///<summary>When a SecurityAssociation changes amongst inactive, active, ///or closed this gets notified.</summary> protected void AnnounceSA(SecurityAssociation sa, SecurityAssociation.States state) { Edge e = sa.Sender as Edge; // if e is an edge, let's see if he's creating a SE // or maybe it isn't our edge! if (e == null) { return; } else if (e.TAType != this.TAType) { return; } if (state == SecurityAssociation.States.Active) { SecurityAssociation stored_sa = null; if (!RemoveFromDictionary(e, out stored_sa)) { // May have already been here return; } else if (stored_sa != null && stored_sa != sa) { throw new Exception("Cannot have the same edge used in multiple SAs"); } SecureEdge se = new SecureEdge(e, sa); sa.Subscribe(se, null); try { Finalize(se); } catch { se.Close(); } } else if (state == SecurityAssociation.States.Closed) { e.Close(); } }
///<summary>When a SecurityAssociation changes amongst inactive, active, ///or closed this gets notified.</summary> protected void AnnounceSA(object o, EventArgs ea) { SecurityAssociation sa = o as SecurityAssociation; if (sa == null) { throw new Exception("Needs to be a SecurityAssociation"); } Edge e = sa.Sender as Edge; // if e is an edge, let's see if he's creating a SE // or maybe it isn't our edge! if (e == null) { return; } else if (e.TAType != this.TAType) { return; } if (sa.Active) { SecureEdge se = new SecureEdge(e, sa); sa.Subscribe(se, null); try { Finalize(se); } catch { se.Close(); } } else { e.Close(); } }
public void SHUpdateTest() { callback_count = 0; int spi = SecurityPolicy.DefaultSPI; MockSender sender1 = new MockSender(null, null, null, 2); MockSender sender2 = new MockSender(null, null, null, 2); SecurityAssociation sa1 = new SecurityAssociation(sender1, spi); sa1.StateChange += StateChange; sender2.Receiver = sa1; MockDataHandler mdh1 = new MockDataHandler(); sa1.Subscribe(mdh1, null); SecurityAssociation sa2 = new SecurityAssociation(sender2, spi); sender1.Receiver = sa2; MockDataHandler mdh2 = new MockDataHandler(); sa2.Subscribe(mdh2, null); Setup(ref sa1, ref sa2); sa1.RequestUpdate += Callback; sa2.RequestUpdate += Callback; byte[] b = null; Random rand = new Random(); MemBlock mb = null; int current_epoch = sa1.CurrentEpoch; for(int i = 0; i < 80; i++) { b = new byte[128]; rand.NextBytes(b); mb = MemBlock.Reference(b); sa1.Send(mb); Assert.IsTrue(mdh2.Contains(mb), "Contains" + i); if(i % 20 == 0 && i != 0) { Assert.AreEqual(callback_count, 1, "Callback count " + i); callback_count = 0; Thread.Sleep(SecurityAssociation.TIMEOUT * 2 + 5); Setup(ref sa1, ref sa2); } else { if(i % 20 == 1 && i != 1) { Assert.IsFalse(current_epoch == sa1.CurrentEpoch, "Current epoch " + i); current_epoch = sa1.CurrentEpoch; } Assert.AreEqual(current_epoch, sa1.CurrentEpoch, "Current epoch " + i); } } }
public void Test() { int spi = SecurityPolicy.DefaultSPI; MockSender sender1 = new MockSender(null, null, null, 2); MockSender sender2 = new MockSender(null, null, null, 2); SecurityAssociation sa1 = new SecurityAssociation(sender1, spi); sa1.StateChange += StateChange; sender2.Receiver = sa1; MockDataHandler mdh1 = new MockDataHandler(); sa1.Subscribe(mdh1, null); SecurityAssociation sa2 = new SecurityAssociation(sender2, spi); sender1.Receiver = sa2; MockDataHandler mdh2 = new MockDataHandler(); sa2.Subscribe(mdh2, null); byte[] b = null; Random rand = new Random(); MemBlock mb = null; int current_epoch = sa1.CurrentEpoch; for(int i = 0; i < 5; i++) { Thread.Sleep(SecurityAssociation.TIMEOUT * 2 + 5); Setup(ref sa1, ref sa2); b = new byte[128]; rand.NextBytes(b); mb = MemBlock.Reference(b); sa1.Send(mb); Assert.IsTrue(mdh2.Contains(mb), "Contains" + i); Assert.AreEqual(state, sa1.State, "State == Active" + i); Assert.IsFalse(current_epoch == sa1.CurrentEpoch, "Current epoch " + i); current_epoch = sa1.CurrentEpoch; } sa1.GarbageCollect(); sa1.GarbageCollect(); b = new byte[128]; rand.NextBytes(b); mb = MemBlock.Reference(b); try { sa1.Send(mb); } catch {} Assert.IsTrue(!mdh2.Contains(mb), "Failed!"); Assert.AreEqual(state, sa1.State, "State == Failed"); }
