/*

* Copyright (c) 2011 Soren Dreijer

* Licensed under the simplified BSD license.

* See Documentation/Licenses/BSD-simplified.txt for more information.

*/

/*

* All rights reserved.

* See the COPYING file for more information.

*/

#include <boost/bind.hpp>

#include <WinHTTP.h> /* For SECURITY_FLAG_IGNORE_CERT_CN_INVALID */

namespace Swift {

//------------------------------------------------------------------------

SchannelContext::SchannelContext(bool tls1_0Workaround) : state_(Start), secContext_(0), myCertStore_(NULL), certStoreName_("MY"), certName_(), smartCardReader_(), checkCertificateRevocation_(true), tls1_0Workaround_(tls1_0Workaround), disconnectOnCardRemoval_(true) {

contextFlags_ = ISC_REQ_ALLOCATE_MEMORY |

ISC_REQ_CONFIDENTIALITY |

ISC_REQ_EXTENDED_ERROR |

ISC_REQ_INTEGRITY |

ISC_REQ_REPLAY_DETECT |

ISC_REQ_SEQUENCE_DETECT |

ISC_REQ_USE_SUPPLIED_CREDS |

ISC_REQ_STREAM;

ZeroMemory(&streamSizes_, sizeof(streamSizes_));

}

//------------------------------------------------------------------------

SchannelContext::~SchannelContext() {

if (myCertStore_) CertCloseStore(myCertStore_, 0);

}

//------------------------------------------------------------------------

void SchannelContext::determineStreamSizes() {

QueryContextAttributes(contextHandle_, SECPKG_ATTR_STREAM_SIZES, &streamSizes_);

}

//------------------------------------------------------------------------

//------------------------------------------------------------------------

void SchannelContext::handleCertError(SECURITY_STATUS status)

{

if (status == SEC_E_UNTRUSTED_ROOT ||

status == CERT_E_UNTRUSTEDROOT ||

status == CRYPT_E_ISSUER_SERIALNUMBER ||

status == CRYPT_E_SIGNER_NOT_FOUND ||

status == CRYPT_E_NO_TRUSTED_SIGNER) {

verificationError_ = CertificateVerificationError::Untrusted;

}

else if (status == SEC_E_CERT_EXPIRED ||

status == CERT_E_EXPIRED) {

verificationError_ = CertificateVerificationError::Expired;

}

else if (status == CRYPT_E_SELF_SIGNED) {

verificationError_ = CertificateVerificationError::SelfSigned;

}

else if (status == CRYPT_E_HASH_VALUE ||

status == TRUST_E_CERT_SIGNATURE) {

verificationError_ = CertificateVerificationError::InvalidSignature;

}

else if (status == CRYPT_E_REVOKED) {

verificationError_ = CertificateVerificationError::Revoked;

}

else if (status == CRYPT_E_NO_REVOCATION_CHECK ||

status == CRYPT_E_REVOCATION_OFFLINE) {

verificationError_ = CertificateVerificationError::RevocationCheckFailed;

}

else {

verificationError_ = CertificateVerificationError::UnknownError;

}

}

//------------------------------------------------------------------------

void SchannelContext::sendDataOnNetwork(const void* pData, size_t dataSize) {

if (dataSize > 0 && pData) {

SafeByteArray byteArray(dataSize);

memcpy(&byteArray[0], pData, dataSize);

onDataForNetwork(byteArray);

}

}

//------------------------------------------------------------------------

void SchannelContext::forwardDataToApplication(const void* pData, size_t dataSize) {

SafeByteArray byteArray(dataSize);

memcpy(&byteArray[0], pData, dataSize);

onDataForApplication(byteArray);

}

//------------------------------------------------------------------------

void SchannelContext::handleDataFromApplication(const SafeByteArray& data) {

// Don't attempt to send data until we're fully connected

if (state_ == Connecting) {