public static object RevokeSSLCertificate(object[] args)
        {
            byte[] encodedCert     = (byte[])args[0];
            byte[] certificateHash = Sha256(encodedCert);
            Logger.log("Revoke SSL Certificate started");
            byte[] signature = (byte[])args[1];
            bool   result    = SslCertificateHandler.RevokeSslCertificate(certificateHash, encodedCert, signature);

            Logger.log("Revoke SSL Certificate completed");
            Logger.log("Result : ", result);
            return(result);
        }
        public void Should_Revoke_SSL_Certificate_When_Request_Signed_With_Issuer_Private_Key()
        {
            {
                string rootCertFilePath = "../../../test-data/certs/test-ca/Test-Root-CA-RSA-2048.cer";
                byte[] rootCertEncoded  = File.ReadAllBytes(rootCertFilePath);
                byte[] rootCertDigest   = DigestUtilities.CalculateDigest("SHA_256", rootCertEncoded);
                byte[] requestSignature = SignUtil.generateAddTrustedRootCAOperationRequestSignature(rootCertEncoded);
                bool   result           =
                    RootCaCertificateHandler.AddTrustedRootCaCertificate(rootCertDigest, rootCertEncoded,
                                                                         requestSignature);
                Assert.True(result);
            }

            {
                string subCaCertFilePath        = "../../../test-data/certs/test-ca/Test-Sub-CA-RSA-2048.cer";
                byte[] subCaCertEncoded         = File.ReadAllBytes(subCaCertFilePath);
                byte[] subCaCertificateHash     = DigestUtilities.CalculateDigest("SHA_256", subCaCertEncoded);
                byte[] subCaAddRequestSignature = null;
                bool   result = SubCaCertificateHandler.AddSubCaCertificate(subCaCertificateHash, subCaCertEncoded,
                                                                            subCaAddRequestSignature);
                Assert.True(result);
            }

            string sSLCertFilePath = "../../../test-data/certs/test-ca/Test-SSL-RSA-2048.cer";

            byte[] sSLCertEncoded   = File.ReadAllBytes(sSLCertFilePath);
            byte[] sSLCertHash      = DigestUtilities.CalculateDigest("SHA_256", sSLCertEncoded);
            bool   sslCertAddResult = SslCertificateHandler.AddSslCertificate(sSLCertHash, sSLCertEncoded);

            Assert.True(sslCertAddResult);

            string sSLCertIssuerPkcs8PrivateKeyFilePath = "../../../test-data/certs/test-ca/Test-Sub-CA-RSA-2048.pk8";

            byte[] revokeSSLCertificateRequestSignature =
                SignUtil.generateRevokeSSLCertificateOperationRequestRSAPSSSignature(sSLCertEncoded,
                                                                                     sSLCertIssuerPkcs8PrivateKeyFilePath);

            Certificate sslCertificate             = CertificateParser.Parse(sSLCertEncoded);
            bool        revokeSSLCertificateResult = SslCertificateHandler.RevokeSslCertificate(sSLCertHash, sSLCertEncoded,
                                                                                                revokeSSLCertificateRequestSignature);

            Assert.True(revokeSSLCertificateResult);

            byte[] sSLCertificateEntryByte = StorageUtil.readFromStorage(sSLCertHash);
            EndEntityCertificateEntry sSLCertificateEntry =
                (EndEntityCertificateEntry)SerializationUtil.Deserialize(sSLCertificateEntryByte);

            Assert.True(sSLCertificateEntry.IsRevoked);
            Assert.Equal(sSLCertificateEntry.CertificateValue, sSLCertEncoded);
        }
        public static object AddSSLCertificate(object[] args)
        {
            byte[] accountAddress = (byte[])args[0];
            Logger.log(accountAddress);
            Logger.log("Checking Account Owner with CheckWitness");
            if (!Runtime.CheckWitness(accountAddress))
            {
                Logger.log("Invalid Account or Invalid Transaction");
                return(false);
            }

            Logger.log("Checked Account Owner with CheckWitness");

            Logger.log("Checking Account Cert Credit Balance");
            if (!PaymentManager.IsAccountBalanceSufficientCertificateOperation(accountAddress))
            {
                Logger.log("Account Cert Credit is Not Sufficient for Add SSL Certificate Operation");
                return(false);
            }

