internal SslCredKey(byte[] thumbPrint, SchProtocols allowedProtocols, EncryptionPolicy encryptionPolicy)
     this._CertThumbPrint = (thumbPrint == null) ? s_EmptyArray : thumbPrint;
     this._HashCode = 0;
     if (thumbPrint != null)
         this._HashCode ^= this._CertThumbPrint[0];
         if (1 < this._CertThumbPrint.Length)
             this._HashCode ^= this._CertThumbPrint[1] << 8;
         if (2 < this._CertThumbPrint.Length)
             this._HashCode ^= this._CertThumbPrint[2] << 0x10;
         if (3 < this._CertThumbPrint.Length)
             this._HashCode ^= this._CertThumbPrint[3] << 0x18;
     this._HashCode ^= allowedProtocols;
     this._HashCode ^= encryptionPolicy;
     this._AllowedProtocols = allowedProtocols;
     this._EncryptionPolicy = encryptionPolicy;
Ejemplo n.º 2
 internal SecureChannel(string hostname, bool serverMode, SchProtocols protocolFlags, X509Certificate serverCertificate, X509CertificateCollection clientCertificates, bool remoteCertRequired, bool checkCertName, bool checkCertRevocationStatus, EncryptionPolicy encryptionPolicy, LocalCertSelectionCallback certSelectionDelegate)
     if (Logging.On)
         Logging.PrintInfo(Logging.Web, this, ".ctor", string.Concat(new object[] { "hostname=", hostname, ", #clientCertificates=", (clientCertificates == null) ? "0" : clientCertificates.Count.ToString(NumberFormatInfo.InvariantInfo), ", encryptionPolicy=", encryptionPolicy }));
     SSPIWrapper.GetVerifyPackageInfo(GlobalSSPI.SSPISecureChannel, "Microsoft Unified Security Protocol Provider", true);
     if (ComNetOS.IsWin9x && (clientCertificates.Count > 0))
         this.m_Destination = hostname + "+" + clientCertificates.GetHashCode();
         this.m_Destination = hostname;
     this.m_HostName   = hostname;
     this.m_ServerMode = serverMode;
     if (serverMode)
         this.m_ProtocolFlags = protocolFlags & SchProtocols.ServerMask;
         this.m_ProtocolFlags = protocolFlags & SchProtocols.ClientMask;
     this.m_ServerCertificate       = serverCertificate;
     this.m_ClientCertificates      = clientCertificates;
     this.m_RemoteCertRequired      = remoteCertRequired;
     this.m_SecurityContext         = null;
     this.m_CheckCertRevocation     = checkCertRevocationStatus;
     this.m_CheckCertName           = checkCertName;
     this.m_CertSelectionDelegate   = certSelectionDelegate;
     this.m_RefreshCredentialNeeded = true;
     this.m_EncryptionPolicy        = encryptionPolicy;
 public SecureCredential(int version, X509Certificate certificate, Flags flags, SchProtocols protocols, EncryptionPolicy policy)
     this.rootStore = this.phMappers = this.palgSupportedAlgs = this.certContextArray = IntPtr.Zero;
     this.cCreds = this.cMappers = this.cSupportedAlgs = 0;
     if (policy == EncryptionPolicy.RequireEncryption)
         this.dwMinimumCipherStrength = 0;
         this.dwMaximumCipherStrength = 0;
     else if (policy == EncryptionPolicy.AllowNoEncryption)
         this.dwMinimumCipherStrength = -1;
         this.dwMaximumCipherStrength = 0;
         if (policy != EncryptionPolicy.NoEncryption)
             throw new ArgumentException(SR.GetString("net_invalid_enum", new object[] { "EncryptionPolicy" }), "policy");
         this.dwMinimumCipherStrength = -1;
         this.dwMaximumCipherStrength = -1;
     this.dwSessionLifespan = this.reserved = 0;
     this.version = version;
     this.dwFlags = flags;
     this.grbitEnabledProtocols = protocols;
     if (certificate != null)
         this.certContextArray = certificate.Handle;
         this.cCreds = 1;
Ejemplo n.º 4
 /// <summary>
 /// Client side ctor
 /// </summary>
 public TlsSspiNegotiation(
     string destination,
     SchProtocols protocolFlags,
     X509Certificate2 clientCertificate) :
     this(destination, false, protocolFlags, null, clientCertificate, false)
 internal SslCredKey(byte[] thumbPrint, SchProtocols allowedProtocols, EncryptionPolicy encryptionPolicy)
     this._CertThumbPrint = (thumbPrint == null) ? s_EmptyArray : thumbPrint;
     this._HashCode       = 0;
     if (thumbPrint != null)
         this._HashCode ^= this._CertThumbPrint[0];
         if (1 < this._CertThumbPrint.Length)
             this._HashCode ^= this._CertThumbPrint[1] << 8;
         if (2 < this._CertThumbPrint.Length)
             this._HashCode ^= this._CertThumbPrint[2] << 0x10;
         if (3 < this._CertThumbPrint.Length)
             this._HashCode ^= this._CertThumbPrint[3] << 0x18;
     this._HashCode        ^= allowedProtocols;
     this._HashCode        ^= encryptionPolicy;
     this._AllowedProtocols = allowedProtocols;
     this._EncryptionPolicy = encryptionPolicy;
Ejemplo n.º 6
        internal SecureChannel(string hostname, bool serverMode, SchProtocols protocolFlags, X509Certificate serverCertificate, X509CertificateCollection clientCertificates, bool remoteCertRequired, bool checkCertName, 
                                                  bool checkCertRevocationStatus, EncryptionPolicy encryptionPolicy, LocalCertSelectionCallback certSelectionDelegate)
            GlobalLog.Enter("SecureChannel#" + ValidationHelper.HashString(this) + "::.ctor", "hostname:" + hostname + " #clientCertificates=" + ((clientCertificates == null) ? "0" : clientCertificates.Count.ToString(NumberFormatInfo.InvariantInfo)));
            if (Logging.On) Logging.PrintInfo(Logging.Web, this, ".ctor", "hostname=" + hostname + ", #clientCertificates=" + ((clientCertificates == null) ? "0" : clientCertificates.Count.ToString(NumberFormatInfo.InvariantInfo)) + ", encryptionPolicy=" + encryptionPolicy);
            SSPIWrapper.GetVerifyPackageInfo(GlobalSSPI.SSPISecureChannel, SecurityPackage, true);

