HasValidSignature(rootca)); Assert.True(chainr.Single().IsRevoked(intca)); } }
/// <summary> /// Create signing request handler /// </summary> /// <param name="workflow"></param> /// <param name="issuer"></param> public SigningRequestHandler(IRequestWorkflow workflow, ICertificateIssuer issuer) { _workflow = workflow ?? throw new ArgumentNullException(nameof(workflow)); _issuer = issuer ?? throw new ArgumentNullException(nameof(issuer)); }
public IssuanceWorker(IOrderStore orderStore, ICertificateIssuer issuer) { _orderStore = orderStore; _issuer = issuer; }