public void GetCwtKey(CwtPublicKey rpk) { try { CWT cwt = CWT.Decode(rpk.EncodedCwt(), CwtTrustKeySet, CwtTrustKeySet); AsymmetricKeyParameter pub = cwt.Cnf.Key.AsPublicKey(); SubjectPublicKeyInfo spi = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(pub); rpk.SetSubjectPublicKeyInfo(spi); AuthenticationKey = cwt.Cnf.Key; return; } catch { } TlsEvent ev = new TlsEvent(TlsEvent.EventCode.ServerCertificate) { Certificate = rpk }; EventHandler <TlsEvent> handler = TlsEventHandler; if (handler != null) { handler(this, ev); } if (!ev.Processed) { throw new TlsFatalAlert(AlertDescription.certificate_unknown); } AuthenticationKey = ev.KeyValue; }
public override byte GetServerCertificateType(byte[] certificateTypes) { TlsEvent e = new TlsEvent(TlsEvent.EventCode.ServerCertType) { Bytes = certificateTypes, Byte = (byte)0xff }; EventHandler <TlsEvent> handler = TlsEventHandler; if (handler != null) { handler(this, e); } if (e.Byte != 0xff) { return(e.Byte); } foreach (byte type in certificateTypes) { if (type == 2) { return(type); // Assume we only support Raw Public Key } } throw new TlsFatalAlert(AlertDescription.handshake_failure); }
public virtual void NotifyServerCertificate(AbstractCertificate serverCertificate) { if (serverCertificate is RawPublicKey) { GetRpkKey((RawPublicKey)serverCertificate); } #if SUPPORT_TLS_CWT else if (serverCertificate is CwtPublicKey) { GetCwtKey((CwtPublicKey)serverCertificate); } #endif else { TlsEvent e = new TlsEvent(TlsEvent.EventCode.ServerCertificate) { Certificate = serverCertificate }; EventHandler <TlsEvent> handler = TlsEventHandler; if (handler != null) { handler(this, e); } if (!e.Processed) { throw new TlsFatalAlert(AlertDescription.certificate_unknown); } } }
public virtual void NotifyServerCertificate(Certificate serverCertificate) { /* * X509CertificateStructure[] chain = serverCertificate.GetCertificateList(); * Console.WriteLine("DTLS client received server certificate chain of length " + chain.Length); * for (int i = 0; i != chain.Length; i++) { * X509CertificateStructure entry = chain[i]; * // TODO Create fingerprint based on certificate signature algorithm digest * Console.WriteLine(" fingerprint:SHA-256 " + TlsTestUtilities.Fingerprint(entry) + " (" + entry.Subject + ")"); + } */ TlsEvent e = new TlsEvent(TlsEvent.EventCode.ServerCertificate) { Certificate = serverCertificate, CertificateType = CertificateType.X509 }; EventHandler <TlsEvent> handler = TlsEventHandler; if (handler != null) { handler(this, e); } if (!e.Processed) { throw new TlsFatalAlert(AlertDescription.certificate_unknown); } }
public override int[] GetCipherSuites() { int[] i; if (_rawPublicKey != null) { i = new int[] { CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 }; } else { i = new int[] { CipherSuite.TLS_PSK_WITH_AES_128_CCM_8, }; } TlsEvent e = new TlsEvent(TlsEvent.EventCode.GetCipherSuites) { IntValues = i }; EventHandler <TlsEvent> handler = TlsEventHandler; if (handler != null) { handler(this, e); } return(e.IntValues); }
public override void NotifyClientCertificate(AbstractCertificate clientCertificate) { if (clientCertificate is RawPublicKey) { mPskIdentityManager.GetRpkKey((RawPublicKey)clientCertificate); } else { TlsEvent e = new TlsEvent(TlsEvent.EventCode.ClientCertificate) { Certificate = clientCertificate }; EventHandler <TlsEvent> handler = TlsEventHandler; if (handler != null) { handler(this, e); } if (!e.Processed) { throw new TlsFatalAlert(AlertDescription.certificate_unknown); } } }
