public static int ApplyAlertToken(
SSPIInterface secModule,
ref SafeFreeCredentials credentialsHandle,
SafeDeleteContext securityContext,
TlsAlertType alertType,
TlsAlertMessage alertMessage)
{
Interop.SChannel.SCHANNEL_ALERT_TOKEN alertToken;
alertToken.dwTokenType = Interop.SChannel.SCHANNEL_ALERT;
alertToken.dwAlertType = (uint)alertType;
alertToken.dwAlertNumber = (uint)alertMessage;
var bufferDesc = new SecurityBuffer[1];
int alertTokenByteSize = Marshal.SizeOf(typeof(Interop.SChannel.SCHANNEL_ALERT_TOKEN));
IntPtr p = Marshal.AllocHGlobal(alertTokenByteSize);
try
{
var buffer = new byte[alertTokenByteSize];
Marshal.StructureToPtr(alertToken, p, false);
Marshal.Copy(p, buffer, 0, alertTokenByteSize);
bufferDesc[0] = new SecurityBuffer(buffer, BufferType.Token);
return(ApplyControlToken(secModule, ref securityContext, bufferDesc));
}
finally
{
Marshal.FreeHGlobal(p);
}
}
public static SecurityStatusPal ApplyAlertToken(
ref SafeFreeCredentials?credentialsHandle,
SafeDeleteContext?securityContext,
TlsAlertType alertType,
TlsAlertMessage alertMessage)
{
// There doesn't seem to be an exposed API for writing an alert.
// The API seems to assume that all alerts are generated internally.
return(new SecurityStatusPal(SecurityStatusPalErrorCode.OK));
}
static Exception GetExceptionInternal(int status, string?message)
{
//
// Start by checking for statuses mapped to QuicError enum
//
if (status == QUIC_STATUS_ADDRESS_IN_USE)
{
return(new QuicException(QuicError.AddressInUse, null, SR.net_quic_address_in_use));
}
if (status == QUIC_STATUS_UNREACHABLE)
{
return(new QuicException(QuicError.HostUnreachable, null, SR.net_quic_host_unreachable));
}
if (status == QUIC_STATUS_CONNECTION_REFUSED)
{
return(new QuicException(QuicError.ConnectionRefused, null, SR.net_quic_connection_refused));
}
if (status == QUIC_STATUS_CONNECTION_TIMEOUT)
{
return(new QuicException(QuicError.ConnectionTimeout, null, SR.net_quic_timeout));
}
if (status == QUIC_STATUS_VER_NEG_ERROR)
{
return(new QuicException(QuicError.VersionNegotiationError, null, SR.net_quic_ver_neg_error));
}
if (status == QUIC_STATUS_INVALID_ADDRESS)
{
return(new QuicException(QuicError.InvalidAddress, null, SR.net_quic_invalid_address));
}
if (status == QUIC_STATUS_CONNECTION_IDLE)
{
return(new QuicException(QuicError.ConnectionIdle, null, SR.net_quic_connection_idle));
}
if (status == QUIC_STATUS_PROTOCOL_ERROR)
{
return(new QuicException(QuicError.ProtocolError, null, SR.net_quic_protocol_error));
}
if (status == QUIC_STATUS_TLS_ERROR ||
status == QUIC_STATUS_CERT_EXPIRED ||
status == QUIC_STATUS_CERT_UNTRUSTED_ROOT ||
status == QUIC_STATUS_CERT_NO_CERT)
{
return(new AuthenticationException(SR.Format(SR.net_quic_auth, GetErrorMessageForStatus(status, message))));
}
//
// Some TLS Alerts are mapped to dedicated QUIC_STATUS codes so we need to handle them individually.
