|
protected static AssertEmpty ( |
||
| buf | ||
| return | void | |
public static byte[] ReadNegotiatedDheGroupsClientExtension(byte[] extensionData)
{
if (extensionData == null)
{
throw new ArgumentNullException("extensionData");
}
MemoryStream buf = new MemoryStream(extensionData, false);
byte length = TlsUtilities.ReadUint8(buf);
if (length < 1)
{
throw new TlsFatalAlert(AlertDescription.decode_error);
}
byte[] dheGroups = TlsUtilities.ReadUint8Array(length, buf);
TlsProtocol.AssertEmpty(buf);
return(dheGroups);
}
public static int[] ReadSupportedEllipticCurvesExtension(byte[] extensionData)
{
if (extensionData == null)
{
throw new ArgumentNullException("extensionData");
}
MemoryStream buf = new MemoryStream(extensionData, false);
int length = TlsUtilities.ReadUint16(buf);
if (length < 2 || (length & 1) != 0)
{
throw new TlsFatalAlert(AlertDescription.decode_error);
}
int[] namedCurves = TlsUtilities.ReadUint16Array(length / 2, buf);
TlsProtocol.AssertEmpty(buf);
return(namedCurves);
}
protected internal static IDictionary ReadExtensions(MemoryStream input)
{
if (input.Position >= input.Length)
{
return(null);
}
byte[] buffer = TlsUtilities.ReadOpaque16(input);
TlsProtocol.AssertEmpty(input);
MemoryStream memoryStream = new MemoryStream(buffer, false);
IDictionary dictionary = Platform.CreateHashtable();
while (memoryStream.Position < memoryStream.Length)
{
int num = TlsUtilities.ReadUint16(memoryStream);
byte[] value = TlsUtilities.ReadOpaque16(memoryStream);
if (dictionary.Contains(num))
{
throw new TlsFatalAlert(47);
}
dictionary.Add(num, value);
}
return(dictionary);
}
public static byte[] ReadSupportedPointFormatsExtension(byte[] extensionData)
{
//IL_0008: Unknown result type (might be due to invalid IL or missing references)
//IL_0010: Unknown result type (might be due to invalid IL or missing references)
//IL_0016: Expected O, but got Unknown
if (extensionData == null)
{
throw new ArgumentNullException("extensionData");
}
MemoryStream val = new MemoryStream(extensionData, false);
byte b = TlsUtilities.ReadUint8((Stream)(object)val);
if (b < 1)
{
throw new TlsFatalAlert(50);
}
byte[] array = TlsUtilities.ReadUint8Array(b, (Stream)(object)val);
TlsProtocol.AssertEmpty(val);
if (!Arrays.Contains(array, 0))
{
throw new TlsFatalAlert(47);
}
return(array);
}
protected override void HandleHandshakeMessage(byte type, byte[] data)
{
//IL_0002: Unknown result type (might be due to invalid IL or missing references)
//IL_0008: Expected O, but got Unknown
MemoryStream val = new MemoryStream(data, false);
if (mResumedSession)
{
if (type != 20 || mConnectionState != 2)
{
throw new TlsFatalAlert(10);
}
ProcessFinishedMessage(val);
mConnectionState = 15;
SendFinishedMessage();
mConnectionState = 13;
mConnectionState = 16;
CompleteHandshake();
return;
}
switch (type)
{
case 11:
switch (mConnectionState)
{
case 2:
case 3:
if (mConnectionState == 2)
{
HandleSupplementalData(null);
}
mPeerCertificate = Certificate.Parse((Stream)(object)val);
TlsProtocol.AssertEmpty(val);
if (mPeerCertificate == null || mPeerCertificate.IsEmpty)
{
mAllowCertificateStatus = false;
}
mKeyExchange.ProcessServerCertificate(mPeerCertificate);
mAuthentication = mTlsClient.GetAuthentication();
mAuthentication.NotifyServerCertificate(mPeerCertificate);
mConnectionState = 4;
break;
default:
throw new TlsFatalAlert(10);
}
break;
case 22:
{
short num = mConnectionState;
if (num == 4)
{
if (!mAllowCertificateStatus)
{
throw new TlsFatalAlert(10);
}
mCertificateStatus = CertificateStatus.Parse((Stream)(object)val);
TlsProtocol.AssertEmpty(val);
mConnectionState = 5;
break;
}
