Amebis/GEANTLink
1
1
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases 50 Wiki Activity

Compare commits

base: Amebis:1.0-alpha10-owntls
Branches Tags
Amebis:master Amebis:ver1.0 Amebis:ver1.1
Amebis:1.3g Amebis:1.3f Amebis:1.3e Amebis:1.3d Amebis:1.3c Amebis:1.3b Amebis:1.3a Amebis:1.3 Amebis:1.2g Amebis:1.2f Amebis:1.1h Amebis:1.0i Amebis:1.2e Amebis:1.1g Amebis:1.0h Amebis:1.2d Amebis:1.1f Amebis:1.0g Amebis:1.2c Amebis:1.1e Amebis:1.0f Amebis:1.2b Amebis:1.1d Amebis:1.0e Amebis:1.2a Amebis:1.1c Amebis:1.0d Amebis:1.2 Amebis:1.1b Amebis:1.0c Amebis:1.2-beta2 Amebis:1.2-beta1 Amebis:1.2-beta Amebis:1.1a Amebis:1.0b Amebis:1.1 Amebis:1.1-beta2 Amebis:1.1-beta1 Amebis:1.0a Amebis:1.1-beta Amebis:1.0 Amebis:1.0-beta8 Amebis:1.0-beta7 Amebis:1.0-beta6 Amebis:1.0-beta5 Amebis:1.0-beta4 Amebis:1.0-beta3 Amebis:1.0-beta2 Amebis:1.0-beta1 Amebis:1.0-beta Amebis:1.0-alpha17 Amebis:1.0-alpha16 Amebis:1.0-alpha15 Amebis:1.0-alpha14 Amebis:1.0-alpha13 Amebis:1.0-alpha12 Amebis:1.0-alpha11 Amebis:1.0-alpha10 Amebis:1.0-alpha10-owntls Amebis:1.0-alpha9 Amebis:1.0-alpha8 Amebis:1.0-alpha7 Amebis:1.0-alpha6 Amebis:1.0-alpha5 Amebis:1.0-alpha4 Amebis:1.0-alpha3 Amebis:1.0-alpha2 Amebis:1.0-alpha1 Amebis:1.0-alpha0
..
compare: Amebis:1.0-alpha12
Branches Tags
Amebis:master Amebis:ver1.0 Amebis:ver1.1
Amebis:1.3g Amebis:1.3f Amebis:1.3e Amebis:1.3d Amebis:1.3c Amebis:1.3b Amebis:1.3a Amebis:1.3 Amebis:1.2g Amebis:1.2f Amebis:1.1h Amebis:1.0i Amebis:1.2e Amebis:1.1g Amebis:1.0h Amebis:1.2d Amebis:1.1f Amebis:1.0g Amebis:1.2c Amebis:1.1e Amebis:1.0f Amebis:1.2b Amebis:1.1d Amebis:1.0e Amebis:1.2a Amebis:1.1c Amebis:1.0d Amebis:1.2 Amebis:1.1b Amebis:1.0c Amebis:1.2-beta2 Amebis:1.2-beta1 Amebis:1.2-beta Amebis:1.1a Amebis:1.0b Amebis:1.1 Amebis:1.1-beta2 Amebis:1.1-beta1 Amebis:1.0a Amebis:1.1-beta Amebis:1.0 Amebis:1.0-beta8 Amebis:1.0-beta7 Amebis:1.0-beta6 Amebis:1.0-beta5 Amebis:1.0-beta4 Amebis:1.0-beta3 Amebis:1.0-beta2 Amebis:1.0-beta1 Amebis:1.0-beta Amebis:1.0-alpha17 Amebis:1.0-alpha16 Amebis:1.0-alpha15 Amebis:1.0-alpha14 Amebis:1.0-alpha13 Amebis:1.0-alpha12 Amebis:1.0-alpha11 Amebis:1.0-alpha10 Amebis:1.0-alpha10-owntls Amebis:1.0-alpha9 Amebis:1.0-alpha8 Amebis:1.0-alpha7 Amebis:1.0-alpha6 Amebis:1.0-alpha5 Amebis:1.0-alpha4 Amebis:1.0-alpha3 Amebis:1.0-alpha2 Amebis:1.0-alpha1 Amebis:1.0-alpha0

26 Commits
1.0-alpha1 ... 1.0-alpha1

Author SHA1 Message Date
Simon Rozman
5483368640 Version set to 1.0-alpha12 2016-08-25 13:10:42 +02:00
Simon Rozman
6077063599 The credentials are marked "invalid" at transition from handshake to application data phase only to prevent initial handshake problems from popping-up credential prompt when credentials have nothing to do with the connection failure. 2016-08-25 13:08:11 +02:00
Simon Rozman
2857b2edd2 First application data message is now appended piggyback to the last client handshake message 
(Hopefully resolving issue with Radiator)
 2016-08-25 13:00:47 +02:00
Simon Rozman
6760287f0d Duplicate log record of EAP-TLS handshake removed 2016-08-25 12:58:56 +02:00
Simon Rozman
7973a8d59b Handshake log events are a bit more specific now 2016-08-25 12:57:47 +02:00
Simon Rozman
f5d8f653af Texts updated 2016-08-25 10:46:35 +02:00
Simon Rozman
e1600e5aba Configuration GUIDs are not required any more 
This reverts commit 1cb6ca5adb.
 2016-08-24 18:59:59 +02:00
Simon Rozman
352d546da1 Version set to 1.0-alpha11 2016-08-24 18:48:10 +02:00
Simon Rozman
d2ff78a613 Credential prompt sometimes displayed in background issue fixed now 2016-08-24 18:39:15 +02:00
Simon Rozman
10807fad18 Variable renamed from Slovenian to English 2016-08-24 18:36:51 +02:00
Simon Rozman
c6d53cd13c eap::monitor_ui class to prevent multiple launches introduced 2016-08-24 17:45:31 +02:00
Simon Rozman
6f25e4c0ad wxEAPGeneralDialog constructor parameters extended 2016-08-24 17:43:02 +02:00
Simon Rozman
edac93e115 Custom TLS identity is correctly enabled/disabled now. 2016-08-24 15:30:27 +02:00
Simon Rozman
d1c24efcf0 config_method_with_cred renamed to config_connection to describe it better 2016-08-24 11:39:37 +02:00
Simon Rozman
1cb6ca5adb Connection configuration is equipped with GUID now for multiple credential prompt disambiguation later 2016-08-24 11:34:30 +02:00
Simon Rozman
38e1443276 Logging of handshake progress introduced 2016-08-24 11:04:04 +02:00
Simon Rozman
6835f5279c Certificate (TLS) credentials support custom identity now 2016-08-24 11:03:18 +02:00
Simon Rozman
eb9c8a5f7c If configured trusted root CA certificate list is empty, that really means "Trust no one!" now 2016-08-23 23:40:07 +02:00
Simon Rozman
5332b538aa Our own TLS merged back to master and compiles conditionally 2016-08-23 22:46:00 +02:00
Simon Rozman
a9baa07227 Error type detection fixed 2016-08-23 22:41:12 +02:00
Simon Rozman
387a12ab5e Additional cases of invalid certificate caught 2016-08-23 17:41:20 +02:00
Simon Rozman
7b3251a758 Error throwing clean-up 2016-08-23 17:20:04 +02:00
Simon Rozman
894f19a81e Binary publishing updated 2016-08-23 16:45:16 +02:00
Simon Rozman
318ad7f355 Version set to 1.0-alpha10 2016-08-23 14:53:27 +02:00
Simon Rozman
ef2042253c When server certificate has no subjectAltName(2), compare host name against Common Name 2016-08-23 14:29:47 +02:00
Simon Rozman
9b997408a1 Switched to Schannel to do the TLS 2016-08-23 13:53:23 +02:00
45 changed files with 6594 additions and 5122 deletions
Expand all files Collapse all files

BIN
EAPMethods/MSIBuild/Makefile
View File

Binary file not shown.

