public static bool RevokeSubCaCertificate(byte[] certificateHash, byte[] encodedCert, byte[] signature) { if (!CertificateStorageManager.IsSubCaCertificateAddedBefore(certificateHash)) { return(false); } Certificate subCaCertificate = CertificateParser.Parse(encodedCert); if (!subCaCertificate.IsLoaded) { Logger.log("Can not parse Sub CA Certificate"); return(false); } if (!ValidateRevokeSubCaCertificateRequestSignature(subCaCertificate, signature)) { return(false); } if (!CertificateValidator.CheckValidityPeriod(subCaCertificate)) { return(false); } if (!CertificateStorageManager.MarkSubCaCertificateRevokedInStorage(subCaCertificate, certificateHash)) { return(false); } return(true); }
public static bool AddSslCertificate(byte[] certificateHash, byte[] encodedCert) { if (CertificateStorageManager.IsSSLCertificateAddedBefore(certificateHash)) { return(false); } Certificate sslCertificate = CertificateParser.Parse(encodedCert); if (!sslCertificate.IsLoaded) { return(false); } if (!CertificateValidator.CheckValidityPeriod(sslCertificate)) { return(false); } if (!CertificateValidator.ValidateSslCertificateFields(sslCertificate)) { return(false); } if (!CertificateChainValidator.ValidateCertificateSignatureWithChain(sslCertificate)) { return(false); } CertificateStorageManager.AddEndEntityCertificateToStorage(sslCertificate, certificateHash, encodedCert); return(true); }
public static Certificate FindIssuerCaCertificate(Certificate certificate) { Certificate nullCertificate = new Certificate(); Logger.log("Certificate AuthorityKeyIdentifier.keyIdentifier : "); Logger.log(certificate.AuthorityKeyIdentifier.keyIdentifier); CaCertificateSubjectKeyIdEntry cACertificateSubjectKeyIdEntry = FindCaCertificateHashEntry(certificate.AuthorityKeyIdentifier.keyIdentifier); if (cACertificateSubjectKeyIdEntry.CertificateHash == null) { Logger.log("Can not find CA Certificate Hash Entry with AuthorityKeyIdentifier.keyIdentifier"); return(nullCertificate); } CaCertificateEntry cACertificateEntry = FindCaCertificatewithCertificateHash(cACertificateSubjectKeyIdEntry.CertificateHash); if (cACertificateEntry.CertificateValue == null) { Logger.log("Can not find CA Certificate Entry with CA Certificate Hash"); return(nullCertificate); } if (cACertificateSubjectKeyIdEntry.IsRootCa) { if (!cACertificateEntry.IsTrusted) { Logger.log("CA Certificate is not trusted"); return(nullCertificate); } } else { if (cACertificateEntry.IsRevoked) { Logger.log("CA Certificate is revoked"); return(nullCertificate); } } Certificate caCertificate = CertificateParser.Parse(cACertificateEntry.CertificateValue); if (!caCertificate.IsLoaded) { Logger.log("Can not parse CA Certificate value"); return(nullCertificate); } if (!CertificateValidator.CheckValidityPeriod(caCertificate)) { Logger.log("Parse CA Certificate Validity is invalid"); return(nullCertificate); } return(caCertificate); }
public static bool AddSslCertificate(byte[] certificateHash, byte[] encodedCert) { Logger.log("Checking SSL Certificate is added before"); if (CertificateStorageManager.IsSSLCertificateAddedBefore(certificateHash)) { Logger.log("SSL Certificate is added before"); return(false); } Logger.log("Trying to parse SSL Certificate"); Certificate sslCertificate = CertificateParser.Parse(encodedCert); if (!sslCertificate.IsLoaded) { Logger.log("Can not parse SSL Certificate"); return(false); } Logger.log("Checking SSL Certificate Validity Period"); if (!CertificateValidator.CheckValidityPeriod(sslCertificate)) { Logger.log("SSL Certificate validity period is invalid"); return(false); } Logger.log("Checking SSL Certificate Fields"); if (!CertificateValidator.ValidateSslCertificateFields(sslCertificate)) { Logger.log("SSL Certificate Fields are invalid"); return(false); } Logger.log("Validating SSL Certificate With Chain"); if (!CertificateChainValidator.ValidateCertificateSignatureWithChain(sslCertificate)) { Logger.log("Can not validate SSL Certificate Signature With Chain"); return(false); } Logger.log("Adding SSL Certificate To Storage"); CertificateStorageManager.AddEndEntityCertificateToStorage(sslCertificate, certificateHash, encodedCert); return(true); }