archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 7b07a90fc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7b07a90fc1'
${ noResults }
windows-server-2003/inetcore/winhttp/v5.1/inc/certcach.hxx

414 lines
9.3 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 1996 Microsoft Corporation
  5. Module Name:
  7. certcach.hxx
  9. Abstract:
  11. Contains class definition for certificate cache object.
  12. The class acts a container for common certificates.
  14. Contents:
  15. SECURITY_CACHE_LIST
  16. SECURITY_CACHE_LIST_ENTRY
  18. Author:
  20. Arthur L Bierer (arthurbi) 20-Apr-1996
  22. Revision History:
  24. 20-Apr-1996 arthurbi
  25. Created
  27. --*/
  30. typedef struct _SEC_PROVIDER
  31. {
  32. CHAR *pszName; // security pkg name
  33. CredHandle hCreds; // credential handle
  34. DWORD dwFlags; // encryption capabilities
  35. BOOL fEnabled; // enable flag indicator
  36. DWORD dwProtocolFlags; // protocol flags that this provider supports.
  37. PCCERT_CONTEXT pCertCtxt; // cert context to use when getting default credentials.
  38. } SEC_PROVIDER, *PSEC_PROVIDER;
  40. // Default list of security packages to enumerate
  41. #define MAX_SEC_PROVIDERS 3
  43. extern const SEC_PROVIDER g_cSecProviders[MAX_SEC_PROVIDERS];
  45. enum SSL_IMPERSONATION_LEVEL
  46. {
  47. SSL_IMPERSONATION_DISABLED = 0,
  48. SSL_IMPERSONATION_ENABLED = 1,
  49. SSL_IMPERSONATION_UNINITIALIZED = 2
  50. };
  52. //
  53. // SECURITY_INFO_LIST_ENTRY - contains all security info
  54. // pertaining to all connections to a server.
  55. //
  57. class SECURITY_CACHE_LIST_ENTRY {
  59. friend class SECURITY_CACHE_LIST;
  61. private:
  63. //
  64. // _List - Generic List entry structure.
  65. //
  67. LIST_ENTRY _List;
  69. //
  70. // _cRef - Reference count for this element.
  71. //
  73. LONG _cRef;
  75. //
  76. // _CertInfo - Certificate and other security
  77. // attributes for the connection to
  78. // this machine.
  79. //
  81. INTERNET_SECURITY_INFO _CertInfo;
  83. //
  84. // _dwSecurityFlags - Overrides for warnings.
  85. //
  87. DWORD _dwSecurityFlags;
  89. //
  90. // _dwStatusFlags - Tracker for all secure connection failure flags.
  91. //
  93. DWORD _dwStatusFlags;
  95. //
  96. // _ServerName - The name of the server
  97. //
  99. ICSTRING _ServerName;
  101. INTERNET_PORT _ServerPort;
  103. //
  104. // _pCertChainList - If there is Client Authentication do be done with this server,
  105. // then we'll cache it and remeber it later.
  106. //
  108. CERT_CONTEXT_ARRAY *_pCertContextArray;
  110. //
  111. // _fInCache - indicates this element is held by the cache
  112. //
  114. BOOL _fInCache;
  116. //
  117. // _fNoRevert - indicates whether or not any potential impersonation
  118. // should be reverted during SSL handling.
  119. //
  121. BOOL _fNoRevert;
  123. #if INET_DEBUG
  124. DWORD m_Signature;
  125. #endif
  127. public:
  129. LONG AddRef(VOID);
  130. LONG Release(VOID);
  132. //
  133. // Cleans up object, so it can be reused
  134. //
  136. BOOL InCache() { return _fInCache; }
  138. const INTERNET_SECURITY_INFO& GetSecInfo() const { return _CertInfo; }
  140. VOID
  141. Clear();
  143. SECURITY_CACHE_LIST_ENTRY(
  144. IN BOOL fNoRevert,
  145. IN LPSTR lpszHostName,
  146. IN INTERNET_PORT ServerPort
  147. );
  149. ~SECURITY_CACHE_LIST_ENTRY();
  151. //
  152. // Copy CERT_INFO IN Method -
  153. // copies a structure into our object.
