Ejemplo n.º 1
0
		public virtual void ProcessServerCertificate(Certificate serverCertificate)
		{
			if (tlsSigner == null)
			{
				throw new TlsFatalAlert(AlertDescription.unexpected_message);
			}

			X509CertificateStructure x509Cert = serverCertificate.certs[0];
			SubjectPublicKeyInfo keyInfo = x509Cert.SubjectPublicKeyInfo;

			try
			{
				this.serverPublicKey = PublicKeyFactory.CreateKey(keyInfo);
			}
//			catch (RuntimeException)
			catch (Exception)
			{
				throw new TlsFatalAlert(AlertDescription.unsupported_certificate);
			}

	        if (!tlsSigner.IsValidPublicKey(this.serverPublicKey))
	        {
	            throw new TlsFatalAlert(AlertDescription.certificate_unknown);
	        }

			TlsUtilities.ValidateKeyUsage(x509Cert, KeyUsage.DigitalSignature);

			// TODO
			/*
			* Perform various checks per RFC2246 7.4.2: "Unless otherwise specified, the
			* signing algorithm for the certificate must be the same as the algorithm for the
			* certificate key."
			*/
		}
Ejemplo n.º 2
0
		public virtual void ProcessServerCertificate(Certificate serverCertificate)
		{
			X509CertificateStructure x509Cert = serverCertificate.certs[0];
			SubjectPublicKeyInfo keyInfo = x509Cert.SubjectPublicKeyInfo;

			try
			{
				this.serverPublicKey = PublicKeyFactory.CreateKey(keyInfo);
			}
//			catch (RuntimeException)
			catch (Exception)
			{
				throw new TlsFatalAlert(AlertDescription.unsupported_certificate);
			}

			// Sanity check the PublicKeyFactory
			if (this.serverPublicKey.IsPrivate)
			{
				throw new TlsFatalAlert(AlertDescription.internal_error);
			}

			this.rsaServerPublicKey = ValidateRsaPublicKey((RsaKeyParameters)this.serverPublicKey);

			TlsUtilities.ValidateKeyUsage(x509Cert, KeyUsage.KeyEncipherment);

			// TODO
			/*
			* Perform various checks per RFC2246 7.4.2: "Unless otherwise specified, the
			* signing algorithm for the certificate must be the same as the algorithm for the
			* certificate key."
			*/
		}
		public DefaultTlsSignerCredentials(TlsClientContext context,
			Certificate clientCertificate, AsymmetricKeyParameter clientPrivateKey)
		{
			if (clientCertificate == null)
			{
				throw new ArgumentNullException("clientCertificate");
			}
			if (clientCertificate.certs.Length == 0)
			{
				throw new ArgumentException("cannot be empty", "clientCertificate");
			}
			if (clientPrivateKey == null)
			{
				throw new ArgumentNullException("clientPrivateKey");
			}
			if (!clientPrivateKey.IsPrivate)
			{
				throw new ArgumentException("must be private", "clientPrivateKey");
			}

			if (clientPrivateKey is RsaKeyParameters)
			{
				clientSigner = new TlsRsaSigner();
			}
			else if (clientPrivateKey is DsaPrivateKeyParameters)
			{
				clientSigner = new TlsDssSigner();
			}
			else if (clientPrivateKey is ECPrivateKeyParameters)
			{
				clientSigner = new TlsECDsaSigner();
			}
			else
			{
				throw new ArgumentException("type not supported: "
					+ clientPrivateKey.GetType().FullName, "clientPrivateKey");
			}

			this.context = context;
			this.clientCert = clientCertificate;
			this.clientPrivateKey = clientPrivateKey;
		}
		public DefaultTlsAgreementCredentials(Certificate clientCertificate, AsymmetricKeyParameter clientPrivateKey)
		{
			if (clientCertificate == null)
			{
				throw new ArgumentNullException("clientCertificate");
			}
			if (clientCertificate.certs.Length == 0)
			{
				throw new ArgumentException("cannot be empty", "clientCertificate");
			}
			if (clientPrivateKey == null)
			{
				throw new ArgumentNullException("clientPrivateKey");
			}
			if (!clientPrivateKey.IsPrivate)
			{
				throw new ArgumentException("must be private", "clientPrivateKey");
			}

			if (clientPrivateKey is DHPrivateKeyParameters)
			{
				basicAgreement = new DHBasicAgreement();
			}
			else if (clientPrivateKey is ECPrivateKeyParameters)
			{
				basicAgreement = new ECDHBasicAgreement();
			}
			else
			{
				throw new ArgumentException("type not supported: "
					+ clientPrivateKey.GetType().FullName, "clientPrivateKey");
			}

			this.clientCert = clientCertificate;
			this.clientPrivateKey = clientPrivateKey;
		}
Ejemplo n.º 5
0
		private void SendClientCertificate(Certificate clientCert)
		{
			MemoryStream bos = new MemoryStream();
			TlsUtilities.WriteUint8((byte)HandshakeType.certificate, bos);
			clientCert.Encode(bos);
			byte[] message = bos.ToArray();

			rs.WriteMessage(ContentType.handshake, message, 0, message.Length);
		}
		public virtual void NotifyServerCertificate(Certificate serverCertificate)
		{
			if (!this.verifyer.IsValid(serverCertificate.GetCerts()))
				throw new TlsFatalAlert(AlertDescription.user_canceled);
		}