| static private ValidateKeyUsage ( X509CertificateStructure c, int keyUsageBits ) : void | ||
| c | X509CertificateStructure | |
| keyUsageBits | int | |
| return | void | |
public override void ProcessServerCertificate(Certificate serverCertificate)
{
if (serverCertificate.IsEmpty)
{
throw new TlsFatalAlert(42);
}
X509CertificateStructure certificateAt = serverCertificate.GetCertificateAt(0);
SubjectPublicKeyInfo subjectPublicKeyInfo = certificateAt.SubjectPublicKeyInfo;
try
{
this.mServerPublicKey = PublicKeyFactory.CreateKey(subjectPublicKeyInfo);
}
catch (Exception alertCause)
{
throw new TlsFatalAlert(43, alertCause);
}
if (this.mServerPublicKey.IsPrivate)
{
throw new TlsFatalAlert(80);
}
this.mRsaServerPublicKey = this.ValidateRsaPublicKey((RsaKeyParameters)this.mServerPublicKey);
TlsUtilities.ValidateKeyUsage(certificateAt, 32);
base.ProcessServerCertificate(serverCertificate);
}
public override void ProcessServerCertificate(Certificate serverCertificate)
{
if (serverCertificate.IsEmpty)
{
throw new TlsFatalAlert(AlertDescription.bad_certificate);
}
X509CertificateStructure x509Cert = serverCertificate.GetCertificateAt(0);
SubjectPublicKeyInfo keyInfo = x509Cert.SubjectPublicKeyInfo;
try
{
this.mServerPublicKey = PublicKeyFactory.CreateKey(keyInfo);
}
catch (Exception e)
{
throw new TlsFatalAlert(AlertDescription.unsupported_certificate, e);
}
// Sanity check the PublicKeyFactory
if (this.mServerPublicKey.IsPrivate)
{
throw new TlsFatalAlert(AlertDescription.internal_error);
}
this.mRsaServerPublicKey = ValidateRsaPublicKey((RsaKeyParameters)this.mServerPublicKey);
TlsUtilities.ValidateKeyUsage(x509Cert, KeyUsage.KeyEncipherment);
base.ProcessServerCertificate(serverCertificate);
}
public virtual void ProcessServerCertificate(Certificate serverCertificate)
{
X509CertificateStructure x509Cert = serverCertificate.GetCertificateAt(0);
SubjectPublicKeyInfo keyInfo = x509Cert.SubjectPublicKeyInfo;
try
{
this.serverPublicKey = PublicKeyFactory.CreateKey(keyInfo);
}
// catch (RuntimeException)
catch (Exception)
{
throw new TlsFatalAlert(AlertDescription.unsupported_certificate);
}
// Sanity check the PublicKeyFactory
if (this.serverPublicKey.IsPrivate)
{
throw new TlsFatalAlert(AlertDescription.internal_error);
}
this.rsaServerPublicKey = ValidateRsaPublicKey((RsaKeyParameters)this.serverPublicKey);
TlsUtilities.ValidateKeyUsage(x509Cert, KeyUsage.KeyEncipherment);
// TODO
/*
* Perform various checks per RFC2246 7.4.2: "Unless otherwise specified, the
* signing algorithm for the certificate must be the same as the algorithm for the
* certificate key."
*/
}
public override void ProcessServerCertificate(Certificate serverCertificate)
{
if (mTlsSigner == null)
{
throw new TlsFatalAlert(10);
}
if (serverCertificate.IsEmpty)
{
throw new TlsFatalAlert(42);
}
X509CertificateStructure certificateAt = serverCertificate.GetCertificateAt(0);
SubjectPublicKeyInfo subjectPublicKeyInfo = certificateAt.SubjectPublicKeyInfo;
try
{
mServerPublicKey = PublicKeyFactory.CreateKey(subjectPublicKeyInfo);
}
catch (global::System.Exception alertCause)
{
throw new TlsFatalAlert(43, alertCause);
}
if (!mTlsSigner.IsValidPublicKey(mServerPublicKey))
{
throw new TlsFatalAlert(46);
}
TlsUtilities.ValidateKeyUsage(certificateAt, 128);
base.ProcessServerCertificate(serverCertificate);
}
public virtual void ProcessServerCertificate(Certificate serverCertificate)
{
if (tlsSigner == null)
{
throw new TlsFatalAlert(AlertDescription.unexpected_message);
}
X509CertificateStructure x509Cert = serverCertificate.certs[0];
SubjectPublicKeyInfo keyInfo = x509Cert.SubjectPublicKeyInfo;
try
{
this.serverPublicKey = PublicKeyFactory.CreateKey(keyInfo);
}
// catch (RuntimeException)
catch (Exception)
{
throw new TlsFatalAlert(AlertDescription.unsupported_certificate);
}
if (!tlsSigner.IsValidPublicKey(this.serverPublicKey))
{
throw new TlsFatalAlert(AlertDescription.certificate_unknown);
}
TlsUtilities.ValidateKeyUsage(x509Cert, KeyUsage.DigitalSignature);
// TODO
/*
* Perform various checks per RFC2246 7.4.2: "Unless otherwise specified, the
* signing algorithm for the certificate must be the same as the algorithm for the
* certificate key."
