public void FindCertificateTest() {
      CertificateHandler ch = new CertificateHandler();

      RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(512);
      byte[] blob = rsa.ExportCspBlob(false);
      RSACryptoServiceProvider rsa_pub = new RSACryptoServiceProvider();
      rsa_pub.ImportCspBlob(blob);

      List<MemBlock> supported = new List<MemBlock>();
      List<MemBlock> unsupported = new List<MemBlock>();

      for(int i = 0; i < 20; i++) {
        CertificateMaker cm = new CertificateMaker("US", "UFL", "ACIS", "David Wolinsky",
            "*****@*****.**" + i, rsa_pub, i.ToString());
        Certificate cert = cm.Sign(cm, rsa);
        if(i % 2 == 0) {
          ch.AddCACertificate(cert.X509);
          ch.AddSignedCertificate(cert.X509);
          supported.Add(cert.SerialNumber);
        } else {
          unsupported.Add(cert.SerialNumber);
        }
      }

      Assert.IsNotNull(ch.FindCertificate(supported), "Should find a certificate");

      bool success = false;
      try {
        success = ch.FindCertificate(unsupported) != null;
      } catch { }

      Assert.IsTrue(!success, "Should not find a certificate");

      List<MemBlock> mixed = new List<MemBlock>(unsupported);
      mixed.Insert(4 ,supported[1]);
      Assert.AreEqual(supported[1],
          MemBlock.Reference(ch.FindCertificate(mixed).SerialNumber),
          "Only one supported");
    }
    public bool GenerateCACert(string group)
    {
        if(!Context.Request.IsLocal) {
          throw new Exception("Call must be made locally!");
        }

        string private_path = GetGroupPrivatePath(group);
        Directory.CreateDirectory(private_path);

        private_path += "private_key";
        RSACryptoServiceProvider private_key = new RSACryptoServiceProvider(2048);
        byte[] private_blob = private_key.ExportCspBlob(true);
        using(FileStream fs = File.Open(private_path, FileMode.Create)) {
          fs.Write(private_blob, 0, private_blob.Length);
        }

        string data_path = GetGroupDataPath(group);
        Directory.CreateDirectory(data_path);

        RSACryptoServiceProvider public_key = new RSACryptoServiceProvider();
        public_key.ImportCspBlob(private_key.ExportCspBlob(false));

        CertificateMaker cm = new CertificateMaker(string.Empty, group,
        string.Empty, "admin", string.Empty, public_key, string.Empty);
        Certificate cert = cm.Sign(cm, private_key);

        string cacert_path = GetGroupDataPath(group) + "cacert";
        byte[] cert_data = cert.X509.RawData;
        using(FileStream fs = File.Open(cacert_path, FileMode.Create)) {
          fs.Write(cert_data, 0, cert_data.Length);
        }

        return true;
    }
 public void ValidityTest() {
   CertificateHandler ch = new CertificateHandler();
   RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(512);
   byte[] blob = rsa.ExportCspBlob(false);
   RSACryptoServiceProvider rsa_pub = new RSACryptoServiceProvider();
   rsa_pub.ImportCspBlob(blob);
   string ID = "brunet:node:PXYSWDL5SZDHDDXJKZCLFENOP2KZDMBU";
   CertificateMaker cm = new CertificateMaker("US", "UFL", "ACIS", "David Wolinsky",
       "*****@*****.**", rsa_pub, ID);
   Certificate cert_0 = cm.Sign(cm, rsa);
   ch.AddSignedCertificate(cert_0.X509);
   ch.AddCACertificate(cert_0.X509);
   rsa = new RSACryptoServiceProvider(1024);
   rsa_pub.ImportCspBlob(rsa.ExportCspBlob(false));
   cm = new CertificateMaker("US", "UFL", "ACIS", "David Wolinsky",
       "*****@*****.**", rsa_pub, ID);
   Certificate cert_1 = cm.Sign(cm, rsa);
   Assert.IsTrue(ch.Verify(cert_0.X509, ID), "Valid");
   bool success = false;
   try {
     success = ch.Verify(cert_1.X509, ID);
   } catch { }
   Assert.IsTrue(!success, "Valid cert2");
 }
    protected bool SignCertificate(string group, string request_id)
    {
        string request_path = GetGroupDataPath(group) + request_id;
        if(!File.Exists(request_path)) {
          throw new Exception("No such request.");
        }

