public void AddCertificate(X509CertificateCollection certificate, CertificatePrivateKey privateKey)
{
if (certificate == null)
throw new ArgumentNullException("certificate");
if (privateKey == null)
throw new ArgumentNullException("privateKey");
if (certificate.Count == 0)
throw new ArgumentException("certificate");
_availableCertificates.Add(certificate);
_availablePrivateKeys.Add(privateKey);
}
protected byte[] GenerateSignature(CertificatePrivateKey privateKey, byte[] data)
{
// This array contains our results
byte[] signedParams = new byte[0];
byte[] temp;
// Get the corresponding signer for private key
SignatureAlgorithm sigAlg = _pluginManager.GetSignatureAlgorithmByOid(privateKey.Oid);
if (sigAlg == null)
{
throw new AlertException(AlertDescription.IllegalParameter,
"Signer for given private key not found");
}
// Select hash algorithm, null means SSLv3/TLSv1 hash
HashAlgorithm hashAlgorithm = null;
if (_version.HasSelectableSighash)
{
// FIXME: Not checked to be same as negotiated, but SHA-1 should be safe
//byte hashAlgorithmType = 2; // SHA-1
byte hashAlgorithmType = 4; // for LMN we use SHA256
byte signAlgorithmType = sigAlg.SignatureAlgorithmType;
hashAlgorithm = GetSignatureHashAlgorithm(sigAlg, hashAlgorithmType);
// Update signed parameters
temp = new byte[signedParams.Length + 2];
Buffer.BlockCopy(signedParams, 0, temp, 0, signedParams.Length);
temp[signedParams.Length] = hashAlgorithmType;
temp[signedParams.Length + 1] = signAlgorithmType;
signedParams = temp;
}
// Sign the actual data
byte[] signature = sigAlg.SignData(_version, data, hashAlgorithm, privateKey);
// Add signature to the end of the signedParams
temp = new byte[signedParams.Length + 2 + signature.Length];
Buffer.BlockCopy(signedParams, 0, temp, 0, signedParams.Length);
temp[signedParams.Length] = (byte)(signature.Length >> 8);
temp[signedParams.Length + 1] = (byte)(signature.Length);
Buffer.BlockCopy(signature, 0, temp, signedParams.Length + 2, signature.Length);
signedParams = temp;
return signedParams;
}