[pgsqlclient-checkins] pgsqlclient_10/Mono.Security.Protocol.Tls/Mono.Security.Protocol.Tls/Mono.Sec

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Update of /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security.Protocol.Tls/Mono.Security.Protocol.Tls/Mono.Security.Protocol.Tls.Handshake/Mono.Security.Protocol.Tls.Handshake.Client
In directory sc8-pr-cvs1:/tmp/cvs-serv9838

Modified Files:
	TlsClientCertificateVerify.cs TlsClientKeyExchange.cs 
	TlsServerCertificate.cs TlsServerKeyExchange.cs 
Log Message:
2003-10-28 Carlos Guzmán Álvarez <car...@te...>

	* CipherSuite.cs:
	* TlsSessionSettings.cs:
	* TlsServerSettings.cs:
	* Mono.Security.Protocol.Tls.Handshake.Client/TlsClientCertificateVerify.cs:
	* Mono.Security.Protocol.Tls.Handshake.Client/TlsClientKeyExchange.cs:
	* Mono.Security.Protocol.Tls.Handshake.Client/TlsServerCertificate.cs:
	* Mono.Security.Protocol.Tls.Handshake.Client/TlsServerKeyExchange.cs:

		- Added changes for make use of X509 classes from mono.

	* Mono.Security/ASN1Convert.cs:
	* Mono.Security.X509/*.*:

		- New files from mono for allow basic certificate validation.

Index: TlsClientCertificateVerify.cs
===================================================================
RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security.Protocol.Tls/Mono.Security.Protocol.Tls/Mono.Security.Protocol.Tls.Handshake/Mono.Security.Protocol.Tls.Handshake.Client/TlsClientCertificateVerify.cs,v
retrieving revision 1.2
retrieving revision 1.3
diff -C2 -d -r1.2 -r1.3
*** TlsClientCertificateVerify.cs	16 Oct 2003 14:25:57 -0000	1.2
--- TlsClientCertificateVerify.cs	28 Oct 2003 16:12:30 -0000	1.3
***************
*** 53,57 ****
  		protected override void ProcessAsSsl3()
  		{
! 			throw new NotSupportedException();
  		}

--- 53,57 ----
  		protected override void ProcessAsSsl3()
  		{
! 			this.ProcessAsTls1();
  		}

***************
*** 59,62 ****
--- 59,63 ----
  		{
  			#warning "Process message here"
+ 			throw new NotSupportedException();
  		}

Index: TlsClientKeyExchange.cs
===================================================================
RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security.Protocol.Tls/Mono.Security.Protocol.Tls/Mono.Security.Protocol.Tls.Handshake/Mono.Security.Protocol.Tls.Handshake.Client/TlsClientKeyExchange.cs,v
retrieving revision 1.8
retrieving revision 1.9
diff -C2 -d -r1.8 -r1.9
*** TlsClientKeyExchange.cs	24 Oct 2003 09:39:21 -0000	1.8
--- TlsClientKeyExchange.cs	28 Oct 2003 16:12:30 -0000	1.9
***************
*** 50,62 ****

  			// Create a new RSA key
! 			RSACryptoServiceProvider rsa = null;
! 			if (this.Session.Context.ServerSettings.ServerKeyExchange)
! 			{
! 				rsa = this.Session.Context.Cipher.CreateRSA(this.Session.Context.ServerSettings.RsaParameters);
! 			}
! 			else
! 			{
! 				rsa = this.Session.Context.Cipher.CreateRSA(this.Session.Context.ServerSettings.ServerCertificates[0]);
! 			}			

  			// Encrypt premaster_sercret
--- 50,54 ----

  			// Create a new RSA key
! 			RSA rsa = this.Session.Context.Cipher.CreateRSA();

  			// Encrypt premaster_sercret
***************
*** 83,95 ****

  			// Create a new RSA key
! 			RSACryptoServiceProvider rsa = null;
! 			if (this.Session.Context.ServerSettings.ServerKeyExchange)
! 			{
! 				rsa = this.Session.Context.Cipher.CreateRSA(this.Session.Context.ServerSettings.RsaParameters);
! 			}
! 			else
! 			{
! 				rsa = this.Session.Context.Cipher.CreateRSA(this.Session.Context.ServerSettings.ServerCertificates[0]);
! 			}			

  			// Encrypt premaster_sercret
--- 75,79 ----

  			// Create a new RSA key
! 			RSA rsa = this.Session.Context.Cipher.CreateRSA();