        CertificateMaker cm = null;
        using(FileStream fs = File.Open(request_path, FileMode.Open)) {
          byte[] blob = new byte[fs.Length];
          fs.Read(blob, 0, blob.Length);
          cm = new CertificateMaker(blob);
        }
        // We need to create a new certificate with all the users info!

        string private_path = GetGroupPrivatePath(group) + "private_key";
        if(!File.Exists(private_path)) {
          throw new Exception("No private key.");
        }

        RSACryptoServiceProvider private_key = new RSACryptoServiceProvider();
        using(FileStream fs = File.Open(private_path, FileMode.Open)) {
          byte[] blob = new byte[fs.Length];
          fs.Read(blob, 0, blob.Length);
          private_key.ImportCspBlob(blob);
        }

        string cacert_path = GetGroupDataPath(group) + "cacert";
        if(!File.Exists(cacert_path)) {
          throw new Exception("No CA Certificate.");
        }

        Certificate cacert = null;
        using(FileStream fs = File.Open(cacert_path, FileMode.Open)) {
          byte[] blob = new byte[fs.Length];
          fs.Read(blob, 0, blob.Length);
          cacert = new Certificate(blob);
        }

        Certificate cert = cm.Sign(cacert, private_key);

        request_path += ".signed";
        using(FileStream fs = File.Open(request_path, FileMode.Create)) {
          byte[] blob = cert.X509.RawData;
          fs.Write(blob, 0, blob.Length);
        }

        return true;
    }
    public string SubmitRequest(string username, string group, string secret,
      byte[] certificate)
    {
        IDbConnection dbcon = new MySqlConnection(_connection_string);
        dbcon.Open();
        IDbCommand dbcmd = dbcon.CreateCommand();

        string sql = "SELECT id, email FROM " + _db_prefix + "users WHERE username = \"" + username + "\"";
        dbcmd.CommandText = sql;
        IDataReader reader = dbcmd.ExecuteReader();
        if(!reader.Read()) {
          throw new Exception("Not registered on website.");
        }

        string user_id = ((int) reader["id"]).ToString();
        string email = (string) reader["email"];
        reader.Close();

        sql = "SELECT member FROM groups WHERE" +
           " group_id = (SELECT group_id FROM groupvpn WHERE group_name = \"" + group + "\")" +
           " and user_id = " + user_id + " and secret = \"" + secret + "\" and revoked = 0";
        dbcmd.CommandText = sql;
        reader = dbcmd.ExecuteReader();
        if(!reader.Read() || !"1".Equals(reader["member"].ToString())) {
          throw new Exception("Not a member of the group.");
        }

        reader.Close();

        sql = "UPDATE groupvpn SET last_update = CURRENT_TIMESTAMP WHERE group_name = \"" + group + "\"";
        dbcmd.CommandText = sql;
        reader = dbcmd.ExecuteReader();
        reader.Close();

        dbcmd.Dispose();
        dbcon.Close();

        CertificateMaker cm = null;
        try {
          cm = new CertificateMaker(certificate);
        } catch {
          throw new Exception("Invalid certificate request");
        }

        cm = new CertificateMaker(string.Empty, string.Empty, group, username,
        email, cm.PublicKey, cm.NodeAddress);

        Random rand = new Random();
        byte[] request_id_blob = new byte[20];
        rand.NextBytes(request_id_blob);

        StringBuilder request_id_sb = new StringBuilder(request_id_blob.Length);
        foreach(byte b in request_id_blob) {
          request_id_sb.Append(b.ToString("X2"));
        }
        string request_id = request_id_sb.ToString();

        string request_path = GetGroupDataPath(group) + request_id;
        using(FileStream fs = File.Open(request_path, FileMode.Create)) {
          fs.Write(cm.UnsignedData, 0, cm.UnsignedData.Length);
        }