public void GetCwtKey(CwtPublicKey rpk) { Cwt cwt; try { cwt = Cwt.Decode(rpk.EncodedCwt(), CwtTrustRoots, CwtTrustRoots); AuthenticationKey = cwt.Cnf.CoseKey; } catch (Exception e) { TlsEvent ev = new TlsEvent(TlsEvent.EventCode.ClientCertificate) { Certificate = rpk }; EventHandler <TlsEvent> handler = TlsEventHandler; if (handler != null) { handler(this, ev); } if (!ev.Processed) { throw new TlsFatalAlert(AlertDescription.certificate_unknown); } AuthenticationKey = ev.KeyValue; } }
static void ClientTlsEvents(Object o, TlsEvent e) { if (e.Code == ServerCertificate) { e.Processed = true; } }
public void GetRpkKey(RawPublicKey rpk) { AsymmetricKeyParameter key; try { key = PublicKeyFactory.CreateKey(rpk.SubjectPublicKeyInfo()); } catch (Exception e) { throw new TlsFatalAlert(AlertDescription.unsupported_certificate, e); } if (key is ECPublicKeyParameters) { ECPublicKeyParameters ecKey = (ECPublicKeyParameters)key; string s = ecKey.AlgorithmName; OneKey newKey = new OneKey(); newKey.Add(CoseKeyKeys.KeyType, GeneralValues.KeyType_EC); if (ecKey.Parameters.Curve.Equals(NistNamedCurves.GetByName("P-256").Curve)) { newKey.Add(CoseKeyParameterKeys.EC_Curve, GeneralValues.P256); } newKey.Add(CoseKeyParameterKeys.EC_X, CBORObject.FromObject(ecKey.Q.Normalize().XCoord.ToBigInteger().ToByteArrayUnsigned())); newKey.Add(CoseKeyParameterKeys.EC_Y, CBORObject.FromObject(ecKey.Q.Normalize().YCoord.ToBigInteger().ToByteArrayUnsigned())); if (_serverKeys != null) { foreach (OneKey k in _serverKeys) { if (k.Compare(newKey)) { AuthenticationKey = k; return; } } } TlsEvent ev = new TlsEvent(TlsEvent.EventCode.ServerCertificate) { KeyValue = newKey }; EventHandler <TlsEvent> handler = TlsEventHandler; if (handler != null) { handler(this, ev); } if (!ev.Processed) { // throw new TlsFatalAlert(AlertDescription.certificate_unknown); } } else { // throw new TlsFatalAlert(AlertDescription.certificate_unknown); } }
private void OnTlsEvent(Object o, TlsEvent e) { EventHandler<TlsEvent> handler = TlsEventHandler; if (handler != null) { handler(o, e); } }
public override int[] GetCipherSuites() { int[] i; if (_tlsKeyPair != null) { if (_tlsKeyPair.X509Certificate != null) { i = new int[] { CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 }; } #if SUPPORT_RPK else if (_tlsKeyPair.PublicKey != null) { i = new int[] { CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 }; } #endif #if SUPPORT_TLS_CWT else if (_tlsKeyPair.CertType == CertificateType.CwtPublicKey) { i = new int[] { CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 }; } #endif else { // We should never get here i = new int[0]; } } else { // We should never get here i = new int[] { CipherSuite.TLS_PSK_WITH_AES_128_CCM_8 }; } TlsEvent e = new TlsEvent(TlsEvent.EventCode.GetCipherSuites) { IntValues = i }; EventHandler <TlsEvent> handler = TlsEventHandler; if (handler != null) { handler(this, e); } return(e.IntValues); }
private void MyTlsEventHandler(object sender, TlsEvent tlsEvent) { EventHandler <TlsEvent> handler = TlsEventHandler; if (handler != null) { handler(sender, tlsEvent); } }
protected TlsSignerCredentials GetECDsaSignerCredentials() { #if SUPPORT_RPK if (_tlsKeyPair != null && _tlsKeyPair.CertType == CertificateType.RawPublicKey) { OneKey k = _tlsKeyPair.PublicKey; if (k.HasKeyType((int)GeneralValuesInt.KeyType_EC2) && k.HasAlgorithm(AlgorithmValues.ECDSA_256)) { X9ECParameters p = k.GetCurve(); ECDomainParameters parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H); ECPrivateKeyParameters privKey = new ECPrivateKeyParameters("ECDSA", ConvertBigNum(k[CoseKeyParameterKeys.EC_D]), parameters); ECPoint point = k.GetPoint(); ECPublicKeyParameters