|
|
/*++
Copyright (c) 1997 Microsoft Corporation
Module Name:
ssocket.hxx
Abstract:
Contains types, manifests, prototypes for Internet Secure Socket Class (ICSecureSocket) functions and methods (in common\ssocket.cxx)
Author:
Richard L Firth (rfirth) 08-Apr-1997
Revision History:
08-Apr-1997 rfirth Created (from ixport.hxx)
--*/
#define SECURITY_WIN32
#include <sspi.h>
#include <issperr.h>
#include <buffer.hxx>
#include <winerror.h>
//
// forward references
//
class CFsm_SecureConnect;class CFsm_SecureHandshake;class CFsm_SecureNegotiate;class CFsm_NegotiateLoop;class CFsm_SecureSend;class CFsm_SecureReceive;
//
// classes
//
class ICSecureSocket : public ICSocket {
private:
CtxtHandle m_hContext; DWORD m_dwProviderIndex; LPSTR m_lpszHostName; DBLBUFFER * m_pdblbufBuffer; DWORD m_dwSecureProtocols; SECURITY_CACHE_LIST *m_pCertCache;
SECURITY_CACHE_LIST_ENTRY *m_pSecurityInfo;
#if INET_DEBUG
#define SECURE_SOCKET_SIGNATURE 0x534c5353 // "SSLS"
#define SIGN_SECURE_SOCKET() \
m_Signature = SECURE_SOCKET_SIGNATURE
#define CHECK_SECURE_SOCKET() \
INET_ASSERT(m_Signature == SECURE_SOCKET_SIGNATURE)
#else
#define SIGN_SECURE_SOCKET() \
/* NOTHING */
#define CHECK_SECURE_SOCKET() \
/* NOTHING */
#endif
VOID SetSecure(VOID) { SetSecureFlags(SECURITY_FLAG_SECURE); }
DWORD EncryptData( IN LPVOID lpBuffer, IN DWORD dwInBufferLen, OUT LPVOID * lplpBuffer, OUT LPDWORD lpdwOutBufferLen, OUT LPDWORD lpdwInBufferBytesEncrypted );
DWORD DecryptData( OUT DWORD * lpdwBytesNeeded, OUT LPBYTE lpOutBuffer, IN OUT LPDWORD lpdwOutBufferLeft, IN OUT LPDWORD lpdwOutBufferReceived, IN OUT LPDWORD lpdwOutBufferBytesRead );
VOID TerminateSecConnection( VOID );
BOOL IsSameFingerPrint(PCCERT_CONTEXT pCachedCert); DWORD ReVerifyTrust(DWORD dwRecheckFlag);
public:
ICSecureSocket(void);
virtual ~ICSecureSocket(VOID);
DWORD Connect( IN LONG ConnectTimeout, IN INT Retries, IN LONG SendTimeout, IN LONG RecvTimeout, IN DWORD dwFlags );
DWORD Connect_Fsm( IN CFsm_SecureConnect * Fsm );
DWORD SecureHandshake_Fsm( IN CFsm_SecureHandshake * Fsm );
DWORD SecureNegotiate_Fsm( IN CFsm_SecureNegotiate * Fsm );
DWORD NegotiateLoop_Fsm( IN CFsm_NegotiateLoop * Fsm );
DWORD NegotiateSecConnection( IN DWORD dwFlags, OUT LPBOOL lpbAttemptReconnect );
DWORD SSPINegotiateLoop( OUT DBLBUFFER * pDoubleBuffer, IN DWORD dwFlags, IN CredHandle hCreds, IN BOOL fDoInitialRead, IN BOOL bDoingClientAuth );
DWORD Disconnect( IN DWORD dwFlags );
DWORD Send( IN LPVOID lpBuffer, IN DWORD dwBufferLength, IN DWORD dwFlags );
DWORD Send_Fsm( IN CFsm_SecureSend * Fsm );
DWORD Receive( IN OUT LPVOID* lplpBuffer, IN OUT LPDWORD lpdwBufferLength, IN OUT LPDWORD lpdwBufferRemaining, IN OUT LPDWORD lpdwBytesReceived, IN DWORD dwExtraSpace, IN DWORD dwFlags, OUT LPBOOL lpbEof );
DWORD Receive_Fsm( IN CFsm_SecureReceive * Fsm );
DWORD SecureHandshakeWithServer( IN DWORD dwFlags, OUT LPBOOL lpfAttemptReconnect );
DWORD VerifyTrust( VOID );
SECURITY_CACHE_LIST_ENTRY * GetSecurityEntry() { if (m_pSecurityInfo != NULL) { m_pSecurityInfo->AddRef(); return m_pSecurityInfo; } return NULL; }
VOID SetSecurityEntry(SECURITY_CACHE_LIST_ENTRY *entry) { if (entry != NULL) { entry->AddRef(); } if (m_pSecurityInfo != NULL) { m_pSecurityInfo->Release(); } m_pSecurityInfo = entry; }
DWORD SetHostName( IN LPSTR lpszHostName, IN INTERNET_PORT HostPort, IN SECURITY_CACHE_LIST *pCertCache );
LPSTR GetHostName(VOID) const { return m_lpszHostName; }
//
// GetCertChainList (and)
// SetCertChainList -
// Sets and Gets Client Authentication Cert Chains.