            m_Destination = hostname;

            GlobalLog.Assert(hostname != null, "SecureChannel#{0}::.ctor()|hostname == null", ValidationHelper.HashString(this));
            m_HostName = hostname;
            m_ServerMode = serverMode;

            if (serverMode)
                m_ProtocolFlags = (protocolFlags & SchProtocols.ServerMask);
                m_ProtocolFlags = (protocolFlags & SchProtocols.ClientMask);

            m_ServerCertificate = serverCertificate;
            m_ClientCertificates = clientCertificates;
            m_RemoteCertRequired = remoteCertRequired;
            m_SecurityContext = null;
            m_CheckCertRevocation = checkCertRevocationStatus;
            m_CheckCertName = checkCertName;
            m_CertSelectionDelegate = certSelectionDelegate;
            m_RefreshCredentialNeeded = true;
            m_EncryptionPolicy = encryptionPolicy;
            GlobalLog.Leave("SecureChannel#" + ValidationHelper.HashString(this) + "::.ctor");
 internal SecureChannel(string hostname, bool serverMode, SchProtocols protocolFlags, X509Certificate serverCertificate, X509CertificateCollection clientCertificates, bool remoteCertRequired, bool checkCertName, bool checkCertRevocationStatus, EncryptionPolicy encryptionPolicy, LocalCertSelectionCallback certSelectionDelegate)
     if (Logging.On)
         Logging.PrintInfo(Logging.Web, this, ".ctor", string.Concat(new object[] { "hostname=", hostname, ", #clientCertificates=", (clientCertificates == null) ? "0" : clientCertificates.Count.ToString(NumberFormatInfo.InvariantInfo), ", encryptionPolicy=", encryptionPolicy }));
     SSPIWrapper.GetVerifyPackageInfo(GlobalSSPI.SSPISecureChannel, "Microsoft Unified Security Protocol Provider", true);
     if (ComNetOS.IsWin9x && (clientCertificates.Count > 0))
         this.m_Destination = hostname + "+" + clientCertificates.GetHashCode();
         this.m_Destination = hostname;
     this.m_HostName = hostname;
     this.m_ServerMode = serverMode;
     if (serverMode)
         this.m_ProtocolFlags = protocolFlags & SchProtocols.ServerMask;
         this.m_ProtocolFlags = protocolFlags & SchProtocols.ClientMask;
     this.m_ServerCertificate = serverCertificate;
     this.m_ClientCertificates = clientCertificates;
     this.m_RemoteCertRequired = remoteCertRequired;
     this.m_SecurityContext = null;
     this.m_CheckCertRevocation = checkCertRevocationStatus;
     this.m_CheckCertName = checkCertName;
     this.m_CertSelectionDelegate = certSelectionDelegate;
     this.m_RefreshCredentialNeeded = true;
     this.m_EncryptionPolicy = encryptionPolicy;
Ejemplo n.º 8
 public SecureCredential(int version, X509Certificate2 certificate, SecureCredential.Flags flags, SchProtocols protocols, EncryptionPolicy policy)
     this.version     = version;
     this.certificate = certificate;
     this.protocols   = protocols;
     this.policy      = policy;
Ejemplo n.º 9
 public SecureCredential(int version, X509Certificate certificate, Flags flags, SchProtocols protocols, EncryptionPolicy policy)
     this.rootStore = this.phMappers = this.palgSupportedAlgs = this.certContextArray = IntPtr.Zero;
     this.cCreds    = this.cMappers = this.cSupportedAlgs = 0;
     if (policy == EncryptionPolicy.RequireEncryption)
         this.dwMinimumCipherStrength = 0;
         this.dwMaximumCipherStrength = 0;
     else if (policy == EncryptionPolicy.AllowNoEncryption)
         this.dwMinimumCipherStrength = -1;
         this.dwMaximumCipherStrength = 0;
         if (policy != EncryptionPolicy.NoEncryption)
             throw new ArgumentException(SR.GetString("net_invalid_enum", new object[] { "EncryptionPolicy" }), "policy");
         this.dwMinimumCipherStrength = -1;
         this.dwMaximumCipherStrength = -1;
     this.dwSessionLifespan     = this.reserved = 0;
     this.version               = version;
     this.dwFlags               = flags;
     this.grbitEnabledProtocols = protocols;
     if (certificate != null)
         this.certContextArray = certificate.Handle;
         this.cCreds           = 1;
