internal EcdsaCertificate(EVP_PKEY privateKey, X509 certificate, byte[] derCertData, string altNameString, byte[][] chain)
{
_certData = derCertData;
_key = privateKey;
_certificate = certificate;
_altNameString = altNameString;
_chain = chain ?? new byte[0][];
_ecKey = EVP_PKEY_get0_EC_KEY(_key);
var group = EC_KEY_get0_group(_ecKey);
var curveName = EC_GROUP_get_curve_name(group);
_curveName = OBJ_nid2ln(curveName);
switch (_curveName)
{
case "secp256r1":
_scheme = SignatureScheme.ecdsa_secp256r1_sha256;
_hashType = HashType.SHA256;
break;
case "secp384r1":
_scheme = SignatureScheme.ecdsa_secp384r1_sha384;
_hashType = HashType.SHA384;
break;
case "secp521r1":
_scheme = SignatureScheme.ecdsa_secp521r1_sha512;
_hashType = HashType.SHA512;
break;
default:
ExceptionHelper.ThrowException(new ArgumentException());
break;
}
}
internal override void FromInternal(X509 certificateInformation)
{
base.FromInternal(certificateInformation);
this.ClusterCertificateCommonNames = certificateInformation.ClusterCertificateCommonNames;
this.ServerCertificateCommonNames = certificateInformation.ServerCertificateCommonNames;
this.ReverseProxyCertificateCommonNames = certificateInformation.ReverseProxyCertificateCommonNames;
}
internal override void FromInternal(X509 certificateInformation)
{
base.FromInternal(certificateInformation);
this.ClusterCertificateIssuerStores = certificateInformation.ClusterCertificateIssuerStores;
this.ServerCertificateIssuerStores = certificateInformation.ServerCertificateIssuerStores;
this.ClientCertificateIssuerStores = certificateInformation.ClientCertificateIssuerStores;
}
internal void GetCerts_TypeChange(out X509 currentCert, out X509 targetCert, int srcThumbprintCount, int srcCnCount, int targetThumbprintCount, int targetCnCount)
{
currentCert = null;
targetCert = null;
if (srcThumbprintCount > 0)
{
currentCert = ConstructCertByThumbprint(CertThumbprint1, srcThumbprintCount > 1 ? CertThumbprint2 : null);
}
if (srcCnCount > 0)
{
currentCert = ConstructCertByCn(CertCn1, IssuerThumbprint1, srcCnCount > 1 ? CertCn2 : null, srcCnCount > 1 ? IssuerThumbprint2 : null);
}
if (targetThumbprintCount > 0)
{
targetCert = ConstructCertByThumbprint(CertThumbprint1, targetThumbprintCount > 1 ? CertThumbprint2 : null);
}
if (targetCnCount > 0)
{
targetCert = ConstructCertByCn(CertCn1, IssuerThumbprint1, targetCnCount > 1 ? CertCn2 : null, targetCnCount > 1 ? IssuerThumbprint2 : null);
}
}
internal static unsafe string GetNameString(X509 certificate)
{
var name = X509_get_subject_name(certificate);
var altIndex = X509_NAME_get_index_by_NID(name, NID_subject_alt_name, -1);
if (altIndex < 0)
{
altIndex = X509_NAME_get_index_by_NID(name, NID_commonname, -1);
if (altIndex < 0)
{
return(null);
}
}
var entry = X509_NAME_get_entry(name, altIndex);
var entryData = X509_NAME_ENTRY_get_data(entry);
IntPtr buffer;
var dataLength = ASN1_STRING_to_UTF8(out buffer, entryData);
try
{
return(Encoding.UTF8.GetString((byte *)buffer, dataLength));
}
finally
{
CRYPTO_clear_free(buffer, (UIntPtr)dataLength, "Interop.X509_NAME.cs", 42);
}
}
internal static X509 ConstructCertByCn(string cn1, string issuers1, string cn2 = null, string issuers2 = null)
{
X509 result = new X509()
{
ClusterCertificateCommonNames = new ServerCertificateCommonNames()
{
CommonNames = new List <CertificateCommonNameBase>()
{
new CertificateCommonNameBase()
{
CertificateCommonName = cn1,
CertificateIssuerThumbprint = issuers1
}
}
}
};