317
EAPMethods/locale/EAPMethods.pot
View File

@@ -2,7 +2,7 @@
msgid ""
msgstr ""
"Project-Id-Version: EAPMethods\n"
"POT-Creation-Date: 2016-06-10 12:06+0200\n"
"POT-Creation-Date: 2016-08-25 10:43+0200\n"
"PO-Revision-Date: 2016-06-02 12:27+0200\n"
"Last-Translator: Simon Rozman <simon.rozman@amebis.si>\n"
"Language-Team: Amebis, d. o. o., Kamnik <info@amebis.si>\n"
@@ -11,8 +11,6 @@ msgstr ""
"Content-Transfer-Encoding: 8bit\n"
"X-Generator: Poedit 1.8.8\n"
"X-Poedit-Basepath: ../..\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
"Language: en_US\n"
"X-Poedit-SourceCharset: UTF-8\n"
"X-Poedit-KeywordsList: _\n"
"X-Poedit-SearchPath-0: lib/EAPBase_UI\n"
@@ -21,70 +19,203 @@ msgstr ""
"X-Poedit-SearchPath-3: lib/TTLS_UI\n"
"X-Poedit-SearchPath-4: EAPMethods\n"
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:123 lib/EAPBase_UI/res/wxEAP_UI.cpp:200
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:37
msgid "Advanced..."
msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:38
msgid "Opens dialog with provider settings"
msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:174 lib/EAPBase_UI/res/wxEAP_UI.cpp:296
msgid "Client Credentials"
msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:134
msgid "Manage your credentials stored in Windows Credential Manager."
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:185
msgid "Manage credentials used to connect."
msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:144
msgid "Identity:"
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:198
msgid "Use &own credentials:"
msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:149
msgid "Enter your user name here (user@domain.org, DOMAINUser, etc.)"
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:199
msgid "Select this option if you have your unique credentials to connect"
msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:159
msgid "&Set Credentials..."
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:204
msgid "Your credentials loaded from Windows Credential Manager"
msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:160
msgid "Click here to set or modify your credentials"
msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:164
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:214
msgid "&Clear Credentials"
msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:165
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:215
msgid ""
"Click to clear your credentials from Credential Manager.\n"
"Note: You will be prompted to enter credentials when connecting."
msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:211
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:219 lib/EAPBase_UI/res/wxEAP_UI.cpp:252
msgid "&Set Credentials..."
msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:220 lib/EAPBase_UI/res/wxEAP_UI.cpp:253
msgid "Click here to set or modify your credentials"
msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:236
msgid "Use &pre-shared credentials:"
msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:237
msgid "Select this options if all clients connect using the same credentials"
msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:242
msgid "Common (pre-shared) credentials"
msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:307
msgid "Please provide your user ID and password."
msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:221
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:317
msgid "User ID:"
msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:226
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:322
msgid "Enter your user name here (user@domain.org, DOMAIN\\User, etc.)"
msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:230
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:326
msgid "Password:"
msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:235
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:331
msgid "Enter your password here"
msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:242 lib/TLS_UI/res/wxTLS_UI.cpp:164
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:338 lib/TLS_UI/res/wxTLS_UI.cpp:183
msgid "&Remember"
msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:243
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:339
msgid "Check if you would like to save username and password"
msgstr ""
#: lib/PAP_UI/src/PAP_UI.cpp:41
msgid "This method requires no additional settings."
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:361
msgid "Your Organization"
msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:372
msgid "Describe your organization to customize user prompts. When organization is introduced, end-users find program messages easier to understand and act."
msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:379
msgid "Your organization &name:"
msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:384
msgid "Your organization name as it will appear on helpdesk contact notifications"
msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:388
msgid "(Keep it short, please)"
msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:398
msgid "Helpdesk contact &information:"
msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:408
msgid "¶"
msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:415
msgid "Your helpdesk website address"
msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:419
msgid "*"
msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:426
msgid "Your helpdesk e-mail address"
msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:430
msgid ")"
msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:437
msgid "Your helpdesk phone number"
msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:471
msgid "Configuration Lock"
msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:482
msgid "Your configuration can be locked to prevent accidental modification by end-users. Users will only be allowed to enter credentials."
msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:489
msgid "&Lock this configuration and prevent any further modification via user interface."
msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:492
msgid "(Warning: Once locked, you can not revert using this dialog!)"
msgstr ""
#: lib/EAPBase_UI/src/EAP_UI.cpp:88
#, c-format
msgid "%s Credentials"
msgstr ""
#: lib/EAPBase_UI/src/EAP_UI.cpp:118
#, c-format
msgid "For additional help and instructions, please contact %s at:"
msgstr ""
#: lib/EAPBase_UI/src/EAP_UI.cpp:120
#, c-format
msgid "your %ls provider"
msgstr ""
#: lib/EAPBase_UI/src/EAP_UI.cpp:120
msgid "your provider"
msgstr ""
#: lib/EAPBase_UI/src/EAP_UI.cpp:139
msgid "Open the default web browser"
msgstr ""
#: lib/EAPBase_UI/src/EAP_UI.cpp:150
msgid "Open your e-mail program"
msgstr ""
#: lib/EAPBase_UI/src/EAP_UI.cpp:161
msgid "Dial the phone number"
msgstr ""
#: lib/EAPBase_UI/src/EAP_UI.cpp:180
#, c-format
msgid "%s has pre-set parts of this configuration. Those parts are locked to prevent accidental modification."
msgstr ""
#: lib/EAPBase_UI/src/EAP_UI.cpp:182
#, c-format
msgid "Your %ls provider"
msgstr ""
#: lib/EAPBase_UI/src/EAP_UI.cpp:182
msgid "Your provider"
msgstr ""
#: lib/EAPBase_UI/src/EAP_UI.cpp:201
msgid "Previous attempt to connect failed. Please, make sure your credentials are correct, or try again later."
msgstr ""
#: lib/TLS_UI/res/wxTLS_UI.cpp:17
@@ -132,11 +263,11 @@ msgid "Acceptable server &names:"
msgstr ""
#: lib/TLS_UI/res/wxTLS_UI.cpp:77
msgid "A semicolon delimited list of acceptable server FQDN names; blank to skip name check; \"*\" wildchar allowed"
msgid "A semicolon delimited list of acceptable server FQDN names; blank to skip name check; Unicode characters allowed"
msgstr ""
#: lib/TLS_UI/res/wxTLS_UI.cpp:81
msgid "(Example: foo.bar.com;*.domain.org)"
msgid "(Example: foo.bar.com;server2.bar.com)"
msgstr ""
#: lib/TLS_UI/res/wxTLS_UI.cpp:120
@@ -167,48 +298,59 @@ msgstr ""
msgid "Client certificate to use for authentication"
msgstr ""
#: lib/TLS_UI/res/wxTLS_UI.cpp:165
#: lib/TLS_UI/res/wxTLS_UI.cpp:167
msgid "Custom &identity:"
msgstr ""
#: lib/TLS_UI/res/wxTLS_UI.cpp:172
msgid "Your identity (username@domain) to override one from certificate; or blank to use one provided in certificate"
msgstr ""
#: lib/TLS_UI/res/wxTLS_UI.cpp:176
msgid "(Example: user@contoso.com)"
msgstr ""
#: lib/TLS_UI/res/wxTLS_UI.cpp:184
msgid "Check if you would like to save certificate selection"
msgstr ""
#: lib/TLS_UI/src/TLS_UI.cpp:199
#: lib/TLS_UI/src/TLS_UI.cpp:118
#, c-format
msgid "Invalid character in host name found: %c"
msgstr ""
#: lib/TLS_UI/src/TLS_UI.cpp:199
#: lib/TLS_UI/src/TLS_UI.cpp:118
msgid "Validation conflict"
msgstr ""
#: lib/TLS_UI/src/TLS_UI.cpp:551
#: lib/TLS_UI/src/TLS_UI.cpp:514
msgid "Add Certificate"
msgstr ""
#: lib/TLS_UI/src/TLS_UI.cpp:552
#: lib/TLS_UI/src/TLS_UI.cpp:515
msgid "Certificate Files (*.cer;*.crt;*.der;*.p7b;*.pem)"
msgstr ""
#: lib/TLS_UI/src/TLS_UI.cpp:553
#: lib/TLS_UI/src/TLS_UI.cpp:516
msgid "X.509 Certificate Files (*.cer;*.crt;*.der;*.pem)"
msgstr ""
#: lib/TLS_UI/src/TLS_UI.cpp:554
#: lib/TLS_UI/src/TLS_UI.cpp:517
msgid "PKCS #7 Certificate Files (*.p7b)"
msgstr ""
#: lib/TLS_UI/src/TLS_UI.cpp:555
#: lib/TLS_UI/src/TLS_UI.cpp:518
msgid "All Files (*.*)"
msgstr ""
#: lib/TLS_UI/src/TLS_UI.cpp:571
#: lib/TLS_UI/src/TLS_UI.cpp:534
#, c-format
msgid "Invalid or unsupported certificate file %s"
msgstr ""
#: lib/TLS_UI/src/TLS_UI.cpp:571
#, fuzzy
#: lib/TLS_UI/src/TLS_UI.cpp:534
msgid "Error"
msgstr "Napaka pri nalaganju knjižnice MSI.DLL (%1!ld!)."
msgstr ""
#: lib/TTLS_UI/res/wxTTLS_UI.cpp:17
msgid "Outer Identity"
@@ -219,7 +361,7 @@ msgid "Select the user ID supplicant introduces itself as to authenticator:"
msgstr ""
#: lib/TTLS_UI/res/wxTTLS_UI.cpp:35
msgid "&Same as inner identity"
msgid "&True identity"
msgstr ""
#: lib/TTLS_UI/res/wxTTLS_UI.cpp:36
@@ -246,96 +388,93 @@ msgstr ""
msgid "Custom outer identity to use"
msgstr ""
#: lib/TTLS_UI/src/TTLS_UI.cpp:92
msgid "Outer Authentication"
#: lib/TTLS_UI/src/Module.cpp:231 lib/TTLS_UI/src/Module.cpp:241
#: lib/EAPBase_UI/include/EAP_UI.h:582
#, c-format
msgid "Error writing credentials to Credential Manager: %hs (error %u)"
msgstr ""
#: lib/TTLS_UI/src/TTLS_UI.cpp:105
#: lib/TTLS_UI/src/Module.cpp:233 lib/TTLS_UI/src/Module.cpp:243
#: lib/EAPBase_UI/include/EAP_UI.h:584
msgid "Writing credentials failed."
msgstr ""
#: lib/TTLS_UI/src/TTLS_UI.cpp:108 lib/TTLS_UI/src/TTLS_UI.cpp:215
msgid "Inner Authentication"
msgstr ""
#: lib/TTLS_UI/src/TTLS_UI.cpp:111
#: lib/TTLS_UI/src/TTLS_UI.cpp:114
msgid "Select inner authentication method from the list"
msgstr ""
#: lib/TTLS_UI/src/TTLS_UI.cpp:112
#: lib/TTLS_UI/src/TTLS_UI.cpp:116
msgid "PAP"
msgstr ""
#: lib/EAPBase_UI/include/EAP_UI.h:217
#: lib/TTLS_UI/src/TTLS_UI.cpp:121 lib/TTLS_UI/src/TTLS_UI.cpp:236
msgid "Outer Authentication"
msgstr ""
#: lib/EAPBase_UI/include/EAP_UI.h:253
msgid "EAP Credentials"
msgstr ""
#: lib/EAPBase_UI/include/EAP_UI.h:422
msgid "Provider Settings"
msgstr ""
#: lib/EAPBase_UI/include/EAP_UI.h:502 lib/EAPBase_UI/include/EAP_UI.h:529
msgid "<blank>"
msgstr ""
#: lib/EAPBase_UI/include/EAP_UI.h:223
#: lib/EAPBase_UI/include/EAP_UI.h:508
#, c-format
msgid "<error %u>"
msgstr ""
#: lib/EAPBase_UI/include/EAP_UI.h:246
#: lib/EAPBase_UI/include/EAP_UI.h:568
#, c-format
msgid "Error reading credentials from Credential Manager: %hs (error %u)"
msgstr ""
#: lib/EAPBase_UI/include/EAP_UI.h:570
msgid "Reading credentials failed."
msgstr ""
#: lib/EAPBase_UI/include/EAP_UI.h:595
#, c-format
msgid "Deleting credentials failed (error %u)."
msgstr ""
#: lib/EAPBase_UI/include/EAP_UI.h:300
#, c-format
msgid "Error reading credentials from Credential Manager: %ls (error %u)"
#: lib/EAPBase_UI/include/EAP_UI.h:817
msgid "<Your Organization>"
msgstr ""
#: lib/EAPBase_UI/include/EAP_UI.h:303
#, c-format
msgid "Reading credentials failed (error %u)."
msgstr ""
#: lib/EAPBase_UI/include/EAP_UI.h:318
#, c-format
msgid "Error writing credentials to Credential Manager: %ls (error %u)"
msgstr ""
#: lib/EAPBase_UI/include/EAP_UI.h:321
#, c-format
msgid "Writing credentials failed (error %u)."
msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.h:56
#: lib/EAPBase_UI/res/wxEAP_UI.h:60
msgid "EAP Method Configuration"
msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.h:81
msgid "EAP Credentials"
msgstr ""
#: EAPMethods/MSIBuild/En.Win32.Debug.Feature-2.idtx:3
#: EAPMethods/MSIBuild/En.Win32.Release.Feature-2.idtx:3
#: EAPMethods/MSIBuild/En.x64.Debug.Feature-2.idtx:3
#: EAPMethods/MSIBuild/En.x64.Release.Feature-2.idtx:3
#, fuzzy
msgid "1252"
msgstr "1250"
#: EAPMethods/MSIBuild/En.Win32.Debug.Feature-2.idtx:4
#: EAPMethods/MSIBuild/En.Win32.Release.Feature-2.idtx:4
#: EAPMethods/MSIBuild/En.x64.Debug.Feature-2.idtx:4
#: EAPMethods/MSIBuild/En.x64.Release.Feature-2.idtx:4
msgid "EAP Peer Methods"
msgstr ""
#: EAPMethods/MSIBuild/En.Win32.Debug.Feature-2.idtx:4
#: EAPMethods/MSIBuild/En.Win32.Release.Feature-2.idtx:4
#: EAPMethods/MSIBuild/En.x64.Debug.Feature-2.idtx:4
#: EAPMethods/MSIBuild/En.x64.Release.Feature-2.idtx:4
msgid "EAP Methods"
msgstr ""
#: EAPMethods/MSIBuild/En.Win32.Release.Feature-2.idtx:4
#: EAPMethods/MSIBuild/En.x64.Release.Feature-2.idtx:4
msgid "Modules to support individual EAP methods"
msgstr ""
#: EAPMethods/MSIBuild/En.Win32.Debug.Feature-2.idtx:5
#: EAPMethods/MSIBuild/En.Win32.Release.Feature-2.idtx:5
#: EAPMethods/MSIBuild/En.x64.Debug.Feature-2.idtx:5
#: EAPMethods/MSIBuild/En.x64.Release.Feature-2.idtx:5
msgid "TTLS"
msgstr ""
#: EAPMethods/MSIBuild/En.Win32.Debug.Feature-2.idtx:5
#: EAPMethods/MSIBuild/En.Win32.Release.Feature-2.idtx:5
#: EAPMethods/MSIBuild/En.x64.Debug.Feature-2.idtx:5
#: EAPMethods/MSIBuild/En.x64.Release.Feature-2.idtx:5
msgid "Tunneled Transport Layer Security"
msgstr ""

12
EventMonitor/App.cpp
View File

@@ -66,12 +66,12 @@ bool wxEventMonitorApp::OnInit()
#ifdef __WXMSW__
// Find EventMonitor window if already running.
HWND okno = ::FindWindow(_T("wxWindowNR"), _("Event Monitor"));
if (okno) {
if (::IsIconic(okno))
::SendMessage(okno, WM_SYSCOMMAND, SC_RESTORE, 0);
::SetActiveWindow(okno);
::SetForegroundWindow(okno);
HWND hWnd = ::FindWindow(_T("wxWindowNR"), _("Event Monitor"));
if (hWnd) {
if (::IsIconic(hWnd))
::SendMessage(hWnd, WM_SYSCOMMAND, SC_RESTORE, 0);
::SetActiveWindow(hWnd);
::SetForegroundWindow(hWnd);
// Not an error condition actually; Just nothing else to do...
return false;

BIN
Makefile
View File

Binary file not shown.

2
include/Common.props
View File

@@ -32,7 +32,7 @@
<ItemDefinitionGroup>
<ClCompile>
<WarningLevel>Level4</WarningLevel>
<PreprocessorDefinitions>_WIN32_WINNT=0x0600;ISOLATION_AWARE_ENABLED=1;CERT_CHAIN_PARA_HAS_EXTRA_FIELDS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>_WIN32_WINNT=0x0600;ISOLATION_AWARE_ENABLED=1;SECURITY_WIN32;CERT_CHAIN_PARA_HAS_EXTRA_FIELDS;EAP_TLS=1;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PrecompiledHeader>Use</PrecompiledHeader>
<PrecompiledHeaderFile>StdAfx.h</PrecompiledHeaderFile>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>

10
include/Version.h
View File

@@ -29,7 +29,7 @@
// Product version as a single DWORD
// Note: Used for version comparison within C/C++ code.
//
#define PRODUCT_VERSION 0x00ff0a00
#define PRODUCT_VERSION 0x00ff0c00
//
// Product version by components
@@ -39,26 +39,26 @@
//
#define PRODUCT_VERSION_MAJ 0
#define PRODUCT_VERSION_MIN 255
#define PRODUCT_VERSION_REV 10
#define PRODUCT_VERSION_REV 12
#define PRODUCT_VERSION_BUILD 0
//
// Human readable product version and build year for UI
//
#define PRODUCT_VERSION_STR "1.0-alpha10-owntls"
#define PRODUCT_VERSION_STR "1.0-alpha12"
#define PRODUCT_BUILD_YEAR_STR "2016"
//
// Numerical version presentation for ProductVersion propery in
// MSI packages (syntax: N.N[.N[.N]])
//
#define PRODUCT_VERSION_INST "0.255.10"
#define PRODUCT_VERSION_INST "0.255.12"
//
// The product code for ProductCode property in MSI packages
// Replace with new on every version change, regardless how minor it is.
//
#define PRODUCT_VERSION_GUID "{C3675615-0D70-47C7-9BCB-B683A77C6ED6}"
#define PRODUCT_VERSION_GUID "{6F5B0B97-B6BB-4D3E-9FEC-41E6CDC3868F}"
//
// Since the product name is not finally confirmed at the time of

18
lib/EAPBase/include/Config.h
View File

@@ -40,14 +40,14 @@ namespace eap
class config_method_with_cred;
///
/// Base class for single provider configuration storage
/// Provider configuration storage
///
class config_provider;
///
/// Base class for the list of providers configuration storage
/// Connection configuration storage
///
class config_provider_list;
class config_connection;
}
///
@@ -454,7 +454,7 @@ namespace eap
};
class config_provider_list : public config
class config_connection : public config
{
public:
///
@@ -462,21 +462,21 @@ namespace eap
///
/// \param[in] mod EAP module to use for global services
///
config_provider_list(_In_ module &mod);
config_connection(_In_ module &mod);
///
/// Copies configuration
///
/// \param[in] other Configuration to copy from
///
config_provider_list(_In_ const config_provider_list &other);
config_connection(_In_ const config_connection &other);
///
/// Moves configuration
///
/// \param[in] other Configuration to move from
///
config_provider_list(_Inout_ config_provider_list &&other);
config_connection(_Inout_ config_connection &&other);
///
/// Copies configuration
@@ -485,7 +485,7 @@ namespace eap
///
/// \returns Reference to this object
///
config_provider_list& operator=(_In_ const config_provider_list &other);
config_connection& operator=(_In_ const config_connection &other);
///
/// Moves configuration
@@ -494,7 +494,7 @@ namespace eap
///
/// \returns Reference to this object
///
config_provider_list& operator=(_Inout_ config_provider_list &&other);
config_connection& operator=(_Inout_ config_connection &&other);
///
/// Clones configuration

57
lib/EAPBase/include/Credentials.h
View File

@@ -120,6 +120,52 @@ namespace eap
///
virtual bool empty() const;
/// \name XML configuration management
/// @{
///
/// Save to XML document
///
/// \param[in] pDoc XML document
/// \param[in] pConfigRoot Suggested root element for saving
///
virtual void save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const;
///
/// Load from XML document
///
/// \param[in] pConfigRoot Root element for loading
///
virtual void load(_In_ IXMLDOMNode *pConfigRoot);
/// @}
/// \name BLOB management
/// @{
///
/// Packs a configuration
///
/// \param[inout] cursor Memory cursor
///
virtual void operator<<(_Inout_ cursor_out &cursor) const;
///
/// Returns packed size of a configuration
///
/// \returns Size of data when packed (in bytes)
///
virtual size_t get_pk_size() const;
///
/// Unpacks a configuration
///
/// \param[inout] cursor Memory cursor
///
virtual void operator>>(_Inout_ cursor_in &cursor);
/// @}
/// \name Storage
/// @{
@@ -164,12 +210,15 @@ namespace eap
///
/// Returns credential identity.
///
virtual std::wstring get_identity() const = 0;
virtual std::wstring get_identity() const;
///
/// Returns credential name (for GUI display).
///
virtual winstd::tstring get_name() const;
public:
std::wstring m_identity; ///< Identity (username\@domain, certificate name etc.)
};
@@ -294,13 +343,7 @@ namespace eap
/// @}
///
/// Returns credential identity.
///
virtual std::wstring get_identity() const;
public:
std::wstring m_identity; ///< Identity (username\@domain, certificate name etc.)
winstd::sanitizing_wstring m_password; ///< Password
private:

