|
public Sign ( Certificate Signer, |
||
| Signer | Certificate | |
| PrivateKey | ||
| return | Certificate | |
public void ValidityTest()
{
CertificateHandler ch = new CertificateHandler();
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(512);
byte[] blob = rsa.ExportCspBlob(false);
RSACryptoServiceProvider rsa_pub = new RSACryptoServiceProvider();
rsa_pub.ImportCspBlob(blob);
string ID = "brunet:node:PXYSWDL5SZDHDDXJKZCLFENOP2KZDMBU";
CertificateMaker cm = new CertificateMaker("US", "UFL", "ACIS", "David Wolinsky",
"*****@*****.**", rsa_pub, ID);
Certificate cert_0 = cm.Sign(cm, rsa);
ch.AddSignedCertificate(cert_0.X509);
ch.AddCACertificate(cert_0.X509);
rsa = new RSACryptoServiceProvider(1024);
rsa_pub.ImportCspBlob(rsa.ExportCspBlob(false));
cm = new CertificateMaker("US", "UFL", "ACIS", "David Wolinsky",
"*****@*****.**", rsa_pub, ID);
Certificate cert_1 = cm.Sign(cm, rsa);
Assert.IsTrue(ch.Verify(cert_0.X509, null, ID), "Valid");
bool success = false;
try {
success = ch.Verify(cert_1.X509, null, ID);
} catch { }
Assert.IsTrue(!success, "Valid cert2");
}
public void Test()
{
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
byte[] blob = rsa.ExportCspBlob(false);
RSACryptoServiceProvider rsa_pub = new RSACryptoServiceProvider();
rsa_pub.ImportCspBlob(blob);
CertificateMaker cm = new CertificateMaker("United States", "UFL",
"ACIS", "David Wolinsky", "*****@*****.**", rsa_pub,
"brunet:node:abcdefghijklmnopqrs");
Assert.AreEqual("C=United States, O=UFL, OU=ACIS, CN=David Wolinsky, [email protected]", cm.Subject.DN, "DN test 1");
cm = new CertificateMaker(cm.UnsignedData);
Assert.AreEqual("C=United States, O=UFL, OU=ACIS, CN=David Wolinsky, [email protected]", cm.Subject.DN, "DN test 2");
Certificate cert = cm.Sign(cm, rsa);
Assert.IsTrue(cert.Signature != null, "Signature");
Assert.AreEqual(cm.Subject.DN, cert.Issuer.DN, "Issuer = Subject");
Assert.AreEqual("brunet:node:abcdefghijklmnopqrs", cert.NodeAddress, "Node address");
Mono.Math.BigInteger rsa_pub_bi = new Mono.Math.BigInteger(rsa_pub.ExportCspBlob(false));
Mono.Math.BigInteger cert_pub_bi = new Mono.Math.BigInteger(cert.PublicKey.ExportCspBlob(false));
Assert.AreEqual(rsa_pub_bi, cert_pub_bi, "Key");
SHA1CryptoServiceProvider sha1 = new SHA1CryptoServiceProvider();
Assert.AreEqual(MemBlock.Reference(cert.SerialNumber),
MemBlock.Reference(sha1.ComputeHash(cert.UnsignedData)),
"SerialNumber == hash of unsigned data");
}
public void AddBadLocalCert()
{
CertificateHandler ch = new CertificateHandler("certs", "12345");
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(512);
byte[] blob = rsa.ExportCspBlob(false);
RSACryptoServiceProvider rsa_pub = new RSACryptoServiceProvider();
rsa_pub.ImportCspBlob(blob);
string ID = "brunet:node:PXYSWDL5SZDHDDXJKZCLFENOP2KZDMBU";
CertificateMaker cm = new CertificateMaker("US", "UFL", "ACIS", "David Wolinsky",
"*****@*****.**", rsa_pub, ID);
Certificate cert_0 = cm.Sign(cm, rsa);
ch.AddCACertificate(cert_0.X509);
try {
ch.AddSignedCertificate(cert_0.X509);
Assert.IsTrue(false, "Shouldn't add this certificate!");
} catch {
}
CertificateMaker cm0 = new CertificateMaker("US", "UFL", "ACIS", "David Wolinsky",
"*****@*****.**", rsa_pub, "12345");
