You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
202 lines
5.0 KiB
202 lines
5.0 KiB
#ifndef _UCSSLCONTEXT_HXX_
|
|
#define _UCSSLCONTEXT_HXX_
|
|
|
|
|
|
#define UC_SSL_RAW_BUFFER_SIZE (4096)
|
|
#define UC_SSL_NEXT_READ_SIZE (4096)
|
|
#define UC_SSL_APP_BUFFER_SIZE (4096)
|
|
|
|
|
|
#define UC_SERVER_NAME_BUFFER_SIZE 256
|
|
|
|
|
|
#define UC_SSL_ISC_FLAGS ( ISC_RET_EXTENDED_ERROR | \
|
|
ISC_REQ_SEQUENCE_DETECT | \
|
|
ISC_REQ_REPLAY_DETECT | \
|
|
ISC_REQ_CONFIDENTIALITY | \
|
|
ISC_REQ_STREAM | \
|
|
ISC_REQ_ALLOCATE_MEMORY \
|
|
)
|
|
|
|
|
|
|
|
enum UC_SSL_STATE
|
|
{
|
|
UC_SSL_STATE_HANDSHAKE_START = 0,
|
|
UC_SSL_STATE_HANDSHAKE_IN_PROGRESS,
|
|
UC_SSL_STATE_HANDSHAKE_COMPLETE
|
|
};
|
|
|
|
|
|
#define SSL_CONTEXT_FLAG_SYNC 0x1
|
|
#define SSL_CONTEXT_FLAG_ASYNC 0x2
|
|
|
|
|
|
class UC_SSL_STREAM_CONTEXT : public STREAM_CONTEXT
|
|
{
|
|
public:
|
|
|
|
UC_SSL_STREAM_CONTEXT(
|
|
FILTER_CHANNEL_CONTEXT * pUcContext
|
|
);
|
|
|
|
virtual ~UC_SSL_STREAM_CONTEXT();
|
|
|
|
HRESULT
|
|
ProcessRawReadData(
|
|
RAW_STREAM_INFO * pRawStreamInfo,
|
|
BOOL * pfReadMore,
|
|
BOOL * pfComplete
|
|
);
|
|
|
|
HRESULT
|
|
ProcessRawWriteData(
|
|
RAW_STREAM_INFO * pRawStreamInfo,
|
|
BOOL * pfComplete
|
|
);
|
|
|
|
HRESULT
|
|
ProcessNewConnection(
|
|
CONNECTION_INFO * pConnectionInfo,
|
|
ENDPOINT_CONFIG * pEndpointConfig
|
|
);
|
|
|
|
HRESULT
|
|
DoHandshakeCompleted(
|
|
VOID
|
|
);
|
|
|
|
HRESULT
|
|
DoHandshake(
|
|
RAW_STREAM_INFO * pRawStreamInfo,
|
|
BOOL * pfReadMore,
|
|
BOOL * pfComplete,
|
|
BOOL * pfExtraData
|
|
);
|
|
|
|
HRESULT
|
|
DoRenegotiate(
|
|
VOID
|
|
);
|
|
|
|
HRESULT
|
|
DoDecrypt(
|
|
RAW_STREAM_INFO * pRawStreamInfo,
|
|
BOOL * pfReadMore,
|
|
BOOL * pfComplete,
|
|
BOOL * pfExtraData
|
|
);
|
|
|
|
HRESULT
|
|
DoEncrypt(
|
|
RAW_STREAM_INFO * pRawStreamInfo,
|
|
BOOL * pfComplete
|
|
);
|
|
|
|
HRESULT
|
|
BuildServerCertInfo(
|
|
SECURITY_STATUS InfoStatus,
|
|
BOOL fServerCert,
|
|
BOOL fIssuerList
|
|
);
|
|
|
|
HRESULT
|
|
GetServerCert(
|
|
VOID
|
|
);
|
|
|
|
HRESULT
|
|
GetIssuerList(
|
|
VOID
|
|
);
|
|
|
|
HRESULT
|
|
BuildServerCert(
|
|
VOID
|
|
);
|
|
|
|
static
|
|
HRESULT
|
|
Initialize(
|
|
VOID
|
|
);
|
|
|
|
static
|
|
VOID
|
|
Terminate(
|
|
VOID
|
|
);
|
|
|
|
|
|
private:
|
|
|
|
WCHAR _ServerNameBuffer[UC_SERVER_NAME_BUFFER_SIZE];
|
|
PWCHAR _pServerName;
|
|
ULONG _ServerNameLength;
|
|
|
|
DWORD _SslProtocolVersion;
|
|
|
|
//
|
|
// Buffer for sending clear-text data to application
|
|
//
|
|
|
|
SecBufferDesc _EncryptMessage;
|
|
SecBuffer _EncryptBuffers[ 4 ];
|
|
|
|
//
|
|
// The state of the handshake
|
|
//
|
|
|
|
UC_SSL_STATE _sslState;
|
|
|
|
//
|
|
// Buffer to be filled with encrypted data
|
|
//
|
|
|
|
BUFFER _buffRawWrite;
|
|
|
|
//
|
|
// Handshake state information
|
|
//
|
|
|
|
DWORD _cbHeader;
|
|
DWORD _cbTrailer;
|
|
DWORD _cbBlockSize;
|
|
DWORD _cbMaximumMessage;
|
|
DWORD _cbReReadOffset;
|
|
DWORD _cbDecrypted;
|
|
CtxtHandle _hContext;
|
|
BOOL _fValidContext;
|
|
BOOL _fRenegotiate;
|
|
BOOL _fValidClientCred;
|
|
CredHandle _hClientCred;
|
|
|
|
//
|
|
// Handshake SSPI buffers
|
|
//
|
|
|
|
SecBufferDesc _Message;
|
|
SecBuffer _Buffers[ 4 ];
|
|
SecBufferDesc _MessageOut;
|
|
SecBuffer _OutBuffers[ 4 ];
|
|
|
|
//
|
|
// Server certificate related stuff
|
|
//
|
|
PCCERT_CONTEXT _pServerCert;
|
|
PUCHAR _pSerializedCert;
|
|
ULONG _SerializedCertLength;
|
|
PUCHAR _pSerializedStore;
|
|
ULONG _SerializedStoreLength;
|
|
|
|
BOOL _fValidServerCertInfo;
|
|
HTTP_SSL_SERVER_CERT_INFO _ucServerCertInfo;
|
|
ULONG _ValidateServerCertFlag;
|
|
|
|
SecPkgContext_IssuerListInfoEx _IssuerListInfo;
|
|
|
|
// Client certificate
|
|
PCCERT_CONTEXT _pClientCert;
|
|
};
|
|
|
|
#endif
|