public static Certificate FindIssuerCaCertificate(Certificate certificate) { Certificate nullCertificate = new Certificate(); Logger.log("Certificate AuthorityKeyIdentifier.keyIdentifier : "); Logger.log(certificate.AuthorityKeyIdentifier.keyIdentifier); CaCertificateSubjectKeyIdEntry cACertificateSubjectKeyIdEntry = FindCaCertificateHashEntry(certificate.AuthorityKeyIdentifier.keyIdentifier); if (cACertificateSubjectKeyIdEntry.CertificateHash == null) { Logger.log("Can not find CA Certificate Hash Entry with AuthorityKeyIdentifier.keyIdentifier"); return(nullCertificate); } CaCertificateEntry cACertificateEntry = FindCaCertificatewithCertificateHash(cACertificateSubjectKeyIdEntry.CertificateHash); if (cACertificateEntry.CertificateValue == null) { Logger.log("Can not find CA Certificate Entry with CA Certificate Hash"); return(nullCertificate); } if (cACertificateSubjectKeyIdEntry.IsRootCa) { if (!cACertificateEntry.IsTrusted) { Logger.log("CA Certificate is not trusted"); return(nullCertificate); } } else { if (cACertificateEntry.IsRevoked) { Logger.log("CA Certificate is revoked"); return(nullCertificate); } } Certificate caCertificate = CertificateParser.Parse(cACertificateEntry.CertificateValue); if (!caCertificate.IsLoaded) { Logger.log("Can not parse CA Certificate value"); return(nullCertificate); } if (!CertificateValidator.CheckValidityPeriod(caCertificate)) { Logger.log("Parse CA Certificate Validity is invalid"); return(nullCertificate); } return(caCertificate); }
public void Should_UnTrusted_Root_Certificate_When_Any_SubCA_And_Ssl_Certificate_Is_Not_Exist() { string rootCertFilePath = "../../../test-data/certs/test-ca/Test-Root-CA-RSA-2048.cer"; byte[] rootCertEncoded = File.ReadAllBytes(rootCertFilePath); byte[] rootCertDigest = DigestUtilities.CalculateDigest("SHA_256", rootCertEncoded); byte[] requestSignature = SignUtil.generateAddTrustedRootCAOperationRequestSignature(rootCertEncoded); bool result = RootCaCertificateHandler.AddTrustedRootCaCertificate(rootCertDigest, rootCertEncoded, requestSignature); Assert.True(result); Certificate rootCertificate = CertificateParser.Parse(rootCertEncoded); byte[] rootCACertificateEntryByte = StorageUtil.readFromStorage(rootCertDigest); CaCertificateEntry caCertificateEntry = (CaCertificateEntry)SerializationUtil.Deserialize(rootCACertificateEntryByte); Assert.True(caCertificateEntry.IsTrusted); Assert.False(caCertificateEntry.IsRevoked); Assert.Equal(caCertificateEntry.CertificateValue, rootCertEncoded); byte[] cACertificateSubjectKeyIdEntrySerialized = StorageUtil.readFromStorage(rootCertificate.SubjectKeyIdentifier.keyIdentifier); CaCertificateSubjectKeyIdEntry cACertificateSubjectKeyIdEntry = (CaCertificateSubjectKeyIdEntry)SerializationUtil.Deserialize( cACertificateSubjectKeyIdEntrySerialized); Assert.True(cACertificateSubjectKeyIdEntry.IsRootCa); Assert.Equal(cACertificateSubjectKeyIdEntry.CertificateHash, rootCertDigest); byte[] certificateHashMapEntrySerialized = StorageUtil.readFromStorage(CertificateStorageManager.TRUSTED_ROOT_CA_LIST_STORAGE_KEY); CertificateHashMapEntry trustedRootCAListHashMapEntry = (CertificateHashMapEntry)SerializationUtil.Deserialize(certificateHashMapEntrySerialized); Assert.Equal(1, trustedRootCAListHashMapEntry.certificateHashArray.Length); byte[] certificateHashEntrySerialized = trustedRootCAListHashMapEntry.certificateHashArray[0]; CertificateHashEntry certificateHashEntry = (CertificateHashEntry)SerializationUtil.Deserialize(certificateHashEntrySerialized); Assert.True(certificateHashEntry.IsCa); Assert.Equal(rootCertDigest, certificateHashEntry.CertificateHash); requestSignature = SignUtil.generateUntrustRootCAOperationRequestSignature(rootCertEncoded); result = RootCaCertificateHandler.UntrustRootCaCertificate(rootCertDigest, rootCertEncoded, requestSignature); Assert.True(result); rootCACertificateEntryByte = StorageUtil.readFromStorage(rootCertDigest); caCertificateEntry = (CaCertificateEntry)SerializationUtil.Deserialize(rootCACertificateEntryByte); Assert.False(caCertificateEntry.IsTrusted); Assert.False(caCertificateEntry.IsRevoked); }
public static object LogCACertificateStorageStatus(object[] args) { byte[] encodedCert = (byte[])args[0]; byte[] certificateHash = Sha256(encodedCert); byte[] caCertificateEnrtySerialized = StorageUtil.readFromStorage(certificateHash); if (caCertificateEnrtySerialized != null) { CaCertificateEntry caCertificateHashEntry = (CaCertificateEntry)SerializationUtil.Deserialize(caCertificateEnrtySerialized); Logger.log("CA Certificate Exists in Storage"); Logger.log(caCertificateHashEntry.CertificateValue); Logger.log("IsRevoked: ", caCertificateHashEntry.IsRevoked); Logger.log("IsTrusted: ", caCertificateHashEntry.IsTrusted); } else { Logger.log("CA Certificate Not Exists in Storage"); } return(true); }