crypto/src/crypto/tls/DefaultTlsSignerCredentials.cs


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76

using System;

using Org.BouncyCastle.Crypto.Parameters;

namespace Org.BouncyCastle.Crypto.Tls
{
    public class DefaultTlsSignerCredentials
        : TlsSignerCredentials
    {
        protected TlsClientContext context;
        protected Certificate clientCert;
        protected AsymmetricKeyParameter clientPrivateKey;

        protected TlsSigner clientSigner;

        public DefaultTlsSignerCredentials(TlsClientContext context,
            Certificate clientCertificate, AsymmetricKeyParameter clientPrivateKey)
        {
            if (clientCertificate == null)
            {
                throw new ArgumentNullException("clientCertificate");
            }
            if (clientCertificate.Length == 0)
            {
                throw new ArgumentException("cannot be empty", "clientCertificate");
            }
            if (clientPrivateKey == null)
            {
                throw new ArgumentNullException("clientPrivateKey");
            }
            if (!clientPrivateKey.IsPrivate)
            {
                throw new ArgumentException("must be private", "clientPrivateKey");
            }

            if (clientPrivateKey is RsaKeyParameters)
            {
                clientSigner = new TlsRsaSigner();
            }
            else if (clientPrivateKey is DsaPrivateKeyParameters)
            {
                clientSigner = new TlsDssSigner();
            }
            else if (clientPrivateKey is ECPrivateKeyParameters)
            {
                clientSigner = new TlsECDsaSigner();
            }
            else
            {
                throw new ArgumentException("type not supported: "
                    + clientPrivateKey.GetType().FullName, "clientPrivateKey");
            }

            this.context = context;
            this.clientCert = clientCertificate;
            this.clientPrivateKey = clientPrivateKey;
        }

        public virtual Certificate Certificate
        {
            get { return clientCert; }
        }

        public virtual byte[] GenerateCertificateSignature(byte[] md5andsha1)
        {
            try
            {
                return clientSigner.GenerateRawSignature(context.SecureRandom, clientPrivateKey, md5andsha1);
            }
            catch (CryptoException)
            {
                throw new TlsFatalAlert(AlertDescription.internal_error);
            }
        }
    }
}