Certificate cert_1 = cm0.Sign(cm, rsa);
ch.AddSignedCertificate(cert_1.X509);
}
public void TestParse()
{
RSACryptoServiceProvider key = new RSACryptoServiceProvider();
CertificateMaker cm = new CertificateMaker("United States", "UFL",
"ACIS", "David Wolinsky", "*****@*****.**", key,
"brunet:node:abcdefghijklmnopqrs");
Certificate cert = cm.Sign(cm, key);
UserRevocationMessage urm = new UserRevocationMessage(key, "David Wolinsky");
UserRevocationMessage urm0 = new UserRevocationMessage(cert, MemBlock.Copy(urm));
Assert.AreEqual(urm.Signature, urm0.Signature, "Signature");
Assert.AreEqual(urm.Username, urm0.Username, "Username");
Assert.AreEqual(urm.Hash, urm0.Hash, "Hash");
}
public void FindCertificateTest()
{
CertificateHandler ch = new CertificateHandler();
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(512);
byte[] blob = rsa.ExportCspBlob(false);
RSACryptoServiceProvider rsa_pub = new RSACryptoServiceProvider();
rsa_pub.ImportCspBlob(blob);
List <Brunet.Util.MemBlock> supported = new List <Brunet.Util.MemBlock>();
List <Brunet.Util.MemBlock> unsupported = new List <Brunet.Util.MemBlock>();
for (int i = 0; i < 20; i++)
{
CertificateMaker cm = new CertificateMaker("US", "UFL", "ACIS", "David Wolinsky",
"*****@*****.**" + i, rsa_pub, i.ToString());
Certificate cert = cm.Sign(cm, rsa);
if (i % 2 == 0)
{
ch.AddCACertificate(cert.X509);
ch.AddSignedCertificate(cert.X509);
supported.Add(cert.SerialNumber);
}
else
{
unsupported.Add(cert.SerialNumber);
}
}
Assert.IsNotNull(ch.FindCertificate(supported), "Should find a certificate");
bool success = false;
try {
success = ch.FindCertificate(unsupported) != null;
} catch { }
Assert.IsTrue(!success, "Should not find a certificate");
List <Brunet.Util.MemBlock> mixed = new List <Brunet.Util.MemBlock>(unsupported);
mixed.Insert(4, supported[1]);
Assert.AreEqual(supported[1],
Brunet.Util.MemBlock.Reference(ch.FindCertificate(mixed).SerialNumber),
"Only one supported");
}
protected SecurityOverlord CreateInvalidSO(string name, int level)
{
if (rsa == null)
{
rsa = new RSACryptoServiceProvider();
byte[] blob = rsa.ExportCspBlob(false);
RSACryptoServiceProvider rsa_pub = new RSACryptoServiceProvider();
rsa_pub.ImportCspBlob(blob);
CertificateMaker cm = new CertificateMaker("United States", "UFL",
"ACIS", "David Wolinsky", "*****@*****.**", rsa_pub,
"brunet:node:abcdefghijklmnopqrs");
Certificate cert = cm.Sign(cm, rsa);
x509 = cert.X509;
}
CertificateHandler ch = new CertificateHandler();
if (level == 2 || level == 0)
{
ch.AddCACertificate(x509);
}
if (level == 3 || level == 0)
{
ch.AddSignedCertificate(x509);
}
ReqrepManager rrm = new ReqrepManager("so" + name);
_timeout += rrm.TimeoutChecker;
SecurityOverlord so = new SecurityOverlord(rsa_safe, rrm, ch);
so.AnnounceSA += AnnounceSA;
RoutingDataHandler rdh = new RoutingDataHandler();
rrm.Subscribe(so, null);
so.Subscribe(rdh, null);
rdh.Subscribe(rrm, null);
return(so);
}
public Simulator(Parameters parameters, bool do_not_start)
{
_parameters = parameters;
StartingNetworkSize = parameters.Size;
CurrentNetworkSize = 0;
Nodes = new SortedList<Address, NodeMapping>();
TakenIDs = new SortedList<int, NodeMapping>();
SimBroadcastHandler = new SimpleFilter();
if(parameters.Seed != -1) {