            Logger.log("Checked Account Cert Credit Balance");

            byte[] encodedCert     = (byte[])args[1];
            byte[] certificateHash = Sha256(encodedCert);
            Logger.log("Adding SSL Certificate");
            bool addSslCertificateResult = SslCertificateHandler.AddSslCertificate(certificateHash, encodedCert);

            if (addSslCertificateResult)
            {
                Logger.log("Charging Fee For Certificate Operation");
                if (!PaymentManager.ChargeFeeForCertificateOperation(accountAddress))
                {
                    Logger.log("Error while charging fee for Certificate Operation");
                    return(false);
                }

                Logger.log("Charge Fee For Certificate Operation success");

                EventNotifier.NotifyNewSSLCertificateAdded(encodedCert);
            }
            else
            {
                Logger.log(
                    "Because of error in add in SSL Certificate Not Fee will be charged For Certificate Operation");
            }

            Logger.log(addSslCertificateResult);
            Logger.log("SSL Certificate process completed");
            return(addSslCertificateResult);
        }
        public void Should_Add_SSL_Certificate()
        {
            {
                string rootCertFilePath = "../../../test-data/certs/test-ca/Test-Root-CA-RSA-2048.cer";
                byte[] rootCertEncoded  = File.ReadAllBytes(rootCertFilePath);
                byte[] rootCertDigest   = DigestUtilities.CalculateDigest("SHA_256", rootCertEncoded);
                byte[] requestSignature = SignUtil.generateAddTrustedRootCAOperationRequestSignature(rootCertEncoded);
                bool   result           =
                    RootCaCertificateHandler.AddTrustedRootCaCertificate(rootCertDigest, rootCertEncoded,
                                                                         requestSignature);
                Assert.True(result);
            }

            {
                string subCaCertFilePath        = "../../../test-data/certs/test-ca/Test-Sub-CA-RSA-2048.cer";
                byte[] subCaCertEncoded         = File.ReadAllBytes(subCaCertFilePath);
                byte[] subCaCertificateHash     = DigestUtilities.CalculateDigest("SHA_256", subCaCertEncoded);
                byte[] subCaAddRequestSignature = null;
                bool   result = SubCaCertificateHandler.AddSubCaCertificate(subCaCertificateHash, subCaCertEncoded,
                                                                            subCaAddRequestSignature);
                Assert.True(result);
            }

            string sSLCertFilePath = "../../../test-data/certs/test-ca/Test-SSL-RSA-2048.cer";

            byte[] sSLCertEncoded   = File.ReadAllBytes(sSLCertFilePath);
            byte[] sSLCertHash      = DigestUtilities.CalculateDigest("SHA_256", sSLCertEncoded);
            bool   sslCertAddResult = SslCertificateHandler.AddSslCertificate(sSLCertHash, sSLCertEncoded);

            Assert.True(sslCertAddResult);
            Certificate sslCertificate = CertificateParser.Parse(sSLCertEncoded);

            byte[] sSLCertificateEntryByte = StorageUtil.readFromStorage(sSLCertHash);
            EndEntityCertificateEntry sSLCertificateEntry =
                (EndEntityCertificateEntry)SerializationUtil.Deserialize(sSLCertificateEntryByte);

            Assert.False(sSLCertificateEntry.IsRevoked);
            Assert.Equal(sSLCertificateEntry.CertificateValue, sSLCertEncoded);

