public void Should_Return_False_When_Request_Signature_Is_Invalid_In_Add_Trusted_Root_Certificate()
{
string rootCertFilePath = "../../../test-data/certs/test-ca/Test-Root-CA-RSA-2048.cer";
byte[] rootCertEncoded = File.ReadAllBytes(rootCertFilePath);
byte[] rootCertDigest = DigestUtilities.CalculateDigest("SHA_256", rootCertEncoded);
byte[] requestSignature = StringUtil.StringToByteArray("InvalidSignature");
bool result = RootCaCertificateHandler.AddTrustedRootCaCertificate(rootCertDigest, rootCertEncoded, requestSignature);
Assert.False(result);
}
public void Should_UnTrusted_Root_Certificate_When_Any_SubCA_And_Ssl_Certificate_Is_Not_Exist()
{
string rootCertFilePath = "../../../test-data/certs/test-ca/Test-Root-CA-RSA-2048.cer";
byte[] rootCertEncoded = File.ReadAllBytes(rootCertFilePath);
byte[] rootCertDigest = DigestUtilities.CalculateDigest("SHA_256", rootCertEncoded);
byte[] requestSignature = SignUtil.generateAddTrustedRootCAOperationRequestSignature(rootCertEncoded);
bool result =
RootCaCertificateHandler.AddTrustedRootCaCertificate(rootCertDigest, rootCertEncoded, requestSignature);
Assert.True(result);
Certificate rootCertificate = CertificateParser.Parse(rootCertEncoded);
byte[] rootCACertificateEntryByte = StorageUtil.readFromStorage(rootCertDigest);
CaCertificateEntry caCertificateEntry =
(CaCertificateEntry)SerializationUtil.Deserialize(rootCACertificateEntryByte);
Assert.True(caCertificateEntry.IsTrusted);
Assert.False(caCertificateEntry.IsRevoked);
Assert.Equal(caCertificateEntry.CertificateValue, rootCertEncoded);
byte[] cACertificateSubjectKeyIdEntrySerialized =
StorageUtil.readFromStorage(rootCertificate.SubjectKeyIdentifier.keyIdentifier);
CaCertificateSubjectKeyIdEntry cACertificateSubjectKeyIdEntry =
(CaCertificateSubjectKeyIdEntry)SerializationUtil.Deserialize(
cACertificateSubjectKeyIdEntrySerialized);
Assert.True(cACertificateSubjectKeyIdEntry.IsRootCa);
Assert.Equal(cACertificateSubjectKeyIdEntry.CertificateHash, rootCertDigest);
byte[] certificateHashMapEntrySerialized =
StorageUtil.readFromStorage(CertificateStorageManager.TRUSTED_ROOT_CA_LIST_STORAGE_KEY);
CertificateHashMapEntry trustedRootCAListHashMapEntry =
(CertificateHashMapEntry)SerializationUtil.Deserialize(certificateHashMapEntrySerialized);
Assert.Equal(1, trustedRootCAListHashMapEntry.certificateHashArray.Length);
byte[] certificateHashEntrySerialized = trustedRootCAListHashMapEntry.certificateHashArray[0];
CertificateHashEntry certificateHashEntry =
(CertificateHashEntry)SerializationUtil.Deserialize(certificateHashEntrySerialized);
Assert.True(certificateHashEntry.IsCa);
Assert.Equal(rootCertDigest, certificateHashEntry.CertificateHash);
requestSignature = SignUtil.generateUntrustRootCAOperationRequestSignature(rootCertEncoded);
result = RootCaCertificateHandler.UntrustRootCaCertificate(rootCertDigest, rootCertEncoded,
requestSignature);
Assert.True(result);
rootCACertificateEntryByte = StorageUtil.readFromStorage(rootCertDigest);
caCertificateEntry = (CaCertificateEntry)SerializationUtil.Deserialize(rootCACertificateEntryByte);
Assert.False(caCertificateEntry.IsTrusted);
Assert.False(caCertificateEntry.IsRevoked);
}
public static object UntrustRootCACertificate(object[] args)
{
byte[] encodedCert = (byte[])args[0];
byte[] certificateHash = Sha256(encodedCert);
Logger.log("Untrusting Root CA Certificate started");
