public async Task RevokeRSAIssuersTest()
{
using (var mock = AutoMock.GetLoose()) {
// Setup
Setup(mock, HandleQuery);
ICertificateIssuer service = mock.Create <CertificateIssuer>();
var rootca = await service.NewRootCertificateAsync("rootca",
X500DistinguishedNameEx.Create("CN=rootca"), DateTime.UtcNow, TimeSpan.FromDays(5),
new CreateKeyParams { KeySize = 2048, Type = KeyType.RSA },
new IssuerPolicies { IssuedLifetime = TimeSpan.FromHours(3) });
var intca = await service.NewIssuerCertificateAsync("rootca", "intca",
X500DistinguishedNameEx.Create("CN=intca"), DateTime.UtcNow,
new CreateKeyParams { KeySize = 2048, Type = KeyType.RSA },
new IssuerPolicies { IssuedLifetime = TimeSpan.FromHours(2) });
var footca1 = await service.NewIssuerCertificateAsync("intca", "footca1",
X500DistinguishedNameEx.Create("CN=footca"), DateTime.UtcNow,
new CreateKeyParams { KeySize = 2048, Type = KeyType.RSA },
new IssuerPolicies { IssuedLifetime = TimeSpan.FromHours(1) });
var footca2 = await service.NewIssuerCertificateAsync("intca", "footca2",
X500DistinguishedNameEx.Create("CN=footca"), DateTime.UtcNow,
new CreateKeyParams { KeySize = 2048, Type = KeyType.RSA },
new IssuerPolicies { IssuedLifetime = TimeSpan.FromHours(1) });
// Run
ICertificateRevoker revoker = mock.Create <CertificateRevoker>();
await revoker.RevokeCertificateAsync(footca1.SerialNumber);
await revoker.RevokeCertificateAsync(footca2.SerialNumber);
ICertificateStore store = mock.Create <CertificateDatabase>();
var foundi = await store.FindLatestCertificateAsync("intca");
var found1 = await store.FindLatestCertificateAsync("footca1");
var found2 = await store.FindLatestCertificateAsync("footca2");
ICrlEndpoint crls = mock.Create <CrlDatabase>();
// Get crl chain for intca and rootca
var chainr = await crls.GetCrlChainAsync(intca.SerialNumber);
// Assert
Assert.NotNull(foundi);
Assert.NotNull(found1);
Assert.NotNull(found2);
Assert.Null(foundi.Revoked);
Assert.NotNull(found1.Revoked);
Assert.NotNull(found2.Revoked);
Assert.NotNull(chainr);
Assert.NotEmpty(chainr);
Assert.Equal(2, chainr.Count());
Assert.True(chainr.ToArray()[1].HasValidSignature(intca));
Assert.True(chainr.ToArray()[0].HasValidSignature(rootca));
Assert.True(chainr.Last().IsRevoked(footca1));
Assert.True(chainr.Last().IsRevoked(footca2));
Assert.False(chainr.First().IsRevoked(intca));
}
}
/// <summary>
/// Create certificate authority services
/// </summary>
/// <param name="store"></param>
/// <param name="revoker"></param>
/// <param name="crls"></param>
public CertificateAuthority(ICertificateStore store, ICertificateRevoker revoker,
ICrlEndpoint crls)
{
_store = store ?? throw new ArgumentNullException(nameof(store));
_crls = crls ?? throw new ArgumentNullException(nameof(crls));
_revoker = revoker ?? throw new ArgumentNullException(nameof(revoker));
}
public async Task RevokeECCIssuerAndECCIssuersTestAsync()
{
using (var mock = Setup(HandleQuery)) {
ICertificateIssuer service = mock.Create <CertificateIssuer>();
var rootca = await service.NewRootCertificateAsync("rootca",
X500DistinguishedNameEx.Create("CN=rootca"), DateTime.UtcNow, TimeSpan.FromDays(5),
new CreateKeyParams { KeySize = 2048, Type = KeyType.ECC, Curve = CurveType.P384 },
new IssuerPolicies { IssuedLifetime = TimeSpan.FromHours(3) });
var intca = await service.NewIssuerCertificateAsync("rootca", "intca",
X500DistinguishedNameEx.Create("CN=intca"), DateTime.UtcNow,
new CreateKeyParams { KeySize = 2048, Type = KeyType.ECC, Curve = CurveType.P384 },
new IssuerPolicies { IssuedLifetime = TimeSpan.FromHours(2) });
var footca1 = await service.NewIssuerCertificateAsync("intca", "footca1",
X500DistinguishedNameEx.Create("CN=footca"), DateTime.UtcNow,
new CreateKeyParams { KeySize = 2048, Type = KeyType.ECC, Curve = CurveType.P384 },
new IssuerPolicies { IssuedLifetime = TimeSpan.FromHours(1) });
var footca2 = await service.NewIssuerCertificateAsync("intca", "footca2",
X500DistinguishedNameEx.Create("CN=footca"), DateTime.UtcNow,
new CreateKeyParams { KeySize = 2048, Type = KeyType.ECC, Curve = CurveType.P384 },
new IssuerPolicies { IssuedLifetime = TimeSpan.FromHours(1) });
// Run
ICertificateRevoker revoker = mock.Create <CertificateRevoker>();
await revoker.RevokeCertificateAsync(intca.SerialNumber);
ICertificateStore store = mock.Create <CertificateDatabase>();
var foundi = await store.FindLatestCertificateAsync("intca");
var found1 = await store.FindLatestCertificateAsync("footca1");
var found2 = await store.FindLatestCertificateAsync("footca2");
ICrlEndpoint crls = mock.Create <CrlDatabase>();
// Get crl for root
var chainr = await crls.GetCrlChainAsync(rootca.SerialNumber);
// Assert
Assert.NotNull(foundi);
Assert.NotNull(found1);
Assert.NotNull(found2);
Assert.NotNull(foundi.Revoked);
Assert.NotNull(found1.Revoked);
Assert.NotNull(found2.Revoked);
Assert.NotNull(chainr);
Assert.Single(chainr);
Assert.True(chainr.Single().HasValidSignature(rootca));
Assert.True(chainr.Single().IsRevoked(intca));
}
}