public TrustListApiModel(KeyVaultTrustListModel keyVaultTrustList)
{
GroupId = keyVaultTrustList.Group;
IssuerCertificates = new X509Certificate2CollectionApiModel(keyVaultTrustList.IssuerCertificates);
IssuerCrls = new X509CrlCollectionApiModel(keyVaultTrustList.IssuerCrls);
TrustedCertificates = new X509Certificate2CollectionApiModel(keyVaultTrustList.TrustedCertificates);
TrustedCrls = new X509CrlCollectionApiModel(keyVaultTrustList.TrustedCrls);
NextPageLink = keyVaultTrustList.NextPageLink;
}
internal static void AddRange(this KeyVaultTrustListModel list, KeyVaultTrustListModel items)
{
if (list == null)
{
throw new ArgumentNullException(nameof(list));
}
if (items == null)
{
throw new ArgumentNullException(nameof(items));
}
list.TrustedCertificates.AddRange(items.TrustedCertificates);
list.TrustedCrls.AddRange(items.TrustedCrls);
list.IssuerCertificates.AddRange(items.IssuerCertificates);
list.IssuerCrls.AddRange(items.IssuerCrls);
}
internal static async Task <CertificateValidator> CreateValidatorAsync(KeyVaultTrustListModel trustList)
{
var storePath = "%LocalApplicationData%/OPCVaultTest/pki/";
DeleteDirectory(storePath);
// verify cert with issuer chain
var certValidator = new CertificateValidator();
var issuerTrustList = await CreateTrustListAsync(
storePath + "issuer",
trustList.IssuerCertificates,
trustList.IssuerCrls
);
var trustedTrustList = await CreateTrustListAsync(
storePath + "trusted",
trustList.TrustedCertificates,
trustList.TrustedCrls
);
certValidator.Update(issuerTrustList, trustedTrustList, null);
return(certValidator);
}
public async Task CreateCAAndAppCertificatesThenRevokeAll()
{
Skip.If(!_fixture.KeyVaultInitOk);
X509Certificate2Collection certCollection = new X509Certificate2Collection();
for (int i = 0; i < 3; i++)
{
await KeyVaultCreateCACertificateAsync();
for (int v = 0; v < 10; v++)
{
certCollection.AddRange(await KeyVaultSigningRequestAsync());
certCollection.AddRange(await KeyVaultNewKeyPairRequestAsync());
}
}
string[] groups = await _keyVault.GetCertificateGroupIds();
// validate all certificates
foreach (string group in groups)
{
var trustList = await _keyVault.GetTrustListAsync(group);
string nextPageLink = trustList.NextPageLink;
while (nextPageLink != null)
{
var nextTrustList = await _keyVault.GetTrustListAsync(group, nextPageLink);
trustList.AddRange(nextTrustList);
nextPageLink = nextTrustList.NextPageLink;
}
var validator = await X509TestUtils.CreateValidatorAsync(trustList);
foreach (var cert in certCollection)
{
validator.Validate(cert);
}
}
// now revoke all certifcates
var revokeCertificates = new X509Certificate2Collection(certCollection);
foreach (string group in groups)
{
var unrevokedCertificates = await _keyVault.RevokeCertificatesAsync(group, revokeCertificates);
Assert.True(unrevokedCertificates.Count <= revokeCertificates.Count);
revokeCertificates = unrevokedCertificates;
}
Assert.Empty(revokeCertificates);
// reload updated trust list from KeyVault
var trustListAllGroups = new KeyVaultTrustListModel("all");
foreach (string group in groups)
{
var trustList = await _keyVault.GetTrustListAsync(group);
string nextPageLink = trustList.NextPageLink;
while (nextPageLink != null)
{
var nextTrustList = await _keyVault.GetTrustListAsync(group, nextPageLink);
trustList.AddRange(nextTrustList);
nextPageLink = nextTrustList.NextPageLink;
}
trustListAllGroups.AddRange(trustList);
}
// verify certificates are revoked
{
var validator = await X509TestUtils.CreateValidatorAsync(trustListAllGroups);
foreach (var cert in certCollection)
{
Assert.Throws <Opc.Ua.ServiceResultException>(() =>
{
validator.Validate(cert);
});
}
}
}
