Exemplo n.º 1
0
        protected PeerSecOverlord CreateInvalidSO(string name, int level)
        {
            if (rsa == null)
            {
                rsa = new RSACryptoServiceProvider();
                byte[] blob = rsa.ExportCspBlob(false);
                RSACryptoServiceProvider rsa_pub = new RSACryptoServiceProvider();
                rsa_pub.ImportCspBlob(blob);
                CertificateMaker cm = new CertificateMaker("United States", "UFL",
                                                           "ACIS", "David Wolinsky", "*****@*****.**", rsa_pub,
                                                           "brunet:node:abcdefghijklmnopqrs");
                Certificate cert = cm.Sign(cm, rsa);
                x509 = cert.X509;
            }

            CertificateHandler ch = new CertificateHandler();

            if (level == 2 || level == 0)
            {
                ch.AddCACertificate(x509);
            }
            if (level == 3 || level == 0)
            {
                ch.AddSignedCertificate(x509);
            }
            Random        rand = new Random();
            ReqrepManager rrm  = new ReqrepManager("so" + name + rand.Next());

            _timeout += rrm.TimeoutChecker;

            PeerSecOverlord so = new PeerSecOverlord(rsa_safe, ch, rrm);

            so.AnnounceSA += AnnounceSA;
            RoutingDataHandler rdh = new RoutingDataHandler();

            rrm.Subscribe(so, null);
            so.Subscribe(rdh, null);
            rdh.Subscribe(rrm, null);
            return(so);
        }
Exemplo n.º 2
0
        public void Test()
        {
            CertificateHandler ch = new CertificateHandler();

            ch.AddCACertificate(_ca_cert.X509);
            ch.AddCertificateVerification(this);

            ArrayList revoked_users = new ArrayList();

            revoked_users.Add("joker");
            revoked_users.Add("bad_guy");
            revoked_users.Add("adversary");
            revoked_users.Add("noobs");

            // create revocation list
            byte[] to_sign = null;
            using (MemoryStream ms = new MemoryStream()) {
                NumberSerializer.WriteLong(DateTime.UtcNow.Ticks, ms);
                AdrConverter.Serialize(revoked_users, ms); to_sign = ms.ToArray();
            }

            // sign revocation list
            SHA1CryptoServiceProvider sha1 = new SHA1CryptoServiceProvider();

            byte[] hash      = sha1.ComputeHash(to_sign);
            byte[] signature = _private_key.SignHash(hash, CryptoConfig.MapNameToOID("SHA1"));
            byte[] data      = new byte[4 + to_sign.Length + signature.Length];
            NumberSerializer.WriteInt(to_sign.Length, data, 0);
            to_sign.CopyTo(data, 4);
            signature.CopyTo(data, 4 + to_sign.Length);

            UpdateRl(data);

            X509Certificate likable_guy  = CreateCert("likable_guy");
            X509Certificate joker        = CreateCert("joker");
            X509Certificate bad_guy      = CreateCert("bad_guy");
            X509Certificate good_guy     = CreateCert("good_guy");
            X509Certificate adversary    = CreateCert("adversary");
            X509Certificate noobs        = CreateCert("noobs");
            X509Certificate friendly_guy = CreateCert("friendly_guy");

            Assert.IsTrue(ch.Verify(likable_guy, null, _remote_id), "Likable guy");
            bool success = false;

            try {
                success = ch.Verify(adversary, null, _remote_id);
            } catch { }
            Assert.AreEqual(success, false, "adversary");

            try {
                success = ch.Verify(joker, null, _remote_id);
            } catch { }
            Assert.AreEqual(success, false, "joker");

            Assert.IsTrue(ch.Verify(friendly_guy, null, _remote_id), "friendly guy");

            try {
                success = ch.Verify(noobs, null, _remote_id);
            } catch { }
            Assert.AreEqual(success, false, "noobs");

            try {
                success = ch.Verify(bad_guy, null, _remote_id);
            } catch { }
            Assert.AreEqual(success, false, "bad_guy");

            Assert.IsTrue(ch.Verify(good_guy, null, _remote_id), "good guy");
        }
    public void FindCertificateTest() {
      CertificateHandler ch = new CertificateHandler();

      RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(512);
      byte[] blob = rsa.ExportCspBlob(false);
      RSACryptoServiceProvider rsa_pub = new RSACryptoServiceProvider();
      rsa_pub.ImportCspBlob(blob);

      List<MemBlock> supported = new List<MemBlock>();
      List<MemBlock> unsupported = new List<MemBlock>();

      for(int i = 0; i < 20; i++) {
        CertificateMaker cm = new CertificateMaker("US", "UFL", "ACIS", "David Wolinsky",
            "*****@*****.**" + i, rsa_pub, i.ToString());
        Certificate cert = cm.Sign(cm, rsa);
        if(i % 2 == 0) {
          ch.AddCACertificate(cert.X509);
          ch.AddSignedCertificate(cert.X509);
          supported.Add(cert.SerialNumber);
        } else {
          unsupported.Add(cert.SerialNumber);
        }
      }

