protected PeerSecOverlord CreateInvalidSO(string name, int level) { if (rsa == null) { rsa = new RSACryptoServiceProvider(); byte[] blob = rsa.ExportCspBlob(false); RSACryptoServiceProvider rsa_pub = new RSACryptoServiceProvider(); rsa_pub.ImportCspBlob(blob); CertificateMaker cm = new CertificateMaker("United States", "UFL", "ACIS", "David Wolinsky", "*****@*****.**", rsa_pub, "brunet:node:abcdefghijklmnopqrs"); Certificate cert = cm.Sign(cm, rsa); x509 = cert.X509; } CertificateHandler ch = new CertificateHandler(); if (level == 2 || level == 0) { ch.AddCACertificate(x509); } if (level == 3 || level == 0) { ch.AddSignedCertificate(x509); } Random rand = new Random(); ReqrepManager rrm = new ReqrepManager("so" + name + rand.Next()); _timeout += rrm.TimeoutChecker; PeerSecOverlord so = new PeerSecOverlord(rsa_safe, ch, rrm); so.AnnounceSA += AnnounceSA; RoutingDataHandler rdh = new RoutingDataHandler(); rrm.Subscribe(so, null); so.Subscribe(rdh, null); rdh.Subscribe(rrm, null); return(so); }
public void Test() { CertificateHandler ch = new CertificateHandler(); ch.AddCACertificate(_ca_cert.X509); ch.AddCertificateVerification(this); ArrayList revoked_users = new ArrayList(); revoked_users.Add("joker"); revoked_users.Add("bad_guy"); revoked_users.Add("adversary"); revoked_users.Add("noobs"); // create revocation list byte[] to_sign = null; using (MemoryStream ms = new MemoryStream()) { NumberSerializer.WriteLong(DateTime.UtcNow.Ticks, ms); AdrConverter.Serialize(revoked_users, ms); to_sign = ms.ToArray(); } // sign revocation list SHA1CryptoServiceProvider sha1 = new SHA1CryptoServiceProvider(); byte[] hash = sha1.ComputeHash(to_sign); byte[] signature = _private_key.SignHash(hash, CryptoConfig.MapNameToOID("SHA1")); byte[] data = new byte[4 + to_sign.Length + signature.Length]; NumberSerializer.WriteInt(to_sign.Length, data, 0); to_sign.CopyTo(data, 4); signature.CopyTo(data, 4 + to_sign.Length); UpdateRl(data); X509Certificate likable_guy = CreateCert("likable_guy"); X509Certificate joker = CreateCert("joker"); X509Certificate bad_guy = CreateCert("bad_guy"); X509Certificate good_guy = CreateCert("good_guy"); X509Certificate adversary = CreateCert("adversary"); X509Certificate noobs = CreateCert("noobs"); X509Certificate friendly_guy = CreateCert("friendly_guy"); Assert.IsTrue(ch.Verify(likable_guy, null, _remote_id), "Likable guy"); bool success = false; try { success = ch.Verify(adversary, null, _remote_id); } catch { } Assert.AreEqual(success, false, "adversary"); try { success = ch.Verify(joker, null, _remote_id); } catch { } Assert.AreEqual(success, false, "joker"); Assert.IsTrue(ch.Verify(friendly_guy, null, _remote_id), "friendly guy"); try { success = ch.Verify(noobs, null, _remote_id); } catch { } Assert.AreEqual(success, false, "noobs"); try { success = ch.Verify(bad_guy, null, _remote_id); } catch { } Assert.AreEqual(success, false, "bad_guy"); Assert.IsTrue(ch.Verify(good_guy, null, _remote_id), "good guy"); }
public void FindCertificateTest() { CertificateHandler ch = new CertificateHandler(); RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(512); byte[] blob = rsa.ExportCspBlob(false); RSACryptoServiceProvider rsa_pub = new RSACryptoServiceProvider(); rsa_pub.ImportCspBlob(blob); List<MemBlock> supported = new List<MemBlock>(); List<MemBlock> unsupported = new List<MemBlock>(); for(int i = 0; i < 20; i++) { CertificateMaker cm = new CertificateMaker("US", "UFL", "ACIS", "David Wolinsky", "*****@*****.