public void GeneratesValidSignatureXml()
{
//Arrange
var signatureGenerator = DomainUtility.GetSignature();
var xml = signatureGenerator.Xml().InnerXml;
var signatureValidator = new SignatureValidator();
//Act
var isValidSignatureXml = signatureValidator.Validate(xml);
var signatureLength = xml.Length;
//Assert
Assert.True(isValidSignatureXml);
Assert.True(signatureLength > 3200);
}
static bool Validate(byte[] tbsCertificate, byte[] subjectPublicKeyInfo, byte[] signatureAlgorithm, byte[] signatureValue)
{
SignedData signedData = new SignedData();
signedData.subjectPublicKeyInfo = subjectPublicKeyInfo;
signedData.signedData = tbsCertificate;
signedData.signatureAlgorithm = signatureAlgorithm;
signedData.signatureValue = signatureValue;
return(SignatureValidator.Validate(signedData));
//todo: Signature will be validated using parameter fields
//now always return signature is valid
//todo: add real implementation code
return(true);
}
protected JupyterRequestHandlerTestBase(ITestOutputHelper output)
{
_disposables.Add(output.SubscribeToPocketLogger());
Kernel = new CompositeKernel
{
new CSharpKernel()
}.UseDefaultMagicCommands();
_disposables.Add(Kernel.LogEventsToPocketLogger());
var signatureValidator = new SignatureValidator("key", "HMACSHA256");
ServerRecordingSocket = new RecordingSocket();
ServerChannel = new MessageSender(ServerRecordingSocket, signatureValidator);
IoRecordingSocket = new RecordingSocket();
IoPubChannel = new MessageSender(IoRecordingSocket, signatureValidator);
}
public async Task CreatedSignature_FromRequestWithNoContent_CanBeValidated()
{
var sut = new SignatureCreator();
IEnumerable <KeyValuePair <string, IEnumerable <string> > > headers = new List <KeyValuePair <string, IEnumerable <string> > >();
var signature = sut.CreateWithoutContent(HttpMethod.Get, headers, _applicationUri, DateTime.UtcNow.ToTimeStamp(), new Nonce(), _scope, _apiKey);
var validator = new SignatureValidator();
var request = new HttpRequestMessage(HttpMethod.Get, _applicationUri)
{
Content = new StringContent(string.Empty)
};
request.Headers.Add("Authorization", signature);
(await validator.Validate(request, _scope, _apiKey)).ShouldBe(true);
}
private static bool ValidateRevokeSubCaCertificateRequestSignature(Certificate subCACertificate,
byte[] signature)
{
Logger.log("Starting Validate Revoke SubCA Certificate Request Signature");
Logger.log("Request Signature");
Logger.log(signature);
Logger.log("Checking Revoke SubCA Certificate Request Signature with SubCA Certificate Public Key");
bool verified =
SignatureValidator.CheckRevokeSubCACertificateRequestSignature(signature, subCACertificate,
subCACertificate);
if (verified)
{
Logger.log("Verified Revoke SubCA Certificate Request Signature with SubCA Certificate Public Key");
return(true);
}
Certificate issuerCACertificate = CertificateChainValidator.FindIssuerCaCertificate(subCACertificate);
if (!issuerCACertificate.IsLoaded)
{
Logger.log("Can not find issuer certificate, so returning signature verification failed");
return(false);
}
verified = SignatureValidator.CheckRevokeSubCACertificateRequestSignature(signature, subCACertificate,
issuerCACertificate);
if (verified)
{
Logger.log(
"Verified Revoke SubCA Certificate Request Signature with SubCA Certificate Issuer Public Key");
return(true);
}
Logger.log("Finished Validate Revoke SubCA Certificate Request Signature. Result :", verified);
return(verified);
}
public static void Main(string[] args)
{
if (args == null || args.Length != 1)
{
throw new ArgumentException("Expected 1 argument with zmq connection information file");
}
var conn = GetConnectionInformation(args[0]);
var signatureAlgorithm = conn.SignatureScheme.Replace("-", "").ToUpperInvariant();
var signatureValidator = new SignatureValidator(conn.Key, signatureAlgorithm);
MessageSender.Initialize(signatureValidator);
// Start the shell
new Thread(() => StartShellLoop(conn.ShellAddress, conn.IoPubAddress)).Start();
Log.Info("Shell started");
// Start the heartbeat
new Thread(() => StartHeartbeatLoop(conn.HeartbeatAddress)).Start();
Log.Info("Heartbeat started");
StopEvent.Wait();
Thread.Sleep(60000);
}
internal bool ExtractHubTwinAndVerify(TwinCollection twinDesiredProperties)
{
try
{
// Extract Desired properties
JObject desiredProperties = new JObject();
JObject twinJobject = JObject.Parse(twinDesiredProperties.ToString());
desiredProperties["routes"] = twinJobject["routes"];
desiredProperties["schemaVersion"] = twinJobject["schemaVersion"];
desiredProperties["storeAndForwardConfiguration"] = twinJobject["storeAndForwardConfiguration"];
if (desiredProperties["mqttBroker"] != null)
{
desiredProperties["mqttBroker"] = twinJobject["mqttBroker"];
}
// Check if Manifest Trust Bundle is configured
X509Certificate2 manifestTrustBundleRootCertificate;
if (!this.manifestTrustBundle.HasValue && twinJobject["integrity"] == null)
{
// Actual code path would never get here as we check enablement before this. Added for Unit test purpose only.
