///<summary>When a SecurityAssociation changes amongst inactive, active,
///or closed this gets notified.</summary>
protected void AnnounceSA(SecurityAssociation sa,
SecurityAssociation.States state)
{
Edge e = sa.Sender as Edge;
// if e is an edge, let's see if he's creating a SE
// or maybe it isn't our edge!
if (e == null)
{
return;
}
else if (e.TAType != this.TAType)
{
return;
}
if (state == SecurityAssociation.States.Active)
{
SecurityAssociation stored_sa = null;
if (!RemoveFromDictionary(e, out stored_sa))
{
// May have already been here
return;
}
else if (stored_sa != null && stored_sa != sa)
{
throw new Exception("Cannot have the same edge used in multiple SAs");
}
SecureEdge se = new SecureEdge(e, sa);
sa.Subscribe(se, null);
try {
Finalize(se);
} catch {
se.Close();
}
}
else if (state == SecurityAssociation.States.Closed)
{
e.Close();
}
}
///<summary>When a SecurityAssociation changes amongst inactive, active,
///or closed this gets notified.</summary>
protected void AnnounceSA(object o, EventArgs ea)
{
SecurityAssociation sa = o as SecurityAssociation;
if (sa == null)
{
throw new Exception("Needs to be a SecurityAssociation");
}
Edge e = sa.Sender as Edge;
// if e is an edge, let's see if he's creating a SE
// or maybe it isn't our edge!
if (e == null)
{
return;
}
else if (e.TAType != this.TAType)
{
return;
}
if (sa.Active)
{
SecureEdge se = new SecureEdge(e, sa);
sa.Subscribe(se, null);
try {
Finalize(se);
} catch {
se.Close();
}
}
else
{
e.Close();
}
}
public void SHUpdateTest() {
callback_count = 0;
int spi = SecurityPolicy.DefaultSPI;
MockSender sender1 = new MockSender(null, null, null, 2);
MockSender sender2 = new MockSender(null, null, null, 2);
SecurityAssociation sa1 = new SecurityAssociation(sender1, spi);
sa1.StateChange += StateChange;
sender2.Receiver = sa1;
MockDataHandler mdh1 = new MockDataHandler();
sa1.Subscribe(mdh1, null);
SecurityAssociation sa2 = new SecurityAssociation(sender2, spi);
sender1.Receiver = sa2;
MockDataHandler mdh2 = new MockDataHandler();
sa2.Subscribe(mdh2, null);
Setup(ref sa1, ref sa2);
sa1.RequestUpdate += Callback;
sa2.RequestUpdate += Callback;
byte[] b = null;
Random rand = new Random();
MemBlock mb = null;
int current_epoch = sa1.CurrentEpoch;
for(int i = 0; i < 80; i++) {
b = new byte[128];
rand.NextBytes(b);
mb = MemBlock.Reference(b);
sa1.Send(mb);
Assert.IsTrue(mdh2.Contains(mb), "Contains" + i);
if(i % 20 == 0 && i != 0) {
Assert.AreEqual(callback_count, 1, "Callback count " + i);
callback_count = 0;
Thread.Sleep(SecurityAssociation.TIMEOUT * 2 + 5);
Setup(ref sa1, ref sa2);
} else {
if(i % 20 == 1 && i != 1) {
Assert.IsFalse(current_epoch == sa1.CurrentEpoch, "Current epoch " + i);
current_epoch = sa1.CurrentEpoch;
}
Assert.AreEqual(current_epoch, sa1.CurrentEpoch, "Current epoch " + i);
}
}
}
public void Test() {
int spi = SecurityPolicy.DefaultSPI;
MockSender sender1 = new MockSender(null, null, null, 2);
MockSender sender2 = new MockSender(null, null, null, 2);
SecurityAssociation sa1 = new SecurityAssociation(sender1, spi);
sa1.StateChange += StateChange;
sender2.Receiver = sa1;
MockDataHandler mdh1 = new MockDataHandler();
sa1.Subscribe(mdh1, null);
SecurityAssociation sa2 = new SecurityAssociation(sender2, spi);
sender1.Receiver = sa2;
MockDataHandler mdh2 = new MockDataHandler();
sa2.Subscribe(mdh2, null);
byte[] b = null;
Random rand = new Random();
MemBlock mb = null;
