archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
2.0 GiB
Tree: daad8a087a
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'daad8a087a'
${ noResults }
windows-xp/Source/XPSP1/NT/ds/security/csps/cryptoflex/slbcsp/adptvcntr.cpp

473 lines
14 KiB
Raw Normal View History

Add source files
4 years ago
  1. // AdptvCntr.cpp -- ADaPTiVe CoNTaineR class implementation
  3. // (c) Copyright Schlumberger Technology Corp., unpublished work, created
  4. // 1999. This computer program includes Confidential, Proprietary
  5. // Information and is a Trade Secret of Schlumberger Technology Corp. All
  6. // use, disclosure, and/or reproduction is prohibited unless authorized
  7. // in writing. All Rights Reserved.
  8. #include "stdafx.h"
  9. #include "NoWarning.h"
  10. #include "ForceLib.h"
  12. #include <vector>
  13. #include <algorithm>
  14. #include <functional>
  16. #include <scuOsExc.h>
  18. #include <cciPriKey.h>
  20. #include "RsaKey.h"
  21. #include "CSpec.h"
  22. #include "HAdptvCntr.h"
  23. #include "Secured.h"
  24. #include "ACntrFinder.h"
  25. #include <scarderr.h>
  26. #include <assert.h>
  28. using namespace std;
  29. using namespace cci;
  31. /////////////////////////// LOCAL/HELPER /////////////////////////////////
  32. namespace
  33. {
  34. // Predicate helper functor (function object) returning true iff
  35. // the container object's name matches the pattern.
  36. class ContainerMatcher
  37. : public unary_function<string, bool>
  38. {
  39. public:
  40. explicit
  41. ContainerMatcher(string const &rsPattern)
  42. : m_sPattern(rsPattern)
  43. {}
  45. bool
  46. operator()(CContainer &rcntr) const
  47. {
  48. return CSpec::Equiv(m_sPattern, rcntr->Name());
  49. }
  52. private:
  53. string const m_sPattern;
  54. };
  56. CContainer
  57. FindOnCard(HCardContext &rhcardctx,
  58. string const &rsContainer)
  59. {
  60. Secured<HCardContext> shcardctx(rhcardctx);
  62. vector<CContainer> vcContainers(shcardctx->Card()->EnumContainers());
  64. vector<CContainer>::const_iterator
  65. ci(find_if(vcContainers.begin(),
  66. vcContainers.end(),
  67. ContainerMatcher(rsContainer)));
  69. CContainer hcntr;
  70. if (vcContainers.end() != ci)
  71. hcntr = *ci;
  73. return hcntr;
  74. }
  76. } // namespace
  79. /////////////////////////// PUBLIC /////////////////////////////////
  81. // Types
  82. // C'tors/D'tors
  83. // Operators
  84. // Operations
  85. void
  86. AdaptiveContainer::ClearCache()
  87. {
  88. m_hcntr = 0;
  89. }
  91. // Access
  92. CContainer
  93. AdaptiveContainer::TheCContainer()
  94. {
  96. if (!m_hcntr)
  97. {
  98. RefreshContainer();
  99. if (!m_hcntr)
  100. {
  101. Discard(*m_hacKey);
  102. throw scu::OsException(NTE_BAD_KEYSET);
  103. }
  104. }
  106. return m_hcntr;
  107. }
  109. HCardContext
  110. AdaptiveContainer::CardContext(bool bReconnect)
  111. {
  112. if(bReconnect)
  113. {
  114. if(m_fValidContext)
  115. {
  116. try
  117. {
  118. //Verify that the card context is good
  119. Retained<HCardContext>(m_hacKey->CardContext());
  120. }
  121. catch(scu::OsException const &rExc)
  122. {
  123. ReconnectOnError(rExc, Retained<HCardContext>(0));
  124. }
  125. }
  126. else
  127. {
  128. scu::OsException Exc(SCARD_W_REMOVED_CARD);
  129. ReconnectOnError(Exc, Retained<HCardContext>(0));
  130. }
  131. }
  133. return m_hacKey->CardContext();
  134. }
  136. AdaptiveContainer::EnrolleeType
  137. AdaptiveContainer::Find(AdaptiveContainerKey const &rKey)
  138. {
  139. // Take a lazy approach to finding the container. If it wasn't
  140. // first found in the registry but exists on the card, then make
  141. // an instance.
