Certificate (TLS) credentials support custom identity now

2016-08-24 09:14:02 +02:00
parent eb9c8a5f7c
commit 6835f5279c
11 changed files with 436 additions and 55 deletions
--- a/lib/EAPBase/include/Credentials.h
+++ b/lib/EAPBase/include/Credentials.h
@@ -120,6 +120,52 @@ namespace eap
        ///
        virtual bool empty() const;

+        /// \name XML configuration management
+        /// @{
+
+        ///
+        /// Save to XML document
+        ///
+        /// \param[in]  pDoc         XML document
+        /// \param[in]  pConfigRoot  Suggested root element for saving
+        ///
+        virtual void save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const;
+
+        ///
+        /// Load from XML document
+        ///
+        /// \param[in]  pConfigRoot  Root element for loading
+        ///
+        virtual void load(_In_ IXMLDOMNode *pConfigRoot);
+
+        /// @}
+
+        /// \name BLOB management
+        /// @{
+
+        ///
+        /// Packs a configuration
+        ///
+        /// \param[inout] cursor  Memory cursor
+        ///
+        virtual void operator<<(_Inout_ cursor_out &cursor) const;
+
+        ///
+        /// Returns packed size of a configuration
+        ///
+        /// \returns Size of data when packed (in bytes)
+        ///
+        virtual size_t get_pk_size() const;
+
+        ///
+        /// Unpacks a configuration
+        ///
+        /// \param[inout] cursor  Memory cursor
+        ///
+        virtual void operator>>(_Inout_ cursor_in &cursor);
+
+        /// @}
+
        /// \name Storage
        /// @{

@@ -164,12 +210,15 @@ namespace eap
        ///
        /// Returns credential identity.
        ///
-        virtual std::wstring get_identity() const = 0;
+        virtual std::wstring get_identity() const;

        ///
        /// Returns credential name (for GUI display).
        ///
        virtual winstd::tstring get_name() const;
+
+    public:
+        std::wstring m_identity;    ///< Identity (username\@domain, certificate name etc.)
    };


@@ -294,13 +343,7 @@ namespace eap

        /// @}

-        ///
-        /// Returns credential identity.
-        ///
-        virtual std::wstring get_identity() const;
-
    public:
-        std::wstring               m_identity;  ///< Identity (username\@domain, certificate name etc.)
        winstd::sanitizing_wstring m_password;  ///< Password

    private:
--- a/lib/EAPBase/src/Credentials.cpp
+++ b/lib/EAPBase/src/Credentials.cpp
@@ -36,12 +36,14 @@ eap::credentials::credentials(_In_ module &mod) : config(mod)


 eap::credentials::credentials(_In_ const credentials &other) :
+    m_identity(other.m_identity),
    config(other)
 {
 }


 eap::credentials::credentials(_Inout_ credentials &&other) :
+    m_identity(std::move(other.m_identity)),
    config(std::move(other))
 {
 }
@@ -49,8 +51,10 @@ eap::credentials::credentials(_Inout_ credentials &&other) :

 eap::credentials& eap::credentials::operator=(_In_ const credentials &other)
 {
-    if (this != &other)
+    if (this != &other) {
        (config&)*this = other;
+        m_identity     = other.m_identity;
+    }

    return *this;
 }
@@ -58,8 +62,10 @@ eap::credentials& eap::credentials::operator=(_In_ const credentials &other)

 eap::credentials& eap::credentials::operator=(_Inout_ credentials &&other)
 {
-    if (this != &other)
+    if (this != &other) {
        (config&)*this = std::move(other);
+        m_identity     = std::move(other.m_identity);
+    }

    return *this;
 }
@@ -67,13 +73,73 @@ eap::credentials& eap::credentials::operator=(_Inout_ credentials &&other)

 void eap::credentials::clear()
 {
+    m_identity.clear();
 }


 bool eap::credentials::empty() const
 {
-    // Base class always report empty credentials.
-    return true;
+    return m_identity.empty();
+}
+
+
+void eap::credentials::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const
+{
+    assert(pDoc);
+    assert(pConfigRoot);
+
+    config::save(pDoc, pConfigRoot);
+
+    const bstr bstrNamespace(L"urn:ietf:params:xml:ns:yang:ietf-eap-metadata");
+    HRESULT hr;
+
+    // <UserName>
+    if (FAILED(hr = eapxml::put_element_value(pDoc, pConfigRoot, bstr(L"UserName"), bstrNamespace, bstr(m_identity))))
+        throw com_runtime_error(hr, __FUNCTION__ " Error creating <UserName> element.");
+}
+
+
+void eap::credentials::load(_In_ IXMLDOMNode *pConfigRoot)
+{
+    assert(pConfigRoot);
+    HRESULT hr;
+
+    config::load(pConfigRoot);
+
+    std::wstring xpath(eapxml::get_xpath(pConfigRoot));
+
+    if (FAILED(hr = eapxml::get_element_value(pConfigRoot, bstr(L"eap-metadata:UserName"), m_identity)))
+        throw com_runtime_error(hr, __FUNCTION__ " Error reading <UserName> element.");
+
+    m_module.log_config((xpath + L"/UserName").c_str(), m_identity.c_str());
+}
+
+
+void eap::credentials::operator<<(_Inout_ cursor_out &cursor) const
+{
+    config::operator<<(cursor);
+    cursor << m_identity;
+}
+
+
+size_t eap::credentials::get_pk_size() const
+{
+    return
+        config::get_pk_size() +
+        pksizeof(m_identity);
+}
+
+
+void eap::credentials::operator>>(_Inout_ cursor_in &cursor)
+{
+    config::operator>>(cursor);
+    cursor >> m_identity;
+}
+
+
+wstring eap::credentials::get_identity() const
+{
+    return m_identity;
 }