param = new ECPublicKeyParameters(point, parameters); SubjectPublicKeyInfo spi = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(param); return(new DefaultTlsSignerCredentials(mContext, new RawPublicKey(spi), privKey, new SignatureAndHashAlgorithm(HashAlgorithm.sha256, SignatureAlgorithm.ecdsa))); } } #endif #if SUPPORT_TLS_CWT if (_tlsKeyPair != null && _tlsKeyPair.CertType == CertificateType.CwtPublicKey) { OneKey k = _tlsKeyPair.PublicCwt.Cnf.Key; if (k.HasKeyType((int)GeneralValuesInt.KeyType_EC2) && k.HasAlgorithm(AlgorithmValues.ECDSA_256)) { X9ECParameters p = k.GetCurve(); ECDomainParameters parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H); ECPrivateKeyParameters privKey = new ECPrivateKeyParameters("ECDSA", ConvertBigNum(k[CoseKeyParameterKeys.EC_D]), parameters); return(new DefaultTlsSignerCredentials(mContext, new CwtPublicKey(_tlsKeyPair.PublicCwt.EncodeToBytes()), privKey, new SignatureAndHashAlgorithm(HashAlgorithm.sha256, SignatureAlgorithm.ecdsa))); } } #endif TlsEvent e = new TlsEvent(TlsEvent.EventCode.SignCredentials) { CipherSuite = KeyExchangeAlgorithm.ECDH_ECDSA }; EventHandler <TlsEvent> handler = TlsEventHandler; if (handler != null) { handler(this, e); } if (e.SignerCredentials != null) { return(e.SignerCredentials); } throw new TlsFatalAlert(AlertDescription.internal_error); }
public virtual TlsCredentials GetClientCredentials(CertificateRequest certificateRequest) { if (certificateRequest.CertificateTypes == null || !Arrays.Contains(certificateRequest.CertificateTypes, ClientCertificateType.ecdsa_sign)) { return(null); } #if SUPPORT_RPK if (_rawPublicKey != null) { OneKey k = _rawPublicKey; if (k.HasKeyType((int)COSE.GeneralValuesInt.KeyType_EC2) && k.HasAlgorithm(COSE.AlgorithmValues.ECDSA_256)) { X9ECParameters p = k.GetCurve(); ECDomainParameters parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H); ECPrivateKeyParameters privKey = new ECPrivateKeyParameters("ECDSA", ConvertBigNum(k[CoseKeyParameterKeys.EC_D]), parameters); ECPoint point = k.GetPoint(); ECPublicKeyParameters param = new ECPublicKeyParameters("ECDSA", point, /*parameters*/ SecObjectIdentifiers.SecP256r1); SubjectPublicKeyInfo spi = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(param); return(new DefaultTlsSignerCredentials(_mContext, new RawPublicKey(spi), privKey, new SignatureAndHashAlgorithm(HashAlgorithm.sha256, SignatureAlgorithm.ecdsa))); } } /* * byte[] certificateTypes = certificateRequest.CertificateTypes; * if (certificateTypes == null || !Arrays.Contains(certificateTypes, ClientCertificateType.rsa_sign)) * return null; * * return TlsTestUtilities.LoadSignerCredentials(mContext, certificateRequest.SupportedSignatureAlgorithms, * SignatureAlgorithm.rsa, "x509-client.pem", "x509-client-key.pem"); */ #endif // If we did not fine appropriate signer credientials - ask for help TlsEvent e = new TlsEvent(TlsEvent.EventCode.SignCredentials) { CipherSuite = KeyExchangeAlgorithm.ECDHE_ECDSA }; EventHandler <TlsEvent> handler = TlsEventHandler; if (handler != null) { handler(this, e); } if (e.SignerCredentials != null) { return(e.SignerCredentials); } throw new TlsFatalAlert(AlertDescription.internal_error); }