if (cn2 != null)
{
result.ClusterCertificateCommonNames.CommonNames.Add(new CertificateCommonNameBase()
{
CertificateCommonName = cn2, CertificateIssuerThumbprint = issuers2
});
}
return(result);
}
internal void GetCerts_AddThumbprint(out X509 currentCert, out X509 targetCert, bool addPrimary)
{
currentCert = ConstructCertByThumbprint(CertThumbprint1);
targetCert = ConstructCertByThumbprint(
addPrimary ? CertThumbprint2 : CertThumbprint1,
addPrimary ? CertThumbprint1 : CertThumbprint2);
}
internal void GetCerts_RemoveCn(out X509 currentCert, out X509 targetCert, bool removeCn1)
{
currentCert = ConstructCertByCn(CertCn1, IssuerThumbprint1, CertCn2, IssuerThumbprint2);
targetCert = ConstructCertByCn(
removeCn1 ? CertCn2 : CertCn1,
removeCn1 ? IssuerThumbprint2 : IssuerThumbprint1);
}
internal override X509 ToInternal()
{
X509 result = base.ToInternal();
result.ClusterCertificateIssuerStores = this.ClusterCertificateIssuerStores;
result.ServerCertificateIssuerStores = this.ServerCertificateIssuerStores;
result.ClientCertificateIssuerStores = this.ClientCertificateIssuerStores;
return(result);
}
private AuthorityKeyIdentifier GetAKI()
{
if (X509 == null)
{
throw new HFCACertificateException("Certificate is null");
}
Asn1OctetString akiOc = X509.GetExtensionValue(X509Extensions.AuthorityKeyIdentifier);
return(AuthorityKeyIdentifier.GetInstance(Asn1Sequence.GetInstance(akiOc.GetOctets())));
}
internal override X509 ToInternal()
{
X509 result = base.ToInternal();
result.ClusterCertificateCommonNames = this.ClusterCertificateCommonNames;
result.ServerCertificateCommonNames = this.ServerCertificateCommonNames;
result.ReverseProxyCertificateCommonNames = this.ReverseProxyCertificateCommonNames;
return(result);
}
internal void GetCerts_AddCn(out X509 currentCert, out X509 targetCert, bool addCn1)
{
currentCert = ConstructCertByCn(CertCn1, IssuerThumbprint1);
targetCert = ConstructCertByCn(
addCn1 ? CertCn2 : CertCn1,
addCn1 ? IssuerThumbprint2 : IssuerThumbprint1,
addCn1 ? CertCn1 : CertCn2,
addCn1 ? IssuerThumbprint1 : IssuerThumbprint2);
}
public static void V_Test_X509_CertIsValidNow()
{
Console.WriteLine("Testing X509_CertIsValidNow ...");
bool isValid = false;
string strCertName = null;
strCertName = "myuser.cer";
isValid = X509.CertIsValidNow(strCertName);
Console.WriteLine("X509_CertIsValidNow returns " + isValid + " for " + strCertName);
}
/// <summary>
/// Example of a certificate verify function
/// </summary>
/// <param name="preverify"></param>
/// <param name="store">pointer to a WOLFSSL_X509_STORE_CTX</param>
/// <returns>size of key set</returns>
public static int my_verify_cb(int preverify, IntPtr store)
{
if (store == IntPtr.Zero)
{
Console.WriteLine("store is null");
}
Console.WriteLine("Status of certificate verify = " + preverify);
Console.WriteLine("Error value for cert store is " + wolfssl.X509_STORE_CTX_get_error(store));
/* look at the current cert in store */
try
{
X509 x509 = wolfssl.X509_STORE_CTX_get_current_cert(store);
Console.WriteLine("Issuer : " + x509.Issuer);
Console.WriteLine("Subject : " + x509.Subject);
Console.WriteLine("PEM of certificate:");
Console.WriteLine(System.Text.Encoding.UTF8.GetString(x509.Export()));
Console.WriteLine("DER of certificate:");
Console.WriteLine(BitConverter.ToString(x509.Export(wolfssl.SSL_FILETYPE_ASN1)));
Console.WriteLine("Public key:");
Console.WriteLine(BitConverter.ToString(x509.GetPublicKey()));
}
catch (Exception e)
{