50
lib/EAPBase/include/EAP.h
View File

@@ -391,6 +391,31 @@ template<size_t N> inline size_t pksizeof(_In_ const eap::sanitizing_blob_f<N> &
///
template<size_t N> inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ eap::sanitizing_blob_f<N> &val);
///
/// Packs a GUID
///
/// \param[inout] cursor Memory cursor
/// \param[in] val Variable with data to pack
///
inline void operator<<(_Inout_ eap::cursor_out &cursor, _In_ const GUID &val);
///
/// Returns packed size of a GUID
///
/// \param[in] val Data to pack
///
/// \returns Size of data when packed (in bytes)
///
inline size_t pksizeof(_In_ const GUID &val);
///
/// Unpacks a GUID
///
/// \param[inout] cursor Memory cursor
/// \param[out] val Variable to receive unpacked value
///
inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ GUID &val);
#ifndef htonll
///
/// Convert host converts an unsigned __int64 from host to TCP/IP network byte order.
@@ -975,6 +1000,31 @@ inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ eap::sanitizing_blo
}
inline void operator<<(_Inout_ eap::cursor_out &cursor, _In_ const GUID &val)
{
eap::cursor_out::ptr_type ptr_end = cursor.ptr + sizeof(GUID);
assert(ptr_end <= cursor.ptr_end);
memcpy(cursor.ptr, &val, sizeof(GUID));
cursor.ptr = ptr_end;
}
inline size_t pksizeof(_In_ const GUID &val)
{
UNREFERENCED_PARAMETER(val);
return sizeof(GUID);
}
inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ GUID &val)
{
eap::cursor_in::ptr_type ptr_end = cursor.ptr + sizeof(GUID);
assert(ptr_end <= cursor.ptr_end);
memcpy(&val, cursor.ptr, sizeof(GUID));
cursor.ptr = ptr_end;
}
#ifndef htonll
inline unsigned __int64 htonll(unsigned __int64 val)

10
lib/EAPBase/include/Method.h
View File

@@ -51,10 +51,10 @@ namespace eap
/// Constructs an EAP method
///
/// \param[in] mod EAP module to use for global services
/// \param[in] cfg Providers configuration
/// \param[in] cfg Connection configuration
/// \param[in] cred User credentials
///
method(_In_ module &module, _In_ config_provider_list &cfg, _In_ credentials &cred);
method(_In_ module &module, _In_ config_connection &cfg, _In_ credentials &cred);
///
@@ -130,8 +130,8 @@ namespace eap
method& operator=(_In_ const method &other);
public:
module &m_module; ///< EAP module
config_provider_list &m_cfg; ///< Providers configuration
credentials &m_cred; ///< User credentials
module &m_module; ///< EAP module
config_connection &m_cfg; ///< Connection configuration
credentials &m_cred; ///< User credentials
};
}

28
lib/EAPBase/src/Config.cpp
View File

@@ -609,40 +609,40 @@ void eap::config_provider::operator>>(_Inout_ cursor_in &cursor)
//////////////////////////////////////////////////////////////////////
// eap::config_provider_list
// eap::config_connection
//////////////////////////////////////////////////////////////////////
eap::config_provider_list::config_provider_list(_In_ module &mod) : config(mod)
eap::config_connection::config_connection(_In_ module &mod) : config(mod)
{
}
eap::config_provider_list::config_provider_list(_In_ const config_provider_list &other) :
eap::config_connection::config_connection(_In_ const config_connection &other) :
m_providers(other.m_providers),
config(other)
{
}
eap::config_provider_list::config_provider_list(_Inout_ config_provider_list &&other) :
eap::config_connection::config_connection(_Inout_ config_connection &&other) :
m_providers(std::move(other.m_providers)),
config(std::move(other))
{
}
eap::config_provider_list& eap::config_provider_list::operator=(_In_ const config_provider_list &other)
eap::config_connection& eap::config_connection::operator=(_In_ const config_connection &other)
{
if (this != &other) {
(config&)*this = other;
m_providers = other.m_providers;
m_providers = other.m_providers;
}
return *this;
}
eap::config_provider_list& eap::config_provider_list::operator=(_Inout_ config_provider_list &&other)
eap::config_connection& eap::config_connection::operator=(_Inout_ config_connection &&other)
{
if (this != &other) {
(config&&)*this = std::move(other);
@@ -653,13 +653,13 @@ eap::config_provider_list& eap::config_provider_list::operator=(_Inout_ config_p
}
eap::config* eap::config_provider_list::clone() const
eap::config* eap::config_connection::clone() const
{
return new config_provider_list(*this);
return new config_connection(*this);
}
void eap::config_provider_list::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const
void eap::config_connection::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const
{
config::save(pDoc, pConfigRoot);
@@ -686,7 +686,7 @@ void eap::config_provider_list::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNod
}
void eap::config_provider_list::load(_In_ IXMLDOMNode *pConfigRoot)
void eap::config_connection::load(_In_ IXMLDOMNode *pConfigRoot)
{
assert(pConfigRoot);
HRESULT hr;
@@ -714,14 +714,14 @@ void eap::config_provider_list::load(_In_ IXMLDOMNode *pConfigRoot)
}
void eap::config_provider_list::operator<<(_Inout_ cursor_out &cursor) const
void eap::config_connection::operator<<(_Inout_ cursor_out &cursor) const
{
config::operator<<(cursor);
cursor << m_providers;
}
size_t eap::config_provider_list::get_pk_size() const
size_t eap::config_connection::get_pk_size() const
{
return
config::get_pk_size() +
@@ -729,7 +729,7 @@ size_t eap::config_provider_list::get_pk_size() const
}
void eap::config_provider_list::operator>>(_Inout_ cursor_in &cursor)
void eap::config_connection::operator>>(_Inout_ cursor_in &cursor)
{
config::operator>>(cursor);

101
lib/EAPBase/src/Credentials.cpp
View File

@@ -36,12 +36,14 @@ eap::credentials::credentials(_In_ module &mod) : config(mod)
eap::credentials::credentials(_In_ const credentials &other) :
m_identity(other.m_identity),
config(other)
{
}
eap::credentials::credentials(_Inout_ credentials &&other) :
m_identity(std::move(other.m_identity)),
config(std::move(other))
{
}
@@ -49,8 +51,10 @@ eap::credentials::credentials(_Inout_ credentials &&other) :
eap::credentials& eap::credentials::operator=(_In_ const credentials &other)
{
if (this != &other)
if (this != &other) {
(config&)*this = other;
m_identity = other.m_identity;
}
return *this;
}
@@ -58,8 +62,10 @@ eap::credentials& eap::credentials::operator=(_In_ const credentials &other)
eap::credentials& eap::credentials::operator=(_Inout_ credentials &&other)
{
if (this != &other)
if (this != &other) {
(config&)*this = std::move(other);
m_identity = std::move(other.m_identity);
}
return *this;
}
@@ -67,13 +73,73 @@ eap::credentials& eap::credentials::operator=(_Inout_ credentials &&other)
void eap::credentials::clear()
{
m_identity.clear();
}
bool eap::credentials::empty() const
{
// Base class always report empty credentials.
return true;
return m_identity.empty();
}
void eap::credentials::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const
{
assert(pDoc);
assert(pConfigRoot);
config::save(pDoc, pConfigRoot);
const bstr bstrNamespace(L"urn:ietf:params:xml:ns:yang:ietf-eap-metadata");
HRESULT hr;
// <UserName>
if (FAILED(hr = eapxml::put_element_value(pDoc, pConfigRoot, bstr(L"UserName"), bstrNamespace, bstr(m_identity))))
throw com_runtime_error(hr, __FUNCTION__ " Error creating <UserName> element.");
}
void eap::credentials::load(_In_ IXMLDOMNode *pConfigRoot)
{
assert(pConfigRoot);
HRESULT hr;
config::load(pConfigRoot);
std::wstring xpath(eapxml::get_xpath(pConfigRoot));
if (FAILED(hr = eapxml::get_element_value(pConfigRoot, bstr(L"eap-metadata:UserName"), m_identity)))
throw com_runtime_error(hr, __FUNCTION__ " Error reading <UserName> element.");
m_module.log_config((xpath + L"/UserName").c_str(), m_identity.c_str());
}
void eap::credentials::operator<<(_Inout_ cursor_out &cursor) const
{
config::operator<<(cursor);
cursor << m_identity;
}
size_t eap::credentials::get_pk_size() const
{
return
config::get_pk_size() +
pksizeof(m_identity);
}
void eap::credentials::operator>>(_Inout_ cursor_in &cursor)
{
config::operator>>(cursor);
cursor >> m_identity;
}
wstring eap::credentials::get_identity() const
{
return m_identity;
}
@@ -93,7 +159,6 @@ eap::credentials_pass::credentials_pass(_In_ module &mod) : credentials(mod)
eap::credentials_pass::credentials_pass(_In_ const credentials_pass &other) :
m_identity(other.m_identity),
m_password(other.m_password),
credentials(other)
{
@@ -101,7 +166,6 @@ eap::credentials_pass::credentials_pass(_In_ const credentials_pass &other) :
eap::credentials_pass::credentials_pass(_Inout_ credentials_pass &&other) :
m_identity(std::move(other.m_identity)),
m_password(std::move(other.m_password)),
credentials(std::move(other))
{
@@ -112,7 +176,6 @@ eap::credentials_pass& eap::credentials_pass::operator=(_In_ const credentials_p
{
if (this != &other) {
(credentials&)*this = other;
m_identity = other.m_identity;
m_password = other.m_password;
}
@@ -124,7 +187,6 @@ eap::credentials_pass& eap::credentials_pass::operator=(_Inout_ credentials_pass
{
if (this != &other) {
(credentials&)*this = std::move(other);
m_identity = std::move(other.m_identity);
m_password = std::move(other.m_password);
}
@@ -135,14 +197,13 @@ eap::credentials_pass& eap::credentials_pass::operator=(_Inout_ credentials_pass
void eap::credentials_pass::clear()
{
credentials::clear();
m_identity.clear();
m_password.clear();
}
bool eap::credentials_pass::empty() const
{
return credentials::empty() && m_identity.empty() && m_password.empty();
return credentials::empty() && m_password.empty();
}
@@ -156,10 +217,6 @@ void eap::credentials_pass::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *p
const bstr bstrNamespace(L"urn:ietf:params:xml:ns:yang:ietf-eap-metadata");
HRESULT hr;
// <UserName>
if (FAILED(hr = eapxml::put_element_value(pDoc, pConfigRoot, bstr(L"UserName"), bstrNamespace, bstr(m_identity))))
throw com_runtime_error(hr, __FUNCTION__ " Error creating <UserName> element.");
// <Password>
bstr pass(m_password);
hr = eapxml::put_element_value(pDoc, pConfigRoot, bstr(L"Password"), bstrNamespace, pass);
@@ -178,11 +235,6 @@ void eap::credentials_pass::load(_In_ IXMLDOMNode *pConfigRoot)
std::wstring xpath(eapxml::get_xpath(pConfigRoot));
if (FAILED(hr = eapxml::get_element_value(pConfigRoot, bstr(L"eap-metadata:UserName"), m_identity)))
throw com_runtime_error(hr, __FUNCTION__ " Error reading <UserName> element.");
m_module.log_config((xpath + L"/UserName").c_str(), m_identity.c_str());
bstr pass;
if (FAILED(hr = eapxml::get_element_value(pConfigRoot, bstr(L"eap-metadata:Password"), &pass)))
throw com_runtime_error(hr, __FUNCTION__ " Error reading <Password> element.");
@@ -202,7 +254,6 @@ void eap::credentials_pass::load(_In_ IXMLDOMNode *pConfigRoot)
void eap::credentials_pass::operator<<(_Inout_ cursor_out &cursor) const
{
credentials::operator<<(cursor);
cursor << m_identity;
cursor << m_password;
}
@@ -211,7 +262,6 @@ size_t eap::credentials_pass::get_pk_size() const
{
return
credentials::get_pk_size() +
pksizeof(m_identity) +
pksizeof(m_password);
}
@@ -219,7 +269,6 @@ size_t eap::credentials_pass::get_pk_size() const
void eap::credentials_pass::operator>>(_Inout_ cursor_in &cursor)
{
credentials::operator>>(cursor);
cursor >> m_identity;
cursor >> m_password;
}
@@ -289,7 +338,7 @@ void eap::credentials_pass::retrieve(_In_z_ LPCTSTR pszTargetName)
m_identity.clear();
wstring xpath(pszTargetName);
m_module.log_config((xpath + L"/Username").c_str(), m_identity.c_str());
m_module.log_config((xpath + L"/Identity").c_str(), m_identity.c_str());
m_module.log_config((xpath + L"/Password").c_str(),
#ifdef _DEBUG
m_password.c_str()
@@ -300,12 +349,6 @@ void eap::credentials_pass::retrieve(_In_z_ LPCTSTR pszTargetName)
}
std::wstring eap::credentials_pass::get_identity() const
{
return m_identity;
}
const unsigned char eap::credentials_pass::s_entropy[1024] = {
0x40, 0x88, 0xd3, 0x13, 0x81, 0x8a, 0xf6, 0x74, 0x55, 0x8e, 0xcc, 0x73, 0x2c, 0xf8, 0x93, 0x37,
0x4f, 0xeb, 0x1d, 0x66, 0xb7, 0xfb, 0x47, 0x75, 0xb4, 0xfd, 0x07, 0xbb, 0xf6, 0xb3, 0x05, 0x30,

2
lib/EAPBase/src/Method.cpp
View File

@@ -28,7 +28,7 @@ using namespace winstd;
// eap::method
//////////////////////////////////////////////////////////////////////
eap::method::method(_In_ module &module, _In_ config_provider_list &cfg, _In_ credentials &cred) :
eap::method::method(_In_ module &module, _In_ config_connection &cfg, _In_ credentials &cred) :
m_module(module),
m_cfg(cfg),
m_cred(cred)

22
lib/EAPBase/src/Module.cpp
View File

@@ -91,20 +91,26 @@ EAP_ERROR* eap::module::make_error(_In_ std::exception &err) const
MultiByteToWideChar(CP_ACP, 0, err.what(), -1, what);
{
win_runtime_error &e(dynamic_cast<win_runtime_error&>(err));
if (&e)
return make_error(e.number(), what.c_str());
win_runtime_error *e = dynamic_cast<win_runtime_error*>(&err);
if (e)
return make_error(e->number(), what.c_str());
}
{
com_runtime_error &e(dynamic_cast<com_runtime_error&>(err));
if (&e)
return make_error(HRESULT_CODE(e.number()), what.c_str());
com_runtime_error *e = dynamic_cast<com_runtime_error*>(&err);
if (e)
return make_error(HRESULT_CODE(e->number()), what.c_str());
}
{
invalid_argument &e(dynamic_cast<invalid_argument&>(err));
if (&e)
sec_runtime_error *e = dynamic_cast<sec_runtime_error*>(&err);
if (e)
return make_error(SCODE_CODE(e->number()), what.c_str());
}
{
invalid_argument *e = dynamic_cast<invalid_argument*>(&err);
if (e)
return make_error(ERROR_INVALID_PARAMETER, what.c_str());
}

1
lib/EAPBase/src/StdAfx.h
View File

@@ -30,5 +30,6 @@
#include <WinStd/Cred.h>
#include <WinStd/ETW.h>
#include <WinStd/Sec.h>
#include <EventsETW.h>

