protected virtual void NotifyClientCertificate(Certificate clientCertificate)
 {
     if (mCertificateRequest == null)
     {
         throw new InvalidOperationException();
     }
     if (mPeerCertificate != null)
     {
         throw new TlsFatalAlert(10);
     }
     mPeerCertificate = clientCertificate;
     if (clientCertificate.IsEmpty)
     {
         mKeyExchange.SkipClientCredentials();
     }
     else
     {
         mClientCertificateType = TlsUtilities.GetClientCertificateType(clientCertificate, mServerCredentials.Certificate);
         mKeyExchange.ProcessClientCertificate(clientCertificate);
     }
     mTlsServer.NotifyClientCertificate(clientCertificate);
 }
예제 #2
0
 protected virtual void NotifyClientCertificate(Certificate clientCertificate)
 {
     //IL_0008: Unknown result type (might be due to invalid IL or missing references)
     if (mCertificateRequest == null)
     {
         throw new InvalidOperationException();
     }
     if (mPeerCertificate != null)
     {
         throw new TlsFatalAlert(10);
     }
     mPeerCertificate = clientCertificate;
     if (clientCertificate.IsEmpty)
     {
         mKeyExchange.SkipClientCredentials();
     }
     else
     {
         mClientCertificateType = TlsUtilities.GetClientCertificateType(clientCertificate, mServerCredentials.Certificate);
         mKeyExchange.ProcessClientCertificate(clientCertificate);
     }
     mTlsServer.NotifyClientCertificate(clientCertificate);
 }
    protected override void HandleHandshakeMessage(byte type, byte[] data)
    {
        MemoryStream memoryStream = new MemoryStream(data);

        switch (type)
        {
        case 1:
            switch (base.mConnectionState)
            {
            case 0:
            {
                ReceiveClientHelloMessage(memoryStream);
                base.mConnectionState = 1;
                SendServerHelloMessage();
                base.mConnectionState = 2;
                mRecordStream.NotifyHelloComplete();
                IList serverSupplementalData = mTlsServer.GetServerSupplementalData();
                if (serverSupplementalData != null)
                {
                    SendSupplementalDataMessage(serverSupplementalData);
                }
                base.mConnectionState = 3;
                mKeyExchange          = mTlsServer.GetKeyExchange();
                mKeyExchange.Init(Context);
                mServerCredentials = mTlsServer.GetCredentials();
                Certificate certificate = null;
                if (mServerCredentials == null)
                {
                    mKeyExchange.SkipServerCredentials();
                }
                else
                {
                    mKeyExchange.ProcessServerCredentials(mServerCredentials);
                    certificate = mServerCredentials.Certificate;
                    SendCertificateMessage(certificate);
                }
                base.mConnectionState = 4;
                if (certificate == null || certificate.IsEmpty)
                {
                    mAllowCertificateStatus = false;
                }
                if (mAllowCertificateStatus)
                {
                    CertificateStatus certificateStatus = mTlsServer.GetCertificateStatus();
                    if (certificateStatus != null)
                    {
                        SendCertificateStatusMessage(certificateStatus);
                    }
                }
                base.mConnectionState = 5;
                byte[] array = mKeyExchange.GenerateServerKeyExchange();
                if (array != null)
                {
                    SendServerKeyExchangeMessage(array);
                }
                base.mConnectionState = 6;
                if (mServerCredentials != null)
                {
                    mCertificateRequest = mTlsServer.GetCertificateRequest();
                    if (mCertificateRequest != null)
                    {
                        if (TlsUtilities.IsTlsV12(Context) != (mCertificateRequest.SupportedSignatureAlgorithms != null))
                        {
                            throw new TlsFatalAlert(80);
                        }
                        mKeyExchange.ValidateCertificateRequest(mCertificateRequest);
                        SendCertificateRequestMessage(mCertificateRequest);
                        TlsUtilities.TrackHashAlgorithms(mRecordStream.HandshakeHash, mCertificateRequest.SupportedSignatureAlgorithms);
                    }
                }
                base.mConnectionState = 7;
                SendServerHelloDoneMessage();
                base.mConnectionState = 8;
                mRecordStream.HandshakeHash.SealHashAlgorithms();
                break;
            }

