/** * Check if the certificates provided by a server contain Signed Certificate Timestamps from a * trusted CT log. * * @param certificates the certificate chain provided by the server * @return true if the certificates can be trusted, false otherwise. */ private bool isGood(Certificate[] certificates) { if (!(certificates[0] is X509Certificate)) { c.WriteLine(" This test only supports SCTs carried in X509 certificates, of which there are none."); return(false); } Certificate leafCertificate = certificates[0]; if (!CertificateInfo.HasEmbeddedSCT(leafCertificate)) { c.WriteLine(" This certificate does not have any Signed Certificate Timestamps in it."); return(false); } try { List <SignedCertificateTimestamp> sctsInCertificate = parseSCTsFromCert((X509Certificate)leafCertificate); if (sctsInCertificate.Count < MIN_VALID_SCTS) { c.WriteLine( " Too few SCTs are present, I want at least " + MIN_VALID_SCTS + " CT logs to vouch for this certificate."); return(false); } List <X509Certificate> certificateList = certificates.OfType <X509Certificate>().ToList();// new List<X509Certificate>(certificates); int validSctCount = 0; foreach (SignedCertificateTimestamp sct in sctsInCertificate) { string logId = Base64.ToBase64String(sct.Id.KeyId.ToByteArray()); if (verifiers.ContainsKey(logId)) { c.WriteLine(" SCT trusted log " + logId); if (verifiers[logId].VerifySignature(sct, certificateList)) { ++validSctCount; } } else { c.WriteLine(" SCT untrusted log " + logId); } } if (validSctCount < MIN_VALID_SCTS) { c.WriteLine( " Too few SCTs are present, I want at least " + MIN_VALID_SCTS + " CT logs to vouch for this certificate."); } return(validSctCount >= MIN_VALID_SCTS); } catch (IOException e) { if (VERBOSE) { e.PrintStackTrace(); } return(false); } }