public static bool AddSubCaCertificate(byte[] certificateHash, byte[] encodedCert, byte[] signature)
{
if (CertificateStorageManager.IsSubCaCertificateAddedBefore(certificateHash))
{
Logger.log("Sub CA Certificate is added before");
return(false);
}
Certificate subCaCertificate = CertificateParser.Parse(encodedCert);
if (!subCaCertificate.IsLoaded)
{
Logger.log("Can not parse Sub CA Certificate");
return(false);
}
if (!ValidateSubCaCertificateAddRequestSignature(subCaCertificate, signature))
{
Logger.log("Can not validate Add Sub CA Certificate request signature");
return(false);
}
if (!CertificateValidator.ValidateSubCaCertificate(subCaCertificate))
{
Logger.log("Can not validate Sub CA Certificate");
return(false);
}
CertificateStorageManager.AddSubCaCertificateToStorage(subCaCertificate, certificateHash, encodedCert);
return(true);
}
public static bool UntrustRootCaCertificate(byte[] certificateHash, byte[] encodedCert, byte[] signature)
{
if (!ValidateUntrustRootCaCertificateRequestSignature(encodedCert, signature))
{
Logger.log("Error while validating Untrust Root Ca Certificate Request");
return(false);
}
if (!CertificateStorageManager.IsRootCaCertificateAddedBefore(certificateHash))
{
Logger.log("Untrust error. Root CA is not added before");
return(false);
}
Certificate rootCaCertificate = CertificateParser.Parse(encodedCert);
if (!rootCaCertificate.IsLoaded)
{
Logger.log("Error while parsing encoded root CA content");
return(false);
}
CertificateStorageManager.MarkRootCaCertificateUntrustedInStorage(rootCaCertificate, certificateHash);
return(true);
}
public static bool AddTrustedRootCaCertificate(byte[] certificateHash, byte[] encodedCert, byte[] signature)
{
if (!ValidateRootCaCertificateAddRequestSignature(encodedCert, signature))
{
return(false);
}
if (CertificateStorageManager.IsRootCaCertificateAddedBefore(certificateHash))
{
return(false);
}
Certificate rootCaCertificate = CertificateParser.Parse(encodedCert);
if (!rootCaCertificate.IsLoaded)
{
return(false);
}
if (!CertificateValidator.ValidateRootCaCertificate(rootCaCertificate))
{
return(false);
}
CertificateStorageManager.AddRootCaCertificateToStorage(rootCaCertificate, certificateHash, encodedCert);
return(true);
}
public static bool RevokeSubCaCertificate(byte[] certificateHash, byte[] encodedCert, byte[] signature)
{
if (!CertificateStorageManager.IsSubCaCertificateAddedBefore(certificateHash))
{
return(false);
}
Certificate subCaCertificate = CertificateParser.Parse(encodedCert);
if (!subCaCertificate.IsLoaded)
{
Logger.log("Can not parse Sub CA Certificate");
return(false);
}
if (!ValidateRevokeSubCaCertificateRequestSignature(subCaCertificate, signature))
{
return(false);
}
if (!CertificateValidator.CheckValidityPeriod(subCaCertificate))
{
return(false);
}
if (!CertificateStorageManager.MarkSubCaCertificateRevokedInStorage(subCaCertificate, certificateHash))
{
return(false);
}
return(true);
}
public static bool AddSslCertificate(byte[] certificateHash, byte[] encodedCert)
{
if (CertificateStorageManager.IsSSLCertificateAddedBefore(certificateHash))
{
return(false);
}
Certificate sslCertificate = CertificateParser.Parse(encodedCert);
if (!sslCertificate.IsLoaded)
{
return(false);
}
if (!CertificateValidator.CheckValidityPeriod(sslCertificate))
{
return(false);
}
if (!CertificateValidator.ValidateSslCertificateFields(sslCertificate))
{
return(false);
}
if (!CertificateChainValidator.ValidateCertificateSignatureWithChain(sslCertificate))
{
return(false);
}
CertificateStorageManager.AddEndEntityCertificateToStorage(sslCertificate, certificateHash, encodedCert);
return(true);
}
public static bool RevokeSslCertificate(byte[] certificateHash, byte[] encodedCert, byte[] signature)
{
Logger.log("Checking SSL Certificate is added before");
if (!CertificateStorageManager.IsSSLCertificateAddedBefore(certificateHash))
{
Logger.log("SSL Certificate is not added before");
return(false);
}
Certificate sslCertificate = CertificateParser.Parse(encodedCert);
if (!sslCertificate.IsLoaded)
{
Logger.log("Can not parse SSL Certificate");
return(false);
}
if (!ValidateRevokeSslCertificateRequestSignature(sslCertificate, signature))
{
Logger.log("SSL Certificate revoke request signature is invalid");
return(false);
}
if (!CertificateStorageManager.MarkEndEntityCertificateRevokedInStorage(certificateHash))
{
Logger.log("Error while marking as remoked SSL Certificate in Storage");
return(false);
}
return(true);
}
public static Certificate FindIssuerCaCertificate(Certificate certificate)
{
Certificate nullCertificate = new Certificate();
Logger.log("Certificate AuthorityKeyIdentifier.keyIdentifier : ");
Logger.log(certificate.AuthorityKeyIdentifier.keyIdentifier);
CaCertificateSubjectKeyIdEntry cACertificateSubjectKeyIdEntry =
FindCaCertificateHashEntry(certificate.AuthorityKeyIdentifier.keyIdentifier);
if (cACertificateSubjectKeyIdEntry.CertificateHash == null)
{
Logger.log("Can not find CA Certificate Hash Entry with AuthorityKeyIdentifier.keyIdentifier");
return(nullCertificate);
}
CaCertificateEntry cACertificateEntry =
FindCaCertificatewithCertificateHash(cACertificateSubjectKeyIdEntry.CertificateHash);
if (cACertificateEntry.CertificateValue == null)
{
Logger.log("Can not find CA Certificate Entry with CA Certificate Hash");
return(nullCertificate);
}
if (cACertificateSubjectKeyIdEntry.IsRootCa)
{
if (!cACertificateEntry.IsTrusted)
{
Logger.log("CA Certificate is not trusted");
return(nullCertificate);
}
}
else
{
if (cACertificateEntry.IsRevoked)
{
Logger.log("CA Certificate is revoked");
return(nullCertificate);
}
}
