private static SslConfigItem Deserialize(IntPtr pSslConfigSetStruct)
{
SslConfigItem item = new SslConfigItem();
HttpApi.HTTP_SERVICE_CONFIG_SSL_SET sslStruct =
(HttpApi.HTTP_SERVICE_CONFIG_SSL_SET)Marshal.PtrToStructure(pSslConfigSetStruct, typeof(HttpApi.HTTP_SERVICE_CONFIG_SSL_SET));
item._port = (ushort)IPAddress.NetworkToHostOrder(Marshal.ReadInt16(sslStruct.KeyDesc.pIpPort, 2));
item._address = new IPAddress((long)Marshal.ReadInt32(sslStruct.KeyDesc.pIpPort, 4) & 0x00000000ffffffff);
item._appId = sslStruct.ParamDesc.AppId;
item._certStoreName = sslStruct.ParamDesc.pSslCertStoreName;
item._certCheckMode = sslStruct.ParamDesc.CertCheckMode;
item._revocationFreshnessTime = sslStruct.ParamDesc.RevocationFreshnessTime;
item._revocationUrlRetrievalTimeout = sslStruct.ParamDesc.RevocationUrlRetrievalTimeout;
item._sslCtlIdentifier = sslStruct.ParamDesc.pSslCtlIdentifier;
item._sslCtlStoreName = sslStruct.ParamDesc.pSslCtlStoreName;
item._flags = sslStruct.ParamDesc.Flags;
item.Status = ModifiedStatus.Unmodified;
item._hash = new byte[sslStruct.ParamDesc.SslHashLength];
Marshal.Copy(sslStruct.ParamDesc.pSslHash, item._hash, 0, item._hash.Length);
item.SetItems();
return(item);
}
public static Hashtable QueryConfig()
{
Hashtable items = new Hashtable();
HttpApi.HTTP_SERVICE_CONFIG_SSL_QUERY query = new HttpApi.HTTP_SERVICE_CONFIG_SSL_QUERY();
query.QueryDesc = HttpApi.HTTP_SERVICE_CONFIG_QUERY_TYPE.HttpServiceConfigQueryNext;
IntPtr pInput = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(HttpApi.HTTP_SERVICE_CONFIG_SSL_QUERY)));
try
{
for (query.dwToken = 0; ; query.dwToken++)
{
Marshal.StructureToPtr(query, pInput, false);
int requiredBufferLength = 0;
HttpApi.Error error = QueryServiceConfig(pInput, IntPtr.Zero, 0, out requiredBufferLength);
if (error == HttpApi.Error.ERROR_NO_MORE_ITEMS)
{
break;
}
else if (error != HttpApi.Error.ERROR_INSUFFICIENT_BUFFER)
{
throw new HttpApiException(error, "HttpQueryServiceConfiguration (SSL) failed. Error = " + error);
}
IntPtr pOutput = Marshal.AllocHGlobal(requiredBufferLength);
try
{
HttpApi.ZeroMemory(pOutput, requiredBufferLength);
error = QueryServiceConfig(pInput, pOutput, requiredBufferLength, out requiredBufferLength);
if (error != HttpApi.Error.NO_ERROR)
{
throw new HttpApiException(error, "HttpQueryServiceConfiguration (SSL) failed. Error = " + error);
}
SslConfigItem item = Deserialize(pOutput);
items.Add(item.Key, item);
}
finally
{
Marshal.FreeHGlobal(pOutput);
}
}
}
finally
{
Marshal.FreeHGlobal(pInput);
}
return(items);
}
private SslConfigItem ControlsToItem()
{
SslConfigItem newItem = new SslConfigItem();
newItem.Status = _status;
newItem.Address = IPAddress.Parse(addressTextBox.Text);
newItem.Port = ushort.Parse(portTextBox.Text);
newItem.CertStoreName = certStoreTextBox.Text;
newItem.Hash = _certHashBytes;
newItem.AppId = guidTextBox.Text.Length > 0 ? new Guid(guidTextBox.Text) : Guid.Empty;
newItem.RevocationFreshnessTime = string.IsNullOrEmpty(refreshTimeTextBox.Text) ? 0 : int.Parse(refreshTimeTextBox.Text);
newItem.RevocationUrlRetrievalTimeout = string.IsNullOrEmpty(retrievalTimeoutTextBox.Text) ? 0 : int.Parse(retrievalTimeoutTextBox.Text);
newItem.SslCtlIdentifier = ctlIdTextBox.Text;
newItem.SslCtlStoreName = ctlStoreTextBox.Text;
newItem.CertCheckMode = 0;
if (noRevocationCheckBox.Checked)
{
newItem.CertCheckMode |= HttpApi.ClientCertCheckMode.NoVerifyRevocation;
}
if (onlyCachedRevocationCheckBox.Checked)
{
newItem.CertCheckMode |= HttpApi.ClientCertCheckMode.CachedRevocationOnly;
}
if (useFreshnessTimeCheckBox.Checked)
{
newItem.CertCheckMode |= HttpApi.ClientCertCheckMode.UseRevocationFreshnessTime;
}
if (noUsageCheckCheckBox.Checked)
{
newItem.CertCheckMode |= HttpApi.ClientCertCheckMode.NoUsageCheck;
}
newItem.Flags = 0;
if (dsMapperCheckBox.Checked)
{
newItem.Flags |= HttpApi.SslConfigFlag.UseDSMapper;
}
if (clientCertCheckBox.Checked)
{
newItem.Flags |= HttpApi.SslConfigFlag.NegotiateClientCertificates;
}
