protected virtual void CompleteHandshake()
{
try
{
while (this.mConnectionState != 16)
{
bool arg_0A_0 = this.mClosed;
this.SafeReadRecord();
}
this.mRecordStream.FinaliseHandshake();
this.mSplitApplicationDataRecords = !TlsUtilities.IsTlsV11(this.Context);
if (!this.mAppDataReady)
{
this.mAppDataReady = true;
this.mTlsStream = new TlsStream(this);
}
if (this.mTlsSession != null)
{
if (this.mSessionParameters == null)
{
this.mSessionParameters = new SessionParameters.Builder().SetCipherSuite(this.mSecurityParameters.CipherSuite).SetCompressionAlgorithm(this.mSecurityParameters.CompressionAlgorithm).SetMasterSecret(this.mSecurityParameters.MasterSecret).SetPeerCertificate(this.mPeerCertificate).SetPskIdentity(this.mSecurityParameters.PskIdentity).SetSrpIdentity(this.mSecurityParameters.SrpIdentity).SetServerExtensions(this.mServerExtensions).Build();
this.mTlsSession = new TlsSessionImpl(this.mTlsSession.SessionID, this.mSessionParameters);
}
this.ContextAdmin.SetResumableSession(this.mTlsSession);
}
this.Peer.NotifyHandshakeComplete();
}
finally
{
this.CleanupHandshake();
}
}
protected virtual void CompleteHandshake()
{
try
{
mRecordStream.FinaliseHandshake();
mSplitApplicationDataRecords = !TlsUtilities.IsTlsV11(Context);
if (!mAppDataReady)
{
mAppDataReady = true;
if (mBlocking)
{
mTlsStream = new TlsStream(this);
}
}
if (mTlsSession != null)
{
if (mSessionParameters == null)
{
mSessionParameters = new SessionParameters.Builder().SetCipherSuite(mSecurityParameters.CipherSuite).SetCompressionAlgorithm(mSecurityParameters.CompressionAlgorithm).SetMasterSecret(mSecurityParameters.MasterSecret)
.SetPeerCertificate(mPeerCertificate)
.SetPskIdentity(mSecurityParameters.PskIdentity)
.SetSrpIdentity(mSecurityParameters.SrpIdentity)
.SetServerExtensions(mServerExtensions)
.Build();
mTlsSession = new TlsSessionImpl(mTlsSession.SessionID, mSessionParameters);
}
ContextAdmin.SetResumableSession(mTlsSession);
}
Peer.NotifyHandshakeComplete();
}
finally
{
CleanupHandshake();
}
}
protected virtual void CompleteHandshake()
{
try
{
/*
* We will now read data, until we have completed the handshake.
*/
while (this.mConnectionState != CS_END)
{
if (this.mClosed)
{
// TODO What kind of exception/alert?
}
SafeReadRecord();
}
this.mRecordStream.FinaliseHandshake();
this.mSplitApplicationDataRecords = !TlsUtilities.IsTlsV11(Context);
/*
* If this was an initial handshake, we are now ready to send and receive application data.
*/
if (!mAppDataReady)
{
this.mAppDataReady = true;
this.mTlsStream = new TlsStream(this);
}
if (this.mTlsSession != null)
{
if (this.mSessionParameters == null)
{
this.mSessionParameters = new SessionParameters.Builder()
.SetCipherSuite(this.mSecurityParameters.CipherSuite)
.SetCompressionAlgorithm(this.mSecurityParameters.CompressionAlgorithm)
.SetMasterSecret(this.mSecurityParameters.MasterSecret)
.SetPeerCertificate(this.mPeerCertificate)
.SetPskIdentity(this.mSecurityParameters.PskIdentity)
.SetSrpIdentity(this.mSecurityParameters.SrpIdentity)
// TODO Consider filtering extensions that aren't relevant to resumed sessions
.SetServerExtensions(this.mServerExtensions)
.Build();
this.mTlsSession = new TlsSessionImpl(this.mTlsSession.SessionID, this.mSessionParameters);
}
ContextAdmin.SetResumableSession(this.mTlsSession);
}
Peer.NotifyHandshakeComplete();
}
finally
{
CleanupHandshake();
}
}
protected virtual void CompleteHandshake()
{
try
{
/*
* We will now read data, until we have completed the handshake.
*/
while (this.mConnectionState != CS_END)
{
if (this.mClosed)
{
// TODO What kind of exception/alert?
