Add Crl tests for ECC

Stack/Opc.Ua.Core/Schema/ApplicationConfiguration.cs

@@ -3067,7 +3067,7 @@ public CertificateIdentifier()
         public CertificateIdentifier(X509Certificate2 certificate)
         {
             Initialize();
-            m_certificate = certificate;
+            Certificate = certificate;
         }
 
         /// <summary>
@@ -3076,7 +3076,7 @@ public CertificateIdentifier(X509Certificate2 certificate)
         public CertificateIdentifier(X509Certificate2 certificate, CertificateValidationOptions validationOptions)
         {
             Initialize();
-            m_certificate = certificate;
+            Certificate = certificate;
             m_validationOptions = validationOptions;
         }
 
@@ -3087,7 +3087,7 @@ public CertificateIdentifier(X509Certificate2 certificate, CertificateValidation
         public CertificateIdentifier(byte[] rawData)
         {
             Initialize();
-            m_certificate = CertificateFactory.Create(rawData, true);
+            Certificate = CertificateFactory.Create(rawData, true);
         }
 
         /// <summary>

Tests/Opc.Ua.Security.Certificates.Tests/CRLTests.cs

@@ -30,6 +30,7 @@
 
 using System;
 using System.Globalization;
+using System.Runtime.InteropServices;
 using System.Security.Cryptography;
 using System.Security.Cryptography.X509Certificates;
 using System.Text;
@@ -44,6 +45,7 @@ namespace Opc.Ua.Security.Certificates.Tests
     /// </summary>
     [TestFixture, Category("CRL")]
     [Parallelizable]
+    [TestFixtureSource(nameof(FixtureArgs))]
     [SetCulture("en-us")]
     public class CRLTests
     {
@@ -58,16 +60,48 @@ public class CRLTests
             { 4096, HashAlgorithmName.SHA512 } }.ToArray();
         #endregion
 
+        /// <summary>
+        /// store types to run the tests with
+        /// </summary>
+        public static readonly object[] FixtureArgs = {
+            new object [] { nameof(Opc.Ua.ObjectTypeIds.RsaSha256ApplicationCertificateType)},
+            new object [] { nameof(Opc.Ua.ObjectTypeIds.EccNistP256ApplicationCertificateType)}
+        };
+
+        public CRLTests(string certificateType)
+        {
+            if (certificateType == CertificateStoreType.X509Store && !RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
+            {
+                Assert.Ignore("X509 Store with crls is only supported on Windows, skipping test run");
+            }
+            m_certifiateType = certificateType;
+        }
+
+
         #region Test Setup
         /// <summary>
         /// Set up a Global Discovery Server and Client instance and connect the session
         /// </summary>
         [OneTimeSetUp]
         protected void OneTimeSetUp()
         {
-            m_issuerCert = CertificateBuilder.Create("CN=Root CA, O=OPC Foundation")
-                .SetCAConstraint()
-                .CreateForRSA();
+            if (m_certifiateType == nameof(Opc.Ua.ObjectTypeIds.RsaSha256ApplicationCertificateType))
+            {
+                m_issuerCert = CertificateBuilder.Create("CN=Root CA, O=OPC Foundation")
+                    .SetCAConstraint()
+                    .CreateForRSA();
+            }
+            else if (m_certifiateType == nameof(Opc.Ua.ObjectTypeIds.EccNistP256ApplicationCertificateType))
+            {
+                m_issuerCert = CertificateBuilder.Create("CN=Root CA, O=OPC Foundation")
+                    .SetCAConstraint()
+                    .SetECCurve(ECCurve.NamedCurves.nistP256)
+                    .CreateForECDsa();
+            }
+            else
+            {
+                throw new NotImplementedException();
+            }
         }
 
         /// <summary>
@@ -144,8 +178,16 @@ public void CrlBuilderTest(bool empty, bool noExtensions, KeyHashPair keyHashPai
                 crlBuilder.CrlExtensions.Add(X509Extensions.BuildCRLNumber(1111));
                 crlBuilder.CrlExtensions.Add(X509Extensions.BuildAuthorityKeyIdentifier(m_issuerCert));
             }
+            IX509CRL i509Crl;
+            if (X509PfxUtils.IsECDsaSignature(m_issuerCert))
+            {
 
-            var i509Crl = crlBuilder.CreateForRSA(m_issuerCert);
+                i509Crl = crlBuilder.CreateForECDsa(m_issuerCert);
+            }
+            else
+            {
+                i509Crl = crlBuilder.CreateForRSA(m_issuerCert);
+            }
             X509CRL x509Crl = new X509CRL(i509Crl.RawData);
             Assert.NotNull(x509Crl);
             Assert.NotNull(x509Crl.CrlExtensions);
@@ -203,10 +245,21 @@ public void CrlBuilderTestWithSignatureGenerator(KeyHashPair keyHashPair)
             crlBuilder.CrlExtensions.Add(X509Extensions.BuildAuthorityKeyIdentifier(m_issuerCert));
 
             IX509CRL ix509Crl;
-            using (RSA rsa = m_issuerCert.GetRSAPrivateKey())
+            if (X509PfxUtils.IsECDsaSignature(m_issuerCert))
             {
-                X509SignatureGenerator generator = X509SignatureGenerator.CreateForRSA(rsa, RSASignaturePadding.Pkcs1);
-                ix509Crl = crlBuilder.CreateSignature(generator);
+                using (ECDsa ecdsa = m_issuerCert.GetECDsaPrivateKey())
+                {
+                    X509SignatureGenerator generator = X509SignatureGenerator.CreateForECDsa(ecdsa);
+                    ix509Crl = crlBuilder.CreateSignature(generator);
+                }
+            }
+            else
+            {
+                using (RSA rsa = m_issuerCert.GetRSAPrivateKey())
+                {
+                    X509SignatureGenerator generator = X509SignatureGenerator.CreateForRSA(rsa, RSASignaturePadding.Pkcs1);
+                    ix509Crl = crlBuilder.CreateSignature(generator);
+                }
             }
             X509CRL x509Crl = new X509CRL(ix509Crl);
             Assert.NotNull(x509Crl);
@@ -322,6 +375,7 @@ private void ValidateCRL(
 
         #region Private Fields
         X509Certificate2 m_issuerCert;
+        private string m_certifiateType;
         #endregion
     }