public static void SignDepositData(IServiceProvider testServiceProvider, DepositData depositData, byte[] privateKey, BeaconState?state)
{
SignatureDomains signatureDomains = testServiceProvider.GetService <IOptions <SignatureDomains> >().Value;
BeaconChainUtility beaconChainUtility = testServiceProvider.GetService <BeaconChainUtility>();
ICryptographyService cryptographyService = testServiceProvider.GetService <ICryptographyService>();
Domain domain;
if (state == null)
{
// Genesis
domain = beaconChainUtility.ComputeDomain(signatureDomains.Deposit);
}
else
{
BeaconStateAccessor beaconStateAccessor = testServiceProvider.GetService <BeaconStateAccessor>();
domain = beaconStateAccessor.GetDomain(state, signatureDomains.Deposit, Epoch.None);
}
DepositMessage depositMessage = new DepositMessage(depositData.PublicKey, depositData.WithdrawalCredentials, depositData.Amount);
Root depositMessageRoot = cryptographyService.HashTreeRoot(depositMessage);
Root signingRoot = beaconChainUtility.ComputeSigningRoot(depositMessageRoot, domain);
BlsSignature signature = TestSecurity.BlsSign(signingRoot, privateKey);
depositData.SetSignature(signature);
}
/// <summary>
/// Prepare the state for the deposit, and create a deposit for the given validator, depositing the given amount.
/// </summary>
public static Deposit PrepareStateAndDeposit(IServiceProvider testServiceProvider, BeaconState state, ValidatorIndex validatorIndex, Gwei amount, Bytes32 withdrawalCredentials, bool signed)
{
ChainConstants chainConstants = testServiceProvider.GetService <ChainConstants>();
InitialValues initialValues = testServiceProvider.GetService <IOptions <InitialValues> >().Value;
TimeParameters timeParameters = testServiceProvider.GetService <IOptions <TimeParameters> >().Value;
IBeaconChainUtility beaconChainUtility = testServiceProvider.GetService <IBeaconChainUtility>();
BeaconStateAccessor beaconStateAccessor = testServiceProvider.GetService <BeaconStateAccessor>();
IDepositStore depositStore = testServiceProvider.GetService <IDepositStore>();
byte[][] privateKeys = TestKeys.PrivateKeys(timeParameters).ToArray();
BlsPublicKey[] publicKeys = TestKeys.PublicKeys(timeParameters).ToArray();
byte[] privateKey = privateKeys[(int)(ulong)validatorIndex];
BlsPublicKey publicKey = publicKeys[(int)(ulong)validatorIndex];
if (withdrawalCredentials == Bytes32.Zero)
{
// insecurely use pubkey as withdrawal key if no credentials provided
byte[] withdrawalCredentialBytes = TestSecurity.Hash(publicKey.AsSpan());
withdrawalCredentialBytes[0] = initialValues.BlsWithdrawalPrefix;
withdrawalCredentials = new Bytes32(withdrawalCredentialBytes);
}
DepositData depositData = BuildDeposit(testServiceProvider, state, publicKey, privateKey, amount, withdrawalCredentials, signed);
Deposit deposit = depositStore.Place(depositData);
state.SetEth1DepositIndex(0);
state.Eth1Data.SetDepositRoot(depositStore.DepositData.Root);
state.Eth1Data.SetDepositCount((ulong)depositStore.Deposits.Count);
return(deposit);
}
public void AddAndPurgeWorks()
{
TestSecurity security = new TestSecurity(false);
NTAccount nta1 = new NTAccount(@"BUILTIN\Users");
NTAccount nta2 = new NTAccount(@"BUILTIN\Administrators");
security.AddAccessRuleTest(new TestAccessRule <TestRights> (nta1, TestRights.One,
AccessControlType.Allow));
security.AddAccessRuleTest(new TestAccessRule <TestRights> (nta2, TestRights.One,
AccessControlType.Allow));
AuthorizationRuleCollection rules1 = security.GetAccessRules(true, true, typeof(NTAccount));
Assert.AreEqual(2, rules1.Count);
security.PurgeAccessRules(nta1);
AuthorizationRuleCollection rules2 = security.GetAccessRules(true, true, typeof(NTAccount));
Assert.AreEqual(1, rules2.Count);
Assert.IsInstanceOfType(typeof(TestAccessRule <TestRights>), rules2[0]);
TestAccessRule <TestRights> rule = (TestAccessRule <TestRights>)rules2[0];
Assert.AreEqual(nta2, rule.IdentityReference);
}
public void SetSddlFormAllowsFlags ()
{
TestSecurity security = new TestSecurity ();
security.SetSecurityDescriptorSddlForm ("G:BA", AccessControlSections.Group | AccessControlSections.Owner);
Assert.AreEqual ("", security.GetSecurityDescriptorSddlForm (AccessControlSections.Owner));
Assert.AreEqual ("G:BA", security.GetSecurityDescriptorSddlForm (AccessControlSections.Group));
}
/// <summary>
/// Prepare the state for the deposit, and create a deposit for the given validator, depositing the given amount.