}
SafeReadRecord();
}
this.mRecordStream.FinaliseHandshake();
this.mSplitApplicationDataRecords = !TlsUtilities.IsTlsV11(Context);
/*
* If this was an initial handshake, we are now ready to send and receive application data.
*/
if (!mAppDataReady)
{
this.mAppDataReady = true;
this.mTlsStream = new TlsStream(this);
}
if (this.mTlsSession != null)
{
if (this.mSessionParameters == null)
{
this.mSessionParameters = new SessionParameters.Builder()
.SetCipherSuite(this.mSecurityParameters.CipherSuite)
.SetCompressionAlgorithm(this.mSecurityParameters.CompressionAlgorithm)
.SetMasterSecret(this.mSecurityParameters.MasterSecret)
.SetPeerCertificate(this.mPeerCertificate)
.SetPskIdentity(this.mSecurityParameters.PskIdentity)
.SetSrpIdentity(this.mSecurityParameters.SrpIdentity)
// TODO Consider filtering extensions that aren't relevant to resumed sessions
.SetServerExtensions(this.mServerExtensions)
.Build();
this.mTlsSession = new TlsSessionImpl(this.mTlsSession.SessionID, this.mSessionParameters);
}
ContextAdmin.SetResumableSession(this.mTlsSession);
}
Peer.NotifyHandshakeComplete();
}
finally
{
CleanupHandshake();
}
}
public virtual void Connect(TlsClient tlsClient)
{
if (tlsClient == null)
throw new ArgumentNullException("tlsClient");
if (this.tlsClient != null)
throw new InvalidOperationException("Connect can only be called once");
/*
* Send Client hello
*
* First, generate some random data.
*/
this.securityParameters = new SecurityParameters();
this.securityParameters.clientRandom = CreateRandomBlock(tlsClient.ShouldUseGmtUnixTime(), random,
ExporterLabel.client_random);
this.tlsClientContext = new TlsClientContextImpl(random, securityParameters);
this.tlsClient = tlsClient;
this.tlsClient.Init(tlsClientContext);
MemoryStream outStr = new MemoryStream();
TlsUtilities.WriteVersion(outStr);
outStr.Write(securityParameters.clientRandom, 0, 32);
/*
* Length of Session id
*/
TlsUtilities.WriteUint8(0, outStr);
this.offeredCipherSuites = this.tlsClient.GetCipherSuites();
// Int32 -> byte[]
this.clientExtensions = this.tlsClient.GetClientExtensions();
// Cipher Suites (and SCSV)
{
/*
* RFC 5746 3.4.
* The client MUST include either an empty "renegotiation_info"
* extension, or the TLS_EMPTY_RENEGOTIATION_INFO_SCSV signaling
* cipher suite value in the ClientHello. Including both is NOT
* RECOMMENDED.
*/
bool noRenegExt = clientExtensions == null
|| !clientExtensions.Contains(ExtensionType.renegotiation_info);
int count = offeredCipherSuites.Length;
if (noRenegExt)
{
// Note: 1 extra slot for TLS_EMPTY_RENEGOTIATION_INFO_SCSV
++count;
}
TlsUtilities.WriteUint16(2 * count, outStr);
for (int i = 0; i < offeredCipherSuites.Length; ++i)
{
TlsUtilities.WriteUint16((int)offeredCipherSuites[i], outStr);
}
if (noRenegExt)
{
TlsUtilities.WriteUint16((int)CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV, outStr);
}
}
/*
* Compression methods, just the null method.
*/
this.offeredCompressionMethods = tlsClient.GetCompressionMethods();
{
TlsUtilities.WriteUint8((byte)offeredCompressionMethods.Length, outStr);
for (int i = 0; i < offeredCompressionMethods.Length; ++i)
{
TlsUtilities.WriteUint8(offeredCompressionMethods[i], outStr);
}
}
// Extensions
if (clientExtensions != null)
{
MemoryStream ext = new MemoryStream();
foreach (int extType in clientExtensions.Keys)
{
WriteExtension(ext, extType, (byte[])clientExtensions[extType]);
}
TlsUtilities.WriteOpaque16(ext.ToArray(), outStr);
}
MemoryStream bos = new MemoryStream();
TlsUtilities.WriteUint8((byte)HandshakeType.client_hello, bos);
TlsUtilities.WriteUint24((int)outStr.Length, bos);
byte[] outBytes = outStr.ToArray();
bos.Write(outBytes, 0, outBytes.Length);
byte[] message = bos.ToArray();
SafeWriteMessage(ContentType.handshake, message, 0, message.Length);
connection_state = CS_CLIENT_HELLO_SEND;
/*
* We will now read data, until we have completed the handshake.