@@ -93,7 +159,6 @@ eap::credentials_pass::credentials_pass(_In_ module &mod) : credentials(mod)


 eap::credentials_pass::credentials_pass(_In_ const credentials_pass &other) :
-    m_identity(other.m_identity),
    m_password(other.m_password),
    credentials(other)
 {
@@ -101,7 +166,6 @@ eap::credentials_pass::credentials_pass(_In_ const credentials_pass &other) :


 eap::credentials_pass::credentials_pass(_Inout_ credentials_pass &&other) :
-    m_identity(std::move(other.m_identity)),
    m_password(std::move(other.m_password)),
    credentials(std::move(other))
 {
@@ -112,7 +176,6 @@ eap::credentials_pass& eap::credentials_pass::operator=(_In_ const credentials_p
 {
    if (this != &other) {
        (credentials&)*this = other;
-        m_identity          = other.m_identity;
        m_password          = other.m_password;
    }

@@ -124,7 +187,6 @@ eap::credentials_pass& eap::credentials_pass::operator=(_Inout_ credentials_pass
 {
    if (this != &other) {
        (credentials&)*this = std::move(other);
-        m_identity          = std::move(other.m_identity);
        m_password          = std::move(other.m_password);
    }

@@ -135,14 +197,13 @@ eap::credentials_pass& eap::credentials_pass::operator=(_Inout_ credentials_pass
 void eap::credentials_pass::clear()
 {
    credentials::clear();
-    m_identity.clear();
    m_password.clear();
 }


 bool eap::credentials_pass::empty() const
 {
-    return credentials::empty() && m_identity.empty() && m_password.empty();
+    return credentials::empty() && m_password.empty();
 }


@@ -156,10 +217,6 @@ void eap::credentials_pass::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *p
    const bstr bstrNamespace(L"urn:ietf:params:xml:ns:yang:ietf-eap-metadata");
    HRESULT hr;

-    // <UserName>
-    if (FAILED(hr = eapxml::put_element_value(pDoc, pConfigRoot, bstr(L"UserName"), bstrNamespace, bstr(m_identity))))
-        throw com_runtime_error(hr, __FUNCTION__ " Error creating <UserName> element.");
-
    // <Password>
    bstr pass(m_password);
    hr = eapxml::put_element_value(pDoc, pConfigRoot, bstr(L"Password"), bstrNamespace, pass);
@@ -178,11 +235,6 @@ void eap::credentials_pass::load(_In_ IXMLDOMNode *pConfigRoot)

    std::wstring xpath(eapxml::get_xpath(pConfigRoot));

-    if (FAILED(hr = eapxml::get_element_value(pConfigRoot, bstr(L"eap-metadata:UserName"), m_identity)))
-        throw com_runtime_error(hr, __FUNCTION__ " Error reading <UserName> element.");
-
-    m_module.log_config((xpath + L"/UserName").c_str(), m_identity.c_str());
-
    bstr pass;
    if (FAILED(hr = eapxml::get_element_value(pConfigRoot, bstr(L"eap-metadata:Password"), &pass)))
        throw com_runtime_error(hr, __FUNCTION__ " Error reading <Password> element.");
@@ -202,7 +254,6 @@ void eap::credentials_pass::load(_In_ IXMLDOMNode *pConfigRoot)
 void eap::credentials_pass::operator<<(_Inout_ cursor_out &cursor) const
 {
    credentials::operator<<(cursor);
-    cursor << m_identity;
    cursor << m_password;
 }

@@ -211,7 +262,6 @@ size_t eap::credentials_pass::get_pk_size() const
 {
    return
        credentials::get_pk_size() +
-        pksizeof(m_identity) +
        pksizeof(m_password);
 }

@@ -219,7 +269,6 @@ size_t eap::credentials_pass::get_pk_size() const
 void eap::credentials_pass::operator>>(_Inout_ cursor_in &cursor)
 {
    credentials::operator>>(cursor);
-    cursor >> m_identity;
    cursor >> m_password;
 }

@@ -289,7 +338,7 @@ void eap::credentials_pass::retrieve(_In_z_ LPCTSTR pszTargetName)
        m_identity.clear();

    wstring xpath(pszTargetName);
-    m_module.log_config((xpath + L"/Username").c_str(), m_identity.c_str());
+    m_module.log_config((xpath + L"/Identity").c_str(), m_identity.c_str());
    m_module.log_config((xpath + L"/Password").c_str(),
 #ifdef _DEBUG
        m_password.c_str()
@@ -300,12 +349,6 @@ void eap::credentials_pass::retrieve(_In_z_ LPCTSTR pszTargetName)
 }


-std::wstring eap::credentials_pass::get_identity() const
-{
-    return m_identity;
-}
-
-
 const unsigned char eap::credentials_pass::s_entropy[1024] = {
    0x40, 0x88, 0xd3, 0x13, 0x81, 0x8a, 0xf6, 0x74, 0x55, 0x8e, 0xcc, 0x73, 0x2c, 0xf8, 0x93, 0x37,
    0x4f, 0xeb, 0x1d, 0x66, 0xb7, 0xfb, 0x47, 0x75, 0xb4, 0xfd, 0x07, 0xbb, 0xf6, 0xb3, 0x05, 0x30,