public virtual void ProcessServerCertificate(Certificate serverCertificate) { if (tlsSigner == null) { throw new TlsFatalAlert(AlertDescription.unexpected_message); } X509CertificateStructure x509Cert = serverCertificate.GetCertificateAt(0); SubjectPublicKeyInfo keyInfo = x509Cert.SubjectPublicKeyInfo; try { this.serverPublicKey = PublicKeyFactory.CreateKey(keyInfo); } // catch (RuntimeException) catch (Exception) { throw new TlsFatalAlert(AlertDescription.unsupported_certificate); } if (!tlsSigner.IsValidPublicKey(this.serverPublicKey)) { throw new TlsFatalAlert(AlertDescription.certificate_unknown); } TlsUtilities.ValidateKeyUsage(x509Cert, KeyUsage.DigitalSignature); // TODO /* * Perform various checks per RFC2246 7.4.2: "Unless otherwise specified, the * signing algorithm for the certificate must be the same as the algorithm for the * certificate key." */ }
public override void ProcessServerCertificate(Certificate serverCertificate) { if (serverCertificate.IsEmpty) { throw new TlsFatalAlert(AlertDescription.bad_certificate); } X509CertificateStructure x509Cert = serverCertificate.GetCertificateAt(0); SubjectPublicKeyInfo keyInfo = x509Cert.SubjectPublicKeyInfo; try { this.mServerPublicKey = PublicKeyFactory.CreateKey(keyInfo); } catch (Exception e) { throw new TlsFatalAlert(AlertDescription.unsupported_certificate, e); } // Sanity check the PublicKeyFactory if (this.mServerPublicKey.IsPrivate) { throw new TlsFatalAlert(AlertDescription.internal_error); } this.mRsaServerPublicKey = ValidateRsaPublicKey((RsaKeyParameters)this.mServerPublicKey); TlsUtilities.ValidateKeyUsage(x509Cert, KeyUsage.KeyEncipherment); base.ProcessServerCertificate(serverCertificate); }
public override void ProcessServerCertificate(Certificate serverCertificate) { if (mTlsSigner == null) throw new TlsFatalAlert(AlertDescription.unexpected_message); if (serverCertificate.IsEmpty) throw new TlsFatalAlert(AlertDescription.bad_certificate); X509CertificateStructure x509Cert = serverCertificate.GetCertificateAt(0); SubjectPublicKeyInfo keyInfo = x509Cert.SubjectPublicKeyInfo; try { this.mServerPublicKey = PublicKeyFactory.CreateKey(keyInfo); } catch (Exception e) { throw new TlsFatalAlert(AlertDescription.unsupported_certificate, e); } if (!mTlsSigner.IsValidPublicKey(this.mServerPublicKey)) throw new TlsFatalAlert(AlertDescription.certificate_unknown); TlsUtilities.ValidateKeyUsage(x509Cert, KeyUsage.DigitalSignature); base.ProcessServerCertificate(serverCertificate); }
public override void ProcessServerCertificate(Certificate serverCertificate) { if (serverCertificate.IsEmpty) { throw new TlsFatalAlert(42); } X509CertificateStructure certificateAt = serverCertificate.GetCertificateAt(0); SubjectPublicKeyInfo subjectPublicKeyInfo = certificateAt.SubjectPublicKeyInfo; try { this.mServerPublicKey = PublicKeyFactory.CreateKey(subjectPublicKeyInfo); } catch (Exception alertCause) { throw new TlsFatalAlert(43, alertCause); } if (this.mServerPublicKey.IsPrivate) { throw new TlsFatalAlert(80); } this.mRsaServerPublicKey = this.ValidateRsaPublicKey((RsaKeyParameters)this.mServerPublicKey); TlsUtilities.ValidateKeyUsage(certificateAt, 32); base.ProcessServerCertificate(serverCertificate); }
