public static object RevokeSSLCertificate(object[] args) { byte[] encodedCert = (byte[])args[0]; byte[] certificateHash = Sha256(encodedCert); Logger.log("Revoke SSL Certificate started"); byte[] signature = (byte[])args[1]; bool result = SslCertificateHandler.RevokeSslCertificate(certificateHash, encodedCert, signature); Logger.log("Revoke SSL Certificate completed"); Logger.log("Result : ", result); return(result); }
public void Should_Revoke_SSL_Certificate_When_Request_Signed_With_Issuer_Private_Key() { { string rootCertFilePath = "../../../test-data/certs/test-ca/Test-Root-CA-RSA-2048.cer"; byte[] rootCertEncoded = File.ReadAllBytes(rootCertFilePath); byte[] rootCertDigest = DigestUtilities.CalculateDigest("SHA_256", rootCertEncoded); byte[] requestSignature = SignUtil.generateAddTrustedRootCAOperationRequestSignature(rootCertEncoded); bool result = RootCaCertificateHandler.AddTrustedRootCaCertificate(rootCertDigest, rootCertEncoded, requestSignature); Assert.True(result); } { string subCaCertFilePath = "../../../test-data/certs/test-ca/Test-Sub-CA-RSA-2048.cer"; byte[] subCaCertEncoded = File.ReadAllBytes(subCaCertFilePath); byte[] subCaCertificateHash = DigestUtilities.CalculateDigest("SHA_256", subCaCertEncoded); byte[] subCaAddRequestSignature = null; bool result = SubCaCertificateHandler.AddSubCaCertificate(subCaCertificateHash, subCaCertEncoded, subCaAddRequestSignature); Assert.True(result); } string sSLCertFilePath = "../../../test-data/certs/test-ca/Test-SSL-RSA-2048.cer"; byte[] sSLCertEncoded = File.ReadAllBytes(sSLCertFilePath); byte[] sSLCertHash = DigestUtilities.CalculateDigest("SHA_256", sSLCertEncoded); bool sslCertAddResult = SslCertificateHandler.AddSslCertificate(sSLCertHash, sSLCertEncoded); Assert.True(sslCertAddResult); string sSLCertIssuerPkcs8PrivateKeyFilePath = "../../../test-data/certs/test-ca/Test-Sub-CA-RSA-2048.pk8"; byte[] revokeSSLCertificateRequestSignature = SignUtil.generateRevokeSSLCertificateOperationRequestRSAPSSSignature(sSLCertEncoded, sSLCertIssuerPkcs8PrivateKeyFilePath); Certificate sslCertificate = CertificateParser.Parse(sSLCertEncoded); bool revokeSSLCertificateResult = SslCertificateHandler.RevokeSslCertificate(sSLCertHash, sSLCertEncoded, revokeSSLCertificateRequestSignature); Assert.True(revokeSSLCertificateResult); byte[] sSLCertificateEntryByte = StorageUtil.readFromStorage(sSLCertHash); EndEntityCertificateEntry sSLCertificateEntry = (EndEntityCertificateEntry)SerializationUtil.Deserialize(sSLCertificateEntryByte); Assert.True(sSLCertificateEntry.IsRevoked); Assert.Equal(sSLCertificateEntry.CertificateValue, sSLCertEncoded); }
public static object AddSSLCertificate(object[] args) { byte[] accountAddress = (byte[])args[0]; Logger.log(accountAddress); Logger.log("Checking Account Owner with CheckWitness"); if (!Runtime.CheckWitness(accountAddress)) { Logger.log("Invalid Account or Invalid Transaction"); return(false); } Logger.log("Checked Account Owner with CheckWitness"); Logger.log("Checking Account Cert Credit Balance"); if (!PaymentManager.IsAccountBalanceSufficientCertificateOperation(accountAddress)) { Logger.log("Account Cert Credit is Not Sufficient for Add SSL Certificate Operation"); return(false); } Logger.log("Checked