throw new TlsFatalAlert(10);
}
case 20:
switch (mConnectionState)
{
case 13:
case 14:
if (mConnectionState == 13 && mExpectSessionTicket)
{
throw new TlsFatalAlert(10);
}
ProcessFinishedMessage(val);
mConnectionState = 15;
mConnectionState = 16;
CompleteHandshake();
break;
default:
throw new TlsFatalAlert(10);
}
break;
case 2:
{
short num = mConnectionState;
if (num == 1)
{
ReceiveServerHelloMessage(val);
mConnectionState = 2;
mRecordStream.NotifyHelloComplete();
ApplyMaxFragmentLengthExtension();
if (mResumedSession)
{
mSecurityParameters.masterSecret = Arrays.Clone(mSessionParameters.MasterSecret);
mRecordStream.SetPendingConnectionState(Peer.GetCompression(), Peer.GetCipher());
SendChangeCipherSpecMessage();
break;
}
InvalidateSession();
if (mSelectedSessionID.Length > 0)
{
mTlsSession = new TlsSessionImpl(mSelectedSessionID, null);
}
break;
}
throw new TlsFatalAlert(10);
}
case 23:
{
short num = mConnectionState;
if (num == 2)
{
HandleSupplementalData(TlsProtocol.ReadSupplementalDataMessage(val));
break;
}
throw new TlsFatalAlert(10);
}
case 14:
switch (mConnectionState)
{
case 2:
case 3:
case 4:
case 5:
case 6:
case 7:
{
if (mConnectionState < 3)
{
HandleSupplementalData(null);
}
if (mConnectionState < 4)
{
mKeyExchange.SkipServerCredentials();
mAuthentication = null;
}
if (mConnectionState < 6)
{
mKeyExchange.SkipServerKeyExchange();
}
TlsProtocol.AssertEmpty(val);
mConnectionState = 8;
mRecordStream.HandshakeHash.SealHashAlgorithms();
global::System.Collections.IList clientSupplementalData = mTlsClient.GetClientSupplementalData();
if (clientSupplementalData != null)
{
SendSupplementalDataMessage(clientSupplementalData);
}
mConnectionState = 9;
TlsCredentials tlsCredentials = null;
if (mCertificateRequest == null)
{
mKeyExchange.SkipClientCredentials();
}
else
{
tlsCredentials = mAuthentication.GetClientCredentials(mCertificateRequest);
if (tlsCredentials == null)
{
mKeyExchange.SkipClientCredentials();
SendCertificateMessage(Certificate.EmptyChain);
}
else
{
mKeyExchange.ProcessClientCredentials(tlsCredentials);
SendCertificateMessage(tlsCredentials.Certificate);
}
}
mConnectionState = 10;
SendClientKeyExchangeMessage();
mConnectionState = 11;
TlsHandshakeHash tlsHandshakeHash = mRecordStream.PrepareToFinish();
mSecurityParameters.sessionHash = TlsProtocol.GetCurrentPrfHash(Context, tlsHandshakeHash, null);
TlsProtocol.EstablishMasterSecret(Context, mKeyExchange);
mRecordStream.SetPendingConnectionState(Peer.GetCompression(), Peer.GetCipher());
if (tlsCredentials != null && tlsCredentials is TlsSignerCredentials)
{
TlsSignerCredentials tlsSignerCredentials = (TlsSignerCredentials)tlsCredentials;
SignatureAndHashAlgorithm signatureAndHashAlgorithm = TlsUtilities.GetSignatureAndHashAlgorithm(Context, tlsSignerCredentials);
byte[] hash = ((signatureAndHashAlgorithm != null) ? tlsHandshakeHash.GetFinalHash(signatureAndHashAlgorithm.Hash) : mSecurityParameters.SessionHash);
byte[] signature = tlsSignerCredentials.GenerateCertificateSignature(hash);
DigitallySigned certificateVerify = new DigitallySigned(signatureAndHashAlgorithm, signature);
SendCertificateVerifyMessage(certificateVerify);
mConnectionState = 12;
}
SendChangeCipherSpecMessage();
SendFinishedMessage();
mConnectionState = 13;
break;
}
default:
throw new TlsFatalAlert(40);
}
break;
case 12:
switch (mConnectionState)
{
case 2:
case 3:
case 4:
case 5:
if (mConnectionState < 3)
{
HandleSupplementalData(null);
}
if (mConnectionState < 4)
{
mKeyExchange.SkipServerCredentials();
mAuthentication = null;
}
mKeyExchange.ProcessServerKeyExchange((Stream)(object)val);
TlsProtocol.AssertEmpty(val);
