| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112 |
- #if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
- #pragma warning disable
- using System;
- using System.IO;
- using BestHTTP.SecureProtocol.Org.BouncyCastle.Tls.Crypto;
- namespace BestHTTP.SecureProtocol.Org.BouncyCastle.Tls
- {
- public abstract class DefaultTlsServer
- : AbstractTlsServer
- {
- private static readonly int[] DefaultCipherSuites = new int[]
- {
- /*
- * TODO[tls13] TLS 1.3
- */
- //CipherSuite.TLS_CHACHA20_POLY1305_SHA256,
- //CipherSuite.TLS_AES_256_GCM_SHA384,
- //CipherSuite.TLS_AES_128_GCM_SHA256,
- /*
- * pre-TLS 1.3
- */
- CipherSuite.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
- CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
- CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
- CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
- CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
- CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
- CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
- CipherSuite.TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
- CipherSuite.TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
- CipherSuite.TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
- CipherSuite.TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
- CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
- CipherSuite.TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
- CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
- CipherSuite.TLS_RSA_WITH_AES_256_GCM_SHA384,
- CipherSuite.TLS_RSA_WITH_AES_128_GCM_SHA256,
- CipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA256,
- CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA256,
- CipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA,
- CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA,
- };
- public DefaultTlsServer(TlsCrypto crypto)
- : base(crypto)
- {
- }
- /// <exception cref="IOException"/>
- protected virtual TlsCredentialedSigner GetDsaSignerCredentials()
- {
- throw new TlsFatalAlert(AlertDescription.internal_error);
- }
- /// <exception cref="IOException"/>
- protected virtual TlsCredentialedSigner GetECDsaSignerCredentials()
- {
- throw new TlsFatalAlert(AlertDescription.internal_error);
- }
- /// <exception cref="IOException"/>
- protected virtual TlsCredentialedDecryptor GetRsaEncryptionCredentials()
- {
- throw new TlsFatalAlert(AlertDescription.internal_error);
- }
- /// <exception cref="IOException"/>
- protected virtual TlsCredentialedSigner GetRsaSignerCredentials()
- {
- throw new TlsFatalAlert(AlertDescription.internal_error);
- }
- protected override int[] GetSupportedCipherSuites()
- {
- return TlsUtilities.GetSupportedCipherSuites(Crypto, DefaultCipherSuites);
- }
- public override TlsCredentials GetCredentials()
- {
- int keyExchangeAlgorithm = m_context.SecurityParameters.KeyExchangeAlgorithm;
- switch (keyExchangeAlgorithm)
- {
- case KeyExchangeAlgorithm.DHE_DSS:
- return GetDsaSignerCredentials();
- case KeyExchangeAlgorithm.DH_anon:
- case KeyExchangeAlgorithm.ECDH_anon:
- return null;
- case KeyExchangeAlgorithm.ECDHE_ECDSA:
- return GetECDsaSignerCredentials();
- case KeyExchangeAlgorithm.DHE_RSA:
- case KeyExchangeAlgorithm.ECDHE_RSA:
- return GetRsaSignerCredentials();
- case KeyExchangeAlgorithm.RSA:
- return GetRsaEncryptionCredentials();
- default:
- // Note: internal error here; selected a key exchange we don't implement!
- throw new TlsFatalAlert(AlertDescription.internal_error);
- }
- }
- }
- }
- #pragma warning restore
- #endif
|
