Exemplo n.º 1
0
        public void Should_UnTrusted_Root_Certificate_When_Any_SubCA_And_Ssl_Certificate_Is_Not_Exist()
        {
            string rootCertFilePath = "../../../test-data/certs/test-ca/Test-Root-CA-RSA-2048.cer";

            byte[] rootCertEncoded  = File.ReadAllBytes(rootCertFilePath);
            byte[] rootCertDigest   = DigestUtilities.CalculateDigest("SHA_256", rootCertEncoded);
            byte[] requestSignature = SignUtil.generateAddTrustedRootCAOperationRequestSignature(rootCertEncoded);
            bool   result           =
                RootCaCertificateHandler.AddTrustedRootCaCertificate(rootCertDigest, rootCertEncoded, requestSignature);

            Assert.True(result);
            Certificate rootCertificate = CertificateParser.Parse(rootCertEncoded);

            byte[]             rootCACertificateEntryByte = StorageUtil.readFromStorage(rootCertDigest);
            CaCertificateEntry caCertificateEntry         =
                (CaCertificateEntry)SerializationUtil.Deserialize(rootCACertificateEntryByte);

            Assert.True(caCertificateEntry.IsTrusted);
            Assert.False(caCertificateEntry.IsRevoked);
            Assert.Equal(caCertificateEntry.CertificateValue, rootCertEncoded);

            byte[] cACertificateSubjectKeyIdEntrySerialized =
                StorageUtil.readFromStorage(rootCertificate.SubjectKeyIdentifier.keyIdentifier);
            CaCertificateSubjectKeyIdEntry cACertificateSubjectKeyIdEntry =
                (CaCertificateSubjectKeyIdEntry)SerializationUtil.Deserialize(
                    cACertificateSubjectKeyIdEntrySerialized);

            Assert.True(cACertificateSubjectKeyIdEntry.IsRootCa);
            Assert.Equal(cACertificateSubjectKeyIdEntry.CertificateHash, rootCertDigest);

            byte[] certificateHashMapEntrySerialized =
                StorageUtil.readFromStorage(CertificateStorageManager.TRUSTED_ROOT_CA_LIST_STORAGE_KEY);
            CertificateHashMapEntry trustedRootCAListHashMapEntry =
                (CertificateHashMapEntry)SerializationUtil.Deserialize(certificateHashMapEntrySerialized);

            Assert.Equal(1, trustedRootCAListHashMapEntry.certificateHashArray.Length);
            byte[] certificateHashEntrySerialized     = trustedRootCAListHashMapEntry.certificateHashArray[0];
            CertificateHashEntry certificateHashEntry =
                (CertificateHashEntry)SerializationUtil.Deserialize(certificateHashEntrySerialized);

            Assert.True(certificateHashEntry.IsCa);
            Assert.Equal(rootCertDigest, certificateHashEntry.CertificateHash);

            requestSignature = SignUtil.generateUntrustRootCAOperationRequestSignature(rootCertEncoded);
            result           = RootCaCertificateHandler.UntrustRootCaCertificate(rootCertDigest, rootCertEncoded,
                                                                                 requestSignature);
            Assert.True(result);

            rootCACertificateEntryByte = StorageUtil.readFromStorage(rootCertDigest);
            caCertificateEntry         = (CaCertificateEntry)SerializationUtil.Deserialize(rootCACertificateEntryByte);
            Assert.False(caCertificateEntry.IsTrusted);
            Assert.False(caCertificateEntry.IsRevoked);
        }
        public void Should_Revoke_SSL_Certificate_When_Request_Signed_With_Issuer_Private_Key()
        {
            {
                string rootCertFilePath = "../../../test-data/certs/test-ca/Test-Root-CA-RSA-2048.cer";
                byte[] rootCertEncoded  = File.ReadAllBytes(rootCertFilePath);
                byte[] rootCertDigest   = DigestUtilities.CalculateDigest("SHA_256", rootCertEncoded);
                byte[] requestSignature = SignUtil.generateAddTrustedRootCAOperationRequestSignature(rootCertEncoded);
                bool   result           =
                    RootCaCertificateHandler.AddTrustedRootCaCertificate(rootCertDigest, rootCertEncoded,
                                                                         requestSignature);
                Assert.True(result);
            }