if (noRouteCheckBox.Checked)
{
newItem.Flags |= HttpApi.SslConfigFlag.DoNotRouteToRawIsapiFilters;
}
return(newItem);
}
public SslConfigForm(SslConfigItem item) : this()
{
addressTextBox.Enabled = false; // we're editing an existing item and address:port is the key in the collection
portTextBox.Enabled = false; // we're editing an existing item and address:port is the key in the collection
_status = item.Status == ModifiedStatus.Added ? ModifiedStatus.Added : ModifiedStatus.Modified;
ItemToControls(item);
}
private void removeSslButton_Click(object sender, System.EventArgs e)
{
try
{
ArrayList removedItems = new ArrayList();
foreach (int i in sslListView.SelectedIndices)
{
applyButton.Enabled = true;
removedItems.Add(((SslConfigItem)sslListView.Items[i]).Key);
}
foreach (object key in removedItems)
{
SslConfigItem item = (SslConfigItem)_sslItems[key];
switch (item.Status)
{
case ModifiedStatus.Added:
_sslItems.Remove(item);
break;
case ModifiedStatus.Unmodified:
item.Status = ModifiedStatus.Removed;
break;
case ModifiedStatus.Modified:
item.Status = ModifiedStatus.Removed;
break;
default:
break;
}
}
PopulateConfigListView(_sslItems, sslListView);
}
catch (Exception ex)
{
DisplayError(ex);
}
finally
{
EnableSslButtons();
}
}
private void addSslButton_Click(object sender, System.EventArgs e)
{
try
{
using (SslConfigForm editor = new SslConfigForm())
{
if (editor.ShowDialog() == DialogResult.OK)
{
SslConfigItem newItem = editor.UpdatedItem;
newItem.Status = ModifiedStatus.Added;
if (_sslItems.Contains(newItem.Key))
{
if (((ConfigItem)_sslItems[newItem.Key]).Status != ModifiedStatus.Removed)
{
MessageBox.Show(this, "SSL is already configured for the address and port you entered.", "Invalid Input");
}
else
{
newItem.Status = ModifiedStatus.Modified;
_sslItems[newItem.Key] = newItem;
}
}
else
{
_sslItems.Add(newItem.Key, newItem);
applyButton.Enabled = true;
}
PopulateConfigListView(_sslItems, sslListView);
}
}
}
catch (Exception ex)
{
DisplayError(ex);
}
finally
{
EnableSslButtons();
}
}
private void ItemToControls(SslConfigItem item)
{
SetGuidText(item.AppId);
addressTextBox.Text = item.Address.ToString();
portTextBox.Text = item.Port.ToString();
refreshTimeTextBox.Text = item.RevocationFreshnessTime.ToString();
retrievalTimeoutTextBox.Text = item.RevocationUrlRetrievalTimeout.ToString();
ctlIdTextBox.Text = item.SslCtlIdentifier;
ctlStoreTextBox.Text = item.SslCtlStoreName;
noRevocationCheckBox.Checked =
(item.CertCheckMode & HttpApi.ClientCertCheckMode.NoVerifyRevocation) != 0;
onlyCachedRevocationCheckBox.Checked =
(item.CertCheckMode & HttpApi.ClientCertCheckMode.CachedRevocationOnly) != 0;
useFreshnessTimeCheckBox.Checked =
(item.CertCheckMode & HttpApi.ClientCertCheckMode.UseRevocationFreshnessTime) != 0;
noUsageCheckCheckBox.Checked =
(item.CertCheckMode & HttpApi.ClientCertCheckMode.NoUsageCheck) != 0;
dsMapperCheckBox.Checked = (item.Flags & HttpApi.SslConfigFlag.UseDSMapper) != 0;
clientCertCheckBox.Checked = (item.Flags & HttpApi.SslConfigFlag.NegotiateClientCertificates) != 0;
noRouteCheckBox.Checked = (item.Flags & HttpApi.SslConfigFlag.DoNotRouteToRawIsapiFilters) != 0;
string storeName = (item.CertStoreName == null) ? "MY" : item.CertStoreName;
if ((item.Hash != null) && (item.Hash.Length > 0))
{
certStoreTextBox.Text = storeName;
certHashTextBox.Text = CertUtil.BytesToHex(item.Hash);
certNameTextBox.Text = CertUtil.GetCertNameFromStoreAndHash(storeName, item.Hash);
_certHashBytes = item.Hash;
}
}
private void EditSsl()
{
try
{
SslConfigItem selectedItem = (SslConfigItem)sslListView.SelectedItems[0];
using (SslConfigForm editor = new SslConfigForm(selectedItem))
{
if (editor.ShowDialog() == DialogResult.OK)
{
_sslItems[selectedItem.Key] = editor.UpdatedItem;
applyButton.Enabled = true;
PopulateConfigListView(_sslItems, sslListView);
}
}
}
finally
{
EnableSslButtons();
}
}
private void Load_SslItems()
{
_sslItems = SslConfigItem.QueryConfig();
PopulateConfigListView(_sslItems, sslListView);
}