/// </summary>
public static Deposit PrepareStateAndDeposit(IServiceProvider testServiceProvider, BeaconState state, ValidatorIndex validatorIndex, Gwei amount, Hash32 withdrawalCredentials, bool signed)
{
var chainConstants = testServiceProvider.GetService <ChainConstants>();
var initialValues = testServiceProvider.GetService <IOptions <InitialValues> >().Value;
var timeParameters = testServiceProvider.GetService <IOptions <TimeParameters> >().Value;
var beaconChainUtility = testServiceProvider.GetService <BeaconChainUtility>();
var beaconStateAccessor = testServiceProvider.GetService <BeaconStateAccessor>();
var privateKeys = TestKeys.PrivateKeys(timeParameters).ToArray();
var publicKeys = TestKeys.PublicKeys(timeParameters).ToArray();
var privateKey = privateKeys[(int)(ulong)validatorIndex];
var publicKey = publicKeys[(int)(ulong)validatorIndex];
if (withdrawalCredentials == Hash32.Zero)
{
// insecurely use pubkey as withdrawal key if no credentials provided
var withdrawalCredentialBytes = TestSecurity.Hash(publicKey.AsSpan());
withdrawalCredentialBytes[0] = initialValues.BlsWithdrawalPrefix;
withdrawalCredentials = new Hash32(withdrawalCredentialBytes);
}
var depositDataList = new List <DepositData>();
(var deposit, var depositRoot) = BuildDeposit(testServiceProvider, state, depositDataList, publicKey, privateKey, amount, withdrawalCredentials, signed);
state.SetEth1DepositIndex(0);
state.Eth1Data.SetDepositRoot(depositRoot);
state.Eth1Data.SetDepositCount((ulong)depositDataList.Count);
return(deposit);
}
public static (Deposit, Root) BuildDeposit(IServiceProvider testServiceProvider, BeaconState?state, IList <DepositData> depositDataList, BlsPublicKey publicKey, byte[] privateKey, Gwei amount, Bytes32 withdrawalCredentials, bool signed)
{
ChainConstants chainConstants = testServiceProvider.GetService <ChainConstants>();
BeaconChainUtility beaconChainUtility = testServiceProvider.GetService <BeaconChainUtility>();
ICryptographyService cryptographyService = testServiceProvider.GetService <ICryptographyService>();
DepositData depositData = BuildDepositData(testServiceProvider, publicKey, privateKey, amount, withdrawalCredentials, state, signed);
int index = depositDataList.Count;
depositDataList.Add(depositData);
Root root = cryptographyService.HashTreeRoot(depositDataList);
IEnumerable <Bytes32> allLeaves = depositDataList.Select(x => new Bytes32(cryptographyService.HashTreeRoot(x).AsSpan()));
IList <IList <Bytes32> > tree = TestSecurity.CalculateMerkleTreeFromLeaves(allLeaves);
IList <Bytes32> merkleProof = TestSecurity.GetMerkleProof(tree, index, 32);
List <Bytes32> proof = new List <Bytes32>(merkleProof);
Span <byte> indexBytes = new Span <byte>(new byte[32]);
BitConverter.TryWriteBytes(indexBytes, (ulong)index + 1);
if (!BitConverter.IsLittleEndian)
{
indexBytes.Slice(0, 8).Reverse();
}
Bytes32 indexHash = new Bytes32(indexBytes);
proof.Add(indexHash);
Bytes32 leaf = new Bytes32(cryptographyService.HashTreeRoot(depositData).AsSpan());
bool checkValid = beaconChainUtility.IsValidMerkleBranch(leaf, proof, chainConstants.DepositContractTreeDepth + 1, (ulong)index, root);
Deposit deposit = new Deposit(proof, depositData);
return(deposit, root);
}
public static (Deposit, Hash32) BuildDeposit(IServiceProvider testServiceProvider, BeaconState?state, IList <DepositData> depositDataList, BlsPublicKey publicKey, byte[] privateKey, Gwei amount, Hash32 withdrawalCredentials, bool signed)
{
var chainConstants = testServiceProvider.GetService <ChainConstants>();
var beaconChainUtility = testServiceProvider.GetService <BeaconChainUtility>();
var depositData = BuildDepositData(testServiceProvider, publicKey, privateKey, amount, withdrawalCredentials, state, signed);
var index = depositDataList.Count;
depositDataList.Add(depositData);
Hash32 root = depositDataList.HashTreeRoot((ulong)1 << chainConstants.DepositContractTreeDepth);
var allLeaves = depositDataList.Select(x => x.HashTreeRoot());
var tree = TestSecurity.CalculateMerkleTreeFromLeaves(allLeaves);
var merkleProof = TestSecurity.GetMerkleProof(tree, index, 32);
var proof = new List <Hash32>(merkleProof);
var indexBytes = new Span <byte>(new byte[32]);
BitConverter.TryWriteBytes(indexBytes, (ulong)index + 1);
if (!BitConverter.IsLittleEndian)
{
indexBytes.Slice(0, 8).Reverse();
}
var indexHash = new Hash32(indexBytes);
proof.Add(indexHash);
var leaf = depositData.HashTreeRoot();