**" + i, rsa_pub, i.ToString()); Certificate cert = cm.Sign(cm, rsa); if(i % 2 == 0) { ch.AddCACertificate(cert.X509); ch.AddSignedCertificate(cert.X509); supported.Add(cert.SerialNumber); } else { unsupported.Add(cert.SerialNumber); } } Assert.IsNotNull(ch.FindCertificate(supported), "Should find a certificate"); bool success = false; try { success = ch.FindCertificate(unsupported) != null; } catch { } Assert.IsTrue(!success, "Should not find a certificate"); List<MemBlock> mixed = new List<MemBlock>(unsupported); mixed.Insert(4 ,supported[1]); Assert.AreEqual(supported[1], MemBlock.Reference(ch.FindCertificate(mixed).SerialNumber), "Only one supported"); }
public void ValidityTest() { CertificateHandler ch = new CertificateHandler(); RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(512); byte[] blob = rsa.ExportCspBlob(false); RSACryptoServiceProvider rsa_pub = new RSACryptoServiceProvider(); rsa_pub.ImportCspBlob(blob); string ID = "brunet:node:PXYSWDL5SZDHDDXJKZCLFENOP2KZDMBU"; CertificateMaker cm = new CertificateMaker("US", "UFL", "ACIS", "David Wolinsky", "*****@*****.**", rsa_pub, ID); Certificate cert_0 = cm.Sign(cm, rsa); ch.AddSignedCertificate(cert_0.X509); ch.AddCACertificate(cert_0.X509); rsa = new RSACryptoServiceProvider(1024); rsa_pub.ImportCspBlob(rsa.ExportCspBlob(false)); cm = new CertificateMaker("US", "UFL", "ACIS", "David Wolinsky", "*****@*****.**", rsa_pub, ID); Certificate cert_1 = cm.Sign(cm, rsa); Assert.IsTrue(ch.Verify(cert_0.X509, ID), "Valid"); bool success = false; try { success = ch.Verify(cert_1.X509, ID); } catch { } Assert.IsTrue(!success, "Valid cert2"); }
/// <summary>Creates a Brunet.Node, the resulting node will be available in /// the class as _node.</summary> /// <remarks>The steps to creating a node are first constructing it with a /// namespace, optionally adding local ip addresses to bind to, specifying /// local end points, specifying remote end points, and finally registering /// the dht.</remarks> public virtual void CreateNode() { AHAddress address = null; try { address = (AHAddress) AddressParser.Parse(_node_config.NodeAddress); } catch { address = Utils.GenerateAHAddress(); } _node = new StructuredNode(address, _node_config.BrunetNamespace); IEnumerable addresses = IPAddresses.GetIPAddresses(_node_config.DevicesToBind); if(_node_config.Security.Enabled) { if(_node_config.Security.SelfSignedCertificates) { SecurityPolicy.SetDefaultSecurityPolicy(SecurityPolicy.DefaultEncryptor, SecurityPolicy.DefaultAuthenticator, true); } byte[] blob = null; using(FileStream fs = File.Open(_node_config.Security.KeyPath, FileMode.Open)) { blob = new byte[fs.Length]; fs.Read(blob, 0, blob.Length); } RSACryptoServiceProvider rsa_private = new RSACryptoServiceProvider(); rsa_private.ImportCspBlob(blob); CertificateHandler ch = new CertificateHandler(_node_config.Security.CertificatePath); _bso = new ProtocolSecurityOverlord(_node, rsa_private, _node.Rrm, ch); _bso.Subscribe(_node, null); _node.GetTypeSource(SecurityOverlord.Security).Subscribe(_bso, null); _node.HeartBeatEvent += _bso.Heartbeat; if(_node_config.Security.TestEnable) { blob = rsa_private.ExportCspBlob(false); RSACryptoServiceProvider rsa_pub = new RSACryptoServiceProvider(); rsa_pub.ImportCspBlob(blob); CertificateMaker cm = new CertificateMaker("United States", "UFL", "ACIS", "David Wolinsky", "*****@*****.**", rsa_pub, "brunet:node:abcdefghijklmnopqrs"); Certificate cacert = cm.Sign(cm, rsa_private); cm = new CertificateMaker("United States", "UFL", "ACIS", "David Wolinsky", "*****@*****.