/// <summary>Whenever an SA changes amongst inactive, active, and closed /// this is called.</summary> /// <param name="o">The SA whose state changes.</summary> protected void SAStateChange(SecurityAssociation sa, SecurityAssociation.States state) { if(state == SecurityAssociation.States.Active) { if(_sub != null) { sa.Subscribe(_sub.Handler, null); } else { sa.Subscribe(this, null); } } else if(state == SecurityAssociation.States.Updating) { sa.Subscribe(this, null); } else if(sa.Closed) { RemoveSA(sa); } if(AnnounceSA != null) { AnnounceSA(sa, state); } }
///<summary>When a SecurityAssociation changes amongst inactive, active, ///or closed this gets notified.</summary> protected void AnnounceSA(SecurityAssociation sa, SecurityAssociation.States state) { Edge e = sa.Sender as Edge; // if e is an edge, let's see if he's creating a SE // or maybe it isn't our edge! if(e == null) { return; } else if(e.TAType != this.TAType) { return; } if(state == SecurityAssociation.States.Active) { SecurityAssociation stored_sa = null; if(!RemoveFromDictionary(e, out stored_sa)) { // May have already been here return; } else if(stored_sa != null && stored_sa != sa) { throw new Exception("Cannot have the same edge used in multiple SAs"); } SecureEdge se = new SecureEdge(e, sa); sa.Subscribe(se, null); try { Finalize(se); } catch { se.Close(); } } else if(state == SecurityAssociation.States.Closed) { e.Close(); } }
public void Test() { Timer t = new Timer(Timeout, null, 0, 500); PeerSecOverlord so0 = CreateValidSO("valid0"); PeerSecOverlord so1 = CreateValidSO("valid1"); //Test block one { MockSender ms0 = new MockSender(null, null, so1, 0); MockSender ms1 = new MockSender(ms0, null, so0, 0); ms0.ReturnPath = ms1; SecurityAssociation sa0 = so0.CreateSecurityAssociation(ms0); SecurityAssociation sa1 = so1.CreateSecurityAssociation(ms1); Assert.AreEqual(sa0.State, SecurityAssociation.States.Active, "sa0 should be active!"); Assert.AreEqual(sa1.State, SecurityAssociation.States.Active, "sa1 should be active!"); Assert.AreEqual(so0.SACount, 1, "so0 should contain just one!"); Assert.AreEqual(so1.SACount, 1, "so1 should contain just one!"); Random rand = new Random(); byte[] b = new byte[128]; rand.NextBytes(b); MemBlock mb = MemBlock.Reference(b); sa1.Send(mb); new SecurityPolicy(12345, "DES", "MD5"); sa0 = so0.CreateSecurityAssociation(ms0, 12345); Assert.AreEqual(sa0.State, SecurityAssociation.States.Active, "sa0 should be active!"); Assert.AreEqual(so0.SACount, 2, "so0 should contain just one!"); Assert.AreEqual(so1.SACount, 2, "so1 should contain just one!"); b = new byte[128]; rand.NextBytes(b); mb = MemBlock.Reference(b); sa0.Send(mb); } // create ~250 valid SAs for one guy... for (int i = 2; i < 250; i++) { PeerSecOverlord so = CreateValidSO("valid" + i); MockSender msa = new MockSender(null, null, so, 0); MockSender msb = new MockSender(msa, null, so0, 0); msa.ReturnPath = msb; SecurityAssociation sab = so.CreateSecurityAssociation(msb); Assert.AreEqual(sab.State, SecurityAssociation.States.Active, "sab should be active! " + i); SecurityAssociation saa = so0.CreateSecurityAssociation(msa); Assert.AreEqual(saa.State, SecurityAssociation.States.Active, "saa should be