protected virtual void NotifyClientCertificate(Certificate clientCertificate)
{
if (mCertificateRequest == null)
{
throw new InvalidOperationException();
}
if (mPeerCertificate != null)
{
throw new TlsFatalAlert(10);
}
mPeerCertificate = clientCertificate;
if (clientCertificate.IsEmpty)
{
mKeyExchange.SkipClientCredentials();
}
else
{
mClientCertificateType = TlsUtilities.GetClientCertificateType(clientCertificate, mServerCredentials.Certificate);
mKeyExchange.ProcessClientCertificate(clientCertificate);
}
mTlsServer.NotifyClientCertificate(clientCertificate);
}
protected virtual void NotifyClientCertificate(Certificate clientCertificate)
{
//IL_0008: Unknown result type (might be due to invalid IL or missing references)
if (mCertificateRequest == null)
{
throw new InvalidOperationException();
}
if (mPeerCertificate != null)
{
throw new TlsFatalAlert(10);
}
mPeerCertificate = clientCertificate;
if (clientCertificate.IsEmpty)
{
mKeyExchange.SkipClientCredentials();
}
else
{
mClientCertificateType = TlsUtilities.GetClientCertificateType(clientCertificate, mServerCredentials.Certificate);
mKeyExchange.ProcessClientCertificate(clientCertificate);
}
mTlsServer.NotifyClientCertificate(clientCertificate);
}
protected override void HandleHandshakeMessage(byte type, byte[] data)
{
MemoryStream memoryStream = new MemoryStream(data);
switch (type)
{
case 1:
switch (base.mConnectionState)
{
case 0:
{
ReceiveClientHelloMessage(memoryStream);
base.mConnectionState = 1;
SendServerHelloMessage();
base.mConnectionState = 2;
mRecordStream.NotifyHelloComplete();
IList serverSupplementalData = mTlsServer.GetServerSupplementalData();
if (serverSupplementalData != null)
{
SendSupplementalDataMessage(serverSupplementalData);
}
base.mConnectionState = 3;
mKeyExchange = mTlsServer.GetKeyExchange();
mKeyExchange.Init(Context);
mServerCredentials = mTlsServer.GetCredentials();
Certificate certificate = null;
if (mServerCredentials == null)
{
mKeyExchange.SkipServerCredentials();
}
else
{
mKeyExchange.ProcessServerCredentials(mServerCredentials);
certificate = mServerCredentials.Certificate;
SendCertificateMessage(certificate);
}
base.mConnectionState = 4;
if (certificate == null || certificate.IsEmpty)
{
mAllowCertificateStatus = false;
}
if (mAllowCertificateStatus)
{
CertificateStatus certificateStatus = mTlsServer.GetCertificateStatus();
if (certificateStatus != null)
{
SendCertificateStatusMessage(certificateStatus);
}
}
base.mConnectionState = 5;
byte[] array = mKeyExchange.GenerateServerKeyExchange();
if (array != null)
{
SendServerKeyExchangeMessage(array);
}
base.mConnectionState = 6;
if (mServerCredentials != null)
{
mCertificateRequest = mTlsServer.GetCertificateRequest();
if (mCertificateRequest != null)
{
if (TlsUtilities.IsTlsV12(Context) != (mCertificateRequest.SupportedSignatureAlgorithms != null))
{
throw new TlsFatalAlert(80);
}
mKeyExchange.ValidateCertificateRequest(mCertificateRequest);
SendCertificateRequestMessage(mCertificateRequest);
TlsUtilities.TrackHashAlgorithms(mRecordStream.HandshakeHash, mCertificateRequest.SupportedSignatureAlgorithms);
}
}
base.mConnectionState = 7;
SendServerHelloDoneMessage();
base.mConnectionState = 8;
mRecordStream.HandshakeHash.SealHashAlgorithms();
break;
}
case 16:
RefuseRenegotiation();
break;
default:
throw new TlsFatalAlert(10);
}
break;
case 23:
{
short mConnectionState = base.mConnectionState;
if (mConnectionState == 8)
{
mTlsServer.ProcessClientSupplementalData(TlsProtocol.ReadSupplementalDataMessage(memoryStream));
base.mConnectionState = 9;
break;
}
throw new TlsFatalAlert(10);
}
case 11:
switch (base.mConnectionState)
{
case 8:
case 9:
if (base.mConnectionState < 9)
{
mTlsServer.ProcessClientSupplementalData(null);
}
if (mCertificateRequest == null)
{
