CreateTlsSigner() public static method

public static CreateTlsSigner ( byte clientCertificateType ) : TlsSigner
clientCertificateType byte
return TlsSigner
Beispiel #1
0
        protected virtual void ReceiveCertificateVerifyMessage(MemoryStream buf)
        {
            DigitallySigned digitallySigned = DigitallySigned.Parse(this.Context, buf);

            TlsProtocol.AssertEmpty(buf);
            try
            {
                byte[] hash;
                if (TlsUtilities.IsTlsV12(this.Context))
                {
                    hash = this.mPrepareFinishHash.GetFinalHash(digitallySigned.Algorithm.Hash);
                }
                else
                {
                    hash = this.mSecurityParameters.SessionHash;
                }
                X509CertificateStructure certificateAt        = this.mPeerCertificate.GetCertificateAt(0);
                SubjectPublicKeyInfo     subjectPublicKeyInfo = certificateAt.SubjectPublicKeyInfo;
                AsymmetricKeyParameter   publicKey            = PublicKeyFactory.CreateKey(subjectPublicKeyInfo);
                TlsSigner tlsSigner = TlsUtilities.CreateTlsSigner((byte)this.mClientCertificateType);
                tlsSigner.Init(this.Context);
                if (!tlsSigner.VerifyRawSignature(digitallySigned.Algorithm, digitallySigned.Signature, publicKey, hash))
                {
                    throw new TlsFatalAlert(51);
                }
            }
            catch (Exception alertCause)
            {
                throw new TlsFatalAlert(51, alertCause);
            }
        }
Beispiel #2
0
        protected virtual void ProcessCertificateVerify(DtlsServerProtocol.ServerHandshakeState state, byte[] body, TlsHandshakeHash prepareFinishHash)
        {
            MemoryStream         memoryStream    = new MemoryStream(body, false);
            TlsServerContextImpl serverContext   = state.serverContext;
            DigitallySigned      digitallySigned = DigitallySigned.Parse(serverContext, memoryStream);

            TlsProtocol.AssertEmpty(memoryStream);
            bool flag = false;

            try
            {
                byte[] hash;
                if (TlsUtilities.IsTlsV12(serverContext))
                {
                    hash = prepareFinishHash.GetFinalHash(digitallySigned.Algorithm.Hash);
                }
                else
                {
                    hash = serverContext.SecurityParameters.SessionHash;
                }
                X509CertificateStructure certificateAt        = state.clientCertificate.GetCertificateAt(0);
                SubjectPublicKeyInfo     subjectPublicKeyInfo = certificateAt.SubjectPublicKeyInfo;
                AsymmetricKeyParameter   publicKey            = PublicKeyFactory.CreateKey(subjectPublicKeyInfo);
                TlsSigner tlsSigner = TlsUtilities.CreateTlsSigner((byte)state.clientCertificateType);
                tlsSigner.Init(serverContext);
                flag = tlsSigner.VerifyRawSignature(digitallySigned.Algorithm, digitallySigned.Signature, publicKey, hash);
            }
            catch (Exception)
            {
            }
            if (!flag)
            {
                throw new TlsFatalAlert(51);
            }
        }
        protected virtual void ProcessCertificateVerify(ServerHandshakeState state, byte[] body, TlsHandshakeHash prepareFinishHash)
        {
            if (state.certificateRequest == null)
            {
                throw new InvalidOperationException();
            }

            MemoryStream buf = new MemoryStream(body, false);

            TlsServerContextImpl context = state.serverContext;
            DigitallySigned      clientCertificateVerify = DigitallySigned.Parse(context, buf);

            TlsProtocol.AssertEmpty(buf);

            // Verify the CertificateVerify message contains a correct signature.
            try
            {
                SignatureAndHashAlgorithm signatureAlgorithm = clientCertificateVerify.Algorithm;

                byte[] hash;
                if (TlsUtilities.IsTlsV12(context))
                {
                    TlsUtilities.VerifySupportedSignatureAlgorithm(state.certificateRequest.SupportedSignatureAlgorithms, signatureAlgorithm);
                    hash = prepareFinishHash.GetFinalHash(signatureAlgorithm.Hash);
                }
                else
                {
                    hash = context.SecurityParameters.SessionHash;
                }

