protected virtual void ProcessCertificateVerify(ServerHandshakeState state, byte[] body, TlsHandshakeHash prepareFinishHash)
        {
            if (state.certificateRequest == null)
            {
                throw new InvalidOperationException();
            }

            MemoryStream buf = new MemoryStream(body, false);

            TlsServerContextImpl context = state.serverContext;
            DigitallySigned      clientCertificateVerify = DigitallySigned.Parse(context, buf);

            TlsProtocol.AssertEmpty(buf);

            // Verify the CertificateVerify message contains a correct signature.
            try
            {
                SignatureAndHashAlgorithm signatureAlgorithm = clientCertificateVerify.Algorithm;

                byte[] hash;
                if (TlsUtilities.IsTlsV12(context))
                {
                    TlsUtilities.VerifySupportedSignatureAlgorithm(state.certificateRequest.SupportedSignatureAlgorithms, signatureAlgorithm);
                    hash = prepareFinishHash.GetFinalHash(signatureAlgorithm.Hash);
                }
                else
                {
                    hash = context.SecurityParameters.SessionHash;
                }

                X509CertificateStructure x509Cert  = state.clientCertificate.GetCertificateAt(0);
                SubjectPublicKeyInfo     keyInfo   = x509Cert.SubjectPublicKeyInfo;
                AsymmetricKeyParameter   publicKey = PublicKeyFactory.CreateKey(keyInfo);

                TlsSigner tlsSigner = TlsUtilities.CreateTlsSigner((byte)state.clientCertificateType);
                tlsSigner.Init(context);
                if (!tlsSigner.VerifyRawSignature(signatureAlgorithm, clientCertificateVerify.Signature, publicKey, hash))
                {
                    throw new TlsFatalAlert(AlertDescription.decrypt_error);
                }
            }
            catch (TlsFatalAlert e)
            {
                throw e;
            }
            catch (Exception e)
            {
                throw new TlsFatalAlert(AlertDescription.decrypt_error, e);
            }
        }
        protected virtual void ReceiveCertificateVerifyMessage(MemoryStream buf)
        {
            if (mCertificateRequest == null)
            {
                throw new InvalidOperationException();
            }

            DigitallySigned clientCertificateVerify = DigitallySigned.Parse(Context, buf);

            AssertEmpty(buf);

            // Verify the CertificateVerify message contains a correct signature.
            try
            {
                SignatureAndHashAlgorithm signatureAlgorithm = clientCertificateVerify.Algorithm;

                byte[] hash;
                if (TlsUtilities.IsTlsV12(Context))
                {
                    TlsUtilities.VerifySupportedSignatureAlgorithm(mCertificateRequest.SupportedSignatureAlgorithms, signatureAlgorithm);
                    hash = mPrepareFinishHash.GetFinalHash(signatureAlgorithm.Hash);
                }
                else
                {
                    hash = mSecurityParameters.SessionHash;
                }

                X509CertificateStructure x509Cert  = mPeerCertificate.GetCertificateAt(0);
                SubjectPublicKeyInfo     keyInfo   = x509Cert.SubjectPublicKeyInfo;
                AsymmetricKeyParameter   publicKey = PublicKeyFactory.CreateKey(keyInfo);

                TlsSigner tlsSigner = TlsUtilities.CreateTlsSigner((byte)mClientCertificateType);
                tlsSigner.Init(Context);
                if (!tlsSigner.VerifyRawSignature(signatureAlgorithm, clientCertificateVerify.Signature, publicKey, hash))
                {
                    throw new TlsFatalAlert(AlertDescription.decrypt_error);
                }
            }
            catch (TlsFatalAlert e)
            {
                throw e;
            }
            catch (Exception e)
            {
                throw new TlsFatalAlert(AlertDescription.decrypt_error, e);
            }
        }
    protected virtual void ReceiveCertificateVerifyMessage(MemoryStream buf)
    {
        if (mCertificateRequest == null)
        {
            throw new InvalidOperationException();
        }
        DigitallySigned digitallySigned = DigitallySigned.Parse(Context, buf);

        TlsProtocol.AssertEmpty(buf);
        try
        {
            SignatureAndHashAlgorithm algorithm = digitallySigned.Algorithm;
            byte[] hash;
            if (TlsUtilities.IsTlsV12(Context))
            {
                TlsUtilities.VerifySupportedSignatureAlgorithm(mCertificateRequest.SupportedSignatureAlgorithms, algorithm);
                hash = mPrepareFinishHash.GetFinalHash(algorithm.Hash);
            }
            else
            {
                hash = mSecurityParameters.SessionHash;
            }
            X509CertificateStructure certificateAt        = mPeerCertificate.GetCertificateAt(0);
            SubjectPublicKeyInfo     subjectPublicKeyInfo = certificateAt.SubjectPublicKeyInfo;
            AsymmetricKeyParameter   publicKey            = PublicKeyFactory.CreateKey(subjectPublicKeyInfo);
            TlsSigner tlsSigner = TlsUtilities.CreateTlsSigner((byte)mClientCertificateType);
            tlsSigner.Init(Context);
            if (!tlsSigner.VerifyRawSignature(algorithm, digitallySigned.Signature, publicKey, hash))
            {
                throw new TlsFatalAlert(51);
            }
        }
        catch (TlsFatalAlert tlsFatalAlert)
        {
            throw tlsFatalAlert;
        }
        catch (Exception alertCause)
        {
            throw new TlsFatalAlert(51, alertCause);
        }
    }