checkChain static method
Checks a given certificate chain. For each pair it checks the issuer/subject values and the signature.
Example : The root certificate has the correct subject value to match the issuer of the intermediate certificate, but the public key does not match the signature of the intermediate certificate.
End Certificate <- DN Valid, Signature Valid-> Intermediate Certificate <- DN Valid, Signature Invalid -> Root Certificate
The resulting CertificateChainCheckData contains all necessary information.
Implementation
static CertificateChainCheckData checkChain(List<X509CertificateData> x509) {
var data = CertificateChainCheckData(chain: x509);
var pairs = <CertificateChainPairCheckResult>[];
for (var i = 0; i < x509.length; i++) {
var er = CertificateChainPairCheckResult();
var current = x509.elementAt(i);
if (x509.length > i + 1) {
var next = x509.elementAt(i + 1);
if (!_dnDataMatch(
current.tbsCertificate!.issuer, next.tbsCertificate!.subject)) {
er.dnDataMatch = false;
}
if (!checkX509Signature(current.plain!, parent: next.plain!)) {
er.signatureMatch = false;
}
pairs.add(er);
}
}
data.pairs = pairs;
return data;
}