/// <summary>
/// Each StoredData element is individually signed. However, the
/// signature also must be self-contained and cover the Kind-ID and
/// Resource-ID even though they are not present in the StoredData
/// structure. The input to the signature algorithm is:
/// resource_id || kind || storage_time || StoredDataValue ||
/// SignerIdentity
/// </summary>
/// <param name="resId"></param>
/// <param name="kind"></param>
/// <param name="storageTime"></param>
/// <param name="storedDataValue"></param>
/// <param name="identity"></param>
public Signature(ResourceId resId, UInt32 kind, UInt64 storageTime,
StoredDataValue value, SignerIdentity signerIdentity,
ReloadConfig config) {
m_ReloadConfig = config;
var ascii = new ASCIIEncoding();
/* Set alogorithm and identity */
algorithm = new SignatureAndHashAlgorithm(HashAlgorithm.sha256,
ReloadGlobals.SignatureAlg);
identity = signerIdentity;
/* Get string of stored data value */
var ms = new MemoryStream();
var bw = new BinaryWriter(ms);
value.Dump(bw);
value.GetUsageValue.dump(bw);
ms.Position = 0;
var sr = new StreamReader(ms);
string strValue = sr.ReadToEnd();
sr.Close();
bw.Close();
/* Concatenate signature input */
String signaturInput = String.Format("{0}{1}{2}{3}{4}",
ascii.GetString(resId.Data, 0, resId.Data.Length), kind, storageTime,
strValue, identity.ToString());
signatureValue = Sign(signaturInput);
}
public Signature FromReader(BinaryReader reader, long reload_msg_size) {
var ascii = new ASCIIEncoding();
var hashAlg = (HashAlgorithm)reader.ReadByte();
var signatureAlg = (SignatureAlgorithm)reader.ReadByte();
algorithm = new SignatureAndHashAlgorithm(hashAlg, signatureAlg);
/* Read SignerIdentity */
var type = (SignerIdentityType)reader.ReadByte();
UInt16 length = (UInt16)IPAddress.NetworkToHostOrder(reader.ReadInt16());
/* Read SignerIdentityValue */
hashAlg = (HashAlgorithm)reader.ReadByte();
length -= 1;
ushort hashLen = (ushort)reader.ReadByte();
byte[] bHash = reader.ReadBytes(hashLen);
/* Create SignerIdentityValue */
var signerIdVal = new SignerIdentityValue(type, hashAlg, bHash);
/* Create SignerIdentity */
identity = new SignerIdentity(type, signerIdVal);
/* Read SignatureValue */
UInt16 sigLen = (UInt16)IPAddress.NetworkToHostOrder(reader.ReadInt16());
signatureValue = reader.ReadBytes(sigLen);
return this;
}
/// <summary>
/// For signatures over messages the input to the signature is computed
/// over the overlay and transaction_id come from the forwarding header
/// see RELOAD base -13 p.53
/// </summary>
/// <param name="overlay">overlay</param>
/// <param name="transaction_id">transaction_id</param>
/// <param name="messageContents">Message Contents</param>
/// <param name="signerIdentity">SignerIdentity</param>
public Signature(UInt32 overlay, string transactionId, string messageContents, SignerIdentity signerIdentity, ReloadConfig config) {
m_ReloadConfig = config;
algorithm = new SignatureAndHashAlgorithm(HashAlgorithm.sha256,
ReloadGlobals.SignatureAlg);
identity = signerIdentity;
/* Compute signature */
String signaturInput = String.Format("{0}{1}{2}{3}", overlay, transactionId, messageContents, identity.ToString());
signatureValue = Sign(signaturInput);
}
public Signature(UInt32 overlay, string transactionId, byte[] messageContents, SignerIdentity signerIdentity, ReloadConfig config)
{
m_ReloadConfig = config;
algorithm = new SignatureAndHashAlgorithm(HashAlgorithm.sha256,
ReloadGlobals.SignatureAlg);
identity = signerIdentity;
/* Compute signature */
byte[] bOverlay = BitConverter.GetBytes(overlay);
byte[] bTransId = Encoding.Unicode.GetBytes(transactionId);
byte[] bId = Encoding.Unicode.GetBytes(identity.ToString());
byte[] sig = new byte[bOverlay.Length + bTransId.Length + messageContents.Length + bId.Length];
System.Buffer.BlockCopy(bOverlay, 0, sig, 0, bOverlay.Length);
System.Buffer.BlockCopy(bTransId, 0, sig, bOverlay.Length, bTransId.Length);
System.Buffer.BlockCopy(messageContents, 0, sig, bOverlay.Length + bTransId.Length, messageContents.Length);
System.Buffer.BlockCopy(bId, 0, sig, bOverlay.Length + bTransId.Length + messageContents.Length, bId.Length);
signatureValue = Sign(sig);
}
/// <summary>
/// Computes the signature of the stored data.
