Amebis/GEANTLink
1
1
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases 50 Wiki Activity

EAP modules divided to libraries

Browse Source
This commit is contained in:
Simon Rozman
2016-06-10 07:01:42 +02:00
parent 218aa187f6
commit cf7ca9c8e9
134 changed files with 6897 additions and 4465 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/TLS/build/.gitignore vendored Normal file
View File

@@ -0,0 +1,2 @@
/temp
/*.user

12
lib/TLS/build/TLS.props Normal file
View File

@@ -0,0 +1,12 @@
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ImportGroup Label="PropertySheets" />
<PropertyGroup Label="UserMacros" />
<PropertyGroup />
<ItemDefinitionGroup>
<ClCompile>
<AdditionalIncludeDirectories>..\..\Events\build\temp\Events.$(Platform).$(Configuration).$(PlatformToolset);..\..\WinStd\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
</ClCompile>
</ItemDefinitionGroup>
<ItemGroup />
</Project>

99
lib/TLS/build/TLS.vcxproj Normal file
View File

@@ -0,0 +1,99 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup Label="ProjectConfigurations">
<ProjectConfiguration Include="Debug|Win32">
<Configuration>Debug</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Debug|x64">
<Configuration>Debug</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|Win32">
<Configuration>Release</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|x64">
<Configuration>Release</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
</ItemGroup>
<PropertyGroup Label="Globals">
<ProjectGuid>{4D40CB8A-812E-4F12-B23A-31AF743878E8}</ProjectGuid>
<RootNamespace>TLS</RootNamespace>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
<ConfigurationType>StaticLibrary</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
<ConfigurationType>StaticLibrary</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
<ConfigurationType>StaticLibrary</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>StaticLibrary</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
<Import Project="..\..\..\include\Win32.props" />
<Import Project="..\..\..\include\Debug.props" />
<Import Project="TLS.props" />
</ImportGroup>
<ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
<Import Project="..\..\..\include\x64.props" />
<Import Project="..\..\..\include\Debug.props" />
<Import Project="TLS.props" />
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
<Import Project="..\..\..\include\Win32.props" />
<Import Project="..\..\..\include\Release.props" />
<Import Project="TLS.props" />
</ImportGroup>
<ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
<Import Project="..\..\..\include\x64.props" />
<Import Project="..\..\..\include\Release.props" />
<Import Project="TLS.props" />
</ImportGroup>
<PropertyGroup Label="UserMacros" />
<PropertyGroup />
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" />
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" />
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
<ItemGroup>
<ClInclude Include="..\include\Config.h" />
<ClInclude Include="..\include\Credentials.h" />
<ClInclude Include="..\src\StdAfx.h" />
</ItemGroup>
<ItemGroup>
<ClCompile Include="..\src\Config.cpp" />
<ClCompile Include="..\src\StdAfx.cpp">
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Create</PrecompiledHeader>
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Create</PrecompiledHeader>
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">Create</PrecompiledHeader>
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|x64'">Create</PrecompiledHeader>
</ClCompile>
<ClCompile Include="..\src\Credentials.cpp" />
</ItemGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets">
</ImportGroup>
</Project>

35
lib/TLS/build/TLS.vcxproj.filters Normal file
View File

@@ -0,0 +1,35 @@
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup>
<Filter Include="Source Files">
<UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
<Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
</Filter>
<Filter Include="Header Files">
<UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
<Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
</Filter>
</ItemGroup>
<ItemGroup>
<ClInclude Include="..\src\StdAfx.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="..\include\Config.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="..\include\Credentials.h">
<Filter>Header Files</Filter>
</ClInclude>
</ItemGroup>
<ItemGroup>
<ClCompile Include="..\src\StdAfx.cpp">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="..\src\Config.cpp">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="..\src\Credentials.cpp">
<Filter>Source Files</Filter>
</ClCompile>
</ItemGroup>
</Project>