72
lib/EAPBase_UI/include/EAP_UI.h
View File

@@ -100,6 +100,14 @@ inline bool wxSetIconFromResource(wxStaticBitmap *bmp, wxIcon &icon, HINSTANCE h
///
inline wxString wxEAPGetProviderName(const std::wstring &id);
namespace eap
{
///
/// Base class to prevent multiple instances of the same dialog
///
class monitor_ui;
}
#pragma once
#include <wx/msw/winundef.h> // Fixes `CreateDialog` name collision
@@ -142,10 +150,10 @@ public:
///
/// Constructs a configuration dialog
///
/// \param[inout] cfg Providers configuration data
/// \param[inout] cfg Connection configuration
/// \param[in] parent Parent window
///
wxEAPConfigDialog(eap::config_provider_list &cfg, wxWindow* parent) :
wxEAPConfigDialog(eap::config_connection &cfg, wxWindow* parent) :
m_cfg(cfg),
wxEAPConfigDialogBase(parent)
{
@@ -207,7 +215,7 @@ protected:
protected:
eap::config_provider_list &m_cfg; ///< EAP providers configuration
eap::config_connection &m_cfg; ///< Connection configuration
};
@@ -217,7 +225,7 @@ public:
///
/// Constructs a dialog
///
wxEAPGeneralDialog(wxWindow* parent, const wxString& title = wxEmptyString);
wxEAPGeneralDialog(wxWindow *parent, wxWindowID id = wxID_ANY, const wxString &title = wxEmptyString, const wxPoint &pos = wxDefaultPosition, const wxSize &size = wxDefaultSize, long style = wxDEFAULT_DIALOG_STYLE);
///
/// Adds panels to the dialog
@@ -242,7 +250,7 @@ public:
///
/// Constructs a credential dialog
///
wxEAPCredentialsDialog(const eap::config_provider &prov, wxWindow* parent);
wxEAPCredentialsDialog(const eap::config_provider &prov, wxWindow *parent, wxWindowID id = wxID_ANY, const wxString &title = _("EAP Credentials"), const wxPoint &pos = wxDefaultPosition, const wxSize &size = wxDefaultSize, long style = wxDEFAULT_DIALOG_STYLE);
};
@@ -411,7 +419,7 @@ public:
/// \param[inout] prov Provider configuration data
/// \param[in] parent Parent window
///
wxEAPConfigProvider(eap::config_provider &prov, wxWindow* parent);
wxEAPConfigProvider(eap::config_provider &prov, wxWindow *parent, wxWindowID id = wxID_ANY, const wxString &title = _("Provider Settings"), const wxPoint &pos = wxDefaultPosition, const wxSize &size = wxDefaultSize, long style = wxDEFAULT_DIALOG_STYLE);
protected:
eap::config_provider &m_prov; ///< EAP method configuration
@@ -808,3 +816,55 @@ inline wxString wxEAPGetProviderName(const std::wstring &id)
return
!id.empty() ? id : _("<Your Organization>");
}
namespace eap
{
class monitor_ui
{
public:
monitor_ui(_In_ HINSTANCE module, _In_ const GUID &guid);
virtual ~monitor_ui();
void set_popup(_In_ HWND hwnd);
void release_slaves(_In_bytecount_(size) const void *data, _In_ size_t size) const;
inline bool is_master() const
{
return m_is_master;
}
inline bool is_slave() const
{
return !is_master();
}
inline const std::vector<unsigned char>& master_data() const
{
return m_data;
}
protected:
virtual LRESULT winproc(
_In_ UINT msg,
_In_ WPARAM wparam,
_In_ LPARAM lparam);
static LRESULT CALLBACK winproc(
_In_ HWND hwnd,
_In_ UINT msg,
_In_ WPARAM wparam,
_In_ LPARAM lparam);
protected:
bool m_is_master; ///< Is this monitor master?
HWND m_hwnd; ///< Message window handle
std::list<HWND> m_slaves; ///< List of slaves to notify on finish
HWND m_hwnd_popup; ///< Pop-up window handle
std::vector<unsigned char> m_data; ///< Data master sent
// Custom window messages
static const UINT s_msg_attach; ///< Slave sends this message to attach to master
static const UINT s_msg_finish; ///< Master sends this message to slaves to notify them it has finished (wparam has size, lparam has data)
};
}

2
lib/EAPBase_UI/res/wxEAP_UI.cpp
View File

@@ -412,7 +412,7 @@ wxEAPProviderIdentityPanelBase::wxEAPProviderIdentityPanelBase( wxWindow* parent
sb_provider_helpdesk_inner->Add( m_provider_web_icon, 0, wxALIGN_CENTER_VERTICAL|wxBOTTOM|wxRIGHT, 5 );
m_provider_web = new wxTextCtrl( sb_provider_id->GetStaticBox(), wxID_ANY, wxEmptyString, wxDefaultPosition, wxDefaultSize, 0 );
m_provider_web->SetToolTip( _("Your helpdesk website") );
m_provider_web->SetToolTip( _("Your helpdesk website address") );
sb_provider_helpdesk_inner->Add( m_provider_web, 1, wxEXPAND|wxALIGN_CENTER_VERTICAL|wxBOTTOM, 5 );

2
lib/EAPBase_UI/res/wxEAP_UI.fbp
View File

@@ -3370,7 +3370,7 @@
<property name="style"></property>
<property name="subclass"></property>
<property name="toolbar_pane">0</property>
<property name="tooltip">Your helpdesk website</property>
<property name="tooltip">Your helpdesk website address</property>
<property name="validator_data_type"></property>
<property name="validator_style">wxFILTER_NONE</property>
<property name="validator_type">wxDefaultValidator</property>

205
lib/EAPBase_UI/src/EAP_UI.cpp
View File

@@ -41,7 +41,8 @@ bool wxEAPBannerPanel::AcceptsFocusFromKeyboard() const
// wxEAPGeneralDialog
//////////////////////////////////////////////////////////////////////
wxEAPGeneralDialog::wxEAPGeneralDialog(wxWindow* parent, const wxString& title) : wxEAPGeneralDialogBase(parent, wxID_ANY, title)
wxEAPGeneralDialog::wxEAPGeneralDialog(wxWindow *parent, wxWindowID id, const wxString &title, const wxPoint &pos, const wxSize &size, long style) :
wxEAPGeneralDialogBase(parent, id, title, pos, size, style)
{
// Set extra style here, as wxFormBuilder overrides all default flags.
this->SetExtraStyle(this->GetExtraStyle() | wxWS_EX_VALIDATE_RECURSIVELY);
@@ -80,7 +81,8 @@ void wxEAPGeneralDialog::OnInitDialog(wxInitDialogEvent& event)
// wxEAPCredentialsDialog
//////////////////////////////////////////////////////////////////////
wxEAPCredentialsDialog::wxEAPCredentialsDialog(const eap::config_provider &prov, wxWindow* parent) : wxEAPGeneralDialog(parent, _("EAP Credentials"))
wxEAPCredentialsDialog::wxEAPCredentialsDialog(const eap::config_provider &prov, wxWindow *parent, wxWindowID id, const wxString &title, const wxPoint &pos, const wxSize &size, long style) :
wxEAPGeneralDialog(parent, id, title, pos, size, style)
{
// Set banner title.
m_banner->m_title->SetLabel(wxString::Format(_("%s Credentials"), wxEAPGetProviderName(prov.m_id).c_str()));
@@ -328,12 +330,12 @@ bool wxEAPProviderLockPanel::TransferDataFromWindow()
// wxEAPConfigProvider
//////////////////////////////////////////////////////////////////////
wxEAPConfigProvider::wxEAPConfigProvider(eap::config_provider &prov, wxWindow* parent) :
wxEAPConfigProvider::wxEAPConfigProvider(eap::config_provider &prov, wxWindow *parent, wxWindowID id, const wxString &title, const wxPoint &pos, const wxSize &size, long style) :
m_prov(prov),
wxEAPGeneralDialog(parent, _("Provider Settings"))
wxEAPGeneralDialog(parent, id, title, pos, size, style)
{
// Set banner title.
m_banner->m_title->SetLabel(_("Provider Settings"));
m_banner->m_title->SetLabel(title);
m_identity = new wxEAPProviderIdentityPanel(prov, this);
AddContent(m_identity);
@@ -343,3 +345,196 @@ wxEAPConfigProvider::wxEAPConfigProvider(eap::config_provider &prov, wxWindow* p
m_identity->m_provider_name->SetFocusFromKbd();
}
using namespace std;
using namespace winstd;
//////////////////////////////////////////////////////////////////////
// eap::monitor_ui
//////////////////////////////////////////////////////////////////////
eap::monitor_ui::monitor_ui(_In_ HINSTANCE module, _In_ const GUID &guid) :
m_hwnd_popup(NULL)
{
// Verify if the monitor is already running.
const WNDCLASSEX wnd_class_desc = {
sizeof(WNDCLASSEX), // cbSize
0, // style
winproc, // lpfnWndProc
0, // cbClsExtra
0, // cbWndExtra
module, // hInstance
NULL, // hIcon
NULL, // hCursor
NULL, // hbrBackground
NULL, // lpszMenuName
_T(__FUNCTION__), // lpszClassName
NULL // hIconSm
};
ATOM wnd_class = RegisterClassEx(&wnd_class_desc);
if (!wnd_class)
throw win_runtime_error(__FUNCTION__ " Error registering master monitor window class.");
tstring_guid guid_str(guid);
HWND hwnd_master = FindWindowEx(HWND_MESSAGE, NULL, (LPCTSTR)wnd_class, guid_str.c_str());
if (hwnd_master) {
// Another monitor is already running.
m_is_master = false;
// Register slave windows class slightly different, not to include slaves in FindWindowEx().
const WNDCLASSEX wnd_class_desc = {
sizeof(WNDCLASSEX), // cbSize
0, // style
winproc, // lpfnWndProc
0, // cbClsExtra
0, // cbWndExtra
module, // hInstance
NULL, // hIcon
NULL, // hCursor
NULL, // hbrBackground
NULL, // lpszMenuName
_T(__FUNCTION__) _T("-Slave"), // lpszClassName
NULL // hIconSm
};
wnd_class = RegisterClassEx(&wnd_class_desc);
if (!wnd_class)
throw win_runtime_error(__FUNCTION__ " Error registering slave monitor window class.");
} else {
// This is a fresh monitor.
m_is_master = true;
}
m_hwnd = CreateWindowEx(
0, // dwExStyle
(LPCTSTR)wnd_class, // lpClassName
guid_str.c_str(), // lpWindowName
0, // dwStyle
0, // x
0, // y
0, // nWidth
0, // nHeight
HWND_MESSAGE, // hWndParent
NULL, // hMenu
module, // hInstance
this); // lpParam
if (!m_is_master) {
// Notify master we are waiting him.
SendMessage(hwnd_master, s_msg_attach, 0, (LPARAM)m_hwnd);
// Slaves must pump message queue until finished.
MSG msg;
while (GetMessage(&msg, NULL, 0, 0) > 0) {
TranslateMessage(&msg);
DispatchMessage(&msg);
}
}
}
eap::monitor_ui::~monitor_ui()
{
if (m_hwnd)
DestroyWindow(m_hwnd);
}
void eap::monitor_ui::set_popup(_In_ HWND hwnd)
{
m_hwnd_popup = hwnd;
}
void eap::monitor_ui::release_slaves(_In_bytecount_(size) const void *data, _In_ size_t size) const
{
assert(!size || data);
for (list<HWND>::const_iterator slave = m_slaves.begin(), slave_end = m_slaves.end(); slave != slave_end; ++slave) {
// Get slave's PID.
DWORD pid_slave;
GetWindowThreadProcessId(*slave, &pid_slave);
// Get slave's process handle.
process proc_slave;
if (!proc_slave.open(PROCESS_VM_OPERATION | PROCESS_VM_WRITE, 0, pid_slave))
continue;
// Allocate memory in slave's virtual memory space and save data to it.
vmemory mem_slave;
if (!mem_slave.alloc(proc_slave, NULL, size, MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE))
continue;
if (!WriteProcessMemory(proc_slave, mem_slave, data, size, NULL))
continue;
// Notify slave. Use SendMessage(), not PostMessage(), as memory will get cleaned up.
SendMessage(*slave, s_msg_finish, (WPARAM)size, (LPARAM)(LPVOID)mem_slave);
}
}
LRESULT eap::monitor_ui::winproc(
_In_ UINT msg,
_In_ WPARAM wparam,
_In_ LPARAM lparam)
{
UNREFERENCED_PARAMETER(wparam);
if (msg == s_msg_attach) {
// Attach a new slave.
assert(m_is_master);
m_slaves.push_back((HWND)lparam);
if (m_hwnd_popup) {
// Bring pop-up window up.
if (::IsIconic(m_hwnd_popup))
::SendMessage(m_hwnd_popup, WM_SYSCOMMAND, SC_RESTORE, 0);
::SetActiveWindow(m_hwnd_popup);
::SetForegroundWindow(m_hwnd_popup);
}
return TRUE;
} else if (msg == s_msg_finish) {
// Master finished.
assert(!m_is_master);
m_data.assign((const unsigned char*)lparam, (const unsigned char*)lparam + wparam);
// Finish slave too.
DestroyWindow(m_hwnd);
return TRUE;
} else if (msg == WM_DESTROY) {
// Stop the message pump.
PostQuitMessage(0);
return 0;
}
return DefWindowProc(m_hwnd, msg, wparam, lparam);
}
LRESULT CALLBACK eap::monitor_ui::winproc(
_In_ HWND hwnd,
_In_ UINT msg,
_In_ WPARAM wparam,
_In_ LPARAM lparam)
{
if (msg == WM_CREATE) {
// Set window's user data to "this" pointer.
const CREATESTRUCT *cs = (CREATESTRUCT*)lparam;
SetWindowLongPtr(hwnd, GWLP_USERDATA, (LONG_PTR)cs->lpCreateParams);
// Forward to our handler.
return ((eap::monitor_ui*)cs->lpCreateParams)->winproc(msg, wparam, lparam);
} else {
// Get "this" pointer from window's user data.
eap::monitor_ui *_this = (eap::monitor_ui*)GetWindowLongPtr(hwnd, GWLP_USERDATA);
if (_this) {
// Forward to our handler.
return _this->winproc(msg, wparam, lparam);
} else
return DefWindowProc(hwnd, msg, wparam, lparam);
}
}
const UINT eap::monitor_ui::s_msg_attach = RegisterWindowMessage(_T(PRODUCT_NAME_STR) _T("-Attach"));
const UINT eap::monitor_ui::s_msg_finish = RegisterWindowMessage(_T(PRODUCT_NAME_STR) _T("-Finish"));

BIN
lib/Events/res/EventsETW.man
View File

Binary file not shown.

