| public Verify ( Mono.Security.X509.X509Certificate x509, ISender sender ) : bool | ||
| x509 | Mono.Security.X509.X509Certificate | |
| sender | ISender | |
| return | bool | |
public void ValidityTest()
{
CertificateHandler ch = new CertificateHandler();
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(512);
byte[] blob = rsa.ExportCspBlob(false);
RSACryptoServiceProvider rsa_pub = new RSACryptoServiceProvider();
rsa_pub.ImportCspBlob(blob);
string ID = "brunet:node:PXYSWDL5SZDHDDXJKZCLFENOP2KZDMBU";
CertificateMaker cm = new CertificateMaker("US", "UFL", "ACIS", "David Wolinsky",
"*****@*****.**", rsa_pub, ID);
Certificate cert_0 = cm.Sign(cm, rsa);
ch.AddSignedCertificate(cert_0.X509);
ch.AddCACertificate(cert_0.X509);
rsa = new RSACryptoServiceProvider(1024);
rsa_pub.ImportCspBlob(rsa.ExportCspBlob(false));
cm = new CertificateMaker("US", "UFL", "ACIS", "David Wolinsky",
"*****@*****.**", rsa_pub, ID);
Certificate cert_1 = cm.Sign(cm, rsa);
Assert.IsTrue(ch.Verify(cert_0.X509, null, ID), "Valid");
bool success = false;
try {
success = ch.Verify(cert_1.X509, null, ID);
} catch { }
Assert.IsTrue(!success, "Valid cert2");
}
/// <summary>2b) Receive a DHEWithCertificateAndCAs, verify the certificate and attempt
/// to find a matching Certificate for the list of CAs, if you find one,
/// finish the DHE handshake and send the certificate via a DHEWithCertificate</summary>
/// <param name="sa">A security association that we wish to perform the
/// specified control operation on.</param>
/// <param name="scm">The received SecurityControlMessage.</param>
/// <param name="scm_reply">A prepared reply message (with headers and such.</param>
/// <param name="return_path">Where to send the result.</param>
/// <param name="low_level_sender">We expect the return_path to not be an edge or
/// some other type of "low level" sender, so this contains the parsed out value.</param>
protected void HandleControlDHEWithCertificateAndCAs(SecurityAssociation sa,
SecurityControlMessage scm, SecurityControlMessage scm_reply,
ISender return_path, ISender low_level_sender)
{
ProtocolLog.WriteIf(ProtocolLog.Security, GetHashCode() + " Received DHEWithCertificateAndCAs from: " + low_level_sender);
if (sa == null)
{
sa = CreateSecurityAssociation(low_level_sender, scm.SPI, false);
}
byte[] cert = new byte[scm.Certificate.Length];
scm.Certificate.CopyTo(cert, 0);
X509Certificate rcert = new X509Certificate(cert);
_ch.Verify(rcert);
HashAlgorithm sha1 = new SHA1CryptoServiceProvider();
scm.Verify((RSACryptoServiceProvider)rcert.RSA, sha1);
X509Certificate lcert = null;
if (SecurityPolicy.GetPolicy(scm.SPI).PreExchangedKeys)
{
lcert = _ch.DefaultCertificate;
}
else
{
lcert = _ch.FindCertificate(scm.CAs);
}
sa.LocalCertificate.Value = lcert;
sa.RemoteCertificate.Value = rcert;
sa.RDHE.Value = scm.DHE;
sa.DHEWithCertificateAndCAsInHash.Value = MemBlock.Reference(sha1.ComputeHash((byte[])scm.Packet));
scm_reply.LocalCookie = scm.RemoteCookie;
scm_reply.RemoteCookie = scm.LocalCookie;
scm_reply.DHE = sa.LDHE;
scm_reply.Certificate = MemBlock.Reference(lcert.RawData);
scm_reply.Type = SecurityControlMessage.MessageType.DHEWithCertificate;
lock (_private_key_lock) {
scm_reply.Sign(_private_key, sha1);
}
sa.DHEWithCertificateHash.Value = MemBlock.Reference(sha1.ComputeHash((byte[])scm_reply.Packet));
ICopyable to_send = new CopyList(SecureControl, scm_reply.Packet);
return_path.Send(to_send);
ProtocolLog.WriteIf(ProtocolLog.Security, GetHashCode() + " Successful DHEWithCertificateAndCAs from: " + low_level_sender);
}
public bool Verify(X509Certificate certificate, ISender sender)
{
Address addr = null;
AHSender ahsender = sender as AHSender;
if (ahsender != null)
{
addr = ahsender.Destination;
}
else
{
Edge edge = sender as Edge;
if (edge != null)
{
Connection con = _ct.GetConnection(edge);
if (con != null)
{
addr = con.Address;
}
}
}
if (addr == null)
{
return(true);
}
return(CertificateHandler.Verify(certificate, addr.ToString()));
}
public bool Verify(X509Certificate certificate, ISender sender)
{
AHSender ahsender = sender as AHSender;
if (ahsender == null)
{
return(true);
}
return(CertificateHandler.Verify(certificate, ahsender.Destination.ToString()));
}
/// <summary>Checks with the CertificateHandler to see if the certificates
/// for active sessions are still valid. If they are not, they are closed
/// immediately.</summary>
public void VerifySAs()
{
foreach (SecurityAssociation sa in _sas)
{
string message = "Certificate revoked.";
bool valid = false;
try {
valid = _ch.Verify(sa.RemoteCertificate, sa.Sender);
} catch (Exception e) {
message = e.Message;
}
if (!valid)
{
sa.Close(message);
}
}
}
public bool Verify(string id)
{
return(_ch.Verify(RemoteCertificate, Sender, id));
}