Events.ManifestSigningIsNotEnabled();
throw new ManifestSigningIsNotEnabledProperly("Manifest Signing is Disabled.");
}
else if (!this.manifestTrustBundle.HasValue && twinJobject["integrity"] != null)
{
Events.ManifestTrustBundleIsNotConfigured();
throw new ManifestSigningIsNotEnabledProperly("Deployment manifest is signed but the Manifest Trust bundle is not configured. Please configure in config.toml");
}
else if (this.manifestTrustBundle.HasValue && twinJobject["integrity"] == null)
{
Events.DeploymentManifestIsNotSigned();
throw new ManifestSigningIsNotEnabledProperly("Manifest Trust bundle is configured but the Deployment manifest is not signed. Please sign it.");
}
else
{
// deployment manifest is signed and also the manifest trust bundle is configured
manifestTrustBundleRootCertificate = this.manifestTrustBundle.OrDefault();
}
// Extract Integrity header section
JToken integrity = twinJobject["integrity"];
JToken header = integrity["header"];
// Extract Signer Cert section
JToken signerCertJtoken = integrity["header"]["signercert"];
string signerCombinedCert = signerCertJtoken.Aggregate(string.Empty, (res, next) => res + next);
X509Certificate2 signerCert = new X509Certificate2(Convert.FromBase64String(signerCombinedCert));
// Extract Intermediate CA Cert section
JToken intermediatecacertJtoken = integrity["header"]["intermediatecacert"];
string intermediatecacertCombinedCert = signerCertJtoken.Aggregate(string.Empty, (res, next) => res + next);
X509Certificate2 intermediatecacert = new X509Certificate2(Convert.FromBase64String(intermediatecacertCombinedCert));
// Extract Signature bytes and algorithm section
JToken signature = integrity["signature"]["bytes"];
byte[] signatureBytes = Convert.FromBase64String(signature.ToString());
JToken algo = integrity["signature"]["algorithm"];
string algoStr = algo.ToString();
KeyValuePair <string, HashAlgorithmName> algoResult = SignatureValidator.ParseAlgorithm(algoStr);
// Extract the manifest trust bundle certificate and verify chaining
bool signatureVerified = false;
using (IDisposable verificationTimer = Metrics.StartTwinSignatureTimer())
{
// Currently not verifying the chaining as Manifest signer client already does that.
// There is known bug in which the certs are not processed correctly which breaks the chaining verification.
signatureVerified = SignatureValidator.VerifySignature(desiredProperties.ToString(), header.ToString(), signatureBytes, signerCert, algoResult.Key, algoResult.Value);
}
Metrics.ReportTwinSignatureResult(signatureVerified, algoStr);
if (signatureVerified)
{
Events.ExtractHubTwinSucceeded();
}
return(signatureVerified);
}
catch (Exception ex)
{
Metrics.ReportTwinSignatureResult(false);
Events.ExtractHubTwinAndVerifyFailed(ex);
throw ex;
}
}
public void testEncoding()
{
var tuple = new StringTuple("user[email]", "*****@*****.**");
var result = new SignatureValidator().PercentEncode(tuple);
Assert.AreEqual("user%5Bemail%5D", result.Key);
Assert.AreEqual("fred%40example.com", result.Value);
}
internal bool ExtractHubTwinAndVerify(TwinCollection twinDesiredProperties)
{
try
{
// Extract Desired properties
JObject desiredProperties = new JObject();
JObject twinJobject = JObject.Parse(twinDesiredProperties.ToString());
desiredProperties["routes"] = twinJobject["routes"];
desiredProperties["schemaVersion"] = twinJobject["schemaVersion"];
desiredProperties["storeAndForwardConfiguration"] = twinJobject["storeAndForwardConfiguration"];
if (desiredProperties["mqttBroker"] != null)
{
desiredProperties["mqttBroker"] = twinJobject["mqttBroker"];
}
// Check if Manifest Trust Bundle is configured
X509Certificate2 manifestTrustBundleRootCertificate;
if (!this.manifestTrustBundle.HasValue && twinJobject["integrity"] == null)
{
// Actual code path would never get here as we check enablement before this. Added for Unit test purpose only.