public virtual byte[] GetPsk(byte[] identity) { foreach (OneKey key in _userKeys) { if (!key.HasKeyType((int)GeneralValuesInt.KeyType_Octet)) { continue; } if (identity == null) { if (key.HasKid(null)) { AuthenticationKey = key; return((byte[])key[CoseKeyParameterKeys.Octet_k].GetByteString().Clone()); } } else { if (key.HasKid(identity)) { AuthenticationKey = key; return((byte[])key[CoseKeyParameterKeys.Octet_k].GetByteString().Clone()); } } } TlsEvent e = new TlsEvent(TlsEvent.EventCode.UnknownPskName) { PskName = identity }; EventHandler <TlsEvent> handler = TlsEventHandler; if (handler != null) { handler(this, e); } if (e.KeyValue != null) { if (e.KeyValue.HasKeyType((int)GeneralValuesInt.KeyType_Octet)) { AuthenticationKey = e.KeyValue; return((byte[])e.KeyValue[CoseKeyParameterKeys.Octet_k].GetByteString().Clone()); } } return(null); }
private static void ServerEventHandler(Object o, TlsEvent e) { switch (e.Code) { case TlsEvent.EventCode.UnknownPskName: if (e.PskName.SequenceEqual(PskOneName)) { // We don't recognize this name } else if (e.PskName.SequenceEqual(PskTwoName)) { e.KeyValue = PskTwo; } break; } }
/// <summary> /// Decide which type of client and server certificates are going to be supported. /// By default, we assume that only those certificate types which match the clients /// certificate are going to be supported for the server. /// </summary> /// <returns></returns> public override IDictionary GetClientExtensions() { IDictionary clientExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(base.GetClientExtensions()); // TlsExtensionsUtilities.AddEncryptThenMacExtension(clientExtensions); // TlsExtensionsUtilities.AddExtendedMasterSecretExtension(clientExtensions); { /* * NOTE: If you are copying test code, do not blindly set these extensions in your own client. */ // TlsExtensionsUtilities.AddMaxFragmentLengthExtension(clientExtensions, MaxFragmentLength.pow2_9); // TlsExtensionsUtilities.AddPaddingExtension(clientExtensions, mContext.SecureRandom.Next(16)); // TlsExtensionsUtilities.AddTruncatedHMacExtension(clientExtensions); #if SUPPORT_RPK if (_tlsKeyPair != null && _tlsKeyPair.CertType == CertificateType.RawPublicKey) { TlsExtensionsUtilities.AddClientCertificateTypeExtensionClient(clientExtensions, new byte[] { 2 }); TlsExtensionsUtilities.AddServerCertificateTypeExtensionClient(clientExtensions, new byte[] { 2 }); } #endif #if SUPPORT_TLS_CWT if (_tlsKeyPair != null && _tlsKeyPair.CertType == CertificateType.CwtPublicKey) { TlsExtensionsUtilities.AddClientCertificateTypeExtensionClient(clientExtensions, new byte[] { 254 }); TlsExtensionsUtilities.AddServerCertificateTypeExtensionClient(clientExtensions, new byte[] { 254 }); } #endif } TlsEvent e = new TlsEvent(TlsEvent.EventCode.GetExtensions) { Dictionary = clientExtensions }; EventHandler <TlsEvent> handler = TlsEventHandler; if (handler != null) { handler(this, e); } return(e.Dictionary); }
public override void NotifyClientCertificate(Certificate clientCertificate) { TlsEvent e = new TlsEvent(TlsEvent.EventCode.ClientCertificate) { Certificate = clientCertificate }; EventHandler <TlsEvent> handler = TlsEventHandler; if (handler != null) { handler(this, e); } if (!e.Processed) { throw new TlsFatalAlert(AlertDescription.certificate_unknown); } }
public override byte GetClientCertificateType(byte[] certificateTypes) { TlsEvent e = new TlsEvent(TlsEvent.EventCode.ClientCertType) { Bytes = certificateTypes, Byte = 0xff }; EventHandler <TlsEvent> handler = TlsEventHandler; if (handler != null) { handler(this, e); } if (e.Byte != 0xff) { return(e.Byte); } foreach (byte type in certificateTypes) { if (type == 1) { return(type); } #if SUPPORT_RPK if (type == 2) { return(type); // Assume we only support Raw Public Key } #endif #if SUPPORT_TLS_CWT if (type == 254) { return(type); } #endif } throw new TlsFatalAlert(AlertDescription.handshake_failure); }