                X509CertificateStructure x509Cert  = state.clientCertificate.GetCertificateAt(0);
                SubjectPublicKeyInfo     keyInfo   = x509Cert.SubjectPublicKeyInfo;
                AsymmetricKeyParameter   publicKey = PublicKeyFactory.CreateKey(keyInfo);

                TlsSigner tlsSigner = TlsUtilities.CreateTlsSigner((byte)state.clientCertificateType);
                tlsSigner.Init(context);
                if (!tlsSigner.VerifyRawSignature(signatureAlgorithm, clientCertificateVerify.Signature, publicKey, hash))
                {
                    throw new TlsFatalAlert(AlertDescription.decrypt_error);
                }
            }
            catch (TlsFatalAlert e)
            {
                throw e;
            }
            catch (Exception e)
            {
                throw new TlsFatalAlert(AlertDescription.decrypt_error, e);
            }
        }
        protected virtual void ReceiveCertificateVerifyMessage(MemoryStream buf)
        {
            if (mCertificateRequest == null)
            {
                throw new InvalidOperationException();
            }

            DigitallySigned clientCertificateVerify = DigitallySigned.Parse(Context, buf);

            AssertEmpty(buf);

            // Verify the CertificateVerify message contains a correct signature.
            try
            {
                SignatureAndHashAlgorithm signatureAlgorithm = clientCertificateVerify.Algorithm;

                byte[] hash;
                if (TlsUtilities.IsTlsV12(Context))
                {
                    TlsUtilities.VerifySupportedSignatureAlgorithm(mCertificateRequest.SupportedSignatureAlgorithms, signatureAlgorithm);
                    hash = mPrepareFinishHash.GetFinalHash(signatureAlgorithm.Hash);
                }
                else
                {
                    hash = mSecurityParameters.SessionHash;
                }

                X509CertificateStructure x509Cert  = mPeerCertificate.GetCertificateAt(0);
                SubjectPublicKeyInfo     keyInfo   = x509Cert.SubjectPublicKeyInfo;
                AsymmetricKeyParameter   publicKey = PublicKeyFactory.CreateKey(keyInfo);

                TlsSigner tlsSigner = TlsUtilities.CreateTlsSigner((byte)mClientCertificateType);
                tlsSigner.Init(Context);
                if (!tlsSigner.VerifyRawSignature(signatureAlgorithm, clientCertificateVerify.Signature, publicKey, hash))
                {
                    throw new TlsFatalAlert(AlertDescription.decrypt_error);
                }
            }
            catch (TlsFatalAlert e)
            {
                throw e;
            }
            catch (Exception e)
            {
                throw new TlsFatalAlert(AlertDescription.decrypt_error, e);
            }
        }
        protected virtual void ProcessCertificateVerify(ServerHandshakeState state, byte[] body, TlsHandshakeHash prepareFinishHash)
        {
            //IL_0008: Unknown result type (might be due to invalid IL or missing references)
            //IL_0010: Unknown result type (might be due to invalid IL or missing references)
            //IL_0016: Expected O, but got Unknown
            if (state.certificateRequest == null)
            {
                throw new InvalidOperationException();
            }
            MemoryStream         val             = new MemoryStream(body, false);
            TlsServerContextImpl serverContext   = state.serverContext;
            DigitallySigned      digitallySigned = DigitallySigned.Parse(serverContext, (Stream)(object)val);

