< Summary - Kestrun — Combined Coverage

Information
Class: Public.Certificate.Test-KrCertificate
Assembly: Kestrun.PowerShell.Public
File(s): /home/runner/work/Kestrun/Kestrun/src/PowerShell/Kestrun/Public/Certificate/Test-KrCertificate.ps1
Tag: Kestrun/Kestrun@9d3a582b2d63930269564a7591aa77ef297cadeb
Line coverage
50%
Covered lines: 3
Uncovered lines: 3
Coverable lines: 6
Total lines: 61
Line coverage: 50%
Branch coverage
N/A
Covered branches: 0
Total branches: 0
Branch coverage: N/A
Method coverage

Feature is only available for sponsors

Upgrade to PRO version

Coverage history

Coverage history 0 25 50 75 100

Metrics

Method
Test-KrCertificate()

File(s)

/home/runner/work/Kestrun/Kestrun/src/PowerShell/Kestrun/Public/Certificate/Test-KrCertificate.ps1

#LineLine coverage
 1<#
 2    .SYNOPSIS
 3        Validates a certificate’s chain, EKU, and cryptographic strength.
 4    .DESCRIPTION
 5        This function checks the validity of a given X509Certificate2 object by verifying its certificate chain,
 6        enhanced key usage (EKU), and cryptographic strength. It can also check for self-signed certificates and
 7        validate against expected purposes.
 8    .PARAMETER Certificate
 9        The X509Certificate2 object to validate.
 10    .PARAMETER CheckRevocation
 11        Indicates whether to check the certificate's revocation status.
 12    .PARAMETER AllowWeakAlgorithms
 13        Indicates whether to allow weak cryptographic algorithms.
 14    .PARAMETER DenySelfSigned
 15        Indicates whether to deny self-signed certificates.
 16    .PARAMETER ExpectedPurpose
 17        The expected purposes (OID) for the certificate.
 18        If specified, the certificate will be validated against these purposes.
 19    .PARAMETER StrictPurpose
 20        Indicates whether to enforce strict matching of the expected purposes.
 21    .EXAMPLE
 22        Test-KestrunCertificate -Certificate $cert -DenySelfSigned -CheckRevocation
 23    .EXAMPLE
 24        Test-KestrunCertificate -Certificate $cert -AllowWeakAlgorithms -ExpectedPurpose '1.3.6.1.5.5.7.3.1'
 25    .EXAMPLE
 26        Test-KestrunCertificate -Certificate $cert -StrictPurpose
 27        If specified, the certificate will be validated against these purposes.
 28    .NOTES
 29        This function is designed to be used in the context of Kestrun's certificate management.
 30        It leverages the Kestrun.Certificates.CertificateManager for validation.
 31#>
 32function Test-KrCertificate {
 33    [KestrunRuntimeApi('Everywhere')]
 34    [CmdletBinding()]
 35    [OutputType([bool])]
 36    param(
 37        [Parameter(Mandatory)]
 38        [System.Security.Cryptography.X509Certificates.X509Certificate2] $Certificate,
 39
 40        [switch] $CheckRevocation,
 41        [switch] $AllowWeakAlgorithms,
 42        [switch] $DenySelfSigned,
 43
 44        [string[]] $ExpectedPurpose,
 45        [switch] $StrictPurpose
 46    )
 47
 148    $oidColl = if ($ExpectedPurpose) {
 049        $oc = [System.Security.Cryptography.OidCollection]::new()
 050        foreach ($p in $ExpectedPurpose) { $oc.Add([System.Security.Cryptography.Oid]::new($p)) }
 051        $oc
 152    } else { $null }
 53
 154    return [Kestrun.Certificates.CertificateManager]::Validate($Certificate,
 55        $CheckRevocation.IsPresent,
 56        $AllowWeakAlgorithms.IsPresent,
 57        $DenySelfSigned.IsPresent,
 58        $oidColl,
 59        $StrictPurpose.IsPresent)
 60}
 61
Generated by: ReportGenerator 5.4.12.0
09/10/2025 - 19:58:59
GitHub | reportgenerator.io

Methods/Properties

Test-KrCertificate()