protected override TlsSignerCredentials GetECDsaSignerCredentials() { #if SUPPORT_RPK foreach (OneKey k in _serverKeys) { if (k.HasKeyType((int)COSE.GeneralValuesInt.KeyType_EC2) && k.HasAlgorithm(COSE.AlgorithmValues.ECDSA_256)) { X9ECParameters p = k.GetCurve(); ECDomainParameters parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H); ECPrivateKeyParameters privKey = new ECPrivateKeyParameters("ECDSA", ConvertBigNum(k[CoseKeyParameterKeys.EC_D]), parameters); ECPoint point = k.GetPoint(); ECPublicKeyParameters param = new ECPublicKeyParameters(point, parameters); SubjectPublicKeyInfo spi = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(param); return(new DefaultTlsSignerCredentials(mContext, new RawPublicKey(spi), privKey, new SignatureAndHashAlgorithm(HashAlgorithm.sha256, SignatureAlgorithm.ecdsa))); } } #endif // If we did not fine appropriate signer credientials - ask for help TlsEvent e = new TlsEvent(TlsEvent.EventCode.SignCredentials) { CipherSuite = KeyExchangeAlgorithm.ECDHE_ECDSA }; EventHandler <TlsEvent> handler = TlsEventHandler; if (handler != null) { handler(this, e); } if (e.SignerCredentials != null) { return(e.SignerCredentials); } throw new TlsFatalAlert(AlertDescription.internal_error); }
public override void NotifyClientCertificate(AbstractCertificate clientCertificate) { if (clientCertificate is RawPublicKey) { mPskIdentityManager.GetRpkKey((RawPublicKey)clientCertificate); } #if SUPPORT_TLS_CWT else if (clientCertificate is CwtPublicKey) { mPskIdentityManager.CwtTrustRoots = CwtTrustKeySet; mPskIdentityManager.GetCwtKey((CwtPublicKey)clientCertificate); } #endif else if (clientCertificate is Certificate) { TlsEvent e = new TlsEvent(TlsEvent.EventCode.ClientCertificate) { Certificate = clientCertificate, CertificateType = CertificateType.X509 }; EventHandler <TlsEvent> handler = TlsEventHandler; if (handler != null) { handler(this, e); } if (!e.Processed) { throw new TlsFatalAlert(AlertDescription.certificate_unknown); } AuthenticationCertificate = (Certificate)clientCertificate; } else { throw new TlsFatalAlert(AlertDescription.certificate_unknown); } }
protected override int[] GetCipherSuites() { int[] i = new int[] { CipherSuite.TLS_PSK_WITH_AES_128_CCM_8, CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 }; // Give the outside code a chance to change this. TlsEvent e = new TlsEvent(TlsEvent.EventCode.GetCipherSuites) { IntValues = i }; EventHandler <TlsEvent> handler = TlsEventHandler; if (handler != null) { handler(this, e); } return(e.IntValues); }
public virtual TlsCredentials GetClientCredentials(CertificateRequest certificateRequest) { if (certificateRequest.CertificateTypes == null || !Arrays.Contains(certificateRequest.CertificateTypes, ClientCertificateType.ecdsa_sign)) { return(null); } if (TlsKey != null) { if (TlsKey.CertType == CertificateType.X509) { return(new DefaultTlsSignerCredentials(_mContext, new Certificate(TlsKey.X509Certificate), TlsKey.PrivateKey.AsPrivateKey(), new SignatureAndHashAlgorithm(HashAlgorithm.sha256, SignatureAlgorithm.ecdsa))); } #if SUPPORT_RPK else if (TlsKey.CertType == CertificateType.RawPublicKey) { OneKey k = TlsKey.PrivateKey; if (k.HasKeyType((int)GeneralValuesInt.KeyType_EC2) && k.HasAlgorithm(AlgorithmValues.ECDSA_256)) { X9ECParameters p = k.GetCurve(); ECDomainParameters parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H); ECPrivateKeyParameters privKey = new ECPrivateKeyParameters("ECDSA", ConvertBigNum(k[CoseKeyParameterKeys.EC_D]), parameters); ECPoint point = k.GetPoint(); ECPublicKeyParameters param = new ECPublicKeyParameters("ECDSA", point, /*parameters*/ SecObjectIdentifiers.SecP256r1); SubjectPublicKeyInfo