            case 16:
                RefuseRenegotiation();
                break;

            default:
                throw new TlsFatalAlert(10);
            }
            break;

        case 23:
        {
            short mConnectionState = base.mConnectionState;
            if (mConnectionState == 8)
            {
                mTlsServer.ProcessClientSupplementalData(TlsProtocol.ReadSupplementalDataMessage(memoryStream));
                base.mConnectionState = 9;
                break;
            }
            throw new TlsFatalAlert(10);
        }

        case 11:
            switch (base.mConnectionState)
            {
            case 8:
            case 9:
                if (base.mConnectionState < 9)
                {
                    mTlsServer.ProcessClientSupplementalData(null);
                }
                if (mCertificateRequest == null)
                {
                    throw new TlsFatalAlert(10);
                }
                ReceiveCertificateMessage(memoryStream);
                base.mConnectionState = 10;
                break;

            default:
                throw new TlsFatalAlert(10);
            }
            break;

        case 16:
            switch (base.mConnectionState)
            {
            case 8:
            case 9:
            case 10:
                if (base.mConnectionState < 9)
                {
                    mTlsServer.ProcessClientSupplementalData(null);
                }
                if (base.mConnectionState < 10)
                {
                    if (mCertificateRequest == null)
                    {
                        mKeyExchange.SkipClientCredentials();
                    }
                    else
                    {
                        if (TlsUtilities.IsTlsV12(Context))
                        {
                            throw new TlsFatalAlert(10);
                        }
                        if (TlsUtilities.IsSsl(Context))
                        {
                            if (mPeerCertificate == null)
                            {
                                throw new TlsFatalAlert(10);
                            }
                        }
                        else
                        {
                            NotifyClientCertificate(Certificate.EmptyChain);
                        }
                    }
                }
                ReceiveClientKeyExchangeMessage(memoryStream);
                base.mConnectionState = 11;
                break;

            default:
                throw new TlsFatalAlert(10);
            }
            break;

        case 15:
        {
            short mConnectionState = base.mConnectionState;
            if (mConnectionState == 11)
            {
                if (!ExpectCertificateVerifyMessage())
                {
                    throw new TlsFatalAlert(10);
                }
                ReceiveCertificateVerifyMessage(memoryStream);
                base.mConnectionState = 12;
                break;
            }
            throw new TlsFatalAlert(10);
        }

        case 20:
            switch (base.mConnectionState)
            {
            case 11:
            case 12:
                if (base.mConnectionState < 12 && ExpectCertificateVerifyMessage())
                {
                    throw new TlsFatalAlert(10);
                }
                ProcessFinishedMessage(memoryStream);
                base.mConnectionState = 13;
                if (mExpectSessionTicket)
                {
                    SendNewSessionTicketMessage(mTlsServer.GetNewSessionTicket());
                    SendChangeCipherSpecMessage();
                }
                base.mConnectionState = 14;
                SendFinishedMessage();
                base.mConnectionState = 15;
                base.mConnectionState = 16;
                CompleteHandshake();
                break;

            default:
                throw new TlsFatalAlert(10);
            }
            break;

        default:
            throw new TlsFatalAlert(10);
        }
    }
예제 #4
0
        protected override void HandleHandshakeMessage(byte type, byte[] data)
        {
            //IL_0002: Unknown result type (might be due to invalid IL or missing references)
            //IL_0008: Expected O, but got Unknown
            MemoryStream val = new MemoryStream(data, false);

