// // Used only by client SSL code, never returns null. // internal static string[] GetRequestCertificateAuthorities(SafeDeleteContext securityContext) { Interop.SspiCli.IssuerListInfoEx issuerList = (Interop.SspiCli.IssuerListInfoEx)SSPIWrapper.QueryContextAttributes( GlobalSSPI.SSPISecureChannel, securityContext, Interop.SspiCli.ContextAttribute.IssuerListInfoEx); string[] issuers = Array.Empty <string>(); try { if (issuerList.cIssuers > 0) { unsafe { uint count = issuerList.cIssuers; issuers = new string[issuerList.cIssuers]; Interop.SspiCli._CERT_CHAIN_ELEMENT *pIL = (Interop.SspiCli._CERT_CHAIN_ELEMENT *)issuerList.aIssuers.DangerousGetHandle(); for (int i = 0; i < count; ++i) { Interop.SspiCli._CERT_CHAIN_ELEMENT *pIL2 = pIL + i; if (GlobalLog.IsEnabled && pIL2->cbSize <= 0) { GlobalLog.Assert("SecureChannel::GetIssuers()", "Interop.SspiCli._CERT_CHAIN_ELEMENT size is not positive: " + pIL2->cbSize.ToString()); } if (pIL2->cbSize > 0) { uint size = pIL2->cbSize; byte * ptr = (byte *)(pIL2->pCertContext); byte[] x = new byte[size]; for (int j = 0; j < size; j++) { x[j] = *(ptr + j); } X500DistinguishedName x500DistinguishedName = new X500DistinguishedName(x); issuers[i] = x500DistinguishedName.Name; if (GlobalLog.IsEnabled) { GlobalLog.Print("SecureChannel#" + LoggingHash.HashString(securityContext) + "::GetIssuers() IssuerListEx[" + i + "]:" + issuers[i]); } } } } } } finally { if (issuerList.aIssuers != null) { issuerList.aIssuers.Dispose(); } } return(issuers); }
public static object QueryContextAttributes(SSPIInterface secModule, SafeDeleteContext securityContext, Interop.SspiCli.ContextAttribute contextAttribute, out int errorCode) { if (GlobalLog.IsEnabled) { GlobalLog.Enter("QueryContextAttributes", contextAttribute.ToString()); } int nativeBlockSize = IntPtr.Size; Type handleType = null; switch (contextAttribute) { case Interop.SspiCli.ContextAttribute.Sizes: nativeBlockSize = SecSizes.SizeOf; break; case Interop.SspiCli.ContextAttribute.StreamSizes: nativeBlockSize = StreamSizes.SizeOf; break; case Interop.SspiCli.ContextAttribute.Names: handleType = typeof(SafeFreeContextBuffer); break; case Interop.SspiCli.ContextAttribute.PackageInfo: handleType = typeof(SafeFreeContextBuffer); break; case Interop.SspiCli.ContextAttribute.NegotiationInfo: handleType = typeof(SafeFreeContextBuffer); nativeBlockSize = Marshal.SizeOf<NegotiationInfo>(); break; case Interop.SspiCli.ContextAttribute.ClientSpecifiedSpn: handleType = typeof(SafeFreeContextBuffer); break; case Interop.SspiCli.ContextAttribute.RemoteCertificate: handleType = typeof(SafeFreeCertContext); break; case Interop.SspiCli.ContextAttribute.LocalCertificate: handleType = typeof(SafeFreeCertContext); break; case Interop.SspiCli.ContextAttribute.IssuerListInfoEx: nativeBlockSize = Marshal.SizeOf<Interop.SspiCli.IssuerListInfoEx>(); handleType = typeof(SafeFreeContextBuffer); break; case Interop.SspiCli.ContextAttribute.ConnectionInfo: nativeBlockSize = Marshal.SizeOf<SslConnectionInfo>(); break; default: throw new ArgumentException(SR.Format(SR.net_invalid_enum, "ContextAttribute"), "contextAttribute"); } SafeHandle sspiHandle = null; object attribute = null; try { var nativeBuffer = new byte[nativeBlockSize]; errorCode = secModule.QueryContextAttributes(securityContext, contextAttribute, nativeBuffer, handleType, out sspiHandle); if (errorCode != 0) { if (GlobalLog.IsEnabled) { GlobalLog.Leave("Win32:QueryContextAttributes", "ERROR = " + ErrorDescription(errorCode)); } return null; } switch (contextAttribute) { case Interop.SspiCli.ContextAttribute.Sizes: attribute = new SecSizes(nativeBuffer); break; case Interop.SspiCli.ContextAttribute.StreamSizes: attribute = new StreamSizes(nativeBuffer); break; case Interop.SspiCli.ContextAttribute.Names: attribute = Marshal.PtrToStringUni(sspiHandle.DangerousGetHandle()); break; case Interop.SspiCli.ContextAttribute.PackageInfo: attribute = new SecurityPackageInfoClass(sspiHandle, 0); break; case Interop.SspiCli.ContextAttribute.NegotiationInfo: unsafe { fixed (void* ptr = nativeBuffer) { attribute = new NegotiationInfoClass(sspiHandle, Marshal.ReadInt32(new IntPtr(ptr), NegotiationInfo.NegotiationStateOffest)); } } break; case Interop.SspiCli.ContextAttribute.ClientSpecifiedSpn: attribute = Marshal.PtrToStringUni(sspiHandle.DangerousGetHandle()); break; case