*/
}
public override void ProcessServerCertificate(Certificate serverCertificate)
{
if (mTlsSigner == null)
{
throw new TlsFatalAlert(AlertDescription.unexpected_message);
}
if (serverCertificate.IsEmpty)
{
throw new TlsFatalAlert(AlertDescription.bad_certificate);
}
X509CertificateStructure x509Cert = serverCertificate.GetCertificateAt(0);
SubjectPublicKeyInfo keyInfo = x509Cert.SubjectPublicKeyInfo;
try
{
this.mServerPublicKey = PublicKeyFactory.CreateKey(keyInfo);
}
catch (Exception e)
{
throw new TlsFatalAlert(AlertDescription.unsupported_certificate, e);
}
if (!mTlsSigner.IsValidPublicKey(this.mServerPublicKey))
{
throw new TlsFatalAlert(AlertDescription.certificate_unknown);
}
TlsUtilities.ValidateKeyUsage(x509Cert, KeyUsage.DigitalSignature);
base.ProcessServerCertificate(serverCertificate);
}
public override void ProcessServerCertificate(Certificate serverCertificate)
{
if (mKeyExchange == KeyExchangeAlgorithm.DH_anon)
{
throw new TlsFatalAlert(AlertDescription.unexpected_message);
}
if (serverCertificate.IsEmpty)
{
throw new TlsFatalAlert(AlertDescription.decode_error);
}
X509CertificateStructure x509Cert = serverCertificate.GetCertificateAt(0);
SubjectPublicKeyInfo keyInfo = x509Cert.SubjectPublicKeyInfo;
try
{
this.mServerPublicKey = PublicKeyFactory.CreateKey(keyInfo);
}
catch (Exception e)
{
throw new TlsFatalAlert(AlertDescription.unsupported_certificate, e);
}
if (mTlsSigner == null)
{
try
{
this.mDHAgreePublicKey = (DHPublicKeyParameters)this.mServerPublicKey;
this.mDHParameters = mDHAgreePublicKey.Parameters;
}
catch (InvalidCastException e)
{
throw new TlsFatalAlert(AlertDescription.certificate_unknown, e);
}
TlsUtilities.ValidateKeyUsage(x509Cert, KeyUsage.KeyAgreement);
}
else
{
if (!mTlsSigner.IsValidPublicKey(this.mServerPublicKey))
{
throw new TlsFatalAlert(AlertDescription.certificate_unknown);
}
TlsUtilities.ValidateKeyUsage(x509Cert, KeyUsage.DigitalSignature);
}
base.ProcessServerCertificate(serverCertificate);
}
public virtual void ProcessServerCertificate(Certificate serverCertificate)
{
X509CertificateStructure x509Cert = serverCertificate.GetCertificateAt(0);
SubjectPublicKeyInfo keyInfo = x509Cert.SubjectPublicKeyInfo;
try
{
this.serverPublicKey = PublicKeyFactory.CreateKey(keyInfo);
}
catch (Exception)
{
throw new TlsFatalAlert(AlertDescription.unsupported_certificate);
}
if (tlsSigner == null)
{
try
{
this.ecAgreeServerPublicKey = ValidateECPublicKey((ECPublicKeyParameters)this.serverPublicKey);
}
catch (InvalidCastException)
{
throw new TlsFatalAlert(AlertDescription.certificate_unknown);
}
TlsUtilities.ValidateKeyUsage(x509Cert, KeyUsage.KeyAgreement);
}
else
{
if (!tlsSigner.IsValidPublicKey(this.serverPublicKey))
{
throw new TlsFatalAlert(AlertDescription.certificate_unknown);
}
TlsUtilities.ValidateKeyUsage(x509Cert, KeyUsage.DigitalSignature);
}
// TODO
/*
* Perform various checks per RFC2246 7.4.2: "Unless otherwise specified, the
* signing algorithm for the certificate must be the same as the algorithm for the
* certificate key."
