public static TestCertificate Generate(Action <X509V3CertificateGenerator> modifyGenerator = null, ChainCertificateRequest chainCertificateRequest = null)
{
var certName = GenerateCertificateName();
var cert = SigningTestUtility.GenerateCertificate(certName, modifyGenerator, chainCertificateRequest: chainCertificateRequest);
CertificateRevocationList crl = null;
// create a crl only if the certificate is part of a chain and it is a CA
if (chainCertificateRequest != null && chainCertificateRequest.IsCA)
{
crl = CertificateRevocationList.CreateCrl(cert, chainCertificateRequest.CrlLocalBaseUri);
}
var testCertificate = new TestCertificate
{
Cert = cert,
Crl = crl
};
return(testCertificate);
}
public static IX509CertificateChain GenerateCertificateChainWithoutTrust(
int length,
string crlServerUri,
string crlLocalUri,
bool configureLeafCrl = true,
Action <TestCertificateGenerator> leafCertificateActionGenerator = null,
bool revokeEndCertificate = false)
{
List <TestCertificate> testCertificates = new();
X509CertificateChain certificateChain = new();
Action <TestCertificateGenerator> actionGenerator = CertificateModificationGeneratorForCodeSigningEkuCert;
Action <TestCertificateGenerator> leafGenerator = leafCertificateActionGenerator ?? actionGenerator;
X509Certificate2 issuer = null;
X509Certificate2 certificate = null;
CertificateRevocationList crl = null;
for (var i = 0; i < length; i++)
{
TestCertificate testCertificate;
if (i == 0) // root CA cert
{
ChainCertificateRequest chainCertificateRequest = new()
{
ConfigureCrl = true,
CrlLocalBaseUri = crlLocalUri,
CrlServerBaseUri = crlServerUri,
IsCA = true
};
testCertificate = TestCertificate.Generate(actionGenerator, chainCertificateRequest);
testCertificates.Add(testCertificate);
issuer = certificate = testCertificate.PublicCertWithPrivateKey;
}
else if (i < length - 1) // intermediate CA cert
{
ChainCertificateRequest chainCertificateRequest = new ChainCertificateRequest()
{
ConfigureCrl = true,
CrlLocalBaseUri = crlLocalUri,
CrlServerBaseUri = crlServerUri,
IsCA = true,
Issuer = issuer
};
testCertificate = TestCertificate.Generate(actionGenerator, chainCertificateRequest);
testCertificates.Add(testCertificate);
issuer = certificate = testCertificate.PublicCertWithPrivateKey;
if (revokeEndCertificate)
{
crl = testCertificate.Crl;
}
}
else // leaf cert
{
ChainCertificateRequest chainCertificateRequest = new()
{
CrlLocalBaseUri = crlLocalUri,
CrlServerBaseUri = crlServerUri,
IsCA = false,
ConfigureCrl = configureLeafCrl,
Issuer = issuer
};
testCertificate = TestCertificate.Generate(leafGenerator, chainCertificateRequest);
certificate = testCertificate.PublicCertWithPrivateKey;
if (revokeEndCertificate)
{
testCertificates[testCertificates.Count - 1].Crl.RevokeCertificate(certificate);
}
testCertificates.Add(testCertificate);
}
certificateChain.Insert(index: 0, certificate);
}
foreach (TestCertificate testCertificate in testCertificates)
{
testCertificate.Cert.Dispose();
}
return(certificateChain);
}