Certificate caCertificate = CertificateParser.Parse(cACertificateEntry.CertificateValue);
if (!caCertificate.IsLoaded)
{
Logger.log("Can not parse CA Certificate value");
return(nullCertificate);
}
if (!CertificateValidator.CheckValidityPeriod(caCertificate))
{
Logger.log("Parse CA Certificate Validity is invalid");
return(nullCertificate);
}
return(caCertificate);
}
public void Should_Validate_Root_Ca_Signature()
{
string rootCertFilePath = "../../../test-data/certs/test-ca/Test-Root-CA-RSA-2048.cer";
byte[] rootCertEncoded = File.ReadAllBytes(rootCertFilePath);
byte[] rootCertDigest = DigestUtilities.CalculateDigest("SHA_256", rootCertEncoded);
Certificate rootCertificate = CertificateParser.Parse(rootCertEncoded);
bool validationResult = CertificateSignatureValidator.ValidateCertificateSignature(rootCertificate, rootCertificate);
Assert.True(validationResult);
}
public static object ParseCertificate(object[] args)
{
byte[] encodedCert = (byte[])args[0];
Logger.log("ParseCertificate started");
Certificate certificate = CertificateParser.Parse(encodedCert);
Logger.LogCertificate(certificate);
Logger.log("ParseCertificate finished");
return(true);
}
public void Should_Validate_SubCA_Signature_With_Root_Ca_Public_Key()
{
string rootCertFilePath = "../../../test-data/certs/test-ca/Test-Root-CA-RSA-2048.cer";
byte[] rootCertEncoded = File.ReadAllBytes(rootCertFilePath);
Certificate rootCertificate = CertificateParser.Parse(rootCertEncoded);
string subCaCertFilePath = "../../../test-data/certs/test-ca/Test-Sub-CA-RSA-2048.cer";
byte[] subCaCertEncoded = File.ReadAllBytes(subCaCertFilePath);
Certificate subCaCertificate = CertificateParser.Parse(subCaCertEncoded);
bool validationResult = CertificateSignatureValidator.ValidateCertificateSignature(subCaCertificate, rootCertificate);
Assert.True(validationResult);
}
public void Should_UnTrusted_Root_Certificate_When_Any_SubCA_And_Ssl_Certificate_Is_Not_Exist()
{
string rootCertFilePath = "../../../test-data/certs/test-ca/Test-Root-CA-RSA-2048.cer";
byte[] rootCertEncoded = File.ReadAllBytes(rootCertFilePath);
byte[] rootCertDigest = DigestUtilities.CalculateDigest("SHA_256", rootCertEncoded);
byte[] requestSignature = SignUtil.generateAddTrustedRootCAOperationRequestSignature(rootCertEncoded);
bool result =
RootCaCertificateHandler.AddTrustedRootCaCertificate(rootCertDigest, rootCertEncoded, requestSignature);
Assert.True(result);
Certificate rootCertificate = CertificateParser.Parse(rootCertEncoded);
byte[] rootCACertificateEntryByte = StorageUtil.readFromStorage(rootCertDigest);
CaCertificateEntry caCertificateEntry =
(CaCertificateEntry)SerializationUtil.Deserialize(rootCACertificateEntryByte);
Assert.True(caCertificateEntry.IsTrusted);
Assert.False(caCertificateEntry.IsRevoked);
Assert.Equal(caCertificateEntry.CertificateValue, rootCertEncoded);
byte[] cACertificateSubjectKeyIdEntrySerialized =
StorageUtil.readFromStorage(rootCertificate.SubjectKeyIdentifier.keyIdentifier);
CaCertificateSubjectKeyIdEntry cACertificateSubjectKeyIdEntry =
(CaCertificateSubjectKeyIdEntry)SerializationUtil.Deserialize(
cACertificateSubjectKeyIdEntrySerialized);
Assert.True(cACertificateSubjectKeyIdEntry.IsRootCa);
Assert.Equal(cACertificateSubjectKeyIdEntry.CertificateHash, rootCertDigest);
byte[] certificateHashMapEntrySerialized =
StorageUtil.readFromStorage(CertificateStorageManager.TRUSTED_ROOT_CA_LIST_STORAGE_KEY);
CertificateHashMapEntry trustedRootCAListHashMapEntry =
(CertificateHashMapEntry)SerializationUtil.Deserialize(certificateHashMapEntrySerialized);
Assert.Equal(1, trustedRootCAListHashMapEntry.certificateHashArray.Length);
byte[] certificateHashEntrySerialized = trustedRootCAListHashMapEntry.certificateHashArray[0];
CertificateHashEntry certificateHashEntry =
(CertificateHashEntry)SerializationUtil.Deserialize(certificateHashEntrySerialized);
Assert.True(certificateHashEntry.IsCa);
Assert.Equal(rootCertDigest, certificateHashEntry.CertificateHash);
requestSignature = SignUtil.generateUntrustRootCAOperationRequestSignature(rootCertEncoded);
result = RootCaCertificateHandler.UntrustRootCaCertificate(rootCertDigest, rootCertEncoded,
requestSignature);
Assert.True(result);
rootCACertificateEntryByte = StorageUtil.readFromStorage(rootCertDigest);
caCertificateEntry = (CaCertificateEntry)SerializationUtil.Deserialize(rootCACertificateEntryByte);
Assert.False(caCertificateEntry.IsTrusted);
Assert.False(caCertificateEntry.IsRevoked);
}
public void Should_Revoke_SSL_Certificate_When_Request_Signed_With_Issuer_Private_Key()
{
{
string rootCertFilePath = "../../../test-data/certs/test-ca/Test-Root-CA-RSA-2048.cer";
byte[] rootCertEncoded = File.ReadAllBytes(rootCertFilePath);
byte[] rootCertDigest = DigestUtilities.CalculateDigest("SHA_256", rootCertEncoded);
byte[] requestSignature = SignUtil.generateAddTrustedRootCAOperationRequestSignature(rootCertEncoded);
bool result =
RootCaCertificateHandler.AddTrustedRootCaCertificate(rootCertDigest, rootCertEncoded,
requestSignature);
Assert.True(result);
}
{
string subCaCertFilePath = "../../../test-data/certs/test-ca/Test-Sub-CA-RSA-2048.cer";
byte[] subCaCertEncoded = File.ReadAllBytes(subCaCertFilePath);
byte[] subCaCertificateHash = DigestUtilities.CalculateDigest("SHA_256", subCaCertEncoded);
byte[] subCaAddRequestSignature = null;
bool result = SubCaCertificateHandler.AddSubCaCertificate(subCaCertificateHash, subCaCertEncoded,
subCaAddRequestSignature);
Assert.True(result);
}
string sSLCertFilePath = "../../../test-data/certs/test-ca/Test-SSL-RSA-2048.cer";
byte[] sSLCertEncoded = File.ReadAllBytes(sSLCertFilePath);