//
if (status == QUIC_STATUS_ALPN_NEG_FAILURE)
{
return(new AuthenticationException(SR.net_quic_alpn_neg_error));
}
if (status == QUIC_STATUS_USER_CANCELED)
{
return(new AuthenticationException(SR.Format(SR.net_auth_tls_alert, TlsAlertMessage.UserCanceled)));
}
//
// other TLS Alerts: MsQuic maps TLS alerts by offsetting them by a
// certain value. CloseNotify is the TLS Alert with value 0x00, so
// all TLS Alert codes are mapped to [QUIC_STATUS_CLOSE_NOTIFY,
// QUIC_STATUS_CLOSE_NOTIFY + 255]
//
// Mapped TLS alerts include following statuses:
// - QUIC_STATUS_CLOSE_NOTIFY
// - QUIC_STATUS_BAD_CERTIFICATE
// - QUIC_STATUS_UNSUPPORTED_CERTIFICATE
// - QUIC_STATUS_REVOKED_CERTIFICATE
// - QUIC_STATUS_EXPIRED_CERTIFICATE
// - QUIC_STATUS_UNKNOWN_CERTIFICATE
// - QUIC_STATUS_REQUIRED_CERTIFICATE
//
if ((uint)status >= (uint)QUIC_STATUS_CLOSE_NOTIFY && (uint)status < (uint)QUIC_STATUS_CLOSE_NOTIFY + 256)
{
TlsAlertMessage alert = (TlsAlertMessage)(status - QUIC_STATUS_CLOSE_NOTIFY);
return(new AuthenticationException(SR.Format(SR.net_auth_tls_alert, alert)));
}
//
// for everything else, use general InternalError
//
return(new QuicException(QuicError.InternalError, null, SR.Format(SR.net_quic_internal_error, GetErrorMessageForStatus(status, message))));
}
public static SecurityStatusPal ApplyAlertToken(ref SafeFreeCredentials credentialsHandle, SafeDeleteContext securityContext, TlsAlertType alertType, TlsAlertMessage alertMessage)
{
Interop.SChannel.SCHANNEL_ALERT_TOKEN alertToken;
alertToken.dwTokenType = Interop.SChannel.SCHANNEL_ALERT;
alertToken.dwAlertType = (uint)alertType;
alertToken.dwAlertNumber = (uint)alertMessage;
var bufferDesc = new SecurityBuffer[1];
int alertTokenByteSize = Marshal.SizeOf <Interop.SChannel.SCHANNEL_ALERT_TOKEN>();
IntPtr p = Marshal.AllocHGlobal(alertTokenByteSize);
try
{
var buffer = new byte[alertTokenByteSize];
Marshal.StructureToPtr <Interop.SChannel.SCHANNEL_ALERT_TOKEN>(alertToken, p, false);
Marshal.Copy(p, buffer, 0, alertTokenByteSize);
bufferDesc[0] = new SecurityBuffer(buffer, SecurityBufferType.SECBUFFER_TOKEN);
var errorCode = (Interop.SECURITY_STATUS)SSPIWrapper.ApplyControlToken(
GlobalSSPI.SSPISecureChannel,
ref securityContext,
bufferDesc);
return(SecurityStatusAdapterPal.GetSecurityStatusPalFromInterop(errorCode, attachException: true));
}
finally
{
Marshal.FreeHGlobal(p);
}
}
public static SecurityStatusPal ApplyAlertToken(ref SafeFreeCredentials credentialsHandle, SafeDeleteContext securityContext, TlsAlertType alertType, TlsAlertMessage alertMessage)
{
Interop.SChannel.SCHANNEL_ALERT_TOKEN alertToken;
alertToken.dwTokenType = Interop.SChannel.SCHANNEL_ALERT;
alertToken.dwAlertType = (uint)alertType;
alertToken.dwAlertNumber = (uint)alertMessage;
var bufferDesc = new SecurityBuffer[1];
int alertTokenByteSize = Marshal.SizeOf<Interop.SChannel.SCHANNEL_ALERT_TOKEN>();
IntPtr p = Marshal.AllocHGlobal(alertTokenByteSize);
try
{
var buffer = new byte[alertTokenByteSize];
Marshal.StructureToPtr<Interop.SChannel.SCHANNEL_ALERT_TOKEN>(alertToken, p, false);
Marshal.Copy(p, buffer, 0, alertTokenByteSize);
bufferDesc[0] = new SecurityBuffer(buffer, SecurityBufferType.SECBUFFER_TOKEN);
var errorCode = (Interop.SECURITY_STATUS)SSPIWrapper.ApplyControlToken(
GlobalSSPI.SSPISecureChannel,
ref securityContext,
bufferDesc);
return SecurityStatusAdapterPal.GetSecurityStatusPalFromInterop(errorCode, attachException:true);
}
finally
{
Marshal.FreeHGlobal(p);
}
}
public static SecurityStatusPal ApplyAlertToken(ref SafeFreeCredentials credentialsHandle, SafeDeleteContext securityContext, TlsAlertType alertType, TlsAlertMessage alertMessage)
{
// TODO (#12319): Not implemented.
return new SecurityStatusPal(SecurityStatusPalErrorCode.OK);
}
public static SecurityStatusPal ApplyAlertToken(ref SafeFreeCredentials credentialsHandle, SafeDeleteContext securityContext, TlsAlertType alertType, TlsAlertMessage alertMessage)
{
// TODO (#12319): Not implemented.
return(new SecurityStatusPal(SecurityStatusPalErrorCode.OK));
}
