Exemplo n.º 1
0
        // VisibleForTesting
        public void Validate(ServerCertificate certificate)
        {
            try
            {
                if (!Curve.verifySignature(TrustRoot, certificate.Certificate, certificate.Signature))
                {
                    throw new InvalidCertificateException("Signature failed");
                }

                if (REVOKED.Contains(certificate.KeyId))
                {
                    throw new InvalidCertificateException("Server certificate has been revoked");
                }
            }
            catch (InvalidKeyException e)
            {
                throw new InvalidCertificateException(e);
            }
        }
Exemplo n.º 2
0
        public SenderCertificate(byte[] serialized)
        {
            try
            {
                var wrapper = libsignalmetadata.protobuf.SenderCertificate.Parser.ParseFrom(serialized);

                if (wrapper.SignatureOneofCase != libsignalmetadata.protobuf.SenderCertificate.SignatureOneofOneofCase.Signature ||
                    wrapper.CertificateOneofCase != libsignalmetadata.protobuf.SenderCertificate.CertificateOneofOneofCase.Certificate)
                {
                    throw new InvalidCertificateException("Missing fields");
                }

                var certificate = libsignalmetadata.protobuf.SenderCertificate.Types.Certificate.Parser.ParseFrom(wrapper.Certificate);
                if (certificate.SignerOneofCase != libsignalmetadata.protobuf.SenderCertificate.Types.Certificate.SignerOneofOneofCase.Signer ||
                    certificate.IdentityKeyOneofCase != libsignalmetadata.protobuf.SenderCertificate.Types.Certificate.IdentityKeyOneofOneofCase.IdentityKey ||
                    certificate.SenderDeviceOneofCase != libsignalmetadata.protobuf.SenderCertificate.Types.Certificate.SenderDeviceOneofOneofCase.SenderDevice ||
                    certificate.ExpiresOneofCase != libsignalmetadata.protobuf.SenderCertificate.Types.Certificate.ExpiresOneofOneofCase.Expires ||
                    certificate.SenderOneofCase != libsignalmetadata.protobuf.SenderCertificate.Types.Certificate.SenderOneofOneofCase.Sender)
                {
                    throw new InvalidCertificateException("Missing fields");
                }

                Signer         = new ServerCertificate(certificate.Signer.ToByteArray());
                Key            = Curve.decodePoint(certificate.IdentityKey.ToByteArray(), 0);
                Sender         = certificate.Sender;
                SenderDeviceId = (int)certificate.SenderDevice;
                Expiration     = (long)certificate.Expires;

                Serialized  = serialized;
                Certificate = wrapper.Certificate.ToByteArray();
                Signature   = wrapper.Signature.ToByteArray();
            }
            catch (InvalidProtocolBufferException e)
            {
                throw new InvalidCertificateException(e);
            }
            catch (InvalidKeyException e)
            {
                throw new InvalidCertificateException(e);
            }
        }
Exemplo n.º 3
0
        public void Validate(SenderCertificate certificate, long validationTime)
        {
            try
            {
                ServerCertificate serverCertificate = certificate.Signer;
                Validate(serverCertificate);

                if (!Curve.verifySignature(serverCertificate.Key, certificate.Certificate, certificate.Signature))
                {
                    throw new InvalidCertificateException("Signature failed");
                }

                if (validationTime > certificate.Expiration)
                {
                    throw new InvalidCertificateException("Certificate is expired");
                }
            }
            catch (InvalidKeyException e)
            {
                throw new InvalidCertificateException(e);
            }
        }