windows-server-2003/inetcore/wininet/inc/ssocket.hxx

/*++

Copyright (c) 1997 Microsoft Corporation

Module Name:

    ssocket.hxx

Abstract:

    Contains types, manifests, prototypes for Internet Secure Socket Class
    (ICSecureSocket) functions and methods (in common\ssocket.cxx)

Author:

    Richard L Firth (rfirth) 08-Apr-1997

Revision History:

    08-Apr-1997 rfirth
        Created (from ixport.hxx)

--*/

#define SECURITY_WIN32
#include <sspi.h>
#include <issperr.h>
#include <buffer.hxx>
#include <winerror.h>


//
// forward references
//

class CFsm_SecureConnect;
class CFsm_SecureHandshake;
class CFsm_SecureNegotiate;
class CFsm_NegotiateLoop;
class CFsm_SecureSend;
class CFsm_SecureReceive;

//
// classes
//

class ICSecureSocket : public ICSocket {

private:

    CtxtHandle m_hContext;
    DWORD m_dwProviderIndex;
    LPSTR m_lpszHostName;
    DBLBUFFER * m_pdblbufBuffer;
    DWORD m_dwErrorFlags;


    SECURITY_CACHE_LIST_ENTRY *m_pSecurityInfo;
    SECURITY_CACHE_LIST_ENTRY **m_ppSecurityInfo;

#if INET_DEBUG

#define SECURE_SOCKET_SIGNATURE 0x534c5353  // "SSLS"

#define SIGN_SECURE_SOCKET() \
    m_Signature = SECURE_SOCKET_SIGNATURE

#define CHECK_SECURE_SOCKET() \
    INET_ASSERT(m_Signature == SECURE_SOCKET_SIGNATURE)

#else

#define SIGN_SECURE_SOCKET() \
    /* NOTHING */

#define CHECK_SECURE_SOCKET() \
    /* NOTHING */

#endif

    VOID SetNonSecure(VOID)
    {
        if(m_pSecurityInfo)
        {
            m_pSecurityInfo->ClearSecureFlags(SECURITY_FLAG_SECURE);
        }
    }

    VOID SetSecure(VOID)
    {
        SetSecureFlags(SECURITY_FLAG_SECURE);
    }

    DWORD
    EncryptData(
        IN LPVOID lpBuffer,
        IN DWORD dwInBufferLen,
        OUT LPVOID * lplpBuffer,
        OUT LPDWORD lpdwOutBufferLen,
        OUT LPDWORD lpdwInBufferBytesEncrypted
        );

    DWORD
    DecryptData(
        OUT DWORD * lpdwBytesNeeded,
        OUT LPBYTE lpOutBuffer,
        IN OUT LPDWORD lpdwOutBufferLeft,
        IN OUT LPDWORD lpdwOutBufferReceived,
        IN OUT LPDWORD lpdwOutBufferBytesRead
        );

    VOID
    TerminateSecConnection(
        VOID
        );

    BOOL
        IsValidCacheEntry();

    DWORD ReVerifyTrust(
        DWORD dwRecheckFlag // either SECURITY_FLAG_CHECK_EXPIRATION or 
                            //        SECURITY_FLAG_CHECK_REVOCATION
    );

public:

    ICSecureSocket(DWORD dwErrorFlags = 0, INTERNET_SCHEME tScheme = INTERNET_SCHEME_DEFAULT);

    virtual ~ICSecureSocket(VOID);

    DWORD
    Connect(
        IN LONG Timeout,
        IN INT Retries,
        IN DWORD dwFlags
        );

    DWORD
    Connect_Fsm(
        IN CFsm_SecureConnect * Fsm
        );

    DWORD
    SecureHandshake_Fsm(
        IN CFsm_SecureHandshake * Fsm
        );

    DWORD
    SecureNegotiate_Fsm(
        IN CFsm_SecureNegotiate * Fsm
        );

    DWORD
    NegotiateLoop_Fsm(
        IN CFsm_NegotiateLoop * Fsm
        );

    DWORD
    NegotiateSecConnection(
        IN DWORD dwFlags,
        OUT LPBOOL lpbAttemptReconnect
        );

