protected virtual void HandleCertificateVerify(TlsCertificateVerify message)
{
PendingCrypto.CertificateSignatureType = message.Algorithm;
PendingCrypto.CertificateSignature = message.Signature;
var certificate = PendingCrypto.ClientCertificates [0];
if (!HandshakeParameters.HandshakeMessages.VerifySignature(PendingCrypto.CertificateSignatureType, certificate.RSA, PendingCrypto.CertificateSignature))
{
throw new TlsException(AlertDescription.HandshakeFailure);
}
}
protected override MessageStatus HandleMessage(Message message)
{
switch (message.Type)
{
case HandshakeType.Certificate:
if (!Session.AskedForCertificate)
{
throw new TlsException(AlertDescription.UnexpectedMessage);
}
certificate = (TlsCertificate)message;
HandleCertificate(certificate);
return(MessageStatus.ContinueNeeded);
case HandshakeType.ClientKeyExchange:
if (Settings.RequireClientCertificate && certificate == null)
{
throw new TlsException(AlertDescription.UnexpectedMessage, "Peer did not respond with a certificate.");
}
keyExchange = (TlsClientKeyExchange)message;
HandleClientKeyExchange(keyExchange);
return(MessageStatus.ContinueNeeded);
case HandshakeType.ChanceCipherSpec:
if (Settings.RequireClientCertificate && certificateVerify == null)
{
throw new TlsException(AlertDescription.UnexpectedMessage, "Missing CertificateVerify message.");
}
cipherSpec = (TlsChangeCipherSpec)message;
HandleChangeCipherSpec(cipherSpec);
return(MessageStatus.ContinueNeeded);
case HandshakeType.Finished:
finished = (TlsFinished)message;
HandleFinished(finished);
return(MessageStatus.Finished);
case HandshakeType.CertificateVerify:
certificateVerify = (TlsCertificateVerify)message;
HandleCertificateVerify(certificateVerify);
return(MessageStatus.ContinueNeeded);
default:
throw new InvalidOperationException();
}
}
protected virtual void HandleCertificateVerify(TlsCertificateVerify message)
{
Context.SignatureProvider.AssertProtocol(Context, message.Signature.Protocol);
if (Context.NegotiatedProtocol == TlsProtocolCode.Tls12)
{
var signature12 = (SignatureTls12)message.Signature;
Context.SignatureProvider.AssertCertificateVerifySignatureAlgorithm(Context, signature12.SignatureAlgorithm);
}
PendingCrypto.CertificateSignature = message.Signature;
var certificate = PendingCrypto.ClientCertificates [0];
if (!HandshakeParameters.HandshakeMessages.VerifySignature(PendingCrypto.CertificateSignature, certificate.RSA))
{
throw new TlsException(AlertDescription.HandshakeFailure);
}
}
protected override MessageStatus HandleMessage (Message message)
{
switch (message.Type) {
case HandshakeType.Certificate:
if (!Session.AskedForCertificate)
throw new TlsException (AlertDescription.UnexpectedMessage);
certificate = (TlsCertificate)message;
HandleCertificate (certificate);
return MessageStatus.ContinueNeeded;
case HandshakeType.ClientKeyExchange:
if (Settings.RequireClientCertificate && certificate == null)
throw new TlsException (AlertDescription.UnexpectedMessage, "Peer did not respond with a certificate.");
keyExchange = (TlsClientKeyExchange)message;
HandleClientKeyExchange (keyExchange);
return MessageStatus.ContinueNeeded;
case HandshakeType.ChanceCipherSpec:
if (Settings.RequireClientCertificate && certificateVerify == null)
throw new TlsException (AlertDescription.UnexpectedMessage, "Missing CertificateVerify message.");
cipherSpec = (TlsChangeCipherSpec)message;
HandleChangeCipherSpec (cipherSpec);
return MessageStatus.ContinueNeeded;
case HandshakeType.Finished:
finished = (TlsFinished)message;
HandleFinished (finished);
return MessageStatus.Finished;
case HandshakeType.CertificateVerify:
certificateVerify = (TlsCertificateVerify)message;
HandleCertificateVerify (certificateVerify);
return MessageStatus.ContinueNeeded;
default:
throw new InvalidOperationException ();
}
}
private void _read()
{
_msgType = ((TlsPacket.TlsHandshakeType)m_io.ReadU1());
_length = new TlsLength(m_io, this, m_root);
switch (MsgType)
{
case TlsPacket.TlsHandshakeType.HelloRequest: {
__raw_body = m_io.ReadBytes(Length.Value);
var io___raw_body = new KaitaiStream(__raw_body);
_body = new TlsHelloRequest(io___raw_body, this, m_root);
break;
}
case TlsPacket.TlsHandshakeType.Certificate: {
__raw_body = m_io.ReadBytes(Length.Value);
var io___raw_body = new KaitaiStream(__raw_body);
_body = new TlsCertificate(io___raw_body, this, m_root);
break;
}
case TlsPacket.TlsHandshakeType.CertificateVerify: {
__raw_body = m_io.ReadBytes(Length.Value);
var io___raw_body = new KaitaiStream(__raw_body);
_body = new TlsCertificateVerify(io___raw_body, this, m_root);
break;
}