            //Is Added To Issuer list
            {
                byte[] storageKey = ArrayUtil.Concat(CertificateStorageManager.ELEMENT_LIST,
                                                     sslCertificate.AuthorityKeyIdentifier.keyIdentifier);
                byte[] certHashMapEntrySerialized = StorageUtil.readFromStorage(storageKey);
                Assert.True(certHashMapEntrySerialized != null);
                CertificateHashMapEntry certHashMapEntry =
                    (CertificateHashMapEntry)SerializationUtil.Deserialize(certHashMapEntrySerialized);
                Assert.True(certHashMapEntry.certificateHashArray != null);
                Assert.True(certHashMapEntry.certificateHashArray.Length == 1);
                byte[] subjectKeyIdCertificateHashEntrySerialized     = certHashMapEntry.certificateHashArray[0];
                CertificateHashEntry subjectKeyIdCertificateHashEntry =
                    (CertificateHashEntry)SerializationUtil.Deserialize(subjectKeyIdCertificateHashEntrySerialized);
                Assert.Equal(subjectKeyIdCertificateHashEntry.CertificateHash, sSLCertHash);
                Assert.False(subjectKeyIdCertificateHashEntry.IsCa);
            }
            //Domain Name List - Common Name
            {
                byte[] certHashMapEntrySerialized =
                    StorageUtil.readFromStorage(HexUtil.HexStringToByteArray("6f6e742e696f"));
                Assert.True(certHashMapEntrySerialized != null);
                CertificateHashMapEntry certHashMapEntry =
                    (CertificateHashMapEntry)SerializationUtil.Deserialize(certHashMapEntrySerialized);
                Assert.True(certHashMapEntry.certificateHashArray != null);
                Assert.True(certHashMapEntry.certificateHashArray.Length == 1);
                byte[] subjectKeyIdCertificateHashEntrySerialized     = certHashMapEntry.certificateHashArray[0];
                CertificateHashEntry subjectKeyIdCertificateHashEntry =
                    (CertificateHashEntry)SerializationUtil.Deserialize(subjectKeyIdCertificateHashEntrySerialized);
                Assert.Equal(subjectKeyIdCertificateHashEntry.CertificateHash, sSLCertHash);
                Assert.False(subjectKeyIdCertificateHashEntry.IsCa);
            }
            //Domain Name List - Subject Alternative Name
            {
                byte[] certHashMapEntrySerialized =
                    StorageUtil.readFromStorage(HexUtil.HexStringToByteArray("7777772e6f6e742e696f"));
                Assert.True(certHashMapEntrySerialized != null);
                CertificateHashMapEntry certHashMapEntry =
                    (CertificateHashMapEntry)SerializationUtil.Deserialize(certHashMapEntrySerialized);
                Assert.True(certHashMapEntry.certificateHashArray != null);
                Assert.True(certHashMapEntry.certificateHashArray.Length == 1);
                byte[] subjectKeyIdCertificateHashEntrySerialized     = certHashMapEntry.certificateHashArray[0];
                CertificateHashEntry subjectKeyIdCertificateHashEntry =
                    (CertificateHashEntry)SerializationUtil.Deserialize(subjectKeyIdCertificateHashEntrySerialized);
                Assert.Equal(subjectKeyIdCertificateHashEntry.CertificateHash, sSLCertHash);
                Assert.False(subjectKeyIdCertificateHashEntry.IsCa);
            }
        }
Esempio n. 5
0
        public void Should_UnTrusted_Root_Certificate()
        {
            string rootCertFilePath = "../../../test-data/certs/test-ca/Test-Root-CA-RSA-2048.cer";

            byte[] rootCertEncoded  = File.ReadAllBytes(rootCertFilePath);
            byte[] rootCertDigest   = DigestUtilities.CalculateDigest("SHA_256", rootCertEncoded);
            byte[] requestSignature = SignUtil.generateAddTrustedRootCAOperationRequestSignature(rootCertEncoded);
            bool   result           =
                RootCaCertificateHandler.AddTrustedRootCaCertificate(rootCertDigest, rootCertEncoded, requestSignature);

            Assert.True(result);
            Certificate rootCertificate = CertificateParser.Parse(rootCertEncoded);

            byte[]             rootCACertificateEntryByte = StorageUtil.readFromStorage(rootCertDigest);
            CaCertificateEntry caCertificateEntry         =
                (CaCertificateEntry)SerializationUtil.Deserialize(rootCACertificateEntryByte);

            Assert.True(caCertificateEntry.IsTrusted);
            Assert.False(caCertificateEntry.IsRevoked);
            Assert.Equal(caCertificateEntry.CertificateValue, rootCertEncoded);

            byte[] cACertificateSubjectKeyIdEntrySerialized =
                StorageUtil.readFromStorage(rootCertificate.SubjectKeyIdentifier.keyIdentifier);
            CaCertificateSubjectKeyIdEntry cACertificateSubjectKeyIdEntry =
                (CaCertificateSubjectKeyIdEntry)SerializationUtil.Deserialize(
                    cACertificateSubjectKeyIdEntrySerialized);