*/
}
public override void ProcessServerCertificate(Certificate serverCertificate)
{
if (serverCertificate.IsEmpty)
{
throw new TlsFatalAlert(AlertDescription.bad_certificate);
}
X509CertificateStructure x509Cert = serverCertificate.GetCertificateAt(0);
SubjectPublicKeyInfo keyInfo = x509Cert.SubjectPublicKeyInfo;
try
{
this.mServerPublicKey = PublicKeyFactory.CreateKey(keyInfo);
}
catch (Exception e)
{
throw new TlsFatalAlert(AlertDescription.unsupported_certificate, e);
}
if (mTlsSigner == null)
{
try
{
this.mECAgreePublicKey = TlsEccUtilities.ValidateECPublicKey((ECPublicKeyParameters)this.mServerPublicKey);
}
catch (InvalidCastException e)
{
throw new TlsFatalAlert(AlertDescription.certificate_unknown, e);
}
TlsUtilities.ValidateKeyUsage(x509Cert, KeyUsage.KeyAgreement);
}
else
{
if (!mTlsSigner.IsValidPublicKey(this.mServerPublicKey))
{
throw new TlsFatalAlert(AlertDescription.certificate_unknown);
}
TlsUtilities.ValidateKeyUsage(x509Cert, KeyUsage.DigitalSignature);
}
base.ProcessServerCertificate(serverCertificate);
}
public override void ProcessServerCertificate(AbstractCertificate serverCertificate)
{
if (mKeyExchange != KeyExchangeAlgorithm.RSA_PSK)
{
throw new TlsFatalAlert(AlertDescription.unexpected_message);
}
if (serverCertificate.IsEmpty)
{
throw new TlsFatalAlert(AlertDescription.decode_error);
}
Certificate realCertificate = serverCertificate as Certificate;
X509CertificateStructure x509Cert = null;
if (realCertificate != null)
{
x509Cert = realCertificate.GetCertificateAt(0);
}
SubjectPublicKeyInfo keyInfo = serverCertificate.SubjectPublicKeyInfo();
try
{
this.mServerPublicKey = PublicKeyFactory.CreateKey(keyInfo);
}
catch (Exception e)
{
throw new TlsFatalAlert(AlertDescription.unsupported_certificate, e);
}
// Sanity check the PublicKeyFactory
if (this.mServerPublicKey.IsPrivate)
{
throw new TlsFatalAlert(AlertDescription.internal_error);
}
this.mRsaServerPublicKey = ValidateRsaPublicKey((RsaKeyParameters)this.mServerPublicKey);
if (x509Cert != null)
{
TlsUtilities.ValidateKeyUsage(x509Cert, KeyUsage.KeyEncipherment);
}
base.ProcessServerCertificate(serverCertificate);
}
public override void ProcessServerCertificate(Certificate serverCertificate)
{
if (base.mKeyExchange == 20)
{
throw new TlsFatalAlert(10);
}
if (serverCertificate.IsEmpty)
{
throw new TlsFatalAlert(0x2a);
}
X509CertificateStructure certificateAt = serverCertificate.GetCertificateAt(0);
SubjectPublicKeyInfo subjectPublicKeyInfo = certificateAt.SubjectPublicKeyInfo;
try
{
this.mServerPublicKey = PublicKeyFactory.CreateKey(subjectPublicKeyInfo);
}
catch (Exception exception)
{
throw new TlsFatalAlert(0x2b, exception);
}
if (this.mTlsSigner == null)
{
try
{
this.mECAgreePublicKey = TlsEccUtilities.ValidateECPublicKey((ECPublicKeyParameters)this.mServerPublicKey);
}
catch (InvalidCastException exception2)
{
throw new TlsFatalAlert(0x2e, exception2);
}
TlsUtilities.ValidateKeyUsage(certificateAt, 8);
}
else
{
if (!this.mTlsSigner.IsValidPublicKey(this.mServerPublicKey))
{
throw new TlsFatalAlert(0x2e);
}
TlsUtilities.ValidateKeyUsage(certificateAt, 0x80);
}
base.ProcessServerCertificate(serverCertificate);
}
public override void ProcessServerCertificate(AbstractCertificate serverCertificate)
{
if (mTlsSigner == null)
{
throw new TlsFatalAlert(AlertDescription.unexpected_message);
}
if (serverCertificate.IsEmpty)
{
throw new TlsFatalAlert(AlertDescription.decode_error);
}
Certificate realCertificate = serverCertificate as Certificate;
X509CertificateStructure x509Cert = null;
if (realCertificate != null)
{
x509Cert = realCertificate.GetCertificateAt(0);
}
SubjectPublicKeyInfo keyInfo = serverCertificate.SubjectPublicKeyInfo();
try
{
this.mServerPublicKey = PublicKeyFactory.CreateKey(keyInfo);
