Binds an EdgeListener to the SecurityOverlord and handles the securing of insecure edges. This class is thread-safe.
Inheritance: WrapperEdgeListener
Beispiel #1
0
    protected virtual StructuredNode PrepareNode(int id, AHAddress address)
    {
      if(TakenIDs.ContainsKey(id)) {
        throw new Exception("ID already taken");
      }

      StructuredNode node = new StructuredNode(address, BrunetNamespace);

      NodeMapping nm = new NodeMapping();
      nm.ID = id;
      TakenIDs[id] = nm;
      nm.Node = node;
      Nodes.Add((Address) address, nm);

      EdgeListener el = CreateEdgeListener(nm.ID);

      if(_secure_edges || _secure_senders) {
        byte[] blob = _se_key.ExportCspBlob(true);
        RSACryptoServiceProvider rsa_copy = new RSACryptoServiceProvider();
        rsa_copy.ImportCspBlob(blob);

        string username = address.ToString().Replace('=', '0');
        CertificateMaker cm = new CertificateMaker("United States", "UFL", 
          "ACIS", username, "*****@*****.**", rsa_copy,
          address.ToString());
        Certificate cert = cm.Sign(_ca_cert, _se_key);

        CertificateHandler ch = null;
        if(_dtls) {
          ch = new OpenSslCertificateHandler();
        } else {
          ch = new CertificateHandler();
        }
        ch.AddCACertificate(_ca_cert.X509);
        ch.AddSignedCertificate(cert.X509);

        if(_dtls) {
          nm.SO = new DtlsOverlord(rsa_copy, ch, PeerSecOverlord.Security);
        } else {
          nm.Sso = new SymphonySecurityOverlord(node, rsa_copy, ch, node.Rrm);
          nm.SO = nm.Sso;
        }

        var brh = new BroadcastRevocationHandler(_ca_cert, nm.SO);
        node.GetTypeSource(BroadcastRevocationHandler.PType).Subscribe(brh, null);
        ch.AddCertificateVerification(brh);
        nm.SO.Subscribe(node, null);
        node.GetTypeSource(PeerSecOverlord.Security).Subscribe(nm.SO, null);
      }

      if(_pathing) {
        nm.PathEM = new PathELManager(el, nm.Node);
        nm.PathEM.Start();
        el = nm.PathEM.CreatePath();
        PType path_p = PType.Protocol.Pathing;
        nm.Node.DemuxHandler.GetTypeSource(path_p).Subscribe(nm.PathEM, path_p);
      }

      if(_secure_edges) {
        node.EdgeVerifyMethod = EdgeVerify.AddressInSubjectAltName;
        el = new SecureEdgeListener(el, nm.SO);
      }

      node.AddEdgeListener(el);

      if(!_start) {
        node.RemoteTAs = GetRemoteTAs();
      }

      IRelayOverlap ito = null;
      if(NCEnable) {
        nm.NCService = new NCService(node, new Point());
// My evaluations show that when this is enabled the system sucks
//        (node as StructuredNode).Sco.TargetSelector = new VivaldiTargetSelector(node, ncservice);
        ito = new NCRelayOverlap(nm.NCService);
      } else {
        ito = new SimpleRelayOverlap();
      }

      if(_broken != 0) {
        el = new Relay.RelayEdgeListener(node, ito);
        if(_secure_edges) {
          el = new SecureEdgeListener(el, nm.SO);
        }
        node.AddEdgeListener(el);
      }

      BroadcastHandler bhandler = new BroadcastHandler(node as StructuredNode);
      node.DemuxHandler.GetTypeSource(BroadcastSender.PType).Subscribe(bhandler, null);
      node.DemuxHandler.GetTypeSource(SimBroadcastPType).Subscribe(SimBroadcastHandler, null);

      // Enables Dht data store
      new TableServer(node);
      nm.Dht = new Dht(node, 3, 20);
      nm.DhtProxy = new RpcDhtProxy(nm.Dht, node);
      return node;
    }
Beispiel #2
0
    protected virtual StructuredNode PrepareNode(int id, AHAddress address)
    {
      if(TakenIDs.Contains(id)) {
        throw new Exception("ID already taken");
      }

      StructuredNode node = new StructuredNode(address, BrunetNamespace);

      NodeMapping nm = new NodeMapping();
      TakenIDs[id] = nm.ID = id;
      nm.Node = node;
      Nodes.Add((Address) address, nm);

      EdgeListener el = CreateEdgeListener(nm.ID);

      if(SecureEdges || SecureSenders) {
        byte[] blob = SEKey.ExportCspBlob(true);
        RSACryptoServiceProvider rsa_copy = new RSACryptoServiceProvider();
        rsa_copy.ImportCspBlob(blob);

        CertificateMaker cm = new CertificateMaker("United States", "UFL", 
          "ACIS", "David Wolinsky", "*****@*****.**", rsa_copy,
          address.ToString());
        Certificate cert = cm.Sign(CACert, SEKey);

        CertificateHandler ch = new CertificateHandler();
        ch.AddCACertificate(CACert.X509);
        ch.AddSignedCertificate(cert.X509);

        ProtocolSecurityOverlord so = new ProtocolSecurityOverlord(node, rsa_copy, node.Rrm, ch);
        so.Subscribe(node, null);
        node.GetTypeSource(SecurityOverlord.Security).Subscribe(so, null);
        nm.BSO = so;
        node.HeartBeatEvent += so.Heartbeat;
      }

      if(SecureEdges) {
        node.EdgeVerifyMethod = EdgeVerify.AddressInSubjectAltName;
        el = new SecureEdgeListener(el, nm.BSO);
      }

      node.AddEdgeListener(el);

      node.RemoteTAs = GetRemoteTAs();

      ITunnelOverlap ito = null;
      if(NCEnable) {
        nm.NCService = new NCService(node, new Point());
// My evaluations show that when this is enabled the system sucks
//        (node as StructuredNode).Sco.TargetSelector = new VivaldiTargetSelector(node, ncservice);
        ito = new NCTunnelOverlap(nm.NCService);
      } else {
        ito = new SimpleTunnelOverlap();
      }

      if(Broken != 0) {
        el = new Tunnel.TunnelEdgeListener(node, ito);
        node.AddEdgeListener(el);
      }
      // Enables Dht data store
      new TableServer(node);
      return node;
    }