| static private CacheCredential ( SafeFreeCredentials creds, byte thumbPrint, SchProtocols allowedProtocols ) : void | ||
| creds | SafeFreeCredentials | |
| thumbPrint | byte | |
| allowedProtocols | SchProtocols | |
| return | void | |
private SecurityStatus GenerateToken(byte[] input, int offset, int count, ref byte[] output)
{
if ((offset < 0) || (offset > ((input == null) ? 0 : input.Length)))
{
throw new ArgumentOutOfRangeException("offset");
}
if ((count < 0) || (count > ((input == null) ? 0 : (input.Length - offset))))
{
throw new ArgumentOutOfRangeException("count");
}
SecurityBuffer inputBuffer = null;
SecurityBuffer[] inputBuffers = null;
if (input != null)
{
inputBuffer = new SecurityBuffer(input, offset, count, BufferType.Token);
inputBuffers = new SecurityBuffer[] { inputBuffer, new SecurityBuffer(null, 0, 0, BufferType.Empty) };
}
SecurityBuffer outputBuffer = new SecurityBuffer(null, BufferType.Token);
int num = 0;
bool flag = false;
byte[] thumbPrint = null;
try
{
do
{
thumbPrint = null;
if (this.m_RefreshCredentialNeeded)
{
flag = this.m_ServerMode ? this.AcquireServerCredentials(ref thumbPrint) : this.AcquireClientCredentials(ref thumbPrint);
}
if (this.m_ServerMode)
{
num = SSPIWrapper.AcceptSecurityContext(GlobalSSPI.SSPISecureChannel, ref this.m_CredentialsHandle, ref this.m_SecurityContext, (ContextFlags.AcceptStream | ContextFlags.AllocateMemory | ContextFlags.Confidentiality | ContextFlags.SequenceDetect | ContextFlags.ReplayDetect) | (this.m_RemoteCertRequired ? ContextFlags.MutualAuth : ContextFlags.Zero), Endianness.Native, inputBuffer, outputBuffer, ref this.m_Attributes);
}
else if (inputBuffer == null)
{
num = SSPIWrapper.InitializeSecurityContext(GlobalSSPI.SSPISecureChannel, ref this.m_CredentialsHandle, ref this.m_SecurityContext, this.m_Destination, ContextFlags.AcceptIdentify | ContextFlags.AllocateMemory | ContextFlags.Confidentiality | ContextFlags.SequenceDetect | ContextFlags.ReplayDetect, Endianness.Native, inputBuffer, outputBuffer, ref this.m_Attributes);
}
else
{
num = SSPIWrapper.InitializeSecurityContext(GlobalSSPI.SSPISecureChannel, this.m_CredentialsHandle, ref this.m_SecurityContext, this.m_Destination, ContextFlags.AcceptIdentify | ContextFlags.AllocateMemory | ContextFlags.Confidentiality | ContextFlags.SequenceDetect | ContextFlags.ReplayDetect, Endianness.Native, inputBuffers, outputBuffer, ref this.m_Attributes);
}
}while (flag && (this.m_CredentialsHandle == null));
}
finally
{
if (this.m_RefreshCredentialNeeded)
{
this.m_RefreshCredentialNeeded = false;
if (this.m_CredentialsHandle != null)
{
this.m_CredentialsHandle.Close();
}
if ((!flag && (this.m_SecurityContext != null)) && (!this.m_SecurityContext.IsInvalid && !this.m_CredentialsHandle.IsInvalid))
{
SslSessionsCache.CacheCredential(this.m_CredentialsHandle, thumbPrint, this.m_ProtocolFlags, this.m_EncryptionPolicy);
}
}
}
output = outputBuffer.token;
return((SecurityStatus)num);
}
/*++
* GenerateToken - Called after each successive state
* in the Client - Server handshake. This function
* generates a set of bytes that will be sent next to
* the server. The server responds, each response,
* is pass then into this function, again, and the cycle
* repeats until successful connection, or failure.