**", rsa_pub, address.ToString()); Certificate cert = cm.Sign(cacert, rsa_private); ch.AddCACertificate(cacert.X509); ch.AddSignedCertificate(cert.X509); } } EdgeListener el = null; foreach(NodeConfig.EdgeListener item in _node_config.EdgeListeners) { int port = item.port; if(item.type == "tcp") { try { el = new TcpEdgeListener(port, addresses); } catch { el = new TcpEdgeListener(0, addresses); } } else if(item.type == "udp") { try { el = new UdpEdgeListener(port, addresses); } catch { el = new UdpEdgeListener(0, addresses); } } else if(item.type == "function") { port = port == 0 ? (new Random()).Next(1024, 65535) : port; el = new FunctionEdgeListener(port, 0, null); } else { throw new Exception("Unrecognized transport: " + item.type); } if(_node_config.Security.SecureEdgesEnabled) { el = new SecureEdgeListener(el, _bso); } _node.AddEdgeListener(el); } ArrayList RemoteTAs = null; if(_node_config.RemoteTAs != null) { RemoteTAs = new ArrayList(); foreach(String ta in _node_config.RemoteTAs) { RemoteTAs.Add(TransportAddressFactory.CreateInstance(ta)); } _node.RemoteTAs = RemoteTAs; } ITunnelOverlap ito = null; /* if(_node_config.NCService.Enabled) { _ncservice = new NCService(_node, _node_config.NCService.Checkpoint); if (_node_config.NCService.OptimizeShortcuts) { _node.Ssco.TargetSelector = new VivaldiTargetSelector(_node, _ncservice); } ito = new NCTunnelOverlap(_ncservice); } else { ito = new SimpleTunnelOverlap(); } */ el = new Tunnel.TunnelEdgeListener(_node, ito); if(_node_config.Security.SecureEdgesEnabled) { _node.EdgeVerifyMethod = EdgeVerify.AddressInSubjectAltName; el = new SecureEdgeListener(el, _bso); } _node.AddEdgeListener(el); new TableServer(_node); _dht = new Dht(_node, 3, 20); _dht_proxy = new RpcDhtProxy(_dht, _node); }
public void Test() { CertificateHandler ch = new CertificateHandler(); ch.AddCACertificate(_ca_cert.X509); ch.AddCertificateVerification(this); ArrayList revoked_users = new ArrayList(); revoked_users.Add("joker"); revoked_users.Add("bad_guy"); revoked_users.Add("adversary"); revoked_users.Add("noobs"); // create revocation list byte[] to_sign = null; using(MemoryStream ms = new MemoryStream()) { NumberSerializer.WriteLong(DateTime.UtcNow.Ticks, ms); AdrConverter.Serialize(revoked_users, ms); to_sign = ms.ToArray(); } // sign revocation list SHA1CryptoServiceProvider sha1 = new SHA1CryptoServiceProvider(); byte[] hash = sha1.ComputeHash(to_sign); byte[] signature = _private_key.SignHash(hash, CryptoConfig.MapNameToOID("SHA1")); byte[] data = new byte[4 + to_sign.Length + signature.Length]; NumberSerializer.WriteInt(to_sign.Length, data, 0); to_sign.CopyTo(data, 4); signature.CopyTo(data, 4 + to_sign.Length); UpdateRl(data); X509Certificate likable_guy = CreateCert("likable_guy"); X509Certificate joker = CreateCert("joker"); X509Certificate bad_guy = CreateCert("bad_guy"); X509Certificate good_guy = CreateCert("good_guy"); X509Certificate adversary = CreateCert("adversary"); X509Certificate noobs = CreateCert("noobs"); X509Certificate friendly_guy = CreateCert("friendly_guy"); Assert.IsTrue(ch.Verify(likable_guy, _remote_id), "Likable guy"); bool success = false; try { success = ch.Verify(adversary, _remote_id); } catch { } Assert.AreEqual(success, false, "adversary"); try { success = ch.Verify(joker, _remote_id); } catch { } Assert.AreEqual(success, false, "joker"); Assert.IsTrue(ch.Verify(friendly_guy, _remote_id), "friendly guy"); try { success = ch.Verify(noobs, _remote_id); } catch { } Assert.AreEqual(success, false, "noobs"); try { success = ch.Verify(bad_guy, _remote_id); } catch { } Assert.AreEqual(success, false, "bad_guy"); Assert.IsTrue(ch.Verify(good_guy, _remote_id), "good guy"); }
