public Sign ( Certificate Signer, |
||
Signer | Certificate | |
PrivateKey | ||
Résultat | Certificate |
public void ValidityTest() { CertificateHandler ch = new CertificateHandler(); RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(512); byte[] blob = rsa.ExportCspBlob(false); RSACryptoServiceProvider rsa_pub = new RSACryptoServiceProvider(); rsa_pub.ImportCspBlob(blob); string ID = "brunet:node:PXYSWDL5SZDHDDXJKZCLFENOP2KZDMBU"; CertificateMaker cm = new CertificateMaker("US", "UFL", "ACIS", "David Wolinsky", "*****@*****.**", rsa_pub, ID); Certificate cert_0 = cm.Sign(cm, rsa); ch.AddSignedCertificate(cert_0.X509); ch.AddCACertificate(cert_0.X509); rsa = new RSACryptoServiceProvider(1024); rsa_pub.ImportCspBlob(rsa.ExportCspBlob(false)); cm = new CertificateMaker("US", "UFL", "ACIS", "David Wolinsky", "*****@*****.**", rsa_pub, ID); Certificate cert_1 = cm.Sign(cm, rsa); Assert.IsTrue(ch.Verify(cert_0.X509, null, ID), "Valid"); bool success = false; try { success = ch.Verify(cert_1.X509, null, ID); } catch { } Assert.IsTrue(!success, "Valid cert2"); }
public void Test() { RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(); byte[] blob = rsa.ExportCspBlob(false); RSACryptoServiceProvider rsa_pub = new RSACryptoServiceProvider(); rsa_pub.ImportCspBlob(blob); CertificateMaker cm = new CertificateMaker("United States", "UFL", "ACIS", "David Wolinsky", "*****@*****.**", rsa_pub, "brunet:node:abcdefghijklmnopqrs"); Assert.AreEqual("C=United States, O=UFL, OU=ACIS, CN=David Wolinsky, [email protected]", cm.Subject.DN, "DN test 1"); cm = new CertificateMaker(cm.UnsignedData); Assert.AreEqual("C=United States, O=UFL, OU=ACIS, CN=David Wolinsky, [email protected]", cm.Subject.DN, "DN test 2"); Certificate cert = cm.Sign(cm, rsa); Assert.IsTrue(cert.Signature != null, "Signature"); Assert.AreEqual(cm.Subject.DN, cert.Issuer.DN, "Issuer = Subject"); Assert.AreEqual("brunet:node:abcdefghijklmnopqrs", cert.NodeAddress, "Node address"); Mono.Math.BigInteger rsa_pub_bi = new Mono.Math.BigInteger(rsa_pub.ExportCspBlob(false)); Mono.Math.BigInteger cert_pub_bi = new Mono.Math.BigInteger(cert.PublicKey.ExportCspBlob(false)); Assert.AreEqual(rsa_pub_bi, cert_pub_bi, "Key"); SHA1CryptoServiceProvider sha1 = new SHA1CryptoServiceProvider(); Assert.AreEqual(MemBlock.Reference(cert.SerialNumber), MemBlock.Reference(sha1.ComputeHash(cert.UnsignedData)), "SerialNumber == hash of unsigned data"); }
public void AddBadLocalCert() { CertificateHandler ch = new CertificateHandler("certs", "12345"); RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(512); byte[] blob = rsa.ExportCspBlob(false); RSACryptoServiceProvider rsa_pub = new RSACryptoServiceProvider(); rsa_pub.ImportCspBlob(blob); string ID = "brunet:node:PXYSWDL5SZDHDDXJKZCLFENOP2KZDMBU"; CertificateMaker cm = new CertificateMaker("US", "UFL", "ACIS", "David Wolinsky", "*****@*****.**", rsa_pub, ID); Certificate cert_0 = cm.Sign(cm, rsa); ch.AddCACertificate(cert_0.X509); try { ch.AddSignedCertificate(cert_0.X509); Assert.IsTrue(false, "Shouldn't add this certificate!"); } catch { } CertificateMaker cm0 = new CertificateMaker("US", "UFL", "ACIS", "David Wolinsky", "*****@*****.**", rsa_pub, "12345"); Certificate cert_1 = cm0.Sign(cm, rsa); ch.AddSignedCertificate(cert_1.X509); }
