public void FindCertificateTest() { CertificateHandler ch = new CertificateHandler(); RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(512); byte[] blob = rsa.ExportCspBlob(false); RSACryptoServiceProvider rsa_pub = new RSACryptoServiceProvider(); rsa_pub.ImportCspBlob(blob); List<MemBlock> supported = new List<MemBlock>(); List<MemBlock> unsupported = new List<MemBlock>(); for(int i = 0; i < 20; i++) { CertificateMaker cm = new CertificateMaker("US", "UFL", "ACIS", "David Wolinsky", "*****@*****.**" + i, rsa_pub, i.ToString()); Certificate cert = cm.Sign(cm, rsa); if(i % 2 == 0) { ch.AddCACertificate(cert.X509); ch.AddSignedCertificate(cert.X509); supported.Add(cert.SerialNumber); } else { unsupported.Add(cert.SerialNumber); } } Assert.IsNotNull(ch.FindCertificate(supported), "Should find a certificate"); bool success = false; try { success = ch.FindCertificate(unsupported) != null; } catch { } Assert.IsTrue(!success, "Should not find a certificate"); List<MemBlock> mixed = new List<MemBlock>(unsupported); mixed.Insert(4 ,supported[1]); Assert.AreEqual(supported[1], MemBlock.Reference(ch.FindCertificate(mixed).SerialNumber), "Only one supported"); }
public bool GenerateCACert(string group) { if(!Context.Request.IsLocal) { throw new Exception("Call must be made locally!"); } string private_path = GetGroupPrivatePath(group); Directory.CreateDirectory(private_path); private_path += "private_key"; RSACryptoServiceProvider private_key = new RSACryptoServiceProvider(2048); byte[] private_blob = private_key.ExportCspBlob(true); using(FileStream fs = File.Open(private_path, FileMode.Create)) { fs.Write(private_blob, 0, private_blob.Length); } string data_path = GetGroupDataPath(group); Directory.CreateDirectory(data_path); RSACryptoServiceProvider public_key = new RSACryptoServiceProvider(); public_key.ImportCspBlob(private_key.ExportCspBlob(false)); CertificateMaker cm = new CertificateMaker(string.Empty, group, string.Empty, "admin", string.Empty, public_key, string.Empty); Certificate cert = cm.Sign(cm, private_key); string cacert_path = GetGroupDataPath(group) + "cacert"; byte[] cert_data = cert.X509.RawData; using(FileStream fs = File.Open(cacert_path, FileMode.Create)) { fs.Write(cert_data, 0, cert_data.Length); } return true; }
public void ValidityTest() { CertificateHandler ch = new CertificateHandler(); RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(512); byte[] blob = rsa.ExportCspBlob(false); RSACryptoServiceProvider rsa_pub = new RSACryptoServiceProvider(); rsa_pub.ImportCspBlob(blob); string ID = "brunet:node:PXYSWDL5SZDHDDXJKZCLFENOP2KZDMBU"; CertificateMaker cm = new CertificateMaker("US", "UFL", "ACIS", "David Wolinsky", "*****@*****.**", rsa_pub, ID); Certificate cert_0 = cm.Sign(cm, rsa); ch.AddSignedCertificate(cert_0.X509); ch.AddCACertificate(cert_0.X509); rsa = new RSACryptoServiceProvider(1024); rsa_pub.ImportCspBlob(rsa.ExportCspBlob(false)); cm = new CertificateMaker("US", "UFL", "ACIS", "David Wolinsky", "*****@*****.**", rsa_pub, ID); Certificate cert_1 = cm.Sign(cm, rsa); Assert.IsTrue(ch.Verify(cert_0.X509, ID), "Valid"); bool success = false; try { success = ch.Verify(cert_1.X509, ID); } catch { } Assert.IsTrue(!success, "Valid cert2"); }
protected bool SignCertificate(string group, string request_id) { string request_path = GetGroupDataPath(group) + request_id; if(!File.Exists(request_path)) { throw new Exception("No such request."); } CertificateMaker cm = null; using(FileStream fs = File.Open(request_path, FileMode.Open)) { byte[] blob = new byte[fs.Length]; fs.Read(blob, 0, blob.Length); cm = new CertificateMaker(blob); } // We need to create a new certificate with all the users info! string private_path = GetGroupPrivatePath(group) + "private_key"; if(!File.Exists(private_path)) { throw new Exception("No private key."); } RSACryptoServiceProvider private_key = new RSACryptoServiceProvider(); using(FileStream fs = File.Open(private_path, FileMode.Open)) { byte[] blob = new byte[fs.Length]; fs.Read(blob, 0, blob.Length); private_key.ImportCspBlob(blob); } string cacert_path = GetGroupDataPath(group) + "cacert"; if(!File.Exists(cacert_path)) { throw new Exception("No CA Certificate."); } Certificate cacert = null; using(FileStream fs = File.Open(cacert_path, FileMode.Open)) { byte[] blob = new byte[fs.Length]; fs.Read(blob, 0, blob.Length); cacert = new Certificate(blob); } Certificate cert = cm.Sign(cacert, private_key); request_path += ".signed"; using(FileStream fs = File.Open(request_path, FileMode.Create)) { byte[] blob = cert.X509.RawData; fs.Write(blob, 0, blob.Length); } return true; }