protected virtual StructuredNode PrepareNode(int id, AHAddress address) { if (TakenIDs.Contains(id)) { throw new Exception("ID already taken"); } StructuredNode node = new StructuredNode(address, BrunetNamespace); NodeMapping nm = new NodeMapping(); TakenIDs[id] = nm.ID = id; nm.Node = node; Nodes.Add((Address)address, nm); EdgeListener el = CreateEdgeListener(nm.ID); if (_secure_edges || _secure_senders) { byte[] blob = _se_key.ExportCspBlob(true); RSACryptoServiceProvider rsa_copy = new RSACryptoServiceProvider(); rsa_copy.ImportCspBlob(blob); CertificateMaker cm = new CertificateMaker("United States", "UFL", "ACIS", "David Wolinsky", "*****@*****.**", rsa_copy, address.ToString()); Certificate cert = cm.Sign(_ca_cert, _se_key); CertificateHandler ch = new CertificateHandler(); ch.AddCACertificate(_ca_cert.X509); ch.AddSignedCertificate(cert.X509); ProtocolSecurityOverlord so = new ProtocolSecurityOverlord(node, rsa_copy, node.Rrm, ch); so.Subscribe(node, null); node.GetTypeSource(SecurityOverlord.Security).Subscribe(so, null); nm.BSO = so; node.HeartBeatEvent += so.Heartbeat; } if (_secure_edges) { node.EdgeVerifyMethod = EdgeVerify.AddressInSubjectAltName; el = new SecureEdgeListener(el, nm.BSO); } node.AddEdgeListener(el); node.RemoteTAs = GetRemoteTAs(); ITunnelOverlap ito = null; if (NCEnable) { nm.NCService = new NCService(node, new Point()); // My evaluations show that when this is enabled the system sucks // (node as StructuredNode).Sco.TargetSelector = new VivaldiTargetSelector(node, ncservice); ito = new NCTunnelOverlap(nm.NCService); } else { ito = new SimpleTunnelOverlap(); } if (_broken != 0) { el = new Tunnel.TunnelEdgeListener(node, ito); node.AddEdgeListener(el); } // Enables Dht data store new TableServer(node); return(node); }
public void AddBadLocalCert() { CertificateHandler ch = new CertificateHandler("certs", "12345"); RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(512); byte[] blob = rsa.ExportCspBlob(false); RSACryptoServiceProvider rsa_pub = new RSACryptoServiceProvider(); rsa_pub.ImportCspBlob(blob); string ID = "brunet:node:PXYSWDL5SZDHDDXJKZCLFENOP2KZDMBU"; CertificateMaker cm = new CertificateMaker("US", "UFL", "ACIS", "David Wolinsky", "*****@*****.**", rsa_pub, ID); Certificate cert_0 = cm.Sign(cm, rsa); ch.AddCACertificate(cert_0.X509); try { ch.AddSignedCertificate(cert_0.X509); Assert.IsTrue(false, "Shouldn't add this certificate!"); } catch { } CertificateMaker cm0 = new CertificateMaker("US", "UFL", "ACIS", "David Wolinsky", "*****@*****.**", rsa_pub, "12345"); Certificate cert_1 = cm0.Sign(cm, rsa); ch.AddSignedCertificate(cert_1.X509); }
/** <summary>Creates a Brunet.Node, the resulting node will be available in the class as _node.</summary> <remarks>The steps to creating a node are first constructing it with a namespace, optionally adding local ip addresses to bind to, specifying local end points, specifying remote end points, and finally registering the dht.</remarks> */ public virtual void CreateNode(string type) { NodeConfig node_config = null; StructuredNode current_node = null; AHAddress address = null; ProtocolSecurityOverlord bso; if (type == "cache") { node_config = _c_node_config; //Node configuration file: the description of service that node provides address = (AHAddress) AddressParser.Parse(node_config.NodeAddress); current_node = new StructuredNode(address, node_config.BrunetNamespace); // DeetooNode consists of two Structured Nodes bso = _c_bso; } else if ( type == "query" ) { node_config = _q_node_config; address = (AHAddress) AddressParser.Parse(node_config.NodeAddress); current_node = new StructuredNode(address, node_config.BrunetNamespace); bso = _q_bso; } else { throw new Exception("Unrecognized node type: " + type); } IEnumerable addresses = IPAddresses.GetIPAddresses(node_config.DevicesToBind); if(node_config.Security.Enabled) { if(node_config.Security.SelfSignedCertificates) { SecurityPolicy.SetDefaultSecurityPolicy(SecurityPolicy.DefaultEncryptor, SecurityPolicy.DefaultAuthenticator, true); } byte[] blob = null; using(FileStream fs = File.Open(node_config.Security.KeyPath, FileMode.Open)) { blob = new byte[fs.Length]; fs.Read(blob, 0, blob.Length); } RSACryptoServiceProvider rsa_private = new RSACryptoServiceProvider(); rsa_private.ImportCspBlob(blob); CertificateHandler ch = new CertificateHandler(node_config.Security.CertificatePath); bso = new ProtocolSecurityOverlord(current_node, rsa_private, current_node.Rrm, ch); bso.Subscribe(current_node, null); current_node.GetTypeSource(SecurityOverlord.Security).Subscribe(bso, null); current_node.HeartBeatEvent += bso.Heartbeat; if(node_config.Security.TestEnable) { blob = rsa_private.ExportCspBlob(false); RSACryptoServiceProvider rsa_pub = new RSACryptoServiceProvider(); rsa_pub.ImportCspBlob(blob); CertificateMaker cm = new CertificateMaker("United States", "UFL", "ACIS", "David Wolinsky", "*****@*****.**", rsa_pub, "brunet:node:abcdefghijklmnopqrs"); Certificate cacert = cm.Sign(cm, rsa_private); cm = new CertificateMaker("United States", "UFL", "ACIS", "David Wolinsky", "*****@*****.**", rsa_pub, address.ToString()); Certificate cert = cm.Sign(cacert, rsa_private); ch.AddCACertificate(cacert.X509); ch.AddSignedCertificate(cert.X509); } } EdgeListener el = null; foreach(NodeConfig.EdgeListener item in node_config.EdgeListeners) { int port = item.port; if (item.type =="tcp") { try { el = new TcpEdgeListener(port, addresses); } catch { el = new TcpEdgeListener(0, addresses); } } else if (item.type == "udp") { try { el = new UdpEdgeListener(port, addresses); } catch { el = new UdpEdgeListener(0, addresses); } } else if(item.type == "function") { port = port == 0 ? (new Random()).Next(1024, 65535) : port; el = new FunctionEdgeListener(port, 0, null); } else { throw new Exception("Unrecognized transport: " + item.type); } if (node_config.Security.SecureEdgesEnabled) { el = new SecureEdgeListener(el, bso); } current_node.AddEdgeListener(el); } ArrayList RemoteTAs = null; if(node_config.RemoteTAs != null) { RemoteTAs = new ArrayList(); foreach(String ta in node_config.RemoteTAs) { RemoteTAs.Add(TransportAddressFactory.CreateInstance(ta)); } current_node.RemoteTAs = RemoteTAs; } ITunnelOverlap ito = null; ito = new SimpleTunnelOverlap(); el = new Tunnel.TunnelEdgeListener(current_node, ito); if(node_config.Security.SecureEdgesEnabled) { current_node.EdgeVerifyMethod = EdgeVerify.AddressInSubjectAltName; el = new SecureEdgeListener(el, bso); } current_node.AddEdgeListener(el); new TableServer(current_node); if (type == "cache") { _c_dht = new Dht(current_node, 3, 20); _c_dht_proxy = new RpcDhtProxy(_c_dht, current_node); _cs = new CacheList(current_node); //_cll = new ClusterList(current_node); //current_node.MapReduce.SubscribeTask(new MapReduceClusterCache(current_node, _cll)); current_node.MapReduce.SubscribeTask(new MapReduceCache(current_node,_cs)); Console.WriteLine("MapReduceCacheTask is subscribed at {0}", current_node.Address); _c_node = current_node; } else { _q_dht = new Dht(current_node, 3, 20); _q_dht_proxy = new RpcDhtProxy(_c_dht, current_node); CacheList q_cs = new CacheList(current_node); //current_node.MapReduce.SubscribeTask(new MapReduceClusterQuery(current_node, _cll)); current_node.MapReduce.SubscribeTask(new MapReduceQuery(current_node,_cs)); Console.WriteLine("MapReduceQueryTask is subscribed at {0}", current_node.Address); _q_node = current_node; } }