beaconChainUtility.IsValidMerkleBranch(leaf, proof, chainConstants.DepositContractTreeDepth + 1, (ulong)index, root);
var deposit = new Deposit(proof, depositData);
return(deposit, root);
}
public void Defaults()
{
TestSecurity security = new TestSecurity();
Assert.IsTrue(security.IsContainerTest);
Assert.IsTrue(security.IsDSTest);
}
public void DefaultsForSddlAndBinary()
{
TestSecurity security = new TestSecurity();
Assert.AreEqual("D:", security.GetSecurityDescriptorSddlForm(AccessControlSections.All));
Assert.AreEqual(28, security.GetSecurityDescriptorBinaryForm().Length);
}
public void SetSddlFormAllowsFlags()
{
TestSecurity security = new TestSecurity();
security.SetSecurityDescriptorSddlForm("G:BA", AccessControlSections.Group | AccessControlSections.Owner);
Assert.AreEqual("", security.GetSecurityDescriptorSddlForm(AccessControlSections.Owner));
Assert.AreEqual("G:BA", security.GetSecurityDescriptorSddlForm(AccessControlSections.Group));
}
public void ResetAccessRuleCausesExactlyOneModifyAccessCall()
{
TestSecurity security = new TestSecurity(false);
SecurityIdentifier sid = new SecurityIdentifier("WD");
security.ResetAccessRuleTest(new TestAccessRule <TestRights> (sid, TestRights.One,
AccessControlType.Allow));
Assert.AreEqual(1, security.modify_access_called_count);
}
public void ConstructorLetsFalseDSThrough ()
{
CommonSecurityDescriptor descriptor = new CommonSecurityDescriptor
(false, false, ControlFlags.None, null, null, null, null);
TestSecurity security = new TestSecurity (descriptor);
Assert.IsFalse (security.IsContainerTest);
Assert.IsFalse (security.IsDSTest);
}
public void Defaults ()
{
TestSecurity security = new TestSecurity ();
Assert.IsTrue (security.AreAccessRulesCanonical);
Assert.IsTrue (security.AreAuditRulesCanonical);
Assert.IsFalse (security.AreAccessRulesProtected);
Assert.IsFalse (security.AreAuditRulesProtected);
Assert.IsNull (security.GetGroup (typeof (SecurityIdentifier)));
Assert.IsNull (security.GetOwner (typeof (SecurityIdentifier)));
}
public void ConstructorLetsFalseDSThrough()
{
CommonSecurityDescriptor descriptor = new CommonSecurityDescriptor
(false, false, ControlFlags.None, null, null, null, null);
TestSecurity security = new TestSecurity(descriptor);
Assert.IsFalse(security.IsContainerTest);
Assert.IsFalse(security.IsDSTest);
}
public static void SignVoluntaryExit(IServiceProvider testServiceProvider, BeaconState state, VoluntaryExit voluntaryExit, byte[] privateKey)
{
var signatureDomains = testServiceProvider.GetService <IOptions <SignatureDomains> >().Value;
var beaconStateAccessor = testServiceProvider.GetService <BeaconStateAccessor>();
var domain = beaconStateAccessor.GetDomain(state, signatureDomains.VoluntaryExit, voluntaryExit.Epoch);
var signature = TestSecurity.BlsSign(voluntaryExit.SigningRoot(), privateKey, domain);
voluntaryExit.SetSignature(signature);
}
public static void SignBlock(IServiceProvider testServiceProvider, BeaconState state, BeaconBlock block, ValidatorIndex proposerIndex)
{
MiscellaneousParameters miscellaneousParameters = testServiceProvider.GetService <IOptions <MiscellaneousParameters> >().Value;
TimeParameters timeParameters = testServiceProvider.GetService <IOptions <TimeParameters> >().Value;
MaxOperationsPerBlock maxOperationsPerBlock = testServiceProvider.GetService <IOptions <MaxOperationsPerBlock> >().Value;
SignatureDomains signatureDomains = testServiceProvider.GetService <IOptions <SignatureDomains> >().Value;
ICryptographyService cryptographyService = testServiceProvider.GetService <ICryptographyService>();
BeaconChainUtility beaconChainUtility = testServiceProvider.GetService <BeaconChainUtility>();
BeaconStateAccessor beaconStateAccessor = testServiceProvider.GetService <BeaconStateAccessor>();
BeaconStateTransition beaconStateTransition = testServiceProvider.GetService <BeaconStateTransition>();
if (state.Slot > block.Slot)
{
throw new ArgumentOutOfRangeException("block.Slot", block.Slot, $"Slot of block must be equal or less that state slot {state.Slot}");
}
Epoch blockEpoch = beaconChainUtility.ComputeEpochAtSlot(block.Slot);
if (proposerIndex == ValidatorIndex.None)
{
if (block.Slot == state.Slot)
{
proposerIndex = beaconStateAccessor.GetBeaconProposerIndex(state);
}
else
{
Epoch stateEpoch = beaconChainUtility.ComputeEpochAtSlot(state.Slot);
if (stateEpoch + 1 > blockEpoch)
{
Console.WriteLine("WARNING: Block slot far away, and no proposer index manually given."