public void TestParse() { RSACryptoServiceProvider key = new RSACryptoServiceProvider(); CertificateMaker cm = new CertificateMaker("United States", "UFL", "ACIS", "David Wolinsky", "*****@*****.**", key, "brunet:node:abcdefghijklmnopqrs"); Certificate cert = cm.Sign(cm, key); UserRevocationMessage urm = new UserRevocationMessage(key, "David Wolinsky"); UserRevocationMessage urm0 = new UserRevocationMessage(cert, MemBlock.Copy(urm)); Assert.AreEqual(urm.Signature, urm0.Signature, "Signature"); Assert.AreEqual(urm.Username, urm0.Username, "Username"); Assert.AreEqual(urm.Hash, urm0.Hash, "Hash"); }
public void FindCertificateTest() { CertificateHandler ch = new CertificateHandler(); RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(512); byte[] blob = rsa.ExportCspBlob(false); RSACryptoServiceProvider rsa_pub = new RSACryptoServiceProvider(); rsa_pub.ImportCspBlob(blob); List <Brunet.Util.MemBlock> supported = new List <Brunet.Util.MemBlock>(); List <Brunet.Util.MemBlock> unsupported = new List <Brunet.Util.MemBlock>(); for (int i = 0; i < 20; i++) { CertificateMaker cm = new CertificateMaker("US", "UFL", "ACIS", "David Wolinsky", "*****@*****.**" + i, rsa_pub, i.ToString()); Certificate cert = cm.Sign(cm, rsa); if (i % 2 == 0) { ch.AddCACertificate(cert.X509); ch.AddSignedCertificate(cert.X509); supported.Add(cert.SerialNumber); } else { unsupported.Add(cert.SerialNumber); } } Assert.IsNotNull(ch.FindCertificate(supported), "Should find a certificate"); bool success = false; try { success = ch.FindCertificate(unsupported) != null; } catch { } Assert.IsTrue(!success, "Should not find a certificate"); List <Brunet.Util.MemBlock> mixed = new List <Brunet.Util.MemBlock>(unsupported); mixed.Insert(4, supported[1]); Assert.AreEqual(supported[1], Brunet.Util.MemBlock.Reference(ch.FindCertificate(mixed).SerialNumber), "Only one supported"); }
protected SecurityOverlord CreateInvalidSO(string name, int level) { if (rsa == null) { rsa = new RSACryptoServiceProvider(); byte[] blob = rsa.ExportCspBlob(false); RSACryptoServiceProvider rsa_pub = new RSACryptoServiceProvider(); rsa_pub.ImportCspBlob(blob); CertificateMaker cm = new CertificateMaker("United States", "UFL", "ACIS", "David Wolinsky", "*****@*****.**", rsa_pub, "brunet:node:abcdefghijklmnopqrs"); Certificate cert = cm.Sign(cm, rsa); x509 = cert.X509; } CertificateHandler ch = new CertificateHandler(); if (level == 2 || level == 0) { ch.AddCACertificate(x509); } if (level == 3 || level == 0) { ch.AddSignedCertificate(x509); } ReqrepManager rrm = new ReqrepManager("so" + name); _timeout += rrm.TimeoutChecker; SecurityOverlord so = new SecurityOverlord(rsa_safe, rrm, ch); so.AnnounceSA += AnnounceSA; RoutingDataHandler rdh = new RoutingDataHandler(); rrm.Subscribe(so, null); so.Subscribe(rdh, null); rdh.Subscribe(rrm, null); return(so); }
