dotnet · wfurt · Jul 8, 2020 · Jul 6, 2020 · Jul 7, 2020 · Jul 7, 2020
diff --git a/...raries/Common/tests/System/Security/Cryptography/X509Certificates/CertificateAuthority.cs b/...raries/Common/tests/System/Security/Cryptography/X509Certificates/CertificateAuthority.cs
@@ -25,6 +25,7 @@ public enum PkiOptions
         IssuerRevocationViaOcsp = 1 << 1,
         EndEntityRevocationViaCrl = 1 << 2,
         EndEntityRevocationViaOcsp = 1 << 3,
+        EndEntityIsServer = 1 << 4,
 
         CrlEverywhere = IssuerRevocationViaCrl | EndEntityRevocationViaCrl,
         OcspEverywhere = IssuerRevocationViaOcsp | EndEntityRevocationViaOcsp,
@@ -106,6 +107,11 @@ internal sealed class CertificateAuthority : IDisposable
         internal DateTimeOffset? RevocationExpiration { get; set; }
         internal bool CorruptRevocationIssuerName { get; set; }
 
+        // All keys created in this method are smaller than recommended,
+        // but they only live for a few seconds (at most),
+        // and never communicate out of process.
+        const int DefaultKeySize = 1024;
+
         internal CertificateAuthority(
             X509Certificate2 cert,
             string aiaHttpUrl,
@@ -169,6 +175,18 @@ internal X509Certificate2 CreateSubordinateCA(
         }
 
         internal X509Certificate2 CreateEndEntity(string subject, RSA publicKey, X509Extension altName)
+        {
+            return CreateCertificate(
+                subject,
+                publicKey,
+                TimeSpan.FromSeconds(2),
+                s_eeConstraints,
+                s_eeKeyUsage,
+                s_tlsClientEku,
+                altName: altName);
+        }
+
+        internal X509Certificate2 CreateServerEndEntity(string subject, RSA publicKey, X509Extension altName)
         {
             return CreateCertificate(
                 subject,
@@ -841,28 +859,25 @@ internal static void BuildPrivatePki(
             string testName = null,
             bool registerAuthorities = true,
             bool pkiOptionsInSubject = false,
-            string subjectName = null)
+            string subjectName = null,
+            int keySize = DefaultKeySize)
         {
             bool rootDistributionViaHttp = !pkiOptions.HasFlag(PkiOptions.NoRootCertDistributionUri);
             bool issuerRevocationViaCrl = pkiOptions.HasFlag(PkiOptions.IssuerRevocationViaCrl);
             bool issuerRevocationViaOcsp = pkiOptions.HasFlag(PkiOptions.IssuerRevocationViaOcsp);
             bool issuerDistributionViaHttp = !pkiOptions.HasFlag(PkiOptions.NoIssuerCertDistributionUri);
             bool endEntityRevocationViaCrl = pkiOptions.HasFlag(PkiOptions.EndEntityRevocationViaCrl);
             bool endEntityRevocationViaOcsp = pkiOptions.HasFlag(PkiOptions.EndEntityRevocationViaOcsp);
+            bool endEntityIsServer = pkiOptions.HasFlag(PkiOptions.EndEntityIsServer);
 
             Assert.True(
                 issuerRevocationViaCrl || issuerRevocationViaOcsp ||
                     endEntityRevocationViaCrl || endEntityRevocationViaOcsp,
                 "At least one revocation mode is enabled");
 
-            // All keys created in this method are smaller than recommended,
-            // but they only live for a few seconds (at most),
-            // and never communicate out of process.
-            const int KeySize = 1024;
-
-            using (RSA rootKey = RSA.Create(KeySize))
-            using (RSA intermedKey = RSA.Create(KeySize))
-            using (RSA eeKey = RSA.Create(KeySize))
+            using (RSA rootKey = RSA.Create(keySize))
+            using (RSA intermedKey = RSA.Create(keySize))
+            using (RSA eeKey = RSA.Create(keySize))
             {
                 var rootReq = new CertificateRequest(
                     BuildSubject("A Revocation Test Root", testName, pkiOptions, pkiOptionsInSubject),
@@ -929,10 +944,14 @@ internal static void BuildPrivatePki(
                     altName = builder.Build();
                 }
 
-                endEntityCert = intermediateAuthority.CreateEndEntity(
-                    BuildSubject(subjectName ?? "A Revocation Test Cert", testName, pkiOptions, pkiOptionsInSubject),
-                    eeKey,
-                    altName);
+                endEntityCert = endEntityIsServer ?
+                    intermediateAuthority.CreateServerEndEntity(
+                        BuildSubject(subjectName ?? "A Revocation Test Cert", testName, pkiOptions, pkiOptionsInSubject),
+                        eeKey, altName) :
+                    intermediateAuthority.CreateEndEntity(
+                        BuildSubject(subjectName ?? "A Revocation Test Cert", testName, pkiOptions, pkiOptionsInSubject),
+                        eeKey, altName);
+
                 endEntityCert = endEntityCert.CopyWithPrivateKey(eeKey);
             }
 

diff --git a/src/libraries/System.Net.Security/tests/FunctionalTests/TestHelper.cs b/src/libraries/System.Net.Security/tests/FunctionalTests/TestHelper.cs
@@ -55,13 +55,14 @@ internal static (X509Certificate2 certificate, X509Certificate2Collection) Gener
             X509Certificate2Collection chain = new X509Certificate2Collection();
 
             CertificateAuthority.BuildPrivatePki(
-                PkiOptions.IssuerRevocationViaCrl,
+                PkiOptions.IssuerRevocationViaCrl | PkiOptions.EndEntityIsServer,
                 out RevocationResponder responder,
                 out CertificateAuthority root,
                 out CertificateAuthority intermediate,
                 out X509Certificate2 endEntity,
                 subjectName: name,
-                testName: testName);
+                testName: testName,
+                keySize: 2048);
 
             chain.Add(intermediate.CloneIssuerCert());
             chain.Add(root.CloneIssuerCert());