Console.WriteLine("Unable to get X509's" + e);
}
/* list all certs in store */
try
{
int i;
X509[] x509 = wolfssl.X509_STORE_CTX_get_certs(store);
for (i = 0; i < x509.Length; i++)
{
Console.WriteLine("CERT[" + i + "]");
Console.WriteLine("Issuer : " + x509[i].Issuer);
Console.WriteLine("Subject : " + x509[i].Subject);
Console.WriteLine("");
}
}
catch (Exception e)
{
Console.WriteLine("Unable to get X509's" + e);
}
/* by returning 1 here we override any failure and report success */
return(preverify);
}
internal virtual void FromInternal(X509 certificateInformation)
{
if (certificateInformation != null)
{
this.ClusterCertificate = certificateInformation.ClusterCertificate;
this.ServerCertificate = certificateInformation.ServerCertificate;
this.ReverseProxyCertificate = certificateInformation.ReverseProxyCertificate;
this.ClientCertificateThumbprints = certificateInformation.ClientCertificateThumbprints;
this.ClientCertificateCommonNames = certificateInformation.ClientCertificateCommonNames;
}
}
private static void GenerateX509Certificate(string password, string filename)
{
Log.Information("Generating X509 certificate...");
filename = Path.Combine(AppContext.BaseDirectory, filename);
var cert = X509.Generate(subject: AppName, password, X509KeyStorageFlags.Exportable);
IOFile.WriteAllBytes(filename, cert.Export(X509ContentType.Pkcs12, password));
Log.Information($"Password: {password}");
Log.Information($"Certificate exported to {filename}");
}
protected override ValidationResult IsValid(object value, ValidationContext validationContext)
{
if (value != null)
{
var cert = (CertificateOptions)value;
if (!string.IsNullOrEmpty(cert.Pfx) && !X509.TryValidate(cert.Pfx, cert.Password, out var certResult))
{
return(new ValidationResult($"Invalid HTTPs certificate: {certResult}"));
}
}
return(ValidationResult.Success);
}
public static void V_Test_X509_CertRequest()
{
Console.WriteLine("Testing X509_CertRequest ...");
int nRet = 0;
nRet = X509.CertRequest("myreq.p10.txt", "mykey.epk", "CN=myuser,O=Test Org,C=AU,L=Sydney,S=NSW", "password", 0);
if (nRet != 0)
{
Console.WriteLine(nRet + " " + General.LastError());
}
else
{
Console.WriteLine("Success");
}
}
public static void V_Test_X509_CertExpiresOn()
{
Console.WriteLine("Testing X509_CertExpiresOn ...");
string strCertName = null;
string strDateTime = null;
string strDateTime2 = null;
string strIssuerName = null;
string strCertOwner = null;
strCertName = "myuser.cer";
strCertOwner = X509.CertSubjectName(strCertName, ";");
strDateTime = X509.CertIssuedOn(strCertName);
strDateTime2 = X509.CertExpiresOn(strCertName);
strIssuerName = X509.CertIssuerName(strCertName, ";");
Console.WriteLine($"{strCertName} issued for {strCertOwner} on {strDateTime}, expired on {strDateTime2} by {strIssuerName}");
}
private static ICertificate GetCertificate(EVP_PKEY key, X509 x509, byte[] derCertificateData, string altName, byte[][] certChain)
{
var name = OBJ_nid2ln(EVP_PKEY_base_id(key));
switch (name)
{
case "id-ecPublicKey":
return(new EcdsaCertificate(key, x509, derCertificateData, altName, certChain));
case "rsaEncryption":
return(new RsaCertificate(key, x509, derCertificateData, altName));
default:
throw new NotImplementedException();
}
}
public unsafe ICertificate LoadPfx12(string filename, string password)
{
var bytes = System.IO.File.ReadAllBytes(filename);
IntPtr pk12Pointer = IntPtr.Zero;
IntPtr stackPtr;
fixed(byte *ptr = bytes)
{
byte *ptr2 = ptr;