public Simulator(Parameters parameters, bool do_not_start) { _parameters = parameters; StartingNetworkSize = parameters.Size; CurrentNetworkSize = 0; Nodes = new SortedList<Address, NodeMapping>(); TakenIDs = new SortedList<int, NodeMapping>(); SimBroadcastHandler = new SimpleFilter(); if(parameters.Seed != -1) { _rand = new Random(parameters.Seed); } else { _rand = new Random(); } BrunetNamespace = "testing" + _rand.Next(); _broken = parameters.Broken; _secure_edges = parameters.SecureEdges; _secure_senders = parameters.SecureSenders; _pathing = parameters.Pathing; _dtls = parameters.Dtls; if(_secure_edges || _secure_senders) { _se_key = new RSACryptoServiceProvider(); byte[] blob = _se_key.ExportCspBlob(false); RSACryptoServiceProvider rsa_pub = new RSACryptoServiceProvider(); rsa_pub.ImportCspBlob(blob); CertificateMaker cm = new CertificateMaker("United States", "UFL", "ACIS", "David Wolinsky", "*****@*****.**", rsa_pub, "brunet:node:abcdefghijklmnopqrs"); Certificate cert = cm.Sign(cm, _se_key); _ca_cert = cert; } if(parameters.LatencyMap != null) { SimulationEdgeListener.LatencyMap = parameters.LatencyMap; } _start = parameters.Evaluation; if(!do_not_start) { Start(); } _start = false; }
protected virtual StructuredNode PrepareNode(int id, AHAddress address) { if(TakenIDs.ContainsKey(id)) { throw new Exception("ID already taken"); } StructuredNode node = new StructuredNode(address, BrunetNamespace); NodeMapping nm = new NodeMapping(); nm.ID = id; TakenIDs[id] = nm; nm.Node = node; Nodes.Add((Address) address, nm); EdgeListener el = CreateEdgeListener(nm.ID); if(_secure_edges || _secure_senders) { byte[] blob = _se_key.ExportCspBlob(true); RSACryptoServiceProvider rsa_copy = new RSACryptoServiceProvider(); rsa_copy.ImportCspBlob(blob); string username = address.ToString().Replace('=', '0'); CertificateMaker cm = new CertificateMaker("United States", "UFL", "ACIS", username, "*****@*****.**", rsa_copy, address.ToString()); Certificate cert = cm.Sign(_ca_cert, _se_key); CertificateHandler ch = null; if(_dtls) { ch = new OpenSslCertificateHandler(); } else { ch = new CertificateHandler(); } ch.AddCACertificate(_ca_cert.X509); ch.AddSignedCertificate(cert.X509); if(_dtls) { nm.SO = new DtlsOverlord(rsa_copy, ch, PeerSecOverlord.Security); } else { nm.Sso = new SymphonySecurityOverlord(node, rsa_copy, ch, node.Rrm); nm.SO = nm.Sso; } var brh = new BroadcastRevocationHandler(_ca_cert, nm.SO); node.GetTypeSource(BroadcastRevocationHandler.PType).Subscribe(brh, null); ch.AddCertificateVerification(brh); nm.SO.Subscribe(node, null); node.GetTypeSource(PeerSecOverlord.Security).Subscribe(nm.SO, null); } if(_pathing) { nm.PathEM = new PathELManager(el, nm.Node); nm.PathEM.Start(); el = nm.PathEM.CreatePath(); PType path_p = PType.Protocol.Pathing; nm.Node.DemuxHandler.GetTypeSource(path_p).Subscribe(nm.PathEM, path_p); } if(_secure_edges) { node.EdgeVerifyMethod = EdgeVerify.AddressInSubjectAltName; el = new SecureEdgeListener(el, nm.SO); } node.AddEdgeListener(el); if(!_start) { node.RemoteTAs = GetRemoteTAs(); } IRelayOverlap ito = null; if(NCEnable) { nm.NCService = new NCService(node, new Point()); // My evaluations show that when this is enabled the system sucks // (node as StructuredNode).Sco.TargetSelector = new VivaldiTargetSelector(node, ncservice); ito = new NCRelayOverlap(nm.NCService); } else { ito = new SimpleRelayOverlap(); } if(_broken != 0) { el = new Relay.RelayEdgeListener(node, ito); if(_secure_edges) { el = new SecureEdgeListener(el, nm.SO); } node.AddEdgeListener(el); } BroadcastHandler bhandler = new BroadcastHandler(node as StructuredNode); node.DemuxHandler.GetTypeSource(BroadcastSender.PType).Subscribe(bhandler, null); node.DemuxHandler.GetTypeSource(SimBroadcastPType).Subscribe(SimBroadcastHandler, null); // Enables Dht data store new TableServer(node); nm.Dht = new Dht(node, 3, 20); nm.DhtProxy = new RpcDhtProxy(nm.Dht, node); return node; }