+ " Signing block is slow due to transition for proposer index calculation.");
}
// use stub state to get proposer index of future slot
BeaconState stubState = BeaconState.Clone(state);
beaconStateTransition.ProcessSlots(stubState, block.Slot);
proposerIndex = beaconStateAccessor.GetBeaconProposerIndex(stubState);
}
}
byte[][] privateKeys = TestKeys.PrivateKeys(timeParameters).ToArray();
byte[] privateKey = privateKeys[(int)(ulong)proposerIndex];
Domain randaoDomain = beaconStateAccessor.GetDomain(state, signatureDomains.Randao, blockEpoch);
Hash32 randaoRevealHash = blockEpoch.HashTreeRoot();
BlsSignature randaoReveal = TestSecurity.BlsSign(randaoRevealHash, privateKey, randaoDomain);
block.Body.SetRandaoReveal(randaoReveal);
Domain signatureDomain = beaconStateAccessor.GetDomain(state, signatureDomains.BeaconProposer, blockEpoch);
Hash32 signingRoot = cryptographyService.SigningRoot(block);
BlsSignature signature = TestSecurity.BlsSign(signingRoot, privateKey, signatureDomain);
block.SetSignature(signature);
}
public void ModifyAccessRuleThrowsOnWrongType()
{
bool modified;
SecurityIdentifier everyoneSid = new SecurityIdentifier("WD");
TestSecurity security = new TestSecurity();
FileSystemAccessRule rule = new FileSystemAccessRule
(everyoneSid, FileSystemRights.FullControl, AccessControlType.Allow);
security.ModifyAccessRule(AccessControlModification.Add, rule, out modified);
}
public static void SignBlockHeader(IServiceProvider testServiceProvider, BeaconState state, BeaconBlockHeader header, byte[] privateKey)
{
var signatureDomains = testServiceProvider.GetService <IOptions <SignatureDomains> >().Value;
var beaconStateAccessor = testServiceProvider.GetService <BeaconStateAccessor>();
var domain = beaconStateAccessor.GetDomain(state, signatureDomains.BeaconProposer, Epoch.None);
var signingRoot = header.SigningRoot();
var signature = TestSecurity.BlsSign(signingRoot, privateKey, domain);
header.SetSignature(signature);
}
public void Defaults()
{
TestSecurity security = new TestSecurity();
Assert.IsTrue(security.AreAccessRulesCanonical);
Assert.IsTrue(security.AreAuditRulesCanonical);
Assert.IsFalse(security.AreAccessRulesProtected);
Assert.IsFalse(security.AreAuditRulesProtected);
Assert.IsNull(security.GetGroup(typeof(SecurityIdentifier)));
Assert.IsNull(security.GetOwner(typeof(SecurityIdentifier)));
}
public static BlsSignature GetAttestationSignature(IServiceProvider testServiceProvider, BeaconState state, AttestationData attestationData, byte[] privateKey)
{
var signatureDomains = testServiceProvider.GetService <IOptions <SignatureDomains> >().Value;
var beaconStateAccessor = testServiceProvider.GetService <BeaconStateAccessor>();
var messageHash = attestationData.HashTreeRoot();
var domain = beaconStateAccessor.GetDomain(state, signatureDomains.BeaconAttester, attestationData.Target.Epoch);
var signature = TestSecurity.BlsSign(messageHash, privateKey, domain);
return(signature);
}
public void Reset()
{
bool modifiedRet, modifiedOut;
SecurityIdentifier everyoneSid = new SecurityIdentifier("WD");
TestSecurity security = new TestSecurity();
TestAccessRule rule = new TestAccessRule
(everyoneSid, TestRights.One, AccessControlType.Allow);
modifiedRet = security.ModifyAccessRule(AccessControlModification.Reset, rule, out modifiedOut);
}
public void Defaults()
{
TestSecurity security;
security = new TestSecurity(false);
Assert.IsFalse(security.IsContainerTest);
Assert.IsFalse(security.IsDSTest);
security = new TestSecurity(true);
Assert.IsTrue(security.IsContainerTest);
Assert.IsFalse(security.IsDSTest);
}
public static SignedBeaconBlock SignBlock(IServiceProvider testServiceProvider, BeaconState state, BeaconBlock block, ValidatorIndex?optionalProposerIndex)
{
TimeParameters timeParameters = testServiceProvider.GetService <IOptions <TimeParameters> >().Value;
SignatureDomains signatureDomains = testServiceProvider.GetService <IOptions <SignatureDomains> >().Value;
ICryptographyService cryptographyService = testServiceProvider.GetService <ICryptographyService>();
BeaconChainUtility beaconChainUtility = testServiceProvider.GetService <BeaconChainUtility>();
BeaconStateAccessor beaconStateAccessor = testServiceProvider.GetService <BeaconStateAccessor>();
BeaconStateTransition beaconStateTransition = testServiceProvider.GetService <BeaconStateTransition>();
if (state.Slot > block.Slot)
{
throw new ArgumentOutOfRangeException("block.Slot", block.Slot, $"Slot of block must be equal or less that state slot {state.Slot}");
}
Epoch blockEpoch = beaconChainUtility.ComputeEpochAtSlot(block.Slot);
ValidatorIndex proposerIndex;
if (optionalProposerIndex.HasValue)
{
proposerIndex = optionalProposerIndex.Value;
}
else
{
if (block.Slot == state.Slot)
{
proposerIndex = beaconStateAccessor.GetBeaconProposerIndex(state);
}
else
{
Epoch stateEpoch = beaconChainUtility.ComputeEpochAtSlot(state.Slot);
if (stateEpoch + 1 > blockEpoch)
{
Console.WriteLine("WARNING: Block slot far away, and no proposer index manually given."
