You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
286 lines
6.0 KiB
286 lines
6.0 KiB
/*++
|
|
|
|
Copyright (c) 1996 Microsoft Corporation
|
|
|
|
Module Name:
|
|
|
|
certcach.hxx
|
|
|
|
Abstract:
|
|
|
|
Contains class definition for certificate cache object.
|
|
The class acts a container for common certificates.
|
|
|
|
Contents:
|
|
SECURITY_CACHE_LIST
|
|
SECURITY_CACHE_LIST_ENTRY
|
|
|
|
Author:
|
|
|
|
Arthur L Bierer (arthurbi) 20-Apr-1996
|
|
|
|
Revision History:
|
|
|
|
20-Apr-1996 arthurbi
|
|
Created
|
|
|
|
--*/
|
|
|
|
|
|
//
|
|
// SECURITY_INFO_LIST_ENTRY - contains all security info
|
|
// pertaining to all connections to a server.
|
|
//
|
|
|
|
class SECURITY_CACHE_LIST_ENTRY {
|
|
|
|
friend class SECURITY_CACHE_LIST;
|
|
|
|
private:
|
|
|
|
//
|
|
// _List - Generic List entry structure.
|
|
//
|
|
|
|
LIST_ENTRY _List;
|
|
|
|
//
|
|
// _cRef - Reference count for this element.
|
|
//
|
|
|
|
LONG _cRef;
|
|
|
|
//
|
|
// _CertInfo - Certificate and other security
|
|
// attributes for the connection to
|
|
// this machine.
|
|
//
|
|
|
|
INTERNET_SECURITY_INFO _CertInfo;
|
|
|
|
//
|
|
// _dwSecurityFlags - Overrides for warnings.
|
|
//
|
|
|
|
DWORD _dwSecurityFlags;
|
|
|
|
//
|
|
// _dwStatusFlags - Tracker for all secure connection failure flags.
|
|
//
|
|
|
|
DWORD _dwStatusFlags;
|
|
|
|
//
|
|
// _ServerName - The name of the server
|
|
//
|
|
|
|
ICSTRING _ServerName;
|
|
|
|
//
|
|
// _pCertChainList - If there is Client Authentication do be done with this server,
|
|
// then we'll cache it and remeber it later.
|
|
//
|
|
|
|
CERT_CONTEXT_ARRAY *_pCertContextArray;
|
|
|
|
//
|
|
// _fInCache - indicates this element is held by the cache
|
|
//
|
|
|
|
BOOL _fInCache;
|
|
|
|
#if INET_DEBUG
|
|
DWORD m_Signature;
|
|
#endif
|
|
|
|
public:
|
|
|
|
LONG AddRef(VOID);
|
|
LONG Release(VOID);
|
|
|
|
//
|
|
// Cleans up object, so it can be reused
|
|
//
|
|
|
|
BOOL InCache() { return _fInCache; }
|
|
|
|
VOID
|
|
Clear();
|
|
|
|
SECURITY_CACHE_LIST_ENTRY(
|
|
IN LPSTR lpszHostName
|
|
);
|
|
|
|
~SECURITY_CACHE_LIST_ENTRY();
|
|
|
|
//
|
|
// Copy CERT_INFO IN Method -
|
|
// copies a structure into our object.
|
|
//
|
|
|
|
SECURITY_CACHE_LIST_ENTRY& operator=(LPINTERNET_SECURITY_INFO Cert)
|
|
{
|
|
|
|
if(_CertInfo.pCertificate)
|
|
{
|
|
WRAP_REVERT_USER_VOID(CertFreeCertificateContext,
|
|
(_CertInfo.pCertificate));
|
|
}
|
|
_CertInfo.dwSize = sizeof(_CertInfo);
|
|
WRAP_REVERT_USER(CertDuplicateCertificateContext,
|
|
(Cert->pCertificate),
|
|
_CertInfo.pCertificate);
|
|
_CertInfo.dwProtocol = Cert->dwProtocol;
|
|
|
|
_CertInfo.aiCipher = Cert->aiCipher;
|
|
_CertInfo.dwCipherStrength = Cert->dwCipherStrength;
|
|
_CertInfo.aiHash = Cert->aiHash;
|
|
_CertInfo.dwHashStrength = Cert->dwHashStrength;
|
|
_CertInfo.aiExch = Cert->aiExch;
|
|
_CertInfo.dwExchStrength = Cert->dwExchStrength;
|
|
|
|
return *this;
|
|
}
|
|
|
|
//
|
|
// Copy CERT_INFO OUT Method -
|
|
// need to copy ourselves out.