active! " + i); MockDataHandler mdha = new MockDataHandler(); saa.Subscribe(mdha, null); MockDataHandler mdhb = new MockDataHandler(); sab.Subscribe(mdhb, null); Random rand = new Random(); byte[] b = new byte[128]; rand.NextBytes(b); MemBlock mb = MemBlock.Reference(b); sab.Send(mb); Assert.IsTrue(mdha.Contains(mb), "mdhb Contains " + i); b = new byte[128]; rand.NextBytes(b); mb = MemBlock.Reference(b); sab.Send(mb); Assert.IsTrue(mdha.Contains(mb), "mdha Contains " + i); } for (int i = 250; i < 500; i++) { int ij = (250 % 3) + 1; PeerSecOverlord so = CreateInvalidSO("valid" + i, ij); MockSender msa = new MockSender(null, null, so, 0); MockSender msb = new MockSender(msa, null, so0, 0); msa.ReturnPath = msb; SecurityAssociation sab = so.CreateSecurityAssociation(msb); SecurityAssociation saa = so0.CreateSecurityAssociation(msa); Assert.AreEqual(sab.State, SecurityAssociation.States.Waiting, "sab should be waiting! " + i); Assert.AreEqual(saa.State, SecurityAssociation.States.Waiting, "saa should be waiting! " + i); } // create ~250 valid SAs for one guy... for (int i = 500; i < 750; i++) { PeerSecOverlord so = CreateValidSO("valid" + i); MockSender msa = new MockSender(null, null, so, 0); MockSender msb = new MockSender(msa, null, so0, 0); msa.ReturnPath = msb; SecurityAssociation sab = so.CreateSecurityAssociation(msb); Assert.AreEqual(sab.State, SecurityAssociation.States.Active, "sab should be active! " + i); SecurityAssociation saa = so0.CreateSecurityAssociation(msa); Assert.AreEqual(saa.State, SecurityAssociation.States.Active, "saa should be active! " + i); MockDataHandler mdha = new MockDataHandler(); saa.Subscribe(mdha, null); MockDataHandler mdhb = new MockDataHandler(); sab.Subscribe(mdhb, null); Random rand = new Random(); byte[] b = new byte[128]; rand.NextBytes(b); MemBlock mb = MemBlock.Reference(b); sab.Send(mb); Assert.IsTrue(mdha.Contains(mb), "mdhb Contains " + i); b = new byte[128]; rand.NextBytes(b); mb = MemBlock.Reference(b); sab.Send(mb); Assert.IsTrue(mdha.Contains(mb), "mdha Contains " + i); } Random randr = new Random(); byte[] br = new byte[128]; randr.NextBytes(br); MemBlock mbr = MemBlock.Reference(br); // New logic requires that we call this first, to set all SAs to not // running, the following for loop sets all "Active" SAs back to _running // Thus keeping the original intent of this test. The new logic only // affects testing paths. so0.CheckSAs(DateTime.UtcNow); foreach (Dictionary <ISender, PeerSecAssociation> sender_to_sa in so0.SPI.Values) { foreach (SecurityAssociation sa in sender_to_sa.Values) { if (sa.State == SecurityAssociation.States.Active) { sa.Send(mbr); } } } so0.CheckSAs(DateTime.UtcNow); Assert.AreEqual(500, so0.SACount, "Count!"); so0.CheckSAs(DateTime.UtcNow); Assert.AreEqual(0, so0.SACount, "Count!"); t.Dispose(); }
/// <summary>This (idempotently) returns a new SecurityAssociation for the /// specified sender using the specified SA.</summary> virtual protected SecurityAssociation CreateSecurityAssociation(ISender Sender, int SPI) { if(!SecurityPolicy.Supports(SPI)) { throw new Exception("Unsupported SPI"); } SecurityAssociation sa = null; int count = 0; lock(_sync) { Dictionary<ISender, SecurityAssociation> sender_to_sa = null; if(_spi.ContainsKey(SPI)) { sender_to_sa = _spi[SPI]; } else { sender_to_sa = new Dictionary<ISender, SecurityAssociation>(); _spi[SPI] = sender_to_sa; } if(sender_to_sa.ContainsKey(Sender)) { sa = sender_to_sa[Sender]; } else { sa = new SecurityAssociation(Sender, SPI); sa.Subscribe(this, null); sa.StateChange += SAStateChange; sa.RequestUpdate += SARequestUpdate; sender_to_sa[Sender] = sa; } } return sa; }