public void Should_UnTrusted_Root_Certificate_When_Any_SubCA_And_Ssl_Certificate_Is_Not_Exist() { string rootCertFilePath = "../../../test-data/certs/test-ca/Test-Root-CA-RSA-2048.cer"; byte[] rootCertEncoded = File.ReadAllBytes(rootCertFilePath); byte[] rootCertDigest = DigestUtilities.CalculateDigest("SHA_256", rootCertEncoded); byte[] requestSignature = SignUtil.generateAddTrustedRootCAOperationRequestSignature(rootCertEncoded); bool result = RootCaCertificateHandler.AddTrustedRootCaCertificate(rootCertDigest, rootCertEncoded, requestSignature); Assert.True(result); Certificate rootCertificate = CertificateParser.Parse(rootCertEncoded); byte[] rootCACertificateEntryByte = StorageUtil.readFromStorage(rootCertDigest); CaCertificateEntry caCertificateEntry = (CaCertificateEntry)SerializationUtil.Deserialize(rootCACertificateEntryByte); Assert.True(caCertificateEntry.IsTrusted); Assert.False(caCertificateEntry.IsRevoked); Assert.Equal(caCertificateEntry.CertificateValue, rootCertEncoded); byte[] cACertificateSubjectKeyIdEntrySerialized = StorageUtil.readFromStorage(rootCertificate.SubjectKeyIdentifier.keyIdentifier); CaCertificateSubjectKeyIdEntry cACertificateSubjectKeyIdEntry = (CaCertificateSubjectKeyIdEntry)SerializationUtil.Deserialize( cACertificateSubjectKeyIdEntrySerialized); Assert.True(cACertificateSubjectKeyIdEntry.IsRootCa); Assert.Equal(cACertificateSubjectKeyIdEntry.CertificateHash, rootCertDigest); byte[] certificateHashMapEntrySerialized = StorageUtil.readFromStorage(CertificateStorageManager.TRUSTED_ROOT_CA_LIST_STORAGE_KEY); CertificateHashMapEntry trustedRootCAListHashMapEntry = (CertificateHashMapEntry)SerializationUtil.Deserialize(certificateHashMapEntrySerialized); Assert.Equal(1, trustedRootCAListHashMapEntry.certificateHashArray.Length); byte[] certificateHashEntrySerialized = trustedRootCAListHashMapEntry.certificateHashArray[0]; CertificateHashEntry certificateHashEntry = (CertificateHashEntry)SerializationUtil.Deserialize(certificateHashEntrySerialized); Assert.True(certificateHashEntry.IsCa); Assert.Equal(rootCertDigest, certificateHashEntry.CertificateHash); requestSignature = SignUtil.generateUntrustRootCAOperationRequestSignature(rootCertEncoded); result = RootCaCertificateHandler.UntrustRootCaCertificate(rootCertDigest, rootCertEncoded, requestSignature); Assert.True(result); rootCACertificateEntryByte = StorageUtil.readFromStorage(rootCertDigest); caCertificateEntry = (CaCertificateEntry)SerializationUtil.Deserialize(rootCACertificateEntryByte); Assert.False(caCertificateEntry.IsTrusted); Assert.False(caCertificateEntry.IsRevoked); }
public void Should_Revoke_SSL_Certificate_When_Request_Signed_With_Issuer_Private_Key() { { string rootCertFilePath = "../../../test-data/certs/test-ca/Test-Root-CA-RSA-2048.cer"; byte[] rootCertEncoded = File.ReadAllBytes(rootCertFilePath); byte[] rootCertDigest = DigestUtilities.CalculateDigest("SHA_256", rootCertEncoded); byte[] requestSignature = SignUtil.generateAddTrustedRootCAOperationRequestSignature(rootCertEncoded); bool result = RootCaCertificateHandler.AddTrustedRootCaCertificate(rootCertDigest, rootCertEncoded, requestSignature); Assert.True(result); } { string subCaCertFilePath = "../../../test-data/certs/test-ca/Test-Sub-CA-RSA-2048.cer"; byte[] subCaCertEncoded = File.ReadAllBytes(subCaCertFilePath); byte[] subCaCertificateHash = DigestUtilities.CalculateDigest("SHA_256", subCaCertEncoded); byte[] subCaAddRequestSignature = null; bool result = SubCaCertificateHandler.AddSubCaCertificate(subCaCertificateHash, subCaCertEncoded, subCaAddRequestSignature); Assert.True(result); } string sSLCertFilePath = "../../../test-data/certs/test-ca/Test-SSL-RSA-2048.cer"; byte[] sSLCertEncoded = File.ReadAllBytes(sSLCertFilePath); byte[] sSLCertHash = DigestUtilities.CalculateDigest("SHA_256", sSLCertEncoded); bool sslCertAddResult = SslCertificateHandler.AddSslCertificate(sSLCertHash, sSLCertEncoded); Assert.True(sslCertAddResult); string sSLCertIssuerPkcs8PrivateKeyFilePath = "../../../test-data/certs/test-ca/Test-Sub-CA-RSA-2048.pk8"; byte[] revokeSSLCertificateRequestSignature = SignUtil.generateRevokeSSLCertificateOperationRequestRSAPSSSignature(sSLCertEncoded, sSLCertIssuerPkcs8PrivateKeyFilePath); Certificate sslCertificate = CertificateParser.Parse(sSLCertEncoded); bool revokeSSLCertificateResult = SslCertificateHandler.RevokeSslCertificate(sSLCertHash, sSLCertEncoded, revokeSSLCertificateRequestSignature); Assert.True(revokeSSLCertificateResult); byte[] sSLCertificateEntryByte = StorageUtil.readFromStorage(sSLCertHash); EndEntityCertificateEntry sSLCertificateEntry = (EndEntityCertificateEntry)SerializationUtil.Deserialize(sSLCertificateEntryByte); Assert.True(sSLCertificateEntry.IsRevoked); Assert.Equal(sSLCertificateEntry.CertificateValue, sSLCertEncoded); }
