[pgsqlclient-checkins] pgsqlclient_10/Mono.Security.Protocol.Tls/Mono.Security.Protocol.Tls/Mono.Sec
Status: Inactive
Brought to you by:
carlosga_fb
Menu
▾
▴
[pgsqlclient-checkins] pgsqlclient_10/Mono.Security.Protocol.Tls/Mono.Security.Protocol.Tls/Mono.Security.Protocol.Tls.Handshake/Mono.Security.Protocol.Tls.Handshake.Client TlsClientCertificate.cs,1.13,1.14 TlsClientCertificateVerify.cs,1.17,1.18
Update of /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security.Protocol.Tls/Mono.Security.Protocol.Tls/Mono.Security.Protocol.Tls.Handshake/Mono.Security.Protocol.Tls.Handshake.Client In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv29105 Modified Files: TlsClientCertificate.cs TlsClientCertificateVerify.cs Log Message: Updated files Index: TlsClientCertificate.cs =================================================================== RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security.Protocol.Tls/Mono.Security.Protocol.Tls/Mono.Security.Protocol.Tls.Handshake/Mono.Security.Protocol.Tls.Handshake.Client/TlsClientCertificate.cs,v retrieving revision 1.13 retrieving revision 1.14 diff -C2 -d -r1.13 -r1.14 *** TlsClientCertificate.cs 21 Dec 2003 14:56:06 -0000 1.13 --- TlsClientCertificate.cs 8 Feb 2004 22:26:17 -0000 1.14 *************** *** 1,93 **** ! /* Transport Security Layer (TLS) ! * Copyright (c) 2003 Carlos Guzmán Álvarez ! * ! * Permission is hereby granted, free of charge, to any person ! * obtaining a copy of this software and associated documentation ! * files (the "Software"), to deal in the Software without restriction, ! * including without limitation the rights to use, copy, modify, merge, ! * publish, distribute, sublicense, and/or sell copies of the Software, ! * and to permit persons to whom the Software is furnished to do so, ! * subject to the following conditions: ! * ! * The above copyright notice and this permission notice shall be included ! * in all copies or substantial portions of the Software. ! * ! * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, ! * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES ! * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ! * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT ! * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, ! * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, ! * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER ! * DEALINGS IN THE SOFTWARE. ! */ ! ! using System; ! using System.Security.Cryptography.X509Certificates; ! ! using Mono.Security.Protocol.Tls; ! ! namespace Mono.Security.Protocol.Tls.Handshake.Client ! { ! internal class TlsClientCertificate : TlsHandshakeMessage ! { ! #region Constructors ! ! public TlsClientCertificate(TlsContext context) ! : base(context, TlsHandshakeType.Certificate) ! { ! } ! ! #endregion ! ! #region Methods ! ! public override void Update() ! { ! base.Update(); ! this.Reset(); ! } ! ! #endregion ! ! #region Protected Methods ! ! protected override void ProcessAsSsl3() ! { ! this.ProcessAsTls1(); ! } ! ! protected override void ProcessAsTls1() ! { ! if (this.Context.ClientSettings.Certificates == null || ! this.Context.ClientSettings.Certificates.Count == 0) ! { ! throw this.Context.CreateException("Client certificate requested by the server and no client certificate specified."); ! } ! ! // Select a valid certificate ! X509Certificate clientCert = this.Context.ClientSettings.Certificates[0]; ! ! /* ! clientCert = this.Context.SslStream.RaiseClientCertificateSelection( ! this.Context.ClientSettings.Certificates, ! this.Context.ServerSettings.Certificates[0], ! this.Context.ClientSettings.TargetHost, ! null); ! */ ! ! ! // Write client certificates information to a stream ! TlsStream stream = new TlsStream(); ! ! stream.WriteInt24(clientCert.GetRawCertData().Length); ! stream.Write(clientCert.GetRawCertData()); ! ! // Compose the message ! this.WriteInt24((int)stream.Length); ! this.Write(stream.ToArray()); ! } ! ! #endregion ! } ! } --- 1,94 ---- ! /* Transport Security Layer (TLS) ! * Copyright (c) 2003 Carlos Guzmán Álvarez ! * ! * Permission is hereby granted, free of charge, to any person ! * obtaining a copy of this software and associated documentation ! * files (the "Software"), to deal in the Software without restriction, ! * including without limitation the rights to use, copy, modify, merge, ! * publish, distribute, sublicense, and/or sell copies of the Software, ! * and to permit persons to whom the Software is furnished to do so, ! * subject to the following conditions: ! * ! * The above copyright notice and this permission notice shall be included ! * in all copies or substantial portions of the Software. ! * ! * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, ! * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES ! * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ! * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT ! * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, ! * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, ! * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER ! * DEALINGS IN THE SOFTWARE. ! */ ! ! using System; ! using System.Security.Cryptography.X509Certificates; ! ! using Mono.Security.Protocol.Tls; ! ! namespace Mono.Security.Protocol.Tls.Handshake.Client ! { ! internal class TlsClientCertificate : TlsHandshakeMessage ! { ! #region Constructors ! ! public TlsClientCertificate(TlsContext context) ! : base(context, TlsHandshakeType.Certificate) ! { ! } ! ! #endregion ! ! #region Methods ! ! public override void Update() ! { ! base.Update(); ! this.Reset(); ! } ! ! #endregion ! ! #region Protected Methods ! ! protected override void ProcessAsSsl3() ! { ! this.ProcessAsTls1(); ! } ! ! protected override void ProcessAsTls1() ! { ! if (this.Context.ClientSettings.Certificates == null || ! this.Context.ClientSettings.Certificates.Count == 0) ! { ! throw this.Context.CreateException("Client certificate requested by the server and no client certificate specified."); ! } ! ! // Select a valid certificate ! X509Certificate clientCert = this.Context.ClientSettings.Certificates[0]; ! ! /* ! clientCert = this.Context.SslStream.RaiseClientCertificateSelection( ! this.Context.ClientSettings.Certificates, ! this.Context.ServerSettings.Certificates[0], ! this.Context.ClientSettings.TargetHost, ! null); ! */ ! ! this.Context.ClientSettings.ClientCertificate = clientCert; ! ! // Write client certificates information to a stream ! TlsStream stream = new TlsStream(); ! ! stream.WriteInt24(clientCert.GetRawCertData().Length); ! stream.Write(clientCert.GetRawCertData()); ! ! // Compose the message ! this.WriteInt24((int)stream.Length); ! this.Write(stream.ToArray()); ! } ! ! #endregion ! } ! } Index: TlsClientCertificateVerify.cs =================================================================== RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security.Protocol.Tls/Mono.Security.Protocol.Tls/Mono.Security.Protocol.Tls.Handshake/Mono.Security.Protocol.Tls.Handshake.Client/TlsClientCertificateVerify.cs,v retrieving revision 1.17 retrieving revision 1.18 diff -C2 -d -r1.17 -r1.18 *** TlsClientCertificateVerify.cs 26 Dec 2003 11:17:14 -0000 1.17 --- TlsClientCertificateVerify.cs 8 Feb 2004 22:26:17 -0000 1.18 *************** *** 1,125 **** ! /* Transport Security Layer (TLS) ! * Copyright (c) 2003 Carlos Guzmán Álvarez ! * ! * Permission is hereby granted, free of charge, to any person ! * obtaining a copy of this software and associated documentation ! * files (the "Software"), to deal in the Software without restriction, ! * including without limitation the rights to use, copy, modify, merge, ! * publish, distribute, sublicense, and/or sell copies of the Software, ! * and to permit persons to whom the Software is furnished to do so, ! * subject to the following conditions: ! * ! * The above copyright notice and this permission notice shall be included ! * in all copies or substantial portions of the Software. ! * ! * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, ! * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES ! * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ! * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT ! * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, ! * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, ! * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER ! * DEALINGS IN THE SOFTWARE. ! */ ! ! using System; ! using System.Security.Cryptography.X509Certificates; ! ! using System.Security.Cryptography; ! using Mono.Security.Cryptography; ! ! namespace Mono.Security.Protocol.Tls.Handshake.Client ! { ! internal class TlsClientCertificateVerify : TlsHandshakeMessage ! { ! #region Constructors ! ! public TlsClientCertificateVerify(TlsContext context) ! : base(context, TlsHandshakeType.Finished) ! { ! } ! ! #endregion ! ! #region Methods ! ! public override void Update() ! { ! base.Update(); ! this.Reset(); ! } ! ! #endregion ! ! #region Protected Methods ! ! protected override void ProcessAsSsl3() ! { ! throw new NotSupportedException(); ! } ! ! protected override void ProcessAsTls1() ! { ! // Compute handshake messages hash ! MD5SHA1 hash = new MD5SHA1(); ! hash.ComputeHash( ! this.Context.HandshakeMessages.ToArray(), ! 