358
lib/TLS/include/Config.h
View File

@@ -1,176 +1,182 @@
/*
Copyright 2015-2016 Amebis
Copyright 2016 GÉANT
This file is part of GÉANTLink.
GÉANTLink is free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
GÉANTLink is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
*/
#include <WinStd/Common.h>
#include <Windows.h>
#include <WinCrypt.h> // Must include after <Windows.h>
#include <sal.h>
namespace eap
{
///
/// TLS configuration
///
class config_method_tls;
///
/// Helper function to compile human-readable certificate name for UI display
///
winstd::tstring get_cert_title(PCCERT_CONTEXT cert);
}
#pragma once
#include "Credentials.h"
#include "Method.h"
#include "TLS.h"
#include "../../EAPBase/include/Config.h"
#include <WinStd/Crypt.h>
#include <Windows.h>
#include <list>
#include <string>
namespace eap
{
class config_method_tls : public config_method_with_cred
{
public:
///
/// Constructs configuration
///
/// \param[in] mod EAP module to use for global services
///
config_method_tls(_In_ module &mod);
///
/// Copies configuration
///
/// \param[in] other Configuration to copy from
///
config_method_tls(_In_ const config_method_tls &other);
///
/// Moves configuration
///
/// \param[in] other Configuration to move from
///
config_method_tls(_Inout_ config_method_tls &&other);
///
/// Copies configuration
///
/// \param[in] other Configuration to copy from
///
/// \returns Reference to this object
///
config_method_tls& operator=(_In_ const config_method_tls &other);
///
/// Moves configuration
///
/// \param[in] other Configuration to move from
///
/// \returns Reference to this object
///
config_method_tls& operator=(_Inout_ config_method_tls &&other);
///
/// Clones configuration
///
/// \returns Pointer to cloned configuration
///
virtual config* clone() const;
/// \name XML configuration management
/// @{
///
/// Save to XML document
///
/// \param[in] pDoc XML document
/// \param[in] pConfigRoot Suggested root element for saving
///
virtual void save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const;
///
/// Load from XML document
///
/// \param[in] pConfigRoot Root element for loading
///
virtual void load(_In_ IXMLDOMNode *pConfigRoot);
/// @}
/// \name BLOB management
/// @{
///
/// Packs a configuration
///
/// \param[inout] cursor Memory cursor
///
virtual void operator<<(_Inout_ cursor_out &cursor) const;
///
/// Returns packed size of a configuration
///
/// \returns Size of data when packed (in bytes)
///
virtual size_t get_pk_size() const;
///
/// Unpacks a configuration
///
/// \param[inout] cursor Memory cursor
///
virtual void operator>>(_Inout_ cursor_in &cursor);
/// @}
///
/// Returns EAP method type of this configuration
///
/// \returns `eap::type_tls`
///
virtual winstd::eap_type_t get_method_id() const;
///
/// Adds CA to the list of trusted root CA's
///
/// \sa [CertCreateCertificateContext function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa376033.aspx)
///
bool add_trusted_ca(_In_ DWORD dwCertEncodingType, _In_ const BYTE *pbCertEncoded, _In_ DWORD cbCertEncoded);
public:
std::list<winstd::cert_context> m_trusted_root_ca; ///< Trusted root CAs
std::list<std::wstring> m_server_names; ///< Acceptable authenticating server names
// Following members are used for session resumptions. They are not exported/imported to XML.
sanitizing_blob m_session_id; ///< TLS session ID
tls_master_secret m_master_secret; ///< TLS master secret
};
}
/*
Copyright 2015-2016 Amebis
Copyright 2016 GÉANT
This file is part of GÉANTLink.
GÉANTLink is free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
GÉANTLink is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
*/
#include <WinStd/Common.h>
#include <Windows.h>
#include <WinCrypt.h> // Must include after <Windows.h>
#include <sal.h>
#define EAP_TLS_OWN 0 ///< We do the TLS ourself
#define EAP_TLS_SCHANNEL 1 ///< TLS is done by Schannel, but server certificate check is done ourself
#define EAP_TLS_SCHANNEL_FULL 2 ///< TLS is fully done by Schannel
namespace eap
{
///
/// TLS configuration
///
class config_method_tls;
///
/// Helper function to compile human-readable certificate name for UI display
///
winstd::tstring get_cert_title(PCCERT_CONTEXT cert);
}
#pragma once
#include "Credentials.h"
#include "Method.h"
#include "TLS.h"
#include "../../EAPBase/include/Config.h"
#include <WinStd/Crypt.h>
#include <Windows.h>
#include <list>
#include <string>
namespace eap
{
class config_method_tls : public config_method_with_cred
{
public:
///
/// Constructs configuration
///
/// \param[in] mod EAP module to use for global services
///
config_method_tls(_In_ module &mod);
///
/// Copies configuration
///
/// \param[in] other Configuration to copy from
///
config_method_tls(_In_ const config_method_tls &other);
///
/// Moves configuration
///
/// \param[in] other Configuration to move from
///
config_method_tls(_Inout_ config_method_tls &&other);
///
/// Copies configuration
///
/// \param[in] other Configuration to copy from
///
/// \returns Reference to this object
///
config_method_tls& operator=(_In_ const config_method_tls &other);
///
/// Moves configuration
///
/// \param[in] other Configuration to move from
///
/// \returns Reference to this object
///
config_method_tls& operator=(_Inout_ config_method_tls &&other);
///
/// Clones configuration
///
/// \returns Pointer to cloned configuration
///
virtual config* clone() const;
/// \name XML configuration management
/// @{
///
/// Save to XML document
///
/// \param[in] pDoc XML document
/// \param[in] pConfigRoot Suggested root element for saving
///
virtual void save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const;
///
/// Load from XML document
///
/// \param[in] pConfigRoot Root element for loading
///
virtual void load(_In_ IXMLDOMNode *pConfigRoot);
/// @}
/// \name BLOB management
/// @{
///
/// Packs a configuration
///
/// \param[inout] cursor Memory cursor
///
virtual void operator<<(_Inout_ cursor_out &cursor) const;
///
/// Returns packed size of a configuration
///
/// \returns Size of data when packed (in bytes)
///
virtual size_t get_pk_size() const;
///
/// Unpacks a configuration
///
/// \param[inout] cursor Memory cursor
///
virtual void operator>>(_Inout_ cursor_in &cursor);
/// @}
///
/// Returns EAP method type of this configuration
///
/// \returns `eap::type_tls`
///
virtual winstd::eap_type_t get_method_id() const;
///
/// Adds CA to the list of trusted root CA's
///
/// \sa [CertCreateCertificateContext function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa376033.aspx)
///
bool add_trusted_ca(_In_ DWORD dwCertEncodingType, _In_ const BYTE *pbCertEncoded, _In_ DWORD cbCertEncoded);
public:
std::list<winstd::cert_context> m_trusted_root_ca; ///< Trusted root CAs
std::list<std::wstring> m_server_names; ///< Acceptable authenticating server names
#if EAP_TLS < EAP_TLS_SCHANNEL
// Following members are used for session resumptions. They are not exported/imported to XML.
sanitizing_blob m_session_id; ///< TLS session ID
tls_master_secret m_master_secret; ///< TLS master secret
#endif
};
}

5
lib/TLS/include/Credentials.h
View File

@@ -180,11 +180,6 @@ namespace eap
///
virtual std::wstring get_identity() const;
///
/// Returns credential name (for GUI display).
///
virtual winstd::tstring get_name() const;
///
/// Combine credentials in the following order:
///

49
lib/TLS/include/Method.h
View File

@@ -36,6 +36,7 @@ namespace eap
#include "../../EAPBase/include/Method.h"
#include <WinStd/Crypt.h>
#include <WinStd/Sec.h>
#include <list>
#include <vector>
@@ -145,10 +146,10 @@ namespace eap
/// Constructs an EAP method
///
/// \param[in] mod EAP module to use for global services
/// \param[in] cfg Providers configuration
/// \param[in] cfg Connection configuration
/// \param[in] cred User credentials
///
method_tls(_In_ module &module, _In_ config_provider_list &cfg, _In_ credentials_tls &cred);
method_tls(_In_ module &module, _In_ config_connection &cfg, _In_ credentials_tls &cred);
///
/// Moves an EAP method
@@ -216,6 +217,7 @@ namespace eap
/// @}
protected:
#if EAP_TLS < EAP_TLS_SCHANNEL
/// \name Client handshake message generation
/// @{
@@ -360,6 +362,18 @@ namespace eap
///
virtual void process_handshake(_In_bytecount_(msg_size) const void *msg, _In_ size_t msg_size);
#else
///
/// Process handshake
///
void process_handshake();
///
/// Process application data
///
void process_application_data();
#endif
///
/// Processes a TLS application_data message
///
@@ -370,24 +384,16 @@ namespace eap
///
virtual void process_application_data(_In_bytecount_(msg_size) const void *msg, _In_ size_t msg_size);
/////
///// Processes a vendor-specific TLS message
/////
///// \note Please see `m_cipher_spec` member if the message data came encrypted.
/////
///// \param[in] type TLS message type
///// \param[in] msg TLS message data
///// \param[in] msg_size TLS message data size
/////
//virtual void process_vendor_data(_In_ tls_message_type_t type, _In_bytecount_(msg_size) const void *msg, _In_ size_t msg_size);
/// @}
#if EAP_TLS < EAP_TLS_SCHANNEL_FULL
///
/// Verifies server's certificate if trusted by configuration
///
void verify_server_trust() const;
#endif
#if EAP_TLS < EAP_TLS_SCHANNEL
/// \name Encryption
/// @{
@@ -481,13 +487,16 @@ namespace eap
_In_ HCRYPTKEY key,
_In_bytecount_(size_secret) const void *secret,
_In_ size_t size_secret);
#endif
protected:
credentials_tls &m_cred; ///< EAP-TLS user credentials
HANDLE m_user_ctx; ///< Handle to user context
packet m_packet_req; ///< Request packet
packet m_packet_res; ///< Response packet
#if EAP_TLS < EAP_TLS_SCHANNEL
winstd::crypt_prov m_cp; ///< Cryptography provider for general services
winstd::crypt_prov m_cp_enc_client; ///< Cryptography provider for encryption
winstd::crypt_prov m_cp_enc_server; ///< Cryptography provider for encryption
@@ -528,6 +537,20 @@ namespace eap
unsigned __int64 m_seq_num_client; ///< Sequence number for encrypting
unsigned __int64 m_seq_num_server; ///< Sequence number for decrypting
#else
winstd::tstring m_sc_target_name; ///< Schannel target name
winstd::sec_credentials m_sc_cred; ///< Schannel client credentials
std::vector<unsigned char> m_sc_queue; ///< TLS data queue
winstd::sec_context m_sc_ctx; ///< Schannel context
enum {
phase_unknown = -1, ///< Unknown phase
phase_handshake_init = 0, ///< Handshake initialize
phase_handshake_cont, ///< Handshake continue
phase_application_data, ///< Exchange application data
phase_shutdown, ///< Connection shut down
} m_phase, m_phase_prev; ///< What phase is our communication at?
#endif
// The following members are required to avoid memory leakage in get_result()
EAP_ATTRIBUTES m_eap_attr_desc; ///< EAP Radius attributes descriptor

9
lib/TLS/include/TLS.h
View File

@@ -503,7 +503,16 @@ namespace eap
///
tls_conn_state& operator=(_Inout_ tls_conn_state &&other);
///
/// Configures state according to given cipher
///
/// \param[in] cipher Cipher ID
///
void set_cipher(_In_ const unsigned char cipher[2]);
public:
LPCTSTR m_prov_name; ///< Cryptography provider name
DWORD m_prov_type; ///< Cryptography provider type
ALG_ID m_alg_encrypt; ///< Bulk encryption algorithm
size_t m_size_enc_key; ///< Encryption key size in bytes (has to comply with `m_alg_encrypt`)
size_t m_size_enc_iv; ///< Encryption initialization vector size in bytes (has to comply with `m_alg_encrypt`)