public string SubmitRequest(string username, string group, string secret, byte[] certificate) { IDbConnection dbcon = new MySqlConnection(_connection_string); dbcon.Open(); IDbCommand dbcmd = dbcon.CreateCommand(); string sql = "SELECT id, email FROM " + _db_prefix + "users WHERE username = \"" + username + "\""; dbcmd.CommandText = sql; IDataReader reader = dbcmd.ExecuteReader(); if(!reader.Read()) { throw new Exception("Not registered on website."); } string user_id = ((int) reader["id"]).ToString(); string email = (string) reader["email"]; reader.Close(); sql = "SELECT member FROM groups WHERE" + " group_id = (SELECT group_id FROM groupvpn WHERE group_name = \"" + group + "\")" + " and user_id = " + user_id + " and secret = \"" + secret + "\" and revoked = 0"; dbcmd.CommandText = sql; reader = dbcmd.ExecuteReader(); if(!reader.Read() || !"1".Equals(reader["member"].ToString())) { throw new Exception("Not a member of the group."); } reader.Close(); sql = "UPDATE groupvpn SET last_update = CURRENT_TIMESTAMP WHERE group_name = \"" + group + "\""; dbcmd.CommandText = sql; reader = dbcmd.ExecuteReader(); reader.Close(); dbcmd.Dispose(); dbcon.Close(); CertificateMaker cm = null; try { cm = new CertificateMaker(certificate); } catch { throw new Exception("Invalid certificate request"); } cm = new CertificateMaker(string.Empty, string.Empty, group, username, email, cm.PublicKey, cm.NodeAddress); Random rand = new Random(); byte[] request_id_blob = new byte[20]; rand.NextBytes(request_id_blob); StringBuilder request_id_sb = new StringBuilder(request_id_blob.Length); foreach(byte b in request_id_blob) { request_id_sb.Append(b.ToString("X2")); } string request_id = request_id_sb.ToString(); string request_path = GetGroupDataPath(group) + request_id; using(FileStream fs = File.Open(request_path, FileMode.Create)) { fs.Write(cm.UnsignedData, 0, cm.UnsignedData.Length); } // If we don't want to verify request on the website... SignCertificate(group, request_id); return request_id; }
protected PeerSecOverlord CreateInvalidSO(string name, int level) { if(rsa == null) { rsa = new RSACryptoServiceProvider(); byte[] blob = rsa.ExportCspBlob(false); RSACryptoServiceProvider rsa_pub = new RSACryptoServiceProvider(); rsa_pub.ImportCspBlob(blob); CertificateMaker cm = new CertificateMaker("United States", "UFL", "ACIS", "David Wolinsky", "*****@*****.**", rsa_pub, "brunet:node:abcdefghijklmnopqrs"); Certificate cert = cm.Sign(cm, rsa); x509 = cert.X509; } CertificateHandler ch = new CertificateHandler(); if(level == 2 || level == 0) { ch.AddCACertificate(x509); } if(level == 3 || level == 0) { ch.AddSignedCertificate(x509); } Random rand = new Random(); ReqrepManager rrm = new ReqrepManager("so" + name + rand.Next()); _timeout += rrm.TimeoutChecker; PeerSecOverlord so = new PeerSecOverlord(rsa_safe, ch, rrm); so.AnnounceSA += AnnounceSA; RoutingDataHandler rdh = new RoutingDataHandler(); rrm.Subscribe(so, null); so.Subscribe(rdh, null); rdh.Subscribe(rrm, null); return so; }
public void ValidityTest() { var osch = new OpenSslCertificateHandler(); RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(512); byte[] blob = rsa.ExportCspBlob(false); RSACryptoServiceProvider rsa_pub = new RSACryptoServiceProvider(); rsa_pub.ImportCspBlob(blob); string ID = "brunet:node:PXYSWDL5SZDHDDXJKZCLFENOP2KZDMBU"; CertificateMaker cm = new CertificateMaker("US", "UFL", "ACIS", "David Wolinsky", "*****@*****.**", rsa_pub, ID); Certificate cert_0 = cm.Sign(cm, rsa); osch.AddSignedCertificate(cert_0.X509); osch.AddCACertificate(cert_0.X509); var ocert = OpenSslCertificateHandler.OpenSslX509ToMonoX509(osch.LocalCertificate); Assert.AreEqual(cert_0.X509.RawData, ocert.RawData, "local check"); Assert.IsTrue(CertificateHandler.Verify(ocert, ID), "Valid"); }
public void Test() { RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(); byte[] blob = rsa.ExportCspBlob(false); RSACryptoServiceProvider rsa_pub = new RSACryptoServiceProvider(); rsa_pub.ImportCspBlob(blob); CertificateMaker cm = new CertificateMaker("United States", "UFL", "ACIS", "David Wolinsky", "*****@*****.**", rsa_pub, "brunet:node:abcdefghijklmnopqrs"); Assert.AreEqual("C=United States, O=UFL, OU=ACIS, CN=David Wolinsky, [email protected]", cm.Subject.DN, "DN test 1"); cm = new CertificateMaker(cm.UnsignedData); Assert.AreEqual("C=United States, O=UFL, OU=ACIS, CN=David Wolinsky, [email protected]", cm.Subject.DN, "DN test 2"); Certificate cert = cm.Sign(cm, rsa); Assert.IsTrue(cert.Signature != null, "Signature"); Assert.AreEqual(cm.Subject.DN, cert.Issuer.DN, "Issuer = Subject"); Assert.AreEqual("brunet:node:abcdefghijklmnopqrs", cert.NodeAddress , "Node address"); Mono.Math.BigInteger rsa_pub_bi = new Mono.Math.BigInteger(rsa_pub.ExportCspBlob(false)); Mono.Math.BigInteger cert_pub_bi = new Mono.Math.BigInteger(cert.PublicKey.ExportCspBlob(false)); Assert.AreEqual(rsa_pub_bi, cert_pub_bi, "Key"); SHA1CryptoServiceProvider sha1 = new SHA1CryptoServiceProvider(); Assert.AreEqual(MemBlock.Reference(cert.SerialNumber), MemBlock.Reference(sha1.ComputeHash(cert.UnsignedData)), "SerialNumber == hash of unsigned data"); }