|
|
//
|
|
|
|
VOID
|
|
CopyOut(INTERNET_SECURITY_INFO &Cert)
|
|
{
|
|
Cert.dwSize = sizeof(Cert);
|
|
WRAP_REVERT_USER(CertDuplicateCertificateContext,
|
|
(_CertInfo.pCertificate),
|
|
Cert.pCertificate);
|
|
Cert.dwProtocol = _CertInfo.dwProtocol;
|
|
|
|
Cert.aiCipher = _CertInfo.aiCipher;
|
|
Cert.dwCipherStrength = _CertInfo.dwCipherStrength;
|
|
Cert.aiHash = _CertInfo.aiHash;
|
|
Cert.dwHashStrength = _CertInfo.dwHashStrength;
|
|
Cert.aiExch = _CertInfo.aiExch;
|
|
Cert.dwExchStrength = _CertInfo.dwExchStrength;
|
|
}
|
|
|
|
//
|
|
// Sets and Gets the Client Authentication CertChain -
|
|
// we piggy back this pointer into the cache so we can cache
|
|
// previously generated and selected client auth certs.
|
|
//
|
|
|
|
VOID SetCertContextArray(CERT_CONTEXT_ARRAY *pCertContextArray) {
|
|
if (_pCertContextArray) {
|
|
delete _pCertContextArray;
|
|
}
|
|
_pCertContextArray = pCertContextArray;
|
|
}
|
|
|
|
CERT_CONTEXT_ARRAY * GetCertContextArray() {
|
|
return _pCertContextArray;
|
|
}
|
|
|
|
DWORD GetSecureFlags() {
|
|
return _dwSecurityFlags;
|
|
}
|
|
|
|
VOID SetSecureFlags(DWORD dwFlags) {
|
|
_dwSecurityFlags |= dwFlags;
|
|
}
|
|
|
|
VOID ClearSecureFlags(DWORD dwFlags) {
|
|
_dwSecurityFlags &= (~dwFlags);
|
|
}
|
|
|
|
DWORD GetStatusFlags(VOID)
|
|
{
|
|
return _dwStatusFlags;
|
|
}
|
|
|
|
VOID SetStatusFlags(DWORD dwFlags)
|
|
{
|
|
_dwStatusFlags |= dwFlags;
|
|
}
|
|
|
|
VOID ClearStatusFlags(DWORD dwFlags)
|
|
{
|
|
_dwStatusFlags &= (~dwFlags);
|
|
}
|
|
|
|
};
|
|
|
|
|
|
|
|
class SECURITY_CACHE_LIST {
|
|
|
|
private:
|
|
|
|
//
|
|
// _List - serialized list of SECURITY_CACHE_LIST_ENTRY objects
|
|
//
|
|
|
|
SERIALIZED_LIST _List;
|
|
|
|
#if INET_DEBUG
|
|
DWORD m_Signature;
|
|
#endif
|
|
|
|
public:
|
|
|
|
SECURITY_CACHE_LIST_ENTRY *
|
|
Find(
|
|
IN LPSTR lpszHostname
|
|
);
|
|
|
|
VOID Initialize(VOID) {
|
|
InitializeSerializedList(&_List);
|
|
#if INET_DEBUG
|
|
m_Signature = 0x4c436553; // "SeCL"
|
|
#endif
|
|
}
|
|
|
|
VOID Terminate(VOID) {
|
|
|
|
DEBUG_ENTER((DBG_OBJECTS,
|
|
None,
|
|
"SECURITY_CACHE_LIST::Terminate",
|
|
"{%#x}",
|
|
this
|
|
));
|
|
|
|
ClearList();
|
|
|
|
TerminateSerializedList(&_List);
|
|
|
|
DEBUG_LEAVE(0);
|
|
}
|
|
|
|
VOID
|
|
ClearList(
|
|
VOID
|
|
);
|
|
|
|
DWORD
|
|
Add(
|
|
IN SECURITY_CACHE_LIST_ENTRY * entry
|
|
);
|
|
|
|
#if 0
|
|
|
|
BOOL
|
|
IsCertInCache(
|
|
IN LPSTR lpszHostname
|
|
)
|
|
{
|
|
SECURITY_CACHE_LIST_ENTRY *entry =
|
|
Find(lpszHostname);
|
|
|
|
if ( entry )
|
|
return TRUE;
|
|
|
|
return FALSE;
|
|
}
|
|
#endif
|
|
|
|
};
|