public static int ApplyAlertToken( SSPIInterface secModule, ref SafeFreeCredentials credentialsHandle, SafeDeleteContext securityContext, TlsAlertType alertType, TlsAlertMessage alertMessage) { Interop.SChannel.SCHANNEL_ALERT_TOKEN alertToken; alertToken.dwTokenType = Interop.SChannel.SCHANNEL_ALERT; alertToken.dwAlertType = (uint)alertType; alertToken.dwAlertNumber = (uint)alertMessage; var bufferDesc = new SecurityBuffer[1]; int alertTokenByteSize = Marshal.SizeOf(typeof(Interop.SChannel.SCHANNEL_ALERT_TOKEN)); IntPtr p = Marshal.AllocHGlobal(alertTokenByteSize); try { var buffer = new byte[alertTokenByteSize]; Marshal.StructureToPtr(alertToken, p, false); Marshal.Copy(p, buffer, 0, alertTokenByteSize); bufferDesc[0] = new SecurityBuffer(buffer, BufferType.Token); return(ApplyControlToken(secModule, ref securityContext, bufferDesc)); } finally { Marshal.FreeHGlobal(p); } }
public static SecurityStatusPal ApplyAlertToken( ref SafeFreeCredentials?credentialsHandle, SafeDeleteContext?securityContext, TlsAlertType alertType, TlsAlertMessage alertMessage) { // There doesn't seem to be an exposed API for writing an alert. // The API seems to assume that all alerts are generated internally. return(new SecurityStatusPal(SecurityStatusPalErrorCode.OK)); }
static Exception GetExceptionInternal(int status, string?message) { // // Start by checking for statuses mapped to QuicError enum // if (status == QUIC_STATUS_ADDRESS_IN_USE) { return(new QuicException(QuicError.AddressInUse, null, SR.net_quic_address_in_use)); } if (status == QUIC_STATUS_UNREACHABLE) { return(new QuicException(QuicError.HostUnreachable, null, SR.net_quic_host_unreachable)); } if (status == QUIC_STATUS_CONNECTION_REFUSED) { return(new QuicException(QuicError.ConnectionRefused, null, SR.net_quic_connection_refused)); } if (status == QUIC_STATUS_CONNECTION_TIMEOUT) { return(new QuicException(QuicError.ConnectionTimeout, null, SR.net_quic_timeout)); } if (status == QUIC_STATUS_VER_NEG_ERROR) { return(new QuicException(QuicError.VersionNegotiationError, null, SR.net_quic_ver_neg_error)); } if (status == QUIC_STATUS_INVALID_ADDRESS) { return(new QuicException(QuicError.InvalidAddress, null, SR.net_quic_invalid_address)); } if (status == QUIC_STATUS_CONNECTION_IDLE) { return(new QuicException(QuicError.ConnectionIdle, null, SR.net_quic_connection_idle)); } if (status == QUIC_STATUS_PROTOCOL_ERROR) { return(new QuicException(QuicError.ProtocolError, null, SR.net_quic_protocol_error)); } if (status == QUIC_STATUS_TLS_ERROR || status == QUIC_STATUS_CERT_EXPIRED || status == QUIC_STATUS_CERT_UNTRUSTED_ROOT || status == QUIC_STATUS_CERT_NO_CERT) { return(new AuthenticationException(SR.Format(SR.net_quic_auth, GetErrorMessageForStatus(status, message)))); } // // Some TLS Alerts are mapped to dedicated QUIC_STATUS codes so we need to handle them individually. // if (status == QUIC_STATUS_ALPN_NEG_FAILURE) { return(new AuthenticationException(SR.net_quic_alpn_neg_error)); } if (status == QUIC_STATUS_USER_CANCELED) { return(new AuthenticationException(SR.Format(SR.net_auth_tls_alert, TlsAlertMessage.UserCanceled))); } // // other TLS Alerts: MsQuic maps TLS alerts by offsetting them by a // certain value. CloseNotify is the TLS Alert with value 0x00, so // all TLS Alert codes are mapped to [QUIC_STATUS_CLOSE_NOTIFY, // QUIC_STATUS_CLOSE_NOTIFY + 255] // // Mapped TLS alerts include following statuses: // - QUIC_STATUS_CLOSE_NOTIFY // - QUIC_STATUS_BAD_CERTIFICATE // - QUIC_STATUS_UNSUPPORTED_CERTIFICATE // - QUIC_STATUS_REVOKED_CERTIFICATE // - QUIC_STATUS_EXPIRED_CERTIFICATE // - QUIC_STATUS_UNKNOWN_CERTIFICATE // - QUIC_STATUS_REQUIRED_CERTIFICATE // if ((uint)status >= (uint)QUIC_STATUS_CLOSE_NOTIFY && (uint)status < (uint)QUIC_STATUS_CLOSE_NOTIFY + 256) { TlsAlertMessage alert = (TlsAlertMessage)(status - QUIC_STATUS_CLOSE_NOTIFY); return(new AuthenticationException(SR.Format(SR.net_auth_tls_alert, alert))); } // // for everything else, use general InternalError // return(new QuicException(QuicError.InternalError, null, SR.Format(SR.net_quic_internal_error, GetErrorMessageForStatus(status, message)))); }
public static SecurityStatusPal ApplyAlertToken(ref SafeFreeCredentials credentialsHandle, SafeDeleteContext securityContext, TlsAlertType alertType, TlsAlertMessage alertMessage) { Interop.SChannel.SCHANNEL_ALERT_TOKEN alertToken; alertToken.dwTokenType = Interop.SChannel.SCHANNEL_ALERT; alertToken.dwAlertType = (uint)alertType; alertToken.dwAlertNumber = (uint)alertMessage; var bufferDesc = new SecurityBuffer[1]; int alertTokenByteSize = Marshal.SizeOf <Interop.SChannel.SCHANNEL_ALERT_TOKEN>(); IntPtr p = Marshal.AllocHGlobal(alertTokenByteSize); try { var buffer = new byte[alertTokenByteSize]; Marshal.StructureToPtr <Interop.SChannel.SCHANNEL_ALERT_TOKEN>(alertToken, p, false); Marshal.Copy(p, buffer, 0, alertTokenByteSize); bufferDesc[0] = new SecurityBuffer(buffer, SecurityBufferType.SECBUFFER_TOKEN); var errorCode = (Interop.SECURITY_STATUS)SSPIWrapper.ApplyControlToken( GlobalSSPI.SSPISecureChannel, ref securityContext, bufferDesc); return(SecurityStatusAdapterPal.GetSecurityStatusPalFromInterop(errorCode, attachException: true)); } finally { Marshal.FreeHGlobal(p); } }
public static SecurityStatusPal ApplyAlertToken(ref SafeFreeCredentials credentialsHandle, SafeDeleteContext securityContext, TlsAlertType alertType, TlsAlertMessage alertMessage) { Interop.SChannel.SCHANNEL_ALERT_TOKEN alertToken; alertToken.dwTokenType = Interop.SChannel.SCHANNEL_ALERT; alertToken.dwAlertType = (uint)alertType; alertToken.dwAlertNumber = (uint)alertMessage; var bufferDesc = new SecurityBuffer[1]; int alertTokenByteSize = Marshal.SizeOf<Interop.SChannel.SCHANNEL_ALERT_TOKEN>(); IntPtr p = Marshal.AllocHGlobal(alertTokenByteSize); try { var buffer = new byte[alertTokenByteSize]; Marshal.StructureToPtr<Interop.SChannel.SCHANNEL_ALERT_TOKEN>(alertToken, p, false); Marshal.Copy(p, buffer, 0, alertTokenByteSize); bufferDesc[0] = new SecurityBuffer(buffer, SecurityBufferType.SECBUFFER_TOKEN); var errorCode = (Interop.SECURITY_STATUS)SSPIWrapper.ApplyControlToken( GlobalSSPI.SSPISecureChannel, ref securityContext, bufferDesc); return SecurityStatusAdapterPal.GetSecurityStatusPalFromInterop(errorCode, attachException:true); } finally { Marshal.FreeHGlobal(p); } }
public static SecurityStatusPal ApplyAlertToken(ref SafeFreeCredentials credentialsHandle, SafeDeleteContext securityContext, TlsAlertType alertType, TlsAlertMessage alertMessage) { // TODO (#12319): Not implemented. return new SecurityStatusPal(SecurityStatusPalErrorCode.OK); }
public static SecurityStatusPal ApplyAlertToken(ref SafeFreeCredentials credentialsHandle, SafeDeleteContext securityContext, TlsAlertType alertType, TlsAlertMessage alertMessage) { // TODO (#12319): Not implemented. return(new SecurityStatusPal(SecurityStatusPalErrorCode.OK)); }