public ServerHandshakeSession(SecurityParameters securityParameters)
: base(securityParameters)
{
if (securityParameters.ServerCertificateSelectionCallback != null)
{
_certificateSelectionCallback = securityParameters.ServerCertificateSelectionCallback;
}
else
{
_certificateSelectionCallback = new ServerCertificateSelectionCallback(DefaultCertificateSelectionCallback);
}
_availableCertificates = new List <X509CertificateCollection>();
_availableCertificates.AddRange(securityParameters.AvailableCertificates);
_availablePrivateKeys = new List <CertificatePrivateKey>();
_availablePrivateKeys.AddRange(securityParameters.AvailablePrivateKeys);
if (securityParameters.ClientCertificateTypes.Count > 0)
{
_certificateRequest = new HandshakeCertificateRequest(_version);
_certificateRequest.CertificateTypes.AddRange(securityParameters.ClientCertificateTypes);
_certificateRequest.SignatureAndHashAlgorithms.AddRange(_pluginManager.GetSupportedSignatureAndHashAlgorithms());
_certificateRequest.CertificateAuthorities.AddRange(securityParameters.ClientCertificateAuthorities);
}
}
protected override void ProcessCertificateRequest(HandshakeCertificateRequest request)
{
if (_state != HandshakeState.ReceivedCertificate &&
_state != HandshakeState.ReceivedServerKeyExchange)
{
throw new AlertException(AlertDescription.UnexpectedMessage,
"Certificate request received at the wrong time");
}
if (_cipherSuite.IsAnonymous)
{
throw new AlertException(AlertDescription.HandshakeFailure,
"Certificate request on anonymous cipher suite received");
}
// Mark client certificate as requested
_clientCertificateRequested = true;
this.logger?.Debug("Client certificate requested");
this.logger?.Trace("Types:");
for (int i = 0; i < request.CertificateTypes.Count; i++)
{
this.logger?.Trace(" " + i + ": " + request.CertificateTypes[i]);
}
this.logger?.Trace("Algorithms:");
for (int i = 0; i < request.SignatureAndHashAlgorithms.Count; i++)
{
this.logger?.Trace(" " + i + ": " + request.SignatureAndHashAlgorithms[i]);
}
// Wait for server hello done
_state = HandshakeState.ReceivedCertificateRequest;
}
protected virtual void ProcessCertificateRequest(HandshakeCertificateRequest request) { InvalidMessageReceived(); }
protected virtual void ProcessCertificateRequest(HandshakeCertificateRequest request)
{
InvalidMessageReceived();
}
public static HandshakeMessage GetInstance(ProtocolVersion version, byte[] data)
{
HandshakeMessage ret = null;
switch ((HandshakeMessageType) data[0]) {
case HandshakeMessageType.HelloRequest:
ret = new HandshakeMessage(HandshakeMessageType.HelloRequest, version);
break;
case HandshakeMessageType.ClientHello:
ret = new HandshakeClientHello();
break;
case HandshakeMessageType.ServerHello:
ret = new HandshakeServerHello();
break;
case HandshakeMessageType.HelloVerifyRequest:
ret = new HandshakeMessage(HandshakeMessageType.HelloVerifyRequest, version);
break;
case HandshakeMessageType.NewSessionTicket:
ret = new HandshakeMessage(HandshakeMessageType.NewSessionTicket, version);
break;
case HandshakeMessageType.Certificate:
ret = new HandshakeCertificate(version);
break;
case HandshakeMessageType.ServerKeyExchange:
ret = new HandshakeMessage(HandshakeMessageType.ServerKeyExchange, version);
break;
case HandshakeMessageType.CertificateRequest:
ret = new HandshakeCertificateRequest(version);
break;
case HandshakeMessageType.ServerHelloDone:
ret = new HandshakeMessage(HandshakeMessageType.ServerHelloDone, version);
break;
case HandshakeMessageType.CertificateVerify:
ret = new HandshakeMessage(HandshakeMessageType.CertificateVerify, version);
break;
case HandshakeMessageType.ClientKeyExchange:
ret = new HandshakeMessage(HandshakeMessageType.ClientKeyExchange, version);
break;
case HandshakeMessageType.Finished:
ret = new HandshakeMessage(HandshakeMessageType.Finished, version);
break;
}
if (ret != null) {
ret.Decode(data);
return ret;
}
return null;
}
public ServerHandshakeSession(SecurityParameters securityParameters, ILogger logger)
: base(securityParameters, logger)
{
if (securityParameters.ServerCertificateSelectionCallback != null)
{
_certificateSelectionCallback = securityParameters.ServerCertificateSelectionCallback;
}
else
{
_certificateSelectionCallback = new ServerCertificateSelectionCallback(DefaultCertificateSelectionCallback);
}
if (securityParameters.ServerCertificateValidationCallback != null)
{
_certificateValidationCallback = securityParameters.ServerCertificateValidationCallback;
}
_availableCertificates = new List<X509CertificateCollection>();
_availableCertificates.AddRange(securityParameters.AvailableCertificates);
_availablePrivateKeys = new List<CertificatePrivateKey>();
_availablePrivateKeys.AddRange(securityParameters.AvailablePrivateKeys);
if (securityParameters.ClientCertificateTypes.Count > 0)
{
_certificateRequest = new HandshakeCertificateRequest(_version);
_certificateRequest.CertificateTypes.AddRange(securityParameters.ClientCertificateTypes);
_certificateRequest.SignatureAndHashAlgorithms.AddRange(_pluginManager.GetSupportedSignatureAndHashAlgorithms());
_certificateRequest.CertificateAuthorities.AddRange(securityParameters.ClientCertificateAuthorities);
}
}
protected override void ProcessCertificateRequest(HandshakeCertificateRequest request)
{
if (_state != HandshakeState.ReceivedCertificate &&
_state != HandshakeState.ReceivedServerKeyExchange)
{
throw new AlertException(AlertDescription.UnexpectedMessage,
"Certificate request received at the wrong time");
}
if (_cipherSuite.IsAnonymous)
{
throw new AlertException(AlertDescription.HandshakeFailure,
"Certificate request on anonymous cipher suite received");
}
// Mark client certificate as requested
_clientCertificateRequested = true;
this.logger?.Debug("Client certificate requested");
this.logger?.Trace("Types:");
for (int i = 0; i < request.CertificateTypes.Count; i++)
{
this.logger?.Trace(" " + i + ": " + request.CertificateTypes[i]);
}
this.logger?.Trace("Algorithms:");
for (int i = 0; i < request.SignatureAndHashAlgorithms.Count; i++)
{
this.logger?.Trace(" " + i + ": " + request.SignatureAndHashAlgorithms[i]);
}
// Wait for server hello done
_state = HandshakeState.ReceivedCertificateRequest;
}