613
lib/TLS/src/Config.cpp
View File

@@ -1,298 +1,315 @@
/*
Copyright 2015-2016 Amebis
Copyright 2016 GÉANT
This file is part of GÉANTLink.
GÉANTLink is free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
GÉANTLink is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
*/
#include "StdAfx.h"
#pragma comment(lib, "Cryptui.lib")
using namespace std;
using namespace winstd;
//////////////////////////////////////////////////////////////////////
// eap::get_cert_title
//////////////////////////////////////////////////////////////////////
tstring eap::get_cert_title(PCCERT_CONTEXT cert)
{
tstring name, str, issuer, title;
FILETIME ft;
SYSTEMTIME st;
// Prepare certificate information
CertGetNameString(cert, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, NULL, name);
title += name;
FileTimeToLocalFileTime(&(cert->pCertInfo->NotBefore), &ft);
FileTimeToSystemTime(&ft, &st);
GetDateFormat(LOCALE_USER_DEFAULT, DATE_SHORTDATE, &st, NULL, str);
title += _T(", ");
title += str;
FileTimeToLocalFileTime(&(cert->pCertInfo->NotAfter ), &ft);
FileTimeToSystemTime(&ft, &st);
GetDateFormat(LOCALE_USER_DEFAULT, DATE_SHORTDATE, &st, NULL, str);
title += _T('-');
title += str;
CertGetNameString(cert, CERT_NAME_SIMPLE_DISPLAY_TYPE, CERT_NAME_ISSUER_FLAG, NULL, issuer);
if (name != issuer) {
title += _T(", ");
title += issuer;
}
return title;
}
//////////////////////////////////////////////////////////////////////
// eap::config_method_tls
//////////////////////////////////////////////////////////////////////
eap::config_method_tls::config_method_tls(_In_ module &mod) : config_method_with_cred(mod)
{
m_preshared.reset(new credentials_tls(mod));
}
eap::config_method_tls::config_method_tls(_In_ const config_method_tls &other) :
m_trusted_root_ca(other.m_trusted_root_ca),
m_server_names(other.m_server_names),
m_session_id(other.m_session_id),
m_master_secret(other.m_master_secret),
config_method_with_cred(other)
{
}
eap::config_method_tls::config_method_tls(_Inout_ config_method_tls &&other) :
m_trusted_root_ca(std::move(other.m_trusted_root_ca)),
m_server_names(std::move(other.m_server_names)),
m_session_id(std::move(other.m_session_id)),
m_master_secret(std::move(other.m_master_secret)),
config_method_with_cred(std::move(other))
{
}
eap::config_method_tls& eap::config_method_tls::operator=(_In_ const config_method_tls &other)
{
if (this != &other) {
(config_method_with_cred&)*this = other;
m_trusted_root_ca = other.m_trusted_root_ca;
m_server_names = other.m_server_names;
m_session_id = other.m_session_id;
m_master_secret = other.m_master_secret;
}
return *this;
}
eap::config_method_tls& eap::config_method_tls::operator=(_Inout_ config_method_tls &&other)
{
if (this != &other) {
(config_method_with_cred&&)*this = std::move(other);
m_trusted_root_ca = std::move(other.m_trusted_root_ca);
m_server_names = std::move(other.m_server_names);
m_session_id = std::move(other.m_session_id);
m_master_secret = std::move(other.m_master_secret);
}
return *this;
}
eap::config* eap::config_method_tls::clone() const
{
return new config_method_tls(*this);
}
void eap::config_method_tls::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const
{
assert(pDoc);
assert(pConfigRoot);
config_method_with_cred::save(pDoc, pConfigRoot);
const bstr bstrNamespace(L"urn:ietf:params:xml:ns:yang:ietf-eap-metadata");
HRESULT hr;
// <ServerSideCredential>
com_obj<IXMLDOMElement> pXmlElServerSideCredential;
if (FAILED(hr = eapxml::create_element(pDoc, pConfigRoot, bstr(L"eap-metadata:ServerSideCredential"), bstr(L"ServerSideCredential"), bstrNamespace, &pXmlElServerSideCredential)))
throw com_runtime_error(hr, __FUNCTION__ " Error creating <ServerSideCredential> element.");
for (list<cert_context>::const_iterator i = m_trusted_root_ca.begin(), i_end = m_trusted_root_ca.end(); i != i_end; ++i) {
// <CA>
com_obj<IXMLDOMElement> pXmlElCA;
if (FAILED(hr = eapxml::create_element(pDoc, bstr(L"CA"), bstrNamespace, &pXmlElCA)))
throw com_runtime_error(hr, __FUNCTION__ " Error creating <CA> element.");
// <CA>/<format>
if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElCA, bstr(L"format"), bstrNamespace, bstr(L"PEM"))))
throw com_runtime_error(hr, __FUNCTION__ " Error creating <format> element.");
// <CA>/<cert-data>
const cert_context &cc = *i;
if (FAILED(hr = eapxml::put_element_base64(pDoc, pXmlElCA, bstr(L"cert-data"), bstrNamespace, cc->pbCertEncoded, cc->cbCertEncoded)))
throw com_runtime_error(hr, __FUNCTION__ " Error creating <cert-data> element.");
if (FAILED(hr = pXmlElServerSideCredential->appendChild(pXmlElCA, NULL)))
throw com_runtime_error(hr, __FUNCTION__ " Error appending <CA> element.");
}
// <ServerName>
for (list<wstring>::const_iterator i = m_server_names.begin(), i_end = m_server_names.end(); i != i_end; ++i) {
if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElServerSideCredential, bstr(L"ServerName"), bstrNamespace, bstr(*i))))
throw com_runtime_error(hr, __FUNCTION__ " Error creating <ServerName> element.");
}
}
void eap::config_method_tls::load(_In_ IXMLDOMNode *pConfigRoot)
{
assert(pConfigRoot);
config_method_with_cred::load(pConfigRoot);
std::wstring xpath(eapxml::get_xpath(pConfigRoot));
m_trusted_root_ca.clear();
m_server_names.clear();
// <ServerSideCredential>
com_obj<IXMLDOMElement> pXmlElServerSideCredential;
if (SUCCEEDED(eapxml::select_element(pConfigRoot, bstr(L"eap-metadata:ServerSideCredential"), &pXmlElServerSideCredential))) {
std::wstring xpathServerSideCredential(xpath + L"/ServerSideCredential");
// <CA>
com_obj<IXMLDOMNodeList> pXmlListCAs;
long lCACount = 0;
if (SUCCEEDED(eapxml::select_nodes(pXmlElServerSideCredential, bstr(L"eap-metadata:CA"), &pXmlListCAs)) && SUCCEEDED(pXmlListCAs->get_length(&lCACount))) {
for (long j = 0; j < lCACount; j++) {
// Load CA certificate.
com_obj<IXMLDOMNode> pXmlElCA;
pXmlListCAs->get_item(j, &pXmlElCA);
bstr bstrFormat;
if (FAILED(eapxml::get_element_value(pXmlElCA, bstr(L"eap-metadata:format"), &bstrFormat))) {
// <format> not specified.
continue;
}
if (CompareStringEx(LOCALE_NAME_INVARIANT, NORM_IGNORECASE, bstrFormat, bstrFormat.length(), L"PEM", -1, NULL, NULL, 0) != CSTR_EQUAL) {
// Certificate must be PEM encoded.
continue;
}
vector<unsigned char> aData;
if (FAILED(eapxml::get_element_base64(pXmlElCA, bstr(L"eap-metadata:cert-data"), aData))) {
// Error reading <cert-data> element.
continue;
}
add_trusted_ca(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, aData.data(), (DWORD)aData.size());
}
// Log loaded CA certificates.
list<tstring> cert_names;
for (std::list<winstd::cert_context>::const_iterator cert = m_trusted_root_ca.cbegin(), cert_end = m_trusted_root_ca.cend(); cert != cert_end; ++cert)
cert_names.push_back(std::move(get_cert_title(*cert)));
m_module.log_config((xpathServerSideCredential + L"/CA").c_str(), cert_names);
}
// <ServerName>
com_obj<IXMLDOMNodeList> pXmlListServerIDs;
long lServerIDCount = 0;
if (SUCCEEDED(eapxml::select_nodes(pXmlElServerSideCredential, bstr(L"eap-metadata:ServerName"), &pXmlListServerIDs)) && SUCCEEDED(pXmlListServerIDs->get_length(&lServerIDCount))) {
for (long j = 0; j < lServerIDCount; j++) {
// Load server name (<ServerName>).
com_obj<IXMLDOMNode> pXmlElServerID;
pXmlListServerIDs->get_item(j, &pXmlElServerID);
bstr bstrServerID;
pXmlElServerID->get_text(&bstrServerID);
m_server_names.push_back(wstring(bstrServerID));
}
m_module.log_config((xpathServerSideCredential + L"/ServerName").c_str(), m_server_names);
}
}
}
void eap::config_method_tls::operator<<(_Inout_ cursor_out &cursor) const
{
config_method_with_cred::operator<<(cursor);
cursor << m_trusted_root_ca;
cursor << m_server_names ;
cursor << m_session_id ;
cursor << m_master_secret ;
}
size_t eap::config_method_tls::get_pk_size() const
{
return
config_method_with_cred::get_pk_size() +
pksizeof(m_trusted_root_ca) +
pksizeof(m_server_names ) +
pksizeof(m_session_id ) +
pksizeof(m_master_secret );
}
void eap::config_method_tls::operator>>(_Inout_ cursor_in &cursor)
{
config_method_with_cred::operator>>(cursor);
cursor >> m_trusted_root_ca;
cursor >> m_server_names ;
cursor >> m_session_id ;
cursor >> m_master_secret ;
}
eap_type_t eap::config_method_tls::get_method_id() const
{
return eap_type_tls;
}
bool eap::config_method_tls::add_trusted_ca(_In_ DWORD dwCertEncodingType, _In_ const BYTE *pbCertEncoded, _In_ DWORD cbCertEncoded)
{
cert_context cert;
if (!cert.create(dwCertEncodingType, pbCertEncoded, cbCertEncoded)) {
// Invalid or unsupported certificate.
return false;
}
for (list<cert_context>::const_iterator i = m_trusted_root_ca.cbegin(), i_end = m_trusted_root_ca.cend();; ++i) {
if (i != i_end) {
if (*i == cert) {
// This certificate is already on the list.
return false;
}
} else {
// End of list reached. Append certificate.
m_trusted_root_ca.push_back(std::move(cert));
return true;
}
}
}
/*
Copyright 2015-2016 Amebis
Copyright 2016 GÉANT
This file is part of GÉANTLink.
GÉANTLink is free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
GÉANTLink is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
*/
#include "StdAfx.h"
#pragma comment(lib, "Cryptui.lib")
using namespace std;
using namespace winstd;
//////////////////////////////////////////////////////////////////////
// eap::get_cert_title
//////////////////////////////////////////////////////////////////////
tstring eap::get_cert_title(PCCERT_CONTEXT cert)
{
tstring name, str, issuer, title;
FILETIME ft;
SYSTEMTIME st;
// Prepare certificate information
CertGetNameString(cert, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, NULL, name);
title += name;
FileTimeToLocalFileTime(&(cert->pCertInfo->NotBefore), &ft);
FileTimeToSystemTime(&ft, &st);
GetDateFormat(LOCALE_USER_DEFAULT, DATE_SHORTDATE, &st, NULL, str);
title += _T(", ");
title += str;
FileTimeToLocalFileTime(&(cert->pCertInfo->NotAfter ), &ft);
FileTimeToSystemTime(&ft, &st);
GetDateFormat(LOCALE_USER_DEFAULT, DATE_SHORTDATE, &st, NULL, str);
title += _T('-');
title += str;
CertGetNameString(cert, CERT_NAME_SIMPLE_DISPLAY_TYPE, CERT_NAME_ISSUER_FLAG, NULL, issuer);
if (name != issuer) {
title += _T(", ");
title += issuer;
}
return title;
}
//////////////////////////////////////////////////////////////////////
// eap::config_method_tls
//////////////////////////////////////////////////////////////////////
eap::config_method_tls::config_method_tls(_In_ module &mod) : config_method_with_cred(mod)
{
m_preshared.reset(new credentials_tls(mod));
}
eap::config_method_tls::config_method_tls(_In_ const config_method_tls &other) :
m_trusted_root_ca(other.m_trusted_root_ca),
m_server_names(other.m_server_names),
#if EAP_TLS < EAP_TLS_SCHANNEL
m_session_id(other.m_session_id),
m_master_secret(other.m_master_secret),
#endif
config_method_with_cred(other)
{
}
eap::config_method_tls::config_method_tls(_Inout_ config_method_tls &&other) :
m_trusted_root_ca(std::move(other.m_trusted_root_ca)),
m_server_names(std::move(other.m_server_names)),
#if EAP_TLS < EAP_TLS_SCHANNEL
m_session_id(std::move(other.m_session_id)),
m_master_secret(std::move(other.m_master_secret)),
#endif
config_method_with_cred(std::move(other))
{
}
eap::config_method_tls& eap::config_method_tls::operator=(_In_ const config_method_tls &other)
{
if (this != &other) {
(config_method_with_cred&)*this = other;
m_trusted_root_ca = other.m_trusted_root_ca;
m_server_names = other.m_server_names;
#if EAP_TLS < EAP_TLS_SCHANNEL
m_session_id = other.m_session_id;
m_master_secret = other.m_master_secret;
#endif
}
return *this;
}
eap::config_method_tls& eap::config_method_tls::operator=(_Inout_ config_method_tls &&other)
{
if (this != &other) {
(config_method_with_cred&&)*this = std::move(other);
m_trusted_root_ca = std::move(other.m_trusted_root_ca);
m_server_names = std::move(other.m_server_names);
#if EAP_TLS < EAP_TLS_SCHANNEL
m_session_id = std::move(other.m_session_id);
m_master_secret = std::move(other.m_master_secret);
#endif
}
return *this;
}
eap::config* eap::config_method_tls::clone() const
{
return new config_method_tls(*this);
}
void eap::config_method_tls::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const
{
assert(pDoc);
assert(pConfigRoot);
config_method_with_cred::save(pDoc, pConfigRoot);
const bstr bstrNamespace(L"urn:ietf:params:xml:ns:yang:ietf-eap-metadata");
HRESULT hr;
// <ServerSideCredential>
com_obj<IXMLDOMElement> pXmlElServerSideCredential;
if (FAILED(hr = eapxml::create_element(pDoc, pConfigRoot, bstr(L"eap-metadata:ServerSideCredential"), bstr(L"ServerSideCredential"), bstrNamespace, &pXmlElServerSideCredential)))
throw com_runtime_error(hr, __FUNCTION__ " Error creating <ServerSideCredential> element.");
for (list<cert_context>::const_iterator i = m_trusted_root_ca.begin(), i_end = m_trusted_root_ca.end(); i != i_end; ++i) {
// <CA>
com_obj<IXMLDOMElement> pXmlElCA;
if (FAILED(hr = eapxml::create_element(pDoc, bstr(L"CA"), bstrNamespace, &pXmlElCA)))
throw com_runtime_error(hr, __FUNCTION__ " Error creating <CA> element.");
// <CA>/<format>
if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElCA, bstr(L"format"), bstrNamespace, bstr(L"PEM"))))
throw com_runtime_error(hr, __FUNCTION__ " Error creating <format> element.");
// <CA>/<cert-data>
const cert_context &cc = *i;
if (FAILED(hr = eapxml::put_element_base64(pDoc, pXmlElCA, bstr(L"cert-data"), bstrNamespace, cc->pbCertEncoded, cc->cbCertEncoded)))
throw com_runtime_error(hr, __FUNCTION__ " Error creating <cert-data> element.");
if (FAILED(hr = pXmlElServerSideCredential->appendChild(pXmlElCA, NULL)))
throw com_runtime_error(hr, __FUNCTION__ " Error appending <CA> element.");
}
// <ServerName>
for (list<wstring>::const_iterator i = m_server_names.begin(), i_end = m_server_names.end(); i != i_end; ++i) {
if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElServerSideCredential, bstr(L"ServerName"), bstrNamespace, bstr(*i))))
throw com_runtime_error(hr, __FUNCTION__ " Error creating <ServerName> element.");
}
}
void eap::config_method_tls::load(_In_ IXMLDOMNode *pConfigRoot)
{
assert(pConfigRoot);
config_method_with_cred::load(pConfigRoot);
std::wstring xpath(eapxml::get_xpath(pConfigRoot));
m_trusted_root_ca.clear();
m_server_names.clear();
// <ServerSideCredential>
com_obj<IXMLDOMElement> pXmlElServerSideCredential;
if (SUCCEEDED(eapxml::select_element(pConfigRoot, bstr(L"eap-metadata:ServerSideCredential"), &pXmlElServerSideCredential))) {
std::wstring xpathServerSideCredential(xpath + L"/ServerSideCredential");
// <CA>
com_obj<IXMLDOMNodeList> pXmlListCAs;
long lCACount = 0;
if (SUCCEEDED(eapxml::select_nodes(pXmlElServerSideCredential, bstr(L"eap-metadata:CA"), &pXmlListCAs)) && SUCCEEDED(pXmlListCAs->get_length(&lCACount))) {
for (long j = 0; j < lCACount; j++) {
// Load CA certificate.
com_obj<IXMLDOMNode> pXmlElCA;
pXmlListCAs->get_item(j, &pXmlElCA);
bstr bstrFormat;
if (FAILED(eapxml::get_element_value(pXmlElCA, bstr(L"eap-metadata:format"), &bstrFormat))) {
// <format> not specified.
continue;
}
if (CompareStringEx(LOCALE_NAME_INVARIANT, NORM_IGNORECASE, bstrFormat, bstrFormat.length(), L"PEM", -1, NULL, NULL, 0) != CSTR_EQUAL) {
// Certificate must be PEM encoded.
continue;
}
vector<unsigned char> aData;
if (FAILED(eapxml::get_element_base64(pXmlElCA, bstr(L"eap-metadata:cert-data"), aData))) {
// Error reading <cert-data> element.
continue;
}
add_trusted_ca(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, aData.data(), (DWORD)aData.size());
}
// Log loaded CA certificates.
list<tstring> cert_names;
for (std::list<winstd::cert_context>::const_iterator cert = m_trusted_root_ca.cbegin(), cert_end = m_trusted_root_ca.cend(); cert != cert_end; ++cert)
cert_names.push_back(std::move(get_cert_title(*cert)));
m_module.log_config((xpathServerSideCredential + L"/CA").c_str(), cert_names);
}
// <ServerName>
com_obj<IXMLDOMNodeList> pXmlListServerIDs;
long lServerIDCount = 0;
if (SUCCEEDED(eapxml::select_nodes(pXmlElServerSideCredential, bstr(L"eap-metadata:ServerName"), &pXmlListServerIDs)) && SUCCEEDED(pXmlListServerIDs->get_length(&lServerIDCount))) {
for (long j = 0; j < lServerIDCount; j++) {
// Load server name (<ServerName>).
com_obj<IXMLDOMNode> pXmlElServerID;
pXmlListServerIDs->get_item(j, &pXmlElServerID);
bstr bstrServerID;
pXmlElServerID->get_text(&bstrServerID);
m_server_names.push_back(wstring(bstrServerID));
}
m_module.log_config((xpathServerSideCredential + L"/ServerName").c_str(), m_server_names);
}
}
}
void eap::config_method_tls::operator<<(_Inout_ cursor_out &cursor) const
{
config_method_with_cred::operator<<(cursor);
cursor << m_trusted_root_ca;
cursor << m_server_names ;
#if EAP_TLS < EAP_TLS_SCHANNEL
cursor << m_session_id ;
cursor << m_master_secret ;
#endif
}
size_t eap::config_method_tls::get_pk_size() const
{
return
config_method_with_cred::get_pk_size() +
pksizeof(m_trusted_root_ca) +
pksizeof(m_server_names )
#if EAP_TLS < EAP_TLS_SCHANNEL
+
pksizeof(m_session_id ) +
pksizeof(m_master_secret );
#else
;
#endif
}
void eap::config_method_tls::operator>>(_Inout_ cursor_in &cursor)
{
config_method_with_cred::operator>>(cursor);
cursor >> m_trusted_root_ca;
cursor >> m_server_names ;
#if EAP_TLS < EAP_TLS_SCHANNEL
cursor >> m_session_id ;
cursor >> m_master_secret ;
#endif
}
eap_type_t eap::config_method_tls::get_method_id() const
{
return eap_type_tls;
}
bool eap::config_method_tls::add_trusted_ca(_In_ DWORD dwCertEncodingType, _In_ const BYTE *pbCertEncoded, _In_ DWORD cbCertEncoded)
{
cert_context cert;
if (!cert.create(dwCertEncodingType, pbCertEncoded, cbCertEncoded)) {
// Invalid or unsupported certificate.
return false;
}
for (list<cert_context>::const_iterator i = m_trusted_root_ca.cbegin(), i_end = m_trusted_root_ca.cend();; ++i) {
if (i != i_end) {
if (*i == cert) {
// This certificate is already on the list.
return false;
}
} else {
// End of list reached. Append certificate.
m_trusted_root_ca.push_back(std::move(cert));
return true;
}
}
}

