public static int QueryContextConnectionInfo(SafeDeleteContext securityContext, out SslConnectionInfo connectionInfo) { connectionInfo = null; try { connectionInfo = new SslConnectionInfo(securityContext.SslContext); return 0; } catch { return -1; } }
public static int QueryContextConnectionInfo(SafeDeleteContext securityContext, out SslConnectionInfo connectionInfo) { string protocolVersion; connectionInfo = null; try { Interop.libssl.SSL_CIPHER cipher = Interop.OpenSsl.GetConnectionInfo(securityContext.SslContext, out protocolVersion); connectionInfo = new SslConnectionInfo(cipher, protocolVersion); return 0; } catch { return -1; } }
public static object QueryContextAttributes(SSPIInterface secModule, SafeDeleteContext securityContext, Interop.Secur32.ContextAttribute contextAttribute, out int errorCode) { GlobalLog.Enter("QueryContextAttributes", contextAttribute.ToString()); int nativeBlockSize = IntPtr.Size; Type handleType = null; switch (contextAttribute) { case Interop.Secur32.ContextAttribute.Sizes: nativeBlockSize = SecSizes.SizeOf; break; case Interop.Secur32.ContextAttribute.StreamSizes: nativeBlockSize = StreamSizes.SizeOf; break; case Interop.Secur32.ContextAttribute.Names: handleType = typeof(SafeFreeContextBuffer); break; case Interop.Secur32.ContextAttribute.PackageInfo: handleType = typeof(SafeFreeContextBuffer); break; case Interop.Secur32.ContextAttribute.NegotiationInfo: handleType = typeof(SafeFreeContextBuffer); nativeBlockSize = Marshal.SizeOf<NegotiationInfo>(); break; case Interop.Secur32.ContextAttribute.ClientSpecifiedSpn: handleType = typeof(SafeFreeContextBuffer); break; case Interop.Secur32.ContextAttribute.RemoteCertificate: handleType = typeof(SafeFreeCertContext); break; case Interop.Secur32.ContextAttribute.LocalCertificate: handleType = typeof(SafeFreeCertContext); break; case Interop.Secur32.ContextAttribute.IssuerListInfoEx: nativeBlockSize = Marshal.SizeOf<Interop.Secur32.IssuerListInfoEx>(); handleType = typeof(SafeFreeContextBuffer); break; case Interop.Secur32.ContextAttribute.ConnectionInfo: nativeBlockSize = Marshal.SizeOf<SslConnectionInfo>(); break; default: throw new ArgumentException(SR.Format(SR.net_invalid_enum, "ContextAttribute"), "contextAttribute"); } SafeHandle sspiHandle = null; object attribute = null; try { byte[] nativeBuffer = new byte[nativeBlockSize]; errorCode = secModule.QueryContextAttributes(securityContext, contextAttribute, nativeBuffer, handleType, out sspiHandle); if (errorCode != 0) { GlobalLog.Leave("Win32:QueryContextAttributes", "ERROR = " + ErrorDescription(errorCode)); return null; } switch (contextAttribute) { case Interop.Secur32.ContextAttribute.Sizes: attribute = new SecSizes(nativeBuffer); break; case Interop.Secur32.ContextAttribute.StreamSizes: attribute = new StreamSizes(nativeBuffer); break; case Interop.Secur32.ContextAttribute.Names: attribute = Marshal.PtrToStringUni(sspiHandle.DangerousGetHandle()); break; case Interop.Secur32.ContextAttribute.PackageInfo: attribute = new SecurityPackageInfoClass(sspiHandle, 0); break; case Interop.Secur32.ContextAttribute.NegotiationInfo: unsafe { fixed (void* ptr = nativeBuffer) { attribute = new NegotiationInfoClass(sspiHandle, Marshal.ReadInt32(new IntPtr(ptr), NegotiationInfo.NegotiationStateOffest)); } } break; case Interop.Secur32.ContextAttribute.ClientSpecifiedSpn: attribute = Marshal.PtrToStringUni(sspiHandle.DangerousGetHandle()); break; case Interop.Secur32.ContextAttribute.LocalCertificate: // Fall-through to RemoteCertificate is intentional. case Interop.Secur32.ContextAttribute.RemoteCertificate: attribute = sspiHandle; sspiHandle = null; break; case Interop.Secur32.ContextAttribute.IssuerListInfoEx: attribute = new Interop.Secur32.IssuerListInfoEx(sspiHandle, nativeBuffer); sspiHandle = null; break; case Interop.Secur32.ContextAttribute.ConnectionInfo: attribute = new SslConnectionInfo(nativeBuffer); break; default: // Will return null. break; } } finally { if (sspiHandle != null) { sspiHandle.Dispose(); } } GlobalLog.Leave("QueryContextAttributes", LoggingHash.ObjectToString(attribute)); return attribute; }
public static void QueryContextConnectionInfo(SafeDeleteContext securityContext, out SslConnectionInfo connectionInfo) { connectionInfo = SSPIWrapper.QueryContextAttributes( GlobalSSPI.SSPISecureChannel, securityContext, Interop.SspiCli.ContextAttribute.ConnectionInfo) as SslConnectionInfo; }