spi = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(param); return(new DefaultTlsSignerCredentials(_mContext, new RawPublicKey(spi), privKey, new SignatureAndHashAlgorithm(HashAlgorithm.sha256, SignatureAlgorithm.ecdsa))); } } #endif #if SUPPORT_TLS_CWT else if (TlsKey.CertType == CertificateType.CwtPublicKey) { OneKey k = TlsKey.PublicCwt.Cnf.Key; if (k.HasKeyType((int)GeneralValuesInt.KeyType_EC2) && k.HasAlgorithm(AlgorithmValues.ECDSA_256)) { AsymmetricKeyParameter privKey = TlsKey.PrivateKey.AsPrivateKey(); return(new DefaultTlsSignerCredentials(_mContext, new CwtPublicKey(TlsKey.PublicCwt.EncodeToBytes()), privKey, new SignatureAndHashAlgorithm(HashAlgorithm.sha256, SignatureAlgorithm.ecdsa))); } } #endif } // If we did not fine appropriate signer credentials - ask for help TlsEvent e = new TlsEvent(TlsEvent.EventCode.SignCredentials) { CipherSuite = KeyExchangeAlgorithm.ECDHE_ECDSA }; EventHandler <TlsEvent> handler = TlsEventHandler; if (handler != null) { handler(this, e); } if (e.SignerCredentials != null) { return(e.SignerCredentials); } throw new TlsFatalAlert(AlertDescription.internal_error); }
protected override TlsSignerCredentials GetECDsaSignerCredentials() { byte[] certTypes; if (mClientExtensions.Contains(ExtensionType.server_certificate_type)) { certTypes = (byte[])mClientExtensions[ExtensionType.server_certificate_type]; } else { certTypes = new byte[] { CertificateType.X509 }; } foreach (byte b in certTypes) { if (b == CertificateType.X509) { foreach (TlsKeyPair kp in _serverKeys) { if (b != kp.CertType) { continue; } OneKey k = kp.PrivateKey; if (k.HasKeyType((int)GeneralValuesInt.KeyType_EC2) && k.HasAlgorithm(AlgorithmValues.ECDSA_256)) { return(new DefaultTlsSignerCredentials( mContext, new Certificate(kp.X509Certificate), kp.PrivateKey.AsPrivateKey(), new SignatureAndHashAlgorithm(HashAlgorithm.sha256, SignatureAlgorithm.ecdsa))); } } } #if SUPPORT_RPK if (b == CertificateType.RawPublicKey) { foreach (TlsKeyPair kp in _serverKeys) { if (b != kp.CertType) { continue; } OneKey k = kp.PublicKey; if (k.HasKeyType((int)GeneralValuesInt.KeyType_EC2) && k.HasAlgorithm(AlgorithmValues.ECDSA_256)) { AsymmetricKeyParameter param = k.AsPublicKey(); SubjectPublicKeyInfo spi = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(param); return(new DefaultTlsSignerCredentials(mContext, new RawPublicKey(spi), kp.PrivateKey.AsPrivateKey(), new SignatureAndHashAlgorithm( HashAlgorithm.sha256, SignatureAlgorithm.ecdsa))); } } } #endif #if SUPPORT_TLS_CWT if (b == CertificateType.CwtPublicKey) { foreach (TlsKeyPair kp in _serverKeys) { if (b != kp.CertType) { continue; } OneKey k = kp.PrivateKey; if (k.HasKeyType((int)GeneralValuesInt.KeyType_EC2) && k.HasAlgorithm(AlgorithmValues.ECDSA_256)) { CwtPublicKey cwtKey = new CwtPublicKey(kp.PublicCwt.EncodeToBytes()); AsymmetricKeyParameter pubKey = kp.PublicCwt.Cnf.CoseKey.AsPublicKey(); cwtKey.SetSubjectPublicKeyInfo(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(pubKey)); return(new DefaultTlsSignerCredentials( mContext, cwtKey, kp.PrivateKey.AsPrivateKey(), new SignatureAndHashAlgorithm(HashAlgorithm.sha256, SignatureAlgorithm.ecdsa))); } } } #endif } // If we did not fine appropriate signer credentials - ask for help TlsEvent e = new TlsEvent(TlsEvent.EventCode.SignCredentials) { CipherSuite = KeyExchangeAlgorithm.ECDHE_ECDSA }; EventHandler <TlsEvent> handler = TlsEventHandler; if (handler != null) { handler(this, e); } if (e.SignerCredentials != null) { return(e.SignerCredentials); } throw new TlsFatalAlert(AlertDescription.internal_error); }