 // SECURITY: X509Certificate.GetCertHash() is virtual hence before going here
 //           the caller of this ctor has to ensure that a user cert object was inspected and
 //           optionally cloned.
 internal SslCredKey(byte[] thumbPrint, SchProtocols allowedProtocols, EncryptionPolicy encryptionPolicy)
     _CertThumbPrint = thumbPrint == null? s_EmptyArray: thumbPrint;
     _HashCode       = 0;
     if (thumbPrint != null)
         _HashCode ^= _CertThumbPrint[0];
         if (1 < _CertThumbPrint.Length)
             _HashCode ^= (_CertThumbPrint[1] << 8);
         if (2 < _CertThumbPrint.Length)
             _HashCode ^= (_CertThumbPrint[2] << 16);
         if (3 < _CertThumbPrint.Length)
             _HashCode ^= (_CertThumbPrint[3] << 24);
     _HashCode        ^= (int)allowedProtocols;
     _HashCode        ^= (int)encryptionPolicy;
     _AllowedProtocols = allowedProtocols;
     _EncryptionPolicy = encryptionPolicy;
Ejemplo n.º 11
 /// <summary>
 /// Server side ctor
 /// </summary>
 public TlsSspiNegotiation(
     SchProtocols protocolFlags,
     X509Certificate2 serverCertificate,
     bool clientCertRequired) :
     this(null, true, protocolFlags, serverCertificate, null, clientCertRequired)
Ejemplo n.º 12
		internal static SSPIInterface Create (string hostname, bool serverMode, SchProtocols protocolFlags, X509Certificate serverCertificate, X509CertificateCollection clientCertificates,
		                                           bool remoteCertRequired, bool checkCertName, bool checkCertRevocationStatus, EncryptionPolicy encryptionPolicy,
		                                           LocalCertSelectionCallback certSelectionDelegate, RemoteCertValidationCallback remoteValidationCallback, SSPIConfiguration userConfig)
			if (userConfig.Settings != null && remoteValidationCallback != null)
				throw new InvalidOperationException ();
			var context = userConfig.Provider.CreateTlsContext (
				hostname, serverMode, (TlsProtocols)protocolFlags, serverCertificate, clientCertificates,
				remoteCertRequired, checkCertName, checkCertRevocationStatus,
				(MonoEncryptionPolicy)encryptionPolicy, userConfig.Settings);
			return new SSPIInterface (context, userConfig.EventSink);
 internal static SafeFreeCredentials TryCachedCredential(byte[] thumbPrint, SchProtocols allowedProtocols, EncryptionPolicy encryptionPolicy)
     if (s_CachedCreds.Count != 0)
         object obj2 = new SslCredKey(thumbPrint, allowedProtocols, encryptionPolicy);
         SafeCredentialReference reference = s_CachedCreds[obj2] as SafeCredentialReference;
         if (((reference != null) && !reference.IsClosed) && !reference._Target.IsInvalid)
 internal static SafeFreeCredentials TryCachedCredential(byte[] thumbPrint, SchProtocols allowedProtocols, EncryptionPolicy encryptionPolicy)
     if (s_CachedCreds.Count != 0)
         object obj2 = new SslCredKey(thumbPrint, allowedProtocols, encryptionPolicy);
         SafeCredentialReference reference = s_CachedCreds[obj2] as SafeCredentialReference;
         if (((reference != null) && !reference.IsClosed) && !reference._Target.IsInvalid)
             return reference._Target;
     return null;
        private TlsSspiNegotiation(
            string destination,
            bool isServer,
            SchProtocols protocolFlags,
            X509Certificate2 serverCertificate,
            X509Certificate2 clientCertificate,
            bool clientCertRequired)
            this.destination = destination;
            this.isServer = isServer;
            this.protocolFlags = protocolFlags;
            this.serverCertificate = serverCertificate;
            this.clientCertificate = clientCertificate;
            this.clientCertRequired = clientCertRequired;
            this.securityContext = null;
            if (isServer)
            if (this.isServer)
                // This retry is to address intermittent failure when accessing private key (MB56153)
                catch (Win32Exception ex)
                    if (ex.NativeErrorCode != (int)SecurityStatus.UnknownCredential)

