summaryrefslogtreecommitdiffstats
blob: a3748fe6efb424003cad2732164e4c6842986f32 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
/*
 * Copyright (c) 2011 Soren Dreijer
 * Licensed under the simplified BSD license.
 * See Documentation/Licenses/BSD-simplified.txt for more information.
 */

/*
 * Copyright (c) 2012-2016 Isode Limited.
 * All rights reserved.
 * See the COPYING file for more information.
 */

#pragma once

#include <boost/signals2.hpp>

#include <Swiften/TLS/TLSContext.h>
#include <Swiften/TLS/Schannel/SchannelUtil.h>
#include <Swiften/TLS/CertificateWithKey.h>
#include <Swiften/Base/ByteArray.h>
#include <Swiften/TLS/TLSError.h>

#define SECURITY_WIN32
#include <Windows.h>
#include <Schannel.h>
#include <security.h>
#include <schnlsp.h>

#include <boost/noncopyable.hpp>

namespace Swift
{
    class CAPICertificate;
    class SchannelContext : public TLSContext, boost::noncopyable
    {
    public:
        typedef std::shared_ptr<SchannelContext> sp_t;

    public:
        SchannelContext(bool tls1_0Workaround);

        virtual ~SchannelContext();

        //
        // TLSContext
        //
        virtual void    connect();
        virtual bool    setClientCertificate(CertificateWithKey::ref cert);

        virtual void    handleDataFromNetwork(const SafeByteArray& data);
        virtual void    handleDataFromApplication(const SafeByteArray& data);

        virtual std::vector<Certificate::ref> getPeerCertificateChain() const;
        virtual CertificateVerificationError::ref getPeerCertificateVerificationError() const;

        virtual ByteArray getFinishMessage() const;

        virtual void setCheckCertificateRevocation(bool b);

        virtual void setDisconnectOnCardRemoval(bool b);

    private:
        void            determineStreamSizes();
        void            continueHandshake(const SafeByteArray& data);
        void            indicateError(std::shared_ptr<TLSError> error);
        //FIXME: Remove
        void indicateError() {indicateError(std::make_shared<TLSError>());}
        void            handleCertError(SECURITY_STATUS status) ;

        void            sendDataOnNetwork(const void* pData, size_t dataSize);
        void            forwardDataToApplication(const void* pData, size_t dataSize);

        void            decryptAndProcessData(const SafeByteArray& data);
        void            encryptAndSendData(const SafeByteArray& data);

        void            appendNewData(const SafeByteArray& data);
        SECURITY_STATUS validateServerCertificate();

        void            handleCertificateCardRemoved();

    private:
        enum SchannelState
        {
            Start,
            Connecting,
            Connected,
            Error

        };

        SchannelState        state_;
        boost::optional<CertificateVerificationError> verificationError_;

        ULONG                secContext_;
        ScopedCredHandle    credHandle_;
        ScopedCtxtHandle    contextHandle_;
        DWORD                contextFlags_;
        SecPkgContext_StreamSizes streamSizes_;

        std::vector<char>    receivedData_;

        HCERTSTORE        myCertStore_;
        std::string        certStoreName_;
        std::string        certName_;
////Not needed, most likely
        std::string        smartCardReader_;    //Can be empty string for non SmartCard certificates
        std::shared_ptr<CAPICertificate> userCertificate_;
        bool checkCertificateRevocation_;
        bool tls1_0Workaround_;
        bool disconnectOnCardRemoval_;
    };
}