public FindCertificate ( List |
||
supported_cas | List |
A list of CAs of which you would like to /// find a certificate that matches. |
return | Mono.Security.X509.X509Certificate |
/// <summary>2a) Receive a CookieResponse that contains a list of CAs, if you have /// a Certificate that supports one of the CAs send it along with a DHE /// and a list of your supported CAs in a DHEWithCertificateAndCAs.</summary> /// <param name="sa">A security association that we wish to perform the /// specified control operation on.</param> /// <param name="scm">The received SecurityControlMessage.</param> /// <param name="scm_reply">A prepared reply message (with headers and such.</param> /// <param name="return_path">Where to send the result.</param> /// <param name="low_level_sender">We expect the return_path to not be an edge or /// some other type of "low level" sender, so this contains the parsed out value.</param> protected void HandleControlCookieResponse(SecurityAssociation sa, SecurityControlMessage scm, SecurityControlMessage scm_reply, ISender return_path, ISender low_level_sender) { ProtocolLog.WriteIf(ProtocolLog.Security, GetHashCode() + " Received CookieResponse from: " + low_level_sender); if (sa == null) { throw new Exception("No valid SA!"); } // This seems like unnecessary code scm_reply.Type = SecurityControlMessage.MessageType.CookieResponse; X509Certificate lcert = null; if (SecurityPolicy.GetPolicy(scm.SPI).PreExchangedKeys) { lcert = _ch.DefaultCertificate; } else { lcert = _ch.FindCertificate(scm.CAs); } sa.RemoteCookie.Value = scm.LocalCookie; sa.LocalCertificate.Value = lcert; scm_reply.Certificate = lcert.RawData; scm_reply.DHE = sa.LDHE; scm_reply.LocalCookie = scm.RemoteCookie; scm_reply.RemoteCookie = scm.LocalCookie; scm_reply.Type = SecurityControlMessage.MessageType.DHEWithCertificateAndCAs; if (SecurityPolicy.GetPolicy(scm.SPI).PreExchangedKeys) { scm_reply.CAs = new List <MemBlock>(0); } else { scm_reply.CAs = _ch.SupportedCAs; } HashAlgorithm sha1 = new SHA1CryptoServiceProvider(); lock (_private_key_lock) { scm_reply.Sign(_private_key, sha1); } sa.DHEWithCertificateAndCAsOutHash.Value = sha1.ComputeHash((byte[])scm_reply.Packet); ICopyable to_send = new CopyList(Security, SecureControl, scm_reply.Packet); _rrman.SendRequest(return_path, ReqrepManager.ReqrepType.Request, to_send, this, sa); ProtocolLog.WriteIf(ProtocolLog.Security, GetHashCode() + " Successful CookieResponse from: " + low_level_sender); }
public void FindCertificateTest() { CertificateHandler ch = new CertificateHandler(); RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(512); byte[] blob = rsa.ExportCspBlob(false); RSACryptoServiceProvider rsa_pub = new RSACryptoServiceProvider(); rsa_pub.ImportCspBlob(blob); List <Brunet.Util.MemBlock> supported = new List <Brunet.Util.MemBlock>(); List <Brunet.Util.MemBlock> unsupported = new List <Brunet.Util.MemBlock>(); for (int i = 0; i < 20; i++) { CertificateMaker cm = new CertificateMaker("US", "UFL", "ACIS", "David Wolinsky", "*****@*****.**" + i, rsa_pub, i.ToString()); Certificate cert = cm.Sign(cm, rsa); if (i % 2 == 0) { ch.AddCACertificate(cert.X509); ch.AddSignedCertificate(cert.X509); supported.Add(cert.SerialNumber); } else { unsupported.Add(cert.SerialNumber); } } Assert.IsNotNull(ch.FindCertificate(supported), "Should find a certificate"); bool success = false; try { success = ch.FindCertificate(unsupported) != null; } catch { } Assert.IsTrue(!success, "Should not find a certificate"); List <Brunet.Util.MemBlock> mixed = new List <Brunet.Util.MemBlock>(unsupported); mixed.Insert(4, supported[1]); Assert.AreEqual(supported[1], Brunet.Util.MemBlock.Reference(ch.FindCertificate(mixed).SerialNumber), "Only one supported"); }