public void FindCertificateTest() {
CertificateHandler ch = new CertificateHandler();
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(512);
byte[] blob = rsa.ExportCspBlob(false);
RSACryptoServiceProvider rsa_pub = new RSACryptoServiceProvider();
rsa_pub.ImportCspBlob(blob);
List<MemBlock> supported = new List<MemBlock>();
List<MemBlock> unsupported = new List<MemBlock>();
for(int i = 0; i < 20; i++) {
CertificateMaker cm = new CertificateMaker("US", "UFL", "ACIS", "David Wolinsky",
"*****@*****.**" + i, rsa_pub, i.ToString());
Certificate cert = cm.Sign(cm, rsa);
if(i % 2 == 0) {
ch.AddCACertificate(cert.X509);
ch.AddSignedCertificate(cert.X509);
supported.Add(cert.SerialNumber);
} else {
unsupported.Add(cert.SerialNumber);
}
}
Assert.IsNotNull(ch.FindCertificate(supported), "Should find a certificate");
bool success = false;
try {
success = ch.FindCertificate(unsupported) != null;
} catch { }
Assert.IsTrue(!success, "Should not find a certificate");
List<MemBlock> mixed = new List<MemBlock>(unsupported);
mixed.Insert(4 ,supported[1]);
Assert.AreEqual(supported[1],
MemBlock.Reference(ch.FindCertificate(mixed).SerialNumber),
"Only one supported");
}
public bool GenerateCACert(string group)
{
if(!Context.Request.IsLocal) {
throw new Exception("Call must be made locally!");
}
string private_path = GetGroupPrivatePath(group);
Directory.CreateDirectory(private_path);
private_path += "private_key";
RSACryptoServiceProvider private_key = new RSACryptoServiceProvider(2048);
byte[] private_blob = private_key.ExportCspBlob(true);
using(FileStream fs = File.Open(private_path, FileMode.Create)) {
fs.Write(private_blob, 0, private_blob.Length);
}
string data_path = GetGroupDataPath(group);
Directory.CreateDirectory(data_path);
RSACryptoServiceProvider public_key = new RSACryptoServiceProvider();
public_key.ImportCspBlob(private_key.ExportCspBlob(false));
CertificateMaker cm = new CertificateMaker(string.Empty, group,
string.Empty, "admin", string.Empty, public_key, string.Empty);
Certificate cert = cm.Sign(cm, private_key);
string cacert_path = GetGroupDataPath(group) + "cacert";
byte[] cert_data = cert.X509.RawData;
using(FileStream fs = File.Open(cacert_path, FileMode.Create)) {
fs.Write(cert_data, 0, cert_data.Length);
}
return true;
}
public void ValidityTest() {
CertificateHandler ch = new CertificateHandler();
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(512);
byte[] blob = rsa.ExportCspBlob(false);
RSACryptoServiceProvider rsa_pub = new RSACryptoServiceProvider();
rsa_pub.ImportCspBlob(blob);
string ID = "brunet:node:PXYSWDL5SZDHDDXJKZCLFENOP2KZDMBU";
CertificateMaker cm = new CertificateMaker("US", "UFL", "ACIS", "David Wolinsky",
"*****@*****.**", rsa_pub, ID);
Certificate cert_0 = cm.Sign(cm, rsa);
ch.AddSignedCertificate(cert_0.X509);
ch.AddCACertificate(cert_0.X509);
rsa = new RSACryptoServiceProvider(1024);
rsa_pub.ImportCspBlob(rsa.ExportCspBlob(false));
cm = new CertificateMaker("US", "UFL", "ACIS", "David Wolinsky",
"*****@*****.**", rsa_pub, ID);
Certificate cert_1 = cm.Sign(cm, rsa);
Assert.IsTrue(ch.Verify(cert_0.X509, ID), "Valid");
bool success = false;
try {
success = ch.Verify(cert_1.X509, ID);
} catch { }
Assert.IsTrue(!success, "Valid cert2");
}
protected bool SignCertificate(string group, string request_id)
{
string request_path = GetGroupDataPath(group) + request_id;
if(!File.Exists(request_path)) {
throw new Exception("No such request.");
}
CertificateMaker cm = null;
using(FileStream fs = File.Open(request_path, FileMode.Open)) {
byte[] blob = new byte[fs.Length];
fs.Read(blob, 0, blob.Length);
cm = new CertificateMaker(blob);
}
// We need to create a new certificate with all the users info!