public void TestParse() { RSACryptoServiceProvider key = new RSACryptoServiceProvider(); CertificateMaker cm = new CertificateMaker("United States", "UFL", "ACIS", "David Wolinsky", "*****@*****.**", key, "brunet:node:abcdefghijklmnopqrs"); Certificate cert = cm.Sign(cm, key); UserRevocationMessage urm = new UserRevocationMessage(key, "David Wolinsky"); UserRevocationMessage urm0 = new UserRevocationMessage(cert, MemBlock.Copy(urm)); Assert.AreEqual(urm.Signature, urm0.Signature, "Signature"); Assert.AreEqual(urm.Username, urm0.Username, "Username"); Assert.AreEqual(urm.Hash, urm0.Hash, "Hash"); }
public void SecureStartup() { if(SEKey != null) { return; } SEKey = new RSACryptoServiceProvider(); byte[] blob = SEKey.ExportCspBlob(false); RSACryptoServiceProvider rsa_pub = new RSACryptoServiceProvider(); rsa_pub.ImportCspBlob(blob); CertificateMaker cm = new CertificateMaker("United States", "UFL", "ACIS", "David Wolinsky", "*****@*****.**", rsa_pub, "brunet:node:abcdefghijklmnopqrs"); Certificate cert = cm.Sign(cm, SEKey); CACert = cert; }
protected virtual StructuredNode PrepareNode(int id, AHAddress address) { if(TakenIDs.Contains(id)) { throw new Exception("ID already taken"); } StructuredNode node = new StructuredNode(address, BrunetNamespace); NodeMapping nm = new NodeMapping(); TakenIDs[id] = nm.ID = id; nm.Node = node; Nodes.Add((Address) address, nm); EdgeListener el = CreateEdgeListener(nm.ID); if(SecureEdges || SecureSenders) { byte[] blob = SEKey.ExportCspBlob(true); RSACryptoServiceProvider rsa_copy = new RSACryptoServiceProvider(); rsa_copy.ImportCspBlob(blob); CertificateMaker cm = new CertificateMaker("United States", "UFL", "ACIS", "David Wolinsky", "*****@*****.**", rsa_copy, address.ToString()); Certificate cert = cm.Sign(CACert, SEKey); CertificateHandler ch = new CertificateHandler(); ch.AddCACertificate(CACert.X509); ch.AddSignedCertificate(cert.X509); ProtocolSecurityOverlord so = new ProtocolSecurityOverlord(node, rsa_copy, node.Rrm, ch); so.Subscribe(node, null); node.GetTypeSource(SecurityOverlord.Security).Subscribe(so, null); nm.BSO = so; node.HeartBeatEvent += so.Heartbeat; } if(SecureEdges) { node.EdgeVerifyMethod = EdgeVerify.AddressInSubjectAltName; el = new SecureEdgeListener(el, nm.BSO); } node.AddEdgeListener(el); node.RemoteTAs = GetRemoteTAs(); ITunnelOverlap ito = null; if(NCEnable) { nm.NCService = new NCService(node, new Point()); // My evaluations show that when this is enabled the system sucks // (node as StructuredNode).Sco.TargetSelector = new VivaldiTargetSelector(node, ncservice); ito = new NCTunnelOverlap(nm.NCService); } else { ito = new SimpleTunnelOverlap(); } if(Broken != 0) { el = new Tunnel.TunnelEdgeListener(node, ito); node.AddEdgeListener(el); } // Enables Dht data store new TableServer(node); return node; }