protected override Result Fragment_ClientCertificate(Fragments.Certificate frag) { if (State == TLSSessionState.Client_ChangeCipherSpec) { if (ClientCertificatesCallback != null) { var valid = ClientCertificatesCallback(frag.Certs); if (!valid) { return(Result.FatalAlert(AlertDescription.bad_certificate, "Client Certificate invalid")); } _clientCertificates = frag.Certs.ToArray(); State = TLSSessionState.Client_Certificate; } else { throw new ArgumentNullException("NegotiationParams Configed ClientCertificateRequire = true, but ClientCertificateVerifyCallback is null"); } return(null); } else { return(Result.FatalAlert(AlertDescription.unexpected_message, $"State [{State}] check failed on Client_Certificate message")); } }
Result Fragment_ClientHello_RSA(Fragments.ClientHello frag) { var serverhelloBody = new Fragments.ServerHello(ProtocolVersion.TLSv1_2, _params.ServerRandom, _params.Session, _params.Cipher.CipherSuite); var certificateBody = new Fragments.Certificate(new[] { new X509Certificate2(_pubkeyfile) }, false); var serverhellodoneBody = new Fragments.ServerHelloDone(); var responseFragments = _params.ClientCertificateRequire ? new[] { new Handshakes.Fragment(HandshakeType.Server_Hello, serverhelloBody), new Handshakes.Fragment(HandshakeType.Certificate, certificateBody), new Handshakes.Fragment(HandshakeType.Certificate_Request, new Fragments.CertificateRequest()), new Handshakes.Fragment(HandshakeType.Server_Hello_Done, serverhellodoneBody) } : new[] { new Handshakes.Fragment(HandshakeType.Server_Hello, serverhelloBody), new Handshakes.Fragment(HandshakeType.Certificate, certificateBody), new Handshakes.Fragment(HandshakeType.Server_Hello_Done, serverhellodoneBody) }; foreach (var f in responseFragments) { AppendHandshakeMessages(f); LogSessionInfo(f.Body); } return(new PacketResult(new[] { new Records.Handshake(responseFragments) })); }
Result Fragment_ClientHello_ECDH(Fragments.ClientHello frag) { var ecdhpub = GeneratePubKey(); var signdata = _params.ClientRandom.Data.Concat(_params.ServerRandom.Data).Concat(Fragments.ServerKeyExchange.ServerECDHParams(_params.KeyExchangeCurve, ecdhpub)).ToArray(); var signature = MakeSignatureWithCertificate(signdata); var serverhelloBody = new Fragments.ServerHello(ProtocolVersion.TLSv1_2, _params.ServerRandom, _params.Session, _params.Cipher.CipherSuite); var certificateBody = new Fragments.Certificate(new[] { new X509Certificate2(_pubkeyfile) }, false); var serverkeyexBody = new Fragments.ServerKeyExchange(_params.KeyExchangeCurve, ecdhpub, _params.SignatureAlgorithm, signature); var serverhellodoneBody = new Fragments.ServerHelloDone(); var responseFragments = _params.ClientCertificateRequire ? new[] { new Handshakes.Fragment(HandshakeType.Server_Hello, serverhelloBody), new Handshakes.Fragment(HandshakeType.Certificate, certificateBody), new Handshakes.Fragment(HandshakeType.Server_Key_Exchange, serverkeyexBody), new Handshakes.Fragment(HandshakeType.Certificate_Request, new Fragments.CertificateRequest()), new Handshakes.Fragment(HandshakeType.Server_Hello_Done, serverhellodoneBody) } : new[] { new Handshakes.Fragment(HandshakeType.Server_Hello, serverhelloBody), new Handshakes.Fragment(HandshakeType.Certificate, certificateBody), new Handshakes.Fragment(HandshakeType.Server_Key_Exchange, serverkeyexBody), new Handshakes.Fragment(HandshakeType.Server_Hello_Done, serverhellodoneBody) }; foreach (var f in responseFragments) { AppendHandshakeMessages(f); LogSessionInfo(f.Body); } return(new PacketResult(new[] { new Records.Handshake(responseFragments) })); }