C# Class Brunet.Security.PeerSec.PeerSecOverlord

This is the brains of the operation. User code can ask for a Secure Sender for a given sender, this will return one and begin the process of securing the sender. Sending over a sender is only secure if it is done throug the secure sender. On the other side, the user should ensure that the packet was sent via a secure sender at some point in the stack.

Inheritance: SecurityOverlord, IReplyHandler

Datei anzeigen Open project: pstjuste/brunet Class Usage Examples

Public Properties

Property	Type	Description
CookieLength	int
EmptyCookie	MemBlock
SecureControl	PType
SecureData	PType
Security	PType
Version	int

Protected Properties

Property	Type	Description
_cookie	byte[]
_last_heartbeat	System.DateTime
_private_key_lock	object
_rand	System.Random
_rrman	ReqrepManager
_spi	Dictionary>

Public Methods

Method	Description
CalculateCookie ( object o ) : MemBlock	We take in an object, take its hash code, concatenate it to our cookie, then sha hash the resulting value, creating the remote cookie.
CheckForSecurityAssociation ( ISender sender ) : Brunet.SecurityAssociation
CreateSecurityAssociation ( ISender Sender, int SPI ) : PeerSecAssociation	This (idempotently) returns a new SecurityAssociation for the specified sender using the specified SPI and starts it if requested to.
CreateSecurityAssociation ( ISender Sender ) : Brunet.SecurityAssociation	This (idempotently) returns a new SecurityAssociation for the specified sender using the default SPI and starts it if requested to.
HandleData ( MemBlock data, ISender return_path, object state ) : void	All messages for the SecurityOverlord come through this loop. It demuxes between Security, SecureData, and SecureControl packets, while the remaining packets are left to the default handler.
HandleError ( ReqrepManager man, int message_number, ReqrepManager err, ISender returnpath, object state ) : void	If the request really failed, we'll have to close the SA.
HandleReply ( ReqrepManager man, ReqrepManager rt, int mid, PType prot, MemBlock payload, ISender returnpath, ReqrepManager statistics, object state ) : bool	This better be a SecureControl message!
PeerSecOverlord ( RSACryptoServiceProvider rsa, Brunet.CertificateHandler ch, ReqrepManager rrman ) : Brunet