Events.ManifestSigningIsNotEnabled();
throw new ManifestSigningIsNotEnabledProperly("Manifest Signing is Disabled.");
}
else if (!this.manifestTrustBundle.HasValue && twinJobject["integrity"] != null)
{
Events.ManifestTrustBundleIsNotConfigured();
throw new ManifestSigningIsNotEnabledProperly("Deployment manifest is signed but the Manifest Trust bundle is not configured. Please configure in config.toml");
}
else if (this.manifestTrustBundle.HasValue && twinJobject["integrity"] == null)
{
Events.DeploymentManifestIsNotSigned();
throw new ManifestSigningIsNotEnabledProperly("Manifest Trust bundle is configured but the Deployment manifest is not signed. Please sign it.");
}
else
{
// deployment manifest is signed and also the manifest trust bundle is configured
manifestTrustBundleRootCertificate = this.manifestTrustBundle.OrDefault();
}
// Extract Integrity header section
JToken integrity = twinJobject["integrity"];
JToken header = integrity["header"];
// Extract Signer Cert section
JToken signerCertJtoken = integrity["header"]["signercert"];
string signerCombinedCert = signerCertJtoken.Aggregate(string.Empty, (res, next) => res + next);
X509Certificate2 signerCert = new X509Certificate2(Convert.FromBase64String(signerCombinedCert));
// Extract Intermediate CA Cert section
JToken intermediatecacertJtoken = integrity["header"]["intermediatecacert"];
string intermediatecacertCombinedCert = signerCertJtoken.Aggregate(string.Empty, (res, next) => res + next);
X509Certificate2 intermediatecacert = new X509Certificate2(Convert.FromBase64String(intermediatecacertCombinedCert));
// Extract the manifest trust bundle certificate and verify chaining
if (!CertificateHelper.VerifyManifestTrustBunldeCertificateChaining(signerCert, intermediatecacert, manifestTrustBundleRootCertificate))
{
throw new ManifestTrustBundleChainingFailedException("The signer cert with or without the intermediate CA cert in the twin does not chain up to the Manifest Trust Bundle Root CA configured in the device");
}
// Extract Signature bytes and algorithm section
JToken signature = integrity["signature"]["bytes"];
byte[] signatureBytes = Convert.FromBase64String(signature.ToString());
JToken algo = integrity["signature"]["algorithm"];
KeyValuePair <string, HashAlgorithmName> algoResult = SignatureValidator.ParseAlgorithm(algo.ToString());
Events.ExtractHubTwinSucceeded();
return(SignatureValidator.VerifySignature(desiredProperties.ToString(), header.ToString(), signatureBytes, signerCert, algoResult.Key, algoResult.Value));
}
catch (Exception ex)
{
Events.ExtractHubTwinAndVerifyFailed(ex);
throw ex;
}
}
public void Validate_SignatureValid_ThrowsNoException()
{
SignatureValidator validator = new SignatureValidator(TestConfiguration.Create());
validator.Validate(new byte[] { 42 }, "aajPtaEL8oyiitLlTbSzkFCTDQ7Lr0m/89eDhe6tFx4=");
}
public SignatureValidatorIntegrationTests(CertificateIntegrationTestFixture fixture, ITestOutputHelper output)
{
_fixture = fixture ?? throw new ArgumentNullException(nameof(fixture));
_output = output ?? throw new ArgumentNullException(nameof(output));
_validationEntitiesContext = new Mock <IValidationEntitiesContext>();
_validationEntitiesContext
.Setup(x => x.PackageSigningStates)
.Returns(DbSetMockFactory.Create <PackageSigningState>());
_validationEntitiesContext
.Setup(x => x.ParentCertificates)
.Returns(DbSetMockFactory.Create <ParentCertificate>());
_validationEntitiesContext
.Setup(x => x.EndCertificates)
.Returns(DbSetMockFactory.Create <EndCertificate>());
_validationEntitiesContext
.Setup(x => x.CertificateChainLinks)
.Returns(DbSetMockFactory.Create <CertificateChainLink>());
_validationEntitiesContext
.Setup(x => x.PackageSignatures)
.Returns(DbSetMockFactory.Create <PackageSignature>());
_validationEntitiesContext
.Setup(x => x.TrustedTimestamps)
.Returns(DbSetMockFactory.Create <TrustedTimestamp>());
var loggerFactory = new LoggerFactory();
loggerFactory.AddXunit(output);
_packageSigningStateService = new PackageSigningStateService(
_validationEntitiesContext.Object,
loggerFactory.CreateLogger <PackageSigningStateService>());
_certificateStore = new Mock <ICertificateStore>();
_signaturePartsExtractor = new SignaturePartsExtractor(
_certificateStore.Object,
_validationEntitiesContext.Object,
loggerFactory.CreateLogger <SignaturePartsExtractor>());
_packageFileService = new Mock <IProcessorPackageFileService>();
_nupkgUri = new Uri("https://example-storage/TestProcessor/b777135f-1aac-4ec2-a3eb-1f64fe1880d5/nuget.versioning.4.3.0.nupkg");
_packageFileService
.Setup(x => x.GetReadAndDeleteUriAsync(It.IsAny <string>(), It.IsAny <string>(), It.IsAny <Guid>()))
.ReturnsAsync(() => _nupkgUri);
_packageFileService
.Setup(x => x.SaveAsync(It.IsAny <string>(), It.IsAny <string>(), It.IsAny <Guid>(), It.IsAny <Stream>()))
.Returns(Task.CompletedTask)
.Callback <string, string, Guid, Stream>((_, __, ___, s) =>
{
using (var memoryStream = new MemoryStream())
{
s.Position = 0;
s.CopyTo(memoryStream);
_savedPackageBytes = memoryStream.ToArray();
}
});
_corePackageService = new Mock <ICorePackageService>();
// These dependencies are concrete.