/// The input to the signature algorithm is:
///
/// resource_id || kind || storage_time || StoredDataValue ||
/// SignerIdentity
/// Where || indicates concatenation.
/// </summary>
/// <param name="resId"></param>
/// <param name="kindId"></param>
public void SignData(ResourceId resId, UInt32 kindId, SignerIdentity id,
ReloadConfig rc) {
signature = new Signature(resId, kindId, storage_time,
value, id, rc);
}
/// <summary>
/// Creates a new Security Block for data transporting messages
/// </summary>
/// <param name="signerCert">X.509 PKC of the request originator</param>
/// <param name="certs">X.509 PKCs for validation data</param>
public SecurityBlock(ReloadConfig rc, SignerIdentity myIdentity, List<byte[]> certs)
{
m_ReloadConfig = rc;
m_AccessControl = rc.AccessController;
/* Add the certificate of signer */
certificates = new List<GenericCertificate>();
GenericCertificate myCert = m_AccessControl.GetPKC(myIdentity);
certificates.Add(myCert);
/* Add all other PKCs */
foreach (byte[] pkc in certs)
{
certificates.Add(new GenericCertificate(pkc));
}
signerId = myIdentity;
}
/// <summary>
/// Creates a new Security Block for ordinary messages
/// </summary>
/// <param name="signerCert">X.509 PKC of the request originator</param>
public SecurityBlock(ReloadConfig rc, SignerIdentity myIdentity)
{
m_ReloadConfig = rc;
m_AccessControl = rc.AccessController;
/* Add the certificate of signer */
certificates = new List<GenericCertificate>();
GenericCertificate myCert = m_AccessControl.GetPKC(myIdentity);
certificates.Add(myCert);
signerId = myIdentity;
}
public GenericCertificate GetPKC(SignerIdentity identity) {
if (identity == null)
throw new ArgumentNullException(
"AccessControl.GetPKC: Identity null");
string strHash = String.Join(String.Empty, identity.Identity.CertificateHash.Select(b => b.ToString("x2")));
return storedPKCs[strHash];
}
public AccessController(ReloadConfig rc) {
var ascii = new ASCIIEncoding();
m_ReloadConfig = rc;
storedPKCs = new Dictionary<string, GenericCertificate>();
ACPs = new Dictionary<String, IAccessControlPolicy>();
ACPmap = new Dictionary<UInt32, String>();
/* Convert My TEIX509Certificate to opaque string*/
/* SignerIdValue*/
var sha256 = new SHA256Managed();
byte[] myCert;
//m_ReloadConfig.MyCertificate.SaveToBuffer(out myCert);
//myCert = m_ReloadConfig.MySSLCertificate.DER;
myCert = m_ReloadConfig.MyCertificate.GetRawCertData();
byte[] bHash = sha256.ComputeHash(myCert);
var signIdVal = new SignerIdentityValue(SignerIdentityType.cert_hash,
ReloadGlobals.HashAlg, bHash);
/* Publish my Id and my PKC */
var myGenCert = new GenericCertificate(myCert);
myIdentity = new SignerIdentity(SignerIdentityType.cert_hash, signIdVal);
string strHash = String.Join(String.Empty, bHash.Select(b => b.ToString("x2")));
storedPKCs.Add(strHash, myGenCert);
}