string private_path = GetGroupPrivatePath(group) + "private_key";
if(!File.Exists(private_path)) {
throw new Exception("No private key.");
}
RSACryptoServiceProvider private_key = new RSACryptoServiceProvider();
using(FileStream fs = File.Open(private_path, FileMode.Open)) {
byte[] blob = new byte[fs.Length];
fs.Read(blob, 0, blob.Length);
private_key.ImportCspBlob(blob);
}
string cacert_path = GetGroupDataPath(group) + "cacert";
if(!File.Exists(cacert_path)) {
throw new Exception("No CA Certificate.");
}
Certificate cacert = null;
using(FileStream fs = File.Open(cacert_path, FileMode.Open)) {
byte[] blob = new byte[fs.Length];
fs.Read(blob, 0, blob.Length);
cacert = new Certificate(blob);
}
Certificate cert = cm.Sign(cacert, private_key);
request_path += ".signed";
using(FileStream fs = File.Open(request_path, FileMode.Create)) {
byte[] blob = cert.X509.RawData;
fs.Write(blob, 0, blob.Length);
}
return true;
}
public string SubmitRequest(string username, string group, string secret,
byte[] certificate)
{
IDbConnection dbcon = new MySqlConnection(_connection_string);
dbcon.Open();
IDbCommand dbcmd = dbcon.CreateCommand();
string sql = "SELECT id, email FROM " + _db_prefix + "users WHERE username = \"" + username + "\"";
dbcmd.CommandText = sql;
IDataReader reader = dbcmd.ExecuteReader();
if(!reader.Read()) {
throw new Exception("Not registered on website.");
}
string user_id = ((int) reader["id"]).ToString();
string email = (string) reader["email"];
reader.Close();
sql = "SELECT member FROM groups WHERE" +
" group_id = (SELECT group_id FROM groupvpn WHERE group_name = \"" + group + "\")" +
" and user_id = " + user_id + " and secret = \"" + secret + "\" and revoked = 0";
dbcmd.CommandText = sql;
reader = dbcmd.ExecuteReader();
if(!reader.Read() || !"1".Equals(reader["member"].ToString())) {
throw new Exception("Not a member of the group.");
}
reader.Close();
sql = "UPDATE groupvpn SET last_update = CURRENT_TIMESTAMP WHERE group_name = \"" + group + "\"";
dbcmd.CommandText = sql;
reader = dbcmd.ExecuteReader();
reader.Close();
dbcmd.Dispose();
dbcon.Close();
CertificateMaker cm = null;
try {
cm = new CertificateMaker(certificate);
} catch {
throw new Exception("Invalid certificate request");
}
cm = new CertificateMaker(string.Empty, string.Empty, group, username,
email, cm.PublicKey, cm.NodeAddress);
Random rand = new Random();
byte[] request_id_blob = new byte[20];
rand.NextBytes(request_id_blob);
StringBuilder request_id_sb = new StringBuilder(request_id_blob.Length);
foreach(byte b in request_id_blob) {
request_id_sb.Append(b.ToString("X2"));
}
string request_id = request_id_sb.ToString();
string request_path = GetGroupDataPath(group) + request_id;
using(FileStream fs = File.Open(request_path, FileMode.Create)) {
fs.Write(cm.UnsignedData, 0, cm.UnsignedData.Length);
}
// If we don't want to verify request on the website...
