public override CertificateRequest GetCertificateRequest() { if (mConfig.serverCertReq == TlsTestConfig.SERVER_CERT_REQ_NONE) { return(null); } byte[] certificateTypes = new byte[] { ClientCertificateType.rsa_sign, ClientCertificateType.dss_sign, ClientCertificateType.ecdsa_sign }; IList serverSigAlgs = null; if (TlsUtilities.IsSignatureAlgorithmsExtensionAllowed(mServerVersion)) { serverSigAlgs = mConfig.serverCertReqSigAlgs; if (serverSigAlgs == null) { serverSigAlgs = TlsUtilities.GetDefaultSupportedSignatureAlgorithms(); } } IList certificateAuthorities = new ArrayList(); certificateAuthorities.Add(TlsTestUtilities.LoadCertificateResource("x509-ca.pem").Subject); return(new CertificateRequest(certificateTypes, serverSigAlgs, certificateAuthorities)); }
public virtual IDictionary GetClientExtensions() { IDictionary dictionary = null; ProtocolVersion clientVersion = mContext.ClientVersion; if (TlsUtilities.IsSignatureAlgorithmsExtensionAllowed(clientVersion)) { mSupportedSignatureAlgorithms = TlsUtilities.GetDefaultSupportedSignatureAlgorithms(); dictionary = TlsExtensionsUtilities.EnsureExtensionsInitialised(dictionary); TlsUtilities.AddSignatureAlgorithmsExtension(dictionary, mSupportedSignatureAlgorithms); } if (TlsEccUtilities.ContainsEccCipherSuites(GetCipherSuites())) { mNamedCurves = new int[2] { 23, 24 }; mClientECPointFormats = new byte[3] { 0, 1, 2 }; dictionary = TlsExtensionsUtilities.EnsureExtensionsInitialised(dictionary); TlsEccUtilities.AddSupportedEllipticCurvesExtension(dictionary, mNamedCurves); TlsEccUtilities.AddSupportedPointFormatsExtension(dictionary, mClientECPointFormats); } return(dictionary); }
public virtual IDictionary GetClientExtensions() { IDictionary clientExtensions = null; ProtocolVersion clientVersion = mContext.ClientVersion; /* * RFC 5246 7.4.1.4.1. Note: this extension is not meaningful for TLS versions prior to 1.2. * Clients MUST NOT offer it if they are offering prior versions. */ if (TlsUtilities.IsSignatureAlgorithmsExtensionAllowed(clientVersion)) { // TODO Provide a way for the user to specify the acceptable hash/signature algorithms. this.mSupportedSignatureAlgorithms = TlsUtilities.GetDefaultSupportedSignatureAlgorithms(); clientExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(clientExtensions); TlsUtilities.AddSignatureAlgorithmsExtension(clientExtensions, mSupportedSignatureAlgorithms); } if (TlsEccUtilities.ContainsEccCipherSuites(GetCipherSuites())) { /* * RFC 4492 5.1. A client that proposes ECC cipher suites in its ClientHello message * appends these extensions (along with any others), enumerating the curves it supports * and the point formats it can parse. Clients SHOULD send both the Supported Elliptic * Curves Extension and the Supported Point Formats Extension. */ /* * TODO Could just add all the curves since we support them all, but users may not want * to use unnecessarily large fields. Need configuration options. */ this.mNamedCurves = new int[] { NamedCurve.secp256r1, NamedCurve.secp384r1 }; this.mClientECPointFormats = new byte[] { ECPointFormat.uncompressed, ECPointFormat.ansiX962_compressed_prime, ECPointFormat.ansiX962_compressed_char2, }; clientExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(clientExtensions); TlsEccUtilities.AddSupportedEllipticCurvesExtension(clientExtensions, mNamedCurves); TlsEccUtilities.AddSupportedPointFormatsExtension(clientExtensions, mClientECPointFormats); } if (this.HostNames != null && this.HostNames.Count > 0) { var list = new System.Collections.Generic.List <ServerName>(this.HostNames.Count); for (int i = 0; i < this.HostNames.Count; ++i) { list.Add(new ServerName(Tls.NameType.host_name, this.HostNames[i])); } TlsExtensionsUtilities.AddServerNameExtension(clientExtensions, new ServerNameList(list)); } return(clientExtensions); }
public override CertificateRequest GetCertificateRequest() { byte[] certificateTypes = new byte[] { ClientCertificateType.rsa_sign, ClientCertificateType.ecdsa_sign }; IList serverSigAlgs = null; if (TlsUtilities.IsSignatureAlgorithmsExtensionAllowed(mServerVersion)) { serverSigAlgs = TlsUtilities.GetDefaultSupportedSignatureAlgorithms(); } return(new CertificateRequest(certificateTypes, serverSigAlgs, null)); }