private static bool ValidateRevokeSslCertificateRequestSignature(Certificate sslCertificate, byte[] signature)
{
Logger.log("Starting Validate Revoke SSL Certificate Request Signature");
Logger.log("Request Signature");
Logger.log(signature);
Logger.log("Checking Revoke SSL Certificate Request Signature with SSL Certificate Public Key");
bool verified = SignatureValidator.CheckRevokeSSLCertificateRequestSignature(signature, sslCertificate, sslCertificate);
if (verified)
{
Logger.log("Verified Revoke SSL Certificate Request Signature with SSL Certificate Public Key");
return(true);
}
Certificate issuerCACertificate = CertificateChainValidator.FindIssuerCaCertificate(sslCertificate);
if (!issuerCACertificate.IsLoaded)
{
Logger.log("Can not find issuer certificate, so returning signature verification failed");
return(false);
}
verified = SignatureValidator.CheckRevokeSSLCertificateRequestSignature(signature, sslCertificate, issuerCACertificate);
if (verified)
{
Logger.log("Verified Revoke SSL Certificate Request Signature with SSL Certificate Issuer Public Key");
return(true);
}
Logger.log("Finished Validate Revoke SSL Certificate Request Signature. Result :", verified);
return(verified);
}
public static bool AddSslCertificate(byte[] certificateHash, byte[] encodedCert)
{
if (CertificateStorageManager.IsSSLCertificateAddedBefore(certificateHash))
{
return(false);
}
Certificate sslCertificate = CertificateParser.Parse(encodedCert);
if (!sslCertificate.IsLoaded)
{
return(false);
}
if (!CertificateValidator.CheckValidityPeriod(sslCertificate))
{
return(false);
}
if (!CertificateValidator.ValidateSslCertificateFields(sslCertificate))
{
return(false);
}
if (!CertificateChainValidator.ValidateCertificateSignatureWithChain(sslCertificate))
{
return(false);
}
CertificateStorageManager.AddEndEntityCertificateToStorage(sslCertificate, certificateHash, encodedCert);
return(true);
}
public void Valid_with_correct_root_and_intermediate()
{
//Arrange
var productionCertificate = CertificateResource.UnitTests.GetProduksjonsMottakerSertifikatOppslagstjenesten();
var certificateChainValidator = new CertificateChainValidator(CertificateChainUtility.ProduksjonsSertifikater());
//Act
var result = certificateChainValidator.Validate(productionCertificate);
//Assert
Assert.Equal(CertificateValidationType.Valid, result.Type);
Assert.Contains("et gyldig sertifikat", result.Message);
}
public void Fails_with_wrong_root_and_intermediate()
{
//Arrange
var productionCertificate = CertificateResource.UnitTests.GetProduksjonsMottakerSertifikatOppslagstjenesten();
//Act
var certificateChainValidator = new CertificateChainValidator(CertificateChainUtility.FunksjoneltTestmiljøSertifikater());
var result = certificateChainValidator.Validate(productionCertificate);
//Assert
Assert.Equal(CertificateValidationType.InvalidChain, result.Type);
Assert.Contains("blir hentet fra Certificate Store på Windows", result.Message);
}
public void Fails_with_self_signed_certificate()
{
//Arrange
var selfSignedCertificate = CertificateResource.UnitTests.GetEnhetstesterSelvsignertSertifikat();
var certificateChainValidator = new CertificateChainValidator(CertificateChainUtility.ProduksjonsSertifikater());
//Act
var result = certificateChainValidator.Validate(selfSignedCertificate);
//Assert
Assert.Equal(CertificateValidationType.InvalidChain, result.Type);
Assert.Contains("sertifikatet er selvsignert", result.Message);
}
/// <summary>
/// Oppretter en ny instanse av responsvalidatoren.
/// </summary>
/// <param name="sentMessage">Soap meldingen som har blitt sendt til meldingsformidleren.</param>
/// <param name="responseMessage">
/// Et soap dokument i tekstform. Dette er svaret som har blitt motatt fra meldingsformidleren ved en
/// forsendelse av brev eller kvittering.
/// </param>
/// <param name="certificateChainValidator"></param>
public ResponseValidator(XmlDocument sentMessage, XmlDocument responseMessage, CertificateChainValidator certificateChainValidator)
{
ResponseMessage = responseMessage;
SentMessage = sentMessage;
CertificateChainValidator = certificateChainValidator;
_nsMgr = new XmlNamespaceManager(ResponseMessage.NameTable);
_nsMgr.AddNamespace("env", NavneromUtility.SoapEnvelopeEnv12);
_nsMgr.AddNamespace("wsse", NavneromUtility.WssecuritySecext10);
_nsMgr.AddNamespace("ds", NavneromUtility.XmlDsig);
_nsMgr.AddNamespace("eb", NavneromUtility.EbXmlCore);
_nsMgr.AddNamespace("wsu", NavneromUtility.WssecurityUtility10);
_nsMgr.AddNamespace("ebbp", NavneromUtility.EbppSignals);
_nsMgr.AddNamespace("sbd", NavneromUtility.StandardBusinessDocumentHeader);
_nsMgr.AddNamespace("difi", NavneromUtility.DifiSdpSchema10);
}
public static bool AddSslCertificate(byte[] certificateHash, byte[] encodedCert)
{
Logger.log("Checking SSL Certificate is added before");
if (CertificateStorageManager.IsSSLCertificateAddedBefore(certificateHash))
{
Logger.log("SSL Certificate is added before");
return(false);
}
Logger.log("Trying to parse SSL Certificate");
Certificate sslCertificate = CertificateParser.Parse(encodedCert);
if (!sslCertificate.IsLoaded)
{
Logger.log("Can not parse SSL Certificate");
return(false);
}
Logger.log("Checking SSL Certificate Validity Period");
if (!CertificateValidator.CheckValidityPeriod(sslCertificate))
{
Logger.log("SSL Certificate validity period is invalid");
return(false);
}
Logger.log("Checking SSL Certificate Fields");
if (!CertificateValidator.ValidateSslCertificateFields(sslCertificate))
{
Logger.log("SSL Certificate Fields are invalid");
return(false);
}
Logger.log("Validating SSL Certificate With Chain");
if (!CertificateChainValidator.ValidateCertificateSignatureWithChain(sslCertificate))
{
Logger.log("Can not validate SSL Certificate Signature With Chain");
return(false);
}
Logger.log("Adding SSL Certificate To Storage");
CertificateStorageManager.AddEndEntityCertificateToStorage(sslCertificate, certificateHash, encodedCert);
return(true);
}
private Miljø(Uri url, CertificateChainValidator certificateChainValidator)
{
CertificateChainValidator = certificateChainValidator;
Url = url;
}