byte[] sSLCertHash = DigestUtilities.CalculateDigest("SHA_256", sSLCertEncoded);
bool sslCertAddResult = SslCertificateHandler.AddSslCertificate(sSLCertHash, sSLCertEncoded);
Assert.True(sslCertAddResult);
string sSLCertIssuerPkcs8PrivateKeyFilePath = "../../../test-data/certs/test-ca/Test-Sub-CA-RSA-2048.pk8";
byte[] revokeSSLCertificateRequestSignature =
SignUtil.generateRevokeSSLCertificateOperationRequestRSAPSSSignature(sSLCertEncoded,
sSLCertIssuerPkcs8PrivateKeyFilePath);
Certificate sslCertificate = CertificateParser.Parse(sSLCertEncoded);
bool revokeSSLCertificateResult = SslCertificateHandler.RevokeSslCertificate(sSLCertHash, sSLCertEncoded,
revokeSSLCertificateRequestSignature);
Assert.True(revokeSSLCertificateResult);
byte[] sSLCertificateEntryByte = StorageUtil.readFromStorage(sSLCertHash);
EndEntityCertificateEntry sSLCertificateEntry =
(EndEntityCertificateEntry)SerializationUtil.Deserialize(sSLCertificateEntryByte);
Assert.True(sSLCertificateEntry.IsRevoked);
Assert.Equal(sSLCertificateEntry.CertificateValue, sSLCertEncoded);
}
public static bool UntrustRootCaCertificate(byte[] certificateHash, byte[] encodedCert, byte[] signature)
{
if (!ValidateRootCaCertificateAddRequestSignature(encodedCert, signature))
{
return(false);
}
if (!CertificateStorageManager.IsRootCaCertificateAddedBefore(certificateHash))
{
return(false);
}
Certificate rootCaCertificate = CertificateParser.Parse(encodedCert);
CertificateStorageManager.MarkRootCaCertificateUntrustedInStorage(rootCaCertificate, certificateHash);
return(true);
}
public static bool AddSslCertificate(byte[] certificateHash, byte[] encodedCert)
{
Logger.log("Checking SSL Certificate is added before");
if (CertificateStorageManager.IsSSLCertificateAddedBefore(certificateHash))
{
Logger.log("SSL Certificate is added before");
return(false);
}
Logger.log("Trying to parse SSL Certificate");
Certificate sslCertificate = CertificateParser.Parse(encodedCert);
if (!sslCertificate.IsLoaded)
{
Logger.log("Can not parse SSL Certificate");
return(false);
}
Logger.log("Checking SSL Certificate Validity Period");
if (!CertificateValidator.CheckValidityPeriod(sslCertificate))
{
Logger.log("SSL Certificate validity period is invalid");
return(false);
}
Logger.log("Checking SSL Certificate Fields");
if (!CertificateValidator.ValidateSslCertificateFields(sslCertificate))
{
Logger.log("SSL Certificate Fields are invalid");
return(false);
}
Logger.log("Validating SSL Certificate With Chain");
if (!CertificateChainValidator.ValidateCertificateSignatureWithChain(sslCertificate))
{
Logger.log("Can not validate SSL Certificate Signature With Chain");
return(false);
}
Logger.log("Adding SSL Certificate To Storage");
CertificateStorageManager.AddEndEntityCertificateToStorage(sslCertificate, certificateHash, encodedCert);
return(true);
}
public void Should_Add_SSL_Certificate()
{
{
string rootCertFilePath = "../../../test-data/certs/test-ca/Test-Root-CA-RSA-2048.cer";
byte[] rootCertEncoded = File.ReadAllBytes(rootCertFilePath);
byte[] rootCertDigest = DigestUtilities.CalculateDigest("SHA_256", rootCertEncoded);
byte[] requestSignature = SignUtil.generateAddTrustedRootCAOperationRequestSignature(rootCertEncoded);
bool result =
RootCaCertificateHandler.AddTrustedRootCaCertificate(rootCertDigest, rootCertEncoded,
requestSignature);
Assert.True(result);
}
{
string subCaCertFilePath = "../../../test-data/certs/test-ca/Test-Sub-CA-RSA-2048.cer";
byte[] subCaCertEncoded = File.ReadAllBytes(subCaCertFilePath);
byte[] subCaCertificateHash = DigestUtilities.CalculateDigest("SHA_256", subCaCertEncoded);
byte[] subCaAddRequestSignature = null;
bool result = SubCaCertificateHandler.AddSubCaCertificate(subCaCertificateHash, subCaCertEncoded,
subCaAddRequestSignature);
Assert.True(result);
}
string sSLCertFilePath = "../../../test-data/certs/test-ca/Test-SSL-RSA-2048.cer";
byte[] sSLCertEncoded = File.ReadAllBytes(sSLCertFilePath);
byte[] sSLCertHash = DigestUtilities.CalculateDigest("SHA_256", sSLCertEncoded);
bool sslCertAddResult = SslCertificateHandler.AddSslCertificate(sSLCertHash, sSLCertEncoded);
Assert.True(sslCertAddResult);
Certificate sslCertificate = CertificateParser.Parse(sSLCertEncoded);
byte[] sSLCertificateEntryByte = StorageUtil.readFromStorage(sSLCertHash);
EndEntityCertificateEntry sSLCertificateEntry =
(EndEntityCertificateEntry)SerializationUtil.Deserialize(sSLCertificateEntryByte);
Assert.False(sSLCertificateEntry.IsRevoked);
Assert.Equal(sSLCertificateEntry.CertificateValue, sSLCertEncoded);
//Is Added To Issuer list
{
byte[] storageKey = ArrayUtil.Concat(CertificateStorageManager.ELEMENT_LIST,
sslCertificate.AuthorityKeyIdentifier.keyIdentifier);
byte[] certHashMapEntrySerialized = StorageUtil.readFromStorage(storageKey);
Assert.True(certHashMapEntrySerialized != null);
CertificateHashMapEntry certHashMapEntry =
(CertificateHashMapEntry)SerializationUtil.Deserialize(certHashMapEntrySerialized);
Assert.True(certHashMapEntry.certificateHashArray != null);
Assert.True(certHashMapEntry.certificateHashArray.Length == 1);
byte[] subjectKeyIdCertificateHashEntrySerialized = certHashMapEntry.certificateHashArray[0];
CertificateHashEntry subjectKeyIdCertificateHashEntry =
(CertificateHashEntry)SerializationUtil.Deserialize(subjectKeyIdCertificateHashEntrySerialized);
Assert.Equal(subjectKeyIdCertificateHashEntry.CertificateHash, sSLCertHash);
Assert.False(subjectKeyIdCertificateHashEntry.IsCa);
}
//Domain Name List - Common Name
{
byte[] certHashMapEntrySerialized =
StorageUtil.readFromStorage(HexUtil.HexStringToByteArray("6f6e742e696f"));