                    DiagnosticUtility.TraceHandledException(ex, TraceEventType.Information);

                    // Yield
                // delay client credentials presenting till they are asked for
Ejemplo n.º 16
        private TlsSspiNegotiation(
            string destination,
            bool isServer,
            SchProtocols protocolFlags,
            X509Certificate2 serverCertificate,
            X509Certificate2 clientCertificate,
            bool clientCertRequired)
            this.destination        = destination;
            this.isServer           = isServer;
            this.protocolFlags      = protocolFlags;
            this.serverCertificate  = serverCertificate;
            this.clientCertificate  = clientCertificate;
            this.clientCertRequired = clientCertRequired;
            this.securityContext    = null;
            if (isServer)
            if (this.isServer)
                // This retry is to address intermittent failure when accessing private key (MB56153)
                catch (Win32Exception ex)
                    if (ex.NativeErrorCode != (int)SecurityStatus.UnknownCredential)

                    DiagnosticUtility.TraceHandledException(ex, TraceEventType.Information);

                    // Yield
                // delay client credentials presenting till they are asked for
 public SecureCredential(int version, X509Certificate2 certificate, Flags flags, SchProtocols protocols)
     this.rootStore = this.phMappers = this.palgSupportedAlgs = this.certContextArray = IntPtr.Zero;
     this.cCreds    = this.cMappers = this.cSupportedAlgs = 0;
     this.dwMinimumCipherStrength = this.dwMaximumCipherStrength = 0;
     this.dwSessionLifespan       = this.reserved = 0;
     this.version = version;
     this.dwFlags = flags;
     this.grbitEnabledProtocols = protocols;
     if (certificate != null)
         this.certContextArray = certificate.Handle;
         this.cCreds           = 1;
Ejemplo n.º 18
        internal static SSPIInterface Create(string hostname, bool serverMode, SchProtocols protocolFlags, X509Certificate serverCertificate, XX509CertificateCollection clientCertificates,
                                             bool remoteCertRequired, bool checkCertName, bool checkCertRevocationStatus, EncryptionPolicy encryptionPolicy,
                                             LocalCertSelectionCallback certSelectionDelegate, RemoteCertValidationCallback remoteValidationCallback, SSPIConfiguration userConfig)
            if (userConfig.Settings != null && remoteValidationCallback != null)
                throw new InvalidOperationException();
            var context = userConfig.Provider.CreateTlsContext(
                hostname, serverMode, (TlsProtocols)protocolFlags, serverCertificate, clientCertificates,
                remoteCertRequired, checkCertName, checkCertRevocationStatus,
                (MonoEncryptionPolicy)encryptionPolicy, userConfig.Settings);