Protected Methods

Method	Description
CreateSecurityAssociation ( ISender Sender, int SPI, bool start ) : PeerSecAssociation	This (idempotently) returns a new SecurityAssociation for the specified sender using the specified SA.
HandleControl ( MemBlock b, ISender return_path ) : void	This is the control state machine. There are three paths in the state machine, iniator, receiver, and bidirectional. The bidirectional case occurs when two remote ISenders that are matched together initiate a handshake at the same time, otherwise the initiator /receiver pattern is followed. The high level overview for the states are: 1a) Send a Cookie 1b) Receive a Cookie which responds with a CookieResponse 2a) Receive a CookieResponse that contains a list of CAs, if you have a Certificate that supports one of the CAs send it along with a DHE and a list of your supported CAs in a DHEWithCertificateAndCAs. 2b) Receive a DHEWithCertificateAndCAs, verify the certificate and attempt to find a matching Certificate for the list of CAs, if you find one, finish the DHE handshake and send the certificate via a DHEWithCertificate 3a) Receive a DHEWithCertificate, verify the certificate and DHE and send a Confirm that you are ready to Verify the stack and start the system. 3b) Receive a Confirm, verify the entire stack and send a Confirm 4a)Receive a Confirm, verify the entire stack and all set to go
HandleControlConfirm ( PeerSecAssociation sa, SecurityControlMessage scm, SecurityControlMessage scm_reply, ISender return_path, ISender low_level_sender ) : void	3b) Receive a Confirm, verify the entire stack and send a Confirm 4a)Receive a Confirm, verify the entire stack and all set to go
HandleControlCookie ( PeerSecAssociation sa, MemBlock calc_cookie, SecurityControlMessage scm, SecurityControlMessage scm_reply, ISender return_path, ISender low_level_sender ) : void	1b) Receive a Cookie which responds with a CookieResponse
HandleControlCookieResponse ( PeerSecAssociation sa, SecurityControlMessage scm, SecurityControlMessage scm_reply, ISender return_path, ISender low_level_sender ) : void	2a) Receive a CookieResponse that contains a list of CAs, if you have a Certificate that supports one of the CAs send it along with a DHE and a list of your supported CAs in a DHEWithCertificateAndCAs.
HandleControlDHEWithCertificate ( PeerSecAssociation sa, SecurityControlMessage scm, SecurityControlMessage scm_reply, ISender return_path, ISender low_level_sender ) : void	3a) Receive a DHEWithCertificate, verify the certificate and DHE and send a Confirm that you are ready to Verify the stack and start the system.
HandleControlDHEWithCertificateAndCAs ( PeerSecAssociation sa, SecurityControlMessage scm, SecurityControlMessage scm_reply, ISender return_path, ISender low_level_sender ) : void	2b) Receive a DHEWithCertificateAndCAs, verify the certificate and attempt to find a matching Certificate for the list of CAs, if you find one, finish the DHE handshake and send the certificate via a DHEWithCertificate
HandleControlNoSuchSA ( PeerSecAssociation sa ) : void	1a) Send a Cookie
HandleData ( MemBlock b, ISender return_path ) : void	This is SecureData that needs to get to an SA.
NoSuchSA ( int spi, ISender remote_sender ) : void	After a restart of the Security system, one guy may think we still have an association and there will be no way for him to know that our side is broken, unless we notify him as such. We notify him by sending this packet. How he deals with that is up to him.
RemoveSA ( Brunet.SecurityAssociation sa ) : void	Removes the specified SA from our database.
SARequestUpdate ( object o, EventArgs ea ) : void	When an SA wants to be updated, we instigate a new Security exchange.
StartSA ( PeerSecAssociation sa ) : void	This begins the SecurityAssociation exchange protocol over the specified SecurityAssociation.

Private Methods

Method	Description
PeerSecOverlord ( ) : Brunet

Method Details

CalculateCookie() public method

We take in an object, take its hash code, concatenate it to our cookie, then sha hash the resulting value, creating the remote cookie.

public CalculateCookie ( object o ) : MemBlock
o	object
return	MemBlock

CheckForSecurityAssociation() public method

public CheckForSecurityAssociation ( ISender sender ) : Brunet.SecurityAssociation
sender	ISender
return	Brunet.SecurityAssociation

CreateSecurityAssociation() public method

This (idempotently) returns a new SecurityAssociation for the specified sender using the specified SPI and starts it if requested to.

public CreateSecurityAssociation ( ISender Sender, int SPI ) : PeerSecAssociation
Sender	ISender
SPI	int
return	PeerSecAssociation

CreateSecurityAssociation() protected method

This (idempotently) returns a new SecurityAssociation for the specified sender using the specified SA.

protected CreateSecurityAssociation ( ISender Sender, int SPI, bool start ) : PeerSecAssociation
Sender	ISender
SPI	int
start	bool
return	PeerSecAssociation

CreateSecurityAssociation() public method

This (idempotently) returns a new SecurityAssociation for the specified sender using the default SPI and starts it if requested to.

public CreateSecurityAssociation ( ISender Sender ) : Brunet.SecurityAssociation
Sender	ISender
return	Brunet.SecurityAssociation

HandleControl() protected method

This is the control state machine. There are three paths in the state machine, iniator, receiver, and bidirectional. The bidirectional case occurs when two remote ISenders that are matched together initiate a handshake at the same time, otherwise the initiator /receiver pattern is followed. The high level overview for the states are: 1a) Send a Cookie 1b) Receive a Cookie which responds with a CookieResponse 2a) Receive a CookieResponse that contains a list of CAs, if you have a Certificate that supports one of the CAs send it along with a DHE and a list of your supported CAs in a DHEWithCertificateAndCAs. 2b) Receive a DHEWithCertificateAndCAs, verify the certificate and attempt to find a matching Certificate for the list of CAs, if you find one, finish the DHE handshake and send the certificate via a DHEWithCertificate 3a) Receive a DHEWithCertificate, verify the certificate and DHE and send a Confirm that you are ready to Verify the stack and start the system. 3b) Receive a Confirm, verify the entire stack and send a Confirm 4a)Receive a Confirm, verify the entire stack and all set to go

protected HandleControl ( MemBlock b, ISender return_path ) : void
b	MemBlock
return_path	ISender
return	void

