public static Certificate FindIssuerCaCertificate(Certificate certificate)
{
Certificate nullCertificate = new Certificate();
Logger.log("Certificate AuthorityKeyIdentifier.keyIdentifier : ");
Logger.log(certificate.AuthorityKeyIdentifier.keyIdentifier);
CaCertificateSubjectKeyIdEntry cACertificateSubjectKeyIdEntry =
FindCaCertificateHashEntry(certificate.AuthorityKeyIdentifier.keyIdentifier);
if (cACertificateSubjectKeyIdEntry.CertificateHash == null)
{
Logger.log("Can not find CA Certificate Hash Entry with AuthorityKeyIdentifier.keyIdentifier");
return(nullCertificate);
}
CaCertificateEntry cACertificateEntry =
FindCaCertificatewithCertificateHash(cACertificateSubjectKeyIdEntry.CertificateHash);
if (cACertificateEntry.CertificateValue == null)
{
Logger.log("Can not find CA Certificate Entry with CA Certificate Hash");
return(nullCertificate);
}
if (cACertificateSubjectKeyIdEntry.IsRootCa)
{
if (!cACertificateEntry.IsTrusted)
{
Logger.log("CA Certificate is not trusted");
return(nullCertificate);
}
}
else
{
if (cACertificateEntry.IsRevoked)
{
Logger.log("CA Certificate is revoked");
return(nullCertificate);
}
}
Certificate caCertificate = CertificateParser.Parse(cACertificateEntry.CertificateValue);
if (!caCertificate.IsLoaded)
{
Logger.log("Can not parse CA Certificate value");
return(nullCertificate);
}
if (!CertificateValidator.CheckValidityPeriod(caCertificate))
{
Logger.log("Parse CA Certificate Validity is invalid");
return(nullCertificate);
}
return(caCertificate);
}
public void Should_UnTrusted_Root_Certificate_When_Any_SubCA_And_Ssl_Certificate_Is_Not_Exist()
{
string rootCertFilePath = "../../../test-data/certs/test-ca/Test-Root-CA-RSA-2048.cer";
byte[] rootCertEncoded = File.ReadAllBytes(rootCertFilePath);
byte[] rootCertDigest = DigestUtilities.CalculateDigest("SHA_256", rootCertEncoded);
byte[] requestSignature = SignUtil.generateAddTrustedRootCAOperationRequestSignature(rootCertEncoded);
bool result =
RootCaCertificateHandler.AddTrustedRootCaCertificate(rootCertDigest, rootCertEncoded, requestSignature);
Assert.True(result);
Certificate rootCertificate = CertificateParser.Parse(rootCertEncoded);
byte[] rootCACertificateEntryByte = StorageUtil.readFromStorage(rootCertDigest);
CaCertificateEntry caCertificateEntry =
(CaCertificateEntry)SerializationUtil.Deserialize(rootCACertificateEntryByte);
Assert.True(caCertificateEntry.IsTrusted);
Assert.False(caCertificateEntry.IsRevoked);
Assert.Equal(caCertificateEntry.CertificateValue, rootCertEncoded);
byte[] cACertificateSubjectKeyIdEntrySerialized =
StorageUtil.readFromStorage(rootCertificate.SubjectKeyIdentifier.keyIdentifier);
CaCertificateSubjectKeyIdEntry cACertificateSubjectKeyIdEntry =
(CaCertificateSubjectKeyIdEntry)SerializationUtil.Deserialize(
cACertificateSubjectKeyIdEntrySerialized);
Assert.True(cACertificateSubjectKeyIdEntry.IsRootCa);
Assert.Equal(cACertificateSubjectKeyIdEntry.CertificateHash, rootCertDigest);
byte[] certificateHashMapEntrySerialized =
StorageUtil.readFromStorage(CertificateStorageManager.TRUSTED_ROOT_CA_LIST_STORAGE_KEY);
CertificateHashMapEntry trustedRootCAListHashMapEntry =
(CertificateHashMapEntry)SerializationUtil.Deserialize(certificateHashMapEntrySerialized);
Assert.Equal(1, trustedRootCAListHashMapEntry.certificateHashArray.Length);
byte[] certificateHashEntrySerialized = trustedRootCAListHashMapEntry.certificateHashArray[0];
CertificateHashEntry certificateHashEntry =
(CertificateHashEntry)SerializationUtil.Deserialize(certificateHashEntrySerialized);
Assert.True(certificateHashEntry.IsCa);
Assert.Equal(rootCertDigest, certificateHashEntry.CertificateHash);
requestSignature = SignUtil.generateUntrustRootCAOperationRequestSignature(rootCertEncoded);
result = RootCaCertificateHandler.UntrustRootCaCertificate(rootCertDigest, rootCertEncoded,
requestSignature);
Assert.True(result);
rootCACertificateEntryByte = StorageUtil.readFromStorage(rootCertDigest);
caCertificateEntry = (CaCertificateEntry)SerializationUtil.Deserialize(rootCACertificateEntryByte);
Assert.False(caCertificateEntry.IsTrusted);
Assert.False(caCertificateEntry.IsRevoked);
}