      Assert.IsNotNull(ch.FindCertificate(supported), "Should find a certificate");

      bool success = false;
      try {
        success = ch.FindCertificate(unsupported) != null;
      } catch { }

      Assert.IsTrue(!success, "Should not find a certificate");

      List<MemBlock> mixed = new List<MemBlock>(unsupported);
      mixed.Insert(4 ,supported[1]);
      Assert.AreEqual(supported[1],
          MemBlock.Reference(ch.FindCertificate(mixed).SerialNumber),
          "Only one supported");
    }
 public void ValidityTest() {
   CertificateHandler ch = new CertificateHandler();
   RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(512);
   byte[] blob = rsa.ExportCspBlob(false);
   RSACryptoServiceProvider rsa_pub = new RSACryptoServiceProvider();
   rsa_pub.ImportCspBlob(blob);
   string ID = "brunet:node:PXYSWDL5SZDHDDXJKZCLFENOP2KZDMBU";
   CertificateMaker cm = new CertificateMaker("US", "UFL", "ACIS", "David Wolinsky",
       "*****@*****.**", rsa_pub, ID);
   Certificate cert_0 = cm.Sign(cm, rsa);
   ch.AddSignedCertificate(cert_0.X509);
   ch.AddCACertificate(cert_0.X509);
   rsa = new RSACryptoServiceProvider(1024);
   rsa_pub.ImportCspBlob(rsa.ExportCspBlob(false));
   cm = new CertificateMaker("US", "UFL", "ACIS", "David Wolinsky",
       "*****@*****.**", rsa_pub, ID);
   Certificate cert_1 = cm.Sign(cm, rsa);
   Assert.IsTrue(ch.Verify(cert_0.X509, ID), "Valid");
   bool success = false;
   try {
     success = ch.Verify(cert_1.X509, ID);
   } catch { }
   Assert.IsTrue(!success, "Valid cert2");
 }
Exemplo n.º 5
0
    /// <summary>Creates a Brunet.Node, the resulting node will be available in
    /// the class as _node.</summary>
    /// <remarks>The steps to creating a node are first constructing it with a
    /// namespace, optionally adding local ip addresses to bind to, specifying
    /// local end points, specifying remote end points, and finally registering
    /// the dht.</remarks>
    public virtual void CreateNode() {
      AHAddress address = null;
      try {
        address = (AHAddress) AddressParser.Parse(_node_config.NodeAddress);
      } catch {
        address = Utils.GenerateAHAddress();
      }

      _node = new StructuredNode(address, _node_config.BrunetNamespace);
      IEnumerable addresses = IPAddresses.GetIPAddresses(_node_config.DevicesToBind);

      if(_node_config.Security.Enabled) {
        if(_node_config.Security.SelfSignedCertificates) {
          SecurityPolicy.SetDefaultSecurityPolicy(SecurityPolicy.DefaultEncryptor,
              SecurityPolicy.DefaultAuthenticator, true);
        }

        byte[] blob = null;
        using(FileStream fs = File.Open(_node_config.Security.KeyPath, FileMode.Open)) {
          blob = new byte[fs.Length];
          fs.Read(blob, 0, blob.Length);
        }

        RSACryptoServiceProvider rsa_private = new RSACryptoServiceProvider();
        rsa_private.ImportCspBlob(blob);

        CertificateHandler ch = new CertificateHandler(_node_config.Security.CertificatePath);
        _bso = new ProtocolSecurityOverlord(_node, rsa_private, _node.Rrm, ch);
        _bso.Subscribe(_node, null);

        _node.GetTypeSource(SecurityOverlord.Security).Subscribe(_bso, null);
        _node.HeartBeatEvent += _bso.Heartbeat;

        if(_node_config.Security.TestEnable) {
          blob = rsa_private.ExportCspBlob(false);
          RSACryptoServiceProvider rsa_pub = new RSACryptoServiceProvider();
          rsa_pub.ImportCspBlob(blob);
          CertificateMaker cm = new CertificateMaker("United States", "UFL", 
              "ACIS", "David Wolinsky", "*****@*****.**", rsa_pub,
              "brunet:node:abcdefghijklmnopqrs");
          Certificate cacert = cm.Sign(cm, rsa_private);

          cm = new CertificateMaker("United States", "UFL", 
              "ACIS", "David Wolinsky", "*****@*****.**", rsa_pub,
              address.ToString());
          Certificate cert = cm.Sign(cacert, rsa_private);
          ch.AddCACertificate(cacert.X509);
          ch.AddSignedCertificate(cert.X509);
        }
      }

