protected void HandleControlDHEWithCertificateAndCAs(PeerSecAssociation sa,
SecurityControlMessage scm, SecurityControlMessage scm_reply,
ISender return_path, ISender low_level_sender)
{
ProtocolLog.WriteIf(ProtocolLog.Security, GetHashCode() + " Received DHEWithCertificateAndCAs from: " + low_level_sender);
if(sa == null) {
sa = CreateSecurityAssociation(low_level_sender, scm.SPI, false);
}
byte[] cert = new byte[scm.Certificate.Length];
scm.Certificate.CopyTo(cert, 0);
X509Certificate rcert = new X509Certificate(cert);
_ch.Verify(rcert, low_level_sender);
HashAlgorithm sha1 = new SHA1CryptoServiceProvider();
scm.Verify((RSACryptoServiceProvider) rcert.RSA, sha1);
X509Certificate lcert = null;
if(SecurityPolicy.GetPolicy(scm.SPI).PreExchangedKeys) {
lcert = _ch.DefaultCertificate;
} else {
lcert = _ch.FindCertificate(scm.CAs);
}
sa.LocalCertificate = lcert;
sa.RemoteCertificate = rcert;
sa.RDHE.Value = scm.DHE;
sa.DHEWithCertificateAndCAsInHash.Value = MemBlock.Reference(sha1.ComputeHash((byte[]) scm.Packet));
scm_reply.LocalCookie = scm.RemoteCookie;
scm_reply.RemoteCookie = scm.LocalCookie;
scm_reply.DHE = sa.LDHE;
scm_reply.Certificate = MemBlock.Reference(lcert.RawData);
scm_reply.Type = SecurityControlMessage.MessageType.DHEWithCertificate;
lock(_private_key_lock) {
scm_reply.Sign(_private_key, sha1);
}
sa.DHEWithCertificateHash.Value = MemBlock.Reference(sha1.ComputeHash((byte[]) scm_reply.Packet));
ICopyable to_send = new CopyList(SecureControl, scm_reply.Packet);
return_path.Send(to_send);
ProtocolLog.WriteIf(ProtocolLog.Security, GetHashCode() + " Successful DHEWithCertificateAndCAs from: " + low_level_sender);
}