Assert.True(certHashMapEntrySerialized != null);
CertificateHashMapEntry certHashMapEntry =
(CertificateHashMapEntry)SerializationUtil.Deserialize(certHashMapEntrySerialized);
Assert.True(certHashMapEntry.certificateHashArray != null);
Assert.True(certHashMapEntry.certificateHashArray.Length == 1);
byte[] subjectKeyIdCertificateHashEntrySerialized = certHashMapEntry.certificateHashArray[0];
CertificateHashEntry subjectKeyIdCertificateHashEntry =
(CertificateHashEntry)SerializationUtil.Deserialize(subjectKeyIdCertificateHashEntrySerialized);
Assert.Equal(subjectKeyIdCertificateHashEntry.CertificateHash, sSLCertHash);
Assert.False(subjectKeyIdCertificateHashEntry.IsCa);
}
//Domain Name List - Subject Alternative Name
{
byte[] certHashMapEntrySerialized =
StorageUtil.readFromStorage(HexUtil.HexStringToByteArray("7777772e6f6e742e696f"));
Assert.True(certHashMapEntrySerialized != null);
CertificateHashMapEntry certHashMapEntry =
(CertificateHashMapEntry)SerializationUtil.Deserialize(certHashMapEntrySerialized);
Assert.True(certHashMapEntry.certificateHashArray != null);
Assert.True(certHashMapEntry.certificateHashArray.Length == 1);
byte[] subjectKeyIdCertificateHashEntrySerialized = certHashMapEntry.certificateHashArray[0];
CertificateHashEntry subjectKeyIdCertificateHashEntry =
(CertificateHashEntry)SerializationUtil.Deserialize(subjectKeyIdCertificateHashEntrySerialized);
Assert.Equal(subjectKeyIdCertificateHashEntry.CertificateHash, sSLCertHash);
Assert.False(subjectKeyIdCertificateHashEntry.IsCa);
}
}
public void Should_Parse_ONT_IO_End_User_SSL_Certificate()
{
string sSLCertFilePath = "../../../test-data/certs/www.ont.io/ont.io.cer";
byte[] sSlCertEncoded = File.ReadAllBytes(sSLCertFilePath);
Certificate sslCertificate = CertificateParser.Parse(sSlCertEncoded);
String sslCertEncodedDigestHex =
HexUtil.ConvertByteArrayToHexString(DigestUtilities.CalculateDigest("SHA_256", sSlCertEncoded));
Assert.Equal("b8194eb004a9efe52d1369facf6b0d4b21beea61087383ce61a4a16628780956", sslCertEncodedDigestHex);
var sSlCertEncodedHex = HexUtil.ConvertByteArrayToHexString(sSlCertEncoded);
Assert.Equal(
"308205733082045ba0030201020210773088c5353d7953172721226a256d91300d06092a864886f70d01010b0500308194310b3009060355040613025553311d301b060355040a131453796d616e74656320436f72706f726174696f6e311f301d060355040b131653796d616e746563205472757374204e6574776f726b311d301b060355040b1314446f6d61696e2056616c6964617465642053534c312630240603550403131d53796d616e7465632042617369632044562053534c204341202d204731301e170d3137313132303030303030305a170d3138313031333233353935395a3011310f300d06035504030c066f6e742e696f30820122300d06092a864886f70d01010105000382010f003082010a0282010100bed44f6d1772f9056ab06d7a7b108b1b65c293fa4af695e6400864866b4b5dac96197ec74a2a7d416690c9b5031f7ea667e3449f550dbdcb747fdaf01535762e41e9f0553b57c16efc7c48ec21c698833a6bd7826421890da27362fc2a65553b052561a100396dfdbb75bacea23009b3382e7ce487367bfc2040189336d4eae2692b32a217aa5e039d8adfb66654e364b5f19ba8d062835d3a7db9ff4ddedea389c571fd69971b9169fc59242c4347279c7a31879a38545aa33c31fca3b4213f03a13a04d2426025cd9867980fa94a42b80252f9929c8aa39052a00d5358ce8c55cd65bbbc010657be9c94383fffa81d58839f4f80e8e73c7b92ae47b956b9770203010001a38202413082023d301d0603551d110416301482066f6e742e696f820a7777772e6f6e742e696f30090603551d130402300030610603551d20045a30583056060667810c010201304c302306082b06010505070201161768747470733a2f2f642e73796d63622e636f6d2f637073302506082b0601050507020230190c1768747470733a2f2f642e73796d63622e636f6d2f727061301f0603551d230418301680145c619eb07641a96aaa430be1c76e30296eb1cd36300e0603551d0f0101ff0404030205a0301d0603551d250416301406082b0601050507030106082b06010505070302305706082b06010505070101044b3049301f06082b060105050730018613687474703a2f2f68632e73796d63642e636f6d302606082b06010505073002861a687474703a2f2f68632e73796d63622e636f6d2f68632e63727430820103060a2b06010401d6790204020481f40481f100ef007600ddeb1d2b7a0d4fa6208b81ad8168707e2e8e9d01d55c888d3d11c4cdb6ecbecc0000015fd7dfbb25000004030047304502207521b4fb9b668e7b1e9ff38d484f98ba061a0d48778fa5b01b68455dd032937a022100fef3632f1152c1c3d4ec3460637c7af29e159ea838f7e85f769215519e95792e007500a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc100000015fd7dfbb5f00000403004630440220375e45f4beffdd85dbad4f69f76ef1ed32453a9d48c3db8dba1717d3f01623cf02203ab8ed10e707fa2895b3ae4c4b591ece53df0bb444abff8e78236246cd88043b300d06092a864886f70d01010b050003820101005beb17029867c11bbfab8723ba010a22680b148668462ba80084d09b199a265477f49d753b19dbb29cc6bc0f59daad9c46dc7de5d86c775b45512ec71508e14715c701d3b39a55e1afe072feeb131426f0f84ac275607378b45364a68f3c008ba02aaf239438ca294797dcf152a01984aebff42591d1bac639d665bfee395621c48dd45a669b2f10fb0b92377441a7898adc9bc854e17e30c2b928e274eada3b5e4a6db9c903eb8a0aea0e7e7ce84fb81f0f2f74ec9f59d18497f831637acfd5c576e952583e6a5b21516a07562601d69f8f490a26e1a8a26a1a6ef4c552634b9f81d79c13af8355679443db34fee959733ef9bef71b6afead064ae6f3c030e8",
sSlCertEncodedHex);
Assert.Equal(3, sslCertificate.Version);
Assert.Equal("773088c5353d7953172721226a256d91",
HexUtil.ConvertByteArrayToHexString(sslCertificate.SerialNumber.ToByteArray()));
Assert.Equal(true, sslCertificate.BasicConstraints.HasBasicConstraints);
Assert.Equal(false, sslCertificate.BasicConstraints.IsCa);
Assert.Equal(false, sslCertificate.BasicConstraints.HasPathLengthConstraint);
Assert.Equal(0, sslCertificate.BasicConstraints.MaxPathLen);
string subjectPublicKeyInfoHex = HexUtil.ConvertByteArrayToHexString(sslCertificate.SubjectPublicKeyInfo);
Assert.Equal(