      EdgeListener el = null;
      foreach(NodeConfig.EdgeListener item in _node_config.EdgeListeners) {
        int port = item.port;
        if(item.type == "tcp") {
          try {
            el = new TcpEdgeListener(port, addresses);
          }
          catch {
            el = new TcpEdgeListener(0, addresses);
          }
        } else if(item.type == "udp") {
          try {
            el = new UdpEdgeListener(port, addresses);
          }
          catch {
            el = new UdpEdgeListener(0, addresses);
          }
        } else if(item.type == "function") {
          port = port == 0 ? (new Random()).Next(1024, 65535) : port;
          el = new FunctionEdgeListener(port, 0, null);
        } else {
          throw new Exception("Unrecognized transport: " + item.type);
        }
        if(_node_config.Security.SecureEdgesEnabled) {
          el = new SecureEdgeListener(el, _bso);
        }
        _node.AddEdgeListener(el);
      }

      ArrayList RemoteTAs = null;
      if(_node_config.RemoteTAs != null) {
        RemoteTAs = new ArrayList();
        foreach(String ta in _node_config.RemoteTAs) {
          RemoteTAs.Add(TransportAddressFactory.CreateInstance(ta));
        }
        _node.RemoteTAs = RemoteTAs;
      }

      ITunnelOverlap ito = null;
      /*
      if(_node_config.NCService.Enabled) {
        _ncservice = new NCService(_node, _node_config.NCService.Checkpoint);

        if (_node_config.NCService.OptimizeShortcuts) {
          _node.Ssco.TargetSelector = new VivaldiTargetSelector(_node, _ncservice);
        }
        ito = new NCTunnelOverlap(_ncservice);
      } else {
        ito = new SimpleTunnelOverlap();
      }
      */
      el = new Tunnel.TunnelEdgeListener(_node, ito);
      if(_node_config.Security.SecureEdgesEnabled) {
        _node.EdgeVerifyMethod = EdgeVerify.AddressInSubjectAltName;
        el = new SecureEdgeListener(el, _bso);
      }
      _node.AddEdgeListener(el);


      new TableServer(_node);
      _dht = new Dht(_node, 3, 20);
      _dht_proxy = new RpcDhtProxy(_dht, _node);
    }
        public void Test()
        {
            CertificateHandler ch = new CertificateHandler();
              ch.AddCACertificate(_ca_cert.X509);
              ch.AddCertificateVerification(this);

              ArrayList revoked_users = new ArrayList();
              revoked_users.Add("joker");
              revoked_users.Add("bad_guy");
              revoked_users.Add("adversary");
              revoked_users.Add("noobs");

              // create revocation list
              byte[] to_sign = null;
              using(MemoryStream ms = new MemoryStream()) {
            NumberSerializer.WriteLong(DateTime.UtcNow.Ticks, ms);
            AdrConverter.Serialize(revoked_users, ms); to_sign = ms.ToArray();
              }

              // sign revocation list
              SHA1CryptoServiceProvider sha1 = new SHA1CryptoServiceProvider();
              byte[] hash = sha1.ComputeHash(to_sign);
              byte[] signature = _private_key.SignHash(hash, CryptoConfig.MapNameToOID("SHA1"));
              byte[] data = new byte[4 + to_sign.Length + signature.Length];
              NumberSerializer.WriteInt(to_sign.Length, data, 0);
              to_sign.CopyTo(data, 4);
              signature.CopyTo(data, 4 + to_sign.Length);

              UpdateRl(data);

              X509Certificate likable_guy = CreateCert("likable_guy");
              X509Certificate joker = CreateCert("joker");
              X509Certificate bad_guy = CreateCert("bad_guy");
              X509Certificate good_guy = CreateCert("good_guy");
              X509Certificate adversary = CreateCert("adversary");
              X509Certificate noobs =  CreateCert("noobs");
              X509Certificate friendly_guy =  CreateCert("friendly_guy");

              Assert.IsTrue(ch.Verify(likable_guy, _remote_id), "Likable guy");
              bool success = false;
              try {
            success = ch.Verify(adversary, _remote_id);
              } catch { }
              Assert.AreEqual(success, false, "adversary");

              try {
            success = ch.Verify(joker, _remote_id);
              } catch { }
              Assert.AreEqual(success, false, "joker");

              Assert.IsTrue(ch.Verify(friendly_guy, _remote_id), "friendly guy");

              try {
            success = ch.Verify(noobs, _remote_id);
              } catch { }
              Assert.AreEqual(success, false, "noobs");

              try {
            success = ch.Verify(bad_guy, _remote_id);
              } catch { }
              Assert.AreEqual(success, false, "bad_guy");