26
lib/TLS/src/Credentials.cpp
View File

@@ -182,11 +182,10 @@ void eap::credentials_tls::store(_In_z_ LPCTSTR pszTargetName) const
throw win_runtime_error(__FUNCTION__ " CryptProtectData failed.");
tstring target(target_name(pszTargetName));
wstring name(std::move(get_name()));
// Write credentials.
assert(cred_enc.cbData < CRED_MAX_CREDENTIAL_BLOB_SIZE);
assert(name.length() < CRED_MAX_USERNAME_LENGTH );
assert(cred_enc.cbData < CRED_MAX_CREDENTIAL_BLOB_SIZE);
assert(m_identity.length() < CRED_MAX_USERNAME_LENGTH );
CREDENTIAL cred = {
0, // Flags
CRED_TYPE_GENERIC, // Type
@@ -199,7 +198,7 @@ void eap::credentials_tls::store(_In_z_ LPCTSTR pszTargetName) const
0, // AttributeCount
NULL, // Attributes
NULL, // TargetAlias
(LPTSTR)name.c_str() // UserName
(LPTSTR)m_identity.c_str() // UserName
};
if (!CredWrite(&cred, 0))
throw win_runtime_error(__FUNCTION__ " CredWrite failed.");
@@ -227,7 +226,14 @@ void eap::credentials_tls::retrieve(_In_z_ LPCTSTR pszTargetName)
if (!bResult)
throw win_runtime_error(__FUNCTION__ " Error loading certificate.");
m_module.log_config((wstring(pszTargetName) + L"/Certificate").c_str(), get_name().c_str());
if (cred->UserName)
m_identity = cred->UserName;
else
m_identity.clear();
wstring xpath(pszTargetName);
m_module.log_config((xpath + L"/Identity").c_str(), m_identity.c_str());
m_module.log_config((xpath + L"/Certificate").c_str(), get_name().c_str());
}
@@ -239,7 +245,9 @@ LPCTSTR eap::credentials_tls::target_suffix() const
std::wstring eap::credentials_tls::get_identity() const
{
if (m_cert) {
if (!m_identity.empty()) {
return m_identity;
} else if (m_cert) {
wstring identity;
CertGetNameString(m_cert, CERT_NAME_EMAIL_TYPE, 0, NULL, identity);
return identity;
@@ -248,12 +256,6 @@ std::wstring eap::credentials_tls::get_identity() const
}
tstring eap::credentials_tls::get_name() const
{
return m_cert ? std::move(get_cert_title(m_cert)) : _T("<blank>");
}
eap::credentials::source_t eap::credentials_tls::combine(
_In_ const credentials_tls *cred_cached,
_In_ const config_method_tls &cfg,

3622
lib/TLS/src/Method.cpp
View File

File diff suppressed because it is too large Load Diff

1
lib/TLS/src/StdAfx.h
View File

@@ -31,6 +31,7 @@
#include <WinStd/EAP.h>
#include <EapHostError.h>
#include <schnlsp.h>
#include <time.h>
#include <algorithm>

153
lib/TLS/src/TLS.cpp
View File

@@ -182,6 +182,8 @@ eap::tls_conn_state::tls_conn_state()
#ifdef _DEBUG
// Initialize state primitive members for diagnostic purposes.
:
m_prov_name (NULL),
m_prov_type (0),
m_alg_encrypt (0),
m_size_enc_key (0),
m_size_enc_iv (0),
@@ -195,6 +197,8 @@ eap::tls_conn_state::tls_conn_state()
eap::tls_conn_state::tls_conn_state(_In_ const tls_conn_state &other) :
m_prov_name (other.m_prov_name ),
m_prov_type (other.m_prov_type ),
m_alg_encrypt (other.m_alg_encrypt ),
m_size_enc_key (other.m_size_enc_key ),
m_size_enc_iv (other.m_size_enc_iv ),
@@ -209,6 +213,8 @@ eap::tls_conn_state::tls_conn_state(_In_ const tls_conn_state &other) :
eap::tls_conn_state::tls_conn_state(_Inout_ tls_conn_state &&other) :
m_prov_name (std::move(other.m_prov_name )),
m_prov_type (std::move(other.m_prov_type )),
m_alg_encrypt (std::move(other.m_alg_encrypt )),
m_size_enc_key (std::move(other.m_size_enc_key )),
m_size_enc_iv (std::move(other.m_size_enc_iv )),
@@ -221,6 +227,8 @@ eap::tls_conn_state::tls_conn_state(_Inout_ tls_conn_state &&other) :
{
#ifdef _DEBUG
// Reinitialize other state primitive members for diagnostic purposes.
other.m_prov_name = NULL;
other.m_prov_type = 0;
other.m_alg_encrypt = 0;
other.m_size_enc_key = 0;
other.m_size_enc_iv = 0;
@@ -235,6 +243,8 @@ eap::tls_conn_state::tls_conn_state(_Inout_ tls_conn_state &&other) :
eap::tls_conn_state& eap::tls_conn_state::operator=(_In_ const tls_conn_state &other)
{
if (this != std::addressof(other)) {
m_prov_name = other.m_prov_name ;
m_prov_type = other.m_prov_type ;
m_alg_encrypt = other.m_alg_encrypt ;
m_size_enc_key = other.m_size_enc_key ;
m_size_enc_iv = other.m_size_enc_iv ;
@@ -253,6 +263,8 @@ eap::tls_conn_state& eap::tls_conn_state::operator=(_In_ const tls_conn_state &o
eap::tls_conn_state& eap::tls_conn_state::operator=(_Inout_ tls_conn_state &&other)
{
if (this != std::addressof(other)) {
m_prov_name = std::move(other.m_prov_name );
m_prov_type = std::move(other.m_prov_type );
m_alg_encrypt = std::move(other.m_alg_encrypt );
m_size_enc_key = std::move(other.m_size_enc_key );
m_size_enc_iv = std::move(other.m_size_enc_iv );
@@ -265,6 +277,8 @@ eap::tls_conn_state& eap::tls_conn_state::operator=(_Inout_ tls_conn_state &&oth
#ifdef _DEBUG
// Reinitialize other state primitive members for diagnostic purposes.
other.m_prov_name = NULL;
other.m_prov_type = 0;
other.m_alg_encrypt = 0;
other.m_size_enc_key = 0;
other.m_size_enc_iv = 0;
@@ -277,3 +291,142 @@ eap::tls_conn_state& eap::tls_conn_state::operator=(_Inout_ tls_conn_state &&oth
return *this;
}
void eap::tls_conn_state::set_cipher(_In_ const unsigned char cipher[2])
{
if (cipher[0] == 0x00 && cipher[1] == 0x0a) {
// TLS_RSA_WITH_3DES_EDE_CBC_SHA
m_prov_name = NULL;
m_prov_type = PROV_RSA_AES;
m_alg_encrypt = CALG_3DES;
m_size_enc_key = 192/8; // 3DES 192bits
m_size_enc_iv = 64/8; // 3DES 64bits
m_size_enc_block = 64/8; // 3DES 64bits
m_alg_mac = CALG_SHA1;
m_size_mac_key = 160/8; // SHA-1
m_size_mac_hash = 160/8; // SHA-1
} else if (cipher[0] == 0x00 && cipher[1] == 0x2f) {
// TLS_RSA_WITH_AES_128_CBC_SHA
m_prov_name = NULL;
m_prov_type = PROV_RSA_AES;
m_alg_encrypt = CALG_AES_128;
m_size_enc_key = 128/8; // AES-128
m_size_enc_iv = 128/8; // AES-128
m_size_enc_block = 128/8; // AES-128
m_alg_mac = CALG_SHA1;
m_size_mac_key = 160/8; // SHA-1
m_size_mac_hash = 160/8; // SHA-1
} else if (cipher[0] == 0x00 && cipher[1] == 0x3c) {
// AES128-SHA256
m_prov_name = NULL;
m_prov_type = PROV_RSA_AES;
m_alg_encrypt = CALG_AES_128;
m_size_enc_key = 128/8; // AES-128
m_size_enc_iv = 128/8; // AES-128
m_size_enc_block = 128/8; // AES-128
m_alg_mac = CALG_SHA_256;
m_size_mac_key = 256/8; // SHA-256
m_size_mac_hash = 256/8; // SHA-256
} else if (cipher[0] == 0x00 && cipher[1] == 0x3d) {
// AES256-SHA256
m_prov_name = MS_ENH_RSA_AES_PROV;
m_prov_type = PROV_RSA_AES;
m_alg_encrypt = CALG_AES_256;
m_size_enc_key = 256/8; // AES-256
m_size_enc_iv = 128/8; // AES-256
m_size_enc_block = 128/8; // AES-256
m_alg_mac = CALG_SHA_256;
m_size_mac_key = 256/8; // SHA-256
m_size_mac_hash = 256/8; // SHA-256
} else if (cipher[0] == 0x00 && cipher[1] == 0x40) {
// DHE-DSS-AES128-SHA256
m_prov_name = MS_ENH_DSS_DH_PROV;
m_prov_type = PROV_DSS_DH;
m_alg_encrypt = CALG_AES_128;
m_size_enc_key = 128/8; // AES-128
m_size_enc_iv = 128/8; // AES-128
m_size_enc_block = 128/8; // AES-128
m_alg_mac = CALG_SHA_256;
m_size_mac_key = 256/8; // SHA-256
m_size_mac_hash = 256/8; // SHA-256
} else if (cipher[0] == 0x00 && cipher[1] == 0x67) {
// DHE-RSA-AES128-SHA256
m_prov_name = MS_DEF_DH_SCHANNEL_PROV;
m_prov_type = PROV_DH_SCHANNEL;
m_alg_encrypt = CALG_AES_128;
m_size_enc_key = 128/8; // AES-128
m_size_enc_iv = 128/8; // AES-128
m_size_enc_block = 128/8; // AES-128
m_alg_mac = CALG_SHA_256;
m_size_mac_key = 256/8; // SHA-256
m_size_mac_hash = 256/8; // SHA-256
} else if (cipher[0] == 0x00 && cipher[1] == 0x6a) {
// DHE-DSS-AES256-SHA256
m_prov_name = MS_ENH_DSS_DH_PROV;
m_prov_type = PROV_DSS_DH;
m_alg_encrypt = CALG_AES_256;
m_size_enc_key = 256/8; // AES-256
m_size_enc_iv = 128/8; // AES-256
m_size_enc_block = 128/8; // AES-256
m_alg_mac = CALG_SHA_256;
m_size_mac_key = 256/8; // SHA-256
m_size_mac_hash = 256/8; // SHA-256
} else if (cipher[0] == 0x00 && cipher[1] == 0x6b) {
// DHE-RSA-AES256-SHA256
m_prov_name = MS_DEF_DH_SCHANNEL_PROV;
m_prov_type = PROV_DH_SCHANNEL;
m_alg_encrypt = CALG_AES_256;
m_size_enc_key = 256/8; // AES-256
m_size_enc_iv = 128/8; // AES-256
m_size_enc_block = 128/8; // AES-256
m_alg_mac = CALG_SHA_256;
m_size_mac_key = 256/8; // SHA-256
m_size_mac_hash = 256/8; // SHA-256
} else if (cipher[0] == 0xc0 && cipher[1] == 0x23) {
// ECDHE-ECDSA-AES128-SHA256
m_prov_name = MS_ENH_DSS_DH_PROV;
m_prov_type = PROV_DSS_DH;
m_alg_encrypt = CALG_AES_128;
m_size_enc_key = 128/8; // AES-128
m_size_enc_iv = 128/8; // AES-128
m_size_enc_block = 128/8; // AES-128
m_alg_mac = CALG_SHA_256;
m_size_mac_key = 256/8; // SHA-256
m_size_mac_hash = 256/8; // SHA-256
} else if (cipher[0] == 0xc0 && cipher[1] == 0x24) {
// ECDHE-ECDSA-AES256-SHA384
m_prov_name = MS_ENH_DSS_DH_PROV;
m_prov_type = PROV_DSS_DH;
m_alg_encrypt = CALG_AES_256;
m_size_enc_key = 256/8; // AES-256
m_size_enc_iv = 128/8; // AES-256
m_size_enc_block = 128/8; // AES-256
m_alg_mac = CALG_SHA_384;
m_size_mac_key = 384/8; // SHA-384
m_size_mac_hash = 384/8; // SHA-384
} else if (cipher[0] == 0xc0 && cipher[1] == 0x27) {
// ECDHE-RSA-AES128-SHA256
m_prov_name = MS_ENH_DSS_DH_PROV;
m_prov_type = PROV_DSS_DH;
m_alg_encrypt = CALG_AES_128;
m_size_enc_key = 128/8; // AES-128
m_size_enc_iv = 128/8; // AES-128
m_size_enc_block = 128/8; // AES-128
m_alg_mac = CALG_SHA_256;
m_size_mac_key = 256/8; // SHA-256
m_size_mac_hash = 256/8; // SHA-256
} else if (cipher[0] == 0xc0 && cipher[1] == 0x28) {
// ECDHE-RSA-AES256-SHA384
m_prov_name = MS_ENH_DSS_DH_PROV;
m_prov_type = PROV_DSS_DH;
m_alg_encrypt = CALG_AES_256;
m_size_enc_key = 256/8; // AES-256
m_size_enc_iv = 128/8; // AES-256
m_size_enc_block = 128/8; // AES-256
m_alg_mac = CALG_SHA_384;
m_size_mac_key = 384/8; // SHA-384
m_size_mac_hash = 384/8; // SHA-384
} else
throw win_runtime_error(ERROR_NOT_SUPPORTED, string_printf(__FUNCTION__ " Unknown cipher (received 0x%02x%02x).", cipher[0], cipher[1]));
}