"30820122300d06092a864886f70d01010105000382010f003082010a0282010100bed44f6d1772f9056ab06d7a7b108b1b65c293fa4af695e6400864866b4b5dac96197ec74a2a7d416690c9b5031f7ea667e3449f550dbdcb747fdaf01535762e41e9f0553b57c16efc7c48ec21c698833a6bd7826421890da27362fc2a65553b052561a100396dfdbb75bacea23009b3382e7ce487367bfc2040189336d4eae2692b32a217aa5e039d8adfb66654e364b5f19ba8d062835d3a7db9ff4ddedea389c571fd69971b9169fc59242c4347279c7a31879a38545aa33c31fca3b4213f03a13a04d2426025cd9867980fa94a42b80252f9929c8aa39052a00d5358ce8c55cd65bbbc010657be9c94383fffa81d58839f4f80e8e73c7b92ae47b956b9770203010001",
subjectPublicKeyInfoHex);
Assert.Equal("300d06092a864886f70d01010b0500",
HexUtil.ConvertByteArrayToHexString(sslCertificate.SignatureAlgorithm));
Assert.Equal("5253412f2f504b43533150414444494e47",
HexUtil.ConvertByteArrayToHexString(sslCertificate.PublicKeyAlgName));
Assert.True(sslCertificate.KeyUsage.HasKeyUsageExtension);
Assert.True(sslCertificate.KeyUsage.IsCritical);
Assert.True((sslCertificate.KeyUsage.KeyUsageFlags & KeyUsageFlags.KeyCertSign) == 0);
Assert.True((sslCertificate.KeyUsage.KeyUsageFlags & KeyUsageFlags.CrlSign) == 0);
Assert.True((sslCertificate.KeyUsage.KeyUsageFlags & KeyUsageFlags.None) == 0);
Assert.True((sslCertificate.KeyUsage.KeyUsageFlags & KeyUsageFlags.EncipherOnly) == 0);
Assert.True((sslCertificate.KeyUsage.KeyUsageFlags & KeyUsageFlags.KeyAgreement) == 0);
Assert.True((sslCertificate.KeyUsage.KeyUsageFlags & KeyUsageFlags.DataEncipherment) == 0);
Assert.True((sslCertificate.KeyUsage.KeyUsageFlags & KeyUsageFlags.KeyEncipherment) != 0);
Assert.True((sslCertificate.KeyUsage.KeyUsageFlags & KeyUsageFlags.DigitalSignature) != 0);
Assert.True((sslCertificate.KeyUsage.KeyUsageFlags & KeyUsageFlags.DecipherOnly) == 0);
Assert.False(sslCertificate.SubjectKeyIdentifier.HasSubjectKeyIdentifierExtension);
Assert.True(sslCertificate.AuthorityKeyIdentifier.HasAuthorityKeyIdentifier);
Assert.False(sslCertificate.SubjectKeyIdentifier.IsCritical);
Assert.Equal(HexUtil.HexStringToByteArray("5C619EB07641A96AAA430BE1C76E30296EB1CD36"),
sslCertificate.AuthorityKeyIdentifier.keyIdentifier);
Assert.Equal(1511136000, sslCertificate.Validity.NotBefore);
Assert.Equal(1539475199, sslCertificate.Validity.NotAfter);
Assert.True(sslCertificate.ExtendedKeyUsage.HasExtendedKeyUsageExtension);
Assert.Equal(OIDS.OID_EXTENDED_KEY_USAGE_SERVER_AUTHENTICATION,
StringUtil.ByteArrayToString(sslCertificate.ExtendedKeyUsage.Oids[0]));
Assert.Equal(OIDS.OID_EXTENDED_KEY_USAGE_CLIENT_AUTHENTICATION,
StringUtil.ByteArrayToString(sslCertificate.ExtendedKeyUsage.Oids[1]));
Assert.Equal("312e332e362e312e352e352e372e332e31",
HexUtil.ConvertByteArrayToHexString(sslCertificate.ExtendedKeyUsage.Oids[0]));
Assert.Equal("312e332e362e312e352e352e372e332e32",
HexUtil.ConvertByteArrayToHexString(sslCertificate.ExtendedKeyUsage.Oids[1]));
Assert.Equal("ont.io", StringUtil.ByteArrayToString(sslCertificate.Subject.CommonName));
Assert.Equal("6f6e742e696f", HexUtil.ConvertByteArrayToHexString(sslCertificate.Subject.CommonName));
Assert.Equal("ont.io", StringUtil.ByteArrayToString(sslCertificate.DNsNames[0]));
Assert.Equal("6f6e742e696f", HexUtil.ConvertByteArrayToHexString(sslCertificate.DNsNames[0]));
Assert.Equal("www.ont.io", StringUtil.ByteArrayToString(sslCertificate.DNsNames[1]));
Assert.Equal("7777772e6f6e742e696f", HexUtil.ConvertByteArrayToHexString(sslCertificate.DNsNames[1]));
string TbsCertificateHex = HexUtil.ConvertByteArrayToHexString(sslCertificate.TbsCertificate);
Assert.Equal(
"3082045ba0030201020210773088c5353d7953172721226a256d91300d06092a864886f70d01010b0500308194310b3009060355040613025553311d301b060355040a131453796d616e74656320436f72706f726174696f6e311f301d060355040b131653796d616e746563205472757374204e6574776f726b311d301b060355040b1314446f6d61696e2056616c6964617465642053534c312630240603550403131d53796d616e7465632042617369632044562053534c204341202d204731301e170d3137313132303030303030305a170d3138313031333233353935395a3011310f300d06035504030c066f6e742e696f30820122300d06092a864886f70d01010105000382010f003082010a0282010100bed44f6d1772f9056ab06d7a7b108b1b65c293fa4af695e6400864866b4b5dac96197ec74a2a7d416690c9b5031f7ea667e3449f550dbdcb747fdaf01535762e41e9f0553b57c16efc7c48ec21c698833a6bd7826421890da27362fc2a65553b052561a100396dfdbb75bacea23009b3382e7ce487367bfc2040189336d4eae2692b32a217aa5e039d8adfb66654e364b5f19ba8d062835d3a7db9ff4ddedea389c571fd69971b9169fc59242c4347279c7a31879a38545aa33c31fca3b4213f03a13a04d2426025cd9867980fa94a42b80252f9929c8aa39052a00d5358ce8c55cd65bbbc010657be9c94383fffa81d58839f4f80e8e73c7b92ae47b956b9770203010001a38202413082023d301d0603551d110416301482066f6e742e696f820a7777772e6f6e742e696f30090603551d130402300030610603551d20045a30583056060667810c010201304c302306082b06010505070201161768747470733a2f2f642e73796d63622e636f6d2f637073302506082b0601050507020230190c1768747470733a2f2f642e73796d63622e636f6d2f727061301f0603551d230418301680145c619eb07641a96aaa430be1c76e30296eb1cd36300e0603551d0f0101ff0404030205a0301d0603551d250416301406082b0601050507030106082b06010505070302305706082b06010505070101044b3049301f06082b060105050730018613687474703a2f2f68632e73796d63642e636f6d302606082b06010505073002861a687474703a2f2f68632e73796d63622e636f6d2f68632e63727430820103060a2b06010401d6790204020481f40481f100ef007600ddeb1d2b7a0d4fa6208b81ad8168707e2e8e9d01d55c888d3d11c4cdb6ecbecc0000015fd7dfbb25000004030047304502207521b4fb9b668e7b1e9ff38d484f98ba061a0d48778fa5b01b68455dd032937a022100fef3632f1152c1c3d4ec3460637c7af29e159ea838f7e85f769215519e95792e007500a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc100000015fd7dfbb5f00000403004630440220375e45f4beffdd85dbad4f69f76ef1ed32453a9d48c3db8dba1717d3f01623cf02203ab8ed10e707fa2895b3ae4c4b591ece53df0bb444abff8e78236246cd88043b",
