public void GetCwtKey(CwtPublicKey rpk)
{
try {
CWT cwt = CWT.Decode(rpk.EncodedCwt(), CwtTrustKeySet, CwtTrustKeySet);
AsymmetricKeyParameter pub = cwt.Cnf.Key.AsPublicKey();
SubjectPublicKeyInfo spi = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(pub);
rpk.SetSubjectPublicKeyInfo(spi);
AuthenticationKey = cwt.Cnf.Key;
return;
}
catch {
}
TlsEvent ev = new TlsEvent(TlsEvent.EventCode.ServerCertificate)
{
Certificate = rpk
};
EventHandler <TlsEvent> handler = TlsEventHandler;
if (handler != null)
{
handler(this, ev);
}
if (!ev.Processed)
{
throw new TlsFatalAlert(AlertDescription.certificate_unknown);
}
AuthenticationKey = ev.KeyValue;
}
public void GetCwtKey(CwtPublicKey rpk)
{
Cwt cwt;
try {
cwt = Cwt.Decode(rpk.EncodedCwt(), CwtTrustRoots, CwtTrustRoots);
AuthenticationKey = cwt.Cnf.CoseKey;
}
catch (Exception e)
{
TlsEvent ev = new TlsEvent(TlsEvent.EventCode.ClientCertificate)
{
Certificate = rpk
};
EventHandler <TlsEvent> handler = TlsEventHandler;
if (handler != null)
{
handler(this, ev);
}
if (!ev.Processed)
{
throw new TlsFatalAlert(AlertDescription.certificate_unknown);
}
AuthenticationKey = ev.KeyValue;
}
}
public override AbstractCertificate ParseServerCertificate(short certificateType, Stream io)
{
switch (certificateType)
{
case CertificateType.CwtPublicKey:
try {
CwtPublicKey cwtPub = CwtPublicKey.Parse(io);
CWT cwtServer = CWT.Decode(cwtPub.EncodedCwt(), CwtTrustKeySet, CwtTrustKeySet);
AsymmetricKeyParameter pubKey = cwtServer.Cnf.Key.AsPublicKey();
SubjectPublicKeyInfo spi = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(pubKey);
cwtPub.SetSubjectPublicKeyInfo(spi);
return(cwtPub);
}
catch {
return(null);
}
default:
return(null);
}
}
protected override TlsSignerCredentials GetECDsaSignerCredentials()
{
byte[] certTypes;
if (mClientExtensions.Contains(ExtensionType.server_certificate_type))
{
certTypes = (byte[])mClientExtensions[ExtensionType.server_certificate_type];
}
else
{
certTypes = new byte[] { CertificateType.X509 };
}
foreach (byte b in certTypes)
{
if (b == CertificateType.X509)
{
foreach (TlsKeyPair kp in _serverKeys)
{
if (b != kp.CertType)
{
continue;
}
OneKey k = kp.PrivateKey;
if (k.HasKeyType((int)GeneralValuesInt.KeyType_EC2) &&
k.HasAlgorithm(AlgorithmValues.ECDSA_256))
{
return(new DefaultTlsSignerCredentials(
mContext,
new Certificate(kp.X509Certificate),
kp.PrivateKey.AsPrivateKey(),
new SignatureAndHashAlgorithm(HashAlgorithm.sha256, SignatureAlgorithm.ecdsa)));
}
}
}
#if SUPPORT_RPK
if (b == CertificateType.RawPublicKey)
{
foreach (TlsKeyPair kp in _serverKeys)
{
if (b != kp.CertType)
{
continue;
}
OneKey k = kp.PublicKey;
if (k.HasKeyType((int)GeneralValuesInt.KeyType_EC2) &&
k.HasAlgorithm(AlgorithmValues.ECDSA_256))
{
AsymmetricKeyParameter param = k.AsPublicKey();
SubjectPublicKeyInfo spi = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(param);
return(new DefaultTlsSignerCredentials(mContext, new RawPublicKey(spi), kp.PrivateKey.AsPrivateKey(),
new SignatureAndHashAlgorithm(
HashAlgorithm.sha256, SignatureAlgorithm.ecdsa)));
}
}
}
#endif
#if SUPPORT_TLS_CWT
if (b == CertificateType.CwtPublicKey)
{
foreach (TlsKeyPair kp in _serverKeys)
{
if (b != kp.CertType)
{
continue;
}
OneKey k = kp.PrivateKey;
if (k.HasKeyType((int)GeneralValuesInt.KeyType_EC2) &&
k.HasAlgorithm(AlgorithmValues.ECDSA_256))
{
CwtPublicKey cwtKey = new CwtPublicKey(kp.PublicCwt.EncodeToBytes());
AsymmetricKeyParameter pubKey = kp.PublicCwt.Cnf.CoseKey.AsPublicKey();
cwtKey.SetSubjectPublicKeyInfo(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(pubKey));
return(new DefaultTlsSignerCredentials(
mContext, cwtKey, kp.PrivateKey.AsPrivateKey(),
new SignatureAndHashAlgorithm(HashAlgorithm.sha256, SignatureAlgorithm.ecdsa)));
}
}
}
#endif
}
// If we did not fine appropriate signer credentials - ask for help
TlsEvent e = new TlsEvent(TlsEvent.EventCode.SignCredentials)
{
CipherSuite = KeyExchangeAlgorithm.ECDHE_ECDSA
};
EventHandler <TlsEvent> handler = TlsEventHandler;
if (handler != null)
{
handler(this, e);
}
if (e.SignerCredentials != null)
{
return(e.SignerCredentials);
}
throw new TlsFatalAlert(AlertDescription.internal_error);
}
