public static bool RevokeSubCaCertificate(byte[] certificateHash, byte[] encodedCert, byte[] signature)
{
if (!CertificateStorageManager.IsSubCaCertificateAddedBefore(certificateHash))
{
return(false);
}
Certificate subCaCertificate = CertificateParser.Parse(encodedCert);
if (!subCaCertificate.IsLoaded)
{
Logger.log("Can not parse Sub CA Certificate");
return(false);
}
if (!ValidateRevokeSubCaCertificateRequestSignature(subCaCertificate, signature))
{
return(false);
}
if (!CertificateValidator.CheckValidityPeriod(subCaCertificate))
{
return(false);
}
if (!CertificateStorageManager.MarkSubCaCertificateRevokedInStorage(subCaCertificate, certificateHash))
{
return(false);
}
return(true);
}
public static bool AddSslCertificate(byte[] certificateHash, byte[] encodedCert)
{
if (CertificateStorageManager.IsSSLCertificateAddedBefore(certificateHash))
{
return(false);
}
Certificate sslCertificate = CertificateParser.Parse(encodedCert);
if (!sslCertificate.IsLoaded)
{
return(false);
}
if (!CertificateValidator.CheckValidityPeriod(sslCertificate))
{
return(false);
}
if (!CertificateValidator.ValidateSslCertificateFields(sslCertificate))
{
return(false);
}
if (!CertificateChainValidator.ValidateCertificateSignatureWithChain(sslCertificate))
{
return(false);
}
CertificateStorageManager.AddEndEntityCertificateToStorage(sslCertificate, certificateHash, encodedCert);
return(true);
}
public static Certificate FindIssuerCaCertificate(Certificate certificate)
{
Certificate nullCertificate = new Certificate();
Logger.log("Certificate AuthorityKeyIdentifier.keyIdentifier : ");
Logger.log(certificate.AuthorityKeyIdentifier.keyIdentifier);
CaCertificateSubjectKeyIdEntry cACertificateSubjectKeyIdEntry =
FindCaCertificateHashEntry(certificate.AuthorityKeyIdentifier.keyIdentifier);
if (cACertificateSubjectKeyIdEntry.CertificateHash == null)
{
Logger.log("Can not find CA Certificate Hash Entry with AuthorityKeyIdentifier.keyIdentifier");
return(nullCertificate);
}
CaCertificateEntry cACertificateEntry =
FindCaCertificatewithCertificateHash(cACertificateSubjectKeyIdEntry.CertificateHash);
if (cACertificateEntry.CertificateValue == null)
{
Logger.log("Can not find CA Certificate Entry with CA Certificate Hash");
return(nullCertificate);
}
if (cACertificateSubjectKeyIdEntry.IsRootCa)
{
if (!cACertificateEntry.IsTrusted)
{
Logger.log("CA Certificate is not trusted");
return(nullCertificate);
}
}
else
{
if (cACertificateEntry.IsRevoked)
{
Logger.log("CA Certificate is revoked");
return(nullCertificate);
}
}
Certificate caCertificate = CertificateParser.Parse(cACertificateEntry.CertificateValue);
if (!caCertificate.IsLoaded)
{
Logger.log("Can not parse CA Certificate value");
return(nullCertificate);
}
if (!CertificateValidator.CheckValidityPeriod(caCertificate))
{
Logger.log("Parse CA Certificate Validity is invalid");
return(nullCertificate);
}
return(caCertificate);
}
public static bool AddSslCertificate(byte[] certificateHash, byte[] encodedCert)
{
Logger.log("Checking SSL Certificate is added before");
if (CertificateStorageManager.IsSSLCertificateAddedBefore(certificateHash))
{
Logger.log("SSL Certificate is added before");
return(false);
}
Logger.log("Trying to parse SSL Certificate");
Certificate sslCertificate = CertificateParser.Parse(encodedCert);
if (!sslCertificate.IsLoaded)
{
Logger.log("Can not parse SSL Certificate");
return(false);
}
Logger.log("Checking SSL Certificate Validity Period");
if (!CertificateValidator.CheckValidityPeriod(sslCertificate))
{
Logger.log("SSL Certificate validity period is invalid");
return(false);
}
Logger.log("Checking SSL Certificate Fields");
if (!CertificateValidator.ValidateSslCertificateFields(sslCertificate))
{
Logger.log("SSL Certificate Fields are invalid");
return(false);
}
Logger.log("Validating SSL Certificate With Chain");
if (!CertificateChainValidator.ValidateCertificateSignatureWithChain(sslCertificate))
{
Logger.log("Can not validate SSL Certificate Signature With Chain");
return(false);
}
Logger.log("Adding SSL Certificate To Storage");
CertificateStorageManager.AddEndEntityCertificateToStorage(sslCertificate, certificateHash, encodedCert);
return(true);
}
