public override CertificateRequest GetCertificateRequest()
{
IList serverSigAlgs = null;
if (TlsUtilities.IsSignatureAlgorithmsExtensionAllowed(mServerVersion))
{
byte[] hashAlgorithms = new byte[] { HashAlgorithm.sha512, HashAlgorithm.sha384, HashAlgorithm.sha256,
HashAlgorithm.sha224, HashAlgorithm.sha1 };
byte[] signatureAlgorithms = new byte[] { SignatureAlgorithm.rsa };
serverSigAlgs = new ArrayList();
for (int i = 0; i < hashAlgorithms.Length; ++i)
{
for (int j = 0; j < signatureAlgorithms.Length; ++j)
{
serverSigAlgs.Add(new SignatureAndHashAlgorithm(hashAlgorithms[i],
signatureAlgorithms[j]));
}
}
}
IList certificateAuthorities = new ArrayList();
certificateAuthorities.Add(TlsTestUtilities.LoadCertificateResource("x509-ca.pem").Subject);
return(new CertificateRequest(new byte[] { ClientCertificateType.rsa_sign }, serverSigAlgs, certificateAuthorities));
}
public override CertificateRequest GetCertificateRequest()
{
if (mConfig.serverCertReq == TlsTestConfig.SERVER_CERT_REQ_NONE)
{
return(null);
}
byte[] certificateTypes = new byte[] { ClientCertificateType.rsa_sign,
ClientCertificateType.dss_sign, ClientCertificateType.ecdsa_sign };
IList serverSigAlgs = null;
if (TlsUtilities.IsSignatureAlgorithmsExtensionAllowed(mServerVersion))
{
serverSigAlgs = mConfig.serverCertReqSigAlgs;
if (serverSigAlgs == null)
{
serverSigAlgs = TlsUtilities.GetDefaultSupportedSignatureAlgorithms();
}
}
IList certificateAuthorities = new ArrayList();
certificateAuthorities.Add(TlsTestUtilities.LoadCertificateResource("x509-ca.pem").Subject);
return(new CertificateRequest(certificateTypes, serverSigAlgs, certificateAuthorities));
}
public virtual void NotifyServerCertificate(Certificate serverCertificate)
{
bool isEmpty = serverCertificate == null || serverCertificate.IsEmpty;
X509CertificateStructure[] chain = serverCertificate.GetCertificateList();
// TODO Cache test resources?
if (isEmpty || !(
chain[0].Equals(TlsTestUtilities.LoadCertificateResource("x509-server-dsa.pem")) ||
chain[0].Equals(TlsTestUtilities.LoadCertificateResource("x509-server-ecdsa.pem")) ||
chain[0].Equals(TlsTestUtilities.LoadCertificateResource("x509-server-rsa-enc.pem")) ||
chain[0].Equals(TlsTestUtilities.LoadCertificateResource("x509-server-rsa-sign.pem"))
))
{
throw new TlsFatalAlert(AlertDescription.bad_certificate);
}
if (TlsTestConfig.DEBUG)
{
Console.WriteLine("TLS client received server certificate chain of length " + chain.Length);
for (int i = 0; i != chain.Length; i++)
{
X509CertificateStructure entry = chain[i];
// TODO Create fingerprint based on certificate signature algorithm digest
Console.WriteLine(" fingerprint:SHA-256 " + TlsTestUtilities.Fingerprint(entry) + " ("
+ entry.Subject + ")");
}
}
}
public override void NotifyClientCertificate(Certificate clientCertificate)
{
bool isEmpty = (clientCertificate == null || clientCertificate.IsEmpty);
if (isEmpty != (mConfig.clientAuth == TlsTestConfig.CLIENT_AUTH_NONE))
{
throw new InvalidOperationException();
}
if (isEmpty && (mConfig.serverCertReq == TlsTestConfig.SERVER_CERT_REQ_MANDATORY))
{
throw new TlsFatalAlert(AlertDescription.handshake_failure);
}
X509CertificateStructure[] chain = clientCertificate.GetCertificateList();
// TODO Cache test resources?
if (!isEmpty && !(chain[0].Equals(TlsTestUtilities.LoadCertificateResource("x509-client.pem")) ||
chain[0].Equals(TlsTestUtilities.LoadCertificateResource("x509-client-dsa.pem")) ||
chain[0].Equals(TlsTestUtilities.LoadCertificateResource("x509-client-ecdsa.pem"))))
{
throw new TlsFatalAlert(AlertDescription.bad_certificate);
}
if (TlsTestConfig.DEBUG)
{
Console.WriteLine("TLS server received client certificate chain of length " + chain.Length);
for (int i = 0; i != chain.Length; i++)
{
X509CertificateStructure entry = chain[i];
// TODO Create fingerprint based on certificate signature algorithm digest
Console.WriteLine(" fingerprint:SHA-256 " + TlsTestUtilities.Fingerprint(entry) + " ("
+ entry.Subject + ")");
}
}
}