            Assert.True(cACertificateSubjectKeyIdEntry.IsRootCa);
            Assert.Equal(cACertificateSubjectKeyIdEntry.CertificateHash, rootCertDigest);

            byte[] certificateHashMapEntrySerialized =
                StorageUtil.readFromStorage(CertificateStorageManager.TRUSTED_ROOT_CA_LIST_STORAGE_KEY);
            CertificateHashMapEntry trustedRootCAListHashMapEntry =
                (CertificateHashMapEntry)SerializationUtil.Deserialize(certificateHashMapEntrySerialized);

            Assert.Equal(1, trustedRootCAListHashMapEntry.certificateHashArray.Length);
            byte[] certificateHashEntrySerialized     = trustedRootCAListHashMapEntry.certificateHashArray[0];
            CertificateHashEntry certificateHashEntry =
                (CertificateHashEntry)SerializationUtil.Deserialize(certificateHashEntrySerialized);

            Assert.True(certificateHashEntry.IsCa);
            Assert.Equal(rootCertDigest, certificateHashEntry.CertificateHash);

            string subCaCertFilePath = "../../../test-data/certs/test-ca/Test-Sub-CA-RSA-2048.cer";

            byte[] subCaCertEncoded         = File.ReadAllBytes(subCaCertFilePath);
            byte[] subCaCertificateHash     = DigestUtilities.CalculateDigest("SHA_256", subCaCertEncoded);
            byte[] subCaAddRequestSignature = null;
            result = SubCaCertificateHandler.AddSubCaCertificate(subCaCertificateHash, subCaCertEncoded,
                                                                 subCaAddRequestSignature);
            Assert.True(result);

            string sSLCertFilePath = "../../../test-data/certs/test-ca/Test-SSL-RSA-2048.cer";

            byte[] sSLCertEncoded   = File.ReadAllBytes(sSLCertFilePath);
            byte[] sSLCertHash      = DigestUtilities.CalculateDigest("SHA_256", sSLCertEncoded);
            bool   sslCertAddResult = SslCertificateHandler.AddSslCertificate(sSLCertHash, sSLCertEncoded);

            Assert.True(sslCertAddResult);

            byte[]             subCaCertificateEntryBytes = StorageUtil.readFromStorage(subCaCertificateHash);
            CaCertificateEntry subCaCertificateEntry      =
                (CaCertificateEntry)SerializationUtil.Deserialize(subCaCertificateEntryBytes);

            Assert.False(subCaCertificateEntry.IsTrusted);
            Assert.False(subCaCertificateEntry.IsRevoked);

            byte[] endEntityCertificateEntrySerialized          = StorageUtil.readFromStorage(sSLCertHash);
            EndEntityCertificateEntry endEntityCertificateEntry =
                (EndEntityCertificateEntry)SerializationUtil.Deserialize(endEntityCertificateEntrySerialized);

            Assert.False(endEntityCertificateEntry.IsRevoked);

            requestSignature = SignUtil.generateUntrustRootCAOperationRequestSignature(rootCertEncoded);
            result           = RootCaCertificateHandler.UntrustRootCaCertificate(rootCertDigest, rootCertEncoded,
                                                                                 requestSignature);
            Assert.True(result);

            rootCACertificateEntryByte = StorageUtil.readFromStorage(rootCertDigest);
            caCertificateEntry         = (CaCertificateEntry)SerializationUtil.Deserialize(rootCACertificateEntryByte);
            Assert.False(caCertificateEntry.IsTrusted);
            Assert.False(caCertificateEntry.IsRevoked);

            subCaCertificateEntry = (CaCertificateEntry)SerializationUtil.Deserialize(rootCACertificateEntryByte);
            Assert.False(subCaCertificateEntry.IsTrusted);

            subCaCertificateEntryBytes = StorageUtil.readFromStorage(subCaCertificateHash);
            subCaCertificateEntry      = (CaCertificateEntry)SerializationUtil.Deserialize(subCaCertificateEntryBytes);
            Assert.True(subCaCertificateEntry.IsRevoked);

            endEntityCertificateEntrySerialized = StorageUtil.readFromStorage(sSLCertHash);
            endEntityCertificateEntry           =
                (EndEntityCertificateEntry)SerializationUtil.Deserialize(endEntityCertificateEntrySerialized);
            Assert.True(endEntityCertificateEntry.IsRevoked);
        }