public TrustListApiModel(KeyVaultTrustListModel keyVaultTrustList) { GroupId = keyVaultTrustList.Group; IssuerCertificates = new X509Certificate2CollectionApiModel(keyVaultTrustList.IssuerCertificates); IssuerCrls = new X509CrlCollectionApiModel(keyVaultTrustList.IssuerCrls); TrustedCertificates = new X509Certificate2CollectionApiModel(keyVaultTrustList.TrustedCertificates); TrustedCrls = new X509CrlCollectionApiModel(keyVaultTrustList.TrustedCrls); NextPageLink = keyVaultTrustList.NextPageLink; }
internal static void AddRange(this KeyVaultTrustListModel list, KeyVaultTrustListModel items) { if (list == null) { throw new ArgumentNullException(nameof(list)); } if (items == null) { throw new ArgumentNullException(nameof(items)); } list.TrustedCertificates.AddRange(items.TrustedCertificates); list.TrustedCrls.AddRange(items.TrustedCrls); list.IssuerCertificates.AddRange(items.IssuerCertificates); list.IssuerCrls.AddRange(items.IssuerCrls); }
internal static async Task <CertificateValidator> CreateValidatorAsync(KeyVaultTrustListModel trustList) { var storePath = "%LocalApplicationData%/OPCVaultTest/pki/"; DeleteDirectory(storePath); // verify cert with issuer chain var certValidator = new CertificateValidator(); var issuerTrustList = await CreateTrustListAsync( storePath + "issuer", trustList.IssuerCertificates, trustList.IssuerCrls ); var trustedTrustList = await CreateTrustListAsync( storePath + "trusted", trustList.TrustedCertificates, trustList.TrustedCrls ); certValidator.Update(issuerTrustList, trustedTrustList, null); return(certValidator); }
public async Task CreateCAAndAppCertificatesThenRevokeAll() { Skip.If(!_fixture.KeyVaultInitOk); X509Certificate2Collection certCollection = new X509Certificate2Collection(); for (int i = 0; i < 3; i++) { await KeyVaultCreateCACertificateAsync(); for (int v = 0; v < 10; v++) { certCollection.AddRange(await KeyVaultSigningRequestAsync()); certCollection.AddRange(await KeyVaultNewKeyPairRequestAsync()); } } string[] groups = await _keyVault.GetCertificateGroupIds(); // validate all certificates foreach (string group in groups) { var trustList = await _keyVault.GetTrustListAsync(group); string nextPageLink = trustList.NextPageLink; while (nextPageLink != null) { var nextTrustList = await _keyVault.GetTrustListAsync(group, nextPageLink); trustList.AddRange(nextTrustList); nextPageLink = nextTrustList.NextPageLink; } var validator = await X509TestUtils.CreateValidatorAsync(trustList); foreach (var cert in certCollection) { validator.Validate(cert); } } // now revoke all certifcates var revokeCertificates = new X509Certificate2Collection(certCollection); foreach (string group in groups) { var unrevokedCertificates = await _keyVault.RevokeCertificatesAsync(group, revokeCertificates); Assert.True(unrevokedCertificates.Count <= revokeCertificates.Count); revokeCertificates = unrevokedCertificates; } Assert.Empty(revokeCertificates); // reload updated trust list from KeyVault var trustListAllGroups = new KeyVaultTrustListModel("all"); foreach (string group in groups) { var trustList = await _keyVault.GetTrustListAsync(group); string nextPageLink = trustList.NextPageLink; while (nextPageLink != null) { var nextTrustList = await _keyVault.GetTrustListAsync(group, nextPageLink); trustList.AddRange(nextTrustList); nextPageLink = nextTrustList.NextPageLink; } trustListAllGroups.AddRange(trustList); } // verify certificates are revoked { var validator = await X509TestUtils.CreateValidatorAsync(trustListAllGroups); foreach (var cert in certCollection) { Assert.Throws <Opc.Ua.ServiceResultException>(() => { validator.Validate(cert); }); } } }