mcs/class/Mono.Security/Mono.Security.Protocol.Tls.Handshake.Client/TlsServerCertificate.cs

   1 /* Transport Security Layer (TLS)
   2  * Copyright (c) 2003 Carlos Guzmán Álvarez
   3  *
   4  * Permission is hereby granted, free of charge, to any person
   5  * obtaining a copy of this software and associated documentation
   6  * files (the "Software"), to deal in the Software without restriction,
   7  * including without limitation the rights to use, copy, modify, merge,
   8  * publish, distribute, sublicense, and/or sell copies of the Software,
   9  * and to permit persons to whom the Software is furnished to do so,
  10  * subject to the following conditions:
  11  *
  12  * The above copyright notice and this permission notice shall be included
  13  * in all copies or substantial portions of the Software.
  14  *
  15  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
  16  * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
  17  * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
  18  * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
  19  * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
  20  * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
  21  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
  22  * DEALINGS IN THE SOFTWARE.
  23  */
  24
  25 using System;
  26 using System.Security.Cryptography;
  27 using System.Security.Cryptography.X509Certificates;
  28
  29 using Mono.Security.Protocol.Tls.Alerts;
  30
  31 namespace Mono.Security.Protocol.Tls.Handshake.Client
  32 {
  33         internal class TlsServerCertificate : TlsHandshakeMessage
  34         {
  35                 #region FIELDS
  36
  37                 private X509CertificateCollection certificates;
  38
  39                 #endregion
  40
  41                 #region PROPERTIES
  42
  43                 public X509CertificateCollection Certificates
  44                 {
  45                         get { return certificates; }
  46                 }
  47
  48                 #endregion
  49
  50                 #region CONSTRUCTORS
  51
  52                 public TlsServerCertificate(TlsSession session, byte[] buffer)
  53                         : base(session, TlsHandshakeType.Certificate, buffer)
  54                 {
  55                 }
  56
  57                 #endregion
  58
  59                 #region METHODS
  60
  61                 public override void UpdateSession()
  62                 {
  63                         base.UpdateSession();
  64                         this.Session.Context.ServerSettings.ServerCertificates = certificates;
  65                 }
  66
  67                 #endregion
  68
  69                 #region PROTECTED_METHODS
  70
  71                 protected override void ProcessAsSsl3()
  72                 {
  73                         throw new NotSupportedException();
  74                 }
  75
  76                 protected override void ProcessAsTls1()
  77                 {
  78                         this.certificates = new X509CertificateCollection();
  79
  80                         int readed      = 0;
  81                         int length      = ReadInt24();
  82
  83                         while (readed < length)
  84                         {
  85                                 // Read certificate length
  86                                 int certLength = ReadInt24();
  87
  88                                 // Increment readed
  89                                 readed += 3;
  90
  91                                 if (certLength > 0)
  92                                 {
  93                                         // Read certificate
  94                                         X509Certificate certificate = new X509Certificate(ReadBytes(certLength));
  95                                         certificates.Add(certificate);
  96
  97                                         readed += certLength;
  98
  99                                         validateCertificate(certificate);
 100                                 }
 101                         }
 102                 }
 103
 104                 #endregion
 105
 106                 #region  PRIVATE_METHODS
 107
 108                 private void validateCertificate(X509Certificate certificate)
 109                 {
 110                         #warning "Check validity of certificates"
 111
 112                         // 1 step : Validate dates
 113                         DateTime effectiveDate  = DateTime.Parse(certificate.GetEffectiveDateString());
 114                         DateTime expirationDate = DateTime.Parse(certificate.GetExpirationDateString());
 115                         if (System.DateTime.Now < effectiveDate ||
 116                                 System.DateTime.Now > expirationDate)
 117                         {
 118                                 throw Session.CreateException("Certificate received FromBase64Transform the server expired.");
 119                         }
 120
 121                         // 2 step: Validate CA
 122
 123                         // 3 step: Validate digital sign
 124
 125                         // 4 step: Validate domain name
 126                 }
 127
 128                 #endregion
 129         }
 130 }