[pgsqlclient-checkins] pgsqlclient_10/Mono.Security.Protocol.Tls/Mono.Security.Protocol.Tls/Mono.Security.Protocol.Tls.Handshake/Mono.Security.Protocol.Tls.Handshake.Client TlsClientCertificate.cs,1.12,1.13 TlsServerKeyExchange.cs,1.15,1.16

[<car...@us...>]

Update of /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security.Protocol.Tls/Mono.Security.Protocol.Tls/Mono.Security.Protocol.Tls.Handshake/Mono.Security.Protocol.Tls.Handshake.Client
In directory sc8-pr-cvs1:/tmp/cvs-serv7974

Modified Files:
	TlsClientCertificate.cs TlsServerKeyExchange.cs 
Log Message:
2003-12-21 Carlos Guzmán Álvarez  <car...@te...>

	* Mono.Security.Protocol.Tls.Handshake.Client/TlsClientCertificate.cs:

		- Send always the first certificate.

	* Mono.Security.Protocol.Tls.Handshake.Client/TlsServerKeyExchange.cs:

		- Added changes for correct verification of the signed data sent 
		by the server.


Index: TlsClientCertificate.cs
===================================================================
RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security.Protocol.Tls/Mono.Security.Protocol.Tls/Mono.Security.Protocol.Tls.Handshake/Mono.Security.Protocol.Tls.Handshake.Client/TlsClientCertificate.cs,v
retrieving revision 1.12
retrieving revision 1.13
diff -C2 -d -r1.12 -r1.13
*** TlsClientCertificate.cs	14 Dec 2003 15:01:54 -0000	1.12
--- TlsClientCertificate.cs	21 Dec 2003 14:56:06 -0000	1.13
***************
*** 24,30 ****
  
  using System;
- using Mono.Security.Protocol.Tls;
  using System.Security.Cryptography.X509Certificates;
  
  namespace Mono.Security.Protocol.Tls.Handshake.Client
  {
--- 24,31 ----
  
  using System;
  using System.Security.Cryptography.X509Certificates;
  
+ using Mono.Security.Protocol.Tls;
+ 
  namespace Mono.Security.Protocol.Tls.Handshake.Client
  {
***************
*** 65,75 ****
  			}
  			
  			// Write client certificates information to a stream
  			TlsStream stream = new TlsStream();
! 			foreach (X509Certificate cert in this.Context.ClientSettings.Certificates)
! 			{
! 				stream.WriteInt24(cert.GetRawCertData().Length);
! 				stream.Write(cert.GetRawCertData());
! 			}
  
  			// Compose the message
--- 66,86 ----
  			}
  			
+ 			// Select a valid certificate
+ 			X509Certificate clientCert = this.Context.ClientSettings.Certificates[0];
+ 
+ 			/*
+ 			clientCert = this.Context.SslStream.RaiseClientCertificateSelection(
+ 							this.Context.ClientSettings.Certificates,
+ 							this.Context.ServerSettings.Certificates[0],
+ 							this.Context.ClientSettings.TargetHost,
+ 							null);
+ 			*/
+ 	
+ 
  			// Write client certificates information to a stream
  			TlsStream stream = new TlsStream();
! 
! 			stream.WriteInt24(clientCert.GetRawCertData().Length);
! 			stream.Write(clientCert.GetRawCertData());
  
  			// Compose the message

Index: TlsServerKeyExchange.cs
===================================================================
RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security.Protocol.Tls/Mono.Security.Protocol.Tls/Mono.Security.Protocol.Tls.Handshake/Mono.Security.Protocol.Tls.Handshake.Client/TlsServerKeyExchange.cs,v
retrieving revision 1.15
retrieving revision 1.16
diff -C2 -d -r1.15 -r1.16
*** TlsServerKeyExchange.cs	14 Dec 2003 15:01:54 -0000	1.15
--- TlsServerKeyExchange.cs	21 Dec 2003 14:56:06 -0000	1.16
***************
*** 37,40 ****
--- 37,41 ----
  		private RSAParameters	rsaParams;
  		private byte[]			signedParams;
+ 		private byte[]			content;
  
  		#endregion
***************
*** 92,103 ****
  			MD5SHA1 hash = new MD5SHA1();
  
  			// Create server params array
  			TlsStream stream = new TlsStream();
  
  			stream.Write(this.Context.RandomCS);
! 			stream.Write(rsaParams.Modulus.Length);
! 			stream.Write(rsaParams.Modulus);
! 			stream.Write(rsaParams.Exponent.Length);
! 			stream.Write(rsaParams.Exponent);
  
  			hash.ComputeHash(stream.ToArray());
--- 93,104 ----
  			MD5SHA1 hash = new MD5SHA1();
  
+ 			// Calculate size of server params
+ 			int size = rsaParams.Modulus.Length + rsaParams.Exponent.Length + 4;
+ 
  			// Create server params array
  			TlsStream stream = new TlsStream();
  
  			stream.Write(this.Context.RandomCS);
! 			stream.Write(this.ToArray(), 0, size);
  
  			hash.ComputeHash(stream.ToArray());
***************
*** 105,111 ****
  			stream.Reset();
  			
! 			hash.VerifySignature(
  				this.Context.Cipher.CertificateRSA(),
  				this.signedParams);
  		}
  
--- 106,117 ----
  			stream.Reset();
  			
! 			bool isValidSignature = hash.VerifySignature(
  				this.Context.Cipher.CertificateRSA(),
  				this.signedParams);
+ 
+ 			if (!isValidSignature)
+ 			{
+ 				throw this.Context.CreateException("Data was not signed with the server certificate.");
+ 			}
  		}