public IoTHardwareIntegratorTests(ITestOutputHelper log) { this.log = log; this.config = new Mock <IConfig>(); this.config.Setup(c => c.IoTDeployerName).Returns("technician-z"); this.mockCA = new Mock <ICertificateAuthority>(); DateTimeOffset now = DateTimeOffset.UtcNow; this.chain = new X509Certificate2Collection(X509CertificateOperations .CreateChainRequest( "CN=Fabrikam CA Root (Unit Test Use Only)", RSA.Create(3072), HashAlgorithmName.SHA512, true, null) .CreateX509SelfSignedCert( 10000)); this.mockCA .Setup(ca => ca.CreateSignedCrt(It.IsAny <CertificateRequest>())) .Returns((CertificateRequest csr) => csr.CreateX509Cert( this.chain[0], 4000)); this.mockCA.Setup(ca => ca.personalSignedX509Certificate) .Returns(this.chain[0]); }
// Install a signed leaft X509 Cert in a Device HSM-based private IIoTDevice InjectChainOfTrust(IIoTDevice device, X509Certificate2Collection chain) { if (device == null) { throw new ArgumentNullException(nameof(device)); } X509Certificate2 deviceLeafCert = null; // Create csr for a Device CertificateRequest deviceLeafRequest = X509CertificateOperations.CreateChainRequest( this.GenerateLeafCertDistinguishedName( device .HardwareSecurityModel .GetUniqueDeviceId), device.HardwareSecurityModel.GetPublicKey, HashAlgorithmName.SHA256, false, null); // issue a signed leaf crt deviceLeafCert = this.CreateSignedCrt(deviceLeafRequest); device.HardwareSecurityModel.StoreX509Cert(deviceLeafCert, chain); return(device); }
private X509Certificate2 AcquireCASigneIntermediateCertWithKey() { X509Certificate2 intermedCertWithKey = null; using (AsymmetricAlgorithm intermedPrivKey = RSA.Create(2048)) { // Create csr CertificateRequest intermedRequest = X509CertificateOperations.CreateChainRequest( IntermedDistinguishedName, intermedPrivKey, HashAlgorithmName.SHA384, true, null); // Request Root CA to issue a signed intermed crt X509Certificate2 intermedCert = this.rootCertificateAuthority .CreateSignedCrt(intermedRequest); // Save its private key for future issuing as Itermediate CA intermedCertWithKey = intermedCert .CloneWithPrivateKey(intermedPrivKey); intermedCert.Dispose(); } return(intermedCertWithKey); }
public DeviceHSMX509StoreTests(ITestOutputHelper log) { this.log = log; this.deviceHSM = new DeviceHSM(); this.chain = new X509Certificate2Collection( X509CertificateOperations .CreateChainRequest( "CN=Fabrikam CA Root (Integration Test Use Only), O=Fabrikam Drone Delivery", RSA.Create(3072), HashAlgorithmName.SHA512, true, null) .CreateX509SelfSignedCert( 2)); this.leaf = X509CertificateOperations .CreateChainRequest( "CN=Fabrikam Leaf (Integration Test Use Only), O=Fabrikam Drone Delivery", this.deviceHSM.GetPublicKey, HashAlgorithmName.SHA256, false, null) .CreateX509Cert( this.chain[0], 1); this.ca = new Mock <ICertificateAuthority>(); }
public CertificateAuthorityTests(ITestOutputHelper log) { this.log = log; this.config = new Mock <IConfig>(); this.config.Setup(c => c.IoTCompanyName).Returns("company-x"); this.config.Setup(c => c.IoTHardwareIntegratorName) .Returns("factory-y"); this.deviceHSM = new DeviceHSM(); DateTimeOffset now = DateTimeOffset.UtcNow; this.Chain = new X509Certificate2Collection(X509CertificateOperations .CreateChainRequest("CN=rootCATests", RSA.Create(3072), HashAlgorithmName.SHA512, true, null) .CreateSelfSigned(now, now.AddDays(2))); this.leafCsr = X509CertificateOperations .CreateChainRequest("CN=leafCATests", this.deviceHSM.GetPublicKey, HashAlgorithmName.SHA256, false, null); }
