public static bool ValidateSslCertificateFields(Certificate certificate)
{
Logger.log("Validating Certificate Fields");
if (!CertificateFieldValidator.Validate(certificate))
{
Logger.log("Ssl Certificate Field validation failed");
return(false);
}
Logger.log("Validating Basic Contraints");
if (certificate.BasicConstraints.HasBasicConstraints)
{
if (certificate.BasicConstraints.IsCa)
{
Logger.log("End user certificates can not have basic constraint field with isCa flag");
return(false);
}
}
Logger.log("Validating Key Usage");
if (!ValidateSslCertificateKeyUsage(certificate))
{
Logger.log("Ssl Certificate Key Usage Flags invalid");
return(false);
}
Logger.log("Validating Extended Usage");
if (!ValidateSslCertificateExtendedKeyUsage(certificate.ExtendedKeyUsage.Oids))
{
Logger.log("Ssl Certificate Extended Key Usage Flags invalid");
return(false);
}
return(true);
}
public static bool ValidateSubCaCertificate(Certificate subCaCertificate)
{
if (!CertificateFieldValidator.Validate(subCaCertificate))
{
Logger.log("Can not validate Sub CA Certificate Fields");
return(false);
}
if (!CheckValidityPeriod(subCaCertificate))
{
Logger.log("Can not validate Sub CA Validity Period");
return(false);
}
if (!CertificateChainValidator.ValidateCertificateSignatureWithChain(subCaCertificate))
{
Logger.log("Can not validate Sub CA Signature with Issuer Certificate");
return(false);
}
return(true);
}
public static bool ValidateRootCaCertificate(Certificate rootCaCertificate)
{
if (!CertificateFieldValidator.Validate(rootCaCertificate))
{
return(false);
}
if (!CertificateSignatureValidator.ValidateSelfSignedCertificateSignature(rootCaCertificate))
{
return(false);
}
if (!CheckValidityPeriod(rootCaCertificate))
{
return(false);
}
if (!ValidateRootCaCertificateFields(rootCaCertificate))
{
return(false);
}
return(true);
}