  142. EnrolleeType enrollee = AdaptiveContainerRegistrar::Find(rKey);
  143. if (!enrollee)
  144. {
  145. // See if it exists on the card
  146. CContainer hcntr(FindOnCard(rKey.CardContext(),
  147. rKey.ContainerName()));
  148. if (hcntr)
  149. enrollee = Instance(rKey);
  150. }
  152. return enrollee;
  153. }
  155. string
  156. AdaptiveContainer::Name() const
  157. {
  158. return m_hacKey->ContainerName();
  159. }
  161. void
  162. AdaptiveContainer::NullifyCard()
  163. {
  164. Guarded<Lockable *> guard(&AdaptiveContainerRegistrar::Registry()); // serialize registry access
  166. AdaptiveContainerKey aKey(*m_hacKey);
  167. m_hacKey->ClearCardContext();
  168. Enroll(*m_hacKey, this);
  169. Discard(aKey);
  170. Expire();
  171. }
  173. // Predicates
  174. // Static Variables
  176. /////////////////////////// PROTECTED /////////////////////////////////
  178. // C'tors/D'tors
  179. AdaptiveContainer::AdaptiveContainer(AdaptiveContainerKey const &rKey)
  180. : Lockable(),
  181. Securable(),
  182. AdaptiveContainerRegistrar(rKey),
  183. m_hacKey(HAdaptiveContainerKey(new AdaptiveContainerKey(rKey))),
  184. m_stkRetainedCardContexts(),
  185. m_stkSecuredCardContexts(),
  186. m_fValidContext(false)
  187. {
  188. Secured<HCardContext> shcardctx(m_hacKey->CardContext());
  190. RefreshContainer();
  192. // Create the container if it doesn't exist on the card.
  193. if (!m_hcntr)
  194. {
  195. // To make native Windows (pure CAPI) environment more robust,
  196. // test that there is enough room for a private key before
  197. // creating the container.
  198. CCard hcard(shcardctx->Card());
  199. if (!hcard->IsPKCS11Enabled())
  200. {
  201. CPrivateKey hprikey(hcard);
  203. CPrivateKeyBlob prikb;
  205. // Divide by 2 since the key info is divided in the structures.
  206. prikb.bPLen = prikb.bQLen = prikb.bInvQLen =
  207. prikb.bKsecModQLen = prikb.bKsecModPLen =
  208. InOctets(KeyLimits<RsaKey>::cMaxStrength) / 2;
  210. // Now test there is a key slot available by trying to
  211. // allocate a key slot on the card. If there isn't enough
  212. // space or some other failure occurs, then try to delete
  213. // the new key (ignoring any exception that occurs during
  214. // the delete), then throw the original exception.
  215. try
  216. {
  218. hprikey->Value(prikb); // actually alloc's
  219. // key slot
  220. }
  222. catch (...)
  223. {
  224. try
  225. {
  226. hprikey->Delete(); // cleanup after
  227. // test
  228. }
  229. catch (...)
  230. {
  231. }
  233. throw; // throw original error
  234. }
  236. // There's key space available, so delete the test key.