/// <summary>Creates an ApplicationNode and prepares it for connection to /// the overlay. For historical reasons it is linked to _node, _dht, /// _rpc_dht, and _bso.</summary> public virtual ApplicationNode CreateNode(NodeConfig node_config) { // Get a Node ID for the new Node AHAddress address = null; try { address = (AHAddress)AddressParser.Parse(node_config.NodeAddress); } catch { address = Utils.GenerateAHAddress(); } // Create the Node state StructuredNode node = new StructuredNode(address, node_config.BrunetNamespace); IEnumerable addresses = IPAddresses.GetIPAddresses(node_config.DevicesToBind); ProtocolSecurityOverlord pso = null; // Enable Security if requested if (node_config.Security.Enabled) { if (node_config.Security.SelfSignedCertificates) { SecurityPolicy.SetDefaultSecurityPolicy(SecurityPolicy.DefaultEncryptor, SecurityPolicy.DefaultAuthenticator, true); } byte[] blob = null; using (FileStream fs = File.Open(node_config.Security.KeyPath, FileMode.Open)) { blob = new byte[fs.Length]; fs.Read(blob, 0, blob.Length); } RSACryptoServiceProvider rsa_private = new RSACryptoServiceProvider(); rsa_private.ImportCspBlob(blob); CertificateHandler ch = new CertificateHandler(node_config.Security.CertificatePath); pso = new ProtocolSecurityOverlord(node, rsa_private, node.Rrm, ch); pso.Subscribe(node, null); node.GetTypeSource(SecurityOverlord.Security).Subscribe(pso, null); node.HeartBeatEvent += pso.Heartbeat; // A hack to enable a test for security that doesn't require each peer // to exchange certificates if (node_config.Security.TestEnable) { blob = rsa_private.ExportCspBlob(false); RSACryptoServiceProvider rsa_pub = new RSACryptoServiceProvider(); rsa_pub.ImportCspBlob(blob); CertificateMaker cm = new CertificateMaker("United States", "UFL", "ACIS", "David Wolinsky", "*****@*****.**", rsa_pub, "brunet:node:abcdefghijklmnopqrs"); Certificate cacert = cm.Sign(cm, rsa_private); cm = new CertificateMaker("United States", "UFL", "ACIS", "David Wolinsky", "*****@*****.**", rsa_pub, address.ToString()); Certificate cert = cm.Sign(cacert, rsa_private); ch.AddCACertificate(cacert.X509); ch.AddSignedCertificate(cert.X509); } } // Add Dht new TableServer(node); IDht dht = new Dht(node, 3, 20); RpcDhtProxy dht_proxy = new RpcDhtProxy(dht, node); // Setup Vivaldi if requested ITunnelOverlap ito = null; NCService ncservice = null; if (node_config.NCService.Enabled) { ncservice = new NCService(node, node_config.NCService.Checkpoint); if (node_config.NCService.OptimizeShortcuts) { node.Ssco.TargetSelector = new VivaldiTargetSelector(node, ncservice); } ito = new NCTunnelOverlap(ncservice); } else { ito = new SimpleTunnelOverlap(); } // Create the ApplicationNode ApplicationNode app_node = new ApplicationNode(node, dht, dht_proxy, ncservice, pso); // Add Edge listeners EdgeListener el = null; foreach (NodeConfig.EdgeListener item in node_config.EdgeListeners) { el = CreateEdgeListener(item, app_node, addresses); if (node_config.Security.SecureEdgesEnabled) { el = new SecureEdgeListener(el, pso); } node.AddEdgeListener(el); } // Create the tunnel and potentially wrap it in a SecureEL el = new Tunnel.TunnelEdgeListener(node, ito); if (node_config.Security.SecureEdgesEnabled) { node.EdgeVerifyMethod = EdgeVerify.AddressInSubjectAltName; el = new SecureEdgeListener(el, pso); } node.AddEdgeListener(el); ArrayList RemoteTAs = null; if (node_config.RemoteTAs != null) { RemoteTAs = new ArrayList(); foreach (String ta in node_config.RemoteTAs) { RemoteTAs.Add(TransportAddressFactory.CreateInstance(ta)); } node.RemoteTAs = RemoteTAs; } // Add XmlRpc if (node_config.XmlRpcManager.Enabled) { if (_xrm == null) { _xrm = new XmlRpcManagerServer(node_config.XmlRpcManager.Port); } _xrm.Add(node, GetXmlRpcUri(app_node)); new RpcDht(dht, node); } return(app_node); }
// adds a node to the pool protected static void add_node(bool output) { AHAddress address = new AHAddress(new RNGCryptoServiceProvider()); Node node = new StructuredNode(address, brunet_namespace); NodeMapping nm = new NodeMapping(); nm.Node = node; nodes.Add((Address) address, nm); nm.Port = TakenPorts.Count; while(TakenPorts.Contains(nm.Port)) { nm.Port = rand.Next(0, 65535); } TAAuthorizer auth = null; if(broken != 0) { auth = new BrokenTAAuth(broken); } EdgeListener el = new SimulationEdgeListener(nm.Port, 0, auth, true); if(secure_edges || secure_senders) { byte[] blob = SEKey.ExportCspBlob(true); RSACryptoServiceProvider rsa_copy = new RSACryptoServiceProvider(); rsa_copy.ImportCspBlob(blob); CertificateMaker cm = new CertificateMaker("United States", "UFL", "ACIS", "David Wolinsky", "*****@*****.**", rsa_copy, address.ToString()); Certificate cert = cm.Sign(CACert, SEKey); CertificateHandler ch = new CertificateHandler(); ch.AddCACertificate(CACert.X509); ch.AddSignedCertificate(cert.X509); BrunetSecurityOverlord so = new BrunetSecurityOverlord(node, rsa_copy, node.Rrm, ch); so.Subscribe(node, null); node.GetTypeSource(SecurityOverlord.Security).Subscribe(so, null); nm.BSO = so; node.HeartBeatEvent += so.Heartbeat; } if(secure_edges) { el = new SecureEdgeListener(el, nm.BSO); } node.AddEdgeListener(el); if(broken != 0) { el = new TunnelEdgeListener(node); node.AddEdgeListener(el); } ArrayList RemoteTAs = new ArrayList(); for(int i = 0; i < 5 && i < TakenPorts.Count; i++) { int rport = (int) TakenPorts.GetByIndex(rand.Next(0, TakenPorts.Count)); RemoteTAs.Add(TransportAddressFactory.CreateInstance("brunet.function://127.0.0.1:" + rport)); } node.RemoteTAs = RemoteTAs; TakenPorts[nm.Port] = nm.Port; if(output) { Console.WriteLine("Adding: " + nm.Node.Address); } node.Connect(); network_size++; }
/// <summary>Creates an ApplicationNode and prepares it for connection to /// the overlay. For historical reasons it is linked to _node, _dht, /// _rpc_dht, and _bso.</summary> public virtual ApplicationNode CreateNode(NodeConfig node_config) { // Get a Node ID for the new Node AHAddress address = null; try { address = (AHAddress) AddressParser.Parse(node_config.NodeAddress); } catch { address = Utils.GenerateAHAddress(); } // Create the Node state StructuredNode node = new StructuredNode(address, node_config.BrunetNamespace); IEnumerable addresses = IPAddresses.GetIPAddresses(node_config.DevicesToBind); ProtocolSecurityOverlord pso = null; // Enable Security if requested if(node_config.Security.Enabled) { if(node_config.Security.SelfSignedCertificates) { SecurityPolicy.SetDefaultSecurityPolicy(SecurityPolicy.DefaultEncryptor, SecurityPolicy.DefaultAuthenticator, true); } byte[] blob = null; using(FileStream fs = File.Open(node_config.Security.KeyPath, FileMode.Open)) { blob = new byte[fs.Length]; fs.Read(blob, 0, blob.Length); } RSACryptoServiceProvider rsa_private = new RSACryptoServiceProvider(); rsa_private.ImportCspBlob(blob); CertificateHandler ch = new