public virtual void ProcessServerCertificate(Certificate serverCertificate) { X509CertificateStructure x509Cert = serverCertificate.GetCertificateAt(0); SubjectPublicKeyInfo keyInfo = x509Cert.SubjectPublicKeyInfo; try { this.serverPublicKey = PublicKeyFactory.CreateKey(keyInfo); } // catch (RuntimeException) catch (Exception) { throw new TlsFatalAlert(AlertDescription.unsupported_certificate); } // Sanity check the PublicKeyFactory if (this.serverPublicKey.IsPrivate) { throw new TlsFatalAlert(AlertDescription.internal_error); } this.rsaServerPublicKey = ValidateRsaPublicKey((RsaKeyParameters)this.serverPublicKey); TlsUtilities.ValidateKeyUsage(x509Cert, KeyUsage.KeyEncipherment); // TODO /* * Perform various checks per RFC2246 7.4.2: "Unless otherwise specified, the * signing algorithm for the certificate must be the same as the algorithm for the * certificate key." */ }
public override void ProcessServerCertificate(Certificate serverCertificate) { if (serverCertificate.IsEmpty) throw new TlsFatalAlert(AlertDescription.bad_certificate); X509CertificateStructure x509Cert = serverCertificate.GetCertificateAt(0); SubjectPublicKeyInfo keyInfo = x509Cert.SubjectPublicKeyInfo; try { this.mServerPublicKey = PublicKeyFactory.CreateKey(keyInfo); } catch (Exception e) { throw new TlsFatalAlert(AlertDescription.unsupported_certificate, e); } // Sanity check the PublicKeyFactory if (this.mServerPublicKey.IsPrivate) throw new TlsFatalAlert(AlertDescription.internal_error); this.mRsaServerPublicKey = ValidateRsaPublicKey((RsaKeyParameters)this.mServerPublicKey); TlsUtilities.ValidateKeyUsage(x509Cert, KeyUsage.KeyEncipherment); base.ProcessServerCertificate(serverCertificate); }
public override void ProcessServerCertificate(Certificate serverCertificate) { if (mTlsSigner == null) { throw new TlsFatalAlert(10); } if (serverCertificate.IsEmpty) { throw new TlsFatalAlert(42); } X509CertificateStructure certificateAt = serverCertificate.GetCertificateAt(0); SubjectPublicKeyInfo subjectPublicKeyInfo = certificateAt.SubjectPublicKeyInfo; try { mServerPublicKey = PublicKeyFactory.CreateKey(subjectPublicKeyInfo); } catch (global::System.Exception alertCause) { throw new TlsFatalAlert(43, alertCause); } if (!mTlsSigner.IsValidPublicKey(mServerPublicKey)) { throw new TlsFatalAlert(46); } TlsUtilities.ValidateKeyUsage(certificateAt, 128); base.ProcessServerCertificate(serverCertificate); }
public override void ProcessServerCertificate(Certificate serverCertificate) { if (mTlsSigner == null) { throw new TlsFatalAlert(AlertDescription.unexpected_message); } if (serverCertificate.IsEmpty) { throw new TlsFatalAlert(AlertDescription.bad_certificate); } X509CertificateStructure x509Cert = serverCertificate.GetCertificateAt(0); SubjectPublicKeyInfo keyInfo = x509Cert.SubjectPublicKeyInfo; try { this.mServerPublicKey = PublicKeyFactory.CreateKey(keyInfo); } catch (Exception e) { throw new TlsFatalAlert(AlertDescription.unsupported_certificate, e); } if (!mTlsSigner.IsValidPublicKey(this.mServerPublicKey)) { throw new TlsFatalAlert(AlertDescription.certificate_unknown); } TlsUtilities.ValidateKeyUsage(x509Cert, KeyUsage.DigitalSignature); base.ProcessServerCertificate(serverCertificate); }
public override void ProcessServerCertificate(Certificate serverCertificate) { if (mKeyExchange == KeyExchangeAlgorithm.DH_anon) { throw new TlsFatalAlert(AlertDescription.unexpected_message); } if (serverCertificate.IsEmpty) { throw new TlsFatalAlert(AlertDescription.decode_error); } X509CertificateStructure x509Cert = serverCertificate.GetCertificateAt(0); SubjectPublicKeyInfo keyInfo = x509Cert.SubjectPublicKeyInfo; try { this.mServerPublicKey = PublicKeyFactory.CreateKey(keyInfo); } catch (Exception e) { throw new TlsFatalAlert(AlertDescription.unsupported_certificate, e); } if (mTlsSigner == null) { try { this.mDHAgreePublicKey = (DHPublicKeyParameters)this.mServerPublicKey; this.mDHParameters = mDHAgreePublicKey.Parameters; } catch (InvalidCastException e) { throw new TlsFatalAlert(AlertDescription.certificate_unknown, e); } TlsUtilities.ValidateKeyUsage(x509Cert, KeyUsage.KeyAgreement); } else { if (!mTlsSigner.IsValidPublicKey(this.mServerPublicKey)) { throw new TlsFatalAlert(AlertDescription.certificate_unknown); } TlsUtilities.ValidateKeyUsage(x509Cert, KeyUsage.DigitalSignature); } base.ProcessServerCertificate(serverCertificate); }