        // If we don't want to verify request on the website...
        SignCertificate(group, request_id);

        return request_id;
    }
Beispiel #6
0
    protected PeerSecOverlord CreateInvalidSO(string name, int level) {
      if(rsa == null) {
        rsa = new RSACryptoServiceProvider();
        byte[] blob = rsa.ExportCspBlob(false);
        RSACryptoServiceProvider rsa_pub = new RSACryptoServiceProvider();
        rsa_pub.ImportCspBlob(blob);
        CertificateMaker cm = new CertificateMaker("United States", "UFL", 
            "ACIS", "David Wolinsky", "*****@*****.**", rsa_pub,
            "brunet:node:abcdefghijklmnopqrs");
        Certificate cert = cm.Sign(cm, rsa);
        x509 = cert.X509;
      }

      CertificateHandler ch = new CertificateHandler();
      if(level == 2 || level == 0) {
        ch.AddCACertificate(x509);
      }
      if(level == 3 || level == 0) {
        ch.AddSignedCertificate(x509);
      }
      Random rand = new Random();
      ReqrepManager rrm = new ReqrepManager("so" + name + rand.Next());
      _timeout += rrm.TimeoutChecker;

      PeerSecOverlord so = new PeerSecOverlord(rsa_safe, ch, rrm);
      so.AnnounceSA += AnnounceSA;
      RoutingDataHandler rdh = new RoutingDataHandler();
      rrm.Subscribe(so, null);
      so.Subscribe(rdh, null);
      rdh.Subscribe(rrm, null);
      return so;
    }
 public void ValidityTest() {
   var osch = new OpenSslCertificateHandler();
   RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(512);
   byte[] blob = rsa.ExportCspBlob(false);
   RSACryptoServiceProvider rsa_pub = new RSACryptoServiceProvider();
   rsa_pub.ImportCspBlob(blob);
   string ID = "brunet:node:PXYSWDL5SZDHDDXJKZCLFENOP2KZDMBU";
   CertificateMaker cm = new CertificateMaker("US", "UFL", "ACIS", "David Wolinsky",
       "*****@*****.**", rsa_pub, ID);
   Certificate cert_0 = cm.Sign(cm, rsa);
   osch.AddSignedCertificate(cert_0.X509);
   osch.AddCACertificate(cert_0.X509);
   var ocert = OpenSslCertificateHandler.OpenSslX509ToMonoX509(osch.LocalCertificate);
   Assert.AreEqual(cert_0.X509.RawData, ocert.RawData, "local check");
   Assert.IsTrue(CertificateHandler.Verify(ocert, ID), "Valid");
 }
    public void Test() {
      RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
      byte[] blob = rsa.ExportCspBlob(false);
      RSACryptoServiceProvider rsa_pub = new RSACryptoServiceProvider();
      rsa_pub.ImportCspBlob(blob);
      CertificateMaker cm = new CertificateMaker("United States", "UFL", 
          "ACIS", "David Wolinsky", "*****@*****.**", rsa_pub,
          "brunet:node:abcdefghijklmnopqrs");
      Assert.AreEqual("C=United States, O=UFL, OU=ACIS, CN=David Wolinsky, [email protected]", cm.Subject.DN, "DN test 1");
      cm = new CertificateMaker(cm.UnsignedData);
      Assert.AreEqual("C=United States, O=UFL, OU=ACIS, CN=David Wolinsky, [email protected]", cm.Subject.DN, "DN test 2");

      Certificate cert = cm.Sign(cm, rsa);

      Assert.IsTrue(cert.Signature != null, "Signature");
      Assert.AreEqual(cm.Subject.DN, cert.Issuer.DN, "Issuer = Subject");
      Assert.AreEqual("brunet:node:abcdefghijklmnopqrs", cert.NodeAddress , "Node address");

      Mono.Math.BigInteger rsa_pub_bi = new Mono.Math.BigInteger(rsa_pub.ExportCspBlob(false));
      Mono.Math.BigInteger cert_pub_bi = new Mono.Math.BigInteger(cert.PublicKey.ExportCspBlob(false));
      Assert.AreEqual(rsa_pub_bi, cert_pub_bi, "Key");

      SHA1CryptoServiceProvider sha1 = new SHA1CryptoServiceProvider();
      Assert.AreEqual(MemBlock.Reference(cert.SerialNumber),
          MemBlock.Reference(sha1.ComputeHash(cert.UnsignedData)),
          "SerialNumber == hash of unsigned data");

    }