*/
while (connection_state != CS_DONE)
{
SafeReadData();
}
this.tlsStream = new TlsStream(this);
}
// public void Connect(ICertificateVerifyer verifyer, Certificate clientCertificate,
// AsymmetricKeyParameter clientPrivateKey)
// {
// DefaultTlsClient client = new DefaultTlsClient(verifyer);
// client.EnableClientAuthentication(clientCertificate, clientPrivateKey);
//
// this.Connect(client);
// }
// TODO Make public
internal virtual void Connect(TlsClient tlsClient)
{
if (tlsClient == null)
throw new ArgumentNullException("tlsClient");
if (this.tlsClient != null)
throw new InvalidOperationException("Connect can only be called once");
this.tlsClient = tlsClient;
this.tlsClient.Init(this);
/*
* Send Client hello
*
* First, generate some random data.
*/
securityParameters = new SecurityParameters();
securityParameters.clientRandom = new byte[32];
random.NextBytes(securityParameters.clientRandom, 4, 28);
TlsUtilities.WriteGmtUnixTime(securityParameters.clientRandom, 0);
MemoryStream outStr = new MemoryStream();
TlsUtilities.WriteVersion(outStr);
outStr.Write(securityParameters.clientRandom, 0, 32);
/*
* Length of Session id
*/
TlsUtilities.WriteUint8((short)0, outStr);
/*
* Cipher suites
*/
this.offeredCipherSuites = this.tlsClient.GetCipherSuites();
// Note: 1 extra slot for TLS_EMPTY_RENEGOTIATION_INFO_SCSV
TlsUtilities.WriteUint16(2 * (offeredCipherSuites.Length + 1), outStr);
for (int i = 0; i < offeredCipherSuites.Length; ++i)
{
TlsUtilities.WriteUint16(offeredCipherSuites[i], outStr);
}
// RFC 5746 3.3
// Note: If renegotiation added, remove this (and extra slot above)
TlsUtilities.WriteUint16(TLS_EMPTY_RENEGOTIATION_INFO_SCSV, outStr);
/*
* Compression methods, just the null method.
*/
byte[] compressionMethods = new byte[]{0x00};
TlsUtilities.WriteOpaque8(compressionMethods, outStr);
/*
* Extensions
*/
// Int32 -> byte[]
Hashtable clientExtensions = this.tlsClient.GenerateClientExtensions();
// RFC 5746 3.4
// Note: If renegotiation is implemented, need to use this instead of TLS_EMPTY_RENEGOTIATION_INFO_SCSV
// {
// if (clientExtensions == null)
// clientExtensions = new Hashtable();
//
// clientExtensions[EXT_RenegotiationInfo] = CreateRenegotiationInfo(emptybuf);
// }
this.extendedClientHello = clientExtensions != null && clientExtensions.Count > 0;
if (extendedClientHello)
{
MemoryStream ext = new MemoryStream();
foreach (int extType in clientExtensions.Keys)
{
byte[] extValue = (byte[])clientExtensions[extType];
TlsUtilities.WriteUint16(extType, ext);
TlsUtilities.WriteOpaque16(extValue, ext);
}
TlsUtilities.WriteOpaque16(ext.ToArray(), outStr);
}
MemoryStream bos = new MemoryStream();
TlsUtilities.WriteUint8(HP_CLIENT_HELLO, bos);
TlsUtilities.WriteUint24((int) outStr.Length, bos);
byte[] outBytes = outStr.ToArray();
bos.Write(outBytes, 0, outBytes.Length);
byte[] message = bos.ToArray();
rs.WriteMessage(RL_HANDSHAKE, message, 0, message.Length);
connection_state = CS_CLIENT_HELLO_SEND;
/*
* We will now read data, until we have completed the handshake.