/*++ ProcessHandshakeSuccess - Called on successful completion of Handshake - used to set header/trailer sizes for encryption use Fills in the information about established protocol --*/ internal void ProcessHandshakeSuccess() { GlobalLog.Enter("SecureChannel#" + ValidationHelper.HashString(this) + "::ProcessHandshakeSuccess"); #if MONO m_HeaderSize = m_TrailerSize = 0; m_ConnectionInfo = SSPIWrapper.GetConnectionInfo(m_SecModule, m_SecurityContext); #else StreamSizes streamSizes = SSPIWrapper.QueryContextAttributes(m_SecModule, m_SecurityContext, ContextAttribute.StreamSizes) as StreamSizes; if (streamSizes != null) { try { m_HeaderSize = streamSizes.header; m_TrailerSize = streamSizes.trailer; m_MaxDataSize = checked(streamSizes.maximumMessage - (m_HeaderSize + m_TrailerSize)); } catch(Exception e) { if (!NclUtilities.IsFatal(e)){ GlobalLog.Assert(false, "SecureChannel#" + ValidationHelper.HashString(this) + "::ProcessHandshakeSuccess", "StreamSizes out of range."); } throw; } } m_ConnectionInfo = SSPIWrapper.QueryContextAttributes(m_SecModule, m_SecurityContext, ContextAttribute.ConnectionInfo) as SslConnectionInfo; #endif GlobalLog.Leave("SecureChannel#" + ValidationHelper.HashString(this) + "::ProcessHandshakeSuccess"); }
public static void QueryContextConnectionInfo(SafeDeleteContext securityContext, out SslConnectionInfo connectionInfo) { connectionInfo = new SslConnectionInfo(securityContext.SslContext); }
public int QueryContextConnectionInfo(SafeDeleteContext securityContext, out SslConnectionInfo connectionInfo) { bool gotReference = false; connectionInfo = null; try { securityContext.DangerousAddRef(ref gotReference); Interop.libssl.SSL_CIPHER cipher = Interop.OpenSsl.GetConnectionInfo(securityContext.DangerousGetHandle()); connectionInfo = new SslConnectionInfo(cipher); return 0; } catch { return -1; } finally { if (gotReference) { securityContext.DangerousRelease(); } } }
public int QueryContextConnectionInfo(SafeDeleteContext securityContext, out SslConnectionInfo connectionInfo) { int errorCode; connectionInfo = QueryContextAttributes(securityContext, Interop.Secur32.ContextAttribute.ConnectionInfo, out errorCode) as SslConnectionInfo; return errorCode; }
public int QueryContextConnectionInfo(SafeDeleteContext securityContext, out SslConnectionInfo connectionInfo) { connectionInfo = null; try { Interop.libssl.SSL_CIPHER cipher = Interop.OpenSsl.GetConnectionInfo(securityContext.SslContext); connectionInfo = new SslConnectionInfo(cipher); return 0; } catch { return -1; } }
public byte[] GetOutgoingBlob(byte[] incomingBlob, ChannelBinding channelbinding, ExtendedProtectionPolicy protectionPolicy) { this.ThrowIfDisposed(); SecurityBuffer inputBuffer = null; if (incomingBlob != null) { inputBuffer = new SecurityBuffer(incomingBlob, System.IdentityModel.BufferType.Token); } SecurityBuffer outputBuffer = new SecurityBuffer(null, System.IdentityModel.BufferType.Token); this.remoteCertificate = null; int error = 0; if (this.isServer) { error = SspiWrapper.AcceptSecurityContext(this.credentialsHandle, ref this.securityContext, ServerStandardFlags | (this.clientCertRequired ? SspiContextFlags.MutualAuth : SspiContextFlags.Zero), Endianness.Native, inputBuffer, outputBuffer, ref this.attributes); } else { error = SspiWrapper.InitializeSecurityContext(this.credentialsHandle, ref this.securityContext, this.destination, ClientStandardFlags, Endianness.Native, inputBuffer, outputBuffer, ref this.attributes); } if ((error & -2147483648) != 0) { this.Dispose(); throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error)); } if (error == 0) { if (System.ServiceModel.Security.SecurityUtils.ShouldValidateSslCipherStrength()) { SslConnectionInfo info = (SslConnectionInfo)SspiWrapper.QueryContextAttributes(this.securityContext, ContextAttribute.ConnectionInfo); if (info == null) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(System.ServiceModel.SR.GetString("CannotObtainSslConnectionInfo"))); } System.ServiceModel.Security.SecurityUtils.ValidateSslCipherStrength(info.DataKeySize); } this.isCompleted = true; } else { if (error == 0x90320) { this.AcquireClientCredentials(); if (this.ClientCertificate != null) { this.wasClientCertificateSent = true; } return(this.GetOutgoingBlob(incomingBlob, channelbinding, protectionPolicy)); } if (error != 0x90312) { this.Dispose(); if (error == -2146893052) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error, System.ServiceModel.SR.GetString("LsaAuthorityNotContacted"))); } throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error)); } } return(outputBuffer.token); }
