public virtual void ProcessServerCertificate(Certificate serverCertificate)
{
if (tlsSigner == null)
{
throw new TlsFatalAlert(AlertDescription.unexpected_message);
}
X509CertificateStructure x509Cert = serverCertificate.certs[0];
SubjectPublicKeyInfo keyInfo = x509Cert.SubjectPublicKeyInfo;
try
{
this.serverPublicKey = PublicKeyFactory.CreateKey(keyInfo);
}
// catch (RuntimeException)
catch (Exception)
{
throw new TlsFatalAlert(AlertDescription.unsupported_certificate);
}
if (!tlsSigner.IsValidPublicKey(this.serverPublicKey))
{
throw new TlsFatalAlert(AlertDescription.certificate_unknown);
}
TlsUtilities.ValidateKeyUsage(x509Cert, KeyUsage.DigitalSignature);
// TODO
/*
* Perform various checks per RFC2246 7.4.2: "Unless otherwise specified, the
* signing algorithm for the certificate must be the same as the algorithm for the
* certificate key."
*/
}
public virtual void ProcessServerCertificate(Certificate serverCertificate)
{
X509CertificateStructure x509Cert = serverCertificate.certs[0];
SubjectPublicKeyInfo keyInfo = x509Cert.SubjectPublicKeyInfo;
try
{
this.serverPublicKey = PublicKeyFactory.CreateKey(keyInfo);
}
// catch (RuntimeException)
catch (Exception)
{
throw new TlsFatalAlert(AlertDescription.unsupported_certificate);
}
// Sanity check the PublicKeyFactory
if (this.serverPublicKey.IsPrivate)
{
throw new TlsFatalAlert(AlertDescription.internal_error);
}
this.rsaServerPublicKey = ValidateRsaPublicKey((RsaKeyParameters)this.serverPublicKey);
TlsUtilities.ValidateKeyUsage(x509Cert, KeyUsage.KeyEncipherment);
// TODO
/*
* Perform various checks per RFC2246 7.4.2: "Unless otherwise specified, the
* signing algorithm for the certificate must be the same as the algorithm for the
* certificate key."
*/
}
public DefaultTlsSignerCredentials(TlsClientContext context,
Certificate clientCertificate, AsymmetricKeyParameter clientPrivateKey)
{
if (clientCertificate == null)
{
throw new ArgumentNullException("clientCertificate");
}
if (clientCertificate.certs.Length == 0)
{
throw new ArgumentException("cannot be empty", "clientCertificate");
}
if (clientPrivateKey == null)
{
throw new ArgumentNullException("clientPrivateKey");
}
if (!clientPrivateKey.IsPrivate)
{
throw new ArgumentException("must be private", "clientPrivateKey");
}
if (clientPrivateKey is RsaKeyParameters)
{
clientSigner = new TlsRsaSigner();
}
else if (clientPrivateKey is DsaPrivateKeyParameters)
{
clientSigner = new TlsDssSigner();
}
else if (clientPrivateKey is ECPrivateKeyParameters)
{
clientSigner = new TlsECDsaSigner();
}
else
{
throw new ArgumentException("type not supported: "
+ clientPrivateKey.GetType().FullName, "clientPrivateKey");
}
this.context = context;
this.clientCert = clientCertificate;
this.clientPrivateKey = clientPrivateKey;
}
public DefaultTlsAgreementCredentials(Certificate clientCertificate, AsymmetricKeyParameter clientPrivateKey)
{
if (clientCertificate == null)
{
throw new ArgumentNullException("clientCertificate");
}
if (clientCertificate.certs.Length == 0)
{
throw new ArgumentException("cannot be empty", "clientCertificate");
}
if (clientPrivateKey == null)
{
throw new ArgumentNullException("clientPrivateKey");
}
if (!clientPrivateKey.IsPrivate)
{
throw new ArgumentException("must be private", "clientPrivateKey");
}
if (clientPrivateKey is DHPrivateKeyParameters)
{
basicAgreement = new DHBasicAgreement();
}
else if (clientPrivateKey is ECPrivateKeyParameters)
{
basicAgreement = new ECDHBasicAgreement();
}
else
{
throw new ArgumentException("type not supported: "
+ clientPrivateKey.GetType().FullName, "clientPrivateKey");
}
this.clientCert = clientCertificate;
this.clientPrivateKey = clientPrivateKey;
}
private void SendClientCertificate(Certificate clientCert)
{
MemoryStream bos = new MemoryStream();
TlsUtilities.WriteUint8((byte)HandshakeType.certificate, bos);
clientCert.Encode(bos);
byte[] message = bos.ToArray();
rs.WriteMessage(ContentType.handshake, message, 0, message.Length);
}
public virtual void NotifyServerCertificate(Certificate serverCertificate)
{
if (!this.verifyer.IsValid(serverCertificate.GetCerts()))
throw new TlsFatalAlert(AlertDescription.user_canceled);
}