_minimalPackageSignatureVerifier = PackageSignatureVerifierFactory.CreateMinimal();
_fullPackageSignatureVerifier = PackageSignatureVerifierFactory.CreateFull();
_telemetryClient = new Mock <ITelemetryClient>();
_telemetryService = new TelemetryService(_telemetryClient.Object);
_logger = new RecordingLogger <SignatureValidator>(loggerFactory.CreateLogger <SignatureValidator>());
// Initialize data.
_packageKey = 23;
_message = new SignatureValidationMessage(
"SomePackageId",
"1.2.3",
new Uri("https://example/validation/somepackageid.1.2.3.nupkg"),
new Guid("8eb5affc-2d0e-4315-9b79-5a194d39ebd1"));
_token = CancellationToken.None;
// Initialize the subject of testing.
_target = new SignatureValidator(
_packageSigningStateService,
_minimalPackageSignatureVerifier,
_fullPackageSignatureVerifier,
_signaturePartsExtractor,
_packageFileService.Object,
_corePackageService.Object,
_telemetryService,
_logger);
}
private static bool AreSignaturesValidatorsEqual(SignatureValidator validator1, SignatureValidator validator2, CompareContext context)
{
var localContext = new CompareContext(context);
ContinueCheckingEquality(validator1, validator2, context);
return(context.Merge(localContext));
}
public ValidateAsync(ITestOutputHelper output)
{
_packageStream = TestResources.GetResourceStream(TestResources.UnsignedPackage);
_packageKey = 42;
_message = new SignatureValidationMessage(
"NuGet.Versioning",
"4.3.0",
new Uri("https://example/nuget.versioning.4.3.0.nupkg"),
new Guid("b777135f-1aac-4ec2-a3eb-1f64fe1880d5"));
_cancellationToken = CancellationToken.None;
_packageSigningStateService = new Mock <IPackageSigningStateService>();
_formatValidator = new Mock <ISignatureFormatValidator>();
_minimalVerifyResult = new VerifySignaturesResult(isValid: true, isSigned: true);
_formatValidator
.Setup(x => x.ValidateMinimalAsync(It.IsAny <ISignedPackageReader>(), It.IsAny <CancellationToken>()))
.ReturnsAsync(() => _minimalVerifyResult);
_fullVerifyResult = new VerifySignaturesResult(isValid: true, isSigned: true);
_formatValidator
.Setup(x => x.ValidateAllSignaturesAsync(It.IsAny <ISignedPackageReader>(), It.IsAny <bool>(), It.IsAny <CancellationToken>()))
.ReturnsAsync(() => _fullVerifyResult);
_authorSignatureVerifyResult = new VerifySignaturesResult(isValid: true, isSigned: true);
_formatValidator
.Setup(x => x.ValidateAuthorSignatureAsync(It.IsAny <ISignedPackageReader>(), It.IsAny <CancellationToken>()))
.ReturnsAsync(() => _authorSignatureVerifyResult);
_repositorySignatureVerifyResult = new VerifySignaturesResult(isValid: true, isSigned: true);
_formatValidator
.Setup(x => x.ValidateRepositorySignatureAsync(It.IsAny <ISignedPackageReader>(), It.IsAny <CancellationToken>()))
.ReturnsAsync(() => _repositorySignatureVerifyResult);
_signaturePartsExtractor = new Mock <ISignaturePartsExtractor>();
_corePackageService = new Mock <ICorePackageService>();
var loggerFactory = new LoggerFactory().AddXunit(output);
_logger = loggerFactory.CreateLogger <SignatureValidator>();
_packageFileService = new Mock <IProcessorPackageFileService>();
_nupkgUri = new Uri("https://example-storage/TestProcessor/b777135f-1aac-4ec2-a3eb-1f64fe1880d5/nuget.versioning.4.3.0.nupkg");
_packageFileService
.Setup(x => x.GetReadAndDeleteUriAsync(It.IsAny <string>(), It.IsAny <string>(), It.IsAny <Guid>()))
.ReturnsAsync(() => _nupkgUri);
_optionsSnapshot = new Mock <IOptionsSnapshot <ProcessSignatureConfiguration> >();
_configuration = new ProcessSignatureConfiguration
{
AllowedRepositorySigningCertificates = new List <string> {
"fake-thumbprint"
},
V3ServiceIndexUrl = TestResources.V3ServiceIndexUrl,
StripValidRepositorySignatures = false,
};
_optionsSnapshot.Setup(x => x.Value).Returns(() => _configuration);
_telemetryService = new Mock <ITelemetryService>();
_target = new SignatureValidator(