SignCertificate(group, request_id);
return request_id;
}
protected PeerSecOverlord CreateInvalidSO(string name, int level) {
if(rsa == null) {
rsa = new RSACryptoServiceProvider();
byte[] blob = rsa.ExportCspBlob(false);
RSACryptoServiceProvider rsa_pub = new RSACryptoServiceProvider();
rsa_pub.ImportCspBlob(blob);
CertificateMaker cm = new CertificateMaker("United States", "UFL",
"ACIS", "David Wolinsky", "*****@*****.**", rsa_pub,
"brunet:node:abcdefghijklmnopqrs");
Certificate cert = cm.Sign(cm, rsa);
x509 = cert.X509;
}
CertificateHandler ch = new CertificateHandler();
if(level == 2 || level == 0) {
ch.AddCACertificate(x509);
}
if(level == 3 || level == 0) {
ch.AddSignedCertificate(x509);
}
Random rand = new Random();
ReqrepManager rrm = new ReqrepManager("so" + name + rand.Next());
_timeout += rrm.TimeoutChecker;
PeerSecOverlord so = new PeerSecOverlord(rsa_safe, ch, rrm);
so.AnnounceSA += AnnounceSA;
RoutingDataHandler rdh = new RoutingDataHandler();
rrm.Subscribe(so, null);
so.Subscribe(rdh, null);
rdh.Subscribe(rrm, null);
return so;
}
public void ValidityTest() {
var osch = new OpenSslCertificateHandler();
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(512);
byte[] blob = rsa.ExportCspBlob(false);
RSACryptoServiceProvider rsa_pub = new RSACryptoServiceProvider();
rsa_pub.ImportCspBlob(blob);
string ID = "brunet:node:PXYSWDL5SZDHDDXJKZCLFENOP2KZDMBU";
CertificateMaker cm = new CertificateMaker("US", "UFL", "ACIS", "David Wolinsky",
"*****@*****.**", rsa_pub, ID);
Certificate cert_0 = cm.Sign(cm, rsa);
osch.AddSignedCertificate(cert_0.X509);
osch.AddCACertificate(cert_0.X509);
var ocert = OpenSslCertificateHandler.OpenSslX509ToMonoX509(osch.LocalCertificate);
Assert.AreEqual(cert_0.X509.RawData, ocert.RawData, "local check");
Assert.IsTrue(CertificateHandler.Verify(ocert, ID), "Valid");
}
public void Test() {
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
byte[] blob = rsa.ExportCspBlob(false);
RSACryptoServiceProvider rsa_pub = new RSACryptoServiceProvider();
rsa_pub.ImportCspBlob(blob);
CertificateMaker cm = new CertificateMaker("United States", "UFL",
"ACIS", "David Wolinsky", "*****@*****.**", rsa_pub,
"brunet:node:abcdefghijklmnopqrs");
Assert.AreEqual("C=United States, O=UFL, OU=ACIS, CN=David Wolinsky, [email protected]", cm.Subject.DN, "DN test 1");
cm = new CertificateMaker(cm.UnsignedData);
Assert.AreEqual("C=United States, O=UFL, OU=ACIS, CN=David Wolinsky, [email protected]", cm.Subject.DN, "DN test 2");
Certificate cert = cm.Sign(cm, rsa);
Assert.IsTrue(cert.Signature != null, "Signature");
Assert.AreEqual(cm.Subject.DN, cert.Issuer.DN, "Issuer = Subject");
Assert.AreEqual("brunet:node:abcdefghijklmnopqrs", cert.NodeAddress , "Node address");
Mono.Math.BigInteger rsa_pub_bi = new Mono.Math.BigInteger(rsa_pub.ExportCspBlob(false));
Mono.Math.BigInteger cert_pub_bi = new Mono.Math.BigInteger(cert.PublicKey.ExportCspBlob(false));
Assert.AreEqual(rsa_pub_bi, cert_pub_bi, "Key");
SHA1CryptoServiceProvider sha1 = new SHA1CryptoServiceProvider();
Assert.AreEqual(MemBlock.Reference(cert.SerialNumber),
MemBlock.Reference(sha1.ComputeHash(cert.UnsignedData)),
"SerialNumber == hash of unsigned data");
}
