1 // Transport Security Layer (TLS)
2 // Copyright (c) 2003-2004 Carlos Guzman Alvarez
3 
4 //
5 // Permission is hereby granted, free of charge, to any person obtaining
6 // a copy of this software and associated documentation files (the
7 // "Software"), to deal in the Software without restriction, including
8 // without limitation the rights to use, copy, modify, merge, publish,
9 // distribute, sublicense, and/or sell copies of the Software, and to
10 // permit persons to whom the Software is furnished to do so, subject to
11 // the following conditions:
12 //
13 // The above copyright notice and this permission notice shall be
14 // included in all copies or substantial portions of the Software.
15 //
16 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
17 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
18 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
19 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
20 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
21 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
22 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
23 //
24 
25 using System;
26 using System.Security.Cryptography.X509Certificates;
27 
28 using Mono.Security.Protocol.Tls;
29 
30 namespace Mono.Security.Protocol.Tls.Handshake.Client
31 {
32 	internal class TlsClientCertificate : HandshakeMessage
33 	{
34 		private bool clientCertSelected;
35 		private X509Certificate clientCert;
36 
37 		#region Constructors
38 
TlsClientCertificate(Context context)39 		public TlsClientCertificate(Context context)
40 			: base(context, HandshakeType.Certificate)
41 		{
42 		}
43 
44 		#endregion
45 
46 		#region Properties
47 
48 		public X509Certificate ClientCertificate {
49 			get {
50 				if (!clientCertSelected)
51 				{
52 					GetClientCertificate ();
53 					clientCertSelected = true;
54 				}
55 				return clientCert;
56 			}
57 		}
58 
59 		#endregion
60 
61 		#region Methods
62 
Update()63 		public override void Update()
64 		{
65 			base.Update();
66 			this.Reset();
67 		}
68 
69 		#endregion
70 
71 		#region Protected Methods
72 
GetClientCertificate()73 		private void GetClientCertificate ()
74 		{
75 #warning "Client certificate selection is unfinished"
76 			ClientContext context = (ClientContext)this.Context;
77 
78 			// note: the server may ask for mutual authentication
79 			// but may not require it (i.e. it can be optional).
80 			if (context.ClientSettings.Certificates != null &&
81 				context.ClientSettings.Certificates.Count > 0)
82 			{
83 				clientCert = context.SslStream.RaiseClientCertificateSelection(
84 					this.Context.ClientSettings.Certificates,
85 					new X509Certificate(this.Context.ServerSettings.Certificates[0].RawData),
86 					this.Context.ClientSettings.TargetHost,
87 					null);
88 				// Note: the application code can raise it's
89 				// own exception to stop the connection too.
90 			}
91 
92 			// Update the selected client certificate
93 			context.ClientSettings.ClientCertificate = clientCert;
94 		}
95 
SendCertificates()96 		private void SendCertificates ()
97 		{
98 			TlsStream chain = new TlsStream ();
99 
100 			X509Certificate currentCert = this.ClientCertificate;
101 			while (currentCert != null) {
102 				byte[] rawCert = currentCert.GetRawCertData ();
103 				chain.WriteInt24 (rawCert.Length);
104 				chain.Write(rawCert);
105 				currentCert = FindParentCertificate (currentCert);
106 			}
107 			this.WriteInt24 ((int)chain.Length);
108 			this.Write (chain.ToArray ());
109 		}
110 
ProcessAsSsl3()111 		protected override void ProcessAsSsl3()
112 		{
113 			if (this.ClientCertificate != null) {
114 				SendCertificates ();
115 			} else {
116 				// an Alert warning for NoCertificate (41)
117 				// should be sent from here - but that would
118 				// break the current message handling
119 			}
120 		}
121 
ProcessAsTls1()122 		protected override void ProcessAsTls1()
123 		{
124 			if (this.ClientCertificate != null) {
125 				SendCertificates ();
126 			} else {
127 				// return message with empty certificate (see 7.4.6 in RFC2246)
128 				this.WriteInt24 (0);
129 			}
130 		}
131 
FindParentCertificate(X509Certificate cert)132 		private X509Certificate FindParentCertificate (X509Certificate cert)
133 		{
134 			// This certificate is the root certificate
135 			if (cert.GetName () == cert.GetIssuerName ())
136 				return null;
137 
138 			foreach (X509Certificate certificate in this.Context.ClientSettings.Certificates) {
139 				if (cert.GetName () == cert.GetIssuerName ())
140 					return certificate;
141 			}
142 			return null;
143 		}
144 
145 		#endregion
146 	}
147 }
148