mConnectionState = 6;
break;
default:
throw new TlsFatalAlert(10);
}
break;
case 13:
switch (mConnectionState)
{
case 4:
case 5:
case 6:
if (mConnectionState != 6)
{
mKeyExchange.SkipServerKeyExchange();
}
if (mAuthentication == null)
{
throw new TlsFatalAlert(40);
}
mCertificateRequest = CertificateRequest.Parse(Context, (Stream)(object)val);
TlsProtocol.AssertEmpty(val);
mKeyExchange.ValidateCertificateRequest(mCertificateRequest);
TlsUtilities.TrackHashAlgorithms(mRecordStream.HandshakeHash, mCertificateRequest.SupportedSignatureAlgorithms);
mConnectionState = 7;
break;
default:
throw new TlsFatalAlert(10);
}
break;
case 4:
{
short num = mConnectionState;
if (num == 13)
{
if (!mExpectSessionTicket)
{
throw new TlsFatalAlert(10);
}
InvalidateSession();
ReceiveNewSessionTicketMessage(val);
mConnectionState = 14;
break;
}
throw new TlsFatalAlert(10);
}
case 0:
TlsProtocol.AssertEmpty(val);
if (mConnectionState == 16)
{
RefuseRenegotiation();
}
break;
default:
throw new TlsFatalAlert(10);
}
}
protected override void HandleHandshakeMessage(byte type, byte[] data)
{
MemoryStream buf = new MemoryStream(data, false);
if (base.mResumedSession)
{
if ((type != 20) || (base.mConnectionState != 2))
{
throw new TlsFatalAlert(10);
}
this.ProcessFinishedMessage(buf);
base.mConnectionState = 15;
this.SendFinishedMessage();
base.mConnectionState = 13;
base.mConnectionState = 0x10;
this.CompleteHandshake();
}
else
{
switch (type)
{
case 0:
TlsProtocol.AssertEmpty(buf);
if (base.mConnectionState == 0x10)
{
this.RefuseRenegotiation();
}
return;
case 2:
if (base.mConnectionState != 1)
{
throw new TlsFatalAlert(10);
}
this.ReceiveServerHelloMessage(buf);
base.mConnectionState = 2;
base.mRecordStream.NotifyHelloComplete();
this.ApplyMaxFragmentLengthExtension();
if (base.mResumedSession)
{
base.mSecurityParameters.masterSecret = Arrays.Clone(base.mSessionParameters.MasterSecret);
base.mRecordStream.SetPendingConnectionState(this.Peer.GetCompression(), this.Peer.GetCipher());
this.SendChangeCipherSpecMessage();
}
else
{
this.InvalidateSession();
if (this.mSelectedSessionID.Length > 0)
{
base.mTlsSession = new TlsSessionImpl(this.mSelectedSessionID, null);
}
}
return;
case 4:
if (base.mConnectionState != 13)
{
throw new TlsFatalAlert(10);
}
if (!base.mExpectSessionTicket)
{
throw new TlsFatalAlert(10);
}
this.InvalidateSession();
this.ReceiveNewSessionTicketMessage(buf);
base.mConnectionState = 14;
return;
case 11:
switch (base.mConnectionState)
{
case 2:
case 3:
if (base.mConnectionState == 2)
{
this.HandleSupplementalData(null);
}
base.mPeerCertificate = Certificate.Parse(buf);
TlsProtocol.AssertEmpty(buf);
if ((base.mPeerCertificate == null) || base.mPeerCertificate.IsEmpty)
{
base.mAllowCertificateStatus = false;
}
this.mKeyExchange.ProcessServerCertificate(base.mPeerCertificate);
this.mAuthentication = this.mTlsClient.GetAuthentication();
this.mAuthentication.NotifyServerCertificate(base.mPeerCertificate);
base.mConnectionState = 4;
return;
}
throw new TlsFatalAlert(10);
case 12:
switch (base.mConnectionState)
{
case 2:
case 3:
case 4:
case 5:
if (base.mConnectionState < 3)
{
this.HandleSupplementalData(null);
}
if (base.mConnectionState < 4)
{
this.mKeyExchange.SkipServerCredentials();
this.mAuthentication = null;
}
this.mKeyExchange.ProcessServerKeyExchange(buf);
TlsProtocol.AssertEmpty(buf);
base.mConnectionState = 6;
return;
}
throw new TlsFatalAlert(10);
case 13:
switch (base.mConnectionState)
{
case 4:
case 5:
case 6:
if (base.mConnectionState != 6)
{
this.mKeyExchange.SkipServerKeyExchange();
}
if (this.mAuthentication == null)
{
throw new TlsFatalAlert(40);
}
