Пример #1
0
        public static Certificate FindIssuerCaCertificate(Certificate certificate)
        {
            Certificate nullCertificate = new Certificate();

            Logger.log("Certificate AuthorityKeyIdentifier.keyIdentifier : ");
            Logger.log(certificate.AuthorityKeyIdentifier.keyIdentifier);
            CaCertificateSubjectKeyIdEntry cACertificateSubjectKeyIdEntry =
                FindCaCertificateHashEntry(certificate.AuthorityKeyIdentifier.keyIdentifier);

            if (cACertificateSubjectKeyIdEntry.CertificateHash == null)
            {
                Logger.log("Can not find CA Certificate Hash Entry with AuthorityKeyIdentifier.keyIdentifier");
                return(nullCertificate);
            }

            CaCertificateEntry cACertificateEntry =
                FindCaCertificatewithCertificateHash(cACertificateSubjectKeyIdEntry.CertificateHash);

            if (cACertificateEntry.CertificateValue == null)
            {
                Logger.log("Can not find CA Certificate Entry with CA Certificate Hash");
                return(nullCertificate);
            }

            if (cACertificateSubjectKeyIdEntry.IsRootCa)
            {
                if (!cACertificateEntry.IsTrusted)
                {
                    Logger.log("CA Certificate is not trusted");
                    return(nullCertificate);
                }
            }
            else
            {
                if (cACertificateEntry.IsRevoked)
                {
                    Logger.log("CA Certificate is revoked");
                    return(nullCertificate);
                }
            }

            Certificate caCertificate = CertificateParser.Parse(cACertificateEntry.CertificateValue);

            if (!caCertificate.IsLoaded)
            {
                Logger.log("Can not parse CA Certificate value");
                return(nullCertificate);
            }

            if (!CertificateValidator.CheckValidityPeriod(caCertificate))
            {
                Logger.log("Parse CA Certificate Validity is invalid");
                return(nullCertificate);
            }

            return(caCertificate);
        }
Пример #2
0
        public void Should_UnTrusted_Root_Certificate_When_Any_SubCA_And_Ssl_Certificate_Is_Not_Exist()
        {
            string rootCertFilePath = "../../../test-data/certs/test-ca/Test-Root-CA-RSA-2048.cer";

            byte[] rootCertEncoded  = File.ReadAllBytes(rootCertFilePath);
            byte[] rootCertDigest   = DigestUtilities.CalculateDigest("SHA_256", rootCertEncoded);
            byte[] requestSignature = SignUtil.generateAddTrustedRootCAOperationRequestSignature(rootCertEncoded);
            bool   result           =
                RootCaCertificateHandler.AddTrustedRootCaCertificate(rootCertDigest, rootCertEncoded, requestSignature);

            Assert.True(result);
            Certificate rootCertificate = CertificateParser.Parse(rootCertEncoded);

            byte[]             rootCACertificateEntryByte = StorageUtil.readFromStorage(rootCertDigest);
            CaCertificateEntry caCertificateEntry         =
                (CaCertificateEntry)SerializationUtil.Deserialize(rootCACertificateEntryByte);

            Assert.True(caCertificateEntry.IsTrusted);
            Assert.False(caCertificateEntry.IsRevoked);
            Assert.Equal(caCertificateEntry.CertificateValue, rootCertEncoded);

            byte[] cACertificateSubjectKeyIdEntrySerialized =
                StorageUtil.readFromStorage(rootCertificate.SubjectKeyIdentifier.keyIdentifier);
            CaCertificateSubjectKeyIdEntry cACertificateSubjectKeyIdEntry =
                (CaCertificateSubjectKeyIdEntry)SerializationUtil.Deserialize(
                    cACertificateSubjectKeyIdEntrySerialized);

            Assert.True(cACertificateSubjectKeyIdEntry.IsRootCa);
            Assert.Equal(cACertificateSubjectKeyIdEntry.CertificateHash, rootCertDigest);

            byte[] certificateHashMapEntrySerialized =
                StorageUtil.readFromStorage(CertificateStorageManager.TRUSTED_ROOT_CA_LIST_STORAGE_KEY);
            CertificateHashMapEntry trustedRootCAListHashMapEntry =
                (CertificateHashMapEntry)SerializationUtil.Deserialize(certificateHashMapEntrySerialized);

            Assert.Equal(1, trustedRootCAListHashMapEntry.certificateHashArray.Length);
            byte[] certificateHashEntrySerialized     = trustedRootCAListHashMapEntry.certificateHashArray[0];
            CertificateHashEntry certificateHashEntry =
                (CertificateHashEntry)SerializationUtil.Deserialize(certificateHashEntrySerialized);

            Assert.True(certificateHashEntry.IsCa);
            Assert.Equal(rootCertDigest, certificateHashEntry.CertificateHash);

            requestSignature = SignUtil.generateUntrustRootCAOperationRequestSignature(rootCertEncoded);
            result           = RootCaCertificateHandler.UntrustRootCaCertificate(rootCertDigest, rootCertEncoded,
                                                                                 requestSignature);
            Assert.True(result);

            rootCACertificateEntryByte = StorageUtil.readFromStorage(rootCertDigest);
            caCertificateEntry         = (CaCertificateEntry)SerializationUtil.Deserialize(rootCACertificateEntryByte);
            Assert.False(caCertificateEntry.IsTrusted);
            Assert.False(caCertificateEntry.IsRevoked);
        }
        public static object LogCACertificateStorageStatus(object[] args)
        {
            byte[] encodedCert     = (byte[])args[0];
            byte[] certificateHash = Sha256(encodedCert);
            byte[] caCertificateEnrtySerialized = StorageUtil.readFromStorage(certificateHash);
            if (caCertificateEnrtySerialized != null)
            {
                CaCertificateEntry caCertificateHashEntry =
                    (CaCertificateEntry)SerializationUtil.Deserialize(caCertificateEnrtySerialized);
                Logger.log("CA Certificate Exists in Storage");
                Logger.log(caCertificateHashEntry.CertificateValue);
                Logger.log("IsRevoked: ", caCertificateHashEntry.IsRevoked);
                Logger.log("IsTrusted: ", caCertificateHashEntry.IsTrusted);
            }
            else
            {
                Logger.log("CA Certificate Not Exists in Storage");
            }

            return(true);
        }