public override void ProcessServerCertificate(AbstractCertificate serverCertificate) { if (mKeyExchange != KeyExchangeAlgorithm.RSA_PSK) { throw new TlsFatalAlert(AlertDescription.unexpected_message); } if (serverCertificate.IsEmpty) { throw new TlsFatalAlert(AlertDescription.decode_error); } Certificate realCertificate = serverCertificate as Certificate; X509CertificateStructure x509Cert = null; if (realCertificate != null) { x509Cert = realCertificate.GetCertificateAt(0); } SubjectPublicKeyInfo keyInfo = serverCertificate.SubjectPublicKeyInfo(); try { this.mServerPublicKey = PublicKeyFactory.CreateKey(keyInfo); } catch (Exception e) { throw new TlsFatalAlert(AlertDescription.unsupported_certificate, e); } // Sanity check the PublicKeyFactory if (this.mServerPublicKey.IsPrivate) { throw new TlsFatalAlert(AlertDescription.internal_error); } this.mRsaServerPublicKey = ValidateRsaPublicKey((RsaKeyParameters)this.mServerPublicKey); if (x509Cert != null) { TlsUtilities.ValidateKeyUsage(x509Cert, KeyUsage.KeyEncipherment); } base.ProcessServerCertificate(serverCertificate); }
public override void ProcessServerCertificate(Certificate serverCertificate) { if (serverCertificate.IsEmpty) { throw new TlsFatalAlert(AlertDescription.bad_certificate); } X509CertificateStructure x509Cert = serverCertificate.GetCertificateAt(0); SubjectPublicKeyInfo keyInfo = x509Cert.SubjectPublicKeyInfo; try { this.mServerPublicKey = PublicKeyFactory.CreateKey(keyInfo); } catch (Exception e) { throw new TlsFatalAlert(AlertDescription.unsupported_certificate, e); } if (mTlsSigner == null) { try { this.mECAgreePublicKey = TlsEccUtilities.ValidateECPublicKey((ECPublicKeyParameters)this.mServerPublicKey); } catch (InvalidCastException e) { throw new TlsFatalAlert(AlertDescription.certificate_unknown, e); } TlsUtilities.ValidateKeyUsage(x509Cert, KeyUsage.KeyAgreement); } else { if (!mTlsSigner.IsValidPublicKey(this.mServerPublicKey)) { throw new TlsFatalAlert(AlertDescription.certificate_unknown); } TlsUtilities.ValidateKeyUsage(x509Cert, KeyUsage.DigitalSignature); } base.ProcessServerCertificate(serverCertificate); }
public override void ProcessServerCertificate(Certificate serverCertificate) { if (base.mKeyExchange == 20) { throw new TlsFatalAlert(10); } if (serverCertificate.IsEmpty) { throw new TlsFatalAlert(0x2a); } X509CertificateStructure certificateAt = serverCertificate.GetCertificateAt(0); SubjectPublicKeyInfo subjectPublicKeyInfo = certificateAt.SubjectPublicKeyInfo; try { this.mServerPublicKey = PublicKeyFactory.CreateKey(subjectPublicKeyInfo); } catch (Exception exception) { throw new TlsFatalAlert(0x2b, exception); } if (this.mTlsSigner == null) { try { this.mECAgreePublicKey = TlsEccUtilities.ValidateECPublicKey((ECPublicKeyParameters)this.mServerPublicKey); } catch (InvalidCastException exception2) { throw new TlsFatalAlert(0x2e, exception2); } TlsUtilities.ValidateKeyUsage(certificateAt, 8); } else { if (!this.mTlsSigner.IsValidPublicKey(this.mServerPublicKey)) { throw new TlsFatalAlert(0x2e); } TlsUtilities.ValidateKeyUsage(certificateAt, 0x80); } base.ProcessServerCertificate(serverCertificate); }
