| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119 |
- #if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
- #pragma warning disable
- using System;
- using System.Collections;
- using System.IO;
- using BestHTTP.SecureProtocol.Org.BouncyCastle.Asn1.X509;
- using BestHTTP.SecureProtocol.Org.BouncyCastle.Crypto;
- using BestHTTP.SecureProtocol.Org.BouncyCastle.Crypto.Digests;
- using BestHTTP.SecureProtocol.Org.BouncyCastle.Crypto.Engines;
- using BestHTTP.SecureProtocol.Org.BouncyCastle.Crypto.Modes;
- using BestHTTP.SecureProtocol.Org.BouncyCastle.Crypto.Parameters;
- namespace BestHTTP.SecureProtocol.Org.BouncyCastle.Crypto.Tls
- {
- public abstract class DefaultTlsClient
- : AbstractTlsClient
- {
- protected TlsDHVerifier mDHVerifier;
- public DefaultTlsClient()
- : this(new DefaultTlsCipherFactory())
- {
- }
- public DefaultTlsClient(TlsCipherFactory cipherFactory)
- : this(cipherFactory, new DefaultTlsDHVerifier())
- {
- }
- public DefaultTlsClient(TlsCipherFactory cipherFactory, TlsDHVerifier dhVerifier)
- : base(cipherFactory)
- {
- this.mDHVerifier = dhVerifier;
- }
- public override int[] GetCipherSuites()
- {
- return new int[]
- {
- CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
- CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
- CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
- CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
- CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
- CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
- CipherSuite.TLS_RSA_WITH_AES_128_GCM_SHA256,
- CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA256,
- CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA,
- };
- }
- public override TlsKeyExchange GetKeyExchange()
- {
- int keyExchangeAlgorithm = TlsUtilities.GetKeyExchangeAlgorithm(mSelectedCipherSuite);
- switch (keyExchangeAlgorithm)
- {
- case KeyExchangeAlgorithm.DH_anon:
- case KeyExchangeAlgorithm.DH_DSS:
- case KeyExchangeAlgorithm.DH_RSA:
- return CreateDHKeyExchange(keyExchangeAlgorithm);
- case KeyExchangeAlgorithm.DHE_DSS:
- case KeyExchangeAlgorithm.DHE_RSA:
- return CreateDheKeyExchange(keyExchangeAlgorithm);
- case KeyExchangeAlgorithm.ECDH_anon:
- case KeyExchangeAlgorithm.ECDH_ECDSA:
- case KeyExchangeAlgorithm.ECDH_RSA:
- return CreateECDHKeyExchange(keyExchangeAlgorithm);
- case KeyExchangeAlgorithm.ECDHE_ECDSA:
- case KeyExchangeAlgorithm.ECDHE_RSA:
- return CreateECDheKeyExchange(keyExchangeAlgorithm);
- case KeyExchangeAlgorithm.RSA:
- return CreateRsaKeyExchange();
- default:
- /*
- * Note: internal error here; the TlsProtocol implementation verifies that the
- * server-selected cipher suite was in the list of client-offered cipher suites, so if
- * we now can't produce an implementation, we shouldn't have offered it!
- */
- throw new TlsFatalAlert(AlertDescription.internal_error);
- }
- }
- protected virtual TlsKeyExchange CreateDHKeyExchange(int keyExchange)
- {
- return new TlsDHKeyExchange(keyExchange, mSupportedSignatureAlgorithms, mDHVerifier, null);
- }
- protected virtual TlsKeyExchange CreateDheKeyExchange(int keyExchange)
- {
- return new TlsDheKeyExchange(keyExchange, mSupportedSignatureAlgorithms, mDHVerifier, null);
- }
- protected virtual TlsKeyExchange CreateECDHKeyExchange(int keyExchange)
- {
- return new TlsECDHKeyExchange(keyExchange, mSupportedSignatureAlgorithms, mNamedCurves, mClientECPointFormats,
- mServerECPointFormats);
- }
- protected virtual TlsKeyExchange CreateECDheKeyExchange(int keyExchange)
- {
- return new TlsECDheKeyExchange(keyExchange, mSupportedSignatureAlgorithms, mNamedCurves, mClientECPointFormats,
- mServerECPointFormats);
- }
- protected virtual TlsKeyExchange CreateRsaKeyExchange()
- {
- return new TlsRsaKeyExchange(mSupportedSignatureAlgorithms);
- }
- }
- }
- #pragma warning restore
- #endif
|
