public virtual void ProcessServerCertificate(Certificate serverCertificate) { if (tlsSigner == null) { throw new TlsFatalAlert(AlertDescription.unexpected_message); } X509CertificateStructure x509Cert = serverCertificate.certs[0]; SubjectPublicKeyInfo keyInfo = x509Cert.SubjectPublicKeyInfo; try { this.serverPublicKey = PublicKeyFactory.CreateKey(keyInfo); } // catch (RuntimeException) catch (Exception) { throw new TlsFatalAlert(AlertDescription.unsupported_certificate); } if (!tlsSigner.IsValidPublicKey(this.serverPublicKey)) { throw new TlsFatalAlert(AlertDescription.certificate_unknown); } TlsUtilities.ValidateKeyUsage(x509Cert, KeyUsage.DigitalSignature); // TODO /* * Perform various checks per RFC2246 7.4.2: "Unless otherwise specified, the * signing algorithm for the certificate must be the same as the algorithm for the * certificate key." */ }
public virtual void ProcessServerCertificate(Certificate serverCertificate) { X509CertificateStructure x509Cert = serverCertificate.certs[0]; SubjectPublicKeyInfo keyInfo = x509Cert.SubjectPublicKeyInfo; try { this.serverPublicKey = PublicKeyFactory.CreateKey(keyInfo); } // catch (RuntimeException) catch (Exception) { throw new TlsFatalAlert(AlertDescription.unsupported_certificate); } // Sanity check the PublicKeyFactory if (this.serverPublicKey.IsPrivate) { throw new TlsFatalAlert(AlertDescription.internal_error); } this.rsaServerPublicKey = ValidateRsaPublicKey((RsaKeyParameters)this.serverPublicKey); TlsUtilities.ValidateKeyUsage(x509Cert, KeyUsage.KeyEncipherment); // TODO /* * Perform various checks per RFC2246 7.4.2: "Unless otherwise specified, the * signing algorithm for the certificate must be the same as the algorithm for the * certificate key." */ }
public DefaultTlsSignerCredentials(TlsClientContext context, Certificate clientCertificate, AsymmetricKeyParameter clientPrivateKey) { if (clientCertificate == null) { throw new ArgumentNullException("clientCertificate"); } if (clientCertificate.certs.Length == 0) { throw new ArgumentException("cannot be empty", "clientCertificate"); } if (clientPrivateKey == null) { throw new ArgumentNullException("clientPrivateKey"); } if (!clientPrivateKey.IsPrivate) { throw new ArgumentException("must be private", "clientPrivateKey"); } if (clientPrivateKey is RsaKeyParameters) { clientSigner = new TlsRsaSigner(); } else if (clientPrivateKey is DsaPrivateKeyParameters) { clientSigner = new TlsDssSigner(); } else if (clientPrivateKey is ECPrivateKeyParameters) { clientSigner = new TlsECDsaSigner(); } else { throw new ArgumentException("type not supported: " + clientPrivateKey.GetType().FullName, "clientPrivateKey"); } this.context = context; this.clientCert = clientCertificate; this.clientPrivateKey = clientPrivateKey; }
public DefaultTlsAgreementCredentials(Certificate clientCertificate, AsymmetricKeyParameter clientPrivateKey) { if (clientCertificate == null) { throw new ArgumentNullException("clientCertificate"); } if (clientCertificate.certs.Length == 0) { throw new ArgumentException("cannot be empty", "clientCertificate"); } if (clientPrivateKey == null) { throw new ArgumentNullException("clientPrivateKey"); } if (!clientPrivateKey.IsPrivate) { throw new ArgumentException("must be private", "clientPrivateKey"); } if (clientPrivateKey is DHPrivateKeyParameters) { basicAgreement = new DHBasicAgreement(); } else if (clientPrivateKey is ECPrivateKeyParameters) { basicAgreement = new ECDHBasicAgreement(); } else { throw new ArgumentException("type not supported: " + clientPrivateKey.GetType().FullName, "clientPrivateKey"); } this.clientCert = clientCertificate; this.clientPrivateKey = clientPrivateKey; }
private void SendClientCertificate(Certificate clientCert) { MemoryStream bos = new MemoryStream(); TlsUtilities.WriteUint8((byte)HandshakeType.certificate, bos); clientCert.Encode(bos); byte[] message = bos.ToArray(); rs.WriteMessage(ContentType.handshake, message, 0, message.Length); }
public virtual void NotifyServerCertificate(Certificate serverCertificate) { if (!this.verifyer.IsValid(serverCertificate.GetCerts())) throw new TlsFatalAlert(AlertDescription.user_canceled); }