public void CanRunChainOfTrustForEndEnitiyLeafX509Certificates() { // Arrange const string endEntityLeafDistinguishedName = "CN=End Entity Leaf Certificate, O=Fabrikam_DD"; X509Certificate2 rootCACert, intermed1Cert, intermed2Cert, endEntityLeafCertificate = null; rootCACert = this.rootCA.personalSignedX509Certificate; intermed1Cert = this.intermed1CA.personalSignedX509Certificate; intermed2Cert = this.intermed2CA.personalSignedX509Certificate; CertificateRequest endEntityLeafCSR = null; string errMsg = null; var chain = new X509Chain(); chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck; chain.ChainPolicy.VerificationFlags = X509VerificationFlags.AllowUnknownCertificateAuthority; chain.ChainPolicy.ExtraStore.Add(intermed2Cert); chain.ChainPolicy.ExtraStore.Add(intermed1Cert); chain.ChainPolicy.ExtraStore.Add(rootCACert); // Act try { endEntityLeafCSR = X509CertificateOperations .CreateChainRequest( endEntityLeafDistinguishedName, RSA.Create(1536), HashAlgorithmName.SHA256, false, null); endEntityLeafCertificate = this.intermed2CA .CreateSignedCrt( endEntityLeafCSR); errMsg = RunChain( chain, endEntityLeafCertificate, "Verify chain of trust for End Entity Leaf X509 Cert"); } finally { DisposeChainCerts(chain); } // Assert Assert.True(string.IsNullOrEmpty(errMsg), errMsg); Assert.NotNull(endEntityLeafCertificate); Assert.False(endEntityLeafCertificate.HasPrivateKey); Assert.NotNull(endEntityLeafCertificate.GetRSAPublicKey()); Assert.True(endEntityLeafCertificate.NotAfter <= (DateTimeOffset.UtcNow.AddDays(30))); Assert.False(string.IsNullOrEmpty(endEntityLeafCertificate.Thumbprint)); Assert.True(endEntityLeafCertificate.Version >= 3); }
protected virtual void Dispose(bool disposing) { this.leaf?.Dispose(); this.chain[0]?.Dispose(); X509CertificateOperations.RemoveCertsByOrganizationName( StoreName.My, StoreLocation.CurrentUser, "Fabrikam Drone Delivery"); X509CertificateOperations.RemoveCertsByOrganizationName( StoreName.Root, StoreLocation.CurrentUser, "Fabrikam Drone Delivery"); deviceHSM?.Dispose(); }
private X509Certificate2 CreateRootCASelfSignedCertWithKey() { X509Certificate2 rootCACertWithKey = null; // Well kwnon CA cert. It belongs to the CA API, it should just sign the very first intermediate cert using (AsymmetricAlgorithm rootKeyCAPrivKey = RSA.Create(3072)) { // Create CSR CertificateRequest rootKeyCARequest = X509CertificateOperations .CreateChainRequest( this.RootCADistinguishedName, rootKeyCAPrivKey, HashAlgorithmName.SHA512, true, null); rootCACertWithKey = rootKeyCARequest .CreateX509SelfSignedCert( 10000); } return(rootCACertWithKey); }
private static void CleanupStore() { Console.Write("Clean up X509 Cert Personal Store..."); X509CertificateOperations.RemoveCertsByOrganizationName( StoreName.My, StoreLocation.CurrentUser, "Fabrikam Drone Delivery"); Console.Write("OK!\n"); Console.Write("Clean up X509 Cert CA Store..."); X509CertificateOperations.RemoveCertsByOrganizationName( StoreName.CertificateAuthority, StoreLocation.CurrentUser, "Fabrikam Drone Delivery"); Console.Write("OK!\n"); Console.Write("Clean up X509 Cert Root Store..."); X509CertificateOperations.RemoveCertsByOrganizationName( StoreName.Root, StoreLocation.CurrentUser, "Fabrikam Drone Delivery"); Console.Write("OK!\n"); }
public async Task GenerateProofOfVerficationAsync( string verificationCode, string fileName = null) { fileName = fileName ?? $".\\{verificationCode}.cer"; using (AsymmetricAlgorithm popPrivKey = RSA.Create(1536)) { // generate csr for Azure DPS PoP CertificateRequest proofCsr = X509CertificateOperations.CreateChainRequest( verificationCode, popPrivKey, HashAlgorithmName.SHA256, false, null); // generate the proof X509Certificate2 popCert = this.CreateSignedCrt(proofCsr); // save to .cer so tje private key owner can proof the possesion by uploading the new signed cert await popCert.ExportToCerAsync(fileName).ConfigureAwait(false); } }