198
lib/TLS/include/Config.h Normal file
View File

@@ -0,0 +1,198 @@
/*
Copyright 2015-2016 Amebis
Copyright 2016 GÉANT
This file is part of GÉANTLink.
GÉANTLink is free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
GÉANTLink is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
*/
#include <sal.h>
namespace eap
{
///
/// TLS configuration
///
class config_tls;
}
namespace eapserial
{
///
/// Packs a TLS method configuration
///
/// \param[inout] cursor Memory cursor
/// \param[in] val Configuration to pack
///
inline void pack(_Inout_ unsigned char *&cursor, _In_ const eap::config_tls &val);
///
/// Returns packed size of a TLS method configuration
///
/// \param[in] val Configuration to pack
///
/// \returns Size of data when packed (in bytes)
///
inline size_t get_pk_size(const eap::config_tls &val);
///
/// Unpacks a TLS method configuration
///
/// \param[inout] cursor Memory cursor
/// \param[out] val Configuration to unpack to
///
inline void unpack(_Inout_ const unsigned char *&cursor, _Out_ eap::config_tls &val);
}
#pragma once
#include "../../EAPBase/include/Config.h"
#include <WinStd/Crypt.h>
#include <Windows.h>
#include <list>
#include <string>
namespace eap
{
class config_tls : public config_method
{
public:
///
/// Constructs configuration
///
/// \param[in] mod Reference of the EAP module to use for global services
///
config_tls(_In_ module &mod);
///
/// Copies configuration
///
/// \param[in] other Configuration to copy from
///
config_tls(_In_ const config_tls &other);
///
/// Moves configuration
///
/// \param[in] other Configuration to move from
///
config_tls(_Inout_ config_tls &&other);
///
/// Copies configuration
///
/// \param[in] other Configuration to copy from
///
/// \returns Reference to this object
///
config_tls& operator=(_In_ const config_tls &other);
///
/// Moves configuration
///
/// \param[in] other Configuration to move from
///
/// \returns Reference to this object
///
config_tls& operator=(_Inout_ config_tls &&other);
///
/// Clones configuration
///
/// \returns Pointer to cloned configuration
///
virtual config* clone() const { return new config_tls(*this); }
/// \name XML configuration management
/// @{
///
/// Save configuration to XML document
///
/// \param[in] pDoc XML document
/// \param[in] pConfigRoot Suggested root element for saving configuration
/// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`.
///
/// \returns
/// - \c ERROR_SUCCESS if succeeded
/// - error code otherwise
///
virtual DWORD save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError) const;
///
/// Load configuration from XML document
///
/// \param[in] pConfigRoot Root element for loading configuration
/// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`.
///
/// \returns
/// - \c ERROR_SUCCESS if succeeded
/// - error code otherwise
///
virtual DWORD load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError);
/// @}
///
/// Returns EAP method type of this configuration
///
/// \returns `eap::type_tls`
///
virtual eap::type_t get_method_id() { return eap::type_tls; }
///
/// Adds CA to the list of trusted root CA's
///
/// \sa [CertCreateCertificateContext function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa376033.aspx)
///
bool add_trusted_ca(_In_ DWORD dwCertEncodingType, _In_ const BYTE *pbCertEncoded, _In_ DWORD cbCertEncoded);
public:
std::list<winstd::cert_context> m_trusted_root_ca; ///< Trusted root CAs
std::list<std::string> m_server_names; ///< Acceptable authenticating server names
};
}
namespace eapserial
{
inline void pack(_Inout_ unsigned char *&cursor, _In_ const eap::config_tls &val)
{
pack(cursor, (const eap::config_method&)val);
pack(cursor, val.m_trusted_root_ca );
pack(cursor, val.m_server_names );
}
inline size_t get_pk_size(const eap::config_tls &val)
{
return
get_pk_size((const eap::config_method&)val) +
get_pk_size(val.m_trusted_root_ca ) +
get_pk_size(val.m_server_names );
}
inline void unpack(_Inout_ const unsigned char *&cursor, _Out_ eap::config_tls &val)
{
unpack(cursor, (eap::config_method&)val );
unpack(cursor, val.m_trusted_root_ca);
unpack(cursor, val.m_server_names );
}
}