  154. //
  156. SECURITY_CACHE_LIST_ENTRY& operator=(LPINTERNET_SECURITY_INFO Cert)
  157. {
  159. if(_CertInfo.pCertificate)
  160. {
  161. WRAP_REVERT_USER_VOID((*g_pfnCertFreeCertificateContext),
  162. _fNoRevert,
  163. (_CertInfo.pCertificate));
  164. }
  165. _CertInfo.dwSize = sizeof(_CertInfo);
  166. WRAP_REVERT_USER((*g_pfnCertDuplicateCertificateContext),
  167. _fNoRevert,
  168. (Cert->pCertificate),
  169. _CertInfo.pCertificate);
  170. _CertInfo.dwProtocol = Cert->dwProtocol;
  172. _CertInfo.aiCipher = Cert->aiCipher;
  173. _CertInfo.dwCipherStrength = Cert->dwCipherStrength;
  174. _CertInfo.aiHash = Cert->aiHash;
  175. _CertInfo.dwHashStrength = Cert->dwHashStrength;
  176. _CertInfo.aiExch = Cert->aiExch;
  177. _CertInfo.dwExchStrength = Cert->dwExchStrength;
  179. return *this;
  180. }
  182. //
  183. // Copy CERT_INFO OUT Method -
  184. // need to copy ourselves out.
  185. //
  187. VOID
  188. CopyOut(INTERNET_SECURITY_INFO &Cert)
  189. {
  190. Cert.dwSize = sizeof(Cert);
  191. WRAP_REVERT_USER((*g_pfnCertDuplicateCertificateContext),
  192. _fNoRevert,
  193. (_CertInfo.pCertificate),
  194. Cert.pCertificate);
  195. Cert.dwProtocol = _CertInfo.dwProtocol;
  197. Cert.aiCipher = _CertInfo.aiCipher;
  198. Cert.dwCipherStrength = _CertInfo.dwCipherStrength;
  199. Cert.aiHash = _CertInfo.aiHash;
  200. Cert.dwHashStrength = _CertInfo.dwHashStrength;
  201. Cert.aiExch = _CertInfo.aiExch;
  202. Cert.dwExchStrength = _CertInfo.dwExchStrength;
  203. }
  205. //
  206. // Sets and Gets the Client Authentication CertChain -
  207. // we piggy back this pointer into the cache so we can cache
  208. // previously generated and selected client auth certs.
  209. //
  211. VOID SetCertContextArray(CERT_CONTEXT_ARRAY *pCertContextArray) {
  212. if (_pCertContextArray) {
  213. delete _pCertContextArray;
  214. }
  215. _pCertContextArray = pCertContextArray;
  216. }
  218. CERT_CONTEXT_ARRAY * GetCertContextArray() {
  219. return _pCertContextArray;
  220. }
  222. DWORD GetSecureFlags() {
  223. return _dwSecurityFlags;
  224. }
  226. VOID SetSecureFlags(DWORD dwFlags) {
  227. _dwSecurityFlags |= dwFlags;
  228. }
  230. VOID ClearSecureFlags(DWORD dwFlags) {
  231. _dwSecurityFlags &= (~dwFlags);
  232. }
  234. DWORD GetStatusFlags(VOID)
  235. {
  236. return _dwStatusFlags;
  237. }
  239. VOID SetStatusFlags(DWORD dwFlags)
  240. {
  241. _dwStatusFlags |= dwFlags;
  242. }
  244. VOID ClearStatusFlags(DWORD dwFlags)
  245. {
  246. _dwStatusFlags &= (~dwFlags);
  247. }
  249. LPSTR GetHostName(VOID) {
  250. return _ServerName.StringAddress();
  251. }
  253. BOOL IsImpersonationEnabled() {
  254. return _fNoRevert;
  255. }
  257. };
  261. class SECURITY_CACHE_LIST {
  263. private:
  265. //
  266. // _List - serialized list of SECURITY_CACHE_LIST_ENTRY objects
  267. //
  269. SERIALIZED_LIST _List;