TbsCertificateHex);
string tBSSignatureAlgorithmHex = HexUtil.ConvertByteArrayToHexString(sslCertificate.TBSSignatureAlgorithm);
Assert.Equal(
"300d06092a864886f70d01010b0500",
tBSSignatureAlgorithmHex);
var signatureHex = HexUtil.ConvertByteArrayToHexString(sslCertificate.Signature);
Assert.Equal(
"5beb17029867c11bbfab8723ba010a22680b148668462ba80084d09b199a265477f49d753b19dbb29cc6bc0f59daad9c46dc7de5d86c775b45512ec71508e14715c701d3b39a55e1afe072feeb131426f0f84ac275607378b45364a68f3c008ba02aaf239438ca294797dcf152a01984aebff42591d1bac639d665bfee395621c48dd45a669b2f10fb0b92377441a7898adc9bc854e17e30c2b928e274eada3b5e4a6db9c903eb8a0aea0e7e7ce84fb81f0f2f74ec9f59d18497f831637acfd5c576e952583e6a5b21516a07562601d69f8f490a26e1a8a26a1a6ef4c552634b9f81d79c13af8355679443db34fee959733ef9bef71b6afead064ae6f3c030e8",
signatureHex);
string subjectCNHex = HexUtil.ConvertByteArrayToHexString(sslCertificate.Subject.CommonName);
Assert.Equal(
"6f6e742e696f",
subjectCNHex);
string issuerCNHex = HexUtil.ConvertByteArrayToHexString(sslCertificate.Issuer.CommonName);
Assert.Equal(
"53796d616e7465632042617369632044562053534c204341202d204731",
issuerCNHex);
}
public void Should_Parse_Verisign_Class_3_Root_CA_Certificate()
{
string rootCertFilePath =
"../../../test-data/certs/www.ont.io/VeriSign Class 3 Public Primary Certification Authority - G5.cer";
byte[] rootCertEncoded = File.ReadAllBytes(rootCertFilePath);
var rootCertEncodedHex = HexUtil.ConvertByteArrayToHexString(rootCertEncoded);
byte[] rootCertDigest = DigestUtilities.CalculateDigest("SHA_256", rootCertEncoded);
Certificate certificate = CertificateParser.Parse(rootCertEncoded);
Assert.Equal(
"308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a",
rootCertEncodedHex);
Assert.Equal("9acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df",
HexUtil.ConvertByteArrayToHexString(rootCertDigest));
Assert.Equal(true, certificate.IsLoaded);
Assert.Equal(3, certificate.Version);
Assert.Equal("18dad19e267de8bb4a2158cdcc6b3b4a",
HexUtil.ConvertByteArrayToHexString(certificate.SerialNumber.ToByteArray()));
Assert.Equal(true, certificate.BasicConstraints.HasBasicConstraints);
Assert.Equal(true, certificate.BasicConstraints.IsCa);
Assert.Equal(false, certificate.BasicConstraints.HasPathLengthConstraint);
Assert.Equal(0, certificate.BasicConstraints.MaxPathLen);
string subjectPublicKeyInfoHex = HexUtil.ConvertByteArrayToHexString(certificate.SubjectPublicKeyInfo);
Assert.Equal(
"30820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001",
subjectPublicKeyInfoHex);
Assert.Equal("5253412f2f504b43533150414444494e47",
HexUtil.ConvertByteArrayToHexString(certificate.PublicKeyAlgName));
var signatureAlgorithmHex = HexUtil.ConvertByteArrayToHexString(certificate.SignatureAlgorithm);
Assert.Equal("300d06092a864886f70d0101050500", signatureAlgorithmHex);
Assert.True(certificate.KeyUsage.HasKeyUsageExtension);
Assert.True(certificate.KeyUsage.IsCritical);
Assert.True((certificate.KeyUsage.KeyUsageFlags & KeyUsageFlags.KeyCertSign) != 0);
Assert.True((certificate.KeyUsage.KeyUsageFlags & KeyUsageFlags.CrlSign) != 0);
Assert.True((certificate.KeyUsage.KeyUsageFlags & KeyUsageFlags.None) == 0);
Assert.True((certificate.KeyUsage.KeyUsageFlags & KeyUsageFlags.EncipherOnly) == 0);
Assert.True((certificate.KeyUsage.KeyUsageFlags & KeyUsageFlags.KeyAgreement) == 0);
Assert.True((certificate.KeyUsage.KeyUsageFlags & KeyUsageFlags.DataEncipherment) == 0);
Assert.True((certificate.KeyUsage.KeyUsageFlags & KeyUsageFlags.KeyEncipherment) == 0);
Assert.True((certificate.KeyUsage.KeyUsageFlags & KeyUsageFlags.DigitalSignature) == 0);
Assert.True((certificate.KeyUsage.KeyUsageFlags & KeyUsageFlags.DecipherOnly) == 0);
Assert.True(certificate.SubjectKeyIdentifier.HasSubjectKeyIdentifierExtension);
Assert.False(certificate.SubjectKeyIdentifier.IsCritical);
Assert.Equal(HexUtil.HexStringToByteArray("7FD365A7C2DDECBBF03009F34339FA02AF333133"),
certificate.SubjectKeyIdentifier.keyIdentifier);
Assert.Null(certificate.AuthorityKeyIdentifier.keyIdentifier);
Assert.Equal(1162944000, certificate.Validity.NotBefore);
Assert.Equal(2099865599, certificate.Validity.NotAfter);
Assert.False(certificate.ExtendedKeyUsage.HasExtendedKeyUsageExtension);
string TbsCertificateHex = HexUtil.ConvertByteArrayToHexString(certificate.TbsCertificate);
Assert.Equal(
"308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133",
TbsCertificateHex);
string tBSSignatureAlgorithmHex = HexUtil.ConvertByteArrayToHexString(certificate.TBSSignatureAlgorithm);
Assert.Equal(
"300d06092a864886f70d0101050500",
tBSSignatureAlgorithmHex);
var signatureHex = HexUtil.ConvertByteArrayToHexString(certificate.Signature);
Assert.Equal(
"93244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a",
signatureHex);
string subjectCNHex = HexUtil.ConvertByteArrayToHexString(certificate.Subject.CommonName);
Assert.Equal(
"566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735",
subjectCNHex);
string issuerCNHex = HexUtil.ConvertByteArrayToHexString(certificate.Issuer.CommonName);
Assert.Equal(
"566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735",
issuerCNHex);
Assert.Null(certificate.DNsNames);
}
public void Should_Parse_Symantec_SSL_SubCA_Certificate()
{
string subCaCertFilePath = "../../../test-data/certs/www.ont.io/Symantec Basic DV SSL CA - G1.cer";
byte[] subCaCertEncoded = File.ReadAllBytes(subCaCertFilePath);
var subCaCertEncodedHex = HexUtil.ConvertByteArrayToHexString(subCaCertEncoded);