207
lib/TLS/include/Credentials.h Normal file
View File

@@ -0,0 +1,207 @@
/*
Copyright 2015-2016 Amebis
Copyright 2016 GÉANT
This file is part of GÉANTLink.
GÉANTLink is free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
GÉANTLink is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
*/
#include <sal.h>
namespace eap
{
///
/// TLS credentials
///
class credentials_tls;
}
namespace eapserial
{
///
/// Packs a TLS method credentials
///
/// \param[inout] cursor Memory cursor
/// \param[in] val Credentials to pack
///
inline void pack(_Inout_ unsigned char *&cursor, _In_ const eap::credentials_tls &val);
///
/// Returns packed size of a TLS method credentials
///
/// \param[in] val Credentials to pack
///
/// \returns Size of data when packed (in bytes)
///
inline size_t get_pk_size(const eap::credentials_tls &val);
///
/// Unpacks a TLS method credentials
///
/// \param[inout] cursor Memory cursor
/// \param[out] val Credentials to unpack to
///
inline void unpack(_Inout_ const unsigned char *&cursor, _Out_ eap::credentials_tls &val);
}
#pragma once
#include "../../EAPBase/include/Credentials.h"
#include <Windows.h>
#include <vector>
namespace eap
{
class credentials_tls : public credentials
{
public:
///
/// Constructs credentials
///
/// \param[in] mod Reference of the EAP module to use for global services
///
credentials_tls(_In_ module &mod);
///
/// Copies credentials
///
/// \param[in] other Credentials to copy from
///
credentials_tls(_In_ const credentials_tls &other);
///
/// Moves credentials
///
/// \param[in] other Credentials to move from
///
credentials_tls(_Inout_ credentials_tls &&other);
///
/// Copies credentials
///
/// \param[in] other Credentials to copy from
///
/// \returns Reference to this object
///
credentials_tls& operator=(_In_ const credentials_tls &other);
///
/// Moves credentials
///
/// \param[in] other Credentials to move from
///
/// \returns Reference to this object
///
credentials_tls& operator=(_Inout_ credentials_tls &&other);
///
/// Clones credentials
///
/// \returns Pointer to cloned credentials
///
virtual config* clone() const { return new credentials_tls(*this); }
///
/// Resets credentials
///
virtual void clear();
///
/// Test credentials if blank
///
virtual bool empty() const;
/// \name XML credentials management
/// @{
///
/// Load credentials from XML document
///
/// \param[in] pConfigRoot Root element for loading credentials
/// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`.
///
/// \returns
/// - \c ERROR_SUCCESS if succeeded
/// - error code otherwise
///
virtual DWORD load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError);
/// @}
/// \name Storage
/// @{
///
/// Save credentials to Windows Credential Manager
///
/// \param[in] pszTargetName The name in Windows Credential Manager to store credentials as
/// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`.
///
/// \returns
/// - \c ERROR_SUCCESS if succeeded
/// - error code otherwise
///
virtual DWORD store(_In_ LPCTSTR pszTargetName, _Out_ EAP_ERROR **ppEapError) const;
///
/// Retrieve credentials from Windows Credential Manager
///
/// \param[in] pszTargetName The name in Windows Credential Manager to retrieve credentials from
/// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`.
///
/// \returns
/// - \c ERROR_SUCCESS if succeeded
/// - error code otherwise
///
virtual DWORD retrieve(_In_ LPCTSTR pszTargetName, _Out_ EAP_ERROR **ppEapError);
///
/// Return target suffix for Windows Credential Manager credential name
///
virtual LPCTSTR target_suffix() const { return _T("TLS"); }
/// @}
public:
std::vector<unsigned char> m_cert_hash; ///< Client certificate hash (certificates are kept in Personal Certificate Storage)
};
}
namespace eapserial
{
inline void pack(_Inout_ unsigned char *&cursor, _In_ const eap::credentials_tls &val)
{
pack(cursor, (const eap::credentials&)val);
pack(cursor, val.m_cert_hash );
}
inline size_t get_pk_size(const eap::credentials_tls &val)
{
return
get_pk_size((const eap::credentials&)val) +
get_pk_size(val.m_cert_hash );
}
inline void unpack(_Inout_ const unsigned char *&cursor, _Out_ eap::credentials_tls &val)
{
unpack(cursor, (eap::credentials&)val);
unpack(cursor, val.m_cert_hash );
}
}