  271. #if INET_DEBUG
  272. DWORD m_Signature;
  273. #endif
  275. //
  276. // Array of encryption providers
  277. //
  278. SEC_PROVIDER _SecProviders[MAX_SEC_PROVIDERS];
  280. //
  281. // EncProvider flag
  282. //
  284. DWORD _dwEncFlags;
  286. // Enabled SSL protocols for the session
  287. DWORD _dwSecureProtocols;
  289. SSL_IMPERSONATION_LEVEL _eImpersonationLevel;
  291. LONG _cRefs;
  293. public:
  295. SECURITY_CACHE_LIST()
  296. {
  297. _cRefs = 1;
  298. _eImpersonationLevel = SSL_IMPERSONATION_UNINITIALIZED;
  299. }
  301. LONG AddRef(VOID)
  302. {
  303. return (InterlockedIncrement(&_cRefs));
  304. }
  306. LONG Release(VOID)
  307. {
  308. // We can get away with interlocked increment/decrement
  309. // because we're guaranteed to always have a live WHO
  310. // reference anytime this is addref'ed.
  311. LONG cRefs = InterlockedDecrement(&_cRefs);
  313. if (cRefs == 0)
  314. {
  315. Terminate();
  316. delete this;
  317. }
  318. return cRefs;
  319. }
  321. SECURITY_CACHE_LIST_ENTRY *
  322. Find(
  323. IN LPSTR lpszHostname,
  324. IN INTERNET_PORT HostPort
  325. );
  327. BOOL Initialize(
  328. VOID
  329. );
  331. VOID Terminate(
  332. VOID
  333. );
  335. VOID
  336. ClearList(
  337. VOID
  338. );
  340. DWORD
  341. Add(
  342. IN SECURITY_CACHE_LIST_ENTRY * entry
  343. );
  345. #if 0
  347. BOOL
  348. IsCertInCache(
  349. IN LPSTR lpszHostname
  350. )
  351. {
  352. SECURITY_CACHE_LIST_ENTRY *entry =
  353. Find(lpszHostname);
  355. if ( entry )
  356. return TRUE;
  358. return FALSE;
  359. }
  360. #endif
  362. VOID SetSecureProtocols(DWORD dwSecureProtocols)
  363. {
  364. _dwSecureProtocols = dwSecureProtocols;
  365. }
  367. DWORD GetSecureProtocols()
  368. {
  369. return _dwSecureProtocols;
  370. }
  372. VOID SetEncFlags(DWORD dwEncFlags)
  373. {
  374. _dwEncFlags = dwEncFlags;
  375. }
  377. DWORD GetEncFlags()
  378. {
  379. return _dwEncFlags;
  380. }
  382. SEC_PROVIDER *GetSecProviders()
  383. {
  384. return _SecProviders;
  385. }
  387. DWORD SetImpersonationLevel(BOOL fLeaveImpersonation)
  388. {
  389. if (_eImpersonationLevel == SSL_IMPERSONATION_UNINITIALIZED)
  390. {
  391. _eImpersonationLevel = (fLeaveImpersonation ?
  392. SSL_IMPERSONATION_ENABLED : SSL_IMPERSONATION_DISABLED);
  393. return ERROR_SUCCESS;
  394. }
  395. else
  396. {
  397. // Can only be set once. This must also be initialized
  398. // upon creation of the first request handle if the
  399. // client doesn't set prior the first send request.
  400. return ERROR_WINHTTP_INCORRECT_HANDLE_STATE;
  401. }
  402. }
  404. BOOL IsImpersonationLevelInitialized()
  405. {
  406. return (_eImpersonationLevel == SSL_IMPERSONATION_UNINITIALIZED);
  407. }
  409. BOOL IsImpersonationEnabled()
  410. {
  411. return (_eImpersonationLevel == SSL_IMPERSONATION_ENABLED);
  412. }
  414. };