*/
while (connection_state != CS_DONE)
{
// TODO Should we send fatal alerts in the event of an exception
// (see readApplicationData)
rs.ReadData();
}
this.tlsStream = new TlsStream(this);
}
// public void Connect(ICertificateVerifyer verifyer, Certificate clientCertificate,
// AsymmetricKeyParameter clientPrivateKey)
// {
// DefaultTlsClient client = new DefaultTlsClient(verifyer);
// client.EnableClientAuthentication(clientCertificate, clientPrivateKey);
//
// this.Connect(client);
// }
// TODO Make public
internal virtual void Connect(TlsClient tlsClient)
{
if (tlsClient == null)
{
throw new ArgumentNullException("tlsClient");
}
if (this.tlsClient != null)
{
throw new InvalidOperationException("Connect can only be called once");
}
this.tlsClient = tlsClient;
this.tlsClient.Init(this);
/*
* Send Client hello
*
* First, generate some random data.
*/
securityParameters = new SecurityParameters();
securityParameters.clientRandom = new byte[32];
random.NextBytes(securityParameters.clientRandom, 4, 28);
TlsUtilities.WriteGmtUnixTime(securityParameters.clientRandom, 0);
MemoryStream outStr = new MemoryStream();
TlsUtilities.WriteVersion(outStr);
outStr.Write(securityParameters.clientRandom, 0, 32);
/*
* Length of Session id
*/
TlsUtilities.WriteUint8((short)0, outStr);
/*
* Cipher suites
*/
this.offeredCipherSuites = this.tlsClient.GetCipherSuites();
// Note: 1 extra slot for TLS_EMPTY_RENEGOTIATION_INFO_SCSV
TlsUtilities.WriteUint16(2 * (offeredCipherSuites.Length + 1), outStr);
for (int i = 0; i < offeredCipherSuites.Length; ++i)
{
TlsUtilities.WriteUint16(offeredCipherSuites[i], outStr);
}
// RFC 5746 3.3
// Note: If renegotiation added, remove this (and extra slot above)
TlsUtilities.WriteUint16(TLS_EMPTY_RENEGOTIATION_INFO_SCSV, outStr);
/*
* Compression methods, just the null method.
*/
byte[] compressionMethods = new byte[] { 0x00 };
TlsUtilities.WriteOpaque8(compressionMethods, outStr);
/*
* Extensions
*/
// Int32 -> byte[]
Hashtable clientExtensions = this.tlsClient.GenerateClientExtensions();
// RFC 5746 3.4
// Note: If renegotiation is implemented, need to use this instead of TLS_EMPTY_RENEGOTIATION_INFO_SCSV
// {
// if (clientExtensions == null)
// clientExtensions = new Hashtable();
//
// clientExtensions[EXT_RenegotiationInfo] = CreateRenegotiationInfo(emptybuf);
// }
this.extendedClientHello = clientExtensions != null && clientExtensions.Count > 0;
if (extendedClientHello)
{
MemoryStream ext = new MemoryStream();
foreach (int extType in clientExtensions.Keys)
{
byte[] extValue = (byte[])clientExtensions[extType];
TlsUtilities.WriteUint16(extType, ext);
TlsUtilities.WriteOpaque16(extValue, ext);
}
TlsUtilities.WriteOpaque16(ext.ToArray(), outStr);
}
MemoryStream bos = new MemoryStream();
TlsUtilities.WriteUint8(HP_CLIENT_HELLO, bos);
TlsUtilities.WriteUint24((int)outStr.Length, bos);
byte[] outBytes = outStr.ToArray();
bos.Write(outBytes, 0, outBytes.Length);
byte[] message = bos.ToArray();
rs.WriteMessage(RL_HANDSHAKE, message, 0, message.Length);
connection_state = CS_CLIENT_HELLO_SEND;
/*
* We will now read data, until we have completed the handshake.
*/
while (connection_state != CS_DONE)
{
// TODO Should we send fatal alerts in the event of an exception
// (see readApplicationData)
rs.ReadData();
}
this.tlsStream = new TlsStream(this);
}
public virtual void Connect(TlsClient tlsClient)
{
if (tlsClient == null)
{
throw new ArgumentNullException("tlsClient");
}
if (this.tlsClient != null)
{
throw new InvalidOperationException("Connect can only be called once");
}
/*
* Send Client hello
*
* First, generate some random data.