201
lib/TLS/src/Config.cpp Normal file
View File

@@ -0,0 +1,201 @@
/*
Copyright 2015-2016 Amebis
Copyright 2016 GÉANT
This file is part of GÉANTLink.
GÉANTLink is free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
GÉANTLink is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
*/
#include "StdAfx.h"
using namespace std;
using namespace winstd;
//////////////////////////////////////////////////////////////////////
// eap::config_tls
//////////////////////////////////////////////////////////////////////
eap::config_tls::config_tls(_In_ module &mod) : config_method(mod)
{
}
eap::config_tls::config_tls(_In_ const config_tls &other) :
m_trusted_root_ca(other.m_trusted_root_ca),
m_server_names(other.m_server_names),
config_method(other)
{
}
eap::config_tls::config_tls(_Inout_ config_tls &&other) :
m_trusted_root_ca(std::move(other.m_trusted_root_ca)),
m_server_names(std::move(other.m_server_names)),
config_method(std::move(other))
{
}
eap::config_tls& eap::config_tls::operator=(_In_ const eap::config_tls &other)
{
if (this != &other) {
(config_method&)*this = other;
m_trusted_root_ca = other.m_trusted_root_ca;
m_server_names = other.m_server_names;
}
return *this;
}
eap::config_tls& eap::config_tls::operator=(_Inout_ eap::config_tls &&other)
{
if (this != &other) {
(config_method&&)*this = std::move(other);
m_trusted_root_ca = std::move(other.m_trusted_root_ca);
m_server_names = std::move(other.m_server_names);
}
return *this;
}
DWORD eap::config_tls::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError) const
{
const bstr bstrNamespace(L"urn:ietf:params:xml:ns:yang:ietf-eap-metadata");
DWORD dwResult;
HRESULT hr;
// <ServerSideCredential>
com_obj<IXMLDOMElement> pXmlElServerSideCredential;
if ((dwResult = eapxml::create_element(pDoc, pConfigRoot, bstr(L"eap-metadata:ServerSideCredential"), bstr(L"ServerSideCredential"), bstrNamespace, &pXmlElServerSideCredential)) != ERROR_SUCCESS) {
*ppEapError = m_module.make_error(dwResult, 0, NULL, NULL, NULL, _T(__FUNCTION__) _T(" Error creating <ServerSideCredential> element."), NULL);
return dwResult;
}
for (list<cert_context>::const_iterator i = m_trusted_root_ca.begin(), i_end = m_trusted_root_ca.end(); i != i_end; ++i) {
// <CA>
com_obj<IXMLDOMElement> pXmlElCA;
if ((dwResult = eapxml::create_element(pDoc, bstr(L"CA"), bstrNamespace, &pXmlElCA))) {
*ppEapError = m_module.make_error(dwResult, 0, NULL, NULL, NULL, _T(__FUNCTION__) _T(" Error creating <CA> element."), NULL);
return dwResult;
}
// <CA>/<format>
if ((dwResult = eapxml::put_element_value(pDoc, pXmlElCA, bstr(L"format"), bstrNamespace, bstr(L"PEM"))) != ERROR_SUCCESS) {
*ppEapError = m_module.make_error(dwResult, 0, NULL, NULL, NULL, _T(__FUNCTION__) _T(" Error creating <format> element."), NULL);
return dwResult;
}
// <CA>/<cert-data>
const cert_context &cc = *i;
if ((dwResult = eapxml::put_element_base64(pDoc, pXmlElCA, bstr(L"cert-data"), bstrNamespace, cc->pbCertEncoded, cc->cbCertEncoded)) != ERROR_SUCCESS) {
*ppEapError = m_module.make_error(dwResult, 0, NULL, NULL, NULL, _T(__FUNCTION__) _T(" Error creating <cert-data> element."), NULL);
return dwResult;
}
if (FAILED(hr = pXmlElServerSideCredential->appendChild(pXmlElCA, NULL))) {
