1 /* Transport Security Layer (TLS)
2 * Copyright (c) 2003 Carlos Guzmán Álvarez
4 * Permission is hereby granted, free of charge, to any person
5 * obtaining a copy of this software and associated documentation
6 * files (the "Software"), to deal in the Software without restriction,
7 * including without limitation the rights to use, copy, modify, merge,
8 * publish, distribute, sublicense, and/or sell copies of the Software,
9 * and to permit persons to whom the Software is furnished to do so,
10 * subject to the following conditions:
12 * The above copyright notice and this permission notice shall be included
13 * in all copies or substantial portions of the Software.
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
17 * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
19 * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
20 * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
22 * DEALINGS IN THE SOFTWARE.
26 using System.Security.Cryptography;
27 using System.Security.Cryptography.X509Certificates;
29 using Mono.Security.Protocol.Tls.Alerts;
31 namespace Mono.Security.Protocol.Tls.Handshake.Client
33 internal class TlsServerCertificate : TlsHandshakeMessage
37 private X509CertificateCollection certificates;
43 public X509CertificateCollection Certificates
45 get { return certificates; }
52 public TlsServerCertificate(TlsSession session, byte[] buffer)
53 : base(session, TlsHandshakeType.Certificate, buffer)
61 public override void UpdateSession()
64 this.Session.Context.ServerSettings.ServerCertificates = certificates;
69 #region PROTECTED_METHODS
71 protected override void ProcessAsSsl3()
73 throw new NotSupportedException();
76 protected override void ProcessAsTls1()
78 this.certificates = new X509CertificateCollection();
81 int length = ReadInt24();
83 while (readed < length)
85 // Read certificate length
86 int certLength = ReadInt24();
94 X509Certificate certificate = new X509Certificate(ReadBytes(certLength));
95 certificates.Add(certificate);
99 validateCertificate(certificate);
106 #region PRIVATE_METHODS
108 private void validateCertificate(X509Certificate certificate)
110 #warning "Check validity of certificates"
112 // 1 step : Validate dates
113 DateTime effectiveDate = DateTime.Parse(certificate.GetEffectiveDateString());
114 DateTime expirationDate = DateTime.Parse(certificate.GetExpirationDateString());
115 if (System.DateTime.Now < effectiveDate ||
116 System.DateTime.Now > expirationDate)
118 throw Session.CreateException("Certificate received FromBase64Transform the server expired.");
121 // 2 step: Validate CA
123 // 3 step: Validate digital sign
125 // 4 step: Validate domain name