throw new TlsFatalAlert(10);
}
ReceiveCertificateMessage(memoryStream);
base.mConnectionState = 10;
break;
default:
throw new TlsFatalAlert(10);
}
break;
case 16:
switch (base.mConnectionState)
{
case 8:
case 9:
case 10:
if (base.mConnectionState < 9)
{
mTlsServer.ProcessClientSupplementalData(null);
}
if (base.mConnectionState < 10)
{
if (mCertificateRequest == null)
{
mKeyExchange.SkipClientCredentials();
}
else
{
if (TlsUtilities.IsTlsV12(Context))
{
throw new TlsFatalAlert(10);
}
if (TlsUtilities.IsSsl(Context))
{
if (mPeerCertificate == null)
{
throw new TlsFatalAlert(10);
}
}
else
{
NotifyClientCertificate(Certificate.EmptyChain);
}
}
}
ReceiveClientKeyExchangeMessage(memoryStream);
base.mConnectionState = 11;
break;
default:
throw new TlsFatalAlert(10);
}
break;
case 15:
{
short mConnectionState = base.mConnectionState;
if (mConnectionState == 11)
{
if (!ExpectCertificateVerifyMessage())
{
throw new TlsFatalAlert(10);
}
ReceiveCertificateVerifyMessage(memoryStream);
base.mConnectionState = 12;
break;
}
throw new TlsFatalAlert(10);
}
case 20:
switch (base.mConnectionState)
{
case 11:
case 12:
if (base.mConnectionState < 12 && ExpectCertificateVerifyMessage())
{
throw new TlsFatalAlert(10);
}
ProcessFinishedMessage(memoryStream);
base.mConnectionState = 13;
if (mExpectSessionTicket)
{
SendNewSessionTicketMessage(mTlsServer.GetNewSessionTicket());
SendChangeCipherSpecMessage();
}
base.mConnectionState = 14;
SendFinishedMessage();
base.mConnectionState = 15;
base.mConnectionState = 16;
CompleteHandshake();
break;
default:
throw new TlsFatalAlert(10);
}
break;
default:
throw new TlsFatalAlert(10);
}
}
protected override void HandleHandshakeMessage(byte type, byte[] data)
{
//IL_0002: Unknown result type (might be due to invalid IL or missing references)
//IL_0008: Expected O, but got Unknown
MemoryStream val = new MemoryStream(data, false);
if (mResumedSession)
{
if (type != 20 || mConnectionState != 2)
{
throw new TlsFatalAlert(10);
}
ProcessFinishedMessage(val);
mConnectionState = 15;
SendFinishedMessage();
mConnectionState = 13;
mConnectionState = 16;
CompleteHandshake();
return;
}
switch (type)
{
case 11:
switch (mConnectionState)
{
case 2:
case 3:
if (mConnectionState == 2)
{
HandleSupplementalData(null);
}
mPeerCertificate = Certificate.Parse((Stream)(object)val);
TlsProtocol.AssertEmpty(val);
if (mPeerCertificate == null || mPeerCertificate.IsEmpty)
{
mAllowCertificateStatus = false;
}
mKeyExchange.ProcessServerCertificate(mPeerCertificate);
mAuthentication = mTlsClient.GetAuthentication();
mAuthentication.NotifyServerCertificate(mPeerCertificate);
mConnectionState = 4;
break;
default:
throw new TlsFatalAlert(10);
}
break;
case 22:
{
short num = mConnectionState;
if (num == 4)
{
if (!mAllowCertificateStatus)
{
throw new TlsFatalAlert(10);
}
mCertificateStatus = CertificateStatus.Parse((Stream)(object)val);
TlsProtocol.AssertEmpty(val);
mConnectionState = 5;
break;
}
throw new TlsFatalAlert(10);
}
case 20:
switch (mConnectionState)
{
case 13:
case 14:
if (mConnectionState == 13 && mExpectSessionTicket)
{
throw new TlsFatalAlert(10);
}
ProcessFinishedMessage(val);
mConnectionState = 15;
mConnectionState = 16;
CompleteHandshake();
break;
default:
throw new TlsFatalAlert(10);
}
break;
case 2:
{
short num = mConnectionState;
if (num == 1)
{
ReceiveServerHelloMessage(val);
mConnectionState = 2;
mRecordStream.NotifyHelloComplete();
ApplyMaxFragmentLengthExtension();
if (mResumedSession)
{
mSecurityParameters.masterSecret = Arrays.Clone(mSessionParameters.MasterSecret);
mRecordStream.SetPendingConnectionState(Peer.GetCompression(), Peer.GetCipher());
SendChangeCipherSpecMessage();
break;
}
InvalidateSession();
if (mSelectedSessionID.Length > 0)
{
mTlsSession = new TlsSessionImpl(mSelectedSessionID, null);
}
break;
