/// <summary>
/// Create revoker
/// </summary>
/// <param name="store"></param>
/// <param name="issuer"></param>
/// <param name="crls"></param>
public CertificateRevoker(ICertificateStore store, ICertificateIssuer issuer,
ICrlRepository crls)
{
_store = store ?? throw new ArgumentNullException(nameof(store));
_crls = crls ?? throw new ArgumentNullException(nameof(crls));
_issuer = issuer ?? throw new ArgumentNullException(nameof(issuer));
}
/// <summary>
/// Setup mock
/// </summary>
/// <param name="mock"></param>
/// <param name="provider"></param>
private static AutoMock Setup(
Func <IEnumerable <IDocumentInfo <VariantValue> >,
string, IEnumerable <IDocumentInfo <VariantValue> > > provider,
out ICertificateIssuer issuer, out Mock <IKeyVaultClient> client)
{
var keyVault = client = new Mock <IKeyVaultClient>();
var config = new Mock <IKeyVaultConfig>();
config.SetReturnsDefault(kTestVaultUri);
config.SetReturnsDefault(true);
var mock = AutoMock.GetLoose(builder => {
builder.RegisterType <NewtonSoftJsonConverters>().As <IJsonSerializerConverterProvider>();
builder.RegisterType <NewtonSoftJsonSerializer>().As <IJsonSerializer>();
builder.RegisterInstance <IQueryEngine>(new QueryEngineAdapter(provider));
builder.RegisterType <MemoryDatabase>().SingleInstance().As <IDatabaseServer>();
builder.RegisterType <ItemContainerFactory>().As <IItemContainerFactory>();
builder.RegisterType <KeyVaultKeyHandleSerializer>().As <IKeyHandleSerializer>();
builder.RegisterType <CertificateDatabase>().As <ICertificateRepository>();
builder.RegisterType <CertificateFactory>().As <ICertificateFactory>();
builder.RegisterMock(config);
builder.RegisterMock(keyVault);
builder.RegisterType <KeyVaultServiceClient>().UsingConstructor(
typeof(ICertificateRepository), typeof(ICertificateFactory), typeof(IKeyVaultConfig),
typeof(IJsonSerializer), typeof(IKeyVaultClient))
.As <ICertificateIssuer>();
});
issuer = mock.Create <ICertificateIssuer>();
return(mock);
}
/// <summary>
/// Create services
/// </summary>
/// <param name="serializer"></param>
/// <param name="workflow"></param>
/// <param name="issuer"></param>
public KeyPairRequestHandler(IKeyHandleSerializer serializer,
IRequestWorkflow workflow, ICertificateIssuer issuer)
{
_serializer = serializer ?? throw new ArgumentNullException(nameof(serializer));
_issuer = issuer ?? throw new ArgumentNullException(nameof(issuer));
_workflow = workflow ?? throw new ArgumentNullException(nameof(workflow));
}
public async Task RevokeRSAIssuersTest()
{
using (var mock = AutoMock.GetLoose()) {
// Setup
Setup(mock, HandleQuery);
ICertificateIssuer service = mock.Create <CertificateIssuer>();
var rootca = await service.NewRootCertificateAsync("rootca",
X500DistinguishedNameEx.Create("CN=rootca"), DateTime.UtcNow, TimeSpan.FromDays(5),
new CreateKeyParams { KeySize = 2048, Type = KeyType.RSA },
new IssuerPolicies { IssuedLifetime = TimeSpan.FromHours(3) });
var intca = await service.NewIssuerCertificateAsync("rootca", "intca",
X500DistinguishedNameEx.Create("CN=intca"), DateTime.UtcNow,
new CreateKeyParams { KeySize = 2048, Type = KeyType.RSA },
new IssuerPolicies { IssuedLifetime = TimeSpan.FromHours(2) });
var footca1 = await service.NewIssuerCertificateAsync("intca", "footca1",
X500DistinguishedNameEx.Create("CN=footca"), DateTime.UtcNow,
new CreateKeyParams { KeySize = 2048, Type = KeyType.RSA },
new IssuerPolicies { IssuedLifetime = TimeSpan.FromHours(1) });
var footca2 = await service.NewIssuerCertificateAsync("intca", "footca2",
X500DistinguishedNameEx.Create("CN=footca"), DateTime.UtcNow,
new CreateKeyParams { KeySize = 2048, Type = KeyType.RSA },
new IssuerPolicies { IssuedLifetime = TimeSpan.FromHours(1) });
// Run
ICertificateRevoker revoker = mock.Create <CertificateRevoker>();
await revoker.RevokeCertificateAsync(footca1.SerialNumber);
await revoker.RevokeCertificateAsync(footca2.SerialNumber);
ICertificateStore store = mock.Create <CertificateDatabase>();