public void Should_Add_SSL_Certificate() { { string rootCertFilePath = "../../../test-data/certs/test-ca/Test-Root-CA-RSA-2048.cer"; byte[] rootCertEncoded = File.ReadAllBytes(rootCertFilePath); byte[] rootCertDigest = DigestUtilities.CalculateDigest("SHA_256", rootCertEncoded); byte[] requestSignature = SignUtil.generateAddTrustedRootCAOperationRequestSignature(rootCertEncoded); bool result = RootCaCertificateHandler.AddTrustedRootCaCertificate(rootCertDigest, rootCertEncoded, requestSignature); Assert.True(result); } { string subCaCertFilePath = "../../../test-data/certs/test-ca/Test-Sub-CA-RSA-2048.cer"; byte[] subCaCertEncoded = File.ReadAllBytes(subCaCertFilePath); byte[] subCaCertificateHash = DigestUtilities.CalculateDigest("SHA_256", subCaCertEncoded); byte[] subCaAddRequestSignature = null; bool result = SubCaCertificateHandler.AddSubCaCertificate(subCaCertificateHash, subCaCertEncoded, subCaAddRequestSignature); Assert.True(result); } string sSLCertFilePath = "../../../test-data/certs/test-ca/Test-SSL-RSA-2048.cer"; byte[] sSLCertEncoded = File.ReadAllBytes(sSLCertFilePath); byte[] sSLCertHash = DigestUtilities.CalculateDigest("SHA_256", sSLCertEncoded); bool sslCertAddResult = SslCertificateHandler.AddSslCertificate(sSLCertHash, sSLCertEncoded); Assert.True(sslCertAddResult); Certificate sslCertificate = CertificateParser.Parse(sSLCertEncoded); byte[] sSLCertificateEntryByte = StorageUtil.readFromStorage(sSLCertHash); EndEntityCertificateEntry sSLCertificateEntry = (EndEntityCertificateEntry)SerializationUtil.Deserialize(sSLCertificateEntryByte); Assert.False(sSLCertificateEntry.IsRevoked); Assert.Equal(sSLCertificateEntry.CertificateValue, sSLCertEncoded); //Is Added To Issuer list { byte[] storageKey = ArrayUtil.Concat(CertificateStorageManager.ELEMENT_LIST, sslCertificate.AuthorityKeyIdentifier.keyIdentifier); byte[] certHashMapEntrySerialized = StorageUtil.readFromStorage(storageKey); Assert.True(certHashMapEntrySerialized != null); CertificateHashMapEntry certHashMapEntry = (CertificateHashMapEntry)SerializationUtil.Deserialize(certHashMapEntrySerialized); Assert.True(certHashMapEntry.certificateHashArray != null); Assert.True(certHashMapEntry.certificateHashArray.Length == 1); byte[] subjectKeyIdCertificateHashEntrySerialized = certHashMapEntry.certificateHashArray[0]; CertificateHashEntry subjectKeyIdCertificateHashEntry = (CertificateHashEntry)SerializationUtil.Deserialize(subjectKeyIdCertificateHashEntrySerialized); Assert.Equal(subjectKeyIdCertificateHashEntry.CertificateHash, sSLCertHash); Assert.False(subjectKeyIdCertificateHashEntry.IsCa); } //Domain Name List - Common Name { byte[] certHashMapEntrySerialized = StorageUtil.readFromStorage(HexUtil.HexStringToByteArray("6f6e742e696f")); Assert.True(certHashMapEntrySerialized != null); CertificateHashMapEntry certHashMapEntry = (CertificateHashMapEntry)SerializationUtil.Deserialize(certHashMapEntrySerialized); Assert.True(certHashMapEntry.certificateHashArray != null); Assert.True(certHashMapEntry.certificateHashArray.Length == 1); byte[] subjectKeyIdCertificateHashEntrySerialized = certHashMapEntry.certificateHashArray[0]; CertificateHashEntry subjectKeyIdCertificateHashEntry = (CertificateHashEntry)SerializationUtil.Deserialize(subjectKeyIdCertificateHashEntrySerialized); Assert.Equal(subjectKeyIdCertificateHashEntry.CertificateHash, sSLCertHash); Assert.False(subjectKeyIdCertificateHashEntry.IsCa); } //Domain Name List - Subject Alternative Name { byte[] certHashMapEntrySerialized = StorageUtil.readFromStorage(HexUtil.HexStringToByteArray("7777772e6f6e742e696f")); Assert.True(certHashMapEntrySerialized != null); CertificateHashMapEntry certHashMapEntry = (CertificateHashMapEntry)SerializationUtil.Deserialize(certHashMapEntrySerialized); Assert.True(certHashMapEntry.certificateHashArray != null); Assert.True(certHashMapEntry.certificateHashArray.Length == 1); byte[] subjectKeyIdCertificateHashEntrySerialized = certHashMapEntry.certificateHashArray[0]; CertificateHashEntry subjectKeyIdCertificateHashEntry = (CertificateHashEntry)SerializationUtil.Deserialize(subjectKeyIdCertificateHashEntrySerialized); Assert.Equal(subjectKeyIdCertificateHashEntry.CertificateHash, sSLCertHash); Assert.False(subjectKeyIdCertificateHashEntry.IsCa); } }