              Assert.IsTrue(ch.Verify(good_guy, _remote_id), "good guy");
        }
Exemplo n.º 7
0
        protected virtual StructuredNode PrepareNode(int id, AHAddress address)
        {
            if (TakenIDs.Contains(id))
            {
                throw new Exception("ID already taken");
            }

            StructuredNode node = new StructuredNode(address, BrunetNamespace);

            NodeMapping nm = new NodeMapping();

            TakenIDs[id] = nm.ID = id;
            nm.Node      = node;
            Nodes.Add((Address)address, nm);

            EdgeListener el = CreateEdgeListener(nm.ID);

            if (_secure_edges || _secure_senders)
            {
                byte[] blob = _se_key.ExportCspBlob(true);
                RSACryptoServiceProvider rsa_copy = new RSACryptoServiceProvider();
                rsa_copy.ImportCspBlob(blob);

                CertificateMaker cm = new CertificateMaker("United States", "UFL",
                                                           "ACIS", "David Wolinsky", "*****@*****.**", rsa_copy,
                                                           address.ToString());
                Certificate cert = cm.Sign(_ca_cert, _se_key);

                CertificateHandler ch = new CertificateHandler();
                ch.AddCACertificate(_ca_cert.X509);
                ch.AddSignedCertificate(cert.X509);

                ProtocolSecurityOverlord so = new ProtocolSecurityOverlord(node, rsa_copy, node.Rrm, ch);
                so.Subscribe(node, null);
                node.GetTypeSource(SecurityOverlord.Security).Subscribe(so, null);
                nm.BSO = so;
                node.HeartBeatEvent += so.Heartbeat;
            }

            if (_secure_edges)
            {
                node.EdgeVerifyMethod = EdgeVerify.AddressInSubjectAltName;
                el = new SecureEdgeListener(el, nm.BSO);
            }

            node.AddEdgeListener(el);

            node.RemoteTAs = GetRemoteTAs();

            ITunnelOverlap ito = null;

            if (NCEnable)
            {
                nm.NCService = new NCService(node, new Point());
// My evaluations show that when this is enabled the system sucks
//        (node as StructuredNode).Sco.TargetSelector = new VivaldiTargetSelector(node, ncservice);
                ito = new NCTunnelOverlap(nm.NCService);
            }
            else
            {
                ito = new SimpleTunnelOverlap();
            }

            if (_broken != 0)
            {
                el = new Tunnel.TunnelEdgeListener(node, ito);
                node.AddEdgeListener(el);
            }
            // Enables Dht data store
            new TableServer(node);
            return(node);
        }
Exemplo n.º 8
0
    public void AddBadLocalCert() {
      CertificateHandler ch = new CertificateHandler("certs", "12345");
      RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(512);
      byte[] blob = rsa.ExportCspBlob(false);
      RSACryptoServiceProvider rsa_pub = new RSACryptoServiceProvider();
      rsa_pub.ImportCspBlob(blob);
      string ID = "brunet:node:PXYSWDL5SZDHDDXJKZCLFENOP2KZDMBU";
      CertificateMaker cm = new CertificateMaker("US", "UFL", "ACIS", "David Wolinsky",
          "*****@*****.**", rsa_pub, ID);
      Certificate cert_0 = cm.Sign(cm, rsa);
      ch.AddCACertificate(cert_0.X509);
      try {
        ch.AddSignedCertificate(cert_0.X509);
        Assert.IsTrue(false, "Shouldn't add this certificate!");
      } catch {
      }

      CertificateMaker cm0 = new CertificateMaker("US", "UFL", "ACIS", "David Wolinsky",
          "*****@*****.**", rsa_pub, "12345");
      Certificate cert_1 = cm0.Sign(cm, rsa);
      ch.AddSignedCertificate(cert_1.X509);
    }
Exemplo n.º 9
0
    /**
    <summary>Creates a Brunet.Node, the resulting node will be available in
    the class as _node.</summary>
    <remarks>The steps to creating a node are first constructing it with a
    namespace, optionally adding local ip addresses to bind to, specifying
    local end points, specifying remote end points, and finally registering
    the dht.</remarks>
    */
    public virtual void CreateNode(string type) {
      NodeConfig node_config = null;
      StructuredNode current_node = null;
      AHAddress address = null;
      ProtocolSecurityOverlord bso;

      if (type == "cache") {
        node_config = _c_node_config; //Node configuration file: the description of service that node provides
        address = (AHAddress) AddressParser.Parse(node_config.NodeAddress);
        current_node = new StructuredNode(address, node_config.BrunetNamespace); // DeetooNode consists of two Structured Nodes
        bso = _c_bso;
      }
      else if ( type == "query" ) {
        node_config = _q_node_config;
        address = (AHAddress) AddressParser.Parse(node_config.NodeAddress);
        current_node = new StructuredNode(address, node_config.BrunetNamespace);
        bso = _q_bso;
      }
      else {
        throw new Exception("Unrecognized node type: " + type);
      }
      IEnumerable addresses = IPAddresses.GetIPAddresses(node_config.DevicesToBind);