  237. hprikey->Delete();
  238. hprikey = 0;
  239. }
  241. m_hcntr = CContainer(hcard);
  242. m_hcntr->Name(rKey.ContainerName());
  244. }
  245. }
  247. AdaptiveContainer::~AdaptiveContainer()
  248. {}
  250. // Operators
  251. // Operations
  252. void
  253. AdaptiveContainer::ClearCardContext()
  254. {
  255. m_hacKey->ClearCardContext();
  256. }
  258. void
  259. AdaptiveContainer::DiscardHook()
  260. {
  261. Expire();
  262. RemoveReference();
  263. }
  265. AdaptiveContainer::EnrolleeType
  266. AdaptiveContainer::DoInstantiation(AdaptiveContainerKey const &rKey)
  267. {
  268. return new AdaptiveContainer(rKey);
  269. }
  271. void
  272. AdaptiveContainer::EnrollHook()
  273. {
  274. AddReference();
  275. m_fValidContext = true;
  276. }
  278. // Access
  279. // Predicates
  280. bool
  281. AdaptiveContainer::KeepEnrolled()
  282. {
  283. bool fKeep = true;
  285. try
  286. {
  287. RefreshContainer();
  288. }
  290. catch (...)
  291. {
  292. fKeep = false;
  293. }
  295. return fKeep;
  296. }
  298. void
  299. AdaptiveContainer::ReconnectOnError(scu::OsException const &rExc,
  300. Retained<HCardContext> &rhcardctx)
  301. {
  302. rhcardctx = Retained<HCardContext>(0);
  303. if ((rExc.Cause() == SCARD_W_REMOVED_CARD
  304. || rExc.Cause() == ERROR_BROKEN_PIPE
  305. || rExc.Cause() == SCARD_E_SERVICE_STOPPED
  306. || rExc.Cause() == SCARD_E_NO_SERVICE
  307. || rExc.Cause() == SCARD_E_READER_UNAVAILABLE) && m_hacKey)
  308. {
  309. //Handle the case of card removed by trying to
  310. //determine if the card has been re-inserted in
  311. //any of the available readers. If so, reconnect
  312. //silently
  314. // Declared here to remain in scope for CntrFinder
  315. // destructor in case of an exception...some anomaly that's as
  316. // yet unexplained.
  317. CString sEmptyWinTitle;
  318. try
  319. {
  320. //Find, adapt, and enroll it properly
  321. //First, discard the old card context before acquiring
  322. //a new one. This is essential in order to avoid
  323. //resource mgr hangup.
  324. Guarded<Lockable *> guard(&AdaptiveContainerRegistrar::Registry()); // serialize registry access
  325. std::string sContainerName(m_hacKey->ContainerName());
  326. RemoveEnrollee(*m_hacKey);
  327. Expire();
  328. ContainerFinder CntrFinder(CardFinder::DialogDisplayMode::ddmNever,
  329. 0,//window handle
  330. sEmptyWinTitle);
  331. //Don't know the reader where the card may be in.
  332. //Use a non fully qualified name to look for the card.
  333. CSpec cspec(string(), sContainerName);
  334. HContainer hcntr = CntrFinder.Find(cspec);
  335. m_hcntr = hcntr->TheCContainer();
  336. m_hacKey = CntrFinder.MakeAdaptiveContainerKey();
  337. m_fValidContext = true;
  338. InsertEnrollee(*m_hacKey, this);
  339. rhcardctx =
  340. Retained<HCardContext>(m_hacKey->CardContext());
  341. }
  342. catch(...)
  343. {
  344. //Didn't work. Apparently the card is gone
  345. //permanently for the duration of this session.
  346. //Cleanup and raise the original exception...
  347. Expire();
  348. rExc.Raise();
  349. }
  350. }
  351. else
  352. {
  353. //Cannot handle this exception. Let the system handle it
  354. rExc.Raise();
  355. }
  356. }
  359. // Static Variables
  362. /////////////////////////// PRIVATE /////////////////////////////////
  364. // C'tors/D'tors
  365. // Operators
  366. // Operations
  367. void
  368. AdaptiveContainer::Abandon()
  369. {
  370. // Simplifying assumptions: (1) Abandon is only called by the
  371. // Secured destructor, (2) once the object is constructed, Secure
  372. // and Abandon are the only routines that access
  373. // m_stkSecuredCardContexts, and (3) Abandon is called by a thread
  374. // within the scope of a Retain (e.g. using Retained) which the
  375. // Secured class enforces. Because of (1) and (2), an underflow
  376. // check on m_stkSecuredCardContexts is not necessary since Secure
  377. // will have already been called. Because of (3), protection
  378. // against race conditions accessing m_stkSecuredCardContexts
  379. // isn't necessary since Retain acts as a lock.
