|
static private GetClientCertificateType ( |
||
| clientCertificate | ||
| serverCertificate | ||
| return | short | |
protected virtual void NotifyClientCertificate(ServerHandshakeState state, Certificate clientCertificate)
{
if (state.certificateRequest == null)
{
throw new InvalidOperationException();
}
if (state.clientCertificate != null)
{
throw new TlsFatalAlert(AlertDescription.unexpected_message);
}
state.clientCertificate = clientCertificate;
if (clientCertificate.IsEmpty)
{
state.keyExchange.SkipClientCredentials();
}
else
{
/*
* TODO RFC 5246 7.4.6. If the certificate_authorities list in the certificate request
* message was non-empty, one of the certificates in the certificate chain SHOULD be
* issued by one of the listed CAs.
*/
state.clientCertificateType = TlsUtilities.GetClientCertificateType(clientCertificate,
state.serverCredentials.Certificate);
state.keyExchange.ProcessClientCertificate(clientCertificate);
}
/*
* RFC 5246 7.4.6. If the client does not send any certificates, the server MAY at its
* discretion either continue the handshake without client authentication, or respond with a
* fatal handshake_failure alert. Also, if some aspect of the certificate chain was
* unacceptable (e.g., it was not signed by a known, trusted CA), the server MAY at its
* discretion either continue the handshake (considering the client unauthenticated) or send
* a fatal alert.
*/
state.server.NotifyClientCertificate(clientCertificate);
}
protected virtual void NotifyClientCertificate(DtlsServerProtocol.ServerHandshakeState state, Certificate clientCertificate)
{
if (state.certificateRequest == null)
{
throw new InvalidOperationException();
}
if (state.clientCertificate != null)
{
throw new TlsFatalAlert(10);
}
state.clientCertificate = clientCertificate;
if (clientCertificate.IsEmpty)
{
state.keyExchange.SkipClientCredentials();
}
else
{
state.clientCertificateType = TlsUtilities.GetClientCertificateType(clientCertificate, state.serverCredentials.Certificate);
state.keyExchange.ProcessClientCertificate(clientCertificate);
}
state.server.NotifyClientCertificate(clientCertificate);
}
protected virtual void NotifyClientCertificate(Certificate clientCertificate)
{
if (this.mCertificateRequest == null)
{
throw new InvalidOperationException();
}
if (this.mPeerCertificate != null)
{
throw new TlsFatalAlert(10);
}
this.mPeerCertificate = clientCertificate;
if (clientCertificate.IsEmpty)
{
this.mKeyExchange.SkipClientCredentials();
}
else
{
this.mClientCertificateType = TlsUtilities.GetClientCertificateType(clientCertificate, this.mServerCredentials.Certificate);
this.mKeyExchange.ProcessClientCertificate(clientCertificate);
}
this.mTlsServer.NotifyClientCertificate(clientCertificate);
}
protected virtual void NotifyClientCertificate(ServerHandshakeState state, Certificate clientCertificate)
{
//IL_0008: Unknown result type (might be due to invalid IL or missing references)
if (state.certificateRequest == null)
{
throw new InvalidOperationException();
}
if (state.clientCertificate != null)
{
throw new TlsFatalAlert(10);
}
state.clientCertificate = clientCertificate;
if (clientCertificate.IsEmpty)
{
state.keyExchange.SkipClientCredentials();
}
else
{
state.clientCertificateType = TlsUtilities.GetClientCertificateType(clientCertificate, state.serverCredentials.Certificate);
state.keyExchange.ProcessClientCertificate(clientCertificate);
}
state.server.NotifyClientCertificate(clientCertificate);
}
