< Summary - Kestrun — Combined Coverage

Information
Class: Public.Certificate.Test-KrCertificate
Assembly: Kestrun.PowerShell.Public
File(s): /home/runner/work/Kestrun/Kestrun/src/PowerShell/Kestrun/Public/Certificate/Test-KrCertificate.ps1
Tag: Kestrun/Kestrun@2d87023b37eb91155071c91dd3d6a2eeb3004705
Line coverage
0%
Covered lines: 0
Uncovered lines: 6
Coverable lines: 6
Total lines: 61
Line coverage: 0%
Branch coverage
N/A
Covered branches: 0
Total branches: 0
Branch coverage: N/A
Method coverage

Feature is only available for sponsors

Upgrade to PRO version

Coverage history

Coverage history 0 25 50 75 100 09/07/2025 - 18:41:40 Line coverage: 50% (3/6) Total lines: 61 Tag: Kestrun/Kestrun@2192d4ccb46312ce89b7f7fda1aa8c915bfa228410/13/2025 - 16:52:37 Line coverage: 0% (0/6) Total lines: 61 Tag: Kestrun/Kestrun@10d476bee71c71ad215bb8ab59f219887b5b4a5e

Metrics

Method
Test-KrCertificate()

File(s)

/home/runner/work/Kestrun/Kestrun/src/PowerShell/Kestrun/Public/Certificate/Test-KrCertificate.ps1

#LineLine coverage
 1<#
 2    .SYNOPSIS
 3        Validates a certificate’s chain, EKU, and cryptographic strength.
 4    .DESCRIPTION
 5        This function checks the validity of a given X509Certificate2 object by verifying its certificate chain,
 6        enhanced key usage (EKU), and cryptographic strength. It can also check for self-signed certificates and
 7        validate against expected purposes.
 8    .PARAMETER Certificate
 9        The X509Certificate2 object to validate.
 10    .PARAMETER CheckRevocation
 11        Indicates whether to check the certificate's revocation status.
 12    .PARAMETER AllowWeakAlgorithms
 13        Indicates whether to allow weak cryptographic algorithms.
 14    .PARAMETER DenySelfSigned
 15        Indicates whether to deny self-signed certificates.
 16    .PARAMETER ExpectedPurpose
 17        The expected purposes (OID) for the certificate.
 18        If specified, the certificate will be validated against these purposes.
 19    .PARAMETER StrictPurpose
 20        Indicates whether to enforce strict matching of the expected purposes.
 21    .EXAMPLE
 22        Test-KestrunCertificate -Certificate $cert -DenySelfSigned -CheckRevocation
 23    .EXAMPLE
 24        Test-KestrunCertificate -Certificate $cert -AllowWeakAlgorithms -ExpectedPurpose '1.3.6.1.5.5.7.3.1'
 25    .EXAMPLE
 26        Test-KestrunCertificate -Certificate $cert -StrictPurpose
 27        If specified, the certificate will be validated against these purposes.
 28    .NOTES
 29        This function is designed to be used in the context of Kestrun's certificate management.
 30        It leverages the Kestrun.Certificates.CertificateManager for validation.
 31#>
 32function Test-KrCertificate {
 33    [KestrunRuntimeApi('Everywhere')]
 34    [CmdletBinding()]
 35    [OutputType([bool])]
 36    param(
 37        [Parameter(Mandatory)]
 38        [System.Security.Cryptography.X509Certificates.X509Certificate2] $Certificate,
 39
 40        [switch] $CheckRevocation,
 41        [switch] $AllowWeakAlgorithms,
 42        [switch] $DenySelfSigned,
 43
 44        [string[]] $ExpectedPurpose,
 45        [switch] $StrictPurpose
 46    )
 47
 048    $oidColl = if ($ExpectedPurpose) {
 049        $oc = [System.Security.Cryptography.OidCollection]::new()
 050        foreach ($p in $ExpectedPurpose) { $oc.Add([System.Security.Cryptography.Oid]::new($p)) }
 051        $oc
 052    } else { $null }
 53
 054    return [Kestrun.Certificates.CertificateManager]::Validate($Certificate,
 55        $CheckRevocation.IsPresent,
 56        $AllowWeakAlgorithms.IsPresent,
 57        $DenySelfSigned.IsPresent,
 58        $oidColl,
 59        $StrictPurpose.IsPresent)
 60}
 61
Generated by: ReportGenerator 5.4.17.0
10/18/2025 - 15:14:40
GitHub | reportgenerator.io

Methods/Properties

Test-KrCertificate()