+ " Signing block is slow due to transition for proposer index calculation.");
}
// use stub state to get proposer index of future slot
BeaconState stubState = BeaconState.Clone(state);
beaconStateTransition.ProcessSlots(stubState, block.Slot);
proposerIndex = beaconStateAccessor.GetBeaconProposerIndex(stubState);
}
}
byte[][] privateKeys = TestKeys.PrivateKeys(timeParameters).ToArray();
byte[] privateKey = privateKeys[(int)(ulong)proposerIndex];
Root blockHashTreeRoot = cryptographyService.HashTreeRoot(block);
Domain proposerDomain = beaconStateAccessor.GetDomain(state, signatureDomains.BeaconProposer, blockEpoch);
Root signingRoot = beaconChainUtility.ComputeSigningRoot(blockHashTreeRoot, proposerDomain);
BlsSignature signature = TestSecurity.BlsSign(signingRoot, privateKey);
return(new SignedBeaconBlock(block, signature));
}
public void ChecksAccessControlModificationRange ()
{
bool modifiedRet, modifiedOut;
TestSecurity security = new TestSecurity ();
SecurityIdentifier sid = new SecurityIdentifier ("WD");
TestAccessRule rule = new TestAccessRule
(sid, 1, false, InheritanceFlags.None, PropagationFlags.None,
Guid.Empty, Guid.Empty, AccessControlType.Allow);
modifiedRet = security.ModifyAccessRule ((AccessControlModification)43210,
rule, out modifiedOut);
}
public void ChecksAccessControlModificationRange()
{
bool modifiedRet, modifiedOut;
TestSecurity security = new TestSecurity();
SecurityIdentifier sid = new SecurityIdentifier("WD");
TestAccessRule rule = new TestAccessRule
(sid, 1, false, InheritanceFlags.None, PropagationFlags.None,
Guid.Empty, Guid.Empty, AccessControlType.Allow);
modifiedRet = security.ModifyAccessRule((AccessControlModification)43210,
rule, out modifiedOut);
}
public static BlsSignature GetAttestationSignature(IServiceProvider testServiceProvider, BeaconState state, AttestationData attestationData, byte[] privateKey)
{
SignatureDomains signatureDomains = testServiceProvider.GetService <IOptions <SignatureDomains> >().Value;
BeaconChainUtility beaconChainUtility = testServiceProvider.GetService <BeaconChainUtility>();
BeaconStateAccessor beaconStateAccessor = testServiceProvider.GetService <BeaconStateAccessor>();
Root attestationDataRoot = attestationData.HashTreeRoot();
Domain domain = beaconStateAccessor.GetDomain(state, signatureDomains.BeaconAttester, attestationData.Target.Epoch);
Root signingRoot = beaconChainUtility.ComputeSigningRoot(attestationDataRoot, domain);
BlsSignature signature = TestSecurity.BlsSign(signingRoot, privateKey);
return(signature);
}
public void IgnoresResetOnAuditAndReturnsTrue ()
{
bool modifiedRet, modifiedOut;
TestSecurity security = new TestSecurity ();
SecurityIdentifier sid = new SecurityIdentifier ("WD");
TestAuditRule rule = new TestAuditRule
(sid, 1, false, InheritanceFlags.None, PropagationFlags.None,
Guid.Empty, Guid.Empty, AuditFlags.Success);
modifiedRet = security.ModifyAuditRule (AccessControlModification.Reset,
rule, out modifiedOut);
Assert.IsTrue (modifiedRet);
}
public static SignedBeaconBlockHeader SignBlockHeader(IServiceProvider testServiceProvider, BeaconState state, BeaconBlockHeader header, byte[] privateKey)
{
SignatureDomains signatureDomains = testServiceProvider.GetService <IOptions <SignatureDomains> >().Value;
IBeaconChainUtility beaconChainUtility = testServiceProvider.GetService <IBeaconChainUtility>();
BeaconStateAccessor beaconStateAccessor = testServiceProvider.GetService <BeaconStateAccessor>();
ICryptographyService cryptographyService = testServiceProvider.GetService <ICryptographyService>();
Root headerRoot = cryptographyService.HashTreeRoot(header);
Domain domain = beaconStateAccessor.GetDomain(state, signatureDomains.BeaconProposer, Epoch.None);
Root signingRoot = beaconChainUtility.ComputeSigningRoot(headerRoot, domain);
BlsSignature signature = TestSecurity.BlsSign(signingRoot, privateKey);
return(new SignedBeaconBlockHeader(header, signature));
}
