public static SafeLocalFreeChannelBinding LocalAlloc(int cb)
{
SafeLocalFreeChannelBinding result = new SafeLocalFreeChannelBinding();
result.SetHandle(Marshal.AllocHGlobal(cb));
result._size = cb;
return(result);
}
protected ExtendedProtectionPolicy(SerializationInfo info, StreamingContext context)
{
this.policyEnforcement = (System.Security.Authentication.ExtendedProtection.PolicyEnforcement)info.GetInt32("policyEnforcement");
this.protectionScenario = (System.Security.Authentication.ExtendedProtection.ProtectionScenario)info.GetInt32("protectionScenario");
this.customServiceNames = (ServiceNameCollection)info.GetValue("customServiceNames", typeof(ServiceNameCollection));
byte[] source = (byte[])info.GetValue("customChannelBinding", typeof(byte[]));
if (source != null)
{
this.customChannelBinding = SafeLocalFreeChannelBinding.LocalAlloc(source.Length);
Marshal.Copy(source, 0, this.customChannelBinding.DangerousGetHandle(), source.Length);
}
}
public static SafeLocalFreeChannelBinding LocalAlloc(int cb)
{
SafeLocalFreeChannelBinding result = HttpApi.LocalAlloc(LMEM_FIXED, (UIntPtr)cb);
if (result.IsInvalid)
{
result.SetHandleAsInvalid();
throw new OutOfMemoryException();
}
result._size = cb;
return(result);
}
protected ExtendedProtectionPolicy(SerializationInfo info, StreamingContext context)
{
policyEnforcement = (PolicyEnforcement)info.GetInt32(policyEnforcementName);
protectionScenario = (ProtectionScenario)info.GetInt32(protectionScenarioName);
customServiceNames = (ServiceNameCollection)info.GetValue(customServiceNamesName, typeof(ServiceNameCollection));
byte[] channelBindingData = (byte[])info.GetValue(customChannelBindingName, typeof(byte[]));
if (channelBindingData != null)
{
customChannelBinding = SafeLocalFreeChannelBinding.LocalAlloc(channelBindingData.Length);
Marshal.Copy(channelBindingData, 0, customChannelBinding.DangerousGetHandle(), channelBindingData.Length);
}
}
internal static unsafe ChannelBinding?GetChannelBindingFromTls(RequestQueue requestQueue, ulong connectionId, ILogger logger)
{
// +128 since a CBT is usually <128 thus we need to call HRCC just once. If the CBT
// is >128 we will get ERROR_MORE_DATA and call again
int size = RequestChannelBindStatusSize + 128;
Debug.Assert(size >= 0);
byte[]? blob = null;
SafeLocalFreeChannelBinding?token = null;
uint bytesReceived = 0;;
uint statusCode;
do
{
blob = new byte[size];
fixed(byte *blobPtr = blob)
{
// Http.sys team: ServiceName will always be null if
// HTTP_RECEIVE_SECURE_CHANNEL_TOKEN flag is set.
statusCode = HttpApi.HttpReceiveClientCertificate(
requestQueue.Handle,
connectionId,
(uint)HttpApiTypes.HTTP_FLAGS.HTTP_RECEIVE_SECURE_CHANNEL_TOKEN,
blobPtr,
(uint)size,
&bytesReceived,
SafeNativeOverlapped.Zero);
if (statusCode == UnsafeNclNativeMethods.ErrorCodes.ERROR_SUCCESS)
{
int tokenOffset = GetTokenOffsetFromBlob((IntPtr)blobPtr);
int tokenSize = GetTokenSizeFromBlob((IntPtr)blobPtr);
Debug.Assert(tokenSize < Int32.MaxValue);
token = SafeLocalFreeChannelBinding.LocalAlloc(tokenSize);
Marshal.Copy(blob, tokenOffset, token.DangerousGetHandle(), tokenSize);
}
else if (statusCode == UnsafeNclNativeMethods.ErrorCodes.ERROR_MORE_DATA)
{
int tokenSize = GetTokenSizeFromBlob((IntPtr)blobPtr);
Debug.Assert(tokenSize < Int32.MaxValue);
size = RequestChannelBindStatusSize + tokenSize;
}
else if (statusCode == UnsafeNclNativeMethods.ErrorCodes.ERROR_INVALID_PARAMETER)
{
Log.ChannelBindingUnsupported(logger);
return(null); // old schannel library which doesn't support CBT
}
else
{
// It's up to the consumer to fail if the missing ChannelBinding matters to them.
Log.ChannelBindingMissing(logger, new HttpSysException((int)statusCode));
break;
}
}
}while (statusCode != UnsafeNclNativeMethods.ErrorCodes.ERROR_SUCCESS);
return(token);
}