            if (mResumedSession)
            {
                if (type != 20 || mConnectionState != 2)
                {
                    throw new TlsFatalAlert(10);
                }
                ProcessFinishedMessage(val);
                mConnectionState = 15;
                SendFinishedMessage();
                mConnectionState = 13;
                mConnectionState = 16;
                CompleteHandshake();
                return;
            }
            switch (type)
            {
            case 11:
                switch (mConnectionState)
                {
                case 2:
                case 3:
                    if (mConnectionState == 2)
                    {
                        HandleSupplementalData(null);
                    }
                    mPeerCertificate = Certificate.Parse((Stream)(object)val);
                    TlsProtocol.AssertEmpty(val);
                    if (mPeerCertificate == null || mPeerCertificate.IsEmpty)
                    {
                        mAllowCertificateStatus = false;
                    }
                    mKeyExchange.ProcessServerCertificate(mPeerCertificate);
                    mAuthentication = mTlsClient.GetAuthentication();
                    mAuthentication.NotifyServerCertificate(mPeerCertificate);
                    mConnectionState = 4;
                    break;

                default:
                    throw new TlsFatalAlert(10);
                }
                break;

            case 22:
            {
                short num = mConnectionState;
                if (num == 4)
                {
                    if (!mAllowCertificateStatus)
                    {
                        throw new TlsFatalAlert(10);
                    }
                    mCertificateStatus = CertificateStatus.Parse((Stream)(object)val);
                    TlsProtocol.AssertEmpty(val);
                    mConnectionState = 5;
                    break;
                }
                throw new TlsFatalAlert(10);
            }

            case 20:
                switch (mConnectionState)
                {
                case 13:
                case 14:
                    if (mConnectionState == 13 && mExpectSessionTicket)
                    {
                        throw new TlsFatalAlert(10);
                    }
                    ProcessFinishedMessage(val);
                    mConnectionState = 15;
                    mConnectionState = 16;
                    CompleteHandshake();
                    break;

                default:
                    throw new TlsFatalAlert(10);
                }
                break;

            case 2:
            {
                short num = mConnectionState;
                if (num == 1)
                {
                    ReceiveServerHelloMessage(val);
                    mConnectionState = 2;
                    mRecordStream.NotifyHelloComplete();
                    ApplyMaxFragmentLengthExtension();
                    if (mResumedSession)
                    {
                        mSecurityParameters.masterSecret = Arrays.Clone(mSessionParameters.MasterSecret);
                        mRecordStream.SetPendingConnectionState(Peer.GetCompression(), Peer.GetCipher());
                        SendChangeCipherSpecMessage();
                        break;
                    }
                    InvalidateSession();
                    if (mSelectedSessionID.Length > 0)
                    {
                        mTlsSession = new TlsSessionImpl(mSelectedSessionID, null);
                    }
                    break;
                }
                throw new TlsFatalAlert(10);
            }

            case 23:
            {
                short num = mConnectionState;
                if (num == 2)
                {
                    HandleSupplementalData(TlsProtocol.ReadSupplementalDataMessage(val));
                    break;
                }
                throw new TlsFatalAlert(10);
            }