      if(node_config.Security.Enabled) {
        if(node_config.Security.SelfSignedCertificates) {
          SecurityPolicy.SetDefaultSecurityPolicy(SecurityPolicy.DefaultEncryptor,
              SecurityPolicy.DefaultAuthenticator, true);
        }

        byte[] blob = null;
        using(FileStream fs = File.Open(node_config.Security.KeyPath, FileMode.Open)) {
          blob = new byte[fs.Length];
          fs.Read(blob, 0, blob.Length);
        }

        RSACryptoServiceProvider rsa_private = new RSACryptoServiceProvider();
        rsa_private.ImportCspBlob(blob);

        CertificateHandler ch = new CertificateHandler(node_config.Security.CertificatePath);
        bso = new ProtocolSecurityOverlord(current_node, rsa_private, current_node.Rrm, ch);
        bso.Subscribe(current_node, null);

        current_node.GetTypeSource(SecurityOverlord.Security).Subscribe(bso, null);
        current_node.HeartBeatEvent += bso.Heartbeat;

        if(node_config.Security.TestEnable) {
          blob = rsa_private.ExportCspBlob(false);
          RSACryptoServiceProvider rsa_pub = new RSACryptoServiceProvider();
          rsa_pub.ImportCspBlob(blob);
          CertificateMaker cm = new CertificateMaker("United States", "UFL", 
              "ACIS", "David Wolinsky", "*****@*****.**", rsa_pub,
              "brunet:node:abcdefghijklmnopqrs");
          Certificate cacert = cm.Sign(cm, rsa_private);

          cm = new CertificateMaker("United States", "UFL", 
              "ACIS", "David Wolinsky", "*****@*****.**", rsa_pub,
              address.ToString());
          Certificate cert = cm.Sign(cacert, rsa_private);
          ch.AddCACertificate(cacert.X509);
          ch.AddSignedCertificate(cert.X509);
        }
      }

      EdgeListener el = null;
      foreach(NodeConfig.EdgeListener item in node_config.EdgeListeners) {
        int port = item.port;
        if (item.type =="tcp") {
          try {
            el = new TcpEdgeListener(port, addresses);
          }
          catch {
            el = new TcpEdgeListener(0, addresses);
          }
        }
        else if (item.type == "udp") {
          try {
            el = new UdpEdgeListener(port, addresses);
          }
          catch {
            el = new UdpEdgeListener(0, addresses);
          }
        }
        else if(item.type == "function") {
          port = port == 0 ? (new Random()).Next(1024, 65535) : port;
          el = new FunctionEdgeListener(port, 0, null);
        }
        else {
          throw new Exception("Unrecognized transport: " + item.type);
        }
        if (node_config.Security.SecureEdgesEnabled) {
          el = new SecureEdgeListener(el, bso);
        }
        current_node.AddEdgeListener(el);
      }

      ArrayList RemoteTAs = null;
      if(node_config.RemoteTAs != null) {
        RemoteTAs = new ArrayList();
        foreach(String ta in node_config.RemoteTAs) {
          RemoteTAs.Add(TransportAddressFactory.CreateInstance(ta));
        }
        current_node.RemoteTAs = RemoteTAs;
      }
      ITunnelOverlap ito = null;
      ito = new SimpleTunnelOverlap();

      el = new Tunnel.TunnelEdgeListener(current_node, ito);
      if(node_config.Security.SecureEdgesEnabled) {
        current_node.EdgeVerifyMethod = EdgeVerify.AddressInSubjectAltName;
        el = new SecureEdgeListener(el, bso);
      }      
      current_node.AddEdgeListener(el);

      new TableServer(current_node);
      if (type == "cache") {
        _c_dht = new Dht(current_node, 3, 20);
        _c_dht_proxy = new RpcDhtProxy(_c_dht, current_node);
        _cs = new CacheList(current_node);
	//_cll = new ClusterList(current_node);
        //current_node.MapReduce.SubscribeTask(new MapReduceClusterCache(current_node, _cll));
        current_node.MapReduce.SubscribeTask(new MapReduceCache(current_node,_cs));
        Console.WriteLine("MapReduceCacheTask is subscribed at {0}", current_node.Address);
        _c_node = current_node;
      }
      else {
        _q_dht = new Dht(current_node, 3, 20);
        _q_dht_proxy = new RpcDhtProxy(_c_dht, current_node);
        CacheList q_cs = new CacheList(current_node);
        //current_node.MapReduce.SubscribeTask(new MapReduceClusterQuery(current_node, _cll));
        current_node.MapReduce.SubscribeTask(new MapReduceQuery(current_node,_cs));
        Console.WriteLine("MapReduceQueryTask is subscribed at {0}", current_node.Address);
        _q_node = current_node;
      }
    }
Exemplo n.º 10
0
        /// <summary>Creates an ApplicationNode and prepares it for connection to
        /// the overlay.  For historical reasons it is linked to _node, _dht,
        /// _rpc_dht, and _bso.</summary>
        public virtual ApplicationNode CreateNode(NodeConfig node_config)
        {
            // Get a Node ID for the new Node
            AHAddress address = null;

            try {
                address = (AHAddress)AddressParser.Parse(node_config.NodeAddress);
            } catch {
                address = Utils.GenerateAHAddress();
            }

