public void CreateTestSigningCerts()
{
var ca1 = new CertBuilder {
SubjectName = "CN=Test CA1", KeyStrength = 4096
}.BuildX509();
var intermediate1 = new CertBuilder {
SubjectName = "CN=Intermediate 1", Issuer = ca1, KeyStrength = 4096
}.BuildX509();
var intermediate2 = new CertBuilder {
SubjectName = "CN=Intermediate 2", Issuer = intermediate1, KeyStrength = 4096
}.BuildX509();
var cert1 = new CertBuilder {
SubjectName = "CN=Test 1", Issuer = intermediate1, KeyStrength = 4096
}.BuildX509();
Assert.True(ca1.HasPrivateKey);
Assert.True(Utility.VerifyCert(ca1, true, X509RevocationMode.NoCheck, null), "CA1 is valid (AllowUnknownCertificateAuthority = true)");
Assert.False(Utility.VerifyCert(intermediate1, false, X509RevocationMode.NoCheck, null), "Intermediate 1 is not valid when CA not provided, and AllowUnknownCA is false");
Assert.True(Utility.VerifyCert(intermediate1, false, X509RevocationMode.NoCheck, ca1), "Intermediate 1 is valid with: CA1");
Assert.True(Utility.VerifyCert(intermediate2, false, X509RevocationMode.NoCheck, ca1, intermediate1), "Intermediate 2 is valid with: CA1.Intermediate1");
Assert.True(Utility.VerifyCert(cert1, false, X509RevocationMode.NoCheck, ca1, intermediate1), "Cert 1 is valid with: CA1.intermediate1");
Assert.False(Utility.VerifyCert(cert1, false, X509RevocationMode.NoCheck, ca1, intermediate2), "Cert 1 is NOT valid checked against intermediate 2");
File.WriteAllBytes("ca1.pfx", ca1.Export(X509ContentType.Pfx, ""));
File.WriteAllBytes("intermediate1.pfx", intermediate1.Export(X509ContentType.Pfx, ""));
File.WriteAllBytes("intermediate2.pfx", intermediate2.Export(X509ContentType.Pfx, ""));
File.WriteAllBytes("cert1.pfx", cert1.Export(X509ContentType.Pfx, ""));
}
public void CertRemovePrivateKey()
{
var ca1 = new CertBuilder {
SubjectName = "CN=Test CA1", KeyStrength = 1024
}.BuildCert();
var ca1Copy = ca1.RemovePrivateKey();
Assert.True(ca1.HasPrivateKey);
Assert.False(ca1Copy.HasPrivateKey);
}
public X509Certificate2?ToCertificate()
{
if (!IsEnabled)
{
return(null);
}
if (CertFile == null || KeyFile == null)
{
throw new ApplicationException("Invalid SSL configuration");
}
var certFile = Environment.ExpandEnvironmentVariables(CertFile);
var keyFile = Environment.ExpandEnvironmentVariables(KeyFile);
return(CertBuilder.FromFile(certFile, keyFile));
}
public void X509CertBuilding()
{
var ca1 = new CertBuilder {
SubjectName = "CN=Test CA1", KeyStrength = 1024
}.BuildX509();
Assert.True(ca1.HasPrivateKey);
Assert.True(Utility.VerifyCert(ca1, true, X509RevocationMode.NoCheck, null), "CA1 is valid (AllowUnknownCertificateAuthority = true)");
var intermediate1 = new CertBuilder {
SubjectName = "CN=Intermediate 1", Issuer = ca1, KeyStrength = 1024
}.BuildX509();
Assert.False(Utility.VerifyCert(intermediate1, false, X509RevocationMode.NoCheck, null), "Intermediate 1 is not valid when CA not provided, and AllowUnknownCA is false");
Assert.True(Utility.VerifyCert(intermediate1, false, X509RevocationMode.NoCheck, ca1), "Intermediate 1 is valid with: CA1");
var intermediate2 = new CertBuilder {
SubjectName = "CN=Intermediate 2", Issuer = intermediate1, KeyStrength = 1024
}.BuildX509();
Assert.True(Utility.VerifyCert(intermediate2, false, X509RevocationMode.NoCheck, ca1, intermediate1), "Intermediate 2 is valid with: CA1.Intermediate1");
var cert1 = new CertBuilder {
SubjectName = "CN=Test 1", Issuer = intermediate1, KeyStrength = 1024
}.BuildX509();
Assert.True(Utility.VerifyCert(cert1, false, X509RevocationMode.NoCheck, ca1, intermediate1), "Cert 1 is valid with: CA1.intermediate1");
Assert.False(Utility.VerifyCert(cert1, false, X509RevocationMode.NoCheck, ca1, intermediate2), "Cert 1 is NOT valid checked against intermediate 2");
var cert2 = new CertBuilder {
SubjectName = "CN=Test 2", Issuer = intermediate2, KeyStrength = 1024
}.BuildX509();
Assert.True(Utility.VerifyCert(cert2, false, X509RevocationMode.NoCheck, ca1, intermediate1, intermediate2), "Cert 2 is valid with: CA1.intermediate1.intermediate2");
var cert3 = new CertBuilder {
SubjectName = "CN=Test 3", Issuer = cert2, KeyStrength = 1024
}.BuildX509();
Assert.True(Utility.VerifyCert(cert3, false, X509RevocationMode.NoCheck, ca1, intermediate1, intermediate2, cert2), "Cert 3 is valid with: CA1.intermediate1.intermediate2.Cert2");
var ca2 = new CertBuilder {
SubjectName = "CN=Test CA2", KeyStrength = 1024
}.BuildX509();
Assert.True(Utility.VerifyCert(ca2, true, X509RevocationMode.NoCheck, null), "CA2 is valid (AllowUnknownCertificateAuthority = true)");
Assert.False(Utility.VerifyCert(intermediate1, false, X509RevocationMode.NoCheck, ca2), "Intermediate 1A is NOT valid and checked against CA2");
var invalidCert3 = new CertBuilder {
SubjectName = "CN=Invalid 1",
KeyStrength = 1024
}.BuildX509();
Assert.False(Utility.VerifyCert(invalidCert3, false, X509RevocationMode.NoCheck, ca2), "Cert 3 is NOT valid when checked against CA2");
var invalidCert4 = new CertBuilder {
SubjectName = "CN=Invalid 2",
Issuer = ca2,
NotBefore = DateTime.Now.AddDays(1),
KeyStrength = 1024
}.BuildX509();
Assert.False(Utility.VerifyCert(invalidCert4, false, X509RevocationMode.NoCheck, ca2), "Cert 4 is NOT valid with future date");
}