            case 14:
                switch (mConnectionState)
                {
                case 2:
                case 3:
                case 4:
                case 5:
                case 6:
                case 7:
                {
                    if (mConnectionState < 3)
                    {
                        HandleSupplementalData(null);
                    }
                    if (mConnectionState < 4)
                    {
                        mKeyExchange.SkipServerCredentials();
                        mAuthentication = null;
                    }
                    if (mConnectionState < 6)
                    {
                        mKeyExchange.SkipServerKeyExchange();
                    }
                    TlsProtocol.AssertEmpty(val);
                    mConnectionState = 8;
                    mRecordStream.HandshakeHash.SealHashAlgorithms();
                    global::System.Collections.IList clientSupplementalData = mTlsClient.GetClientSupplementalData();
                    if (clientSupplementalData != null)
                    {
                        SendSupplementalDataMessage(clientSupplementalData);
                    }
                    mConnectionState = 9;
                    TlsCredentials tlsCredentials = null;
                    if (mCertificateRequest == null)
                    {
                        mKeyExchange.SkipClientCredentials();
                    }
                    else
                    {
                        tlsCredentials = mAuthentication.GetClientCredentials(mCertificateRequest);
                        if (tlsCredentials == null)
                        {
                            mKeyExchange.SkipClientCredentials();
                            SendCertificateMessage(Certificate.EmptyChain);
                        }
                        else
                        {
                            mKeyExchange.ProcessClientCredentials(tlsCredentials);
                            SendCertificateMessage(tlsCredentials.Certificate);
                        }
                    }
                    mConnectionState = 10;
                    SendClientKeyExchangeMessage();
                    mConnectionState = 11;
                    TlsHandshakeHash tlsHandshakeHash = mRecordStream.PrepareToFinish();
                    mSecurityParameters.sessionHash = TlsProtocol.GetCurrentPrfHash(Context, tlsHandshakeHash, null);
                    TlsProtocol.EstablishMasterSecret(Context, mKeyExchange);
                    mRecordStream.SetPendingConnectionState(Peer.GetCompression(), Peer.GetCipher());
                    if (tlsCredentials != null && tlsCredentials is TlsSignerCredentials)
                    {
                        TlsSignerCredentials      tlsSignerCredentials      = (TlsSignerCredentials)tlsCredentials;
                        SignatureAndHashAlgorithm signatureAndHashAlgorithm = TlsUtilities.GetSignatureAndHashAlgorithm(Context, tlsSignerCredentials);
                        byte[]          hash              = ((signatureAndHashAlgorithm != null) ? tlsHandshakeHash.GetFinalHash(signatureAndHashAlgorithm.Hash) : mSecurityParameters.SessionHash);
                        byte[]          signature         = tlsSignerCredentials.GenerateCertificateSignature(hash);
                        DigitallySigned certificateVerify = new DigitallySigned(signatureAndHashAlgorithm, signature);
                        SendCertificateVerifyMessage(certificateVerify);
                        mConnectionState = 12;
                    }
                    SendChangeCipherSpecMessage();
                    SendFinishedMessage();
                    mConnectionState = 13;
                    break;
                }

                default:
                    throw new TlsFatalAlert(40);
                }
                break;

            case 12:
                switch (mConnectionState)
                {
                case 2:
                case 3:
                case 4:
                case 5:
                    if (mConnectionState < 3)
                    {
                        HandleSupplementalData(null);
                    }
                    if (mConnectionState < 4)
                    {
                        mKeyExchange.SkipServerCredentials();
                        mAuthentication = null;
                    }
                    mKeyExchange.ProcessServerKeyExchange((Stream)(object)val);
                    TlsProtocol.AssertEmpty(val);
                    mConnectionState = 6;
                    break;

                default:
                    throw new TlsFatalAlert(10);
                }
                break;

            case 13:
                switch (mConnectionState)
                {
                case 4:
                case 5:
                case 6:
                    if (mConnectionState != 6)
                    {
                        mKeyExchange.SkipServerKeyExchange();
                    }
                    if (mAuthentication == null)
                    {
                        throw new TlsFatalAlert(40);
                    }
                    mCertificateRequest = CertificateRequest.Parse(Context, (Stream)(object)val);
                    TlsProtocol.AssertEmpty(val);
                    mKeyExchange.ValidateCertificateRequest(mCertificateRequest);
                    TlsUtilities.TrackHashAlgorithms(mRecordStream.HandshakeHash, mCertificateRequest.SupportedSignatureAlgorithms);
                    mConnectionState = 7;
                    break;

                default:
                    throw new TlsFatalAlert(10);
                }
                break;

            case 4:
            {
                short num = mConnectionState;
                if (num == 13)
                {
                    if (!mExpectSessionTicket)
                    {
                        throw new TlsFatalAlert(10);
                    }
                    InvalidateSession();
                    ReceiveNewSessionTicketMessage(val);
                    mConnectionState = 14;
                    break;
                }
                throw new TlsFatalAlert(10);
            }

            case 0:
                TlsProtocol.AssertEmpty(val);
                if (mConnectionState == 16)
                {
                    RefuseRenegotiation();
                }
                break;

            default:
                throw new TlsFatalAlert(10);
            }
        }