public static SignedVoluntaryExit SignVoluntaryExit(IServiceProvider testServiceProvider, BeaconState state, VoluntaryExit voluntaryExit, byte[] privateKey)
{
var signatureDomains = testServiceProvider.GetService <IOptions <SignatureDomains> >().Value;
BeaconChainUtility beaconChainUtility = testServiceProvider.GetService <BeaconChainUtility>();
var beaconStateAccessor = testServiceProvider.GetService <BeaconStateAccessor>();
ICryptographyService cryptographyService = testServiceProvider.GetService <ICryptographyService>();
var voluntaryExitRoot = cryptographyService.HashTreeRoot(voluntaryExit);
var domain = beaconStateAccessor.GetDomain(state, signatureDomains.VoluntaryExit, voluntaryExit.Epoch);
var signingRoot = beaconChainUtility.ComputeSigningRoot(voluntaryExitRoot, domain);
var signature = TestSecurity.BlsSign(signingRoot, privateKey);
return(new SignedVoluntaryExit(voluntaryExit, signature));
}
public void IgnoresResetOnAuditAndReturnsTrue()
{
bool modifiedRet, modifiedOut;
TestSecurity security = new TestSecurity();
SecurityIdentifier sid = new SecurityIdentifier("WD");
TestAuditRule rule = new TestAuditRule
(sid, 1, false, InheritanceFlags.None, PropagationFlags.None,
Guid.Empty, Guid.Empty, AuditFlags.Success);
modifiedRet = security.ModifyAuditRule(AccessControlModification.Reset,
rule, out modifiedOut);
Assert.IsTrue(modifiedRet);
}
public void SetSddlForm()
{
TestSecurity security = new TestSecurity();
SecurityIdentifier groupSid = new SecurityIdentifier("WD");
SecurityIdentifier userSid = new SecurityIdentifier("SY");
security.SetGroup(groupSid);
security.SetOwner(userSid);
Assert.AreEqual("G:WD", security.GetSecurityDescriptorSddlForm(AccessControlSections.Group));
Assert.AreEqual("O:SY", security.GetSecurityDescriptorSddlForm(AccessControlSections.Owner));
security.SetSecurityDescriptorSddlForm("O:BG", AccessControlSections.Owner);
Assert.AreEqual("O:BG", security.GetSecurityDescriptorSddlForm(AccessControlSections.Owner));
Assert.AreEqual(new SecurityIdentifier("BG"), security.GetOwner(typeof(SecurityIdentifier)));
}
public void SetSddlForm ()
{
TestSecurity security = new TestSecurity ();
SecurityIdentifier groupSid = new SecurityIdentifier ("WD");
SecurityIdentifier userSid = new SecurityIdentifier ("SY");
security.SetGroup (groupSid);
security.SetOwner (userSid);
Assert.AreEqual ("G:WD", security.GetSecurityDescriptorSddlForm (AccessControlSections.Group));
Assert.AreEqual ("O:SY", security.GetSecurityDescriptorSddlForm (AccessControlSections.Owner));
security.SetSecurityDescriptorSddlForm ("O:BG", AccessControlSections.Owner);
Assert.AreEqual ("O:BG", security.GetSecurityDescriptorSddlForm (AccessControlSections.Owner));
Assert.AreEqual (new SecurityIdentifier ("BG"), security.GetOwner (typeof (SecurityIdentifier)));
}
public static BlsSignature SignAggregateAttestation(IServiceProvider testServiceProvider, BeaconState state, AttestationData attestationData, IEnumerable <ValidatorIndex> participants)
{
var timeParameters = testServiceProvider.GetService <IOptions <TimeParameters> >().Value;
var privateKeys = TestKeys.PrivateKeys(timeParameters).ToList();
var signatures = new List <BlsSignature>();
foreach (var validatorIndex in participants)
{
var privateKey = privateKeys[(int)(ulong)validatorIndex];
var signature = GetAttestationSignature(testServiceProvider, state, attestationData, privateKey, custodyBit: false);
signatures.Add(signature);
}
return(TestSecurity.BlsAggregateSignatures(signatures));
}
public void ObjectSecurityJustWrapsCommonSecurityDescriptor ()
{
CommonSecurityDescriptor descriptor = new CommonSecurityDescriptor
(false, false, ControlFlags.None, null, null, null, null);
TestSecurity security = new TestSecurity (descriptor);
Assert.IsNull (security.GetOwner (typeof(SecurityIdentifier)));
SecurityIdentifier sid = new SecurityIdentifier ("WD");
descriptor.Owner = sid; // Not virtual, so the conclusion in the test's title.
