Leaked source code of windows server 2003
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
|
|
/*++
Copyright (c) 1996 Microsoft Corporation
Module Name:
certcach.hxx
Abstract:
Contains class definition for certificate cache object. The class acts a container for common certificates.
Contents: SECURITY_CACHE_LIST SECURITY_CACHE_LIST_ENTRY
Author:
Arthur L Bierer (arthurbi) 20-Apr-1996
Revision History:
20-Apr-1996 arthurbi Created
--*/
//
// Flags, use wininet.w defined ones, so we don't collide.
//
#define CERTCACHE_FLAG_FOUND_CERT INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS
#define CERTCACHE_FLAG_IGNORE_CERT_CN_INVALID_SEND INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP
//
// SECURITY_INFO_LIST_ENTRY - contains all security info
// pertaining to all connections to a server.
//
class SECURITY_CACHE_LIST_ENTRY {
friend class SECURITY_CACHE_LIST;
private:
//
// _List - Generic List entry structure.
//
LIST_ENTRY _List;
//
// _cRef - Reference count for this element.
//
LONG _cRef;
//
// _CertInfo - Certificate and other security
// attributes for the connection to
// this machine.
//
INTERNET_SECURITY_INFO _CertInfo;
//
// _dwSecurityFlags - Overrides for warnings.
//
DWORD _dwSecurityFlags;
//
// _ServerName - The name of the server
//
ICSTRING _ServerName;
//
// _pCertChainList - If there is Client Authentication do be done with this server,
// then we'll cache it and remeber it later.
//
CERT_CONTEXT_ARRAY *_pCertContextArray;
//
// _fInCache - indicates this element is held by the cache
//
BOOL _fInCache;
//
// _fForceNewSession - indicates a new session needs to be negotiated
//
BOOL _fForceNewSession;
//
//
// _fValidateAll - easy way out to mark if all cert errors
// except revocation are being checked
//
BOOL _fValidateAll;
#if INET_DEBUG
DWORD m_Signature;#endif
public:
LONG AddRef(VOID); LONG Release(VOID);
//
// Cleans up object, so it can be reused
//
BOOL InCache() { return _fInCache; }
VOID Clear();
VOID SetForceNewSession(BOOL fForce) { _fForceNewSession = fForce; }
BOOL GetForceNewSession(VOID) { return _fForceNewSession; }
VOID SetFullyValidated(BOOL fValidateAll) { _fValidateAll = fValidateAll; }
BOOL GetFullyValidated() { return _fValidateAll; }
SECURITY_CACHE_LIST_ENTRY( IN LPSTR lpszHostName );
~SECURITY_CACHE_LIST_ENTRY();
//
// Copy CERT_INFO IN Method -
// copies a structure into our object.
//
SECURITY_CACHE_LIST_ENTRY& operator=(LPINTERNET_SECURITY_INFO Cert) {
if(_CertInfo.pCertificate) { CertFreeCertificateContext(_CertInfo.pCertificate); } _CertInfo.dwSize = sizeof(_CertInfo); _CertInfo.pCertificate = CertDuplicateCertificateContext(Cert->pCertificate); _CertInfo.dwProtocol = Cert->dwProtocol;
_CertInfo.aiCipher = Cert->aiCipher; _CertInfo.dwCipherStrength = Cert->dwCipherStrength; _CertInfo.aiHash = Cert->aiHash; _CertInfo.dwHashStrength = Cert->dwHashStrength; _CertInfo.aiExch = Cert->aiExch; _CertInfo.dwExchStrength = Cert->dwExchStrength;
return *this; }
//
// Copy CERT_INFO OUT Method -
// need to copy ourselves out.
//
VOID CopyOut(INTERNET_SECURITY_INFO &Cert) { Cert.dwSize = sizeof(Cert); Cert.pCertificate = CertDuplicateCertificateContext(_CertInfo.pCertificate); Cert.dwProtocol = _CertInfo.dwProtocol;
Cert.aiCipher = _CertInfo.aiCipher; Cert.dwCipherStrength = _CertInfo.dwCipherStrength; Cert.aiHash = _CertInfo.aiHash; Cert.dwHashStrength = _CertInfo.dwHashStrength; Cert.aiExch = _CertInfo.aiExch; Cert.dwExchStrength = _CertInfo.dwExchStrength; }
//
// Sets and Gets the Client Authentication CertChain -
// we piggy back this pointer into the cache so we can cache
// previously generated and selected client auth certs.
//
VOID SetCertContextArray(CERT_CONTEXT_ARRAY *pCertContextArray) { if (_pCertContextArray) { delete _pCertContextArray; } _pCertContextArray = pCertContextArray; }
CERT_CONTEXT_ARRAY * GetCertContextArray() { return _pCertContextArray; }
DWORD GetSecureFlags() { return _dwSecurityFlags; }
VOID SetSecureFlags(DWORD dwFlags) { _dwSecurityFlags |= dwFlags; }
VOID ClearSecureFlags(DWORD dwFlags) { _dwSecurityFlags &= (~dwFlags); }
LPSTR GetHostName(VOID) { return _ServerName.StringAddress(); }};
class SECURITY_CACHE_LIST {
private:
//
// _List - serialized list of SECURITY_CACHE_LIST_ENTRY objects
//
SERIALIZED_LIST _List;
#if INET_DEBUG
DWORD m_Signature;#endif
public:
SECURITY_CACHE_LIST_ENTRY * Find( IN LPSTR lpszHostname );
VOID Remove( IN LPSTR lpszHostname );
VOID Initialize(VOID) { InitializeSerializedList(&_List);#if INET_DEBUG
m_Signature = 0x4c436553; // "SeCL"
#endif
}
VOID Terminate(VOID) {
DEBUG_ENTER((DBG_OBJECTS, None, "SECURITY_CACHE_LIST::Terminate", "{%#x}", this ));
ClearList();
TerminateSerializedList(&_List);
DEBUG_LEAVE(0); }
VOID ClearList( VOID );
DWORD Add( IN SECURITY_CACHE_LIST_ENTRY * entry );
VOID ClearClientAuthCertChains( VOID );
#if 0
BOOL IsCertInCache( IN LPSTR lpszHostname ) { SECURITY_CACHE_LIST_ENTRY *entry = Find(lpszHostname);
if ( entry ) return TRUE;
return FALSE; }#endif
};
|
