public static int QueryContextConnectionInfo(SafeDeleteContext securityContext, out SslConnectionInfo connectionInfo)
{
connectionInfo = null;
try
{
connectionInfo = new SslConnectionInfo(securityContext.SslContext);
return 0;
}
catch
{
return -1;
}
}
public static int QueryContextConnectionInfo(SafeDeleteContext securityContext, out SslConnectionInfo connectionInfo)
{
string protocolVersion;
connectionInfo = null;
try
{
Interop.libssl.SSL_CIPHER cipher = Interop.OpenSsl.GetConnectionInfo(securityContext.SslContext, out protocolVersion);
connectionInfo = new SslConnectionInfo(cipher, protocolVersion);
return 0;
}
catch
{
return -1;
}
}
public static object QueryContextAttributes(SSPIInterface secModule, SafeDeleteContext securityContext, Interop.Secur32.ContextAttribute contextAttribute, out int errorCode)
{
GlobalLog.Enter("QueryContextAttributes", contextAttribute.ToString());
int nativeBlockSize = IntPtr.Size;
Type handleType = null;
switch (contextAttribute)
{
case Interop.Secur32.ContextAttribute.Sizes:
nativeBlockSize = SecSizes.SizeOf;
break;
case Interop.Secur32.ContextAttribute.StreamSizes:
nativeBlockSize = StreamSizes.SizeOf;
break;
case Interop.Secur32.ContextAttribute.Names:
handleType = typeof(SafeFreeContextBuffer);
break;
case Interop.Secur32.ContextAttribute.PackageInfo:
handleType = typeof(SafeFreeContextBuffer);
break;
case Interop.Secur32.ContextAttribute.NegotiationInfo:
handleType = typeof(SafeFreeContextBuffer);
nativeBlockSize = Marshal.SizeOf<NegotiationInfo>();
break;
case Interop.Secur32.ContextAttribute.ClientSpecifiedSpn:
handleType = typeof(SafeFreeContextBuffer);
break;
case Interop.Secur32.ContextAttribute.RemoteCertificate:
handleType = typeof(SafeFreeCertContext);
break;
case Interop.Secur32.ContextAttribute.LocalCertificate:
handleType = typeof(SafeFreeCertContext);
break;
case Interop.Secur32.ContextAttribute.IssuerListInfoEx:
nativeBlockSize = Marshal.SizeOf<Interop.Secur32.IssuerListInfoEx>();
handleType = typeof(SafeFreeContextBuffer);
break;
case Interop.Secur32.ContextAttribute.ConnectionInfo:
nativeBlockSize = Marshal.SizeOf<SslConnectionInfo>();
break;
default:
throw new ArgumentException(SR.Format(SR.net_invalid_enum, "ContextAttribute"), "contextAttribute");
}
SafeHandle sspiHandle = null;
object attribute = null;
try
{
byte[] nativeBuffer = new byte[nativeBlockSize];
errorCode = secModule.QueryContextAttributes(securityContext, contextAttribute, nativeBuffer, handleType, out sspiHandle);
if (errorCode != 0)
{
GlobalLog.Leave("Win32:QueryContextAttributes", "ERROR = " + ErrorDescription(errorCode));
return null;
}
switch (contextAttribute)
{
case Interop.Secur32.ContextAttribute.Sizes:
attribute = new SecSizes(nativeBuffer);
break;
case Interop.Secur32.ContextAttribute.StreamSizes:
attribute = new StreamSizes(nativeBuffer);
break;
case Interop.Secur32.ContextAttribute.Names:
attribute = Marshal.PtrToStringUni(sspiHandle.DangerousGetHandle());
break;
case Interop.Secur32.ContextAttribute.PackageInfo:
attribute = new SecurityPackageInfoClass(sspiHandle, 0);
break;
case Interop.Secur32.ContextAttribute.NegotiationInfo:
unsafe
{
fixed (void* ptr = nativeBuffer)
{
attribute = new NegotiationInfoClass(sspiHandle, Marshal.ReadInt32(new IntPtr(ptr), NegotiationInfo.NegotiationStateOffest));
}
}
break;
case Interop.Secur32.ContextAttribute.ClientSpecifiedSpn:
attribute = Marshal.PtrToStringUni(sspiHandle.DangerousGetHandle());
break;
case Interop.Secur32.ContextAttribute.LocalCertificate:
// Fall-through to RemoteCertificate is intentional.