pk12Pointer = d2i_PKCS12(ref pk12Pointer, ref ptr2, bytes.Length);
}
try
{
EVP_PKEY key;
X509 x509;
ThrowOnError(PKCS12_parse(pk12Pointer, password, out key, out x509, out stackPtr));
var altString = GetNameString(x509);
var numberinstack = OPENSSL_sk_num(stackPtr);
if (numberinstack == -1)
{
numberinstack = 0;
}
else
{
numberinstack -= 1;
OPENSSL_sk_pop(stackPtr);
}
var certlist = new byte[numberinstack][];
for (int i = 0; i < numberinstack; i++)
{
var currentCert = OPENSSL_sk_pop(stackPtr);
certlist[i] = GetCertDER(currentCert);
var c = new X509();
c.Ptr = currentCert;
var tring = GetNameString(c);
}
OPENSSL_sk_free(stackPtr);
return(GetCertificate(key, x509, GetCertDER(x509.Ptr), altString, certlist.Reverse().ToArray()));
}
finally
{
PKCS12_free(pk12Pointer);
}
}
public static IServiceCollection AddDatabase(this IServiceCollection services, IConfiguration configuration)
{
// Registers databases
services.AddScoped <Database>();
services.AddScoped <Database1>();
services.AddScoped <Database2>();
services.AddScoped <Database3>();
services.AddScoped <Database4>();
services.AddScoped <Database5>();
// Configures database options
services.Configure <DatabaseOptions>(configuration);
// Decrypts database connection string
var rsa = X509.GetRSAPrivateKey(configuration.GetValue <string>(X509.CertFileName), configuration.GetValue <string>(X509.CertFileKey));
services.Configure <DatabaseOptions>(options => {
if (!string.IsNullOrEmpty(options.DefaultConnection))
{
options.DefaultConnection = rsa.Decrypt(options.DefaultConnection);
}
if (!string.IsNullOrEmpty(options.Connection1))
{
options.Connection1 = rsa.Decrypt(options.Connection1);
}
if (!string.IsNullOrEmpty(options.Connection2))
{
options.Connection2 = rsa.Decrypt(options.Connection2);
}
if (!string.IsNullOrEmpty(options.Connection3))
{
options.Connection3 = rsa.Decrypt(options.Connection3);
}
if (!string.IsNullOrEmpty(options.Connection4))
{
options.Connection4 = rsa.Decrypt(options.Connection4);
}
if (!string.IsNullOrEmpty(options.Connection5))
{
options.Connection5 = rsa.Decrypt(options.Connection5);
}
});
return(services);
}
public static void V_Test_X509_MakeCertSelf()
{
Console.WriteLine("Testing X509_MakeCertSelf ...");
int nRet = 0;
X509.KeyUsageOptions kuoKeyUsage = default(X509.KeyUsageOptions);
kuoKeyUsage = X509.KeyUsageOptions.DigitalSignature | X509.KeyUsageOptions.KeyCertSign | X509.KeyUsageOptions.CrlSign;
nRet = X509.MakeCertSelf("myca.cer", "myca.epk", 99, 10, "CN=My CA,O=Test Org,OU=Certificate Services", "", kuoKeyUsage, "password", 0);
if (nRet != 0)
{
Console.WriteLine(nRet + " " + General.LastError());
}
else
{
Console.WriteLine("Success");
}
}
private void Create_Click(object sender, RoutedEventArgs e)
{
try
{
model.Validate();
Mouse.OverrideCursor = Cursors.Wait;
var crt = X509.CreateCertificate(model);
using (var certProvider = new CertProvider()
{
AppendOnly = true
})
{
certProvider.IsRoot = !model.SignByCertificateAuthority;
if (model.SignByCertificateAuthority)
{
certProvider.IssuerThumbprint = model.CertificateAuthority;
}
certProvider.Append(crt);
}
model.Value = crt;
Result = model;
Close();
}
catch (Exception ex)
{
if (ex is ValueException vex)
{
MessageBox.Show(vex.Message, "Invalid Value", MessageBoxButton.OK, MessageBoxImage.Warning);
this.Focus(vex.PropertyName);
}
else
{
MessageBox.Show(ex.Message, "Error", MessageBoxButton.OK, MessageBoxImage.Error);
}
}
finally
{
Mouse.OverrideCursor = null;
}
}
public static void V_Test_X509_VerifyCert()