            {
                string subCaCertFilePath        = "../../../test-data/certs/test-ca/Test-Sub-CA-RSA-2048.cer";
                byte[] subCaCertEncoded         = File.ReadAllBytes(subCaCertFilePath);
                byte[] subCaCertificateHash     = DigestUtilities.CalculateDigest("SHA_256", subCaCertEncoded);
                byte[] subCaAddRequestSignature = null;
                bool   result = SubCaCertificateHandler.AddSubCaCertificate(subCaCertificateHash, subCaCertEncoded,
                                                                            subCaAddRequestSignature);
                Assert.True(result);
            }

            string sSLCertFilePath = "../../../test-data/certs/test-ca/Test-SSL-RSA-2048.cer";

            byte[] sSLCertEncoded   = File.ReadAllBytes(sSLCertFilePath);
            byte[] sSLCertHash      = DigestUtilities.CalculateDigest("SHA_256", sSLCertEncoded);
            bool   sslCertAddResult = SslCertificateHandler.AddSslCertificate(sSLCertHash, sSLCertEncoded);

            Assert.True(sslCertAddResult);

            string sSLCertIssuerPkcs8PrivateKeyFilePath = "../../../test-data/certs/test-ca/Test-Sub-CA-RSA-2048.pk8";

            byte[] revokeSSLCertificateRequestSignature =
                SignUtil.generateRevokeSSLCertificateOperationRequestRSAPSSSignature(sSLCertEncoded,
                                                                                     sSLCertIssuerPkcs8PrivateKeyFilePath);

            Certificate sslCertificate             = CertificateParser.Parse(sSLCertEncoded);
            bool        revokeSSLCertificateResult = SslCertificateHandler.RevokeSslCertificate(sSLCertHash, sSLCertEncoded,
                                                                                                revokeSSLCertificateRequestSignature);

            Assert.True(revokeSSLCertificateResult);

            byte[] sSLCertificateEntryByte = StorageUtil.readFromStorage(sSLCertHash);
            EndEntityCertificateEntry sSLCertificateEntry =
                (EndEntityCertificateEntry)SerializationUtil.Deserialize(sSLCertificateEntryByte);

            Assert.True(sSLCertificateEntry.IsRevoked);
            Assert.Equal(sSLCertificateEntry.CertificateValue, sSLCertEncoded);
        }
        public void Should_Add_SSL_Certificate()
        {
            {
                string rootCertFilePath = "../../../test-data/certs/test-ca/Test-Root-CA-RSA-2048.cer";
                byte[] rootCertEncoded  = File.ReadAllBytes(rootCertFilePath);
                byte[] rootCertDigest   = DigestUtilities.CalculateDigest("SHA_256", rootCertEncoded);
                byte[] requestSignature = SignUtil.generateAddTrustedRootCAOperationRequestSignature(rootCertEncoded);
                bool   result           =
                    RootCaCertificateHandler.AddTrustedRootCaCertificate(rootCertDigest, rootCertEncoded,
                                                                         requestSignature);
                Assert.True(result);
            }

            {
                string subCaCertFilePath        = "../../../test-data/certs/test-ca/Test-Sub-CA-RSA-2048.cer";
                byte[] subCaCertEncoded         = File.ReadAllBytes(subCaCertFilePath);
                byte[] subCaCertificateHash     = DigestUtilities.CalculateDigest("SHA_256", subCaCertEncoded);
                byte[] subCaAddRequestSignature = null;
                bool   result = SubCaCertificateHandler.AddSubCaCertificate(subCaCertificateHash, subCaCertEncoded,
                                                                            subCaAddRequestSignature);
                Assert.True(result);
            }

            string sSLCertFilePath = "../../../test-data/certs/test-ca/Test-SSL-RSA-2048.cer";

            byte[] sSLCertEncoded   = File.ReadAllBytes(sSLCertFilePath);
            byte[] sSLCertHash      = DigestUtilities.CalculateDigest("SHA_256", sSLCertEncoded);
            bool   sslCertAddResult = SslCertificateHandler.AddSslCertificate(sSLCertHash, sSLCertEncoded);

