Skip to content

Latest commit

 

History

History
75 lines (63 loc) · 2.67 KB

tls13-clientconfig-posthandshakeclientauth.md

File metadata and controls

75 lines (63 loc) · 2.67 KB
/*
 * Neuroxiq 2022
 * Arctium Project / Code example
 * TLS 1.3 - Client - Post Handshake Client Authentication
 * 
 * How to configure Post Handshake Client Authentication
 * 
 * Can be tested with Arctium TLS 1.3 Server or any server that supports post handshake authentication
 */


using Arctium.Standards.Connection.Tls.Tls13.API;
using Arctium.Standards.Connection.Tls.Tls13.API.APIModel;
using Arctium.Standards.Connection.Tls.Tls13.API.Extensions;
using Arctium.Standards.Connection.Tls.Tls13.API.Messages;
using System.Net.Sockets;
using System.Text;

namespace ConsoleAppTest
{
    // Configuration is very similar to Handshake Client Auth
    class HSClientAuth : ClientConfigPostHandshakeClientAuthentication
    {
        public override Certificates GetCertificateToSendToServer(IList<Extension> extensionInCertificateRequest)
        {
            // method needs to return list of certificates
            // or null certificate if not want to use authentication.
            // 'extensions' parameter is extensions from server

            foreach (var ext in extensionInCertificateRequest)
            {
                // cast extensions and use it if want
                switch (ext.ExtensionType)
                {
                    case ExtensionType.UnknownExtension: break;
                    case ExtensionType.OidFilters: var oids = ext as ExtensionOidFilters; break;
                    case ExtensionType.SignatureAlgorithms: var sigalgo = ext as ExtensionSignatureSchemeList; break;
                    case ExtensionType.CertificateAuthorities: break;
                    default: break;
                }
            }

            return new Certificates
            {
                // this value can be null if dont want to authenticate
                ClientCertificate = Tls13Resources.CERT_WITH_KEY_cert_secp256r1_sha256_1,
                
                //x509 chain, here is empty for purpose of this example
                ParentCertificates = new Arctium.Standards.X509.X509Cert.X509Certificate[0]
            };
        }
    }

    internal class MainProgram
    {
        static void Main()
        {
            var context = Tls13ClientContext.DefaultUnsafe();

            // configure Post Handshake Client  Authentication
            // client will send extensions that indicates that client support Post Handshake auth
            context.Config.ConfigurePostHandshakeClientAuthentication(new HSClientAuth());
            
            var client = new Tls13Client(context);
            var networkStream = Tls13Resources.NetworkStreamToExampleServer();

            var stream = client.Connect(networkStream, out var info);

            // ready to go
        }
    }
}