    DWORD
    SSPINegotiateLoop(
        OUT DBLBUFFER * pDoubleBuffer,
        IN DWORD dwFlags,
        IN CredHandle hCreds,
        IN BOOL fDoInitialRead,
        IN BOOL bDoingClientAuth
        );

    DWORD
    Disconnect(
        IN DWORD dwFlags
        );

    DWORD
    Send(
        IN LPVOID lpBuffer,
        IN DWORD dwBufferLength,
        IN DWORD dwFlags
        );

    DWORD
    Send_Fsm(
        IN CFsm_SecureSend * Fsm
        );

    DWORD
    Receive(
        IN OUT LPVOID* lplpBuffer,
        IN OUT LPDWORD lpdwBufferLength,
        IN OUT LPDWORD lpdwBufferRemaining,
        IN OUT LPDWORD lpdwBytesReceived,
        IN DWORD dwExtraSpace,
        IN DWORD dwFlags,
        OUT LPBOOL lpbEof
        );

    DWORD
    Receive_Fsm(
        IN CFsm_SecureReceive * Fsm
        );

    DWORD
    SecureHandshakeWithServer(
        IN DWORD dwFlags,
        OUT LPBOOL lpfAttemptReconnect
        );

    DWORD
    VerifyTrust(
        VOID
        );

    SECURITY_CACHE_LIST_ENTRY * GetSecurityEntry() {
        if (m_pSecurityInfo != NULL) {
            m_pSecurityInfo->AddRef();
            return m_pSecurityInfo;
        }
        return NULL;
    }

    VOID SetSecurityEntry(SECURITY_CACHE_LIST_ENTRY **entry) {
        if (entry != NULL && *entry) {
            (*entry)->AddRef();
        }
        if (m_pSecurityInfo != NULL) {
            m_pSecurityInfo->Release();
        }
        m_pSecurityInfo = entry ? *entry : NULL;
        m_ppSecurityInfo = entry;
    }

    DWORD
    SetHostName(
        IN LPSTR lpszHostName
        );

    LPSTR GetHostName(VOID) const {

        INET_ASSERT(IsSecure());
        INET_ASSERT(m_lpszHostName != NULL);

        return m_lpszHostName;
    }

    //
    // GetCertChainList (and)
    //   SetCertChainList -
    //  Sets and Gets Client Authentication Cert Chains.
    //

    CERT_CONTEXT_ARRAY* GetCertContextArray(VOID) {
        if(m_pSecurityInfo)
        {
            return m_pSecurityInfo->GetCertContextArray();
        }
        return NULL;

    }

    VOID SetCertContextArray(CERT_CONTEXT_ARRAY* pNewCertContextArray) {
        if(m_pSecurityInfo)
        {
            m_pSecurityInfo->SetCertContextArray(pNewCertContextArray);
        }
    }

    //
    // GetSecureFlags AND SetSecureFlags AND GetCertInfo
    //  Allows setting and getting of a bitmask which
    //  stores various data bits on current socket connection.
    //


    DWORD GetSecurityInfo(LPINTERNET_SECURITY_INFO pInfo) {

        if(m_pSecurityInfo)
        {
            m_pSecurityInfo->CopyOut(*pInfo);
            return ERROR_SUCCESS;
        }
        else
        {
            return ERROR_INTERNET_INTERNAL_ERROR;
        }
    }

    VOID SetSecureFlags(DWORD Flags) {
        if(m_pSecurityInfo)
        {
            m_pSecurityInfo->SetSecureFlags(Flags);
        }
    }

    DWORD GetSecureFlags(VOID) {
        if(m_pSecurityInfo)
        {
            return m_pSecurityInfo->GetSecureFlags();
        }
        return 0;
    }

    DWORD GetProviderIndex(VOID) const {

        INET_ASSERT(IsSecure());

        return m_dwProviderIndex;
    }

    VOID SetProviderIndex(DWORD dwIndex) {

        INET_ASSERT(IsSecure());

        m_dwProviderIndex = dwIndex;
    }

    BOOL MatchTunnelSemantics(DWORD dwFlags, LPSTR pszHostName = NULL) {
        return (((m_dwFlags & SF_TUNNEL) == (dwFlags & SF_TUNNEL)) ? TRUE : FALSE) &&
               (!pszHostName || 0 == strcmp(m_lpszHostName, pszHostName));
    }


};