{
Console.WriteLine("Testing X509_VerifyCert ...");
// Returns 0 if OK, -1 if fails to validate, or +ve other error
int nRet = 0;
nRet = X509.VerifyCert("myuser.cer", "myca.cer");
if (nRet == 0)
{
Console.WriteLine("Verification is OK");
}
else if (nRet > 0)
{
Console.WriteLine("Error: " + nRet + General.LastError());
}
else
{
Console.WriteLine("Cert not issued by this Issuer");
}
}
internal void InternalValidateClusterCnUpdateTest(
string originalCns,
string updatedCns,
ClusterManagementErrorCode?expectedErrorCode = null)
{
Utility.ValidateExpectedValidationException(
delegate
{
X509 originalSecurity = new X509()
{
ClusterCertificateCommonNames = new ServerCertificateCommonNames()
{
CommonNames = new List <CertificateCommonNameBase>(originalCns.Split(',').ToList().Select(p => new CertificateCommonNameBase()
{
CertificateCommonName = p
}))
}
};
X509 updatedSecurity = new X509()
{
ClusterCertificateCommonNames = new ServerCertificateCommonNames()
{
CommonNames = new List <CertificateCommonNameBase>(updatedCns.Split(',').ToList().Select(p => new CertificateCommonNameBase()
{
CertificateCommonName = p
}))
}
};
List <string> originalThumbprintsOrCns = StandaloneSettingsValidator.GetClusterCertUniqueThumbprintsOrCommonNames(originalSecurity);
List <string> updatedThumbprintsOrCns = StandaloneSettingsValidator.GetClusterCertUniqueThumbprintsOrCommonNames(updatedSecurity);
StandaloneSettingsValidator.ValidateClusterCertificateThumbprintAndCnUpdate(
originalThumbprintsOrCns,
updatedThumbprintsOrCns,
false,
false);
},
expectedErrorCode);
}
public void ConfigureServices(IServiceCollection services)
{
services.Configure <CookiePolicyOptions>(options =>
{
options.MinimumSameSitePolicy = SameSiteMode.Unspecified;
options.OnAppendCookie = cookieContext =>
CheckSameSite(cookieContext.Context, cookieContext.CookieOptions);
options.OnDeleteCookie = cookieContext =>
CheckSameSite(cookieContext.Context, cookieContext.CookieOptions);
});
// uncomment, if you want to add an MVC-based UI
services.AddControllersWithViews();
var builder = services.AddIdentityServer()
.AddSigningCredential(X509.GetCertificate(Configuration["SigningCertThumprint"])) // signing.crt thumbprint
.AddValidationKey(X509.GetCertificate(Configuration["ValidationCertThumbprint"])) // validation.crt thumbprint
.AddInMemoryIdentityResources(Config.Ids)
.AddInMemoryApiResources(Config.Apis)
.AddInMemoryClients(Config.Clients)
.AddTestUsers(Config.GetUsers());
// not recommended for production - you need to store your key material somewhere secure
if (Environment.IsDevelopment())
{
builder.AddDeveloperSigningCredential();
}
services.AddAuthentication()
.AddGoogle("Google", options =>
{
options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;
options.SaveTokens = true;
options.ClientId = Config.GoogleClientId;
options.ClientSecret = Config.GoogleClientSecrect;
//options.CorrelationCookie.SameSite = SameSiteMode.Lax;
});
}
public static void V_Test_X509_MakeCert()
{
Console.WriteLine("Testing X509_MakeCert ...");
int nRet = 0;
string strNewCertFile = null;
string strIssuerCert = null;
string strSubjectPubKeyFile = null;
string strIssuerPriKeyFile = null;
string strPassword = null;
int nCertNum = 0;
int nYearsValid = 0;
string strDistName = null;
string strEmail = null;
strNewCertFile = "myuser.cer";
strIssuerCert = "myca.cer";
strSubjectPubKeyFile = "myuser.pub";
strIssuerPriKeyFile = "myca.epk";
strPassword = "******";
//!!