_packageSigningStateService.Object,
_formatValidator.Object,
_signaturePartsExtractor.Object,
_packageFileService.Object,
_corePackageService.Object,
_optionsSnapshot.Object,
_telemetryService.Object,
_logger);
}
static void Main()
{
// Initialize & Check if the given signer cert is issued by root CA
try
{
// Check launch settings and display it
CheckInputAndDisplayLaunchSettings();
// Verify certificate chaining
if (!VerifyCertificate())
{
throw new Exception("Please provide a signer cert issued by the given root CA");
}
}
catch (Exception e)
{
Console.WriteLine(e.ToString());
Environment.Exit(0);
}
// Read the deployment manifest file and get signature of each modules's desired properties
try
{
var manifestFileHandle = File.OpenText(DeploymentManifestFilePath);
var deploymentManifestContentJson = JObject.Parse(manifestFileHandle.ReadToEnd());
if (deploymentManifestContentJson["modulesContent"] != null)
{
// Get the DSA and SHA algorithm
KeyValuePair <string, HashAlgorithmName> algoResult = SignatureValidator.ParseAlgorithm(DsaAlgorithm.ToString());
// Read the signer certificate and manifest version number and create integrity header object
var header = GetIntegrityHeader(SignerCertPath);
// Read each module's content and its desired properties
var modulesContentJson = deploymentManifestContentJson["modulesContent"];
JObject modulesContentJobject = JObject.Parse(modulesContentJson.ToString());
foreach (JProperty property in modulesContentJobject.Properties())
{
if (modulesContentJson[property.Name] != null)
{
if (modulesContentJson[property.Name]["properties.desired"] != null)
{
var modulesDesired = modulesContentJson[property.Name]["properties.desired"];
var moduleName = property.Name.ToString();
if (moduleName != "$edgeAgent" && moduleName != "$edgeHub")
{
Console.WriteLine($"Do you want to sign the desired properties of the module - {moduleName}? - Type Y or N to continue");
Console.WriteLine("!!! Important Note !!! - If the module's desired properties are signed then the module's application code has to be rewritten to verify signatures");
string userSigningChoice = Console.ReadLine();
if (userSigningChoice != "Y" && userSigningChoice != "y")
{
Console.WriteLine($"{moduleName} will not be signed");
continue;
}
}
Console.WriteLine($"Signing Module: {property.Name}");
object signature = new
{
bytes = CertificateUtil.GetJsonSignature(algoResult.Key, algoResult.Value, modulesDesired.ToString(), header, SignerPrivateKeyPath),
algorithm = DsaAlgorithm
};
deploymentManifestContentJson["modulesContent"][property.Name]["properties.desired"]["integrity"] = JObject.FromObject(new { header, signature });
}
else
{
throw new Exception($"Could not find {property.Name}'s desired properties in the manifest file");
}
}
else
{
throw new Exception($"Could not find {property.Name} in the manifest file");
}
}
using var signedDeploymentfile = File.CreateText(SignedDeploymentManifestFilePath);
signedDeploymentfile.Write(deploymentManifestContentJson);
}
else
{
throw new Exception("Could not find modulesContent in the manifest file");
}
}
catch (Exception e)
{
Console.WriteLine(e.ToString());
Environment.Exit(0);
}
}
public static void Initialize(SignatureValidator signatureValidator)
{
_signatureValidator = signatureValidator;
}
public static void VerifySignatureTest(bool expectedResult, string payload, string header, byte[] signatureBytes, X509Certificate2 signerCert, string algorithmScheme, HashAlgorithmName hashAlgorithm)
{
var actualResult = SignatureValidator.VerifySignature(payload, header, signatureBytes, signerCert, algorithmScheme, hashAlgorithm);
Assert.Equal(actualResult, expectedResult);
}
protected async Task RunTest(BlockchainTest test, Stopwatch stopwatch = null)
{
Assert.IsNull(test.LoadFailure, "test data loading failure");
// TODO: not supported in .NET Core, need to replace?