byte[] requestSignature = (byte[])args[1];
bool result =
RootCaCertificateHandler.UntrustRootCaCertificate(certificateHash, encodedCert, requestSignature);
Logger.log("Untrusting Root CA Certificate completed");
Logger.log(result);
return(result);
}
public void Should_Revoke_SSL_Certificate_When_Request_Signed_With_Issuer_Private_Key()
{
{
string rootCertFilePath = "../../../test-data/certs/test-ca/Test-Root-CA-RSA-2048.cer";
byte[] rootCertEncoded = File.ReadAllBytes(rootCertFilePath);
byte[] rootCertDigest = DigestUtilities.CalculateDigest("SHA_256", rootCertEncoded);
byte[] requestSignature = SignUtil.generateAddTrustedRootCAOperationRequestSignature(rootCertEncoded);
bool result =
RootCaCertificateHandler.AddTrustedRootCaCertificate(rootCertDigest, rootCertEncoded,
requestSignature);
Assert.True(result);
}
{
string subCaCertFilePath = "../../../test-data/certs/test-ca/Test-Sub-CA-RSA-2048.cer";
byte[] subCaCertEncoded = File.ReadAllBytes(subCaCertFilePath);
byte[] subCaCertificateHash = DigestUtilities.CalculateDigest("SHA_256", subCaCertEncoded);
byte[] subCaAddRequestSignature = null;
bool result = SubCaCertificateHandler.AddSubCaCertificate(subCaCertificateHash, subCaCertEncoded,
subCaAddRequestSignature);
Assert.True(result);
}
string sSLCertFilePath = "../../../test-data/certs/test-ca/Test-SSL-RSA-2048.cer";
byte[] sSLCertEncoded = File.ReadAllBytes(sSLCertFilePath);
byte[] sSLCertHash = DigestUtilities.CalculateDigest("SHA_256", sSLCertEncoded);
bool sslCertAddResult = SslCertificateHandler.AddSslCertificate(sSLCertHash, sSLCertEncoded);
Assert.True(sslCertAddResult);
string sSLCertIssuerPkcs8PrivateKeyFilePath = "../../../test-data/certs/test-ca/Test-Sub-CA-RSA-2048.pk8";
byte[] revokeSSLCertificateRequestSignature =
SignUtil.generateRevokeSSLCertificateOperationRequestRSAPSSSignature(sSLCertEncoded,
sSLCertIssuerPkcs8PrivateKeyFilePath);
Certificate sslCertificate = CertificateParser.Parse(sSLCertEncoded);
bool revokeSSLCertificateResult = SslCertificateHandler.RevokeSslCertificate(sSLCertHash, sSLCertEncoded,
revokeSSLCertificateRequestSignature);
Assert.True(revokeSSLCertificateResult);
byte[] sSLCertificateEntryByte = StorageUtil.readFromStorage(sSLCertHash);
EndEntityCertificateEntry sSLCertificateEntry =
(EndEntityCertificateEntry)SerializationUtil.Deserialize(sSLCertificateEntryByte);
Assert.True(sSLCertificateEntry.IsRevoked);
Assert.Equal(sSLCertificateEntry.CertificateValue, sSLCertEncoded);
}
public void Should_Add_SSL_Certificate()
{
{
string rootCertFilePath = "../../../test-data/certs/test-ca/Test-Root-CA-RSA-2048.cer";
byte[] rootCertEncoded = File.ReadAllBytes(rootCertFilePath);
byte[] rootCertDigest = DigestUtilities.CalculateDigest("SHA_256", rootCertEncoded);
byte[] requestSignature = SignUtil.generateAddTrustedRootCAOperationRequestSignature(rootCertEncoded);
bool result =
RootCaCertificateHandler.AddTrustedRootCaCertificate(rootCertDigest, rootCertEncoded,
requestSignature);
Assert.True(result);
}
{
string subCaCertFilePath = "../../../test-data/certs/test-ca/Test-Sub-CA-RSA-2048.cer";
byte[] subCaCertEncoded = File.ReadAllBytes(subCaCertFilePath);
byte[] subCaCertificateHash = DigestUtilities.CalculateDigest("SHA_256", subCaCertEncoded);
byte[] subCaAddRequestSignature = null;
bool result = SubCaCertificateHandler.AddSubCaCertificate(subCaCertificateHash, subCaCertEncoded,
