// VisibleForTesting public void Validate(ServerCertificate certificate) { try { if (!Curve.verifySignature(TrustRoot, certificate.Certificate, certificate.Signature)) { throw new InvalidCertificateException("Signature failed"); } if (REVOKED.Contains(certificate.KeyId)) { throw new InvalidCertificateException("Server certificate has been revoked"); } } catch (InvalidKeyException e) { throw new InvalidCertificateException(e); } }
public SenderCertificate(byte[] serialized) { try { var wrapper = libsignalmetadata.protobuf.SenderCertificate.Parser.ParseFrom(serialized); if (wrapper.SignatureOneofCase != libsignalmetadata.protobuf.SenderCertificate.SignatureOneofOneofCase.Signature || wrapper.CertificateOneofCase != libsignalmetadata.protobuf.SenderCertificate.CertificateOneofOneofCase.Certificate) { throw new InvalidCertificateException("Missing fields"); } var certificate = libsignalmetadata.protobuf.SenderCertificate.Types.Certificate.Parser.ParseFrom(wrapper.Certificate); if (certificate.SignerOneofCase != libsignalmetadata.protobuf.SenderCertificate.Types.Certificate.SignerOneofOneofCase.Signer || certificate.IdentityKeyOneofCase != libsignalmetadata.protobuf.SenderCertificate.Types.Certificate.IdentityKeyOneofOneofCase.IdentityKey || certificate.SenderDeviceOneofCase != libsignalmetadata.protobuf.SenderCertificate.Types.Certificate.SenderDeviceOneofOneofCase.SenderDevice || certificate.ExpiresOneofCase != libsignalmetadata.protobuf.SenderCertificate.Types.Certificate.ExpiresOneofOneofCase.Expires || certificate.SenderOneofCase != libsignalmetadata.protobuf.SenderCertificate.Types.Certificate.SenderOneofOneofCase.Sender) { throw new InvalidCertificateException("Missing fields"); } Signer = new ServerCertificate(certificate.Signer.ToByteArray()); Key = Curve.decodePoint(certificate.IdentityKey.ToByteArray(), 0); Sender = certificate.Sender; SenderDeviceId = (int)certificate.SenderDevice; Expiration = (long)certificate.Expires; Serialized = serialized; Certificate = wrapper.Certificate.ToByteArray(); Signature = wrapper.Signature.ToByteArray(); } catch (InvalidProtocolBufferException e) { throw new InvalidCertificateException(e); } catch (InvalidKeyException e) { throw new InvalidCertificateException(e); } }
public void Validate(SenderCertificate certificate, long validationTime) { try { ServerCertificate serverCertificate = certificate.Signer; Validate(serverCertificate); if (!Curve.verifySignature(serverCertificate.Key, certificate.Certificate, certificate.Signature)) { throw new InvalidCertificateException("Signature failed"); } if (validationTime > certificate.Expiration) { throw new InvalidCertificateException("Certificate is expired"); } } catch (InvalidKeyException e) { throw new InvalidCertificateException(e); } }