private static void AddCaCertificateToStorage(Certificate certificate, byte[] certificateHash, byte[] encodedCert, bool isRootCA)
{
CaCertificateEntry caCertificateEntry = new CaCertificateEntry();
caCertificateEntry.CertificateValue = encodedCert;
if (isRootCA)
{
caCertificateEntry.IsTrusted = true;
caCertificateEntry.IsRevoked = false;
}
else
{
caCertificateEntry.IsTrusted = false;
caCertificateEntry.IsRevoked = false;
}
byte[] caCertificateEntrySerialized = SerializationUtil.Serialize(caCertificateEntry);
StorageUtil.saveToStorage(certificateHash, caCertificateEntrySerialized);
CaCertificateSubjectKeyIdEntry cACertificateSubjectKeyIdEntry = new CaCertificateSubjectKeyIdEntry();
cACertificateSubjectKeyIdEntry.CertificateHash = certificateHash;
cACertificateSubjectKeyIdEntry.IsRootCa = isRootCA;
byte[] cACertificateSubjectKeyIdEntrySerialized = SerializationUtil.Serialize(cACertificateSubjectKeyIdEntry);
StorageUtil.saveToStorage(certificate.SubjectKeyIdentifier.keyIdentifier, cACertificateSubjectKeyIdEntrySerialized);
}
public static void MarkRootCaCertificateUntrustedInStorage(Certificate rootCACertificate, byte[] certificateHash)
{
byte[] cACertificateEntrySerialized = StorageUtil.readFromStorage(certificateHash);
CaCertificateEntry cACertificateEntry = (CaCertificateEntry)SerializationUtil.Deserialize(cACertificateEntrySerialized);
cACertificateEntry.IsTrusted = false;
cACertificateEntrySerialized = SerializationUtil.Serialize(cACertificateEntry);
StorageUtil.saveToStorage(certificateHash, cACertificateEntrySerialized);
MarkAllCertificatesAsRevokedForCa(rootCACertificate);
}
public static bool MarkSubCaCertificateRevokedInStore(Certificate subCACertificate, byte[] certificateHash)
{
byte[] cACertificateEntrySerialized = StorageUtil.readFromStorage(certificateHash);
CaCertificateEntry cACertificateEntry = (CaCertificateEntry)SerializationUtil.Deserialize(cACertificateEntrySerialized);
if (cACertificateEntry.IsRevoked || cACertificateEntry.IsTrusted)
{
return(false);
}
cACertificateEntry.IsRevoked = true;
cACertificateEntrySerialized = SerializationUtil.Serialize(cACertificateEntry);
StorageUtil.saveToStorage(certificateHash, cACertificateEntrySerialized);
MarkAllCertificatesAsRevokedForCa(subCACertificate);
return(true);
}
private static Certificate FindIssuerCaCertificate(Certificate certificate)
{
Certificate nullCertificate = new Certificate();
CaCertificateSubjectKeyIdEntry cACertificateSubjectKeyIdEntry = FindCaCertificateHashEntry(certificate.AuthorityKeyIdentifier.keyIdentifier);
if (cACertificateSubjectKeyIdEntry.CertificateHash == null)
{
return(nullCertificate);
}
CaCertificateEntry cACertificateEntry = FindCaCertificatewithCertificateHash(cACertificateSubjectKeyIdEntry.CertificateHash);
if (cACertificateEntry.CertificateValue == null)
{
return(nullCertificate);
}
if (cACertificateSubjectKeyIdEntry.IsRootCa)
{
if (!cACertificateEntry.IsTrusted)
{
return(nullCertificate);
}
}
else
{
if (cACertificateEntry.IsRevoked)
{
return(nullCertificate);
}
}
Certificate caCertificate = CertificateParser.Parse(cACertificateEntry.CertificateValue);
if (!caCertificate.IsLoaded)
{
return(nullCertificate);
}
if (!CertificateValidator.CheckValidityPeriod(caCertificate))
{
return(nullCertificate);
}
return(caCertificate);
}