this.mCertificateRequest = CertificateRequest.Parse(this.Context, buf);
TlsProtocol.AssertEmpty(buf);
this.mKeyExchange.ValidateCertificateRequest(this.mCertificateRequest);
TlsUtilities.TrackHashAlgorithms(base.mRecordStream.HandshakeHash, this.mCertificateRequest.SupportedSignatureAlgorithms);
base.mConnectionState = 7;
return;
}
throw new TlsFatalAlert(10);
case 14:
switch (base.mConnectionState)
{
case 2:
case 3:
case 4:
case 5:
case 6:
case 7:
{
if (base.mConnectionState < 3)
{
this.HandleSupplementalData(null);
}
if (base.mConnectionState < 4)
{
this.mKeyExchange.SkipServerCredentials();
this.mAuthentication = null;
}
if (base.mConnectionState < 6)
{
this.mKeyExchange.SkipServerKeyExchange();
}
TlsProtocol.AssertEmpty(buf);
base.mConnectionState = 8;
base.mRecordStream.HandshakeHash.SealHashAlgorithms();
IList clientSupplementalData = this.mTlsClient.GetClientSupplementalData();
if (clientSupplementalData != null)
{
this.SendSupplementalDataMessage(clientSupplementalData);
}
base.mConnectionState = 9;
TlsCredentials clientCredentials = null;
if (this.mCertificateRequest == null)
{
this.mKeyExchange.SkipClientCredentials();
}
else
{
clientCredentials = this.mAuthentication.GetClientCredentials(this.Context, this.mCertificateRequest);
if (clientCredentials == null)
{
this.mKeyExchange.SkipClientCredentials();
this.SendCertificateMessage(Certificate.EmptyChain);
}
else
{
this.mKeyExchange.ProcessClientCredentials(clientCredentials);
this.SendCertificateMessage(clientCredentials.Certificate);
}
}
base.mConnectionState = 10;
this.SendClientKeyExchangeMessage();
base.mConnectionState = 11;
TlsHandshakeHash handshakeHash = base.mRecordStream.PrepareToFinish();
base.mSecurityParameters.sessionHash = TlsProtocol.GetCurrentPrfHash(this.Context, handshakeHash, null);
TlsProtocol.EstablishMasterSecret(this.Context, this.mKeyExchange);
base.mRecordStream.SetPendingConnectionState(this.Peer.GetCompression(), this.Peer.GetCipher());
if ((clientCredentials != null) && (clientCredentials is TlsSignerCredentials))
{
byte[] sessionHash;
TlsSignerCredentials signerCredentials = (TlsSignerCredentials)clientCredentials;
SignatureAndHashAlgorithm signatureAndHashAlgorithm = TlsUtilities.GetSignatureAndHashAlgorithm(this.Context, signerCredentials);
if (signatureAndHashAlgorithm == null)
{
sessionHash = base.mSecurityParameters.SessionHash;
}
else
{
sessionHash = handshakeHash.GetFinalHash(signatureAndHashAlgorithm.Hash);
}
byte[] signature = signerCredentials.GenerateCertificateSignature(sessionHash);
DigitallySigned certificateVerify = new DigitallySigned(signatureAndHashAlgorithm, signature);
this.SendCertificateVerifyMessage(certificateVerify);
base.mConnectionState = 12;
}
this.SendChangeCipherSpecMessage();
this.SendFinishedMessage();
base.mConnectionState = 13;
return;
}
}
throw new TlsFatalAlert(40);
case 20:
switch (base.mConnectionState)
{
case 13:
case 14:
if ((base.mConnectionState == 13) && base.mExpectSessionTicket)
{
throw new TlsFatalAlert(10);
}
this.ProcessFinishedMessage(buf);
base.mConnectionState = 15;
base.mConnectionState = 0x10;
this.CompleteHandshake();
return;
}
throw new TlsFatalAlert(10);
case 0x16:
if (base.mConnectionState != 4)
{
throw new TlsFatalAlert(10);
}
if (!base.mAllowCertificateStatus)
{
throw new TlsFatalAlert(10);
}
this.mCertificateStatus = CertificateStatus.Parse(buf);
TlsProtocol.AssertEmpty(buf);
base.mConnectionState = 5;
return;
case 0x17:
if (base.mConnectionState != 2)
{
throw new TlsFatalAlert(10);
}
this.HandleSupplementalData(TlsProtocol.ReadSupplementalDataMessage(buf));
return;
}
throw new TlsFatalAlert(10);
}
}