_rand = new Random(parameters.Seed);
} else {
_rand = new Random();
}
BrunetNamespace = "testing" + _rand.Next();
_broken = parameters.Broken;
_secure_edges = parameters.SecureEdges;
_secure_senders = parameters.SecureSenders;
_pathing = parameters.Pathing;
_dtls = parameters.Dtls;
if(_secure_edges || _secure_senders) {
_se_key = new RSACryptoServiceProvider();
byte[] blob = _se_key.ExportCspBlob(false);
RSACryptoServiceProvider rsa_pub = new RSACryptoServiceProvider();
rsa_pub.ImportCspBlob(blob);
CertificateMaker cm = new CertificateMaker("United States", "UFL",
"ACIS", "David Wolinsky", "*****@*****.**", rsa_pub,
"brunet:node:abcdefghijklmnopqrs");
Certificate cert = cm.Sign(cm, _se_key);
_ca_cert = cert;
}
if(parameters.LatencyMap != null) {
SimulationEdgeListener.LatencyMap = parameters.LatencyMap;
}
_start = parameters.Evaluation;
if(!do_not_start) {
Start();
}
_start = false;
}
protected virtual StructuredNode PrepareNode(int id, AHAddress address)
{
if(TakenIDs.ContainsKey(id)) {
throw new Exception("ID already taken");
}
StructuredNode node = new StructuredNode(address, BrunetNamespace);
NodeMapping nm = new NodeMapping();
nm.ID = id;
TakenIDs[id] = nm;
nm.Node = node;
Nodes.Add((Address) address, nm);
EdgeListener el = CreateEdgeListener(nm.ID);
if(_secure_edges || _secure_senders) {
byte[] blob = _se_key.ExportCspBlob(true);
RSACryptoServiceProvider rsa_copy = new RSACryptoServiceProvider();
rsa_copy.ImportCspBlob(blob);
string username = address.ToString().Replace('=', '0');
CertificateMaker cm = new CertificateMaker("United States", "UFL",
"ACIS", username, "*****@*****.**", rsa_copy,
address.ToString());
Certificate cert = cm.Sign(_ca_cert, _se_key);
CertificateHandler ch = null;
if(_dtls) {
ch = new OpenSslCertificateHandler();
} else {
ch = new CertificateHandler();
}
ch.AddCACertificate(_ca_cert.X509);
ch.AddSignedCertificate(cert.X509);
if(_dtls) {
nm.SO = new DtlsOverlord(rsa_copy, ch, PeerSecOverlord.Security);
} else {
nm.Sso = new SymphonySecurityOverlord(node, rsa_copy, ch, node.Rrm);
nm.SO = nm.Sso;
}
var brh = new BroadcastRevocationHandler(_ca_cert, nm.SO);
node.GetTypeSource(BroadcastRevocationHandler.PType).Subscribe(brh, null);
ch.AddCertificateVerification(brh);
nm.SO.Subscribe(node, null);
node.GetTypeSource(PeerSecOverlord.Security).Subscribe(nm.SO, null);
}
if(_pathing) {
nm.PathEM = new PathELManager(el, nm.Node);
nm.PathEM.Start();
el = nm.PathEM.CreatePath();
PType path_p = PType.Protocol.Pathing;
nm.Node.DemuxHandler.GetTypeSource(path_p).Subscribe(nm.PathEM, path_p);
}
if(_secure_edges) {
node.EdgeVerifyMethod = EdgeVerify.AddressInSubjectAltName;
el = new SecureEdgeListener(el, nm.SO);
}
node.AddEdgeListener(el);
if(!_start) {
node.RemoteTAs = GetRemoteTAs();
}
IRelayOverlap ito = null;
if(NCEnable) {
nm.NCService = new NCService(node, new Point());
// My evaluations show that when this is enabled the system sucks
// (node as StructuredNode).Sco.TargetSelector = new VivaldiTargetSelector(node, ncservice);
ito = new NCRelayOverlap(nm.NCService);
} else {
ito = new SimpleRelayOverlap();
}
if(_broken != 0) {
el = new Relay.RelayEdgeListener(node, ito);
if(_secure_edges) {
el = new SecureEdgeListener(el, nm.SO);
}