nCertNum = 0x101;
nYearsValid = 4;
strDistName = "CN=My User,O=Test Org,OU=Unit,C=AU,L=My Town,S=State,[email protected]";
strEmail = "*****@*****.**";
nRet = X509.MakeCert(strNewCertFile, strIssuerCert, strSubjectPubKeyFile, strIssuerPriKeyFile, nCertNum, nYearsValid, strDistName, strEmail, 0, strPassword,
0);
if (nRet != 0)
{
Console.WriteLine(nRet + " " + General.LastError());
}
else
{
Console.WriteLine("Success, created X.509 cert " + strNewCertFile);
}
}
internal void VerifyFlow_TypeChange(X509 currentCert, X509 targetCert, List <CertificateClusterUpgradeStep> steps)
{
Assert.AreEqual(3, steps.Count);
int srcThumbprintCount = currentCert.ClusterCertificate == null ? 0 : (currentCert.ClusterCertificate.ThumbprintSecondary != null ? 2 : 1);
int srcCnCount = currentCert.ClusterCertificateCommonNames == null ? 0 : (currentCert.ClusterCertificateCommonNames.CommonNames.Count > 1 ? 2: 1);
int targetThumbprintCount = targetCert.ClusterCertificate == null ? 0 : (targetCert.ClusterCertificate.ThumbprintSecondary != null ? 2 : 1);
int targetCnCount = targetCert.ClusterCertificateCommonNames == null ? 0 : (targetCert.ClusterCertificateCommonNames.CommonNames.Count > 1 ? 2 : 1);
int totalThumbprintCount = srcThumbprintCount + targetThumbprintCount;
int totalCnCount = srcCnCount + targetCnCount;
int totalCount = totalThumbprintCount + totalCnCount;
List <string> srcThumbprints = srcThumbprintCount == 0 ? new List <string>() : currentCert.ClusterCertificate.ToThumbprintList();
List <string> srcCns = srcCnCount == 0 ? new List <string>() : currentCert.ClusterCertificateCommonNames.CommonNames.Select(p => p.CertificateCommonName).ToList();
List <string> targetThumbprints = targetThumbprintCount == 0 ? new List <string>() : targetCert.ClusterCertificate.ToThumbprintList();
Dictionary <string, string> targetCns = targetCnCount == 0 ? new Dictionary <string, string>() : targetCert.ClusterCertificateCommonNames.CommonNames.ToDictionary(p => p.CertificateCommonName, p => p.CertificateIssuerThumbprint);
List <string> allThumbprints = srcThumbprints.Concat(targetThumbprints).ToList();
List <string> allCns = srcCns.Concat(targetCns.Keys).ToList();
CertificateClusterUpgradeStep step = steps[0];
Assert.AreEqual(totalCount, step.ThumbprintWhiteList.Count + step.CommonNameWhiteList.Count);
Assert.AreEqual(totalThumbprintCount, step.ThumbprintWhiteList.Count);
Assert.IsTrue(allThumbprints.All(p => step.ThumbprintWhiteList.Contains(p)));
Assert.AreEqual(totalCnCount, step.CommonNameWhiteList.Count);
Assert.IsTrue(allCns.All(p => step.CommonNameWhiteList.Keys.Contains(p)));
Assert.IsFalse(step.CommonNameWhiteList.Values.Any(p => p == null));
Assert.AreSame(currentCert.ClusterCertificate, step.ThumbprintLoadList);