Assert.IsFalse (security.OwnerModifiedTest);
Assert.AreSame (sid, security.GetOwner (typeof(SecurityIdentifier)));
security.SetOwner (sid);
Assert.IsTrue (security.OwnerModifiedTest);
Assert.AreSame (sid, security.GetOwner (typeof(SecurityIdentifier)));
}
TestSecurity FactoryCallTest(bool objectAce)
{
SecurityIdentifier sid = new SecurityIdentifier("WD");
DiscretionaryAcl dacl = new DiscretionaryAcl(true, true, 1);
dacl.AddAccess(AccessControlType.Allow, sid, 1,
InheritanceFlags.None, PropagationFlags.None,
objectAce ? ObjectAceFlags.ObjectAceTypePresent : ObjectAceFlags.None,
Guid.NewGuid(), Guid.Empty);
CommonSecurityDescriptor descriptor = new CommonSecurityDescriptor
(true, true, ControlFlags.None, null, null, null, dacl);
TestSecurity security = new TestSecurity(descriptor);
security.GetAccessRules(true, true, typeof(SecurityIdentifier));
return(security);
}
[Category("NotWorking")] // Mono does not have a working CustomAce implementation yet.
public void ObjectSecurityRemovesWhatItCannotCreate()
{
RawAcl acl = new RawAcl(GenericAcl.AclRevision, 1);
acl.InsertAce(0, new CustomAce((AceType)255, AceFlags.None, new byte[4]));
DiscretionaryAcl dacl = new DiscretionaryAcl(true, true, acl);
Assert.AreEqual(1, dacl.Count);
CommonSecurityDescriptor descriptor = new CommonSecurityDescriptor
(true, true, ControlFlags.None, null, null, null, dacl);
TestSecurity security = new TestSecurity(descriptor);
AuthorizationRuleCollection rules = security.GetAccessRules(true, true, typeof(SecurityIdentifier));
Assert.AreEqual(0, rules.Count);
}
public void ObjectSecurityJustWrapsCommonSecurityDescriptor()
{
CommonSecurityDescriptor descriptor = new CommonSecurityDescriptor
(false, false, ControlFlags.None, null, null, null, null);
TestSecurity security = new TestSecurity(descriptor);
Assert.IsNull(security.GetOwner(typeof(SecurityIdentifier)));
SecurityIdentifier sid = new SecurityIdentifier("WD");
descriptor.Owner = sid; // Not virtual, so the conclusion in the test's title.
Assert.IsFalse(security.OwnerModifiedTest);
Assert.AreSame(sid, security.GetOwner(typeof(SecurityIdentifier)));
security.SetOwner(sid);
Assert.IsTrue(security.OwnerModifiedTest);
Assert.AreSame(sid, security.GetOwner(typeof(SecurityIdentifier)));
}
public void AllTypesAcceptedOnGetGroupOwnerUntilTheyAreSet ()
{
TestSecurity security = new TestSecurity ();
Assert.IsNull (security.GetGroup (typeof (void)));
Assert.IsNull (security.GetOwner (typeof (int)));
SecurityIdentifier everyoneSid = new SecurityIdentifier ("WD");
security.SetOwner (everyoneSid);
bool throwsOnInt = false;
try { security.GetOwner (typeof (int)); } catch (ArgumentException) { throwsOnInt = true; }
Assert.IsTrue (throwsOnInt);
bool throwsOnSuperclass = false;
try { security.GetOwner (typeof (IdentityReference)); } catch (ArgumentException) { throwsOnSuperclass = true; }
Assert.IsTrue (throwsOnSuperclass);
Assert.IsNull (security.GetGroup (typeof (void)));
Assert.IsInstanceOfType (typeof (SecurityIdentifier), security.GetOwner (typeof (SecurityIdentifier)));
}
public void ModifyAccessRuleAllowsDerivedTypeAndCallsModifyAccessButNothingChanges ()
{
bool modifiedRet, modifiedOut;
SecurityIdentifier everyoneSid = new SecurityIdentifier ("WD");
TestSecurity security = new TestSecurity ();
DerivedAccessRule rule = new DerivedAccessRule (everyoneSid, TestRights.One, AccessControlType.Allow);
modifiedRet = security.ModifyAccessRule (AccessControlModification.Add, rule, out modifiedOut);
Assert.AreEqual (modifiedRet, modifiedOut);
Assert.IsTrue (modifiedRet);
Assert.IsTrue (security.modify_access_called);
Assert.AreEqual ("D:", security.GetSecurityDescriptorSddlForm (AccessControlSections.All));
// (1) There is no external abstract/virtual 'get collection',
// (2) The overrides in this test call this base class, which does not change it, and
// (3) There are methods based on the collection value such as GetSecurityDescriptorSddlForm.