0, ! (int)this.Context.HandshakeMessages.Length); ! ! // RSAManaged of the selected ClientCertificate ! // (at this moment the first one) ! RSA rsa = getClientCertRSA(); ! ! // Write message ! Write(hash.CreateSignature(rsa)); ! } ! ! #endregion ! ! #region Private methods ! ! private RSA getClientCertRSA() ! { ! RSAParameters rsaParams = new RSAParameters(); ! // for RSA m_publickey contains 2 ASN.1 integers ! // the modulus and the public exponent ! ASN1 pubkey = new ASN1 (this.Context.ClientSettings.Certificates[0].GetPublicKey()); ! ASN1 modulus = pubkey [0]; ! if ((modulus == null) || (modulus.Tag != 0x02)) ! return null; ! ASN1 exponent = pubkey [1]; ! if (exponent.Tag != 0x02) ! return null; ! ! rsaParams.Modulus = this.getUnsignedBigInteger(modulus.Value); ! rsaParams.Exponent = exponent.Value; ! ! // BUG: MS BCL 1.0 can't import a key which ! // isn't the same size as the one present in ! // the container. ! int keySize = (rsaParams.Modulus.Length << 3); ! RSAManaged rsa = new RSAManaged(keySize); ! rsa.ImportParameters (rsaParams); ! ! return (RSA)rsa; ! } ! ! private byte[] getUnsignedBigInteger(byte[] integer) ! { ! if (integer [0] == 0x00) ! { ! // this first byte is added so we're sure it's an unsigned integer ! // however we can't feed it into RSAParameters or DSAParameters ! int length = integer.Length - 1; ! byte[] uinteger = new byte [length]; ! Array.Copy (integer, 1, uinteger, 0, length); ! return uinteger; ! } ! else ! return integer; ! } ! ! #endregion ! } ! } --- 1,145 ---- ! /* Transport Security Layer (TLS) ! * Copyright (c) 2003 Carlos Guzmán Álvarez ! * ! * Permission is hereby granted, free of charge, to any person ! * obtaining a copy of this software and associated documentation ! * files (the "Software"), to deal in the Software without restriction, ! * including without limitation the rights to use, copy, modify, merge, ! * publish, distribute, sublicense, and/or sell copies of the Software, ! * and to permit persons to whom the Software is furnished to do so, ! * subject to the following conditions: ! * ! * The above copyright notice and this permission notice shall be included ! * in all copies or substantial portions of the Software. ! * ! * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, ! * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES ! * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ! * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT ! * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, ! * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, ! * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER ! * DEALINGS IN THE SOFTWARE. ! */ ! ! using System; ! using System.Security.Cryptography.X509Certificates; ! ! using System.Security.Cryptography; ! using Mono.Security.Cryptography; ! ! namespace Mono.Security.Protocol.Tls.Handshake.Client ! { ! internal class TlsClientCertificateVerify : TlsHandshakeMessage ! { ! #region Constructors ! ! public TlsClientCertificateVerify(TlsContext context) ! : base(context, TlsHandshakeType.Finished) ! { ! } ! ! #endregion ! ! #region Methods ! ! public override void Update() ! { ! base.Update(); ! this.Reset(); ! } ! ! #endregion ! ! #region Protected Methods ! ! protected override void ProcessAsSsl3() ! { ! throw new NotSupportedException(); ! } ! ! protected override void ProcessAsTls1() ! { ! AsymmetricAlgorithm privKey = this.Context.SslStream.RaisePrivateKeySelection( ! this.Context.ClientSettings.ClientCertificate, ! this.Context.ClientSettings.TargetHost); ! ! // Compute handshake messages hash ! MD5SHA1 hash = new MD5SHA1(); ! hash.ComputeHash( ! this.Context.HandshakeMessages.ToArray(), ! 0, ! (int)this.Context.HandshakeMessages.Length); ! ! // RSAManaged of the selected ClientCertificate ! // (at this moment the first one) ! RSA rsa = getClientCertRSA((RSA)privKey); ! ! // Write message ! Write(hash.CreateSignature(rsa)); ! } ! ! #endregion ! ! #region Private methods ! ! private RSA getClientCertRSA(RSA privKey) ! { ! RSAParameters rsaParams = new RSAParameters(); ! RSAParameters privateParams = privKey.ExportParameters(true); ! ! // for RSA m_publickey contains 2 ASN.1 integers ! // the modulus and the public exponent ! ASN1 pubkey = new ASN1 (this.Context.ClientSettings.Certificates[0].GetPublicKey()); ! ASN1 modulus = pubkey [0]; ! if ((modulus == null) || (modulus.Tag != 0x02)) ! { ! return null; ! } ! ASN1 exponent = pubkey [1]; ! if (exponent.Tag != 0x02) ! { ! return null; ! } ! ! rsaParams.Modulus = this.getUnsignedBigInteger(modulus.Value); ! rsaParams.Exponent = exponent.Value; ! ! // Set private key parameters ! rsaParams.D = privateParams.D; ! rsaParams.DP = privateParams.DP; ! rsaParams.DQ = privateParams.DQ; ! rsaParams.InverseQ = privateParams.InverseQ; ! rsaParams.P = privateParams.P; ! rsaParams.Q = privateParams.Q; ! ! // BUG: MS BCL 1.0 can't import a key which ! // isn't the same size as the one present in ! // the container. ! int keySize = (rsaParams.Modulus.Length << 3); ! RSAManaged rsa = new RSAManaged(keySize); ! rsa.ImportParameters (rsaParams); ! ! return (RSA)rsa; ! } ! ! private byte[] getUnsignedBigInteger(byte[] integer) ! { ! if (integer [0] == 0x00) ! { ! // this first byte is added so we're sure it's an unsigned integer ! // however we can't feed it into RSAParameters or DSAParameters ! int length = integer.Length - 1; ! byte[] uinteger = new byte [length]; ! Array.Copy (integer, 1, uinteger, 0, length); ! return uinteger; ! } ! else ! { ! return integer; ! } ! } ! ! #endregion ! } ! } |
