private static bool ValidateRevokeSslCertificateRequestSignature(Certificate sslCertificate, byte[] signature) { Logger.log("Starting Validate Revoke SSL Certificate Request Signature"); Logger.log("Request Signature"); Logger.log(signature); Logger.log("Checking Revoke SSL Certificate Request Signature with SSL Certificate Public Key"); bool verified = SignatureValidator.CheckRevokeSSLCertificateRequestSignature(signature, sslCertificate, sslCertificate); if (verified) { Logger.log("Verified Revoke SSL Certificate Request Signature with SSL Certificate Public Key"); return(true); } Certificate issuerCACertificate = CertificateChainValidator.FindIssuerCaCertificate(sslCertificate); if (!issuerCACertificate.IsLoaded) { Logger.log("Can not find issuer certificate, so returning signature verification failed"); return(false); } verified = SignatureValidator.CheckRevokeSSLCertificateRequestSignature(signature, sslCertificate, issuerCACertificate); if (verified) { Logger.log("Verified Revoke SSL Certificate Request Signature with SSL Certificate Issuer Public Key"); return(true); } Logger.log("Finished Validate Revoke SSL Certificate Request Signature. Result :", verified); return(verified); }
public static bool AddSslCertificate(byte[] certificateHash, byte[] encodedCert) { if (CertificateStorageManager.IsSSLCertificateAddedBefore(certificateHash)) { return(false); } Certificate sslCertificate = CertificateParser.Parse(encodedCert); if (!sslCertificate.IsLoaded) { return(false); } if (!CertificateValidator.CheckValidityPeriod(sslCertificate)) { return(false); } if (!CertificateValidator.ValidateSslCertificateFields(sslCertificate)) { return(false); } if (!CertificateChainValidator.ValidateCertificateSignatureWithChain(sslCertificate)) { return(false); } CertificateStorageManager.AddEndEntityCertificateToStorage(sslCertificate, certificateHash, encodedCert); return(true); }
public void Valid_with_correct_root_and_intermediate() { //Arrange var productionCertificate = CertificateResource.UnitTests.GetProduksjonsMottakerSertifikatOppslagstjenesten(); var certificateChainValidator = new CertificateChainValidator(CertificateChainUtility.ProduksjonsSertifikater()); //Act var result = certificateChainValidator.Validate(productionCertificate); //Assert Assert.Equal(CertificateValidationType.Valid, result.Type); Assert.Contains("et gyldig sertifikat", result.Message); }
public void Fails_with_wrong_root_and_intermediate() { //Arrange var productionCertificate = CertificateResource.UnitTests.GetProduksjonsMottakerSertifikatOppslagstjenesten(); //Act var certificateChainValidator = new CertificateChainValidator(CertificateChainUtility.FunksjoneltTestmiljøSertifikater()); var result = certificateChainValidator.Validate(productionCertificate); //Assert Assert.Equal(CertificateValidationType.InvalidChain, result.Type); Assert.Contains("blir hentet fra Certificate Store på Windows", result.Message); }
public void Fails_with_self_signed_certificate() { //Arrange var selfSignedCertificate = CertificateResource.UnitTests.GetEnhetstesterSelvsignertSertifikat(); var certificateChainValidator = new CertificateChainValidator(CertificateChainUtility.ProduksjonsSertifikater()); //Act var result = certificateChainValidator.Validate(selfSignedCertificate); //Assert Assert.Equal(CertificateValidationType.InvalidChain, result.Type); Assert.Contains("sertifikatet er selvsignert", result.Message); }
/// <summary> /// Oppretter en ny instanse av responsvalidatoren. /// </summary> /// <param name="sentMessage">Soap meldingen som har blitt sendt til meldingsformidleren.</param> /// <param name="responseMessage"> /// Et soap dokument i tekstform. Dette er svaret som har blitt motatt fra meldingsformidleren ved en /// forsendelse av brev eller kvittering. /// </param> /// <param name="certificateChainValidator"></param> public ResponseValidator(XmlDocument sentMessage, XmlDocument responseMessage, CertificateChainValidator certificateChainValidator) { ResponseMessage = responseMessage; SentMessage = sentMessage; CertificateChainValidator = certificateChainValidator; _nsMgr = new XmlNamespaceManager(ResponseMessage.NameTable); _nsMgr.AddNamespace("env", NavneromUtility.SoapEnvelopeEnv12); _nsMgr.AddNamespace("wsse", NavneromUtility.WssecuritySecext10); _nsMgr.AddNamespace("ds", NavneromUtility.XmlDsig); _nsMgr.AddNamespace("eb", NavneromUtility.EbXmlCore); _nsMgr.AddNamespace("wsu", NavneromUtility.WssecurityUtility10); _nsMgr.AddNamespace("ebbp", NavneromUtility.EbppSignals); _nsMgr.AddNamespace("sbd", NavneromUtility.StandardBusinessDocumentHeader); _nsMgr.AddNamespace("difi", NavneromUtility.DifiSdpSchema10); }
public static bool AddSslCertificate(byte[] certificateHash, byte[] encodedCert) { Logger.log("Checking SSL Certificate is added before"); if (CertificateStorageManager.IsSSLCertificateAddedBefore(certificateHash)) { Logger.log("SSL Certificate is added before"); return(false); } Logger.log("Trying to parse SSL Certificate"); Certificate sslCertificate = CertificateParser.Parse(encodedCert); if (!sslCertificate.IsLoaded) { Logger.log("Can not parse SSL Certificate"); return(false); } Logger.log("Checking SSL Certificate Validity Period"); if (!CertificateValidator.CheckValidityPeriod(sslCertificate)) { Logger.log("SSL Certificate validity period is invalid"); return(false); } Logger.log("Checking SSL Certificate Fields"); if (!CertificateValidator.ValidateSslCertificateFields(sslCertificate)) { Logger.log("SSL Certificate Fields are invalid"); return(false); } Logger.log("Validating SSL Certificate With Chain"); if (!CertificateChainValidator.ValidateCertificateSignatureWithChain(sslCertificate)) { Logger.log("Can not validate SSL Certificate Signature With Chain"); return(false); } Logger.log("Adding SSL Certificate To Storage"); CertificateStorageManager.AddEndEntityCertificateToStorage(sslCertificate, certificateHash, encodedCert); return(true); }
private Miljø(Uri url, CertificateChainValidator certificateChainValidator) { CertificateChainValidator = certificateChainValidator; Url = url; }