int current_epoch = sa1.CurrentEpoch;
for(int i = 0; i < 5; i++) {
Thread.Sleep(SecurityAssociation.TIMEOUT * 2 + 5);
Setup(ref sa1, ref sa2);
b = new byte[128];
rand.NextBytes(b);
mb = MemBlock.Reference(b);
sa1.Send(mb);
Assert.IsTrue(mdh2.Contains(mb), "Contains" + i);
Assert.AreEqual(state, sa1.State, "State == Active" + i);
Assert.IsFalse(current_epoch == sa1.CurrentEpoch, "Current epoch " + i);
current_epoch = sa1.CurrentEpoch;
}
sa1.GarbageCollect();
sa1.GarbageCollect();
b = new byte[128];
rand.NextBytes(b);
mb = MemBlock.Reference(b);
try {
sa1.Send(mb);
} catch {}
Assert.IsTrue(!mdh2.Contains(mb), "Failed!");
Assert.AreEqual(state, sa1.State, "State == Failed");
}
/// <summary>Whenever an SA changes amongst inactive, active, and closed
/// this is called.</summary>
/// <param name="o">The SA whose state changes.</summary>
protected void SAStateChange(SecurityAssociation sa,
SecurityAssociation.States state)
{
if(state == SecurityAssociation.States.Active) {
if(_sub != null) {
sa.Subscribe(_sub.Handler, null);
} else {
sa.Subscribe(this, null);
}
} else if(state == SecurityAssociation.States.Updating) {
sa.Subscribe(this, null);
} else if(sa.Closed) {
RemoveSA(sa);
}
if(AnnounceSA != null) {
AnnounceSA(sa, state);
}
}
///<summary>When a SecurityAssociation changes amongst inactive, active,
///or closed this gets notified.</summary>
protected void AnnounceSA(SecurityAssociation sa,
SecurityAssociation.States state)
{
Edge e = sa.Sender as Edge;
// if e is an edge, let's see if he's creating a SE
// or maybe it isn't our edge!
if(e == null) {
return;
} else if(e.TAType != this.TAType) {
return;
}
if(state == SecurityAssociation.States.Active) {
SecurityAssociation stored_sa = null;
if(!RemoveFromDictionary(e, out stored_sa)) {
// May have already been here
return;
} else if(stored_sa != null && stored_sa != sa) {
throw new Exception("Cannot have the same edge used in multiple SAs");
}
SecureEdge se = new SecureEdge(e, sa);
sa.Subscribe(se, null);
try {
Finalize(se);
} catch {
se.Close();
}
} else if(state == SecurityAssociation.States.Closed) {
e.Close();
}
}
public void Test()
{
Timer t = new Timer(Timeout, null, 0, 500);
PeerSecOverlord so0 = CreateValidSO("valid0");
PeerSecOverlord so1 = CreateValidSO("valid1");
//Test block one
{
MockSender ms0 = new MockSender(null, null, so1, 0);
MockSender ms1 = new MockSender(ms0, null, so0, 0);
ms0.ReturnPath = ms1;
SecurityAssociation sa0 = so0.CreateSecurityAssociation(ms0);
SecurityAssociation sa1 = so1.CreateSecurityAssociation(ms1);
Assert.AreEqual(sa0.State, SecurityAssociation.States.Active, "sa0 should be active!");
Assert.AreEqual(sa1.State, SecurityAssociation.States.Active, "sa1 should be active!");
Assert.AreEqual(so0.SACount, 1, "so0 should contain just one!");
Assert.AreEqual(so1.SACount, 1, "so1 should contain just one!");
Random rand = new Random();
byte[] b = new byte[128];
rand.NextBytes(b);
MemBlock mb = MemBlock.Reference(b);
sa1.Send(mb);
new SecurityPolicy(12345, "DES", "MD5");
sa0 = so0.CreateSecurityAssociation(ms0, 12345);
Assert.AreEqual(sa0.State, SecurityAssociation.States.Active, "sa0 should be active!");
Assert.AreEqual(so0.SACount, 2, "so0 should contain just one!");
Assert.AreEqual(so1.SACount, 2, "so1 should contain just one!");
b = new byte[128];
rand.NextBytes(b);
mb = MemBlock.Reference(b);
sa0.Send(mb);
}
// create ~250 valid SAs for one guy...