            // Create the Node state
            StructuredNode node      = new StructuredNode(address, node_config.BrunetNamespace);
            IEnumerable    addresses = IPAddresses.GetIPAddresses(node_config.DevicesToBind);

            ProtocolSecurityOverlord pso = null;

            // Enable Security if requested
            if (node_config.Security.Enabled)
            {
                if (node_config.Security.SelfSignedCertificates)
                {
                    SecurityPolicy.SetDefaultSecurityPolicy(SecurityPolicy.DefaultEncryptor,
                                                            SecurityPolicy.DefaultAuthenticator, true);
                }

                byte[] blob = null;
                using (FileStream fs = File.Open(node_config.Security.KeyPath, FileMode.Open)) {
                    blob = new byte[fs.Length];
                    fs.Read(blob, 0, blob.Length);
                }

                RSACryptoServiceProvider rsa_private = new RSACryptoServiceProvider();
                rsa_private.ImportCspBlob(blob);

                CertificateHandler ch = new CertificateHandler(node_config.Security.CertificatePath);
                pso = new ProtocolSecurityOverlord(node, rsa_private, node.Rrm, ch);
                pso.Subscribe(node, null);

                node.GetTypeSource(SecurityOverlord.Security).Subscribe(pso, null);
                node.HeartBeatEvent += pso.Heartbeat;

                // A hack to enable a test for security that doesn't require each peer
                // to exchange certificates
                if (node_config.Security.TestEnable)
                {
                    blob = rsa_private.ExportCspBlob(false);
                    RSACryptoServiceProvider rsa_pub = new RSACryptoServiceProvider();
                    rsa_pub.ImportCspBlob(blob);
                    CertificateMaker cm = new CertificateMaker("United States", "UFL",
                                                               "ACIS", "David Wolinsky", "*****@*****.**", rsa_pub,
                                                               "brunet:node:abcdefghijklmnopqrs");
                    Certificate cacert = cm.Sign(cm, rsa_private);

                    cm = new CertificateMaker("United States", "UFL",
                                              "ACIS", "David Wolinsky", "*****@*****.**", rsa_pub,
                                              address.ToString());
                    Certificate cert = cm.Sign(cacert, rsa_private);
                    ch.AddCACertificate(cacert.X509);
                    ch.AddSignedCertificate(cert.X509);
                }
            }

            // Add Dht
            new TableServer(node);
            IDht        dht       = new Dht(node, 3, 20);
            RpcDhtProxy dht_proxy = new RpcDhtProxy(dht, node);

            // Setup Vivaldi if requested
            ITunnelOverlap ito       = null;
            NCService      ncservice = null;

            if (node_config.NCService.Enabled)
            {
                ncservice = new NCService(node, node_config.NCService.Checkpoint);

                if (node_config.NCService.OptimizeShortcuts)
                {
                    node.Ssco.TargetSelector = new VivaldiTargetSelector(node, ncservice);
                }
                ito = new NCTunnelOverlap(ncservice);
            }
            else
            {
                ito = new SimpleTunnelOverlap();
            }

            // Create the ApplicationNode
            ApplicationNode app_node = new ApplicationNode(node, dht, dht_proxy, ncservice, pso);

            // Add Edge listeners
            EdgeListener el = null;

            foreach (NodeConfig.EdgeListener item in node_config.EdgeListeners)
            {
                el = CreateEdgeListener(item, app_node, addresses);
                if (node_config.Security.SecureEdgesEnabled)
                {
                    el = new SecureEdgeListener(el, pso);
                }
                node.AddEdgeListener(el);
            }

            // Create the tunnel and potentially wrap it in a SecureEL
            el = new Tunnel.TunnelEdgeListener(node, ito);
            if (node_config.Security.SecureEdgesEnabled)
            {
                node.EdgeVerifyMethod = EdgeVerify.AddressInSubjectAltName;
                el = new SecureEdgeListener(el, pso);
            }
            node.AddEdgeListener(el);