*ppEapError = m_module.make_error(dwResult = HRESULT_CODE(hr), 0, NULL, NULL, NULL, _T(__FUNCTION__) _T(" Error appending <CA> element."), NULL);
return dwResult;
}
}
// <ServerName>
for (list<string>::const_iterator i = m_server_names.begin(), i_end = m_server_names.end(); i != i_end; ++i) {
wstring str;
MultiByteToWideChar(CP_UTF8, 0, i->c_str(), (int)i->length(), str);
if ((dwResult = eapxml::put_element_value(pDoc, pXmlElServerSideCredential, bstr(L"ServerName"), bstrNamespace, bstr(str))) != ERROR_SUCCESS) {
*ppEapError = m_module.make_error(dwResult, 0, NULL, NULL, NULL, _T(__FUNCTION__) _T(" Error creating <ServerName> element."), NULL);
return dwResult;
}
}
return config_method::save(pDoc, pConfigRoot, ppEapError);
}
DWORD eap::config_tls::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError)
{
m_trusted_root_ca.clear();
m_server_names.clear();
// <ServerSideCredential>
com_obj<IXMLDOMElement> pXmlElServerSideCredential;
if (eapxml::select_element(pConfigRoot, bstr(L"eap-metadata:ServerSideCredential"), &pXmlElServerSideCredential) == ERROR_SUCCESS) {
// <CA>
com_obj<IXMLDOMNodeList> pXmlListCAs;
long lCACount = 0;
if (eapxml::select_nodes(pXmlElServerSideCredential, bstr(L"eap-metadata:CA"), &pXmlListCAs) == ERROR_SUCCESS && SUCCEEDED(pXmlListCAs->get_length(&lCACount))) {
for (long j = 0; j < lCACount; j++) {
// Load CA certificate.
com_obj<IXMLDOMNode> pXmlElCA;
pXmlListCAs->get_item(j, &pXmlElCA);
bstr bstrFormat;
if (eapxml::get_element_value(pXmlElCA, bstr(L"eap-metadata:format"), &bstrFormat) == ERROR_SUCCESS) {
if (CompareStringEx(LOCALE_NAME_INVARIANT, NORM_IGNORECASE, bstrFormat, bstrFormat.length(), L"PEM", -1, NULL, NULL, 0) == CSTR_EQUAL) {
vector<unsigned char> aData;
if (eapxml::get_element_base64(pXmlElCA, bstr(L"eap-metadata:cert-data"), aData) == ERROR_SUCCESS)
add_trusted_ca(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, aData.data(), (DWORD)aData.size());
}
}
}
}
// <ServerName>
com_obj<IXMLDOMNodeList> pXmlListServerIDs;
long lServerIDCount = 0;
if (eapxml::select_nodes(pXmlElServerSideCredential, bstr(L"eap-metadata:ServerName"), &pXmlListServerIDs) == ERROR_SUCCESS && SUCCEEDED(pXmlListServerIDs->get_length(&lServerIDCount))) {
for (long j = 0; j < lServerIDCount; j++) {
// Load server name (<ServerName>).
com_obj<IXMLDOMNode> pXmlElServerID;
pXmlListServerIDs->get_item(j, &pXmlElServerID);
bstr bstrServerID;
pXmlElServerID->get_text(&bstrServerID);
// Server names (FQDNs) are always ASCII. Hopefully. Convert them to UTF-8 anyway for consistent comparison. CP_ANSI varies.
string str;
WideCharToMultiByte(CP_UTF8, 0, bstrServerID, bstrServerID.length(), str, NULL, NULL);
m_server_names.push_back(str);
}
}
}
return config_method::load(pConfigRoot, ppEapError);
}
bool eap::config_tls::add_trusted_ca(_In_ DWORD dwCertEncodingType, _In_ const BYTE *pbCertEncoded, _In_ DWORD cbCertEncoded)
{
cert_context cert;
if (!cert.create(dwCertEncodingType, pbCertEncoded, cbCertEncoded)) {
// Invalid or unsupported certificate.
return false;
}
for (list<cert_context>::const_iterator i = m_trusted_root_ca.cbegin(), i_end = m_trusted_root_ca.cend();; ++i) {
if (i != i_end) {
if (*i == cert) {
// This certificate is already on the list.
return false;
}
} else {
// End of list reached. Append certificate.
m_trusted_root_ca.push_back(std::move(cert));
return true;
}
}
}

