public static bool RevokeSubCaCertificate(byte[] certificateHash, byte[] encodedCert, byte[] signature)
{
if (!CertificateStorageManager.IsSubCaCertificateAddedBefore(certificateHash))
{
return(false);
}
Certificate subCaCertificate = CertificateParser.Parse(encodedCert);
if (!subCaCertificate.IsLoaded)
{
Logger.log("Can not parse Sub CA Certificate");
return(false);
}
if (!ValidateRevokeSubCaCertificateRequestSignature(subCaCertificate, signature))
{
return(false);
}
if (!CertificateValidator.CheckValidityPeriod(subCaCertificate))
{
return(false);
}
if (!CertificateStorageManager.MarkSubCaCertificateRevokedInStorage(subCaCertificate, certificateHash))
{
return(false);
}
return(true);
}
public static bool RevokeSslCertificate(byte[] certificateHash, byte[] encodedCert, byte[] signature)
{
Logger.log("Checking SSL Certificate is added before");
if (!CertificateStorageManager.IsSSLCertificateAddedBefore(certificateHash))
{
Logger.log("SSL Certificate is not added before");
return(false);
}
Certificate sslCertificate = CertificateParser.Parse(encodedCert);
if (!sslCertificate.IsLoaded)
{
Logger.log("Can not parse SSL Certificate");
return(false);
}
if (!ValidateRevokeSslCertificateRequestSignature(sslCertificate, signature))
{
Logger.log("SSL Certificate revoke request signature is invalid");
return(false);
}
if (!CertificateStorageManager.MarkEndEntityCertificateRevokedInStorage(certificateHash))
{
Logger.log("Error while marking as remoked SSL Certificate in Storage");
return(false);
}
return(true);
}
public static bool AddSubCaCertificate(byte[] certificateHash, byte[] encodedCert, byte[] signature)
{
if (CertificateStorageManager.IsSubCaCertificateAddedBefore(certificateHash))
{
Logger.log("Sub CA Certificate is added before");
return(false);
}
Certificate subCaCertificate = CertificateParser.Parse(encodedCert);
if (!subCaCertificate.IsLoaded)
{
Logger.log("Can not parse Sub CA Certificate");
return(false);
}
if (!ValidateSubCaCertificateAddRequestSignature(subCaCertificate, signature))
{
Logger.log("Can not validate Add Sub CA Certificate request signature");
return(false);
}
if (!CertificateValidator.ValidateSubCaCertificate(subCaCertificate))
{
Logger.log("Can not validate Sub CA Certificate");
return(false);
}
CertificateStorageManager.AddSubCaCertificateToStorage(subCaCertificate, certificateHash, encodedCert);
return(true);
}
public static bool AddSslCertificate(byte[] certificateHash, byte[] encodedCert)
{
if (CertificateStorageManager.IsSSLCertificateAddedBefore(certificateHash))
{
return(false);
}
Certificate sslCertificate = CertificateParser.Parse(encodedCert);
if (!sslCertificate.IsLoaded)
{
return(false);
}
if (!CertificateValidator.CheckValidityPeriod(sslCertificate))
{
return(false);
}
if (!CertificateValidator.ValidateSslCertificateFields(sslCertificate))
{
return(false);
}
if (!CertificateChainValidator.ValidateCertificateSignatureWithChain(sslCertificate))
{
return(false);
}