*/
this.securityParameters = new SecurityParameters();
this.securityParameters.clientRandom = new byte[32];
random.NextBytes(securityParameters.clientRandom, 4, 28);
TlsUtilities.WriteGmtUnixTime(securityParameters.clientRandom, 0);
this.tlsClientContext = new TlsClientContextImpl(random, securityParameters);
this.tlsClient = tlsClient;
this.tlsClient.Init(tlsClientContext);
MemoryStream outStr = new MemoryStream();
TlsUtilities.WriteVersion(outStr);
outStr.Write(securityParameters.clientRandom, 0, 32);
/*
* Length of Session id
*/
TlsUtilities.WriteUint8(0, outStr);
this.offeredCipherSuites = this.tlsClient.GetCipherSuites();
// ExtensionType -> byte[]
this.clientExtensions = this.tlsClient.GetClientExtensions();
// Cipher Suites (and SCSV)
{
/*
* RFC 5746 3.4.
* The client MUST include either an empty "renegotiation_info"
* extension, or the TLS_EMPTY_RENEGOTIATION_INFO_SCSV signaling
* cipher suite value in the ClientHello. Including both is NOT
* RECOMMENDED.
*/
bool noRenegExt = clientExtensions == null ||
!clientExtensions.Contains(ExtensionType.renegotiation_info);
int count = offeredCipherSuites.Length;
if (noRenegExt)
{
// Note: 1 extra slot for TLS_EMPTY_RENEGOTIATION_INFO_SCSV
++count;
}
TlsUtilities.WriteUint16(2 * count, outStr);
for (int i = 0; i < offeredCipherSuites.Length; ++i)
{
TlsUtilities.WriteUint16((int)offeredCipherSuites[i], outStr);
}
if (noRenegExt)
{
TlsUtilities.WriteUint16((int)CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV, outStr);
}
}
/*
* Compression methods, just the null method.
*/
this.offeredCompressionMethods = tlsClient.GetCompressionMethods();
{
TlsUtilities.WriteUint8((byte)offeredCompressionMethods.Length, outStr);
for (int i = 0; i < offeredCompressionMethods.Length; ++i)
{
TlsUtilities.WriteUint8((byte)offeredCompressionMethods[i], outStr);
}
}
// Extensions
if (clientExtensions != null)
{
MemoryStream ext = new MemoryStream();
foreach (ExtensionType extType in clientExtensions.Keys)
{
WriteExtension(ext, extType, (byte[])clientExtensions[extType]);
}
TlsUtilities.WriteOpaque16(ext.ToArray(), outStr);
}
MemoryStream bos = new MemoryStream();
TlsUtilities.WriteUint8((byte)HandshakeType.client_hello, bos);
TlsUtilities.WriteUint24((int)outStr.Length, bos);
byte[] outBytes = outStr.ToArray();
bos.Write(outBytes, 0, outBytes.Length);
byte[] message = bos.ToArray();
SafeWriteMessage(ContentType.handshake, message, 0, message.Length);
connection_state = CS_CLIENT_HELLO_SEND;
/*
* We will now read data, until we have completed the handshake.
*/
while (connection_state != CS_DONE)
{
SafeReadData();
}
this.tlsStream = new TlsStream(this);
}
protected virtual void CompleteHandshake()
{
try
{
this.mRecordStream.FinaliseHandshake();
this.mAppDataSplitEnabled = !TlsUtilities.IsTlsV11(Context);
/*
* If this was an initial handshake, we are now ready to send and receive application data.
*/
if (!mAppDataReady)
{
this.mAppDataReady = true;
if (mBlocking)
{
this.mTlsStream = new TlsStream(this);
}
}
if (this.mTlsSession != null)
{
if (this.mSessionParameters == null)
{
this.mSessionParameters = new SessionParameters.Builder()
.SetCipherSuite(this.mSecurityParameters.CipherSuite)
.SetCompressionAlgorithm(this.mSecurityParameters.CompressionAlgorithm)
.SetMasterSecret(this.mSecurityParameters.MasterSecret)
.SetPeerCertificate(this.mPeerCertificate)
.SetPskIdentity(this.mSecurityParameters.PskIdentity)
.SetSrpIdentity(this.mSecurityParameters.SrpIdentity)
// TODO Consider filtering extensions that aren't relevant to resumed sessions
.SetServerExtensions(this.mServerExtensions)
.Build();
this.mTlsSession = new TlsSessionImpl(this.mTlsSession.SessionID, this.mSessionParameters);
}
ContextAdmin.SetResumableSession(this.mTlsSession);
}
Peer.NotifyHandshakeComplete();
}
finally
{
CleanupHandshake();
}
}