for (int i = 2; i < 250; i++)
{
PeerSecOverlord so = CreateValidSO("valid" + i);
MockSender msa = new MockSender(null, null, so, 0);
MockSender msb = new MockSender(msa, null, so0, 0);
msa.ReturnPath = msb;
SecurityAssociation sab = so.CreateSecurityAssociation(msb);
Assert.AreEqual(sab.State, SecurityAssociation.States.Active, "sab should be active! " + i);
SecurityAssociation saa = so0.CreateSecurityAssociation(msa);
Assert.AreEqual(saa.State, SecurityAssociation.States.Active, "saa should be active! " + i);
MockDataHandler mdha = new MockDataHandler();
saa.Subscribe(mdha, null);
MockDataHandler mdhb = new MockDataHandler();
sab.Subscribe(mdhb, null);
Random rand = new Random();
byte[] b = new byte[128];
rand.NextBytes(b);
MemBlock mb = MemBlock.Reference(b);
sab.Send(mb);
Assert.IsTrue(mdha.Contains(mb), "mdhb Contains " + i);
b = new byte[128];
rand.NextBytes(b);
mb = MemBlock.Reference(b);
sab.Send(mb);
Assert.IsTrue(mdha.Contains(mb), "mdha Contains " + i);
}
for (int i = 250; i < 500; i++)
{
int ij = (250 % 3) + 1;
PeerSecOverlord so = CreateInvalidSO("valid" + i, ij);
MockSender msa = new MockSender(null, null, so, 0);
MockSender msb = new MockSender(msa, null, so0, 0);
msa.ReturnPath = msb;
SecurityAssociation sab = so.CreateSecurityAssociation(msb);
SecurityAssociation saa = so0.CreateSecurityAssociation(msa);
Assert.AreEqual(sab.State, SecurityAssociation.States.Waiting, "sab should be waiting! " + i);
Assert.AreEqual(saa.State, SecurityAssociation.States.Waiting, "saa should be waiting! " + i);
}
// create ~250 valid SAs for one guy...
for (int i = 500; i < 750; i++)
{
PeerSecOverlord so = CreateValidSO("valid" + i);
MockSender msa = new MockSender(null, null, so, 0);
MockSender msb = new MockSender(msa, null, so0, 0);
msa.ReturnPath = msb;
SecurityAssociation sab = so.CreateSecurityAssociation(msb);
Assert.AreEqual(sab.State, SecurityAssociation.States.Active, "sab should be active! " + i);
SecurityAssociation saa = so0.CreateSecurityAssociation(msa);
Assert.AreEqual(saa.State, SecurityAssociation.States.Active, "saa should be active! " + i);
MockDataHandler mdha = new MockDataHandler();
saa.Subscribe(mdha, null);
MockDataHandler mdhb = new MockDataHandler();
sab.Subscribe(mdhb, null);
Random rand = new Random();
byte[] b = new byte[128];
rand.NextBytes(b);
MemBlock mb = MemBlock.Reference(b);
sab.Send(mb);
Assert.IsTrue(mdha.Contains(mb), "mdhb Contains " + i);
b = new byte[128];
rand.NextBytes(b);
mb = MemBlock.Reference(b);
sab.Send(mb);
Assert.IsTrue(mdha.Contains(mb), "mdha Contains " + i);
}
Random randr = new Random();
byte[] br = new byte[128];
randr.NextBytes(br);
MemBlock mbr = MemBlock.Reference(br);
// New logic requires that we call this first, to set all SAs to not
// running, the following for loop sets all "Active" SAs back to _running
// Thus keeping the original intent of this test. The new logic only
// affects testing paths.
so0.CheckSAs(DateTime.UtcNow);
foreach (Dictionary <ISender, PeerSecAssociation> sender_to_sa in so0.SPI.Values)
{
foreach (SecurityAssociation sa in sender_to_sa.Values)
{
if (sa.State == SecurityAssociation.States.Active)
{
sa.Send(mbr);
}
}
}
so0.CheckSAs(DateTime.UtcNow);
Assert.AreEqual(500, so0.SACount, "Count!");
so0.CheckSAs(DateTime.UtcNow);
Assert.AreEqual(0, so0.SACount, "Count!");
t.Dispose();
}
/// <summary>This (idempotently) returns a new SecurityAssociation for the
/// specified sender using the specified SA.</summary>
virtual protected SecurityAssociation CreateSecurityAssociation(ISender Sender, int SPI) {
if(!SecurityPolicy.Supports(SPI)) {
throw new Exception("Unsupported SPI");
}
SecurityAssociation sa = null;
int count = 0;
lock(_sync) {
Dictionary<ISender, SecurityAssociation> sender_to_sa = null;
if(_spi.ContainsKey(SPI)) {
sender_to_sa = _spi[SPI];
} else {
sender_to_sa = new Dictionary<ISender, SecurityAssociation>();
_spi[SPI] = sender_to_sa;
}
if(sender_to_sa.ContainsKey(Sender)) {
sa = sender_to_sa[Sender];
} else {
sa = new SecurityAssociation(Sender, SPI);
sa.Subscribe(this, null);
sa.StateChange += SAStateChange;
sa.RequestUpdate += SARequestUpdate;
sender_to_sa[Sender] = sa;
}
}
return sa;
}