subCaAddRequestSignature);
Assert.True(result);
}
string sSLCertFilePath = "../../../test-data/certs/test-ca/Test-SSL-RSA-2048.cer";
byte[] sSLCertEncoded = File.ReadAllBytes(sSLCertFilePath);
byte[] sSLCertHash = DigestUtilities.CalculateDigest("SHA_256", sSLCertEncoded);
bool sslCertAddResult = SslCertificateHandler.AddSslCertificate(sSLCertHash, sSLCertEncoded);
Assert.True(sslCertAddResult);
Certificate sslCertificate = CertificateParser.Parse(sSLCertEncoded);
byte[] sSLCertificateEntryByte = StorageUtil.readFromStorage(sSLCertHash);
EndEntityCertificateEntry sSLCertificateEntry =
(EndEntityCertificateEntry)SerializationUtil.Deserialize(sSLCertificateEntryByte);
Assert.False(sSLCertificateEntry.IsRevoked);
Assert.Equal(sSLCertificateEntry.CertificateValue, sSLCertEncoded);
//Is Added To Issuer list
{
byte[] storageKey = ArrayUtil.Concat(CertificateStorageManager.ELEMENT_LIST,
sslCertificate.AuthorityKeyIdentifier.keyIdentifier);
byte[] certHashMapEntrySerialized = StorageUtil.readFromStorage(storageKey);
Assert.True(certHashMapEntrySerialized != null);
CertificateHashMapEntry certHashMapEntry =
(CertificateHashMapEntry)SerializationUtil.Deserialize(certHashMapEntrySerialized);
Assert.True(certHashMapEntry.certificateHashArray != null);
Assert.True(certHashMapEntry.certificateHashArray.Length == 1);
byte[] subjectKeyIdCertificateHashEntrySerialized = certHashMapEntry.certificateHashArray[0];
CertificateHashEntry subjectKeyIdCertificateHashEntry =
(CertificateHashEntry)SerializationUtil.Deserialize(subjectKeyIdCertificateHashEntrySerialized);
Assert.Equal(subjectKeyIdCertificateHashEntry.CertificateHash, sSLCertHash);
Assert.False(subjectKeyIdCertificateHashEntry.IsCa);
}
//Domain Name List - Common Name
{
byte[] certHashMapEntrySerialized =
StorageUtil.readFromStorage(HexUtil.HexStringToByteArray("6f6e742e696f"));
Assert.True(certHashMapEntrySerialized != null);
CertificateHashMapEntry certHashMapEntry =
(CertificateHashMapEntry)SerializationUtil.Deserialize(certHashMapEntrySerialized);
Assert.True(certHashMapEntry.certificateHashArray != null);
Assert.True(certHashMapEntry.certificateHashArray.Length == 1);
byte[] subjectKeyIdCertificateHashEntrySerialized = certHashMapEntry.certificateHashArray[0];
CertificateHashEntry subjectKeyIdCertificateHashEntry =
(CertificateHashEntry)SerializationUtil.Deserialize(subjectKeyIdCertificateHashEntrySerialized);
Assert.Equal(subjectKeyIdCertificateHashEntry.CertificateHash, sSLCertHash);
Assert.False(subjectKeyIdCertificateHashEntry.IsCa);
}
//Domain Name List - Subject Alternative Name
{
byte[] certHashMapEntrySerialized =
StorageUtil.readFromStorage(HexUtil.HexStringToByteArray("7777772e6f6e742e696f"));
Assert.True(certHashMapEntrySerialized != null);
CertificateHashMapEntry certHashMapEntry =
(CertificateHashMapEntry)SerializationUtil.Deserialize(certHashMapEntrySerialized);
Assert.True(certHashMapEntry.certificateHashArray != null);
Assert.True(certHashMapEntry.certificateHashArray.Length == 1);
byte[] subjectKeyIdCertificateHashEntrySerialized = certHashMapEntry.certificateHashArray[0];
CertificateHashEntry subjectKeyIdCertificateHashEntry =
(CertificateHashEntry)SerializationUtil.Deserialize(subjectKeyIdCertificateHashEntrySerialized);
Assert.Equal(subjectKeyIdCertificateHashEntry.CertificateHash, sSLCertHash);
Assert.False(subjectKeyIdCertificateHashEntry.IsCa);
}
}