public Verify ( Mono.Security.X509.X509Certificate x509, ISender sender ) : bool | ||
x509 | Mono.Security.X509.X509Certificate | |
sender | ISender | |
Résultat | bool |
public void ValidityTest() { CertificateHandler ch = new CertificateHandler(); RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(512); byte[] blob = rsa.ExportCspBlob(false); RSACryptoServiceProvider rsa_pub = new RSACryptoServiceProvider(); rsa_pub.ImportCspBlob(blob); string ID = "brunet:node:PXYSWDL5SZDHDDXJKZCLFENOP2KZDMBU"; CertificateMaker cm = new CertificateMaker("US", "UFL", "ACIS", "David Wolinsky", "*****@*****.**", rsa_pub, ID); Certificate cert_0 = cm.Sign(cm, rsa); ch.AddSignedCertificate(cert_0.X509); ch.AddCACertificate(cert_0.X509); rsa = new RSACryptoServiceProvider(1024); rsa_pub.ImportCspBlob(rsa.ExportCspBlob(false)); cm = new CertificateMaker("US", "UFL", "ACIS", "David Wolinsky", "*****@*****.**", rsa_pub, ID); Certificate cert_1 = cm.Sign(cm, rsa); Assert.IsTrue(ch.Verify(cert_0.X509, null, ID), "Valid"); bool success = false; try { success = ch.Verify(cert_1.X509, null, ID); } catch { } Assert.IsTrue(!success, "Valid cert2"); }
/// <summary>2b) Receive a DHEWithCertificateAndCAs, verify the certificate and attempt /// to find a matching Certificate for the list of CAs, if you find one, /// finish the DHE handshake and send the certificate via a DHEWithCertificate</summary> /// <param name="sa">A security association that we wish to perform the /// specified control operation on.</param> /// <param name="scm">The received SecurityControlMessage.</param> /// <param name="scm_reply">A prepared reply message (with headers and such.</param> /// <param name="return_path">Where to send the result.</param> /// <param name="low_level_sender">We expect the return_path to not be an edge or /// some other type of "low level" sender, so this contains the parsed out value.</param> protected void HandleControlDHEWithCertificateAndCAs(SecurityAssociation sa, SecurityControlMessage scm, SecurityControlMessage scm_reply, ISender return_path, ISender low_level_sender) { ProtocolLog.WriteIf(ProtocolLog.Security, GetHashCode() + " Received DHEWithCertificateAndCAs from: " + low_level_sender); if (sa == null) { sa = CreateSecurityAssociation(low_level_sender, scm.SPI, false); } byte[] cert = new byte[scm.Certificate.Length]; scm.Certificate.CopyTo(cert, 0); X509Certificate rcert = new X509Certificate(cert); _ch.Verify(rcert); HashAlgorithm sha1 = new SHA1CryptoServiceProvider(); scm.Verify((RSACryptoServiceProvider)rcert.RSA, sha1); X509Certificate lcert = null; if (SecurityPolicy.GetPolicy(scm.SPI).PreExchangedKeys) { lcert = _ch.DefaultCertificate; } else { lcert = _ch.FindCertificate(scm.CAs); } sa.LocalCertificate.Value = lcert; sa.RemoteCertificate.Value = rcert; sa.RDHE.Value = scm.DHE; sa.DHEWithCertificateAndCAsInHash.Value = MemBlock.Reference(sha1.ComputeHash((byte[])scm.Packet)); scm_reply.LocalCookie = scm.RemoteCookie; scm_reply.RemoteCookie = scm.LocalCookie; scm_reply.DHE = sa.LDHE; scm_reply.Certificate = MemBlock.Reference(lcert.RawData); scm_reply.Type = SecurityControlMessage.MessageType.DHEWithCertificate; lock (_private_key_lock) { scm_reply.Sign(_private_key, sha1); } sa.DHEWithCertificateHash.Value = MemBlock.Reference(sha1.ComputeHash((byte[])scm_reply.Packet)); ICopyable to_send = new CopyList(SecureControl, scm_reply.Packet); return_path.Send(to_send); ProtocolLog.WriteIf(ProtocolLog.Security, GetHashCode() + " Successful DHEWithCertificateAndCAs from: " + low_level_sender); }
public bool Verify(X509Certificate certificate, ISender sender) { Address addr = null; AHSender ahsender = sender as AHSender; if (ahsender != null) { addr = ahsender.Destination; } else { Edge edge = sender as Edge; if (edge != null) { Connection con = _ct.GetConnection(edge); if (con != null) { addr = con.Address; } } } if (addr == null) { return(true); } return(CertificateHandler.Verify(certificate, addr.ToString())); }
public bool Verify(X509Certificate certificate, ISender sender) { AHSender ahsender = sender as AHSender; if (ahsender == null) { return(true); } return(CertificateHandler.Verify(certificate, ahsender.Destination.ToString())); }
/// <summary>Checks with the CertificateHandler to see if the certificates /// for active sessions are still valid. If they are not, they are closed /// immediately.</summary> public void VerifySAs() { foreach (SecurityAssociation sa in _sas) { string message = "Certificate revoked."; bool valid = false; try { valid = _ch.Verify(sa.RemoteCertificate, sa.Sender); } catch (Exception e) { message = e.Message; } if (!valid) { sa.Close(message); } } }
public bool Verify(string id) { return(_ch.Verify(RemoteCertificate, Sender, id)); }