protected override Result Fragment_ClientCertificate(Fragments.Certificate frag)
{
if (State == TLSSessionState.Client_ChangeCipherSpec)
{
if (ClientCertificatesCallback != null)
{
var valid = ClientCertificatesCallback(frag.Certs);
if (!valid)
{
return(Result.FatalAlert(AlertDescription.bad_certificate, "Client Certificate invalid"));
}
_clientCertificates = frag.Certs.ToArray();
State = TLSSessionState.Client_Certificate;
}
else
{
throw new ArgumentNullException("NegotiationParams Configed ClientCertificateRequire = true, but ClientCertificateVerifyCallback is null");
}
return(null);
}
else
{
return(Result.FatalAlert(AlertDescription.unexpected_message, $"State [{State}] check failed on Client_Certificate message"));
}
}
Result Fragment_ClientHello_RSA(Fragments.ClientHello frag)
{
var serverhelloBody = new Fragments.ServerHello(ProtocolVersion.TLSv1_2, _params.ServerRandom, _params.Session, _params.Cipher.CipherSuite);
var certificateBody = new Fragments.Certificate(new[] { new X509Certificate2(_pubkeyfile) }, false);
var serverhellodoneBody = new Fragments.ServerHelloDone();
var responseFragments = _params.ClientCertificateRequire
? new[]
{
new Handshakes.Fragment(HandshakeType.Server_Hello, serverhelloBody),
new Handshakes.Fragment(HandshakeType.Certificate, certificateBody),
new Handshakes.Fragment(HandshakeType.Certificate_Request, new Fragments.CertificateRequest()),
new Handshakes.Fragment(HandshakeType.Server_Hello_Done, serverhellodoneBody)
}
: new[]
{
new Handshakes.Fragment(HandshakeType.Server_Hello, serverhelloBody),
new Handshakes.Fragment(HandshakeType.Certificate, certificateBody),
new Handshakes.Fragment(HandshakeType.Server_Hello_Done, serverhellodoneBody)
};
foreach (var f in responseFragments)
{
AppendHandshakeMessages(f);
LogSessionInfo(f.Body);
}
return(new PacketResult(new[] { new Records.Handshake(responseFragments) }));
}
Result Fragment_ClientHello_ECDH(Fragments.ClientHello frag)
{
var ecdhpub = GeneratePubKey();
var signdata = _params.ClientRandom.Data.Concat(_params.ServerRandom.Data).Concat(Fragments.ServerKeyExchange.ServerECDHParams(_params.KeyExchangeCurve, ecdhpub)).ToArray();
var signature = MakeSignatureWithCertificate(signdata);
var serverhelloBody = new Fragments.ServerHello(ProtocolVersion.TLSv1_2, _params.ServerRandom, _params.Session, _params.Cipher.CipherSuite);
var certificateBody = new Fragments.Certificate(new[] { new X509Certificate2(_pubkeyfile) }, false);
var serverkeyexBody = new Fragments.ServerKeyExchange(_params.KeyExchangeCurve, ecdhpub, _params.SignatureAlgorithm, signature);
var serverhellodoneBody = new Fragments.ServerHelloDone();
var responseFragments = _params.ClientCertificateRequire
? new[]
{
new Handshakes.Fragment(HandshakeType.Server_Hello, serverhelloBody),
new Handshakes.Fragment(HandshakeType.Certificate, certificateBody),
new Handshakes.Fragment(HandshakeType.Server_Key_Exchange, serverkeyexBody),
new Handshakes.Fragment(HandshakeType.Certificate_Request, new Fragments.CertificateRequest()),
new Handshakes.Fragment(HandshakeType.Server_Hello_Done, serverhellodoneBody)
}
: new[]
{
new Handshakes.Fragment(HandshakeType.Server_Hello, serverhelloBody),
new Handshakes.Fragment(HandshakeType.Certificate, certificateBody),
new Handshakes.Fragment(HandshakeType.Server_Key_Exchange, serverkeyexBody),
new Handshakes.Fragment(HandshakeType.Server_Hello_Done, serverhellodoneBody)
};
foreach (var f in responseFragments)
{
AppendHandshakeMessages(f);
LogSessionInfo(f.Body);
}
return(new PacketResult(new[] { new Records.Handshake(responseFragments) }));
}