// LoggingTraceListener traceListener = new LoggingTraceListener();
// Debug.Listeners.Clear();
// Debug.Listeners.Add(traceListener);
ISnapshotableDb stateDb = new StateDb();
ISnapshotableDb codeDb = new StateDb();
IDb traceDb = new MemDb();
StateTree stateTree = new StateTree(stateDb);
ISpecProvider specProvider;
if (test.NetworkAfterTransition != null)
{
specProvider = new CustomSpecProvider(
(0, Frontier.Instance),
(1, test.Network),
(test.TransitionBlockNumber, test.NetworkAfterTransition));
}
else
{
specProvider = new CustomSpecProvider(
(0, Frontier.Instance), // TODO: this thing took a lot of time to find after it was removed!, genesis block is always initialized with Frontier
(1, test.Network));
}
if (specProvider.GenesisSpec != Frontier.Instance)
{
Assert.Fail("Expected genesis spec to be Frontier for blockchain tests");
}
DifficultyCalculator.Wrapped = new DifficultyCalculator(specProvider);
IRewardCalculator rewardCalculator = new RewardCalculator(specProvider);
IEthereumSigner signer = new EthereumSigner(specProvider, _logManager);
ITransactionPool transactionPool = new TransactionPool(NullTransactionStorage.Instance,
new PendingTransactionThresholdValidator(), new Timestamp(), signer, _logManager);
IReceiptStorage receiptStorage = NullReceiptStorage.Instance;
IBlockTree blockTree = new BlockTree(new MemDb(), new MemDb(), specProvider, transactionPool, _logManager);
IBlockhashProvider blockhashProvider = new BlockhashProvider(blockTree);
ISignatureValidator signatureValidator = new SignatureValidator(ChainId.MainNet);
ITransactionValidator transactionValidator = new TransactionValidator(signatureValidator);
IHeaderValidator headerValidator = new HeaderValidator(blockTree, SealEngine, specProvider, _logManager);
IOmmersValidator ommersValidator = new OmmersValidator(blockTree, headerValidator, _logManager);
IBlockValidator blockValidator = new BlockValidator(transactionValidator, headerValidator, ommersValidator, specProvider, _logManager);
IStateProvider stateProvider = new StateProvider(stateTree, codeDb, _logManager);
IStorageProvider storageProvider = new StorageProvider(stateDb, stateProvider, _logManager);
IVirtualMachine virtualMachine = new VirtualMachine(
stateProvider,
storageProvider,
blockhashProvider,
_logManager);
IBlockProcessor blockProcessor = new BlockProcessor(
specProvider,
blockValidator,
rewardCalculator,
new TransactionProcessor(
specProvider,
stateProvider,
storageProvider,
virtualMachine,
_logManager),
stateDb,
codeDb,
traceDb,
stateProvider,
storageProvider,
transactionPool,
receiptStorage,
_logManager);
IBlockchainProcessor blockchainProcessor = new BlockchainProcessor(
blockTree,
blockProcessor,
new TxSignaturesRecoveryStep(signer, NullTransactionPool.Instance),
_logManager,
false,
false);
InitializeTestState(test, stateProvider, storageProvider, specProvider);
List <(Block Block, string ExpectedException)> correctRlpsBlocks = new List <(Block, string)>();
for (int i = 0; i < test.Blocks.Length; i++)
{
try
{
TestBlockJson testBlockJson = test.Blocks[i];
var rlpContext = Bytes.FromHexString(testBlockJson.Rlp).AsRlpContext();
Block suggestedBlock = Rlp.Decode <Block>(rlpContext);
suggestedBlock.Header.SealEngineType = test.SealEngineUsed ? SealEngineType.Ethash : SealEngineType.None;
Assert.AreEqual(new Keccak(testBlockJson.BlockHeader.Hash), suggestedBlock.Header.Hash, "hash of the block");
for (int ommerIndex = 0; ommerIndex < suggestedBlock.Ommers.Length; ommerIndex++)
{
Assert.AreEqual(new Keccak(testBlockJson.UncleHeaders[ommerIndex].Hash), suggestedBlock.Ommers[ommerIndex].Hash, "hash of the ommer");
}
correctRlpsBlocks.Add((suggestedBlock, testBlockJson.ExpectedException));
}
catch (Exception)
{
_logger?.Info($"Invalid RLP ({i})");
}
}
if (correctRlpsBlocks.Count == 0)
{
Assert.AreEqual(new Keccak(test.GenesisBlockHeader.Hash), test.LastBlockHash);
return;
}
if (test.GenesisRlp == null)
{
test.GenesisRlp = Rlp.Encode(new Block(Convert(test.GenesisBlockHeader)));
}
Block genesisBlock = Rlp.Decode <Block>(test.GenesisRlp.Bytes);
Assert.AreEqual(new Keccak(test.GenesisBlockHeader.Hash), genesisBlock.Header.Hash, "genesis header hash");
ManualResetEvent genesisProcessed = new ManualResetEvent(false);
blockTree.NewHeadBlock += (sender, args) =>
{
if (args.Block.Number == 0)
{
Assert.AreEqual(genesisBlock.Header.StateRoot, stateTree.RootHash, "genesis state root");
genesisProcessed.Set();
}
};
blockchainProcessor.Start();
blockTree.SuggestBlock(genesisBlock);
genesisProcessed.WaitOne();
for (int i = 0; i < correctRlpsBlocks.Count; i++)
{
stopwatch?.Start();
try
{
if (correctRlpsBlocks[i].ExpectedException != null)
{
_logger.Info($"Expecting block exception: {correctRlpsBlocks[i].ExpectedException}");
}
if (correctRlpsBlocks[i].Block.Hash == null)
{
throw new Exception($"null hash in {test.Name} block {i}");
}
// TODO: mimic the actual behaviour where block goes through validating sync manager?
