public void Should_UnTrusted_Root_Certificate_When_Any_SubCA_And_Ssl_Certificate_Is_Not_Exist()
{
string rootCertFilePath = "../../../test-data/certs/test-ca/Test-Root-CA-RSA-2048.cer";
byte[] rootCertEncoded = File.ReadAllBytes(rootCertFilePath);
byte[] rootCertDigest = DigestUtilities.CalculateDigest("SHA_256", rootCertEncoded);
byte[] requestSignature = SignUtil.generateAddTrustedRootCAOperationRequestSignature(rootCertEncoded);
bool result =
RootCaCertificateHandler.AddTrustedRootCaCertificate(rootCertDigest, rootCertEncoded, requestSignature);
Assert.True(result);
Certificate rootCertificate = CertificateParser.Parse(rootCertEncoded);
byte[] rootCACertificateEntryByte = StorageUtil.readFromStorage(rootCertDigest);
CaCertificateEntry caCertificateEntry =
(CaCertificateEntry)SerializationUtil.Deserialize(rootCACertificateEntryByte);
Assert.True(caCertificateEntry.IsTrusted);
Assert.False(caCertificateEntry.IsRevoked);
Assert.Equal(caCertificateEntry.CertificateValue, rootCertEncoded);
byte[] cACertificateSubjectKeyIdEntrySerialized =
StorageUtil.readFromStorage(rootCertificate.SubjectKeyIdentifier.keyIdentifier);
CaCertificateSubjectKeyIdEntry cACertificateSubjectKeyIdEntry =
(CaCertificateSubjectKeyIdEntry)SerializationUtil.Deserialize(
cACertificateSubjectKeyIdEntrySerialized);
Assert.True(cACertificateSubjectKeyIdEntry.IsRootCa);
Assert.Equal(cACertificateSubjectKeyIdEntry.CertificateHash, rootCertDigest);
byte[] certificateHashMapEntrySerialized =
StorageUtil.readFromStorage(CertificateStorageManager.TRUSTED_ROOT_CA_LIST_STORAGE_KEY);
CertificateHashMapEntry trustedRootCAListHashMapEntry =
(CertificateHashMapEntry)SerializationUtil.Deserialize(certificateHashMapEntrySerialized);
Assert.Equal(1, trustedRootCAListHashMapEntry.certificateHashArray.Length);
byte[] certificateHashEntrySerialized = trustedRootCAListHashMapEntry.certificateHashArray[0];
CertificateHashEntry certificateHashEntry =
(CertificateHashEntry)SerializationUtil.Deserialize(certificateHashEntrySerialized);
Assert.True(certificateHashEntry.IsCa);
Assert.Equal(rootCertDigest, certificateHashEntry.CertificateHash);
requestSignature = SignUtil.generateUntrustRootCAOperationRequestSignature(rootCertEncoded);
result = RootCaCertificateHandler.UntrustRootCaCertificate(rootCertDigest, rootCertEncoded,
requestSignature);
Assert.True(result);
rootCACertificateEntryByte = StorageUtil.readFromStorage(rootCertDigest);
caCertificateEntry = (CaCertificateEntry)SerializationUtil.Deserialize(rootCACertificateEntryByte);
Assert.False(caCertificateEntry.IsTrusted);
Assert.False(caCertificateEntry.IsRevoked);
}
public static object UntrustRootCACertificate(object[] args)
{
byte[] encodedCert = (byte[])args[0];
byte[] certificateHash = Sha256(encodedCert);
Logger.log("Untrusting Root CA Certificate started");
byte[] requestSignature = (byte[])args[1];
bool result =
RootCaCertificateHandler.UntrustRootCaCertificate(certificateHash, encodedCert, requestSignature);
Logger.log("Untrusting Root CA Certificate completed");
Logger.log(result);
return(result);
}
