|
public FindCertificate ( List |
||
| supported_cas | List |
A list of CAs of which you would like to /// find a certificate that matches. |
| return | Mono.Security.X509.X509Certificate | |
/// <summary>2a) Receive a CookieResponse that contains a list of CAs, if you have
/// a Certificate that supports one of the CAs send it along with a DHE
/// and a list of your supported CAs in a DHEWithCertificateAndCAs.</summary>
/// <param name="sa">A security association that we wish to perform the
/// specified control operation on.</param>
/// <param name="scm">The received SecurityControlMessage.</param>
/// <param name="scm_reply">A prepared reply message (with headers and such.</param>
/// <param name="return_path">Where to send the result.</param>
/// <param name="low_level_sender">We expect the return_path to not be an edge or
/// some other type of "low level" sender, so this contains the parsed out value.</param>
protected void HandleControlCookieResponse(SecurityAssociation sa,
SecurityControlMessage scm, SecurityControlMessage scm_reply,
ISender return_path, ISender low_level_sender)
{
ProtocolLog.WriteIf(ProtocolLog.Security, GetHashCode() + " Received CookieResponse from: " + low_level_sender);
if (sa == null)
{
throw new Exception("No valid SA!");
}
// This seems like unnecessary code
scm_reply.Type = SecurityControlMessage.MessageType.CookieResponse;
X509Certificate lcert = null;
if (SecurityPolicy.GetPolicy(scm.SPI).PreExchangedKeys)
{
lcert = _ch.DefaultCertificate;
}
else
{
lcert = _ch.FindCertificate(scm.CAs);
}
sa.RemoteCookie.Value = scm.LocalCookie;
sa.LocalCertificate.Value = lcert;
scm_reply.Certificate = lcert.RawData;
scm_reply.DHE = sa.LDHE;
scm_reply.LocalCookie = scm.RemoteCookie;
scm_reply.RemoteCookie = scm.LocalCookie;
scm_reply.Type = SecurityControlMessage.MessageType.DHEWithCertificateAndCAs;
if (SecurityPolicy.GetPolicy(scm.SPI).PreExchangedKeys)
{
scm_reply.CAs = new List <MemBlock>(0);
}
else
{
scm_reply.CAs = _ch.SupportedCAs;
}
HashAlgorithm sha1 = new SHA1CryptoServiceProvider();
lock (_private_key_lock) {
scm_reply.Sign(_private_key, sha1);
}
sa.DHEWithCertificateAndCAsOutHash.Value = sha1.ComputeHash((byte[])scm_reply.Packet);
ICopyable to_send = new CopyList(Security, SecureControl, scm_reply.Packet);
_rrman.SendRequest(return_path, ReqrepManager.ReqrepType.Request,
to_send, this, sa);
ProtocolLog.WriteIf(ProtocolLog.Security, GetHashCode() + " Successful CookieResponse from: " + low_level_sender);
}
public void FindCertificateTest()
{
CertificateHandler ch = new CertificateHandler();
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(512);
byte[] blob = rsa.ExportCspBlob(false);
RSACryptoServiceProvider rsa_pub = new RSACryptoServiceProvider();
rsa_pub.ImportCspBlob(blob);
List <Brunet.Util.MemBlock> supported = new List <Brunet.Util.MemBlock>();
List <Brunet.Util.MemBlock> unsupported = new List <Brunet.Util.MemBlock>();
for (int i = 0; i < 20; i++)
{
CertificateMaker cm = new CertificateMaker("US", "UFL", "ACIS", "David Wolinsky",
"*****@*****.**" + i, rsa_pub, i.ToString());
Certificate cert = cm.Sign(cm, rsa);
if (i % 2 == 0)
{
ch.AddCACertificate(cert.X509);
ch.AddSignedCertificate(cert.X509);
supported.Add(cert.SerialNumber);
}
else
{
unsupported.Add(cert.SerialNumber);
}
}
Assert.IsNotNull(ch.FindCertificate(supported), "Should find a certificate");
bool success = false;
try {
success = ch.FindCertificate(unsupported) != null;
} catch { }
Assert.IsTrue(!success, "Should not find a certificate");
List <Brunet.Util.MemBlock> mixed = new List <Brunet.Util.MemBlock>(unsupported);
mixed.Insert(4, supported[1]);
Assert.AreEqual(supported[1],
Brunet.Util.MemBlock.Reference(ch.FindCertificate(mixed).SerialNumber),
"Only one supported");
}
