public static bool ReportFraud(byte[] fraudId, byte[] fakeButValidCertificateBytes,
byte[] fakeButValidCertificateHash,
byte[] signerCertificateBytes, byte[] signerCertificateBytesHash, byte[] signature)
{
Certificate fakeButValidCertificate = CertificateParser.Parse(fakeButValidCertificateBytes);
if (!fakeButValidCertificate.IsLoaded)
{
Logger.log("Can not parse Fake But Valid SSL Certificate");
return(false);
}
EndEntityCertificateEntry fakeButValidCertificateEntry =
CertificateStorageManager.RetrieveEndEntityCertificateFromStorage(fakeButValidCertificateHash);
if (fakeButValidCertificateEntry.CertificateValue == null)
{
Logger.log("Can not find Fake But Valid SSL Certificate");
return(false);
}
if (fakeButValidCertificateEntry.IsRevoked)
{
Logger.log("Fake But Valid SSL Certificate is revoked before");
return(false);
}
Certificate signerCertificate = CertificateParser.Parse(signerCertificateBytes);
if (!signerCertificate.IsLoaded)
{
Logger.log("Can not parse Signer Certificate");
return(false);
}
var signerCertificateContainFakeButValidCertificateDnsEntry =
checkDnsValues(fakeButValidCertificate, signerCertificate);
if (!signerCertificateContainFakeButValidCertificateDnsEntry)
{
Logger.log("Signer Certificate Does not contain required DNS value");
return(false);
}
Logger.log("Starting Validate Signature For Report Fraud Request");
bool signatureValidationResult =
SignatureValidator.CheckReportFraudRequestSignature(signature, fakeButValidCertificate,
signerCertificate);
if (!signatureValidationResult)
{
Logger.log("Report Fraud Request signature Invalid");
return(false);
}
Logger.log("Validated Signature For Report Fraud Request");
FraudStorageManager.AddFraudReportToStorage(fraudId, signerCertificateBytes, fakeButValidCertificateHash);
//todo: add fraud notification after log infrastructure fixed
return(true);
}