case TlsPacket.TlsHandshakeType.ServerKeyExchange: {
__raw_body = m_io.ReadBytes(Length.Value);
var io___raw_body = new KaitaiStream(__raw_body);
_body = new TlsServerKeyExchange(io___raw_body, this, m_root);
break;
}
case TlsPacket.TlsHandshakeType.ClientHello: {
__raw_body = m_io.ReadBytes(Length.Value);
var io___raw_body = new KaitaiStream(__raw_body);
_body = new TlsClientHello(io___raw_body, this, m_root);
break;
}
case TlsPacket.TlsHandshakeType.ClientKeyExchange: {
__raw_body = m_io.ReadBytes(Length.Value);
var io___raw_body = new KaitaiStream(__raw_body);
_body = new TlsClientKeyExchange(io___raw_body, this, m_root);
break;
}
case TlsPacket.TlsHandshakeType.ServerHello: {
__raw_body = m_io.ReadBytes(Length.Value);
var io___raw_body = new KaitaiStream(__raw_body);
_body = new TlsServerHello(io___raw_body, this, m_root);
break;
}
case TlsPacket.TlsHandshakeType.CertificateRequest: {
__raw_body = m_io.ReadBytes(Length.Value);
var io___raw_body = new KaitaiStream(__raw_body);
_body = new TlsCertificateRequest(io___raw_body, this, m_root);
break;
}
case TlsPacket.TlsHandshakeType.ServerHelloDone: {
__raw_body = m_io.ReadBytes(Length.Value);
var io___raw_body = new KaitaiStream(__raw_body);
_body = new TlsServerHelloDone(io___raw_body, this, m_root);
break;
}
default: {
_body = m_io.ReadBytes(Length.Value);
break;
}
}
}
protected virtual void HandleCertificateVerify (TlsCertificateVerify message)
{
Context.SignatureProvider.AssertProtocol (Context, message.Signature.Protocol);
if (Context.NegotiatedProtocol == TlsProtocolCode.Tls12) {
var signature12 = (SignatureTls12)message.Signature;
Context.SignatureProvider.AssertCertificateVerifySignatureAlgorithm (Context, signature12.SignatureAlgorithm);
}
PendingCrypto.CertificateSignature = message.Signature;
var certificate = PendingCrypto.ClientCertificates [0];
if (!HandshakeParameters.HandshakeMessages.VerifySignature (PendingCrypto.CertificateSignature, certificate.RSA))
throw new TlsException (AlertDescription.HandshakeFailure);
}
private void _parse()
{
_handshakeType = ((TlsRecord.TlsHandshakeType)m_io.ReadU1());
_bodyLength = new TlsLength(m_io, this, m_root);
switch (HandshakeType)
{
case TlsRecord.TlsHandshakeType.HelloRequest: {
__raw_body = m_io.ReadBytes((M_Parent.Length - 4));
var io___raw_body = new KaitaiStream(__raw_body);
_body = new TlsEmpty(io___raw_body, this, m_root);
break;
}
case TlsRecord.TlsHandshakeType.Certificate: {
__raw_body = m_io.ReadBytes((M_Parent.Length - 4));
var io___raw_body = new KaitaiStream(__raw_body);
_body = new TlsCertificate(io___raw_body, this, m_root);
break;
}
case TlsRecord.TlsHandshakeType.CertificateVerify: {
__raw_body = m_io.ReadBytes((M_Parent.Length - 4));
var io___raw_body = new KaitaiStream(__raw_body);
_body = new TlsCertificateVerify(io___raw_body, this, m_root);
break;
}
case TlsRecord.TlsHandshakeType.ServerKeyExchange: {
__raw_body = m_io.ReadBytes((M_Parent.Length - 4));
var io___raw_body = new KaitaiStream(__raw_body);
_body = new TlsServerKeyExchange(io___raw_body, this, m_root);
break;
}
case TlsRecord.TlsHandshakeType.ClientHello: {
__raw_body = m_io.ReadBytes((M_Parent.Length - 4));
var io___raw_body = new KaitaiStream(__raw_body);
_body = new TlsClientHello(io___raw_body, this, m_root);
break;
}
case TlsRecord.TlsHandshakeType.Finished: {
__raw_body = m_io.ReadBytes((M_Parent.Length - 4));
var io___raw_body = new KaitaiStream(__raw_body);
_body = new TlsFinished(io___raw_body, this, m_root);
break;
}
case TlsRecord.TlsHandshakeType.ClientKeyExchange: {
__raw_body = m_io.ReadBytes((M_Parent.Length - 4));
var io___raw_body = new KaitaiStream(__raw_body);
_body = new TlsClientKeyExchange(io___raw_body, this, m_root);
break;
}
case TlsRecord.TlsHandshakeType.ServerHello: {
__raw_body = m_io.ReadBytes((M_Parent.Length - 4));
var io___raw_body = new KaitaiStream(__raw_body);
_body = new TlsServerHello(io___raw_body, this, m_root);
break;
}
case TlsRecord.TlsHandshakeType.CertificateRequest: {
__raw_body = m_io.ReadBytes((M_Parent.Length - 4));
var io___raw_body = new KaitaiStream(__raw_body);
_body = new TlsCertificateRequest(io___raw_body, this, m_root);
break;
}
case TlsRecord.TlsHandshakeType.ServerHelloDone: {
__raw_body = m_io.ReadBytes((M_Parent.Length - 4));
var io___raw_body = new KaitaiStream(__raw_body);
_body = new TlsServerHelloDone(io___raw_body, this, m_root);
break;
}
default: {
__raw_body = m_io.ReadBytes((M_Parent.Length - 4));
var io___raw_body = new KaitaiStream(__raw_body);
_body = new TlsEncryptedMessage(io___raw_body, this, m_root);
break;
}
}
}