var foundi = await store.FindLatestCertificateAsync("intca");
var found1 = await store.FindLatestCertificateAsync("footca1");
var found2 = await store.FindLatestCertificateAsync("footca2");
ICrlEndpoint crls = mock.Create <CrlDatabase>();
// Get crl chain for intca and rootca
var chainr = await crls.GetCrlChainAsync(intca.SerialNumber);
// Assert
Assert.NotNull(foundi);
Assert.NotNull(found1);
Assert.NotNull(found2);
Assert.Null(foundi.Revoked);
Assert.NotNull(found1.Revoked);
Assert.NotNull(found2.Revoked);
Assert.NotNull(chainr);
Assert.NotEmpty(chainr);
Assert.Equal(2, chainr.Count());
Assert.True(chainr.ToArray()[1].HasValidSignature(intca));
Assert.True(chainr.ToArray()[0].HasValidSignature(rootca));
Assert.True(chainr.Last().IsRevoked(footca1));
Assert.True(chainr.Last().IsRevoked(footca2));
Assert.False(chainr.First().IsRevoked(intca));
}
}
/// <summary>
/// Create services
/// </summary>
/// <param name="groups"></param>
/// <param name="issuer"></param>
/// <param name="logger"></param>
public TrustGroupServices(IGroupRepository groups, ICertificateIssuer issuer,
ILogger logger)
{
_groups = groups ?? throw new ArgumentNullException(nameof(groups));
_issuer = issuer ?? throw new ArgumentNullException(nameof(issuer));
_logger = logger ?? throw new ArgumentNullException(nameof(logger));
}
public async Task RevokeECCIssuerAndECCIssuersTestAsync()
{
using (var mock = Setup(HandleQuery)) {
ICertificateIssuer service = mock.Create <CertificateIssuer>();
var rootca = await service.NewRootCertificateAsync("rootca",
X500DistinguishedNameEx.Create("CN=rootca"), DateTime.UtcNow, TimeSpan.FromDays(5),
new CreateKeyParams { KeySize = 2048, Type = KeyType.ECC, Curve = CurveType.P384 },
new IssuerPolicies { IssuedLifetime = TimeSpan.FromHours(3) });
var intca = await service.NewIssuerCertificateAsync("rootca", "intca",
X500DistinguishedNameEx.Create("CN=intca"), DateTime.UtcNow,
new CreateKeyParams { KeySize = 2048, Type = KeyType.ECC, Curve = CurveType.P384 },
new IssuerPolicies { IssuedLifetime = TimeSpan.FromHours(2) });
var footca1 = await service.NewIssuerCertificateAsync("intca", "footca1",
X500DistinguishedNameEx.Create("CN=footca"), DateTime.UtcNow,
new CreateKeyParams { KeySize = 2048, Type = KeyType.ECC, Curve = CurveType.P384 },
new IssuerPolicies { IssuedLifetime = TimeSpan.FromHours(1) });
var footca2 = await service.NewIssuerCertificateAsync("intca", "footca2",
X500DistinguishedNameEx.Create("CN=footca"), DateTime.UtcNow,
new CreateKeyParams { KeySize = 2048, Type = KeyType.ECC, Curve = CurveType.P384 },
new IssuerPolicies { IssuedLifetime = TimeSpan.FromHours(1) });
// Run
ICertificateRevoker revoker = mock.Create <CertificateRevoker>();
await revoker.RevokeCertificateAsync(intca.SerialNumber);
ICertificateStore store = mock.Create <CertificateDatabase>();
var foundi = await store.FindLatestCertificateAsync("intca");
var found1 = await store.FindLatestCertificateAsync("footca1");
var found2 = await store.FindLatestCertificateAsync("footca2");
ICrlEndpoint crls = mock.Create <CrlDatabase>();
// Get crl for root
var chainr = await crls.GetCrlChainAsync(rootca.SerialNumber);
// Assert
Assert.NotNull(foundi);
Assert.NotNull(found1);
Assert.NotNull(found2);
Assert.NotNull(foundi.Revoked);
Assert.NotNull(found1.Revoked);
Assert.NotNull(found2.Revoked);
Assert.NotNull(chainr);
Assert.Single(chainr);
Assert.True(chainr.Single().HasValidSignature(rootca));
Assert.True(chainr.Single().IsRevoked(intca));
}
}
/// <summary>
/// Create signing request handler
/// </summary>
/// <param name="workflow"></param>
/// <param name="issuer"></param>
public SigningRequestHandler(IRequestWorkflow workflow, ICertificateIssuer issuer)
{
_workflow = workflow ?? throw new ArgumentNullException(nameof(workflow));
_issuer = issuer ?? throw new ArgumentNullException(nameof(issuer));
}
public IssuanceWorker(IOrderStore orderStore, ICertificateIssuer issuer)
{
_orderStore = orderStore;
_issuer = issuer;
}
