public static TrustedTestCert <TestCertificate> GenerateTrustedTestCertificateThatWillExpireSoon(TimeSpan expiresIn)
{
var actionGenerator = CertificateModificationGeneratorForCertificateThatWillExpireSoon(expiresIn);
// Code Sign EKU needs trust to a root authority
// Add the cert to Root CA list in LocalMachine as it does not prompt a dialog
// This makes all the associated tests to require admin privilege
return(TestCertificate.Generate(actionGenerator).WithTrust());
}
public static TrustedTestCert <TestCertificate> GenerateTrustedTestCertificateNotYetValid()
{
var actionGenerator = CertificateModificationGeneratorNotYetValidCert;
// Code Sign EKU needs trust to a root authority
// Add the cert to Root CA list in LocalMachine as it does not prompt a dialog
// This makes all the associated tests to require admin privilege
return(TestCertificate.Generate(actionGenerator).WithTrust());
}
public static TrustedTestCert <TestCertificate> GenerateTrustedTestCertificateThatExpiresIn10Seconds()
{
var actionGenerator = CertificateModificationGeneratorExpireIn10Seconds;
// Code Sign EKU needs trust to a root authority
// Add the cert to Root CA list in LocalMachine as it does not prompt a dialog
// This makes all the associated tests to require admin privilege
return(TestCertificate.Generate(actionGenerator).WithTrust(StoreName.Root, StoreLocation.LocalMachine));
}
/// <summary>
/// Generates a list of certificates representing a chain of certificates.
/// The first certificate is the root certificate stored in StoreName.Root and StoreLocation.LocalMachine.
/// The last certificate is the leaf certificate stored in StoreName.TrustedPeople and StoreLocation.LocalMachine.
/// Please dispose all the certificates in the list after use.
/// </summary>
/// <param name="length">Length of the chain.</param>
/// <param name="crlServerUri">Uri for crl server</param>
/// <param name="crlLocalUri">Uri for crl local</param>
/// <param name="configureLeafCrl">Indicates if leaf crl should be configured</param>
/// <param name="leafCertificateActionGenerator">Specify actionGenerator for the leaf certificate of the chain</param>
/// <returns>List of certificates representing a chain of certificates.</returns>
public static IList <TrustedTestCert <TestCertificate> > GenerateCertificateChain(int length, string crlServerUri, string crlLocalUri, bool configureLeafCrl = true, Action <TestCertificateGenerator> leafCertificateActionGenerator = null)
{
var certChain = new List <TrustedTestCert <TestCertificate> >();
var actionGenerator = CertificateModificationGeneratorForCodeSigningEkuCert;
var leafGenerator = leafCertificateActionGenerator ?? actionGenerator;
TrustedTestCert <TestCertificate> issuer = null;
TrustedTestCert <TestCertificate> cert = null;
for (var i = 0; i < length; i++)
{
if (i == 0) // root CA cert
{
var chainCertificateRequest = new ChainCertificateRequest()
{
ConfigureCrl = true,
CrlLocalBaseUri = crlLocalUri,
CrlServerBaseUri = crlServerUri,
IsCA = true
};
cert = TestCertificate.Generate(actionGenerator, chainCertificateRequest).WithPrivateKeyAndTrust(StoreName.Root);
issuer = cert;
}
else if (i < length - 1) // intermediate CA cert
{
var chainCertificateRequest = new ChainCertificateRequest()
{
ConfigureCrl = true,
CrlLocalBaseUri = crlLocalUri,
CrlServerBaseUri = crlServerUri,
IsCA = true,
Issuer = issuer.Source.Cert
};
cert = TestCertificate.Generate(actionGenerator, chainCertificateRequest).WithPrivateKeyAndTrustForIntermediateCertificateAuthority();
issuer = cert;
}
else // leaf cert
{
var chainCertificateRequest = new ChainCertificateRequest()
{
CrlLocalBaseUri = crlLocalUri,
CrlServerBaseUri = crlServerUri,
IsCA = false,
ConfigureCrl = configureLeafCrl,
Issuer = issuer.Source.Cert
};
cert = TestCertificate.Generate(leafGenerator, chainCertificateRequest).WithPrivateKeyAndTrustForLeafOrSelfIssued();
}
certChain.Add(cert);
}
return(certChain);
}
public static IX509CertificateChain GenerateCertificateChainWithoutTrust(
int length,
string crlServerUri,
string crlLocalUri,
bool configureLeafCrl = true,
Action <TestCertificateGenerator> leafCertificateActionGenerator = null,
bool revokeEndCertificate = false)
{
List <TestCertificate> testCertificates = new();
X509CertificateChain certificateChain = new();
Action <TestCertificateGenerator> actionGenerator = CertificateModificationGeneratorForCodeSigningEkuCert;
Action <TestCertificateGenerator> leafGenerator = leafCertificateActionGenerator ?? actionGenerator;
X509Certificate2 issuer = null;
X509Certificate2 certificate = null;
CertificateRevocationList crl = null;
for (var i = 0; i < length; i++)
{
TestCertificate testCertificate;
if (i == 0) // root CA cert
{
ChainCertificateRequest chainCertificateRequest = new()
{
ConfigureCrl = true,
CrlLocalBaseUri = crlLocalUri,
CrlServerBaseUri = crlServerUri,
IsCA = true
};
testCertificate = TestCertificate.Generate(actionGenerator, chainCertificateRequest);
testCertificates.Add(testCertificate);
issuer = certificate = testCertificate.PublicCertWithPrivateKey;
}
else if (i < length - 1) // intermediate CA cert
{
ChainCertificateRequest chainCertificateRequest = new ChainCertificateRequest()
{
ConfigureCrl = true,
CrlLocalBaseUri = crlLocalUri,
CrlServerBaseUri = crlServerUri,
IsCA = true,
Issuer = issuer
};
testCertificate = TestCertificate.Generate(actionGenerator, chainCertificateRequest);
testCertificates.Add(testCertificate);
issuer = certificate = testCertificate.PublicCertWithPrivateKey;
if (revokeEndCertificate)
{
crl = testCertificate.Crl;
}
}
else // leaf cert
{
ChainCertificateRequest chainCertificateRequest = new()
{
CrlLocalBaseUri = crlLocalUri,
CrlServerBaseUri = crlServerUri,
IsCA = false,
ConfigureCrl = configureLeafCrl,
Issuer = issuer
};
testCertificate = TestCertificate.Generate(leafGenerator, chainCertificateRequest);
certificate = testCertificate.PublicCertWithPrivateKey;
if (revokeEndCertificate)
{
testCertificates[testCertificates.Count - 1].Crl.RevokeCertificate(certificate);
}
testCertificates.Add(testCertificate);
}
certificateChain.Insert(index: 0, certificate);
}
foreach (TestCertificate testCertificate in testCertificates)
{
testCertificate.Cert.Dispose();
}
return(certificateChain);
}