}
throw new TlsFatalAlert(10);
}
case 23:
{
short num = mConnectionState;
if (num == 2)
{
HandleSupplementalData(TlsProtocol.ReadSupplementalDataMessage(val));
break;
}
throw new TlsFatalAlert(10);
}
case 14:
switch (mConnectionState)
{
case 2:
case 3:
case 4:
case 5:
case 6:
case 7:
{
if (mConnectionState < 3)
{
HandleSupplementalData(null);
}
if (mConnectionState < 4)
{
mKeyExchange.SkipServerCredentials();
mAuthentication = null;
}
if (mConnectionState < 6)
{
mKeyExchange.SkipServerKeyExchange();
}
TlsProtocol.AssertEmpty(val);
mConnectionState = 8;
mRecordStream.HandshakeHash.SealHashAlgorithms();
global::System.Collections.IList clientSupplementalData = mTlsClient.GetClientSupplementalData();
if (clientSupplementalData != null)
{
SendSupplementalDataMessage(clientSupplementalData);
}
mConnectionState = 9;
TlsCredentials tlsCredentials = null;
if (mCertificateRequest == null)
{
mKeyExchange.SkipClientCredentials();
}
else
{
tlsCredentials = mAuthentication.GetClientCredentials(mCertificateRequest);
if (tlsCredentials == null)
{
mKeyExchange.SkipClientCredentials();
SendCertificateMessage(Certificate.EmptyChain);
}
else
{
mKeyExchange.ProcessClientCredentials(tlsCredentials);
SendCertificateMessage(tlsCredentials.Certificate);
}
}
mConnectionState = 10;
SendClientKeyExchangeMessage();
mConnectionState = 11;
TlsHandshakeHash tlsHandshakeHash = mRecordStream.PrepareToFinish();
mSecurityParameters.sessionHash = TlsProtocol.GetCurrentPrfHash(Context, tlsHandshakeHash, null);
TlsProtocol.EstablishMasterSecret(Context, mKeyExchange);
mRecordStream.SetPendingConnectionState(Peer.GetCompression(), Peer.GetCipher());
if (tlsCredentials != null && tlsCredentials is TlsSignerCredentials)
{
TlsSignerCredentials tlsSignerCredentials = (TlsSignerCredentials)tlsCredentials;
SignatureAndHashAlgorithm signatureAndHashAlgorithm = TlsUtilities.GetSignatureAndHashAlgorithm(Context, tlsSignerCredentials);
byte[] hash = ((signatureAndHashAlgorithm != null) ? tlsHandshakeHash.GetFinalHash(signatureAndHashAlgorithm.Hash) : mSecurityParameters.SessionHash);
byte[] signature = tlsSignerCredentials.GenerateCertificateSignature(hash);
DigitallySigned certificateVerify = new DigitallySigned(signatureAndHashAlgorithm, signature);
SendCertificateVerifyMessage(certificateVerify);
mConnectionState = 12;
}
SendChangeCipherSpecMessage();
SendFinishedMessage();
mConnectionState = 13;
break;
}
default:
throw new TlsFatalAlert(40);
}
break;
case 12:
switch (mConnectionState)
{
case 2:
case 3:
case 4:
case 5:
if (mConnectionState < 3)
{
HandleSupplementalData(null);
}
if (mConnectionState < 4)
{
mKeyExchange.SkipServerCredentials();
mAuthentication = null;
}
mKeyExchange.ProcessServerKeyExchange((Stream)(object)val);
TlsProtocol.AssertEmpty(val);
mConnectionState = 6;
break;
default:
throw new TlsFatalAlert(10);
}
break;
case 13:
switch (mConnectionState)
{
case 4:
case 5:
case 6:
if (mConnectionState != 6)
{
mKeyExchange.SkipServerKeyExchange();
}
if (mAuthentication == null)
{
throw new TlsFatalAlert(40);
}
mCertificateRequest = CertificateRequest.Parse(Context, (Stream)(object)val);
TlsProtocol.AssertEmpty(val);
mKeyExchange.ValidateCertificateRequest(mCertificateRequest);
TlsUtilities.TrackHashAlgorithms(mRecordStream.HandshakeHash, mCertificateRequest.SupportedSignatureAlgorithms);
mConnectionState = 7;
break;
default:
throw new TlsFatalAlert(10);
}
break;
case 4:
{
short num = mConnectionState;
if (num == 13)
{
if (!mExpectSessionTicket)
{
throw new TlsFatalAlert(10);
}
InvalidateSession();
ReceiveNewSessionTicketMessage(val);
mConnectionState = 14;
break;
}
throw new TlsFatalAlert(10);
}
case 0:
TlsProtocol.AssertEmpty(val);
if (mConnectionState == 16)
{
RefuseRenegotiation();
}
break;
default:
throw new TlsFatalAlert(10);
}
}