Certificate subCaCertificate = CertificateParser.Parse(subCaCertEncoded);
String subCaCertDigestHex =
HexUtil.ConvertByteArrayToHexString(DigestUtilities.CalculateDigest("SHA_256", subCaCertEncoded));
Assert.Equal("526e30ded6bf9d5ce216f50c832402b48ab70d55aeda918a1873a5883ebdb1b5", subCaCertDigestHex);
Assert.Equal(
"308205623082044aa00302010202104c4cd8a0fc4feaae1554a87f090eda87300d06092a864886f70d01010b05003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3136303630373030303030305a170d3236303630363233353935395a308194310b3009060355040613025553311d301b060355040a131453796d616e74656320436f72706f726174696f6e311f301d060355040b131653796d616e746563205472757374204e6574776f726b311d301b060355040b1314446f6d61696e2056616c6964617465642053534c312630240603550403131d53796d616e7465632042617369632044562053534c204341202d20473130820122300d06092a864886f70d01010105000382010f003082010a0282010100a437c858ca5ad90998a1660376e45b224fea9f3aff2b2a2dcc6d122c6764d4aac4b97b57832cf5c8f083f85d75192d6b7d865aa60e9aa265ae662d20632835f7896abf15a39cf25d40b1b78e86bf591120a8128aea9ba4bdc002fe1d7ee12d8ffba74dd248d4803befe0af6a3b7225aede385df87e1dcc634d0cdd270ae448397eeb4c6608e6639bf10589442e87ff7325518a41b7d555fa5d8554d8412c9ba87c5dd3349a23547c629999d3124c9b83fafd0197364e40c7257d4103aacd8d71bc97989208bf4808908150f079cffb3785005090e00b5cdf3c41322b963e775e95a9ab161d409ace15bb568b5f165b76409c602c71df2f67950883728b026a010203010001a38201763082017230120603551d130101ff040830060101ff020100302f0603551d1f042830263024a022a020861e687474703a2f2f732e73796d63622e636f6d2f706361332d67352e63726c300e0603551d0f0101ff040403020106302e06082b0601050507010104223020301e06082b060105050730018612687474703a2f2f732e73796d63642e636f6d30610603551d20045a30583056060667810c010201304c302306082b06010505070201161768747470733a2f2f642e73796d63622e636f6d2f637073302506082b0601050507020230191a1768747470733a2f2f642e73796d63622e636f6d2f727061301d0603551d250416301406082b0601050507030106082b0601050507030230290603551d1104223020a41e301c311a30180603550403131153796d616e746563504b492d322d353535301d0603551d0e041604145c619eb07641a96aaa430be1c76e30296eb1cd36301f0603551d230418301680147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d01010b0500038201010061ea45712f8de13f0a9b9548f1f23ca25816ca96c4ffdae2ab97711091b32fa48b810ff2a4fb35f3e7904a20c59be531cb47b1681db536e9f528576ea0a7a973c2c39ef90591f6ac428dc48df4096afa538ee7e21da14a7689c4979e03ec4ab00d55938bfc78bbbbc7046507085912c60d1405690f76044e87a41fcefb43366b67a11d1bfdd583ab1db470d0e22fd4f3bb324e6c8cda5f2f5ce1886437755abe9da9e7b616d09f86f01c58c6ef87f27ab0138732ad159f91bc4e9ea2530b11958d73ecb69028096794e8a26558617bed60bf32411c2d2df87af6d981f06a82832e1481d05fe01a4ce2350fa9cb58459dee0c10ebafccec49a639f4fb04486c19",
subCaCertEncodedHex);
Assert.Equal(
"4c4cd8a0fc4feaae1554a87f090eda87",
HexUtil.ConvertByteArrayToHexString(subCaCertificate.SerialNumber.ToByteArray()));
Assert.Equal(3, subCaCertificate.Version);
Assert.Equal(true, subCaCertificate.BasicConstraints.HasBasicConstraints);
Assert.Equal(true, subCaCertificate.BasicConstraints.IsCa);
Assert.Equal(true, subCaCertificate.BasicConstraints.HasPathLengthConstraint);
Assert.Equal(0, subCaCertificate.BasicConstraints.MaxPathLen);
string subjectPublicKeyInfoHex = HexUtil.ConvertByteArrayToHexString(subCaCertificate.SubjectPublicKeyInfo);
Assert.Equal(
"30820122300d06092a864886f70d01010105000382010f003082010a0282010100a437c858ca5ad90998a1660376e45b224fea9f3aff2b2a2dcc6d122c6764d4aac4b97b57832cf5c8f083f85d75192d6b7d865aa60e9aa265ae662d20632835f7896abf15a39cf25d40b1b78e86bf591120a8128aea9ba4bdc002fe1d7ee12d8ffba74dd248d4803befe0af6a3b7225aede385df87e1dcc634d0cdd270ae448397eeb4c6608e6639bf10589442e87ff7325518a41b7d555fa5d8554d8412c9ba87c5dd3349a23547c629999d3124c9b83fafd0197364e40c7257d4103aacd8d71bc97989208bf4808908150f079cffb3785005090e00b5cdf3c41322b963e775e95a9ab161d409ace15bb568b5f165b76409c602c71df2f67950883728b026a010203010001",
subjectPublicKeyInfoHex);
Assert.Equal("5253412f2f504b43533150414444494e47",
HexUtil.ConvertByteArrayToHexString(subCaCertificate.PublicKeyAlgName));
Assert.Equal("300d06092a864886f70d01010b0500",
HexUtil.ConvertByteArrayToHexString(subCaCertificate.SignatureAlgorithm));
Assert.True(subCaCertificate.KeyUsage.HasKeyUsageExtension);
Assert.True(subCaCertificate.KeyUsage.IsCritical);
Assert.True((subCaCertificate.KeyUsage.KeyUsageFlags & KeyUsageFlags.KeyCertSign) != 0);
Assert.True((subCaCertificate.KeyUsage.KeyUsageFlags & KeyUsageFlags.CrlSign) != 0);
Assert.True((subCaCertificate.KeyUsage.KeyUsageFlags & KeyUsageFlags.None) == 0);
Assert.True((subCaCertificate.KeyUsage.KeyUsageFlags & KeyUsageFlags.EncipherOnly) == 0);
Assert.True((subCaCertificate.KeyUsage.KeyUsageFlags & KeyUsageFlags.KeyAgreement) == 0);
Assert.True((subCaCertificate.KeyUsage.KeyUsageFlags & KeyUsageFlags.DataEncipherment) == 0);
Assert.True((subCaCertificate.KeyUsage.KeyUsageFlags & KeyUsageFlags.KeyEncipherment) == 0);
Assert.True((subCaCertificate.KeyUsage.KeyUsageFlags & KeyUsageFlags.DigitalSignature) == 0);
Assert.True((subCaCertificate.KeyUsage.KeyUsageFlags & KeyUsageFlags.DecipherOnly) == 0);
Assert.True(subCaCertificate.SubjectKeyIdentifier.HasSubjectKeyIdentifierExtension);
Assert.False(subCaCertificate.SubjectKeyIdentifier.IsCritical);
Assert.Equal(HexUtil.HexStringToByteArray("5C619EB07641A96AAA430BE1C76E30296EB1CD36"),
subCaCertificate.SubjectKeyIdentifier.keyIdentifier);
Assert.True(subCaCertificate.AuthorityKeyIdentifier.HasAuthorityKeyIdentifier);
Assert.False(subCaCertificate.AuthorityKeyIdentifier.IsCritical);
Assert.Equal("7fd365a7c2ddecbbf03009f34339fa02af333133",