public override void ProcessServerCertificate(Certificate serverCertificate) { if (serverCertificate.IsEmpty) throw new TlsFatalAlert(AlertDescription.bad_certificate); X509CertificateStructure x509Cert = serverCertificate.GetCertificateAt(0); SubjectPublicKeyInfo keyInfo = x509Cert.SubjectPublicKeyInfo; try { this.mServerPublicKey = PublicKeyFactory.CreateKey(keyInfo); } catch (Exception e) { throw new TlsFatalAlert(AlertDescription.unsupported_certificate, e); } if (mTlsSigner == null) { try { this.mDHAgreePublicKey = TlsDHUtilities.ValidateDHPublicKey((DHPublicKeyParameters)this.mServerPublicKey); this.mDHParameters = ValidateDHParameters(mDHAgreePublicKey.Parameters); } catch (InvalidCastException e) { throw new TlsFatalAlert(AlertDescription.certificate_unknown, e); } TlsUtilities.ValidateKeyUsage(x509Cert, KeyUsage.KeyAgreement); } else { if (!mTlsSigner.IsValidPublicKey(this.mServerPublicKey)) { throw new TlsFatalAlert(AlertDescription.certificate_unknown); } TlsUtilities.ValidateKeyUsage(x509Cert, KeyUsage.DigitalSignature); } base.ProcessServerCertificate(serverCertificate); }
public override void ProcessServerCertificate(AbstractCertificate serverCertificate) { if (mTlsSigner == null) { throw new TlsFatalAlert(AlertDescription.unexpected_message); } if (serverCertificate.IsEmpty) { throw new TlsFatalAlert(AlertDescription.decode_error); } Certificate realCertificate = serverCertificate as Certificate; X509CertificateStructure x509Cert = null; if (realCertificate != null) { x509Cert = realCertificate.GetCertificateAt(0); } SubjectPublicKeyInfo keyInfo = serverCertificate.SubjectPublicKeyInfo(); try { this.mServerPublicKey = PublicKeyFactory.CreateKey(keyInfo); } catch (Exception e) { throw new TlsFatalAlert(AlertDescription.unsupported_certificate, e); } if (!mTlsSigner.IsValidPublicKey(this.mServerPublicKey)) { throw new TlsFatalAlert(AlertDescription.certificate_unknown); } if (x509Cert != null) { TlsUtilities.ValidateKeyUsage(x509Cert, KeyUsage.DigitalSignature); } base.ProcessServerCertificate(serverCertificate); }
public override void ProcessServerCertificate(Certificate serverCertificate) { //IL_006f: Expected O, but got Unknown if (serverCertificate.IsEmpty) { throw new TlsFatalAlert(42); } X509CertificateStructure certificateAt = serverCertificate.GetCertificateAt(0); SubjectPublicKeyInfo subjectPublicKeyInfo = certificateAt.SubjectPublicKeyInfo; try { mServerPublicKey = PublicKeyFactory.CreateKey(subjectPublicKeyInfo); } catch (global::System.Exception alertCause) { throw new TlsFatalAlert(43, alertCause); } if (mTlsSigner == null) { try { mDHAgreePublicKey = TlsDHUtilities.ValidateDHPublicKey((DHPublicKeyParameters)mServerPublicKey); mDHParameters = ValidateDHParameters(mDHAgreePublicKey.Parameters); } catch (InvalidCastException val) { InvalidCastException alertCause2 = val; throw new TlsFatalAlert(46, (global::System.Exception)(object) alertCause2); } TlsUtilities.ValidateKeyUsage(certificateAt, 8); } else { if (!mTlsSigner.IsValidPublicKey(mServerPublicKey)) { throw new TlsFatalAlert(46); } TlsUtilities.ValidateKeyUsage(certificateAt, 128); } base.ProcessServerCertificate(serverCertificate); }
public override void ProcessServerCertificate(Certificate serverCertificate) { if (serverCertificate.IsEmpty) { throw new TlsFatalAlert(42); } X509CertificateStructure certificateAt = serverCertificate.GetCertificateAt(0); SubjectPublicKeyInfo subjectPublicKeyInfo = certificateAt.SubjectPublicKeyInfo; try { mServerPublicKey = PublicKeyFactory.CreateKey(subjectPublicKeyInfo); } catch (Exception alertCause) { throw new TlsFatalAlert(43, alertCause); IL_003d :; } if (mTlsSigner == null) { try { mECAgreePublicKey = TlsEccUtilities.ValidateECPublicKey((ECPublicKeyParameters)mServerPublicKey); } catch (InvalidCastException alertCause2) { throw new TlsFatalAlert(46, alertCause2); IL_0072 :; } TlsUtilities.ValidateKeyUsage(certificateAt, 8); } else { if (!mTlsSigner.IsValidPublicKey(mServerPublicKey)) { throw new TlsFatalAlert(46); } TlsUtilities.ValidateKeyUsage(certificateAt, 128); } base.ProcessServerCertificate(serverCertificate); }