  380. m_stkSecuredCardContexts.pop_front();
  381. }
  383. void
  384. AdaptiveContainer::Expire()
  385. {
  386. // allow the resources to be released so that other resources can
  387. // be acquired that may have a dependency (e.g. releasing the
  388. // container's card context so that another card context can be
  389. // acquired later on the same reader without the RM blocking).
  390. m_fValidContext = false;
  391. m_hacKey->ClearCardContext();
  392. ClearCache();
  393. }
  395. void
  396. AdaptiveContainer::RefreshContainer()
  397. {
  398. if(m_hacKey->CardContext())
  399. {
  400. try
  401. {
  402. m_hcntr = FindOnCard(m_hacKey->CardContext(),
  403. m_hacKey->ContainerName());
  404. }
  405. catch(scu::OsException const &rExc)
  406. {
  407. ReconnectOnError(rExc, Retained<HCardContext>(0));
  408. }
  409. }
  410. else
  411. {
  412. scu::OsException Exc(SCARD_W_REMOVED_CARD);
  413. ReconnectOnError(Exc, Retained<HCardContext>(0));
  414. }
  415. }
  417. void
  418. AdaptiveContainer::Relinquish()
  419. {
  420. // Simplifying assumptions: (1) Relinquish is only called by the
  421. // Retained destructor and (2) once the object is constructed,
  422. // Retain and Relinquish are the only routines that access the
  423. // m_stkRetainedCardContexts. Because of (1) and (2), an
  424. // underflow check on m_stkRetainedCardContexts is not necessary
  425. // since Retain will have already been called.
  427. // Note: Retained<HCardContext> acts as a lock protecting against
  428. // race conditions updating m_stkRetainedCardContexts.
  429. Retained<HCardContext> hrcc(m_stkRetainedCardContexts.front());
  431. m_stkRetainedCardContexts.pop_front();
  432. }
  434. void
  435. AdaptiveContainer::Retain()
  436. {
  437. // Simplifying assumptions: (1) Retain is only called by the
  438. // Retained constructor and (2) once the object is constructed,
  439. // Retain and Relinquish are the only routines that access the
  440. // m_stkRetainedCardContexts. Because of (1) and (2), an
  441. // underflow check on m_stkRetainedCardContexts is not necessary
  442. // since Retain will have already been called.
  443. Retained<HCardContext> rhcardctx;
  444. try
  445. {
  446. rhcardctx = Retained<HCardContext>(m_hacKey->CardContext());
  447. }
  449. catch(scu::OsException const &rExc)
  450. {
  451. ReconnectOnError(rExc, rhcardctx);
  452. }
  454. m_stkRetainedCardContexts.push_front(rhcardctx);
  455. }
  457. void
  458. AdaptiveContainer::Secure()
  459. {
  460. // Simplifying assumptions: (1) Secure is always called by a
  461. // thread within the scope of a Retain (e.g. using Retained). The
  462. // Secured template enforces this allowing Retain to act as a lock
  463. // to prevent race conditions updating
  464. // m_stkSecuredCardContexts. (2) Once the object is constructed,
  465. // Secure and Abandon are the only routines that access
  466. // m_stkSecuredCardContexts.
  467. m_stkSecuredCardContexts.push_front(Secured<HCardContext>(m_hacKey->CardContext()));
  468. }
  471. // Access
  472. // Predicates
  473. // Static Variables