//
CERT_CONTEXT_ARRAY* GetCertContextArray(VOID) { if(m_pSecurityInfo) { return m_pSecurityInfo->GetCertContextArray(); } return NULL;
}
VOID SetCertContextArray(CERT_CONTEXT_ARRAY* pNewCertContextArray) { if(m_pSecurityInfo) { m_pSecurityInfo->SetCertContextArray(pNewCertContextArray); } }
//
// GetSecureFlags AND SetSecureFlags AND GetCertInfo
// Allows setting and getting of a bitmask which
// stores various data bits on current socket connection.
//
DWORD GetSecurityInfo(LPINTERNET_SECURITY_INFO pInfo) {
if(m_pSecurityInfo) { m_pSecurityInfo->CopyOut(*pInfo); return ERROR_SUCCESS; } else { return ERROR_WINHTTP_INTERNAL_ERROR; } }
VOID SetSecureFlags(DWORD Flags) { if(m_pSecurityInfo) { m_pSecurityInfo->SetSecureFlags(Flags); } }
DWORD GetSecureFlags(VOID) { if(m_pSecurityInfo) { return m_pSecurityInfo->GetSecureFlags(); } return 0; }
VOID SetStatusFlags(DWORD Flags) { if(m_pSecurityInfo) { m_pSecurityInfo->SetStatusFlags(Flags); } }
DWORD GetStatusFlags(VOID) { if(m_pSecurityInfo) { return m_pSecurityInfo->GetStatusFlags(); } return 0; }
DWORD GetProviderIndex(VOID) const {
INET_ASSERT(IsSecure());
return m_dwProviderIndex; }
VOID SetProviderIndex(DWORD dwIndex) {
INET_ASSERT(IsSecure());
m_dwProviderIndex = dwIndex; }
BOOL MatchSecureProtocolSemantics( DWORD dwFlags, LPSTR pszHostName = NULL, DWORD dwSecureProtocols = 0, DWORD dwSecureFlags = 0) { DWORD dwSocketSecureFlags = GetSecureFlags() & ~(SECURITY_FLAG_SECURE | SECURITY_FLAG_STRENGTH_WEAK | SECURITY_FLAG_STRENGTH_MEDIUM | SECURITY_FLAG_STRENGTH_STRONG); if ((dwSecureFlags & SECURITY_FLAG_CHECK_REVOCATION) && !(dwSocketSecureFlags & SECURITY_FLAG_CHECK_REVOCATION)) { return FALSE; }
dwSocketSecureFlags &= (~SECURITY_FLAG_CHECK_REVOCATION); dwSecureFlags &= (~SECURITY_FLAG_CHECK_REVOCATION);
// Enabled protocols should match what's being requested,
// and if a k-a, the protocols for the socket still should match
// that of the session
// AND
// Tunnel flag must match, as well as the established tunnel server if
// going through a proxy.
return ( (0 == (dwSecureProtocols ^ m_pCertCache->GetSecureProtocols()) && m_pCertCache->GetSecureProtocols() == m_dwSecureProtocols) && ((dwSocketSecureFlags & dwSecureFlags) == dwSocketSecureFlags) &&
(((m_dwFlags & SF_TUNNEL) == (dwFlags & SF_TUNNEL)) ? TRUE : FALSE) && (!pszHostName || 0 == strcmp(m_lpszHostName, pszHostName)) ); }
// Helper for flushing flags when first used as a CONNECT
// for SSL tunneling.
VOID ResetFlags(BOOL fSecure) { m_dwFlags = (fSecure ? SF_SECURE : 0); }
};
|