CertificateStorageManager.AddEndEntityCertificateToStorage(sslCertificate, certificateHash, encodedCert);
return(true);
}
public static bool AddTrustedRootCaCertificate(byte[] certificateHash, byte[] encodedCert, byte[] signature)
{
if (!ValidateRootCaCertificateAddRequestSignature(encodedCert, signature))
{
return(false);
}
if (CertificateStorageManager.IsRootCaCertificateAddedBefore(certificateHash))
{
return(false);
}
Certificate rootCaCertificate = CertificateParser.Parse(encodedCert);
if (!rootCaCertificate.IsLoaded)
{
return(false);
}
if (!CertificateValidator.ValidateRootCaCertificate(rootCaCertificate))
{
return(false);
}
CertificateStorageManager.AddRootCaCertificateToStorage(rootCaCertificate, certificateHash, encodedCert);
return(true);
}
public static bool UntrustRootCaCertificate(byte[] certificateHash, byte[] encodedCert, byte[] signature)
{
if (!ValidateUntrustRootCaCertificateRequestSignature(encodedCert, signature))
{
Logger.log("Error while validating Untrust Root Ca Certificate Request");
return(false);
}
if (!CertificateStorageManager.IsRootCaCertificateAddedBefore(certificateHash))
{
Logger.log("Untrust error. Root CA is not added before");
return(false);
}
Certificate rootCaCertificate = CertificateParser.Parse(encodedCert);
if (!rootCaCertificate.IsLoaded)
{
Logger.log("Error while parsing encoded root CA content");
return(false);
}
CertificateStorageManager.MarkRootCaCertificateUntrustedInStorage(rootCaCertificate, certificateHash);
return(true);
}
public static object LogTrustedCAList()
{
CertificateHashEntry[] retrieveTrustedRootCaList = CertificateStorageManager.RetrieveTrustedRootCaList();
Logger.log(retrieveTrustedRootCaList.Length);
foreach (CertificateHashEntry certificateHashEntry in retrieveTrustedRootCaList)
{
Logger.log(" ");
Logger.log(certificateHashEntry.CertificateHash);
Logger.log(certificateHashEntry.IsCa);
Logger.log(" ");
}
return(true);
}
public static bool UntrustRootCaCertificate(byte[] certificateHash, byte[] encodedCert, byte[] signature)
{
if (!ValidateRootCaCertificateAddRequestSignature(encodedCert, signature))
{
return(false);
}
if (!CertificateStorageManager.IsRootCaCertificateAddedBefore(certificateHash))
{
return(false);
}
Certificate rootCaCertificate = CertificateParser.Parse(encodedCert);
CertificateStorageManager.MarkRootCaCertificateUntrustedInStorage(rootCaCertificate, certificateHash);
return(true);
}
public void ProcessPFXTest()
{
var pfxName = Environment.GetEnvironmentVariable("TEMP") + "\\test_tmp.pfx";
var pfxPwd = "test";
var testPfx = "MIII4QIBAzCCCKcGCSqGSIb3DQEHAaCCCJgEggiUMIIIkDCCA0cGCSqGSIb3DQEHBqCCAzgwggM0AgEAMIIDLQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIA8LIxLUYVCsCAggAgIIDAMjaS/s4uR/FK7lYpSBe3QamT5HUbXWiKgxRlM1NbuGpICN9JIFuejxKmumBkEoFF/Jg+5XKZGAKKdiVG72kWwsY6D8T3WUcN8If9s2HacSBbsyeZ712OoOnh9vyyqu0TtQ5Z8BOPzO2tJImd05j4hZ3t/EO35vmeMdOM5BA6SS9TJ11E2cZuc2ARQlfIquW9yrQW+FmwFuVG6aqNXZA9c4YjQHn1xifuZ8HFZsSQpuG5KZQzOTUEivMtn7Ct7UK9MAlK7nQblxtpW5iYGpWxsrfh0GXp7+8olOY3dm8iHqwyoPoXEOVjnZPxOEn2dg9oJT3TOvcO85jwM3CkeyvPkzJeStqz2n1xFipETr7WRDekK0j7Z4qDmP6VZA0B3C4+91Occ0kKJDPtsHAUTMpkyhMTZEXCbFT1R8gfiOhFeWLzd4cOsTiUSpXSk9oG68kJ3uEaP0uXUH9eNVRXeHthGlxbl71AxkeOJa4nP8Fot5ZLaXYg8CWQ4NnC4YITBMdoBiiYKNwsPCJBiEueiuEB5puO/NS+ZOO346COxtalX8a1PKShFNw3bCvaHg54jIMsrPNy0K6mpas/h4u8iBgt8whk/AGDvTDjnyI8+rDfG+DROft2cDDJJx6cCxBOMtT2PDxx3Gb51eyjVhC5iWLTX3kUXfXrBUy+LlvZR43xCZHvAF5QEbTXbrCi5xoLoBim99k2mt56IoYYuBoPhQROzg/UIoohFGOrCKE6fz/VOlftElLDwgyNoLIdrHZv/H+FxYcE8L4UmZptMRa/QCiaNTL/j7jebBA2sgFu1GJeV5tfNP4qXfgmkzKFppb33adHdbF/wmQba4cS+Yxav4EE5pCCeIX0Bimrbfrp+ygUxgKtYZXiu9wmYDrgaHuFWxPjm+vZym1+SR9V3P0sv0zC8OE1rMzvMknBY7HLhyhf3zMItMMQDRabR/IfjMLCw8RjFKxWjgRGjVrT3R2Z9LdolbFV6usttvisLDWeEZiuIIPxQ2DHWfDQYf2mHY6cxnw3jCCBUEGCSqGSIb3DQEHAaCCBTIEggUuMIIFKjCCBSYGCyqGSIb3DQEMCgECoIIE7jCCBOowHAYKKoZIhvcNAQwBAzAOBAjpUIitGHGxFQICCAAEggTItZnpR7lMzolKkmZWdF4J8rKn7nkXXKOCicCxvt2sbRuMdH7mEH7S5uM7NAYHk0bXdHe7qGHVnfuM1HNiaEqLkOp2fRPMsHisSaakObIwmocVy7rLswNLkChV6feBpncAz8LJQDXdTy69N89olpzEJiV9AI8wRSZeiJmTQJ+d+ulGIYgT/JyPFOcA7XfHnt7wvBuG0rD/AlTfQy6HW26S6Ig+OXOKNh1QCs8IaQCyFVIv4A/jxWnRQTVnf/0+I9rBN8uOpME+7IhaAAYfz13POyix9ALrBfxEOdWDDYx1U+51/L7LbMg+nCjlzwCpbqd08VPqsKXLu7K8sZJbwMRxORsLsRvdaYK392d5GyDyLmi01gYtyfCWOB/nnzZb+XHKlryTO0nl0THqV8p3PQW61kvsoRCa8COY88Gbj0Y2LstQm7ClSxXI9F9D7RRkVsA/rzUKtOMgBIQP6MyZTo4e8vgrxn1Mg/yoz/JcN+DkX1vfPl2gIq4sBP50Yx+ceLKXrjSNNqCOoQ98egtioSoRP5G9yWIiyHqjZICg5t6ftVvUYoqkEcgg4rrE1UUNTQ5bL7w2Tg7J8V1H9apKyUSybdsxoVUlHO54BchhihPvXkB8qtCx4PSeNOZF1EiZT4z7IeKLr9Kj9AYFDaN/Gli6akBJENC3sl1+fQxXc3sPYfzkCWyrCzRd2tdxWAcdqgBBOXxkm2kzQtaDj7J7N5xoMHpeqltpXdv49L04rXsjin+FhB4FNWrf9xYNAXn2vjpjCUg2CcIO+PzoIFr5avsv99dq9LLYemw1P3CnKOe5TWsWWJdDTCXsviOFssiqv6l3OdjIirwxm96sX2Z1AayvLBpGCvn2JoJkOzSE9rO9g3ramuGOi1cjwHrIGNr/G3wZn9ft4wJXpBRUcxL/xK73ZpIRga2rSrG5Se3RELy898kCYnCNNa6zcfd5/eV8d1+5WMCMW9uRh7mpVbHVND1TVcruZeXToyjNb6q9UjRIhgWUlLWCCFMbX5Md41c/RqvTuN+CvcXMzOmrjfaQk81JK0csvT121CWJtd+QSkUSgyhAYzCj7MQMurtUKJx1EZ2fXFsVo0K0mjzcwU38wKqAZfn2hkTWcp5NyATO9nJ71z1PiBY/XAQsbv3eApf4WRQTwogq8XXpbx7Hm61TseJUfilTBlMlKj5CHmZrDFhBAIzIVixzydTwHGNsoqJ+/tnkaUWyAA2+C7kvMjtat5Mj/WavT/cYP7nmm/CTETCsXazmnQFXFI0egHPx88Icf9XgW27tBsgBMb4+KJRjvlnqjztNqzs5Eh52/dXupWmgS9q0Y8IcmHbFDjpfOXz9vB24/HhBe6U2kzn4WIHq6FbZZikjoHKX2V/I1QNDpZQj5ZI6w+pdoLHokHdz9K5PD3oZIf12Y/1RxzGVPNkCfvzO94eWmGaPmbE5mmRWEcYIbT5FvL0NZyAxztlHABxGbUDiOG/qNR1h7q1UiEhVv/CIZauij+8USbG7wFtuVxo5/enPdld9E32XSLCv+TjByfbxPiHkoCw8XkSbtyBq/0KtdiJ7CX2JtK74P5Jw/i/cshMdTX6V/r439g8YESV5XTCU7kLJMzI3iSBg6/5PoC+Ckho5xpcPSBmGMSUwIwYJKoZIhvcNAQkVMRYEFNPHWcwMABpZYlB+Bl74m8ceTJwmMDEwITAJBgUrDgMCGgUABBRIYzYkD++kAMXAxtTQ9+DDCK9LKAQIAK8dKmYIyIICAggA";
byte[] data = Convert.FromBase64String(testPfx);
File.WriteAllBytes(pfxName, data);
AuthenticatedPFX aPfx = new AuthenticatedPFX(pfxName, pfxPwd);
CertificateStorageManager certMgr = new CertificateStorageManager(aPfx, true);
try {
certMgr.ProcessPFX();
} catch (Exception e) {
Console.WriteLine(e);
Assert.Fail();
}
}
public static bool AddSslCertificate(byte[] certificateHash, byte[] encodedCert)
{
Logger.log("Checking SSL Certificate is added before");