case Interop.Secur32.ContextAttribute.RemoteCertificate:
attribute = sspiHandle;
sspiHandle = null;
break;
case Interop.Secur32.ContextAttribute.IssuerListInfoEx:
attribute = new Interop.Secur32.IssuerListInfoEx(sspiHandle, nativeBuffer);
sspiHandle = null;
break;
case Interop.Secur32.ContextAttribute.ConnectionInfo:
attribute = new SslConnectionInfo(nativeBuffer);
break;
default:
// Will return null.
break;
}
}
finally
{
if (sspiHandle != null)
{
sspiHandle.Dispose();
}
}
GlobalLog.Leave("QueryContextAttributes", LoggingHash.ObjectToString(attribute));
return attribute;
}
public static void QueryContextConnectionInfo(SafeDeleteContext securityContext, out SslConnectionInfo connectionInfo)
{
connectionInfo = SSPIWrapper.QueryContextAttributes(
GlobalSSPI.SSPISecureChannel,
securityContext,
Interop.SspiCli.ContextAttribute.ConnectionInfo) as SslConnectionInfo;
}
/*++
ProcessHandshakeSuccess -
Called on successful completion of Handshake -
used to set header/trailer sizes for encryption use
Fills in the information about established protocol
--*/
internal void ProcessHandshakeSuccess() {
GlobalLog.Enter("SecureChannel#" + ValidationHelper.HashString(this) + "::ProcessHandshakeSuccess");
#if MONO
m_HeaderSize = m_TrailerSize = 0;
m_ConnectionInfo = SSPIWrapper.GetConnectionInfo(m_SecModule, m_SecurityContext);
#else
StreamSizes streamSizes = SSPIWrapper.QueryContextAttributes(m_SecModule, m_SecurityContext, ContextAttribute.StreamSizes) as StreamSizes;
if (streamSizes != null) {
try
{
m_HeaderSize = streamSizes.header;
m_TrailerSize = streamSizes.trailer;
m_MaxDataSize = checked(streamSizes.maximumMessage - (m_HeaderSize + m_TrailerSize));
}
catch(Exception e)
{
if (!NclUtilities.IsFatal(e)){
GlobalLog.Assert(false, "SecureChannel#" + ValidationHelper.HashString(this) + "::ProcessHandshakeSuccess", "StreamSizes out of range.");
}
throw;
}
}
m_ConnectionInfo = SSPIWrapper.QueryContextAttributes(m_SecModule, m_SecurityContext, ContextAttribute.ConnectionInfo) as SslConnectionInfo;
#endif
GlobalLog.Leave("SecureChannel#" + ValidationHelper.HashString(this) + "::ProcessHandshakeSuccess");
}
public static void QueryContextConnectionInfo(SafeDeleteContext securityContext, out SslConnectionInfo connectionInfo)
{
connectionInfo = new SslConnectionInfo(securityContext.SslContext);
}
public int QueryContextConnectionInfo(SafeDeleteContext securityContext, out SslConnectionInfo connectionInfo)
{
bool gotReference = false;
connectionInfo = null;
try
{
securityContext.DangerousAddRef(ref gotReference);
Interop.libssl.SSL_CIPHER cipher = Interop.OpenSsl.GetConnectionInfo(securityContext.DangerousGetHandle());
connectionInfo = new SslConnectionInfo(cipher);
return 0;
}
catch
{
return -1;
}
finally
{
if (gotReference)
{
securityContext.DangerousRelease();
}
}
}
public int QueryContextConnectionInfo(SafeDeleteContext securityContext, out SslConnectionInfo connectionInfo)
{
int errorCode;
connectionInfo = QueryContextAttributes(securityContext, Interop.Secur32.ContextAttribute.ConnectionInfo, out errorCode) as SslConnectionInfo;
return errorCode;
}
public int QueryContextConnectionInfo(SafeDeleteContext securityContext, out SslConnectionInfo connectionInfo)