            Assert.True(sslCertAddResult);
            Certificate sslCertificate = CertificateParser.Parse(sSLCertEncoded);

            byte[] sSLCertificateEntryByte = StorageUtil.readFromStorage(sSLCertHash);
            EndEntityCertificateEntry sSLCertificateEntry =
                (EndEntityCertificateEntry)SerializationUtil.Deserialize(sSLCertificateEntryByte);

            Assert.False(sSLCertificateEntry.IsRevoked);
            Assert.Equal(sSLCertificateEntry.CertificateValue, sSLCertEncoded);

            //Is Added To Issuer list
            {
                byte[] storageKey = ArrayUtil.Concat(CertificateStorageManager.ELEMENT_LIST,
                                                     sslCertificate.AuthorityKeyIdentifier.keyIdentifier);
                byte[] certHashMapEntrySerialized = StorageUtil.readFromStorage(storageKey);
                Assert.True(certHashMapEntrySerialized != null);
                CertificateHashMapEntry certHashMapEntry =
                    (CertificateHashMapEntry)SerializationUtil.Deserialize(certHashMapEntrySerialized);
                Assert.True(certHashMapEntry.certificateHashArray != null);
                Assert.True(certHashMapEntry.certificateHashArray.Length == 1);
                byte[] subjectKeyIdCertificateHashEntrySerialized     = certHashMapEntry.certificateHashArray[0];
                CertificateHashEntry subjectKeyIdCertificateHashEntry =
                    (CertificateHashEntry)SerializationUtil.Deserialize(subjectKeyIdCertificateHashEntrySerialized);
                Assert.Equal(subjectKeyIdCertificateHashEntry.CertificateHash, sSLCertHash);
                Assert.False(subjectKeyIdCertificateHashEntry.IsCa);
            }
            //Domain Name List - Common Name
            {
                byte[] certHashMapEntrySerialized =
                    StorageUtil.readFromStorage(HexUtil.HexStringToByteArray("6f6e742e696f"));
                Assert.True(certHashMapEntrySerialized != null);
                CertificateHashMapEntry certHashMapEntry =
                    (CertificateHashMapEntry)SerializationUtil.Deserialize(certHashMapEntrySerialized);
                Assert.True(certHashMapEntry.certificateHashArray != null);
                Assert.True(certHashMapEntry.certificateHashArray.Length == 1);
                byte[] subjectKeyIdCertificateHashEntrySerialized     = certHashMapEntry.certificateHashArray[0];
                CertificateHashEntry subjectKeyIdCertificateHashEntry =
                    (CertificateHashEntry)SerializationUtil.Deserialize(subjectKeyIdCertificateHashEntrySerialized);
                Assert.Equal(subjectKeyIdCertificateHashEntry.CertificateHash, sSLCertHash);
                Assert.False(subjectKeyIdCertificateHashEntry.IsCa);
            }
            //Domain Name List - Subject Alternative Name
            {
                byte[] certHashMapEntrySerialized =
                    StorageUtil.readFromStorage(HexUtil.HexStringToByteArray("7777772e6f6e742e696f"));
                Assert.True(certHashMapEntrySerialized != null);
                CertificateHashMapEntry certHashMapEntry =
                    (CertificateHashMapEntry)SerializationUtil.Deserialize(certHashMapEntrySerialized);
                Assert.True(certHashMapEntry.certificateHashArray != null);
                Assert.True(certHashMapEntry.certificateHashArray.Length == 1);
                byte[] subjectKeyIdCertificateHashEntrySerialized     = certHashMapEntry.certificateHashArray[0];
                CertificateHashEntry subjectKeyIdCertificateHashEntry =
                    (CertificateHashEntry)SerializationUtil.Deserialize(subjectKeyIdCertificateHashEntrySerialized);
                Assert.Equal(subjectKeyIdCertificateHashEntry.CertificateHash, sSLCertHash);
                Assert.False(subjectKeyIdCertificateHashEntry.IsCa);
            }
        }