protected virtual void NotifyClientCertificate(ServerHandshakeState state, Certificate clientCertificate)
{
if (state.certificateRequest == null)
{
throw new InvalidOperationException();
}
if (state.clientCertificate != null)
{
throw new TlsFatalAlert(AlertDescription.unexpected_message);
}
state.clientCertificate = clientCertificate;
if (clientCertificate.IsEmpty)
{
state.keyExchange.SkipClientCredentials();
}
else
{
/*
* TODO RFC 5246 7.4.6. If the certificate_authorities list in the certificate request
* message was non-empty, one of the certificates in the certificate chain SHOULD be
* issued by one of the listed CAs.
*/
state.clientCertificateType = TlsUtilities.GetClientCertificateType(clientCertificate,
state.serverCredentials.Certificate);
state.keyExchange.ProcessClientCertificate(clientCertificate);
}
/*
* RFC 5246 7.4.6. If the client does not send any certificates, the server MAY at its
* discretion either continue the handshake without client authentication, or respond with a
* fatal handshake_failure alert. Also, if some aspect of the certificate chain was
* unacceptable (e.g., it was not signed by a known, trusted CA), the server MAY at its
* discretion either continue the handshake (considering the client unauthenticated) or send
* a fatal alert.
*/
state.server.NotifyClientCertificate(clientCertificate);
}
protected virtual void NotifyClientCertificate(Certificate clientCertificate)
{
if (mCertificateRequest == null)
{
throw new InvalidOperationException();
}
if (mPeerCertificate != null)
{
throw new TlsFatalAlert(10);
}
mPeerCertificate = clientCertificate;
if (clientCertificate.IsEmpty)
{
mKeyExchange.SkipClientCredentials();
}
else
{
mClientCertificateType = TlsUtilities.GetClientCertificateType(clientCertificate, mServerCredentials.Certificate);
mKeyExchange.ProcessClientCertificate(clientCertificate);
}
mTlsServer.NotifyClientCertificate(clientCertificate);
}