152
lib/TLS/src/Credentials.cpp Normal file
View File

@@ -0,0 +1,152 @@
/*
Copyright 2015-2016 Amebis
Copyright 2016 GÉANT
This file is part of GÉANTLink.
GÉANTLink is free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
GÉANTLink is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
*/
#include "StdAfx.h"
using namespace std;
using namespace winstd;
//////////////////////////////////////////////////////////////////////
// eap::credentials_tls
//////////////////////////////////////////////////////////////////////
eap::credentials_tls::credentials_tls(_In_ module &mod) : credentials(mod)
{
}
eap::credentials_tls::credentials_tls(_In_ const credentials_tls &other) :
m_cert_hash(other.m_cert_hash),
credentials(other)
{
}
eap::credentials_tls::credentials_tls(_Inout_ credentials_tls &&other) :
m_cert_hash(std::move(m_cert_hash)),
credentials(std::move(other))
{
}
eap::credentials_tls& eap::credentials_tls::operator=(_In_ const credentials_tls &other)
{
if (this != &other) {
(credentials&)*this = other;
m_cert_hash = other.m_cert_hash;
}
return *this;
}
eap::credentials_tls& eap::credentials_tls::operator=(_Inout_ credentials_tls &&other)
{
if (this != &other) {
(credentials&)*this = std::move(other);
m_cert_hash = std::move(other.m_cert_hash);
}
return *this;
}
void eap::credentials_tls::clear()
{
credentials::clear();
m_cert_hash.clear();
}
bool eap::credentials_tls::empty() const
{
return credentials::empty() && m_cert_hash.empty();
}
DWORD eap::credentials_tls::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError)
{
assert(pConfigRoot);
UNREFERENCED_PARAMETER(ppEapError);
eapxml::get_element_hex(pConfigRoot, bstr(L"CertHash"), m_cert_hash);
return ERROR_SUCCESS;
}
DWORD eap::credentials_tls::store(_In_ LPCTSTR pszTargetName, _Out_ EAP_ERROR **ppEapError) const
{
assert(pszTargetName);
assert(ppEapError);
DWORD dwResult;
tstring target(target_name(pszTargetName));
// Write credentials.
assert(m_cert_hash.size()*sizeof(char) < CRED_MAX_CREDENTIAL_BLOB_SIZE);
assert(m_identity.length() < CRED_MAX_USERNAME_LENGTH );
CREDENTIAL cred = {
0, // Flags
CRED_TYPE_GENERIC, // Type
(LPTSTR)target.c_str(), // TargetName
_T(""), // Comment
{ 0, 0 }, // LastWritten
(DWORD)m_cert_hash.size()*sizeof(char), // CredentialBlobSize
(LPBYTE)m_cert_hash.data(), // CredentialBlob
CRED_PERSIST_ENTERPRISE, // Persist
0, // AttributeCount
NULL, // Attributes
NULL, // TargetAlias
(LPTSTR)m_identity.c_str() // UserName
};
if (!CredWrite(&cred, 0)) {
*ppEapError = m_module.make_error(dwResult = GetLastError(), 0, NULL, NULL, NULL, _T(__FUNCTION__) _T(" CredWrite failed."), NULL);
return dwResult;
}
return ERROR_SUCCESS;
}
DWORD eap::credentials_tls::retrieve(_In_ LPCTSTR pszTargetName, _Out_ EAP_ERROR **ppEapError)
{
assert(pszTargetName && _tcslen(pszTargetName) < CRED_MAX_GENERIC_TARGET_NAME_LENGTH);
DWORD dwResult;
// Read credentials.
unique_ptr<CREDENTIAL, CredFree_delete<CREDENTIAL> > cred;
if (!CredRead(target_name(pszTargetName).c_str(), CRED_TYPE_GENERIC, 0, (PCREDENTIAL*)&cred)) {
*ppEapError = m_module.make_error(dwResult = GetLastError(), 0, NULL, NULL, NULL, _T(__FUNCTION__) _T(" CredRead failed."), NULL);
return dwResult;
}
if (cred->UserName)
m_identity = cred->UserName;
else
m_identity.clear();
m_cert_hash.assign(cred->CredentialBlob, cred->CredentialBlob + cred->CredentialBlobSize);
return ERROR_SUCCESS;
}

21
lib/TLS/src/StdAfx.cpp Normal file
View File

@@ -0,0 +1,21 @@
/*
Copyright 2015-2016 Amebis
Copyright 2016 GÉANT
This file is part of GÉANTLink.
GÉANTLink is free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
GÉANTLink is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
*/
#include "StdAfx.h"

28
lib/TLS/src/StdAfx.h Normal file
View File

@@ -0,0 +1,28 @@
/*
Copyright 2015-2016 Amebis
Copyright 2016 GÉANT
This file is part of GÉANTLink.
GÉANTLink is free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
GÉANTLink is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
*/
#pragma once
#include "../include/Config.h"
#include "../include/Credentials.h"
#include "../../EAPBase/include/EAPXML.h"
#include <WinStd/Cred.h>