            return(new SSPIInterface(context, userConfig.EventSink));
 public SecureCredential(int version, X509Certificate2 certificate, Flags flags, SchProtocols protocols)
     this.rootStore = this.phMappers = this.palgSupportedAlgs = this.certContextArray = IntPtr.Zero;
     this.cCreds = this.cMappers = this.cSupportedAlgs = 0;
     this.dwMinimumCipherStrength = this.dwMaximumCipherStrength = 0;
     this.dwSessionLifespan = this.reserved = 0;
     this.version = version;
     this.dwFlags = flags;
     this.grbitEnabledProtocols = protocols;
     if (certificate != null)
         this.certContextArray = certificate.Handle;
         this.cCreds = 1;
Ejemplo n.º 20
 public SchannelCred(int version1, X509Certificate certificate, SchannelCred.Flags flags, SchProtocols protocols)
     this.paCreds1  = IntPtr.Zero;
     this.rootStore = (this.phMappers = (this.palgSupportedAlgs = IntPtr.Zero));
     this.cCreds    = (this.cMappers = (this.cSupportedAlgs = 0));
     this.dwMinimumCipherStrength = (this.dwMaximumCipherStrength = 0);
     this.dwSessionLifespan       = (this.reserved = 0);
     this.version = version1;
     this.dwFlags = flags;
     this.grbitEnabledProtocols = protocols;
     if (certificate != null)
         this.paCreds1 = certificate.Handle;
         this.cCreds   = 1;
Ejemplo n.º 21
 public SchannelCred(int version1, X509Certificate certificate, Flags flags, SchProtocols protocols)
     paCreds1  = IntPtr.Zero;
     rootStore = phMappers = palgSupportedAlgs = IntPtr.Zero;
     cCreds    = cMappers = cSupportedAlgs = 0;
     dwMinimumCipherStrength = dwMaximumCipherStrength = 0;
     dwSessionLifespan       = reserved = 0;
     version = version1;
     dwFlags = flags;
     grbitEnabledProtocols = protocols;
     if (certificate != null)
         paCreds1 = certificate.Handle;
         cCreds   = 1;
 // SECURITY: X509Certificate.GetCertHash() is virtual hence before going here
 //           the caller of this ctor has to ensure that a user cert object was inspected and
 //           optionally cloned.
 internal  SslCredKey(byte[] thumbPrint, SchProtocols allowedProtocols)
     _CertThumbPrint = thumbPrint == null? s_EmptyArray: thumbPrint;
     _HashCode = 0;
     if (thumbPrint != null)
         _HashCode ^= _CertThumbPrint[0];
         if (1 < _CertThumbPrint.Length)
             _HashCode ^= (_CertThumbPrint[1] << 8);
         if (2 < _CertThumbPrint.Length)
             _HashCode ^= (_CertThumbPrint[2] << 16);
         if (3 < _CertThumbPrint.Length)
             _HashCode ^= (_CertThumbPrint[3] << 24);
     _AllowedProtocols = allowedProtocols;
     _HashCode ^= (int)_AllowedProtocols;
 internal static void CacheCredential(SafeFreeCredentials creds, byte[] thumbPrint, SchProtocols allowedProtocols, EncryptionPolicy encryptionPolicy)
     if (!creds.IsInvalid)
         object obj2 = new SslCredKey(thumbPrint, allowedProtocols, encryptionPolicy);
         SafeCredentialReference reference = s_CachedCreds[obj2] as SafeCredentialReference;
         if (((reference == null) || reference.IsClosed) || reference._Target.IsInvalid)
             lock (s_CachedCreds)
                 reference = s_CachedCreds[obj2] as SafeCredentialReference;
                 if ((reference == null) || reference.IsClosed)
                     reference = SafeCredentialReference.CreateReference(creds);
                     if (reference != null)
                         s_CachedCreds[obj2] = reference;
                         if ((s_CachedCreds.Count % 0x20) == 0)
                             DictionaryEntry[] array = new DictionaryEntry[s_CachedCreds.Count];
                             s_CachedCreds.CopyTo(array, 0);
                             for (int i = 0; i < array.Length; i++)
                                 reference = array[i].Value as SafeCredentialReference;
                                 if (reference != null)
                                     creds = reference._Target;
                                     if ((!creds.IsClosed && !creds.IsInvalid) && ((reference = SafeCredentialReference.CreateReference(creds)) != null))
                                         s_CachedCreds[array[i].Key] = reference;
Ejemplo n.º 24
        public SecureCredential(int version, X509Certificate2 certificate,
                                SecureCredential.Flags flags, SchProtocols protocols)
            //Setting default values
            rootStore = phMappers = palgSupportedAlgs = certContextArray = IntPtr.Zero;
            cCreds    = cMappers = cSupportedAlgs = 0;
            dwMinimumCipherStrength = dwMaximumCipherStrength = 0;
            dwSessionLifespan       = reserved = 0;