HandleControlConfirm() protected method

3b) Receive a Confirm, verify the entire stack and send a Confirm 4a)Receive a Confirm, verify the entire stack and all set to go

protected HandleControlConfirm ( PeerSecAssociation sa, SecurityControlMessage scm, SecurityControlMessage scm_reply, ISender return_path, ISender low_level_sender ) : void
sa	PeerSecAssociation	A security association that we wish to perform the /// specified control operation on.
scm	SecurityControlMessage	The received SecurityControlMessage.
scm_reply	SecurityControlMessage	A prepared reply message (with headers and such.
return_path	ISender	Where to send the result.
low_level_sender	ISender	We expect the return_path to not be an edge or /// some other type of "low level" sender, so this contains the parsed out value.
return	void

HandleControlCookie() protected method

1b) Receive a Cookie which responds with a CookieResponse

protected HandleControlCookie ( PeerSecAssociation sa, MemBlock calc_cookie, SecurityControlMessage scm, SecurityControlMessage scm_reply, ISender return_path, ISender low_level_sender ) : void
sa	PeerSecAssociation	A security association that we wish to perform the /// specified control operation on.
calc_cookie	MemBlock	Cookie value for the association sender.
scm	SecurityControlMessage	The received SecurityControlMessage.
scm_reply	SecurityControlMessage	A prepared reply message (with headers and such.
return_path	ISender	Where to send the result.
low_level_sender	ISender	We expect the return_path to not be an edge or /// some other type of "low level" sender, so this contains the parsed out value.
return	void

HandleControlCookieResponse() protected method

2a) Receive a CookieResponse that contains a list of CAs, if you have a Certificate that supports one of the CAs send it along with a DHE and a list of your supported CAs in a DHEWithCertificateAndCAs.

protected HandleControlCookieResponse ( PeerSecAssociation sa, SecurityControlMessage scm, SecurityControlMessage scm_reply, ISender return_path, ISender low_level_sender ) : void
sa	PeerSecAssociation	A security association that we wish to perform the /// specified control operation on.
scm	SecurityControlMessage	The received SecurityControlMessage.
scm_reply	SecurityControlMessage	A prepared reply message (with headers and such.
return_path	ISender	Where to send the result.
low_level_sender	ISender	We expect the return_path to not be an edge or /// some other type of "low level" sender, so this contains the parsed out value.
return	void

HandleControlDHEWithCertificate() protected method

3a) Receive a DHEWithCertificate, verify the certificate and DHE and send a Confirm that you are ready to Verify the stack and start the system.

protected HandleControlDHEWithCertificate ( PeerSecAssociation sa, SecurityControlMessage scm, SecurityControlMessage scm_reply, ISender return_path, ISender low_level_sender ) : void
sa	PeerSecAssociation	A security association that we wish to perform the /// specified control operation on.
scm	SecurityControlMessage	The received SecurityControlMessage.
scm_reply	SecurityControlMessage	A prepared reply message (with headers and such.
return_path	ISender	Where to send the result.
low_level_sender	ISender	We expect the return_path to not be an edge or /// some other type of "low level" sender, so this contains the parsed out value.
return	void

HandleControlDHEWithCertificateAndCAs() protected method

2b) Receive a DHEWithCertificateAndCAs, verify the certificate and attempt to find a matching Certificate for the list of CAs, if you find one, finish the DHE handshake and send the certificate via a DHEWithCertificate

protected HandleControlDHEWithCertificateAndCAs ( PeerSecAssociation sa, SecurityControlMessage scm, SecurityControlMessage scm_reply, ISender return_path, ISender low_level_sender ) : void
sa	PeerSecAssociation	A security association that we wish to perform the /// specified control operation on.
scm	SecurityControlMessage	The received SecurityControlMessage.
scm_reply	SecurityControlMessage	A prepared reply message (with headers and such.
return_path	ISender	Where to send the result.
low_level_sender	ISender	We expect the return_path to not be an edge or /// some other type of "low level" sender, so this contains the parsed out value.
return	void