            ArrayList RemoteTAs = null;

            if (node_config.RemoteTAs != null)
            {
                RemoteTAs = new ArrayList();
                foreach (String ta in node_config.RemoteTAs)
                {
                    RemoteTAs.Add(TransportAddressFactory.CreateInstance(ta));
                }
                node.RemoteTAs = RemoteTAs;
            }

            // Add XmlRpc
            if (node_config.XmlRpcManager.Enabled)
            {
                if (_xrm == null)
                {
                    _xrm = new XmlRpcManagerServer(node_config.XmlRpcManager.Port);
                }
                _xrm.Add(node, GetXmlRpcUri(app_node));
                new RpcDht(dht, node);
            }

            return(app_node);
        }
Exemplo n.º 11
0
    // adds a node to the pool
    protected static void add_node(bool output) {
      AHAddress address = new AHAddress(new RNGCryptoServiceProvider());
      Node node = new StructuredNode(address, brunet_namespace);
      NodeMapping nm = new NodeMapping();
      nm.Node = node;
      nodes.Add((Address) address, nm);

      nm.Port = TakenPorts.Count;
      while(TakenPorts.Contains(nm.Port)) {
        nm.Port = rand.Next(0, 65535);
      }

      TAAuthorizer auth = null;
      if(broken != 0) {
        auth = new BrokenTAAuth(broken);
      }

      EdgeListener el = new SimulationEdgeListener(nm.Port, 0, auth, true);

      if(secure_edges || secure_senders) {
        byte[] blob = SEKey.ExportCspBlob(true);
        RSACryptoServiceProvider rsa_copy = new RSACryptoServiceProvider();
        rsa_copy.ImportCspBlob(blob);

        CertificateMaker cm = new CertificateMaker("United States", "UFL", 
          "ACIS", "David Wolinsky", "*****@*****.**", rsa_copy,
          address.ToString());
        Certificate cert = cm.Sign(CACert, SEKey);

        CertificateHandler ch = new CertificateHandler();
        ch.AddCACertificate(CACert.X509);
        ch.AddSignedCertificate(cert.X509);

        BrunetSecurityOverlord so = new BrunetSecurityOverlord(node, rsa_copy, node.Rrm, ch);
        so.Subscribe(node, null);
        node.GetTypeSource(SecurityOverlord.Security).Subscribe(so, null);
        nm.BSO = so;
        node.HeartBeatEvent += so.Heartbeat;
      }
      if(secure_edges) {
        el = new SecureEdgeListener(el, nm.BSO);
      }

      node.AddEdgeListener(el);

      if(broken != 0) {
        el = new TunnelEdgeListener(node);
        node.AddEdgeListener(el);
      }

      ArrayList RemoteTAs = new ArrayList();
      for(int i = 0; i < 5 && i < TakenPorts.Count; i++) {
        int rport = (int) TakenPorts.GetByIndex(rand.Next(0, TakenPorts.Count));
        RemoteTAs.Add(TransportAddressFactory.CreateInstance("brunet.function://127.0.0.1:" + rport));
      }
      node.RemoteTAs = RemoteTAs;

      TakenPorts[nm.Port] = nm.Port;

      if(output) {
        Console.WriteLine("Adding: " + nm.Node.Address);
      }
      node.Connect();
      network_size++;
    }
Exemplo n.º 12
0
    /// <summary>Creates an ApplicationNode and prepares it for connection to
    /// the overlay.  For historical reasons it is linked to _node, _dht,
    /// _rpc_dht, and _bso.</summary>
    public virtual ApplicationNode CreateNode(NodeConfig node_config) {
      // Get a Node ID for the new Node
      AHAddress address = null;
      try {
        address = (AHAddress) AddressParser.Parse(node_config.NodeAddress);
      } catch {
        address = Utils.GenerateAHAddress();
      }

      // Create the Node state
      StructuredNode node = new StructuredNode(address, node_config.BrunetNamespace);
      IEnumerable addresses = IPAddresses.GetIPAddresses(node_config.DevicesToBind);

      ProtocolSecurityOverlord pso = null;
      // Enable Security if requested
      if(node_config.Security.Enabled) {
        if(node_config.Security.SelfSignedCertificates) {
          SecurityPolicy.SetDefaultSecurityPolicy(SecurityPolicy.DefaultEncryptor,
              SecurityPolicy.DefaultAuthenticator, true);
        }

        byte[] blob = null;
        using(FileStream fs = File.Open(node_config.Security.KeyPath, FileMode.Open)) {
          blob = new byte[fs.Length];
          fs.Read(blob, 0, blob.Length);
        }

        RSACryptoServiceProvider rsa_private = new RSACryptoServiceProvider();
        rsa_private.ImportCspBlob(blob);

        CertificateHandler ch = new CertificateHandler(node_config.Security.CertificatePath);
        pso = new ProtocolSecurityOverlord(node, rsa_private, node.Rrm, ch);
        pso.Subscribe(node, null);

        node.GetTypeSource(SecurityOverlord.Security).Subscribe(pso, null);
        node.HeartBeatEvent += pso.Heartbeat;