CertificateHandler(node_config.Security.CertificatePath); pso = new ProtocolSecurityOverlord(node, rsa_private, node.Rrm, ch); pso.Subscribe(node, null); node.GetTypeSource(SecurityOverlord.Security).Subscribe(pso, null); node.HeartBeatEvent += pso.Heartbeat; // A hack to enable a test for security that doesn't require each peer // to exchange certificates if(node_config.Security.TestEnable) { blob = rsa_private.ExportCspBlob(false); RSACryptoServiceProvider rsa_pub = new RSACryptoServiceProvider(); rsa_pub.ImportCspBlob(blob); CertificateMaker cm = new CertificateMaker("United States", "UFL", "ACIS", "David Wolinsky", "*****@*****.**", rsa_pub, "brunet:node:abcdefghijklmnopqrs"); Certificate cacert = cm.Sign(cm, rsa_private); cm = new CertificateMaker("United States", "UFL", "ACIS", "David Wolinsky", "*****@*****.**", rsa_pub, address.ToString()); Certificate cert = cm.Sign(cacert, rsa_private); ch.AddCACertificate(cacert.X509); ch.AddSignedCertificate(cert.X509); } } // Add Dht new TableServer(node); IDht dht = new Dht(node, 3, 20); RpcDhtProxy dht_proxy = new RpcDhtProxy(dht, node); // Setup Vivaldi if requested ITunnelOverlap ito = null; NCService ncservice = null; if(node_config.NCService.Enabled) { ncservice = new NCService(node, node_config.NCService.Checkpoint); if (node_config.NCService.OptimizeShortcuts) { node.Ssco.TargetSelector = new VivaldiTargetSelector(node, ncservice); } ito = new NCTunnelOverlap(ncservice); } else { ito = new SimpleTunnelOverlap(); } // Create the ApplicationNode ApplicationNode app_node = new ApplicationNode(node, dht, dht_proxy, ncservice, pso); // Add Edge listeners EdgeListener el = null; foreach(NodeConfig.EdgeListener item in node_config.EdgeListeners) { el = CreateEdgeListener(item, app_node, addresses); if(node_config.Security.SecureEdgesEnabled) { el = new SecureEdgeListener(el, pso); } node.AddEdgeListener(el); } // Create the tunnel and potentially wrap it in a SecureEL el = new Tunnel.TunnelEdgeListener(node, ito); if(node_config.Security.SecureEdgesEnabled) { node.EdgeVerifyMethod = EdgeVerify.AddressInSubjectAltName; el = new SecureEdgeListener(el, pso); } node.AddEdgeListener(el); ArrayList RemoteTAs = null; if(node_config.RemoteTAs != null) { RemoteTAs = new ArrayList(); foreach(String ta in node_config.RemoteTAs) { RemoteTAs.Add(TransportAddressFactory.CreateInstance(ta)); } node.RemoteTAs = RemoteTAs; } // Add XmlRpc if(node_config.XmlRpcManager.Enabled) { if(_xrm == null) { _xrm = new XmlRpcManagerServer(node_config.XmlRpcManager.Port); } _xrm.Add(node, GetXmlRpcUri(app_node)); new RpcDht(dht, node); } return app_node; }
protected SecurityOverlord CreateInvalidSO(string name, int level) { if(rsa == null) { rsa = new RSACryptoServiceProvider(); byte[] blob = rsa.ExportCspBlob(false); RSACryptoServiceProvider rsa_pub = new RSACryptoServiceProvider(); rsa_pub.ImportCspBlob(blob); CertificateMaker cm = new CertificateMaker("United States", "UFL", "ACIS", "David Wolinsky", "*****@*****.**", rsa_pub, "brunet:node:abcdefghijklmnopqrs"); Certificate cert = cm.Sign(cm, rsa); x509 = cert.X509; } CertificateHandler ch = new CertificateHandler(); if(level == 2 || level == 0) { ch.AddCACertificate(x509); } if(level == 3 || level == 0) { ch.AddSignedCertificate(x509); } ReqrepManager rrm = new ReqrepManager("so" + name); _timeout += rrm.TimeoutChecker; SecurityOverlord so = new SecurityOverlord(rsa_safe, rrm, ch); so.AnnounceSA += AnnounceSA; RoutingDataHandler rdh = new RoutingDataHandler(); rrm.Subscribe(so, null); so.Subscribe(rdh, null); rdh.Subscribe(rrm, null); return so; }