HandleControlNoSuchSA() protected method

1a) Send a Cookie

protected HandleControlNoSuchSA ( PeerSecAssociation sa ) : void
sa	PeerSecAssociation	A security association that we wish to perform the /// specified control operation on.
return	void

HandleData() protected method

This is SecureData that needs to get to an SA.

protected HandleData ( MemBlock b, ISender return_path ) : void
b	MemBlock
return_path	ISender
return	void

HandleData() public method

All messages for the SecurityOverlord come through this loop. It demuxes between Security, SecureData, and SecureControl packets, while the remaining packets are left to the default handler.

public HandleData ( MemBlock data, ISender return_path, object state ) : void
data	MemBlock
return_path	ISender
state	object
return	void

HandleError() public method

If the request really failed, we'll have to close the SA.

public HandleError ( ReqrepManager man, int message_number, ReqrepManager err, ISender returnpath, object state ) : void
man	ReqrepManager
message_number	int
err	ReqrepManager
returnpath	ISender
state	object
return	void

HandleReply() public method

This better be a SecureControl message!

public HandleReply ( ReqrepManager man, ReqrepManager rt, int mid, PType prot, MemBlock payload, ISender returnpath, ReqrepManager statistics, object state ) : bool
man	ReqrepManager
rt	ReqrepManager
mid	int
prot	PType
payload	MemBlock
returnpath	ISender
statistics	ReqrepManager
state	object
return	bool

NoSuchSA() protected method

After a restart of the Security system, one guy may think we still have an association and there will be no way for him to know that our side is broken, unless we notify him as such. We notify him by sending this packet. How he deals with that is up to him.

protected NoSuchSA ( int spi, ISender remote_sender ) : void
spi	int
remote_sender	ISender
return	void

PeerSecOverlord() public method

public PeerSecOverlord ( RSACryptoServiceProvider rsa, Brunet.CertificateHandler ch, ReqrepManager rrman ) : Brunet
rsa	System.Security.Cryptography.RSACryptoServiceProvider
ch	Brunet.CertificateHandler
rrman	ReqrepManager
return	Brunet

RemoveSA() protected method

Removes the specified SA from our database.

protected RemoveSA ( Brunet.SecurityAssociation sa ) : void
sa	Brunet.SecurityAssociation
return	void

SARequestUpdate() protected method

When an SA wants to be updated, we instigate a new Security exchange.

protected SARequestUpdate ( object o, EventArgs ea ) : void
o	object
ea	System.EventArgs
return	void

StartSA() protected method

This begins the SecurityAssociation exchange protocol over the specified SecurityAssociation.

protected StartSA ( PeerSecAssociation sa ) : void
sa	PeerSecAssociation
return	void

Property Details

CookieLength public_oe static_oe property

The length used for the cookies.

public static int CookieLength
return	int

EmptyCookie public_oe static_oe property

A quickly referenceable null (0) cookie.

public static MemBlock EmptyCookie
return	MemBlock

SecureControl public_oe static_oe property

A control packet handled by the SecurityOverlord.

public static PType SecureControl
return	PType

SecureData public_oe static_oe property

A data packet to be handled by the SecurityAssociations.

public static PType SecureData
return	PType

Security public_oe static_oe property

Since we may receive packets from an external MultiSource, all security packets are prepended with this ptype.

public static PType Security
return	PType

Version public_oe static_oe property

Security implementations version number.

public static int Version
return	int

_cookie protected_oe property

protected byte[] _cookie
return	byte[]

_last_heartbeat protected_oe property

protected DateTime,System _last_heartbeat
return	System.DateTime

_private_key_lock protected_oe property

protected object _private_key_lock
return	object

_rand protected_oe property

protected Random,System _rand
return	System.Random

_rrman protected_oe property

protected ReqrepManager _rrman
return	ReqrepManager

_spi protected_oe property

protected Dictionary> _spi
return	Dictionary>