public async Task RevokeRSAIssuersTest() { using (var mock = AutoMock.GetLoose()) { // Setup Setup(mock, HandleQuery); ICertificateIssuer service = mock.Create <CertificateIssuer>(); var rootca = await service.NewRootCertificateAsync("rootca", X500DistinguishedNameEx.Create("CN=rootca"), DateTime.UtcNow, TimeSpan.FromDays(5), new CreateKeyParams { KeySize = 2048, Type = KeyType.RSA }, new IssuerPolicies { IssuedLifetime = TimeSpan.FromHours(3) }); var intca = await service.NewIssuerCertificateAsync("rootca", "intca", X500DistinguishedNameEx.Create("CN=intca"), DateTime.UtcNow, new CreateKeyParams { KeySize = 2048, Type = KeyType.RSA }, new IssuerPolicies { IssuedLifetime = TimeSpan.FromHours(2) }); var footca1 = await service.NewIssuerCertificateAsync("intca", "footca1", X500DistinguishedNameEx.Create("CN=footca"), DateTime.UtcNow, new CreateKeyParams { KeySize = 2048, Type = KeyType.RSA }, new IssuerPolicies { IssuedLifetime = TimeSpan.FromHours(1) }); var footca2 = await service.NewIssuerCertificateAsync("intca", "footca2", X500DistinguishedNameEx.Create("CN=footca"), DateTime.UtcNow, new CreateKeyParams { KeySize = 2048, Type = KeyType.RSA }, new IssuerPolicies { IssuedLifetime = TimeSpan.FromHours(1) }); // Run ICertificateRevoker revoker = mock.Create <CertificateRevoker>(); await revoker.RevokeCertificateAsync(footca1.SerialNumber); await revoker.RevokeCertificateAsync(footca2.SerialNumber); ICertificateStore store = mock.Create <CertificateDatabase>(); var foundi = await store.FindLatestCertificateAsync("intca"); var found1 = await store.FindLatestCertificateAsync("footca1"); var found2 = await store.FindLatestCertificateAsync("footca2"); ICrlEndpoint crls = mock.Create <CrlDatabase>(); // Get crl chain for intca and rootca var chainr = await crls.GetCrlChainAsync(intca.SerialNumber); // Assert Assert.NotNull(foundi); Assert.NotNull(found1); Assert.NotNull(found2); Assert.Null(foundi.Revoked); Assert.NotNull(found1.Revoked); Assert.NotNull(found2.Revoked); Assert.NotNull(chainr); Assert.NotEmpty(chainr); Assert.Equal(2, chainr.Count()); Assert.True(chainr.ToArray()[1].HasValidSignature(intca)); Assert.True(chainr.ToArray()[0].HasValidSignature(rootca)); Assert.True(chainr.Last().IsRevoked(footca1)); Assert.True(chainr.Last().IsRevoked(footca2)); Assert.False(chainr.First().IsRevoked(intca)); } }
public async Task RevokeECCIssuerAndECCIssuersTestAsync() { using (var mock = Setup(HandleQuery)) { ICertificateIssuer service = mock.Create <CertificateIssuer>(); var rootca = await service.NewRootCertificateAsync("rootca", X500DistinguishedNameEx.Create("CN=rootca"), DateTime.UtcNow, TimeSpan.FromDays(5), new CreateKeyParams { KeySize = 2048, Type = KeyType.ECC, Curve = CurveType.P384 }, new IssuerPolicies { IssuedLifetime = TimeSpan.FromHours(3) }); var intca = await service.NewIssuerCertificateAsync("rootca", "intca", X500DistinguishedNameEx.Create("CN=intca"), DateTime.UtcNow, new CreateKeyParams { KeySize = 2048, Type = KeyType.ECC, Curve = CurveType.P384 }, new IssuerPolicies { IssuedLifetime = TimeSpan.FromHours(2) }); var footca1 = await service.NewIssuerCertificateAsync("intca", "footca1", X500DistinguishedNameEx.Create("CN=footca"), DateTime.UtcNow, new CreateKeyParams { KeySize = 2048, Type = KeyType.ECC, Curve = CurveType.P384 }, new IssuerPolicies { IssuedLifetime = TimeSpan.FromHours(1) }); var footca2 = await service.NewIssuerCertificateAsync("intca", "footca2", X500DistinguishedNameEx.Create("CN=footca"), DateTime.UtcNow, new CreateKeyParams { KeySize = 2048, Type = KeyType.ECC, Curve = CurveType.P384 }, new IssuerPolicies { IssuedLifetime = TimeSpan.FromHours(1) }); // Run ICertificateRevoker revoker = mock.Create <CertificateRevoker>(); await revoker.RevokeCertificateAsync(intca.SerialNumber); ICertificateStore store = mock.Create <CertificateDatabase>(); var foundi = await store.FindLatestCertificateAsync("intca"); var found1 = await store.FindLatestCertificateAsync("footca1"); var found2 = await store.FindLatestCertificateAsync("footca2"); ICrlEndpoint crls = mock.Create <CrlDatabase>(); // Get crl for root var chainr = await crls.GetCrlChainAsync(rootca.SerialNumber); // Assert Assert.NotNull(foundi); Assert.NotNull(found1); Assert.NotNull(found2); Assert.NotNull(foundi.Revoked); Assert.NotNull(found1.Revoked); Assert.NotNull(found2.Revoked); Assert.NotNull(chainr); Assert.Single(chainr); Assert.True(chainr.Single().HasValidSignature(rootca)); Assert.True(chainr.Single().IsRevoked(intca)); } }