}
catch (Exception e)
{
throw new TlsFatalAlert(AlertDescription.unsupported_certificate, e);
}
if (!mTlsSigner.IsValidPublicKey(this.mServerPublicKey))
{
throw new TlsFatalAlert(AlertDescription.certificate_unknown);
}
if (x509Cert != null)
{
TlsUtilities.ValidateKeyUsage(x509Cert, KeyUsage.DigitalSignature);
}
base.ProcessServerCertificate(serverCertificate);
}
public override void ProcessServerCertificate(Certificate serverCertificate)
{
//IL_006f: Expected O, but got Unknown
if (serverCertificate.IsEmpty)
{
throw new TlsFatalAlert(42);
}
X509CertificateStructure certificateAt = serverCertificate.GetCertificateAt(0);
SubjectPublicKeyInfo subjectPublicKeyInfo = certificateAt.SubjectPublicKeyInfo;
try
{
mServerPublicKey = PublicKeyFactory.CreateKey(subjectPublicKeyInfo);
}
catch (global::System.Exception alertCause)
{
throw new TlsFatalAlert(43, alertCause);
}
if (mTlsSigner == null)
{
try
{
mDHAgreePublicKey = TlsDHUtilities.ValidateDHPublicKey((DHPublicKeyParameters)mServerPublicKey);
mDHParameters = ValidateDHParameters(mDHAgreePublicKey.Parameters);
}
catch (InvalidCastException val)
{
InvalidCastException alertCause2 = val;
throw new TlsFatalAlert(46, (global::System.Exception)(object) alertCause2);
}
TlsUtilities.ValidateKeyUsage(certificateAt, 8);
}
else
{
if (!mTlsSigner.IsValidPublicKey(mServerPublicKey))
{
throw new TlsFatalAlert(46);
}
TlsUtilities.ValidateKeyUsage(certificateAt, 128);
}
base.ProcessServerCertificate(serverCertificate);
}
public override void ProcessServerCertificate(Certificate serverCertificate)
{
if (serverCertificate.IsEmpty)
{
throw new TlsFatalAlert(42);
}
X509CertificateStructure certificateAt = serverCertificate.GetCertificateAt(0);
SubjectPublicKeyInfo subjectPublicKeyInfo = certificateAt.SubjectPublicKeyInfo;
try
{
mServerPublicKey = PublicKeyFactory.CreateKey(subjectPublicKeyInfo);
}
catch (Exception alertCause)
{
throw new TlsFatalAlert(43, alertCause);
IL_003d :;
}
if (mTlsSigner == null)
{
try
{
mECAgreePublicKey = TlsEccUtilities.ValidateECPublicKey((ECPublicKeyParameters)mServerPublicKey);
}
catch (InvalidCastException alertCause2)
{
throw new TlsFatalAlert(46, alertCause2);
IL_0072 :;
}
TlsUtilities.ValidateKeyUsage(certificateAt, 8);
}
else
{
if (!mTlsSigner.IsValidPublicKey(mServerPublicKey))
{
throw new TlsFatalAlert(46);
}
TlsUtilities.ValidateKeyUsage(certificateAt, 128);
}
base.ProcessServerCertificate(serverCertificate);
}
public override void ProcessServerCertificate(AbstractCertificate serverCertificate)
{
if (mKeyExchange == KeyExchangeAlgorithm.ECDH_anon)
{
throw new TlsFatalAlert(AlertDescription.unexpected_message);
}
if (serverCertificate.IsEmpty)
{
throw new TlsFatalAlert(AlertDescription.decode_error);
}
X509CertificateStructure x509Cert = null;
Certificate xCert = serverCertificate as Certificate;
if (xCert != null)
{
x509Cert = xCert.GetCertificateAt(0);
}
SubjectPublicKeyInfo keyInfo = serverCertificate.SubjectPublicKeyInfo();
try
{
this.mServerPublicKey = PublicKeyFactory.CreateKey(keyInfo);
}
catch (Exception e)
{
throw new TlsFatalAlert(AlertDescription.unsupported_certificate, e);
}
if (mTlsSigner == null)
{
try
{
this.mECAgreePublicKey = TlsEccUtilities.ValidateECPublicKey((ECPublicKeyParameters)this.mServerPublicKey);
}
catch (InvalidCastException e)
{
throw new TlsFatalAlert(AlertDescription.certificate_unknown, e);
}
if (xCert != null)
{
TlsUtilities.ValidateKeyUsage(x509Cert, KeyUsage.KeyAgreement);
}
}
else
{
if (!mTlsSigner.IsValidPublicKey(this.mServerPublicKey))
{
throw new TlsFatalAlert(AlertDescription.certificate_unknown);
}
if (xCert != null)
{
TlsUtilities.ValidateKeyUsage(x509Cert, KeyUsage.DigitalSignature);
}
}
base.ProcessServerCertificate(serverCertificate);
}