public override AbstractCertificate ParseServerCertificate(short certificateType, Stream io) { switch (certificateType) { case CertificateType.CwtPublicKey: try { CwtPublicKey cwtPub = CwtPublicKey.Parse(io); CWT cwtServer = CWT.Decode(cwtPub.EncodedCwt(), CwtTrustKeySet, CwtTrustKeySet); AsymmetricKeyParameter pubKey = cwtServer.Cnf.Key.AsPublicKey(); SubjectPublicKeyInfo spi = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(pubKey); cwtPub.SetSubjectPublicKeyInfo(spi); return(cwtPub); } catch { return(null); } default: return(null); } }
public void GetCwtKey(CwtPublicKey rpk) { try { CWT cwt = CWT.Decode(rpk.EncodedCwt(), CwtTrustKeySet, CwtTrustKeySet); AsymmetricKeyParameter pub = cwt.Cnf.Key.AsPublicKey(); SubjectPublicKeyInfo spi = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(pub); rpk.SetSubjectPublicKeyInfo(spi); AuthenticationKey = cwt.Cnf.Key; return; } catch { } TlsEvent ev = new TlsEvent(TlsEvent.EventCode.ServerCertificate) { Certificate = rpk }; EventHandler <TlsEvent> handler = TlsEventHandler; if (handler != null) { handler(this, ev); } if (!ev.Processed) { throw new TlsFatalAlert(AlertDescription.certificate_unknown); } AuthenticationKey = ev.KeyValue; }
protected override TlsSignerCredentials GetECDsaSignerCredentials() { byte[] certTypes; if (mClientExtensions.Contains(ExtensionType.server_certificate_type)) { certTypes = (byte[])mClientExtensions[ExtensionType.server_certificate_type]; } else { certTypes = new byte[] { CertificateType.X509 }; } foreach (byte b in certTypes) { if (b == CertificateType.X509) { foreach (TlsKeyPair kp in _serverKeys) { if (b != kp.CertType) { continue; } OneKey k = kp.PrivateKey; if (k.HasKeyType((int)GeneralValuesInt.KeyType_EC2) && k.HasAlgorithm(AlgorithmValues.ECDSA_256)) { return(new DefaultTlsSignerCredentials( mContext, new Certificate(kp.X509Certificate), kp.PrivateKey.AsPrivateKey(), new SignatureAndHashAlgorithm(HashAlgorithm.sha256, SignatureAlgorithm.ecdsa))); } } } #if SUPPORT_RPK if (b == CertificateType.RawPublicKey) { foreach (TlsKeyPair kp in _serverKeys) { if (b != kp.CertType) { continue; } OneKey k = kp.PublicKey; if (k.HasKeyType((int)GeneralValuesInt.KeyType_EC2) && k.HasAlgorithm(AlgorithmValues.ECDSA_256)) { AsymmetricKeyParameter param = k.AsPublicKey(); SubjectPublicKeyInfo spi = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(param); return(new DefaultTlsSignerCredentials(mContext, new RawPublicKey(spi), kp.PrivateKey.AsPrivateKey(), new SignatureAndHashAlgorithm( HashAlgorithm.sha256, SignatureAlgorithm.ecdsa))); } } } #endif #if SUPPORT_TLS_CWT if (b == CertificateType.CwtPublicKey) { foreach (TlsKeyPair kp in _serverKeys) { if (b != kp.CertType) { continue; } OneKey k = kp.PrivateKey; if (k.HasKeyType((int)GeneralValuesInt.KeyType_EC2) && k.HasAlgorithm(AlgorithmValues.ECDSA_256)) { CwtPublicKey cwtKey = new CwtPublicKey(kp.PublicCwt.EncodeToBytes()); AsymmetricKeyParameter pubKey = kp.PublicCwt.Cnf.CoseKey.AsPublicKey(); cwtKey.SetSubjectPublicKeyInfo(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(pubKey)); return(new DefaultTlsSignerCredentials( mContext, cwtKey, kp.PrivateKey.AsPrivateKey(), new SignatureAndHashAlgorithm(HashAlgorithm.sha256, SignatureAlgorithm.ecdsa))); } } } #endif } // If we did not fine appropriate signer credentials - ask for help TlsEvent e = new TlsEvent(TlsEvent.EventCode.SignCredentials) { CipherSuite = KeyExchangeAlgorithm.ECDHE_ECDSA }; EventHandler <TlsEvent> handler = TlsEventHandler; if (handler != null) { handler(this, e); } if (e.SignerCredentials != null) { return(e.SignerCredentials); } throw new TlsFatalAlert(AlertDescription.internal_error); }