        // A hack to enable a test for security that doesn't require each peer
        // to exchange certificates
        if(node_config.Security.TestEnable) {
          blob = rsa_private.ExportCspBlob(false);
          RSACryptoServiceProvider rsa_pub = new RSACryptoServiceProvider();
          rsa_pub.ImportCspBlob(blob);
          CertificateMaker cm = new CertificateMaker("United States", "UFL", 
              "ACIS", "David Wolinsky", "*****@*****.**", rsa_pub,
              "brunet:node:abcdefghijklmnopqrs");
          Certificate cacert = cm.Sign(cm, rsa_private);

          cm = new CertificateMaker("United States", "UFL", 
              "ACIS", "David Wolinsky", "*****@*****.**", rsa_pub,
              address.ToString());
          Certificate cert = cm.Sign(cacert, rsa_private);
          ch.AddCACertificate(cacert.X509);
          ch.AddSignedCertificate(cert.X509);
        }
      }

      // Add Dht
      new TableServer(node);
      IDht dht = new Dht(node, 3, 20);
      RpcDhtProxy dht_proxy = new RpcDhtProxy(dht, node);

      // Setup Vivaldi if requested
      ITunnelOverlap ito = null;
      NCService ncservice = null;
      if(node_config.NCService.Enabled) {
        ncservice = new NCService(node, node_config.NCService.Checkpoint);

        if (node_config.NCService.OptimizeShortcuts) {
          node.Ssco.TargetSelector = new VivaldiTargetSelector(node, ncservice);
        }
        ito = new NCTunnelOverlap(ncservice);
      } else {
        ito = new SimpleTunnelOverlap();
      }

      // Create the ApplicationNode
      ApplicationNode app_node = new ApplicationNode(node, dht, dht_proxy, ncservice, pso);

      // Add Edge listeners
      EdgeListener el = null;
      foreach(NodeConfig.EdgeListener item in node_config.EdgeListeners) {
        el = CreateEdgeListener(item, app_node, addresses);
        if(node_config.Security.SecureEdgesEnabled) {
          el = new SecureEdgeListener(el, pso);
        }
        node.AddEdgeListener(el);
      }

      // Create the tunnel and potentially wrap it in a SecureEL
      el = new Tunnel.TunnelEdgeListener(node, ito);
      if(node_config.Security.SecureEdgesEnabled) {
        node.EdgeVerifyMethod = EdgeVerify.AddressInSubjectAltName;
        el = new SecureEdgeListener(el, pso);
      }
      node.AddEdgeListener(el);

      ArrayList RemoteTAs = null;
      if(node_config.RemoteTAs != null) {
        RemoteTAs = new ArrayList();
        foreach(String ta in node_config.RemoteTAs) {
          RemoteTAs.Add(TransportAddressFactory.CreateInstance(ta));
        }
        node.RemoteTAs = RemoteTAs;
      }

      // Add XmlRpc
      if(node_config.XmlRpcManager.Enabled) {
        if(_xrm == null) {
          _xrm = new XmlRpcManagerServer(node_config.XmlRpcManager.Port);
        }
        _xrm.Add(node, GetXmlRpcUri(app_node));
        new RpcDht(dht, node);
      }

      return app_node;
    }
Exemplo n.º 13
0
    protected SecurityOverlord CreateInvalidSO(string name, int level) {
      if(rsa == null) {
        rsa = new RSACryptoServiceProvider();
        byte[] blob = rsa.ExportCspBlob(false);
        RSACryptoServiceProvider rsa_pub = new RSACryptoServiceProvider();
        rsa_pub.ImportCspBlob(blob);
        CertificateMaker cm = new CertificateMaker("United States", "UFL", 
            "ACIS", "David Wolinsky", "*****@*****.**", rsa_pub,
            "brunet:node:abcdefghijklmnopqrs");
        Certificate cert = cm.Sign(cm, rsa);
        x509 = cert.X509;
      }

      CertificateHandler ch = new CertificateHandler();
      if(level == 2 || level == 0) {
        ch.AddCACertificate(x509);
      }
      if(level == 3 || level == 0) {
        ch.AddSignedCertificate(x509);
      }
      ReqrepManager rrm = new ReqrepManager("so" + name);
      _timeout += rrm.TimeoutChecker;
      SecurityOverlord so = new SecurityOverlord(rsa_safe, rrm, ch);
      so.AnnounceSA += AnnounceSA;
      RoutingDataHandler rdh = new RoutingDataHandler();
      rrm.Subscribe(so, null);
      so.Subscribe(rdh, null);
      rdh.Subscribe(rrm, null);
      return so;
    }