if (!test.SealEngineUsed || blockValidator.ValidateSuggestedBlock(correctRlpsBlocks[i].Block))
{
blockTree.SuggestBlock(correctRlpsBlocks[i].Block);
}
else
{
Console.WriteLine("Invalid block");
}
}
catch (InvalidBlockException)
{
}
catch (Exception ex)
{
_logger?.Info(ex.ToString());
}
}
await blockchainProcessor.StopAsync(true);
stopwatch?.Stop();
List <string> differences = RunAssertions(test, blockTree.RetrieveHeadBlock(), storageProvider, stateProvider);
// if (differences.Any())
// {
// BlockTrace blockTrace = blockchainProcessor.TraceBlock(blockTree.BestSuggested.Hash);
// _logger.Info(new UnforgivingJsonSerializer().Serialize(blockTrace, true));
// }
Assert.Zero(differences.Count, "differences");
}
protected async Task RunTest(BlockchainTest test, Stopwatch stopwatch = null)
{
LoggingTraceListener traceListener = new LoggingTraceListener();
// TODO: not supported in .NET Core, need to replace?
// Debug.Listeners.Clear();
// Debug.Listeners.Add(traceListener);
IDbProvider dbProvider = new MemDbProvider(_logManager);
StateTree stateTree = new StateTree(dbProvider.GetOrCreateStateDb());
ISpecProvider specProvider;
if (test.NetworkAfterTransition != null)
{
specProvider = new CustomSpecProvider(
(0, Frontier.Instance),
(1, test.Network),
(test.TransitionBlockNumber, test.NetworkAfterTransition));
}
else
{
specProvider = new CustomSpecProvider(
(0, Frontier.Instance), // TODO: this thing took a lot of time to find after it was removed!, genesis block is always initialized with Frontier
(1, test.Network));
}
if (specProvider.GenesisSpec != Frontier.Instance)
{
Assert.Fail("Expected genesis spec to be Frontier for blockchain tests");
}
IDifficultyCalculator difficultyCalculator = new DifficultyCalculator(specProvider);
IRewardCalculator rewardCalculator = new RewardCalculator(specProvider);
IBlockTree blockTree = new BlockTree(new MemDb(), new MemDb(), new MemDb(), specProvider, _logManager);
IBlockhashProvider blockhashProvider = new BlockhashProvider(blockTree);
ISignatureValidator signatureValidator = new SignatureValidator(ChainId.MainNet);
ITransactionValidator transactionValidator = new TransactionValidator(signatureValidator);
IHeaderValidator headerValidator = new HeaderValidator(difficultyCalculator, blockTree, SealEngine, specProvider, _logManager);
IOmmersValidator ommersValidator = new OmmersValidator(blockTree, headerValidator, _logManager);
IBlockValidator blockValidator = new BlockValidator(transactionValidator, headerValidator, ommersValidator, specProvider, _logManager);
IStateProvider stateProvider = new StateProvider(stateTree, dbProvider.GetOrCreateCodeDb(), _logManager);
IStorageProvider storageProvider = new StorageProvider(dbProvider, stateProvider, _logManager);
IVirtualMachine virtualMachine = new VirtualMachine(
stateProvider,
storageProvider,
blockhashProvider,
_logManager);
ISealEngine sealEngine = new EthashSealEngine(new Ethash(_logManager), _logManager);
ITransactionStore transactionStore = new TransactionStore();
IEthereumSigner signer = new EthereumSigner(specProvider, _logManager);
IBlockProcessor blockProcessor = new BlockProcessor(
specProvider,
blockValidator,
rewardCalculator,
new TransactionProcessor(
specProvider,
stateProvider,
storageProvider,
virtualMachine,
NullTracer.Instance,
_logManager),
dbProvider,
stateProvider,
storageProvider,
transactionStore,
_logManager);
IBlockchainProcessor blockchainProcessor = new BlockchainProcessor(blockTree,
sealEngine,
transactionStore, difficultyCalculator, blockProcessor, signer, _logManager);
InitializeTestState(test, stateProvider, storageProvider, specProvider);
List <(Block Block, string ExpectedException)> correctRlpsBlocks = new List <(Block, string)>();
for (int i = 0; i < test.Blocks.Length; i++)
{
try
{
TestBlockJson testBlockJson = test.Blocks[i];
var rlpContext = Hex.ToBytes(testBlockJson.Rlp).AsRlpContext();
Block suggestedBlock = Rlp.Decode <Block>(rlpContext);