            this.version          = version;
            dwFlags               = flags;
            grbitEnabledProtocols = protocols;
            if (certificate != null)
                certContextArray = certificate.Handle;
                cCreds           = 1;
 private TlsSspiNegotiation(string destination, bool isServer, SchProtocols protocolFlags, X509Certificate2 serverCertificate, X509Certificate2 clientCertificate, bool clientCertRequired)
     this.syncObject = new object();
     SspiWrapper.GetVerifyPackageInfo("Microsoft Unified Security Protocol Provider");
     this.destination = destination;
     this.isServer = isServer;
     this.protocolFlags = protocolFlags;
     this.serverCertificate = serverCertificate;
     this.clientCertificate = clientCertificate;
     this.clientCertRequired = clientCertRequired;
     this.securityContext = null;
     if (isServer)
     if (this.isServer)
         catch (Win32Exception exception)
             if (exception.NativeErrorCode != -2146893043)
             if (System.ServiceModel.DiagnosticUtility.ShouldTraceInformation)
                 System.ServiceModel.DiagnosticUtility.ExceptionUtility.TraceHandledException(exception, TraceEventType.Information);
 private TlsSspiNegotiation(string destination, bool isServer, SchProtocols protocolFlags, X509Certificate2 serverCertificate, X509Certificate2 clientCertificate, bool clientCertRequired)
     this.syncObject = new object();
     SspiWrapper.GetVerifyPackageInfo("Microsoft Unified Security Protocol Provider");
     this.destination        = destination;
     this.isServer           = isServer;
     this.protocolFlags      = protocolFlags;
     this.serverCertificate  = serverCertificate;
     this.clientCertificate  = clientCertificate;
     this.clientCertRequired = clientCertRequired;
     this.securityContext    = null;
     if (isServer)
     if (this.isServer)
         catch (Win32Exception exception)
             if (exception.NativeErrorCode != -2146893043)
             if (System.ServiceModel.DiagnosticUtility.ShouldTraceInformation)
                 System.ServiceModel.DiagnosticUtility.ExceptionUtility.TraceHandledException(exception, TraceEventType.Information);
        // Returns null or previously cached cred handle
        // ATTN: The returned handle can be invalid, the callers of InitializeSecurityContext and AcceptSecurityContext
        // must be prepared to execute a backout code if the call fails.
        // Note:thumbPrint is a cryptographicaly strong hash of a certificate
        internal static SafeFreeCredentials TryCachedCredential(byte[] thumbPrint, SchProtocols allowedProtocols, EncryptionPolicy encryptionPolicy)
            if (s_CachedCreds.Count == 0)
                GlobalLog.Print("TryCachedCredential() Not Found, Current Cache Count = " + s_CachedCreds.Count);

            object key = new SslCredKey(thumbPrint, allowedProtocols, encryptionPolicy);

            SafeCredentialReference cached = s_CachedCreds[key] as SafeCredentialReference;

            if (cached == null || cached.IsClosed || cached._Target.IsInvalid)
                GlobalLog.Print("TryCachedCredential() Not Found, Current Cache Count = " + s_CachedCreds.Count);

            GlobalLog.Print("TryCachedCredential() Found a cached Handle = " + cached._Target.ToString());

 /// <summary>
 /// Server side ctor
 /// </summary>
 public TlsSspiNegotiation(
     SchProtocols protocolFlags,
     X509Certificate2 serverCertificate,
     bool clientCertRequired) :
     this(null, true, protocolFlags, serverCertificate, null, clientCertRequired)
 { }
 /// <summary>
 /// Client side ctor
 /// </summary>
 public TlsSspiNegotiation(
     string destination,
     SchProtocols protocolFlags,
     X509Certificate2 clientCertificate) :
     this(destination, false, protocolFlags, null, clientCertificate, false)
 { }
        // The app is calling this method after starting an SSL handshake.
        // ATTN: The thumbPrint must be from inspected and possbly cloned user Cert object or we get a security hole in SslCredKey ctor.
        internal static void CacheCredential(SafeFreeCredentials creds, byte[] thumbPrint, SchProtocols allowedProtocols, EncryptionPolicy encryptionPolicy)
            GlobalLog.Assert(creds != null, "CacheCredential|creds == null");
            if (creds.IsInvalid)
                GlobalLog.Print("CacheCredential() Refused to cache an Invalid Handle = " + creds.ToString() + ", Current Cache Count = " + s_CachedCreds.Count);

            object key = new SslCredKey(thumbPrint, allowedProtocols, encryptionPolicy);

            SafeCredentialReference cached = s_CachedCreds[key] as SafeCredentialReference;

            if (cached == null || cached.IsClosed || cached._Target.IsInvalid)
                lock (s_CachedCreds)
                    cached = s_CachedCreds[key] as SafeCredentialReference;

                    if (cached == null || cached.IsClosed)
                        cached = SafeCredentialReference.CreateReference(creds);

                        if (cached == null)
                            // Means the handle got closed in between, return it back and let caller deal with the issue.