{
connectionInfo = null;
try
{
Interop.libssl.SSL_CIPHER cipher = Interop.OpenSsl.GetConnectionInfo(securityContext.SslContext);
connectionInfo = new SslConnectionInfo(cipher);
return 0;
}
catch
{
return -1;
}
}
public byte[] GetOutgoingBlob(byte[] incomingBlob, ChannelBinding channelbinding, ExtendedProtectionPolicy protectionPolicy)
{
this.ThrowIfDisposed();
SecurityBuffer inputBuffer = null;
if (incomingBlob != null)
{
inputBuffer = new SecurityBuffer(incomingBlob, System.IdentityModel.BufferType.Token);
}
SecurityBuffer outputBuffer = new SecurityBuffer(null, System.IdentityModel.BufferType.Token);
this.remoteCertificate = null;
int error = 0;
if (this.isServer)
{
error = SspiWrapper.AcceptSecurityContext(this.credentialsHandle, ref this.securityContext, ServerStandardFlags | (this.clientCertRequired ? SspiContextFlags.MutualAuth : SspiContextFlags.Zero), Endianness.Native, inputBuffer, outputBuffer, ref this.attributes);
}
else
{
error = SspiWrapper.InitializeSecurityContext(this.credentialsHandle, ref this.securityContext, this.destination, ClientStandardFlags, Endianness.Native, inputBuffer, outputBuffer, ref this.attributes);
}
if ((error & -2147483648) != 0)
{
this.Dispose();
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error));
}
if (error == 0)
{
if (System.ServiceModel.Security.SecurityUtils.ShouldValidateSslCipherStrength())
{
SslConnectionInfo info = (SslConnectionInfo)SspiWrapper.QueryContextAttributes(this.securityContext, ContextAttribute.ConnectionInfo);
if (info == null)
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(System.ServiceModel.SR.GetString("CannotObtainSslConnectionInfo")));
}
System.ServiceModel.Security.SecurityUtils.ValidateSslCipherStrength(info.DataKeySize);
}
this.isCompleted = true;
}
else
{
if (error == 0x90320)
{
this.AcquireClientCredentials();
if (this.ClientCertificate != null)
{
this.wasClientCertificateSent = true;
}
return(this.GetOutgoingBlob(incomingBlob, channelbinding, protectionPolicy));
}
if (error != 0x90312)
{
this.Dispose();
if (error == -2146893052)
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error, System.ServiceModel.SR.GetString("LsaAuthorityNotContacted")));
}
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error));
}
}
return(outputBuffer.token);
}
internal static int QueryContextConnectionInfo(SSPIInterface SecModule, SafeDeleteContext securityContext, out SslConnectionInfo connectionInfo)
{
return SecModule.QueryContextConnectionInfo(securityContext, out connectionInfo);
}
public static unsafe object QueryContextAttributes(
SafeDeleteContext securityContext,
ContextAttribute contextAttribute)
{
int nativeBlockSize = IntPtr.Size;
Type handleType = null;
switch (contextAttribute)
{
case ContextAttribute.Flags:
break;
case ContextAttribute.Sizes:
nativeBlockSize = SecSizes.SizeOf;
break;
case ContextAttribute.StreamSizes:
nativeBlockSize = StreamSizes.SizeOf;
break;
case ContextAttribute.Names:
handleType = typeof(SafeFreeContextBuffer);
break;
case ContextAttribute.PackageInfo:
handleType = typeof(SafeFreeContextBuffer);
break;