Account Cert Credit Balance"); byte[] encodedCert = (byte[])args[1]; byte[] certificateHash = Sha256(encodedCert); Logger.log("Adding SSL Certificate"); bool addSslCertificateResult = SslCertificateHandler.AddSslCertificate(certificateHash, encodedCert); if (addSslCertificateResult) { Logger.log("Charging Fee For Certificate Operation"); if (!PaymentManager.ChargeFeeForCertificateOperation(accountAddress)) { Logger.log("Error while charging fee for Certificate Operation"); return(false); } Logger.log("Charge Fee For Certificate Operation success"); EventNotifier.NotifyNewSSLCertificateAdded(encodedCert); } else { Logger.log( "Because of error in add in SSL Certificate Not Fee will be charged For Certificate Operation"); } Logger.log(addSslCertificateResult); Logger.log("SSL Certificate process completed"); return(addSslCertificateResult); }
public void Should_Add_SSL_Certificate() { { string rootCertFilePath = "../../../test-data/certs/test-ca/Test-Root-CA-RSA-2048.cer"; byte[] rootCertEncoded = File.ReadAllBytes(rootCertFilePath); byte[] rootCertDigest = DigestUtilities.CalculateDigest("SHA_256", rootCertEncoded); byte[] requestSignature = SignUtil.generateAddTrustedRootCAOperationRequestSignature(rootCertEncoded); bool result = RootCaCertificateHandler.AddTrustedRootCaCertificate(rootCertDigest, rootCertEncoded, requestSignature); Assert.True(result); } { string subCaCertFilePath = "../../../test-data/certs/test-ca/Test-Sub-CA-RSA-2048.cer"; byte[] subCaCertEncoded = File.ReadAllBytes(subCaCertFilePath); byte[] subCaCertificateHash = DigestUtilities.CalculateDigest("SHA_256", subCaCertEncoded); byte[] subCaAddRequestSignature = null; bool result = SubCaCertificateHandler.AddSubCaCertificate(subCaCertificateHash, subCaCertEncoded, subCaAddRequestSignature); Assert.True(result); } string sSLCertFilePath = "../../../test-data/certs/test-ca/Test-SSL-RSA-2048.cer"; byte[] sSLCertEncoded = File.ReadAllBytes(sSLCertFilePath); byte[] sSLCertHash = DigestUtilities.CalculateDigest("SHA_256", sSLCertEncoded); bool sslCertAddResult = SslCertificateHandler.AddSslCertificate(sSLCertHash, sSLCertEncoded); Assert.True(sslCertAddResult); Certificate sslCertificate = CertificateParser.Parse(sSLCertEncoded); byte[] sSLCertificateEntryByte = StorageUtil.readFromStorage(sSLCertHash); EndEntityCertificateEntry sSLCertificateEntry = (EndEntityCertificateEntry)SerializationUtil.Deserialize(sSLCertificateEntryByte); Assert.False(sSLCertificateEntry.IsRevoked); Assert.Equal(sSLCertificateEntry.CertificateValue, sSLCertEncoded); //Is Added To Issuer list { byte[] storageKey = ArrayUtil.Concat(CertificateStorageManager.ELEMENT_LIST, sslCertificate.AuthorityKeyIdentifier.keyIdentifier); byte[] certHashMapEntrySerialized = StorageUtil.readFromStorage(storageKey); Assert.True(certHashMapEntrySerialized != null); CertificateHashMapEntry certHashMapEntry = (CertificateHashMapEntry)SerializationUtil.Deserialize(certHashMapEntrySerialized); Assert.True(certHashMapEntry.certificateHashArray != null); Assert.True(certHashMapEntry.certificateHashArray.Length == 1); byte[] subjectKeyIdCertificateHashEntrySerialized = certHashMapEntry.certificateHashArray[0]; CertificateHashEntry subjectKeyIdCertificateHashEntry = (CertificateHashEntry)SerializationUtil.Deserialize(subjectKeyIdCertificateHashEntrySerialized); Assert.Equal(subjectKeyIdCertificateHashEntry.CertificateHash, sSLCertHash); Assert.False(subjectKeyIdCertificateHashEntry.IsCa); } //Domain Name List - Common Name { byte[] certHashMapEntrySerialized = StorageUtil.readFromStorage(HexUtil.HexStringToByteArray("6f6e742e696f")); Assert.True(certHashMapEntrySerialized != null); CertificateHashMapEntry certHashMapEntry = (CertificateHashMapEntry)SerializationUtil.Deserialize(certHashMapEntrySerialized); Assert.True(certHashMapEntry.certificateHashArray != null); Assert.True(certHashMapEntry.certificateHashArray.Length == 1); byte[] subjectKeyIdCertificateHashEntrySerialized = certHashMapEntry.certificateHashArray[0]; CertificateHashEntry subjectKeyIdCertificateHashEntry = (CertificateHashEntry)SerializationUtil.Deserialize(subjectKeyIdCertificateHashEntrySerialized); Assert.Equal(subjectKeyIdCertificateHashEntry.CertificateHash, sSLCertHash); Assert.False(subjectKeyIdCertificateHashEntry.IsCa); } //Domain Name List - Subject Alternative Name { byte[] certHashMapEntrySerialized = StorageUtil.readFromStorage(HexUtil.HexStringToByteArray("7777772e6f6e742e696f")); Assert.True(certHashMapEntrySerialized != null); CertificateHashMapEntry certHashMapEntry = (CertificateHashMapEntry)SerializationUtil.Deserialize(certHashMapEntrySerialized); Assert.True(certHashMapEntry.certificateHashArray != null); Assert.True(certHashMapEntry.certificateHashArray.Length == 1); byte[] subjectKeyIdCertificateHashEntrySerialized = certHashMapEntry.certificateHashArray[0]; CertificateHashEntry subjectKeyIdCertificateHashEntry = (CertificateHashEntry)SerializationUtil.Deserialize(subjectKeyIdCertificateHashEntrySerialized); Assert.Equal(subjectKeyIdCertificateHashEntry.CertificateHash, sSLCertHash); Assert.False(subjectKeyIdCertificateHashEntry.IsCa); } }
public void Should_UnTrusted_Root_Certificate() { string rootCertFilePath = "../../../test-data/certs/test-ca/Test-Root-CA-RSA-2048.cer"; byte[] rootCertEncoded = File.ReadAllBytes(rootCertFilePath); byte[] rootCertDigest = DigestUtilities.CalculateDigest("SHA_256", rootCertEncoded); byte[] requestSignature = SignUtil.generateAddTrustedRootCAOperationRequestSignature(rootCertEncoded); bool result = RootCaCertificateHandler.AddTrustedRootCaCertificate(rootCertDigest, rootCertEncoded, requestSignature); Assert.True(result); Certificate rootCertificate = CertificateParser.Parse(rootCertEncoded); byte[] rootCACertificateEntryByte = StorageUtil.readFromStorage(rootCertDigest); CaCertificateEntry caCertificateEntry = (CaCertificateEntry)SerializationUtil.Deserialize(rootCACertificateEntryByte); Assert.True(caCertificateEntry.IsTrusted); Assert.False(caCertificateEntry.IsRevoked); Assert.Equal(caCertificateEntry.CertificateValue, rootCertEncoded); byte[] cACertificateSubjectKeyIdEntrySerialized = StorageUtil.readFromStorage(rootCertificate.SubjectKeyIdentifier.keyIdentifier); CaCertificateSubjectKeyIdEntry cACertificateSubjectKeyIdEntry = (CaCertificateSubjectKeyIdEntry)SerializationUtil.Deserialize( cACertificateSubjectKeyIdEntrySerialized); Assert.True(cACertificateSubjectKeyIdEntry.IsRootCa); Assert.Equal(cACertificateSubjectKeyIdEntry.CertificateHash, rootCertDigest); byte[] certificateHashMapEntrySerialized = StorageUtil.readFromStorage(CertificateStorageManager.TRUSTED_ROOT_CA_LIST_STORAGE_KEY); CertificateHashMapEntry trustedRootCAListHashMapEntry = (CertificateHashMapEntry)SerializationUtil.Deserialize(certificateHashMapEntrySerialized); Assert.Equal(1, trustedRootCAListHashMapEntry.certificateHashArray.Length); byte[] certificateHashEntrySerialized = trustedRootCAListHashMapEntry.certificateHashArray[0]; CertificateHashEntry certificateHashEntry = (CertificateHashEntry)SerializationUtil.Deserialize(certificateHashEntrySerialized); Assert.True(certificateHashEntry.IsCa); Assert.Equal(rootCertDigest, certificateHashEntry.CertificateHash); string subCaCertFilePath = "../../../test-data/certs/test-ca/Test-Sub-CA-RSA-2048.cer"; byte[] subCaCertEncoded = File.ReadAllBytes(subCaCertFilePath); byte[] subCaCertificateHash = DigestUtilities.CalculateDigest("SHA_256", subCaCertEncoded); byte[] subCaAddRequestSignature = null; result = SubCaCertificateHandler.AddSubCaCertificate(subCaCertificateHash, subCaCertEncoded, subCaAddRequestSignature); Assert.True(result); string sSLCertFilePath = "../../../test-data/certs/test-ca/Test-SSL-RSA-2048.cer"; byte[] sSLCertEncoded = File.ReadAllBytes(sSLCertFilePath); byte[] sSLCertHash = DigestUtilities.CalculateDigest("SHA_256", sSLCertEncoded); bool sslCertAddResult = SslCertificateHandler.AddSslCertificate(sSLCertHash, sSLCertEncoded); Assert.True(sslCertAddResult); byte[] subCaCertificateEntryBytes = StorageUtil.readFromStorage(subCaCertificateHash); CaCertificateEntry subCaCertificateEntry = (CaCertificateEntry)SerializationUtil.Deserialize(subCaCertificateEntryBytes); Assert.False(subCaCertificateEntry.IsTrusted); Assert.False(subCaCertificateEntry.IsRevoked); byte[] endEntityCertificateEntrySerialized = StorageUtil.readFromStorage(sSLCertHash); EndEntityCertificateEntry endEntityCertificateEntry = (EndEntityCertificateEntry)SerializationUtil.Deserialize(endEntityCertificateEntrySerialized); Assert.False(endEntityCertificateEntry.IsRevoked); requestSignature = SignUtil.generateUntrustRootCAOperationRequestSignature(rootCertEncoded); result = RootCaCertificateHandler.UntrustRootCaCertificate(rootCertDigest, rootCertEncoded, requestSignature); Assert.True(result); rootCACertificateEntryByte = StorageUtil.readFromStorage(rootCertDigest); caCertificateEntry = (CaCertificateEntry)SerializationUtil.Deserialize(rootCACertificateEntryByte); Assert.False(caCertificateEntry.IsTrusted); Assert.False(caCertificateEntry.IsRevoked); subCaCertificateEntry = (CaCertificateEntry)SerializationUtil.Deserialize(rootCACertificateEntryByte); Assert.False(subCaCertificateEntry.IsTrusted); subCaCertificateEntryBytes = StorageUtil.readFromStorage(subCaCertificateHash); subCaCertificateEntry = (CaCertificateEntry)SerializationUtil.Deserialize(subCaCertificateEntryBytes); Assert.True(subCaCertificateEntry.IsRevoked); endEntityCertificateEntrySerialized = StorageUtil.readFromStorage(sSLCertHash); endEntityCertificateEntry = (EndEntityCertificateEntry)SerializationUtil.Deserialize(endEntityCertificateEntrySerialized); Assert.True(endEntityCertificateEntry.IsRevoked); }