// Conclusion: Collection is internal and manipulated by derived classes.
}
public void ModifyAccessRuleThrowsOnWrongType ()
{
bool modified;
SecurityIdentifier everyoneSid = new SecurityIdentifier ("WD");
TestSecurity security = new TestSecurity ();
FileSystemAccessRule rule = new FileSystemAccessRule
(everyoneSid, FileSystemRights.FullControl, AccessControlType.Allow);
security.ModifyAccessRule (AccessControlModification.Add, rule, out modified);
}
public void Defaults ()
{
TestSecurity security = new TestSecurity ();
Assert.IsTrue (security.IsContainerTest);
Assert.IsTrue (security.IsDSTest);
}
public void Reset ()
{
bool modifiedRet, modifiedOut;
SecurityIdentifier everyoneSid = new SecurityIdentifier ("WD");
TestSecurity security = new TestSecurity ();
TestAccessRule rule = new TestAccessRule
(everyoneSid, TestRights.One, AccessControlType.Allow);
modifiedRet = security.ModifyAccessRule (AccessControlModification.Reset, rule, out modifiedOut);
}
public void Protection ()
{
TestSecurity security = new TestSecurity ();
security.SetAccessRuleProtection (true, true);
Assert.IsTrue (security.AreAccessRulesProtected);
Assert.IsFalse (security.AreAuditRulesProtected);
security.SetAuditRuleProtection (true, false);
Assert.IsTrue (security.AreAccessRulesProtected);
Assert.IsTrue (security.AreAuditRulesProtected);
security.SetAccessRuleProtection (false, false);
Assert.IsFalse (security.AreAccessRulesProtected);
Assert.IsTrue (security.AreAuditRulesProtected);
security.SetAuditRuleProtection (false, true);
Assert.IsFalse (security.AreAccessRulesProtected);
Assert.IsFalse (security.AreAuditRulesProtected);
}
TestSecurity FactoryCallTest (bool objectAce)
{
SecurityIdentifier sid = new SecurityIdentifier ("WD");
DiscretionaryAcl dacl = new DiscretionaryAcl (true, true, 1);
dacl.AddAccess (AccessControlType.Allow, sid, 1,
InheritanceFlags.None, PropagationFlags.None,
objectAce ? ObjectAceFlags.ObjectAceTypePresent : ObjectAceFlags.None,
Guid.NewGuid (), Guid.Empty);
CommonSecurityDescriptor descriptor = new CommonSecurityDescriptor
(true, true, ControlFlags.None, null, null, null, dacl);
TestSecurity security = new TestSecurity (descriptor);
security.GetAccessRules (true, true, typeof (SecurityIdentifier));
return security;
}
public void SetGroupThrowsOnNull ()
{
TestSecurity security = new TestSecurity ();
security.SetGroup (null);
}
public void SetOwnerThrowsOnNull ()
{
TestSecurity security = new TestSecurity ();
security.SetOwner (null);
}
public void LocksAreEnforced ()
{
TestSecurity security = new TestSecurity ();
bool value = security.OwnerModifiedTestWithoutLock;
}
public void PurgeThrowsOnNull ()
{
TestSecurity security = new TestSecurity ();
security.PurgeAccessRules (null);
}
public void DefaultsForSddlAndBinary ()
{
TestSecurity security = new TestSecurity ();
Assert.AreEqual ("D:", security.GetSecurityDescriptorSddlForm (AccessControlSections.All));
Assert.AreEqual (28, security.GetSecurityDescriptorBinaryForm ().Length);
}
[Category ("NotWorking")] // Mono does not have a working CustomAce implementation yet.
public void ObjectSecurityRemovesWhatItCannotCreate ()
{
RawAcl acl = new RawAcl (GenericAcl.AclRevision, 1);
acl.InsertAce (0, new CustomAce ((AceType)255, AceFlags.None, new byte[4]));
DiscretionaryAcl dacl = new DiscretionaryAcl (true, true, acl);
Assert.AreEqual (1, dacl.Count);
CommonSecurityDescriptor descriptor = new CommonSecurityDescriptor
(true, true, ControlFlags.None, null, null, null, dacl);
TestSecurity security = new TestSecurity (descriptor);
AuthorizationRuleCollection rules = security.GetAccessRules (true, true, typeof (SecurityIdentifier));
Assert.AreEqual (0, rules.Count);
}