*
* Input:
* input - bytes from the wire
* output - ref to byte [], what we will send to the
* server in response
* Return:
* errorCode - an SSPI error code
* --*/
private SecurityStatusPal GenerateToken(byte[] input, int offset, int count, ref byte[] output)
{
#if TRACE_VERBOSE
GlobalLog.Enter("SecureChannel#" + Logging.HashString(this) + "::GenerateToken, _refreshCredentialNeeded = " + _refreshCredentialNeeded);
#endif
if (offset < 0 || offset > (input == null ? 0 : input.Length))
{
GlobalLog.Assert(false, "SecureChannel#" + Logging.HashString(this) + "::GenerateToken", "Argument 'offset' out of range.");
throw new ArgumentOutOfRangeException("offset");
}
if (count < 0 || count > (input == null ? 0 : input.Length - offset))
{
GlobalLog.Assert(false, "SecureChannel#" + Logging.HashString(this) + "::GenerateToken", "Argument 'count' out of range.");
throw new ArgumentOutOfRangeException("count");
}
SecurityBuffer incomingSecurity = null;
SecurityBuffer[] incomingSecurityBuffers = null;
if (input != null)
{
incomingSecurity = new SecurityBuffer(input, offset, count, SecurityBufferType.Token);
incomingSecurityBuffers = new SecurityBuffer[]
{
incomingSecurity,
new SecurityBuffer(null, 0, 0, SecurityBufferType.Empty)
};
}
SecurityBuffer outgoingSecurity = new SecurityBuffer(null, SecurityBufferType.Token);
SecurityStatusPal errorCode = 0;
bool cachedCreds = false;
byte[] thumbPrint = null;
//
// Looping through ASC or ISC with potentially cached credential that could have been
// already disposed from a different thread before ISC or ASC dir increment a cred ref count.
//
try
{
do
{
thumbPrint = null;
if (_refreshCredentialNeeded)
{
cachedCreds = _serverMode
? AcquireServerCredentials(ref thumbPrint)
: AcquireClientCredentials(ref thumbPrint);
}
if (_serverMode)
{
errorCode = SslStreamPal.AcceptSecurityContext(
ref _credentialsHandle,
ref _securityContext,
incomingSecurity,
outgoingSecurity,
_remoteCertRequired);
}
else
{
if (incomingSecurity == null)
{
errorCode = SslStreamPal.InitializeSecurityContext(
ref _credentialsHandle,
ref _securityContext,
_destination,
incomingSecurity,
outgoingSecurity);
}
else
{
errorCode = SslStreamPal.InitializeSecurityContext(
_credentialsHandle,
ref _securityContext,
_destination,
incomingSecurityBuffers,
outgoingSecurity);
}
}
} while (cachedCreds && _credentialsHandle == null);
}
finally
{
if (_refreshCredentialNeeded)
{
_refreshCredentialNeeded = false;
//
// Assuming the ISC or ASC has referenced the credential,
// we want to call dispose so to decrement the effective ref count.
//
if (_credentialsHandle != null)
{
_credentialsHandle.Dispose();
}
//
// This call may bump up the credential reference count further.
// Note that thumbPrint is retrieved from a safe cert object that was possible cloned from the user passed cert.
//
if (!cachedCreds && _securityContext != null && !_securityContext.IsInvalid && _credentialsHandle != null && !_credentialsHandle.IsInvalid)
{
SslSessionsCache.CacheCredential(_credentialsHandle, thumbPrint, _sslProtocols, _serverMode, _encryptionPolicy);
}
}
}
output = outgoingSecurity.token;
#if TRACE_VERBOSE
GlobalLog.Leave("SecureChannel#" + Logging.HashString(this) + "::GenerateToken()", Interop.MapSecurityStatus((uint)errorCode));
#endif
return((SecurityStatusPal)errorCode);
}