  			// Encrypt premaster_sercret

Index: TlsServerCertificate.cs
===================================================================
RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security.Protocol.Tls/Mono.Security.Protocol.Tls/Mono.Security.Protocol.Tls.Handshake/Mono.Security.Protocol.Tls.Handshake.Client/TlsServerCertificate.cs,v
retrieving revision 1.6
retrieving revision 1.7
diff -C2 -d -r1.6 -r1.7
*** TlsServerCertificate.cs	22 Oct 2003 11:48:08 -0000	1.6
--- TlsServerCertificate.cs	28 Oct 2003 16:12:30 -0000	1.7
***************
*** 25,31 ****
  using System;
  using System.Security.Cryptography;
- using System.Security.Cryptography.X509Certificates;

  using Mono.Security.Protocol.Tls.Alerts;

  namespace Mono.Security.Protocol.Tls.Handshake.Client
--- 25,31 ----
  using System;
  using System.Security.Cryptography;

  using Mono.Security.Protocol.Tls.Alerts;
+ using Mono.Security.X509;

  namespace Mono.Security.Protocol.Tls.Handshake.Client
***************
*** 111,125 ****

  			// 1 step : Validate dates
! 			DateTime effectiveDate	= DateTime.Parse(certificate.GetEffectiveDateString());
! 			DateTime expirationDate = DateTime.Parse(certificate.GetExpirationDateString());
! 			if (System.DateTime.Now < effectiveDate || 
! 				System.DateTime.Now > expirationDate)
  			{
! 				throw Session.CreateException("Certificate received FromBase64Transform the server expired.");
  			}

  			// 2 step: Validate CA

  			// 3 step: Validate digital sign

  			// 4 step: Validate domain name
--- 111,127 ----

  			// 1 step : Validate dates
! 			if (!certificate.WasCurrent(System.DateTime.Now))
  			{
! 				throw Session.CreateException("Certificate received from the server expired.");
  			}

  			// 2 step: Validate CA
+ 			

  			// 3 step: Validate digital sign
+ 			if (!certificate.VerifySignature(certificate.RSA))
+ 			{
+ 				throw Session.CreateException("Certificate received from the server has invalid signature.");
+ 			}

  			// 4 step: Validate domain name

Index: TlsServerKeyExchange.cs
===================================================================
RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security.Protocol.Tls/Mono.Security.Protocol.Tls/Mono.Security.Protocol.Tls.Handshake/Mono.Security.Protocol.Tls.Handshake.Client/TlsServerKeyExchange.cs,v
retrieving revision 1.6
retrieving revision 1.7
diff -C2 -d -r1.6 -r1.7
*** TlsServerKeyExchange.cs	22 Oct 2003 11:48:08 -0000	1.6
--- TlsServerKeyExchange.cs	28 Oct 2003 16:12:30 -0000	1.7
***************
*** 26,29 ****
--- 26,30 ----
  using System.Security.Cryptography;

+ using Mono.Security.X509;

  namespace Mono.Security.Protocol.Tls.Handshake.Client
***************
*** 54,58 ****
  			base.UpdateSession();

! 			this.Session.Context.ServerSettings.ServerKeyExchange = true;
  			this.Session.Context.ServerSettings.RsaParameters		= this.rsaParams;
  			this.Session.Context.ServerSettings.SignedParams		= this.signedParams;
--- 55,59 ----
  			base.UpdateSession();

! 			this.Session.Context.ServerSettings.ServerKeyExchange	= true;
  			this.Session.Context.ServerSettings.RsaParameters		= this.rsaParams;
  			this.Session.Context.ServerSettings.SignedParams		= this.signedParams;
***************
*** 91,96 ****
  		private void verify()
  		{
! 			MD5CryptoServiceProvider	md5 = new MD5CryptoServiceProvider();
! 			SHA1CryptoServiceProvider	sha = new SHA1CryptoServiceProvider();

  			// Create server params array
--- 92,97 ----
  		private void verify()
  		{
! 			HashAlgorithm md5 = new MD5CryptoServiceProvider();
! 			HashAlgorithm sha = new SHA1CryptoServiceProvider();

  			// Create server params array
***************
*** 106,119 ****

  			// Compute md5 and sha hashes
! 			byte[] md5Hash = md5.ComputeHash(serverParams, 0, serverParams.Length);
! 			byte[] shaHash = sha.ComputeHash(serverParams, 0, serverParams.Length);

  			// Calculate signature
! 			RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(rsaParams.Modulus.Length << 3);
  			rsa.ImportParameters(rsaParams);

! 			#warning "Verify Signature here"
! 
! 			// RSAPKCS1SignatureDeformatter rsaDeformatter = new RSAPKCS1SignatureDeformatter(rsa);
  		}

--- 107,122 ----

  			// Compute md5 and sha hashes
! 			TlsStream hash = new TlsStream();
! 
! 			hash.Write(md5.ComputeHash(serverParams, 0, serverParams.Length));
! 			hash.Write(sha.ComputeHash(serverParams, 0, serverParams.Length));

  			// Calculate signature
! 			RSA rsa = new RSACryptoServiceProvider(rsaParams.Modulus.Length << 3);
  			rsa.ImportParameters(rsaParams);

! 			// Verify Signature
! 			X509Certificate certificate = this.Session.Context.ServerSettings.ServerCertificates[0];
! 			certificate.CheckSignature(hash.ToArray(), "SHA1", this.signedParams);
  		}