HexUtil.ConvertByteArrayToHexString(subCaCertificate.AuthorityKeyIdentifier.keyIdentifier));
Assert.Equal(1465257600, subCaCertificate.Validity.NotBefore);
Assert.Equal(1780790399, subCaCertificate.Validity.NotAfter);
Assert.True(subCaCertificate.ExtendedKeyUsage.HasExtendedKeyUsageExtension);
string TbsCertificateHex = HexUtil.ConvertByteArrayToHexString(subCaCertificate.TbsCertificate);
Assert.Equal(
"3082044aa00302010202104c4cd8a0fc4feaae1554a87f090eda87300d06092a864886f70d01010b05003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3136303630373030303030305a170d3236303630363233353935395a308194310b3009060355040613025553311d301b060355040a131453796d616e74656320436f72706f726174696f6e311f301d060355040b131653796d616e746563205472757374204e6574776f726b311d301b060355040b1314446f6d61696e2056616c6964617465642053534c312630240603550403131d53796d616e7465632042617369632044562053534c204341202d20473130820122300d06092a864886f70d01010105000382010f003082010a0282010100a437c858ca5ad90998a1660376e45b224fea9f3aff2b2a2dcc6d122c6764d4aac4b97b57832cf5c8f083f85d75192d6b7d865aa60e9aa265ae662d20632835f7896abf15a39cf25d40b1b78e86bf591120a8128aea9ba4bdc002fe1d7ee12d8ffba74dd248d4803befe0af6a3b7225aede385df87e1dcc634d0cdd270ae448397eeb4c6608e6639bf10589442e87ff7325518a41b7d555fa5d8554d8412c9ba87c5dd3349a23547c629999d3124c9b83fafd0197364e40c7257d4103aacd8d71bc97989208bf4808908150f079cffb3785005090e00b5cdf3c41322b963e775e95a9ab161d409ace15bb568b5f165b76409c602c71df2f67950883728b026a010203010001a38201763082017230120603551d130101ff040830060101ff020100302f0603551d1f042830263024a022a020861e687474703a2f2f732e73796d63622e636f6d2f706361332d67352e63726c300e0603551d0f0101ff040403020106302e06082b0601050507010104223020301e06082b060105050730018612687474703a2f2f732e73796d63642e636f6d30610603551d20045a30583056060667810c010201304c302306082b06010505070201161768747470733a2f2f642e73796d63622e636f6d2f637073302506082b0601050507020230191a1768747470733a2f2f642e73796d63622e636f6d2f727061301d0603551d250416301406082b0601050507030106082b0601050507030230290603551d1104223020a41e301c311a30180603550403131153796d616e746563504b492d322d353535301d0603551d0e041604145c619eb07641a96aaa430be1c76e30296eb1cd36301f0603551d230418301680147fd365a7c2ddecbbf03009f34339fa02af333133",
TbsCertificateHex);
string tBSSignatureAlgorithmHex =
HexUtil.ConvertByteArrayToHexString(subCaCertificate.TBSSignatureAlgorithm);
Assert.Equal(
"300d06092a864886f70d01010b0500",
tBSSignatureAlgorithmHex);
var signatureHex = HexUtil.ConvertByteArrayToHexString(subCaCertificate.Signature);
Assert.Equal(
"61ea45712f8de13f0a9b9548f1f23ca25816ca96c4ffdae2ab97711091b32fa48b810ff2a4fb35f3e7904a20c59be531cb47b1681db536e9f528576ea0a7a973c2c39ef90591f6ac428dc48df4096afa538ee7e21da14a7689c4979e03ec4ab00d55938bfc78bbbbc7046507085912c60d1405690f76044e87a41fcefb43366b67a11d1bfdd583ab1db470d0e22fd4f3bb324e6c8cda5f2f5ce1886437755abe9da9e7b616d09f86f01c58c6ef87f27ab0138732ad159f91bc4e9ea2530b11958d73ecb69028096794e8a26558617bed60bf32411c2d2df87af6d981f06a82832e1481d05fe01a4ce2350fa9cb58459dee0c10ebafccec49a639f4fb04486c19",
signatureHex);
string subjectCNHex = HexUtil.ConvertByteArrayToHexString(subCaCertificate.Subject.CommonName);
Assert.Equal(
"53796d616e7465632042617369632044562053534c204341202d204731",
subjectCNHex);
string issuerCNHex = HexUtil.ConvertByteArrayToHexString(subCaCertificate.Issuer.CommonName);
Assert.Equal(
"566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735",
issuerCNHex);
Assert.True(subCaCertificate.DNsNames.Length == 0);
}
public static bool ReportFraud(byte[] fraudId, byte[] fakeButValidCertificateBytes,
byte[] fakeButValidCertificateHash,
byte[] signerCertificateBytes, byte[] signerCertificateBytesHash, byte[] signature)
{
Certificate fakeButValidCertificate = CertificateParser.Parse(fakeButValidCertificateBytes);
if (!fakeButValidCertificate.IsLoaded)
{
Logger.log("Can not parse Fake But Valid SSL Certificate");
return(false);
}
EndEntityCertificateEntry fakeButValidCertificateEntry =
CertificateStorageManager.RetrieveEndEntityCertificateFromStorage(fakeButValidCertificateHash);
if (fakeButValidCertificateEntry.CertificateValue == null)
{
Logger.log("Can not find Fake But Valid SSL Certificate");
return(false);
}
if (fakeButValidCertificateEntry.IsRevoked)
{
Logger.log("Fake But Valid SSL Certificate is revoked before");
return(false);
}
Certificate signerCertificate = CertificateParser.Parse(signerCertificateBytes);
if (!signerCertificate.IsLoaded)
{
Logger.log("Can not parse Signer Certificate");
return(false);
}
var signerCertificateContainFakeButValidCertificateDnsEntry =
checkDnsValues(fakeButValidCertificate, signerCertificate);
if (!signerCertificateContainFakeButValidCertificateDnsEntry)
{
Logger.log("Signer Certificate Does not contain required DNS value");
return(false);
}
Logger.log("Starting Validate Signature For Report Fraud Request");
bool signatureValidationResult =
SignatureValidator.CheckReportFraudRequestSignature(signature, fakeButValidCertificate,
signerCertificate);
if (!signatureValidationResult)
{
Logger.log("Report Fraud Request signature Invalid");
return(false);
}
Logger.log("Validated Signature For Report Fraud Request");
FraudStorageManager.AddFraudReportToStorage(fraudId, signerCertificateBytes, fakeButValidCertificateHash);
//todo: add fraud notification after log infrastructure fixed
return(true);
}
public SendCertificateCommand(string modelText, List <Participant> participants, string backgroundImagePath)
{
Certificate = CertificateParser.Parse(modelText);
Participants = participants;
BackgroundImagePath = backgroundImagePath;
}