if (CertificateStorageManager.IsSSLCertificateAddedBefore(certificateHash))
{
Logger.log("SSL Certificate is added before");
return(false);
}
Logger.log("Trying to parse SSL Certificate");
Certificate sslCertificate = CertificateParser.Parse(encodedCert);
if (!sslCertificate.IsLoaded)
{
Logger.log("Can not parse SSL Certificate");
return(false);
}
Logger.log("Checking SSL Certificate Validity Period");
if (!CertificateValidator.CheckValidityPeriod(sslCertificate))
{
Logger.log("SSL Certificate validity period is invalid");
return(false);
}
Logger.log("Checking SSL Certificate Fields");
if (!CertificateValidator.ValidateSslCertificateFields(sslCertificate))
{
Logger.log("SSL Certificate Fields are invalid");
return(false);
}
Logger.log("Validating SSL Certificate With Chain");
if (!CertificateChainValidator.ValidateCertificateSignatureWithChain(sslCertificate))
{
Logger.log("Can not validate SSL Certificate Signature With Chain");
return(false);
}
Logger.log("Adding SSL Certificate To Storage");
CertificateStorageManager.AddEndEntityCertificateToStorage(sslCertificate, certificateHash, encodedCert);
return(true);
}
public static bool ReportFraud(byte[] fraudId, byte[] fakeButValidCertificateBytes,
byte[] fakeButValidCertificateHash,
byte[] signerCertificateBytes, byte[] signerCertificateBytesHash, byte[] signature)
{
Certificate fakeButValidCertificate = CertificateParser.Parse(fakeButValidCertificateBytes);
if (!fakeButValidCertificate.IsLoaded)
{
Logger.log("Can not parse Fake But Valid SSL Certificate");
return(false);
}
EndEntityCertificateEntry fakeButValidCertificateEntry =
CertificateStorageManager.RetrieveEndEntityCertificateFromStorage(fakeButValidCertificateHash);
if (fakeButValidCertificateEntry.CertificateValue == null)
{
Logger.log("Can not find Fake But Valid SSL Certificate");
return(false);
}
if (fakeButValidCertificateEntry.IsRevoked)
{
Logger.log("Fake But Valid SSL Certificate is revoked before");
return(false);
}
Certificate signerCertificate = CertificateParser.Parse(signerCertificateBytes);
if (!signerCertificate.IsLoaded)
{
Logger.log("Can not parse Signer Certificate");
return(false);
}
var signerCertificateContainFakeButValidCertificateDnsEntry =
checkDnsValues(fakeButValidCertificate, signerCertificate);
if (!signerCertificateContainFakeButValidCertificateDnsEntry)
{
Logger.log("Signer Certificate Does not contain required DNS value");
return(false);
}
Logger.log("Starting Validate Signature For Report Fraud Request");
bool signatureValidationResult =
SignatureValidator.CheckReportFraudRequestSignature(signature, fakeButValidCertificate,
signerCertificate);
if (!signatureValidationResult)
{
Logger.log("Report Fraud Request signature Invalid");
return(false);
}
Logger.log("Validated Signature For Report Fraud Request");
FraudStorageManager.AddFraudReportToStorage(fraudId, signerCertificateBytes, fakeButValidCertificateHash);
//todo: add fraud notification after log infrastructure fixed
return(true);
}