node.AddEdgeListener(el);
}
BroadcastHandler bhandler = new BroadcastHandler(node as StructuredNode);
node.DemuxHandler.GetTypeSource(BroadcastSender.PType).Subscribe(bhandler, null);
node.DemuxHandler.GetTypeSource(SimBroadcastPType).Subscribe(SimBroadcastHandler, null);
// Enables Dht data store
new TableServer(node);
nm.Dht = new Dht(node, 3, 20);
nm.DhtProxy = new RpcDhtProxy(nm.Dht, node);
return node;
}
public void TestParse()
{
RSACryptoServiceProvider key = new RSACryptoServiceProvider();
CertificateMaker cm = new CertificateMaker("United States", "UFL",
"ACIS", "David Wolinsky", "*****@*****.**", key,
"brunet:node:abcdefghijklmnopqrs");
Certificate cert = cm.Sign(cm, key);
UserRevocationMessage urm = new UserRevocationMessage(key, "David Wolinsky");
UserRevocationMessage urm0 = new UserRevocationMessage(cert, MemBlock.Copy(urm));
Assert.AreEqual(urm.Signature, urm0.Signature, "Signature");
Assert.AreEqual(urm.Username, urm0.Username, "Username");
Assert.AreEqual(urm.Hash, urm0.Hash, "Hash");
}
public void SecureStartup()
{
if(SEKey != null) {
return;
}
SEKey = new RSACryptoServiceProvider();
byte[] blob = SEKey.ExportCspBlob(false);
RSACryptoServiceProvider rsa_pub = new RSACryptoServiceProvider();
rsa_pub.ImportCspBlob(blob);
CertificateMaker cm = new CertificateMaker("United States", "UFL",
"ACIS", "David Wolinsky", "*****@*****.**", rsa_pub,
"brunet:node:abcdefghijklmnopqrs");
Certificate cert = cm.Sign(cm, SEKey);
CACert = cert;
}
protected virtual StructuredNode PrepareNode(int id, AHAddress address)
{
if(TakenIDs.Contains(id)) {
throw new Exception("ID already taken");
}
StructuredNode node = new StructuredNode(address, BrunetNamespace);
NodeMapping nm = new NodeMapping();
TakenIDs[id] = nm.ID = id;
nm.Node = node;
Nodes.Add((Address) address, nm);
EdgeListener el = CreateEdgeListener(nm.ID);
if(SecureEdges || SecureSenders) {
byte[] blob = SEKey.ExportCspBlob(true);
RSACryptoServiceProvider rsa_copy = new RSACryptoServiceProvider();
rsa_copy.ImportCspBlob(blob);
CertificateMaker cm = new CertificateMaker("United States", "UFL",
"ACIS", "David Wolinsky", "*****@*****.**", rsa_copy,
address.ToString());
Certificate cert = cm.Sign(CACert, SEKey);
CertificateHandler ch = new CertificateHandler();
ch.AddCACertificate(CACert.X509);
ch.AddSignedCertificate(cert.X509);
ProtocolSecurityOverlord so = new ProtocolSecurityOverlord(node, rsa_copy, node.Rrm, ch);
so.Subscribe(node, null);
node.GetTypeSource(SecurityOverlord.Security).Subscribe(so, null);
nm.BSO = so;
node.HeartBeatEvent += so.Heartbeat;
}
if(SecureEdges) {
node.EdgeVerifyMethod = EdgeVerify.AddressInSubjectAltName;
el = new SecureEdgeListener(el, nm.BSO);
}
node.AddEdgeListener(el);
node.RemoteTAs = GetRemoteTAs();
ITunnelOverlap ito = null;
if(NCEnable) {
nm.NCService = new NCService(node, new Point());
// My evaluations show that when this is enabled the system sucks
// (node as StructuredNode).Sco.TargetSelector = new VivaldiTargetSelector(node, ncservice);
ito = new NCTunnelOverlap(nm.NCService);
} else {
ito = new SimpleTunnelOverlap();
}
if(Broken != 0) {
el = new Tunnel.TunnelEdgeListener(node, ito);
node.AddEdgeListener(el);
}
// Enables Dht data store
new TableServer(node);
return node;
}