                        s_CachedCreds[key] = cached;
                        GlobalLog.Print("CacheCredential() Caching New Handle = " + creds.ToString() + ", Current Cache Count = " + s_CachedCreds.Count);

                        // A simplest way of preventing infinite cache grows.
                        // Security relief (DoS):
                        //     A number of active creds is never greater than a number of _outstanding_
                        //     security sessions, i.e. ssl connections.
                        //     So we will try to shrink cache to the number of active creds once in a while.
                        //    Just to make clear we won't shrink cache in the case when NO new handles are coming to it.
                        if ((s_CachedCreds.Count % c_CheckExpiredModulo) == 0)
                            DictionaryEntry[] toRemoveAttempt = new DictionaryEntry[s_CachedCreds.Count];
                            s_CachedCreds.CopyTo(toRemoveAttempt, 0);

                            for (int i = 0; i < toRemoveAttempt.Length; ++i)
                                cached = toRemoveAttempt[i].Value as SafeCredentialReference;

                                if (cached != null)
                                    creds = cached._Target;

                                    if (!creds.IsClosed && !creds.IsInvalid && (cached = SafeCredentialReference.CreateReference(creds)) != null)
                                        s_CachedCreds[toRemoveAttempt[i].Key] = cached;
                            GlobalLog.Print("Scavenged cache, New Cache Count = " + s_CachedCreds.Count);
                        GlobalLog.Print("CacheCredential() (locked retry) Found already cached Handle = " + cached._Target.ToString());
                GlobalLog.Print("CacheCredential() Ignoring incoming handle = " + creds.ToString() + " since found already cached Handle = " + cached._Target.ToString());
Ejemplo n.º 31
        public SecureCredential(int version, X509Certificate certificate, SecureCredential.Flags flags, SchProtocols protocols, EncryptionPolicy policy) {
            // default values required for a struct
            rootStore = phMappers = palgSupportedAlgs = certContextArray = IntPtr.Zero;
            cCreds = cMappers = cSupportedAlgs = 0;

            if (policy == EncryptionPolicy.RequireEncryption) {
                // Prohibit null encryption cipher
                dwMinimumCipherStrength = 0;
                dwMaximumCipherStrength = 0;
            else if (policy == EncryptionPolicy.AllowNoEncryption) {
                // Allow null encryption cipher in addition to other ciphers
                dwMinimumCipherStrength = -1;
                dwMaximumCipherStrength =  0;
            else if (policy == EncryptionPolicy.NoEncryption) {
                // Suppress all encryption and require null encryption cipher only
                dwMinimumCipherStrength = -1;
                dwMaximumCipherStrength = -1;
            else {
                throw new ArgumentException(SR.GetString(SR.net_invalid_enum, "EncryptionPolicy"), "policy");
            dwSessionLifespan = reserved = 0;
            this.version = version;
            dwFlags = flags;
            grbitEnabledProtocols = protocols;
            if (certificate != null) {
                certContextArray = certificate.Handle;
                cCreds = 1;
Ejemplo n.º 32
        public SecureCredential(int version, X509Certificate2 certificate,
            SecureCredential.Flags flags, SchProtocols protocols)
            //Setting default values
            rootStore = phMappers = palgSupportedAlgs = certContextArray = IntPtr.Zero;
            cCreds = cMappers = cSupportedAlgs = 0;
            dwMinimumCipherStrength = dwMaximumCipherStrength = 0;
            dwSessionLifespan = reserved = 0;

            this.version = version;
            dwFlags = flags;
            grbitEnabledProtocols = protocols;
            if (certificate != null)
                certContextArray = certificate.Handle;
                cCreds = 1;
Ejemplo n.º 33
 public SchannelCred(X509Certificate certificate, SchProtocols protocols)
     : this(CurrentVersion, certificate, SchannelCred.Flags.Zero, protocols)
 internal static void CacheCredential(SafeFreeCredentials creds, byte[] thumbPrint, SchProtocols allowedProtocols, EncryptionPolicy encryptionPolicy)
     if (!creds.IsInvalid)
         object obj2 = new SslCredKey(thumbPrint, allowedProtocols, encryptionPolicy);
         SafeCredentialReference reference = s_CachedCreds[obj2] as SafeCredentialReference;
         if (((reference == null) || reference.IsClosed) || reference._Target.IsInvalid)
             lock (s_CachedCreds)
                 reference = s_CachedCreds[obj2] as SafeCredentialReference;
                 if ((reference == null) || reference.IsClosed)
                     reference = SafeCredentialReference.CreateReference(creds);
                     if (reference != null)
                         s_CachedCreds[obj2] = reference;
                         if ((s_CachedCreds.Count % 0x20) == 0)
                             DictionaryEntry[] array = new DictionaryEntry[s_CachedCreds.Count];
                             s_CachedCreds.CopyTo(array, 0);
                             for (int i = 0; i < array.Length; i++)
                                 reference = array[i].Value as SafeCredentialReference;
                                 if (reference != null)
                                     creds = reference._Target;
                                     if ((!creds.IsClosed && !creds.IsInvalid) && ((reference = SafeCredentialReference.CreateReference(creds)) != null))
                                         s_CachedCreds[array[i].Key] = reference;
Ejemplo n.º 35
		public SecureCredential (int version, X509Certificate2 certificate, SecureCredential.Flags flags, SchProtocols protocols, EncryptionPolicy policy)
			this.version = version;
			this.certificate = certificate;
			this.protocols = protocols;
			this.policy = policy;
          // The app is calling this method after starting an SSL handshake.
          // ATTN: The thumbPrint must be from inspected and possbly cloned user Cert object or we get a security hole in SslCredKey ctor.
          internal static void CacheCredential(SafeFreeCredentials creds, byte[] thumbPrint, SchProtocols allowedProtocols)
              GlobalLog.Assert(creds != null, "CacheCredential|creds == null");
              if (creds.IsInvalid)
                  GlobalLog.Print("CacheCredential() Refused to cache an Invalid Handle = " + creds.ToString() + ", Current Cache Count = " + s_CachedCreds.Count);