            TlsProtocol.AssertEmpty(val);
            try
            {
                SignatureAndHashAlgorithm algorithm = digitallySigned.Algorithm;
                byte[] hash;
                if (TlsUtilities.IsTlsV12(serverContext))
                {
                    TlsUtilities.VerifySupportedSignatureAlgorithm(state.certificateRequest.SupportedSignatureAlgorithms, algorithm);
                    hash = prepareFinishHash.GetFinalHash(algorithm.Hash);
                }
                else
                {
                    hash = serverContext.SecurityParameters.SessionHash;
                }
                X509CertificateStructure certificateAt        = state.clientCertificate.GetCertificateAt(0);
                SubjectPublicKeyInfo     subjectPublicKeyInfo = certificateAt.SubjectPublicKeyInfo;
                AsymmetricKeyParameter   publicKey            = PublicKeyFactory.CreateKey(subjectPublicKeyInfo);
                TlsSigner tlsSigner = TlsUtilities.CreateTlsSigner((byte)state.clientCertificateType);
                tlsSigner.Init(serverContext);
                if (!tlsSigner.VerifyRawSignature(algorithm, digitallySigned.Signature, publicKey, hash))
                {
                    throw new TlsFatalAlert(51);
                }
            }
            catch (TlsFatalAlert tlsFatalAlert)
            {
                throw tlsFatalAlert;
            }
            catch (global::System.Exception alertCause)
            {
                throw new TlsFatalAlert(51, alertCause);
            }
        }
Beispiel #6
0
        protected virtual void ReceiveCertificateVerifyMessage(MemoryStream buf)
        {
            //IL_0008: Unknown result type (might be due to invalid IL or missing references)
            if (mCertificateRequest == null)
            {
                throw new InvalidOperationException();
            }
            DigitallySigned digitallySigned = DigitallySigned.Parse(Context, (Stream)(object)buf);

            TlsProtocol.AssertEmpty(buf);
            try
            {
                SignatureAndHashAlgorithm algorithm = digitallySigned.Algorithm;
                byte[] hash;
                if (TlsUtilities.IsTlsV12(Context))
                {
                    TlsUtilities.VerifySupportedSignatureAlgorithm(mCertificateRequest.SupportedSignatureAlgorithms, algorithm);
                    hash = mPrepareFinishHash.GetFinalHash(algorithm.Hash);
                }
                else
                {
                    hash = mSecurityParameters.SessionHash;
                }
                X509CertificateStructure certificateAt        = mPeerCertificate.GetCertificateAt(0);
                SubjectPublicKeyInfo     subjectPublicKeyInfo = certificateAt.SubjectPublicKeyInfo;
                AsymmetricKeyParameter   publicKey            = PublicKeyFactory.CreateKey(subjectPublicKeyInfo);
                TlsSigner tlsSigner = TlsUtilities.CreateTlsSigner((byte)mClientCertificateType);
                tlsSigner.Init(Context);
                if (!tlsSigner.VerifyRawSignature(algorithm, digitallySigned.Signature, publicKey, hash))
                {
                    throw new TlsFatalAlert(51);
                }
            }
            catch (TlsFatalAlert tlsFatalAlert)
            {
                throw tlsFatalAlert;
            }
            catch (global::System.Exception alertCause)
            {
                throw new TlsFatalAlert(51, alertCause);
            }
        }
        protected virtual void ReceiveCertificateVerifyMessage(MemoryStream buf)
        {
            DigitallySigned clientCertificateVerify = DigitallySigned.Parse(Context, buf);

            AssertEmpty(buf);

            // Verify the CertificateVerify message contains a correct signature.
            try
            {
                byte[] certificateVerifyHash;
                if (TlsUtilities.IsTlsV12(Context))
                {
                    certificateVerifyHash = mPrepareFinishHash.GetFinalHash(clientCertificateVerify.Algorithm.Hash);
                }
                else
                {
                    certificateVerifyHash = TlsProtocol.GetCurrentPrfHash(Context, mPrepareFinishHash, null);
                }

                X509CertificateStructure x509Cert  = mPeerCertificate.GetCertificateAt(0);
                SubjectPublicKeyInfo     keyInfo   = x509Cert.SubjectPublicKeyInfo;
                AsymmetricKeyParameter   publicKey = PublicKeyFactory.CreateKey(keyInfo);

                TlsSigner tlsSigner = TlsUtilities.CreateTlsSigner((byte)mClientCertificateType);
                tlsSigner.Init(Context);
                if (!tlsSigner.VerifyRawSignature(clientCertificateVerify.Algorithm,
                                                  clientCertificateVerify.Signature, publicKey, certificateVerifyHash))
                {
                    throw new TlsFatalAlert(AlertDescription.decrypt_error);
                }
            }
            catch (Exception e)
            {
                throw new TlsFatalAlert(AlertDescription.decrypt_error, e);
            }
        }