Interop.SspiCli.ContextAttribute.LocalCertificate: // Fall-through to RemoteCertificate is intentional. case Interop.SspiCli.ContextAttribute.RemoteCertificate: attribute = sspiHandle; sspiHandle = null; break; case Interop.SspiCli.ContextAttribute.IssuerListInfoEx: attribute = new Interop.SspiCli.IssuerListInfoEx(sspiHandle, nativeBuffer); sspiHandle = null; break; case Interop.SspiCli.ContextAttribute.ConnectionInfo: attribute = new SslConnectionInfo(nativeBuffer); break; default: // Will return null. break; } } finally { if (sspiHandle != null) { sspiHandle.Dispose(); } } if (GlobalLog.IsEnabled) { GlobalLog.Leave("QueryContextAttributes", LoggingHash.ObjectToString(attribute)); } return attribute; }
public static object QueryContextAttributes(SSPIInterface secModule, SafeDeleteContext securityContext, Interop.SspiCli.ContextAttribute contextAttribute, out int errorCode) { if (GlobalLog.IsEnabled) { GlobalLog.Enter("QueryContextAttributes", contextAttribute.ToString()); } int nativeBlockSize = IntPtr.Size; Type handleType = null; switch (contextAttribute) { case Interop.SspiCli.ContextAttribute.Sizes: nativeBlockSize = SecSizes.SizeOf; break; case Interop.SspiCli.ContextAttribute.StreamSizes: nativeBlockSize = StreamSizes.SizeOf; break; case Interop.SspiCli.ContextAttribute.Names: handleType = typeof(SafeFreeContextBuffer); break; case Interop.SspiCli.ContextAttribute.PackageInfo: handleType = typeof(SafeFreeContextBuffer); break; case Interop.SspiCli.ContextAttribute.NegotiationInfo: handleType = typeof(SafeFreeContextBuffer); nativeBlockSize = Marshal.SizeOf <NegotiationInfo>(); break; case Interop.SspiCli.ContextAttribute.ClientSpecifiedSpn: handleType = typeof(SafeFreeContextBuffer); break; case Interop.SspiCli.ContextAttribute.RemoteCertificate: handleType = typeof(SafeFreeCertContext); break; case Interop.SspiCli.ContextAttribute.LocalCertificate: handleType = typeof(SafeFreeCertContext); break; case Interop.SspiCli.ContextAttribute.IssuerListInfoEx: nativeBlockSize = Marshal.SizeOf <Interop.SspiCli.IssuerListInfoEx>(); handleType = typeof(SafeFreeContextBuffer); break; case Interop.SspiCli.ContextAttribute.ConnectionInfo: nativeBlockSize = Marshal.SizeOf <SslConnectionInfo>(); break; default: throw new ArgumentException(SR.Format(SR.net_invalid_enum, "ContextAttribute"), "contextAttribute"); } SafeHandle sspiHandle = null; object attribute = null; try { var nativeBuffer = new byte[nativeBlockSize]; errorCode = secModule.QueryContextAttributes(securityContext, contextAttribute, nativeBuffer, handleType, out sspiHandle); if (errorCode != 0) { if (GlobalLog.IsEnabled) { GlobalLog.Leave("Win32:QueryContextAttributes", "ERROR = " + ErrorDescription(errorCode)); } return(null); } switch (contextAttribute) { case Interop.SspiCli.ContextAttribute.Sizes: attribute = new SecSizes(nativeBuffer); break; case Interop.SspiCli.ContextAttribute.StreamSizes: attribute = new StreamSizes(nativeBuffer); break; case Interop.SspiCli.ContextAttribute.Names: attribute = Marshal.PtrToStringUni(sspiHandle.DangerousGetHandle()); break; case Interop.SspiCli.ContextAttribute.PackageInfo: attribute = new SecurityPackageInfoClass(sspiHandle, 0); break; case Interop.SspiCli.ContextAttribute.NegotiationInfo: unsafe { fixed(void *ptr = nativeBuffer) { attribute = new NegotiationInfoClass(sspiHandle, Marshal.ReadInt32(new IntPtr(ptr), NegotiationInfo.NegotiationStateOffest)); } } break; case Interop.SspiCli.ContextAttribute.ClientSpecifiedSpn: attribute = Marshal.PtrToStringUni(sspiHandle.DangerousGetHandle()); break; case Interop.SspiCli.ContextAttribute.LocalCertificate: // Fall-through to RemoteCertificate is intentional. case Interop.SspiCli.ContextAttribute.RemoteCertificate: attribute = sspiHandle; sspiHandle = null; break; case Interop.SspiCli.ContextAttribute.IssuerListInfoEx: attribute = new Interop.SspiCli.IssuerListInfoEx(sspiHandle, nativeBuffer); sspiHandle = null; break; case Interop.SspiCli.ContextAttribute.ConnectionInfo: attribute = new SslConnectionInfo(nativeBuffer); break; default: // Will return null. break; } } finally { if (sspiHandle != null) { sspiHandle.Dispose(); } } if (GlobalLog.IsEnabled) { GlobalLog.Leave("QueryContextAttributes", LoggingHash.ObjectToString(attribute)); } return(attribute); }