Assert.AreSame(currentCert.ClusterCertificateCommonNames, step.CommonNameLoadList);
Assert.AreSame(currentCert.ClusterCertificate, step.ThumbprintFileStoreSvcList);
Assert.AreSame(currentCert.ClusterCertificateCommonNames, step.CommonNameFileStoreSvcList);
step = steps[1];
Assert.AreEqual(totalCount, step.ThumbprintWhiteList.Count + step.CommonNameWhiteList.Count);
Assert.AreEqual(totalThumbprintCount, step.ThumbprintWhiteList.Count);
Assert.IsTrue(allThumbprints.All(p => step.ThumbprintWhiteList.Contains(p)));
Assert.AreEqual(totalCnCount, step.CommonNameWhiteList.Count);
Assert.IsTrue(allCns.All(p => step.CommonNameWhiteList.Keys.Contains(p)));
Assert.IsFalse(step.CommonNameWhiteList.Values.Any(p => p == null));
Assert.AreSame(targetCert.ClusterCertificate, step.ThumbprintLoadList);
Assert.AreSame(targetCert.ClusterCertificateCommonNames, step.CommonNameLoadList);
Assert.AreEqual(totalThumbprintCount, step.ThumbprintFileStoreSvcList.ToThumbprintList().Count);
Assert.IsTrue(allThumbprints.All(p => step.ThumbprintFileStoreSvcList.ToThumbprintList().Contains(p)));
Assert.AreEqual(totalCnCount, step.CommonNameFileStoreSvcList.CommonNames.Count);
Assert.IsTrue(allCns.All(p => step.CommonNameFileStoreSvcList.CommonNames.Select(q => q.CertificateCommonName).Contains(p)));
step = steps[2];
List <string> finalThumbprintWhiteList = step.ThumbprintWhiteList == null ? new List <string>() : step.ThumbprintWhiteList;
Dictionary <string, string> finalCnWhiteList = step.CommonNameWhiteList == null ? new Dictionary <string, string>() : step.CommonNameWhiteList;
Assert.AreEqual(targetThumbprintCount + targetCnCount, finalThumbprintWhiteList.Count + finalCnWhiteList.Count);
Assert.AreEqual(targetThumbprintCount, finalThumbprintWhiteList.Count);
Assert.IsTrue(targetThumbprints.All(p => finalThumbprintWhiteList.Contains(p)));
Assert.AreEqual(targetCnCount, finalCnWhiteList.Count);
Assert.IsTrue(targetCns.Keys.All(p => finalCnWhiteList.Keys.Contains(p)));
Assert.IsTrue(targetCns.Values.All(p => finalCnWhiteList.Values.Contains(p)));
Assert.IsFalse(targetCns.Values.Any(p => p == null));
Assert.AreSame(targetCert.ClusterCertificate, step.ThumbprintLoadList);
Assert.AreSame(targetCert.ClusterCertificateCommonNames, step.CommonNameLoadList);
Assert.AreSame(targetCert.ClusterCertificate, step.ThumbprintFileStoreSvcList);
Assert.AreSame(targetCert.ClusterCertificateCommonNames, step.CommonNameFileStoreSvcList);
}
internal void GetCerts_Swap(out X509 currentCert, out X509 targetCert)
{
currentCert = ConstructCertByThumbprint(CertThumbprint1, CertThumbprint2);
targetCert = ConstructCertByThumbprint(CertThumbprint2, CertThumbprint1);
}
public static X509Certificate ToX509Certificate(X509.X509Certificate x509Cert)
{
return new X509Certificate(x509Cert.GetEncoded());
}