internal static int QueryContextConnectionInfo(SSPIInterface SecModule, SafeDeleteContext securityContext, out SslConnectionInfo connectionInfo) { return SecModule.QueryContextConnectionInfo(securityContext, out connectionInfo); }
public static unsafe object QueryContextAttributes( SafeDeleteContext securityContext, ContextAttribute contextAttribute) { int nativeBlockSize = IntPtr.Size; Type handleType = null; switch (contextAttribute) { case ContextAttribute.Flags: break; case ContextAttribute.Sizes: nativeBlockSize = SecSizes.SizeOf; break; case ContextAttribute.StreamSizes: nativeBlockSize = StreamSizes.SizeOf; break; case ContextAttribute.Names: handleType = typeof(SafeFreeContextBuffer); break; case ContextAttribute.PackageInfo: handleType = typeof(SafeFreeContextBuffer); break; case ContextAttribute.NegotiationInfo: handleType = typeof(SafeFreeContextBuffer); nativeBlockSize = Marshal.SizeOf(typeof(NegotiationInfo)); break; case ContextAttribute.RemoteCertificate: handleType = typeof(SafeFreeCertContext); break; case ContextAttribute.LocalCertificate: handleType = typeof(SafeFreeCertContext); break; case ContextAttribute.ConnectionInfo: nativeBlockSize = Marshal.SizeOf(typeof(SslConnectionInfo)); break; case ContextAttribute.Lifespan: nativeBlockSize = LifeSpan_Struct.Size; break; case ContextAttribute.SessionKey: handleType = typeof(SafeFreeContextBuffer); nativeBlockSize = SecPkgContext_SessionKey.Size; break; default: throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidEnumArgumentException("contextAttribute", (int)contextAttribute, typeof(ContextAttribute))); } SafeHandle sspiHandle = null; object attribute = null; try { byte[] nativeBuffer = new byte[nativeBlockSize]; int errorCode = QueryContextAttributes(securityContext, contextAttribute, nativeBuffer, handleType, out sspiHandle); if (errorCode != 0) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(errorCode)); } switch (contextAttribute) { case ContextAttribute.Flags: fixed (byte* pnativeBuffer = nativeBuffer) { attribute = (object)Marshal.ReadInt32(new IntPtr(pnativeBuffer)); } break; case ContextAttribute.Sizes: attribute = new SecSizes(nativeBuffer); break; case ContextAttribute.StreamSizes: attribute = new StreamSizes(nativeBuffer); break; case ContextAttribute.Names: attribute = Marshal.PtrToStringUni(sspiHandle.DangerousGetHandle()); break; case ContextAttribute.PackageInfo: attribute = new SecurityPackageInfoClass(sspiHandle, 0); break; case ContextAttribute.NegotiationInfo: unsafe { fixed (void* ptr = nativeBuffer) { attribute = new NegotiationInfoClass(sspiHandle, Marshal.ReadInt32(new IntPtr(ptr), NegotiationInfo.NegotiationStateOffset)); } } break; case ContextAttribute.LocalCertificate: goto case ContextAttribute.RemoteCertificate; case ContextAttribute.RemoteCertificate: attribute = sspiHandle; sspiHandle = null; break; case ContextAttribute.ConnectionInfo: attribute = new SslConnectionInfo(nativeBuffer); break; case ContextAttribute.Lifespan: attribute = new LifeSpan(nativeBuffer); break; case ContextAttribute.SessionKey: unsafe { fixed (void* ptr = nativeBuffer) { attribute = new SecuritySessionKeyClass(sspiHandle, Marshal.ReadInt32(new IntPtr(ptr))); } } break; default: // will return null break; } } finally { if (sspiHandle != null) { sspiHandle.Close(); } } return attribute; }
internal void ProcessHandshakeSuccess() { StreamSizes sizes = SSPIWrapper.QueryContextAttributes(GlobalSSPI.SSPISecureChannel, this.m_SecurityContext, ContextAttribute.StreamSizes) as StreamSizes; if (sizes != null) { try { this.m_HeaderSize = sizes.header; this.m_TrailerSize = sizes.trailer; this.m_MaxDataSize = sizes.maximumMessage - (this.m_HeaderSize + this.m_TrailerSize); } catch (Exception exception) { NclUtilities.IsFatal(exception); throw; } } this.m_ConnectionInfo = SSPIWrapper.QueryContextAttributes(GlobalSSPI.SSPISecureChannel, this.m_SecurityContext, ContextAttribute.ConnectionInfo) as SslConnectionInfo; }