Assert.AreEqual(new Keccak(testBlockJson.BlockHeader.Hash), suggestedBlock.Header.Hash, "hash of the block");
for (int ommerIndex = 0; ommerIndex < suggestedBlock.Ommers.Length; ommerIndex++)
{
Assert.AreEqual(new Keccak(testBlockJson.UncleHeaders[ommerIndex].Hash), suggestedBlock.Ommers[ommerIndex].Hash, "hash of the ommer");
}
correctRlpsBlocks.Add((suggestedBlock, testBlockJson.ExpectedException));
}
catch (Exception e)
{
_logger?.Info($"Invalid RLP ({i})");
}
}
if (correctRlpsBlocks.Count == 0)
{
Assert.AreEqual(new Keccak(test.GenesisBlockHeader.Hash), test.LastBlockHash);
return;
}
if (test.GenesisRlp == null)
{
test.GenesisRlp = Rlp.Encode(new Block(Convert(test.GenesisBlockHeader)));
}
Block genesisBlock = Rlp.Decode <Block>(test.GenesisRlp.Bytes);
Assert.AreEqual(new Keccak(test.GenesisBlockHeader.Hash), genesisBlock.Header.Hash, "genesis header hash");
blockTree.NewHeadBlock += (sender, args) =>
{
if (args.Block.Number == 0)
{
Assert.AreEqual(genesisBlock.Header.StateRoot, stateTree.RootHash, "genesis state root");
}
};
blockchainProcessor.Start();
blockTree.SuggestBlock(genesisBlock);
for (int i = 0; i < correctRlpsBlocks.Count; i++)
{
stopwatch?.Start();
try
{
if (correctRlpsBlocks[i].ExpectedException != null)
{
_logger.Info($"Expecting block exception: {correctRlpsBlocks[i].ExpectedException}");
}
if (correctRlpsBlocks[i].Block.Hash == null)
{
throw new Exception($"null hash in {test.Name} block {i}");
}
// TODO: mimic the actual behaviour where block goes through validating sync manager?
if (blockValidator.ValidateSuggestedBlock(correctRlpsBlocks[i].Block))
{
blockTree.SuggestBlock(correctRlpsBlocks[i].Block);
}
else
{
Console.WriteLine("Invalid block");
}
}
catch (InvalidBlockException ex)
{
}
catch (Exception ex)
{
_logger?.Info(ex.ToString());
}
}
await blockchainProcessor.StopAsync(true);
stopwatch?.Stop();
RunAssertions(test, blockTree.RetrieveHeadBlock(), storageProvider, stateProvider);
}
public void ShouldNotThrowExceptionWhenSignatureIsValid()
{
SignatureValidator validator = new SignatureValidator(TestConfiguration.Create());
validator.Validate(new byte[] { 42 }, "aajPtaEL8oyiitLlTbSzkFCTDQ7Lr0m/89eDhe6tFx4=");
}
public static bool ReportFraud(byte[] fraudId, byte[] fakeButValidCertificateBytes,
byte[] fakeButValidCertificateHash,
byte[] signerCertificateBytes, byte[] signerCertificateBytesHash, byte[] signature)
{
Certificate fakeButValidCertificate = CertificateParser.Parse(fakeButValidCertificateBytes);
if (!fakeButValidCertificate.IsLoaded)
{
Logger.log("Can not parse Fake But Valid SSL Certificate");
return(false);
}
EndEntityCertificateEntry fakeButValidCertificateEntry =
CertificateStorageManager.RetrieveEndEntityCertificateFromStorage(fakeButValidCertificateHash);
if (fakeButValidCertificateEntry.CertificateValue == null)
{
Logger.log("Can not find Fake But Valid SSL Certificate");
return(false);
}
if (fakeButValidCertificateEntry.IsRevoked)
{
Logger.log("Fake But Valid SSL Certificate is revoked before");
return(false);
}
Certificate signerCertificate = CertificateParser.Parse(signerCertificateBytes);
if (!signerCertificate.IsLoaded)
{
Logger.log("Can not parse Signer Certificate");
return(false);
}
var signerCertificateContainFakeButValidCertificateDnsEntry =
checkDnsValues(fakeButValidCertificate, signerCertificate);
if (!signerCertificateContainFakeButValidCertificateDnsEntry)
{
Logger.log("Signer Certificate Does not contain required DNS value");
return(false);
}
Logger.log("Starting Validate Signature For Report Fraud Request");
bool signatureValidationResult =
SignatureValidator.CheckReportFraudRequestSignature(signature, fakeButValidCertificate,
signerCertificate);
if (!signatureValidationResult)
{
Logger.log("Report Fraud Request signature Invalid");
return(false);
}
Logger.log("Validated Signature For Report Fraud Request");
FraudStorageManager.AddFraudReportToStorage(fraudId, signerCertificateBytes, fakeButValidCertificateHash);
//todo: add fraud notification after log infrastructure fixed
return(true);
}