case ContextAttribute.NegotiationInfo:
handleType = typeof(SafeFreeContextBuffer);
nativeBlockSize = Marshal.SizeOf(typeof(NegotiationInfo));
break;
case ContextAttribute.RemoteCertificate:
handleType = typeof(SafeFreeCertContext);
break;
case ContextAttribute.LocalCertificate:
handleType = typeof(SafeFreeCertContext);
break;
case ContextAttribute.ConnectionInfo:
nativeBlockSize = Marshal.SizeOf(typeof(SslConnectionInfo));
break;
case ContextAttribute.Lifespan:
nativeBlockSize = LifeSpan_Struct.Size;
break;
case ContextAttribute.SessionKey:
handleType = typeof(SafeFreeContextBuffer);
nativeBlockSize = SecPkgContext_SessionKey.Size;
break;
default:
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidEnumArgumentException("contextAttribute", (int)contextAttribute,
typeof(ContextAttribute)));
}
SafeHandle sspiHandle = null;
object attribute = null;
try
{
byte[] nativeBuffer = new byte[nativeBlockSize];
int errorCode = QueryContextAttributes(securityContext, contextAttribute, nativeBuffer, handleType, out sspiHandle);
if (errorCode != 0)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(errorCode));
}
switch (contextAttribute)
{
case ContextAttribute.Flags:
fixed (byte* pnativeBuffer = nativeBuffer)
{
attribute = (object)Marshal.ReadInt32(new IntPtr(pnativeBuffer));
}
break;
case ContextAttribute.Sizes:
attribute = new SecSizes(nativeBuffer);
break;
case ContextAttribute.StreamSizes:
attribute = new StreamSizes(nativeBuffer);
break;
case ContextAttribute.Names:
attribute = Marshal.PtrToStringUni(sspiHandle.DangerousGetHandle());
break;
case ContextAttribute.PackageInfo:
attribute = new SecurityPackageInfoClass(sspiHandle, 0);
break;
case ContextAttribute.NegotiationInfo:
unsafe
{
fixed (void* ptr = nativeBuffer)
{
attribute = new NegotiationInfoClass(sspiHandle, Marshal.ReadInt32(new IntPtr(ptr), NegotiationInfo.NegotiationStateOffset));
}
}
break;
case ContextAttribute.LocalCertificate:
goto case ContextAttribute.RemoteCertificate;
case ContextAttribute.RemoteCertificate:
attribute = sspiHandle;
sspiHandle = null;
break;
case ContextAttribute.ConnectionInfo:
attribute = new SslConnectionInfo(nativeBuffer);
break;
case ContextAttribute.Lifespan:
attribute = new LifeSpan(nativeBuffer);
break;
case ContextAttribute.SessionKey:
unsafe
{
fixed (void* ptr = nativeBuffer)
{
attribute = new SecuritySessionKeyClass(sspiHandle, Marshal.ReadInt32(new IntPtr(ptr)));
}
}
break;
default:
// will return null
break;
}
}
finally
{
if (sspiHandle != null)
{
sspiHandle.Close();
}
}
return attribute;
}
internal void ProcessHandshakeSuccess()
{
StreamSizes sizes = SSPIWrapper.QueryContextAttributes(GlobalSSPI.SSPISecureChannel, this.m_SecurityContext, ContextAttribute.StreamSizes) as StreamSizes;
if (sizes != null)
{
try
{
this.m_HeaderSize = sizes.header;
this.m_TrailerSize = sizes.trailer;
this.m_MaxDataSize = sizes.maximumMessage - (this.m_HeaderSize + this.m_TrailerSize);
}
catch (Exception exception)
{
NclUtilities.IsFatal(exception);
throw;
}
}
this.m_ConnectionInfo = SSPIWrapper.QueryContextAttributes(GlobalSSPI.SSPISecureChannel, this.m_SecurityContext, ContextAttribute.ConnectionInfo) as SslConnectionInfo;
}