              object key = new SslCredKey(thumbPrint, allowedProtocols);

              SafeCredentialReference cached = s_CachedCreds[key] as SafeCredentialReference;

              if (cached == null || cached.IsClosed || cached._Target.IsInvalid)
                      cached = s_CachedCreds[key] as SafeCredentialReference;

                      if (cached == null || cached.IsClosed)
                          cached = SafeCredentialReference.CreateReference(creds);

                          if (cached == null)
                              // Means the handle got closed in between, return it back and let caller deal with the issue.

                          s_CachedCreds[key] = cached;
                          GlobalLog.Print("CacheCredential() Caching New Handle = " + creds.ToString() + ", Current Cache Count = " + s_CachedCreds.Count);

                          // A simplest way of preventing infinite cache grows.
                          // Security relief (DoS):
                          //     A number of active creds is never greater than a number of _outstanding_
                          //     security sessions, i.e. ssl connections.
                          //     So we will try to shrink cache to the number of active creds once in a while.
                          //    Just to make clear we won't shrink cache in the case when NO new handles are coming to it.
                          if ((s_CachedCreds.Count%c_CheckExpiredModulo) == 0)
                              DictionaryEntry[] toRemoveAttempt = new DictionaryEntry[s_CachedCreds.Count];
                              s_CachedCreds.CopyTo(toRemoveAttempt, 0);

                              for(int i = 0; i < toRemoveAttempt.Length; ++i)
                                  cached = toRemoveAttempt[i].Value as SafeCredentialReference;

                                  if (cached != null)
                                      creds = cached._Target;

                                      if (!creds.IsClosed && !creds.IsInvalid && (cached = SafeCredentialReference.CreateReference(creds)) != null)
                                          s_CachedCreds[toRemoveAttempt[i].Key] = cached;
                              GlobalLog.Print("Scavenged cache, New Cache Count = " + s_CachedCreds.Count);
                          GlobalLog.Print("CacheCredential() (locked retry) Found already cached Handle = " + cached._Target.ToString());
                  GlobalLog.Print("CacheCredential() Ignoring incoming handle = " + creds.ToString() + " since found already cached Handle = " + cached._Target.ToString());
          // Returns null or previously cached cred handle
          // ATTN: The returned handle can be invalid, the callers of InitializeSecurityContext and AcceptSecurityContext
          // must be prepared to execute a backout code if the call fails.
          // Note:thumbPrint is a cryptographicaly strong hash of a certificate
          internal static SafeFreeCredentials TryCachedCredential(byte[] thumbPrint, SchProtocols allowedProtocols)
              if (s_CachedCreds.Count == 0)
                  GlobalLog.Print("TryCachedCredential() Not Found, Current Cache Count = " + s_CachedCreds.Count);
                  return null;

              object key = new SslCredKey(thumbPrint, allowedProtocols);

              SafeCredentialReference cached = s_CachedCreds[key] as SafeCredentialReference;

              if (cached == null || cached.IsClosed || cached._Target.IsInvalid)
                  GlobalLog.Print("TryCachedCredential() Not Found, Current Cache Count = " + s_CachedCreds.Count);
                  return null;

              GlobalLog.Print("TryCachedCredential() Found a cached Handle = " + cached._Target.ToString());

              return cached._Target;
Ejemplo n.º 38
 public SchannelCred(X509Certificate certificate, SchProtocols protocols)
     this = new SchannelCred(4, certificate, SchannelCred.Flags.Zero, protocols);