internal static short GetClientCertificateType(Certificate clientCertificate, Certificate serverCertificate) { if (clientCertificate.IsEmpty) return -1; X509CertificateStructure x509Cert = clientCertificate.GetCertificateAt(0); SubjectPublicKeyInfo keyInfo = x509Cert.SubjectPublicKeyInfo; try { AsymmetricKeyParameter publicKey = PublicKeyFactory.CreateKey(keyInfo); if (publicKey.IsPrivate) throw new TlsFatalAlert(AlertDescription.internal_error); /* * TODO RFC 5246 7.4.6. The certificates MUST be signed using an acceptable hash/ * signature algorithm pair, as described in Section 7.4.4. Note that this relaxes the * constraints on certificate-signing algorithms found in prior versions of TLS. */ /* * RFC 5246 7.4.6. Client Certificate */ /* * RSA public key; the certificate MUST allow the key to be used for signing with the * signature scheme and hash algorithm that will be employed in the certificate verify * message. */ if (publicKey is RsaKeyParameters) { ValidateKeyUsage(x509Cert, KeyUsage.DigitalSignature); return ClientCertificateType.rsa_sign; } /* * DSA public key; the certificate MUST allow the key to be used for signing with the * hash algorithm that will be employed in the certificate verify message. */ if (publicKey is DsaPublicKeyParameters) { ValidateKeyUsage(x509Cert, KeyUsage.DigitalSignature); return ClientCertificateType.dss_sign; } /* * ECDSA-capable public key; the certificate MUST allow the key to be used for signing * with the hash algorithm that will be employed in the certificate verify message; the * public key MUST use a curve and point format supported by the server. */ if (publicKey is ECPublicKeyParameters) { ValidateKeyUsage(x509Cert, KeyUsage.DigitalSignature); // TODO Check the curve and point format return ClientCertificateType.ecdsa_sign; } // TODO Add support for ClientCertificateType.*_fixed_* throw new TlsFatalAlert(AlertDescription.unsupported_certificate); } catch (Exception e) { throw new TlsFatalAlert(AlertDescription.unsupported_certificate, e); } }
public override void ProcessServerCertificate(AbstractCertificate serverCertificate) { if (mKeyExchange == KeyExchangeAlgorithm.ECDH_anon) { throw new TlsFatalAlert(AlertDescription.unexpected_message); } if (serverCertificate.IsEmpty) { throw new TlsFatalAlert(AlertDescription.decode_error); } X509CertificateStructure x509Cert = null; Certificate xCert = serverCertificate as Certificate; if (xCert != null) { x509Cert = xCert.GetCertificateAt(0); } SubjectPublicKeyInfo keyInfo = serverCertificate.SubjectPublicKeyInfo(); try { this.mServerPublicKey = PublicKeyFactory.CreateKey(keyInfo); } catch (Exception e) { throw new TlsFatalAlert(AlertDescription.unsupported_certificate, e); } if (mTlsSigner == null) { try { this.mECAgreePublicKey = TlsEccUtilities.ValidateECPublicKey((ECPublicKeyParameters)this.mServerPublicKey); } catch (InvalidCastException e) { throw new TlsFatalAlert(AlertDescription.certificate_unknown, e); } if (xCert != null) { TlsUtilities.ValidateKeyUsage(x509Cert, KeyUsage.KeyAgreement); } } else { if (!mTlsSigner.IsValidPublicKey(this.mServerPublicKey)) { throw new TlsFatalAlert(AlertDescription.certificate_unknown); } if (xCert != null) { TlsUtilities.ValidateKeyUsage(x509Cert, KeyUsage.DigitalSignature); } } base.ProcessServerCertificate(serverCertificate); }