Fork: 0
mark / BlackoutClient
Transfer to URL with SHA Find file
Newer
Older
BlackoutClient / Assets / Best HTTP / Source / SecureProtocol / crypto / tls / DefaultTlsSignerCredentials.cs
@Mark Mark on 30 Jan 2020 3 KB Added Best HTTP 2 plugin
Raw Blame History 
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
#pragma warning disable
using System;
using System.IO;

using BestHTTP.SecureProtocol.Org.BouncyCastle.Crypto.Parameters;
using BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities;

namespace BestHTTP.SecureProtocol.Org.BouncyCastle.Crypto.Tls
{
    public class DefaultTlsSignerCredentials
        :   AbstractTlsSignerCredentials
    {
        protected readonly TlsContext mContext;
        protected readonly Certificate mCertificate;
        protected readonly AsymmetricKeyParameter mPrivateKey;
        protected readonly SignatureAndHashAlgorithm mSignatureAndHashAlgorithm;

        protected readonly TlsSigner mSigner;

        public DefaultTlsSignerCredentials(TlsContext context, Certificate certificate, AsymmetricKeyParameter privateKey)
            :   this(context, certificate, privateKey, null)
        {
        }

        public DefaultTlsSignerCredentials(TlsContext context, Certificate certificate, AsymmetricKeyParameter privateKey,
            SignatureAndHashAlgorithm signatureAndHashAlgorithm)
        {
            if (certificate == null)
                throw new ArgumentNullException("certificate");
            if (certificate.IsEmpty)
                throw new ArgumentException("cannot be empty", "clientCertificate");
            if (privateKey == null)
                throw new ArgumentNullException("privateKey");
            if (!privateKey.IsPrivate)
                throw new ArgumentException("must be private", "privateKey");
            if (TlsUtilities.IsTlsV12(context) && signatureAndHashAlgorithm == null)
                throw new ArgumentException("cannot be null for (D)TLS 1.2+", "signatureAndHashAlgorithm");

            if (privateKey is RsaKeyParameters)
            {
                mSigner = new TlsRsaSigner();
            }
            else if (privateKey is DsaPrivateKeyParameters)
            {
                mSigner = new TlsDssSigner();
            }
            else if (privateKey is ECPrivateKeyParameters)
            {
                mSigner = new TlsECDsaSigner();
            }
            else
            {
                throw new ArgumentException("type not supported: " + BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.GetTypeName(privateKey), "privateKey");
            }

            this.mSigner.Init(context);

            this.mContext = context;
            this.mCertificate = certificate;
            this.mPrivateKey = privateKey;
            this.mSignatureAndHashAlgorithm = signatureAndHashAlgorithm;
        }

        public override Certificate Certificate
        {
            get { return mCertificate; }
        }

        /// <exception cref="IOException"></exception>
        public override byte[] GenerateCertificateSignature(byte[] hash)
        {
            try
            {
                if (TlsUtilities.IsTlsV12(mContext))
                {
                    return mSigner.GenerateRawSignature(mSignatureAndHashAlgorithm, mPrivateKey, hash);
                }
                else
                {
                    return mSigner.GenerateRawSignature(mPrivateKey, hash);
                }
            }
            catch (CryptoException e)
            {
                throw new TlsFatalAlert(AlertDescription.internal_error, e);
            }
        }

        public override SignatureAndHashAlgorithm SignatureAndHashAlgorithm
        {
            get { return mSignatureAndHashAlgorithm; }
        }
    }
}
#pragma warning restore
#endif