public static TestCertificate Generate(Action <TestCertificateGenerator> modifyGenerator = null, ChainCertificateRequest chainCertificateRequest = null) { var certName = GenerateCertificateName(); var cert = SigningTestUtility.GenerateCertificateWithKeyInfo(certName, modifyGenerator, chainCertificateRequest: chainCertificateRequest); CertificateRevocationList crl = null; // create a crl only if the certificate is part of a chain and it is a CA and ConfigureCrl is true if (chainCertificateRequest != null && chainCertificateRequest.IsCA && chainCertificateRequest.ConfigureCrl) { crl = CertificateRevocationList.CreateCrl(cert, chainCertificateRequest.CrlLocalBaseUri); } var testCertificate = new TestCertificate { Cert = cert.Certificate, Crl = crl }; return(testCertificate); }
public static IX509CertificateChain GenerateCertificateChainWithoutTrust( int length, string crlServerUri, string crlLocalUri, bool configureLeafCrl = true, Action <TestCertificateGenerator> leafCertificateActionGenerator = null, bool revokeEndCertificate = false) { List <TestCertificate> testCertificates = new(); X509CertificateChain certificateChain = new(); Action <TestCertificateGenerator> actionGenerator = CertificateModificationGeneratorForCodeSigningEkuCert; Action <TestCertificateGenerator> leafGenerator = leafCertificateActionGenerator ?? actionGenerator; X509Certificate2 issuer = null; X509Certificate2 certificate = null; CertificateRevocationList crl = null; for (var i = 0; i < length; i++) { TestCertificate testCertificate; if (i == 0) // root CA cert { ChainCertificateRequest chainCertificateRequest = new() { ConfigureCrl = true, CrlLocalBaseUri = crlLocalUri, CrlServerBaseUri = crlServerUri, IsCA = true }; testCertificate = TestCertificate.Generate(actionGenerator, chainCertificateRequest); testCertificates.Add(testCertificate); issuer = certificate = testCertificate.PublicCertWithPrivateKey; } else if (i < length - 1) // intermediate CA cert { ChainCertificateRequest chainCertificateRequest = new ChainCertificateRequest() { ConfigureCrl = true, CrlLocalBaseUri = crlLocalUri, CrlServerBaseUri = crlServerUri, IsCA = true, Issuer = issuer }; testCertificate = TestCertificate.Generate(actionGenerator, chainCertificateRequest); testCertificates.Add(testCertificate); issuer = certificate = testCertificate.PublicCertWithPrivateKey; if (revokeEndCertificate) { crl = testCertificate.Crl; } } else // leaf cert { ChainCertificateRequest chainCertificateRequest = new() { CrlLocalBaseUri = crlLocalUri, CrlServerBaseUri = crlServerUri, IsCA = false, ConfigureCrl = configureLeafCrl, Issuer = issuer }; testCertificate = TestCertificate.Generate(leafGenerator, chainCertificateRequest); certificate = testCertificate.PublicCertWithPrivateKey; if (revokeEndCertificate) { testCertificates[testCertificates.Count - 1].Crl.RevokeCertificate(certificate); } testCertificates.Add(testCertificate); } certificateChain.Insert(index: 0, certificate); } foreach (TestCertificate testCertificate in testCertificates) { testCertificate.Cert.Dispose(); } return(certificateChain); }