686
lib/TLS_UI/include/TLS_UI.h
View File

@@ -1,342 +1,344 @@
/*
Copyright 2015-2016 Amebis
Copyright 2016 GÉANT
This file is part of GÉANTLink.
GÉANTLink is free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
GÉANTLink is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
*/
#include "../../EAPBase_UI/include/EAP_UI.h"
#include "../../TLS/include/Config.h"
#include "../../TLS/include/Credentials.h"
#include <WinStd/Common.h>
#include <wx/filedlg.h>
#include <wx/msgdlg.h>
#include <Windows.h>
#include <cryptuiapi.h>
#include <WinCrypt.h> // Must include after <Windows.h>
#include <list>
#include <string>
///
/// Helper class for auto-destroyable certificates used in wxWidget's item containers
///
class wxCertificateClientData;
///
/// Validator for host name
///
class wxHostNameValidator;
///
/// Validator for FQDN
///
class wxFQDNValidator;
///
/// Validator for FQDN lists
///
class wxFQDNListValidator;
///
/// TLS credential panel
///
class wxTLSCredentialsPanel;
///
/// TLS server trust configuration panel
///
class wxTLSServerTrustPanel;
///
/// TLS credentials configuration panel
///
typedef wxEAPCredentialsConfigPanel<eap::credentials_tls, wxTLSCredentialsPanel> wxTLSCredentialsConfigPanel;
///
/// TLS configuration panel
///
class wxTLSConfigPanel;
#pragma once
#include "../res/wxTLS_UI.h"
#include <WinStd/Win.h>
#include <wx/clntdata.h>
#include <wx/icon.h>
#include <wx/panel.h>
#include <wx/textctrl.h>
#include <wx/validate.h>
#include <list>
#include <string>
#include <vector>
class wxCertificateClientData : public wxClientData
{
public:
///
/// Constructs client data object with existing handle
///
wxCertificateClientData(PCCERT_CONTEXT cert);
///
/// Releases certificate handle and destructs the object
///
virtual ~wxCertificateClientData();
public:
PCCERT_CONTEXT m_cert; ///< Certificate
};
class wxHostNameValidator : public wxValidator
{
wxDECLARE_DYNAMIC_CLASS(wxHostNameValidator);
wxDECLARE_NO_ASSIGN_CLASS(wxHostNameValidator);
public:
///
/// Construct the validator with a value to store data
///
wxHostNameValidator(std::wstring *val = NULL);
///
/// Copy constructor
///
wxHostNameValidator(const wxHostNameValidator &other);
///
/// Copies this validator
///
virtual wxObject* Clone() const;
///
/// Validates the value
///
virtual bool Validate(wxWindow *parent);
///
/// Transfers the value to the window
///
virtual bool TransferToWindow();
///
/// Transfers the value from the window
///
virtual bool TransferFromWindow();
///
/// Parses FQDN value
///
static bool Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::wstring *val_out = NULL);
protected:
std::wstring *m_val; ///< Pointer to variable to receive control's parsed value
};
class wxFQDNValidator : public wxValidator
{
wxDECLARE_DYNAMIC_CLASS(wxFQDNValidator);
wxDECLARE_NO_ASSIGN_CLASS(wxFQDNValidator);
public:
///
/// Construct the validator with a value to store data
///
wxFQDNValidator(std::wstring *val = NULL);
///
/// Copy constructor
///
wxFQDNValidator(const wxFQDNValidator &other);
///
/// Copies this validator
///
virtual wxObject* Clone() const;
///
/// Validates the value
///
virtual bool Validate(wxWindow *parent);
///
/// Transfers the value to the window
///
virtual bool TransferToWindow();
///
/// Transfers the value from the window
///
virtual bool TransferFromWindow();
///
/// Parses FQDN value
///
static bool Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::wstring *val_out = NULL);
protected:
std::wstring *m_val; ///< Pointer to variable to receive control's parsed value
};
class wxFQDNListValidator : public wxValidator
{
wxDECLARE_DYNAMIC_CLASS(wxFQDNListValidator);
wxDECLARE_NO_ASSIGN_CLASS(wxFQDNListValidator);
public:
///
/// Construct the validator with a value to store data
///
wxFQDNListValidator(std::list<std::wstring> *val = NULL);
///
/// Copy constructor
///
wxFQDNListValidator(const wxFQDNListValidator &other);
///
/// Copies this validator
///
virtual wxObject* Clone() const;
///
/// Validates the value
///
virtual bool Validate(wxWindow *parent);
///
/// Transfers the value to the window
///
virtual bool TransferToWindow();
///
/// Transfers the value from the window
///
virtual bool TransferFromWindow();
///
/// Parses FQDN list value
///
static bool Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::list<std::wstring> *val_out = NULL);
protected:
std::list<std::wstring> *m_val; ///< Pointer to variable to receive control's parsed value
};
class wxTLSCredentialsPanel : public wxEAPCredentialsPanelBase<eap::credentials_tls, wxTLSCredentialsPanelBase>
{
public:
///
/// Constructs a configuration panel
///
/// \param[in] prov Provider configuration data
/// \param[in] cfg Configuration data
/// \param[inout] cred Credentials data
/// \param[in] pszCredTarget Target name of credentials in Windows Credential Manager. Can be further decorated to create final target name.
/// \param[in] parent Parent window
/// \param[in] is_config Is this panel used to pre-enter credentials? When \c true, the "Remember" checkbox is always selected and disabled.
///
wxTLSCredentialsPanel(const eap::config_provider &prov, const eap::config_method_with_cred &cfg, eap::credentials_tls &cred, LPCTSTR pszCredTarget, wxWindow* parent, bool is_config = false);
protected:
/// \cond internal
virtual bool TransferDataToWindow();
virtual bool TransferDataFromWindow();
virtual void OnUpdateUI(wxUpdateUIEvent& event);
/// \endcond
protected:
winstd::library m_shell32; ///< shell32.dll resource library reference
wxIcon m_icon; ///< Panel icon
};
class wxTLSServerTrustPanel : public wxEAPTLSServerTrustConfigPanelBase
{
public:
///
/// Constructs a configuration panel
///
wxTLSServerTrustPanel(const eap::config_provider &prov, eap::config_method_tls &cfg, wxWindow* parent);
protected:
/// \cond internal
virtual bool TransferDataToWindow();
virtual bool TransferDataFromWindow();
virtual void OnUpdateUI(wxUpdateUIEvent& event);
virtual void OnRootCADClick(wxCommandEvent& event);
virtual void OnRootCAAddStore(wxCommandEvent& event);
virtual void OnRootCAAddFile(wxCommandEvent& event);
virtual void OnRootCARemove(wxCommandEvent& event);
/// \endcond
///
/// Adds a certificate to the list of trusted root CA list
///
/// \param[in] cert Certificate
///
/// \returns
/// - \c true if certificate was added;
/// - \c false if duplicate found or an error occured.
///
bool AddRootCA(PCCERT_CONTEXT cert);
protected:
const eap::config_provider &m_prov; ///< EAP provider
eap::config_method_tls &m_cfg; ///< TLS configuration
winstd::library m_certmgr; ///< certmgr.dll resource library reference
wxIcon m_icon; ///< Panel icon
std::list<std::wstring> m_server_names_val; ///< Acceptable authenticating server names
};
class wxTLSConfigPanel : public wxPanel
{
public:
///
/// Constructs a configuration panel
///
wxTLSConfigPanel(const eap::config_provider &prov, eap::config_method_tls &cfg, LPCTSTR pszCredTarget, wxWindow* parent);
///
/// Destructs the configuration panel
///
virtual ~wxTLSConfigPanel();
protected:
/// \cond internal
virtual void OnInitDialog(wxInitDialogEvent& event);
virtual bool TransferDataFromWindow();
/// \endcond
protected:
const eap::config_provider &m_prov; ///< EAP provider
eap::config_method_tls &m_cfg; ///< TLS configuration
wxTLSServerTrustPanel *m_server_trust; ///< Server trust configuration panel
wxTLSCredentialsConfigPanel *m_credentials; ///< Credentials configuration panel
};
/*
Copyright 2015-2016 Amebis
Copyright 2016 GÉANT
This file is part of GÉANTLink.
GÉANTLink is free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
GÉANTLink is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
*/
#include "../../EAPBase_UI/include/EAP_UI.h"
#include "../../TLS/include/Config.h"
#include "../../TLS/include/Credentials.h"
#include <WinStd/Common.h>
#include <wx/filedlg.h>
#include <wx/msgdlg.h>
#include <Windows.h>
#include <cryptuiapi.h>
#include <WinCrypt.h> // Must include after <Windows.h>
#include <list>
#include <string>
///
/// Helper class for auto-destroyable certificates used in wxWidget's item containers
///
class wxCertificateClientData;
///
/// Validator for host name
///
class wxHostNameValidator;
///
/// Validator for FQDN
///
class wxFQDNValidator;
///
/// Validator for FQDN lists
///
class wxFQDNListValidator;
///
/// TLS credential panel
///
class wxTLSCredentialsPanel;
///
/// TLS server trust configuration panel
///
class wxTLSServerTrustPanel;
///
/// TLS credentials configuration panel
///
typedef wxEAPCredentialsConfigPanel<eap::credentials_tls, wxTLSCredentialsPanel> wxTLSCredentialsConfigPanel;
///
/// TLS configuration panel
///
class wxTLSConfigPanel;
#pragma once
#include "../res/wxTLS_UI.h"
#include <WinStd/Win.h>
#include <wx/clntdata.h>
#include <wx/icon.h>
#include <wx/panel.h>
#include <wx/textctrl.h>
#include <wx/validate.h>
#include <list>
#include <string>
#include <vector>
class wxCertificateClientData : public wxClientData
{
public:
///
/// Constructs client data object with existing handle
///
wxCertificateClientData(PCCERT_CONTEXT cert);
///
/// Releases certificate handle and destructs the object
///
virtual ~wxCertificateClientData();
public:
PCCERT_CONTEXT m_cert; ///< Certificate
};
class wxHostNameValidator : public wxValidator
{
wxDECLARE_DYNAMIC_CLASS(wxHostNameValidator);
wxDECLARE_NO_ASSIGN_CLASS(wxHostNameValidator);
public:
///
/// Construct the validator with a value to store data
///
wxHostNameValidator(std::wstring *val = NULL);
///
/// Copy constructor
///
wxHostNameValidator(const wxHostNameValidator &other);
///
/// Copies this validator
///
virtual wxObject* Clone() const;
///
/// Validates the value
///
virtual bool Validate(wxWindow *parent);
///
/// Transfers the value to the window
///
virtual bool TransferToWindow();
///
/// Transfers the value from the window
///
virtual bool TransferFromWindow();
///
/// Parses FQDN value
///
static bool Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::wstring *val_out = NULL);
protected:
std::wstring *m_val; ///< Pointer to variable to receive control's parsed value
};
class wxFQDNValidator : public wxValidator
{
wxDECLARE_DYNAMIC_CLASS(wxFQDNValidator);
wxDECLARE_NO_ASSIGN_CLASS(wxFQDNValidator);
public:
///
/// Construct the validator with a value to store data
///
wxFQDNValidator(std::wstring *val = NULL);
///
/// Copy constructor
///
wxFQDNValidator(const wxFQDNValidator &other);
///
/// Copies this validator
///
virtual wxObject* Clone() const;
///
/// Validates the value
///
virtual bool Validate(wxWindow *parent);
///
/// Transfers the value to the window
///
virtual bool TransferToWindow();
///
/// Transfers the value from the window
///
virtual bool TransferFromWindow();
///
/// Parses FQDN value
///
static bool Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::wstring *val_out = NULL);
protected:
std::wstring *m_val; ///< Pointer to variable to receive control's parsed value
};
class wxFQDNListValidator : public wxValidator
{
wxDECLARE_DYNAMIC_CLASS(wxFQDNListValidator);
wxDECLARE_NO_ASSIGN_CLASS(wxFQDNListValidator);
public:
///
/// Construct the validator with a value to store data
///
wxFQDNListValidator(std::list<std::wstring> *val = NULL);
///
/// Copy constructor
///
wxFQDNListValidator(const wxFQDNListValidator &other);
///
/// Copies this validator
///
virtual wxObject* Clone() const;
///
/// Validates the value
///
virtual bool Validate(wxWindow *parent);
///
/// Transfers the value to the window
///
virtual bool TransferToWindow();
///
/// Transfers the value from the window
///
virtual bool TransferFromWindow();
///
/// Parses FQDN list value
///
static bool Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::list<std::wstring> *val_out = NULL);
protected:
std::list<std::wstring> *m_val; ///< Pointer to variable to receive control's parsed value
};
class wxTLSCredentialsPanel : public wxEAPCredentialsPanelBase<eap::credentials_tls, wxTLSCredentialsPanelBase>
{
public:
///
/// Constructs a configuration panel
///
/// \param[in] prov Provider configuration data
/// \param[in] cfg Configuration data
/// \param[inout] cred Credentials data
/// \param[in] pszCredTarget Target name of credentials in Windows Credential Manager. Can be further decorated to create final target name.
/// \param[in] parent Parent window
/// \param[in] is_config Is this panel used to pre-enter credentials? When \c true, the "Remember" checkbox is always selected and disabled.
///
wxTLSCredentialsPanel(const eap::config_provider &prov, const eap::config_method_with_cred &cfg, eap::credentials_tls &cred, LPCTSTR pszCredTarget, wxWindow* parent, bool is_config = false);
protected:
/// \cond internal
virtual bool TransferDataToWindow();
virtual bool TransferDataFromWindow();
virtual void OnUpdateUI(wxUpdateUIEvent& event);
/// \endcond
protected:
winstd::library m_shell32; ///< shell32.dll resource library reference
wxIcon m_icon; ///< Panel icon
};
class wxTLSServerTrustPanel : public wxEAPTLSServerTrustConfigPanelBase
{
public:
///
/// Constructs a configuration panel
///
wxTLSServerTrustPanel(const eap::config_provider &prov, eap::config_method_tls &cfg, wxWindow* parent);
protected:
/// \cond internal
virtual bool TransferDataToWindow();
virtual bool TransferDataFromWindow();
virtual void OnUpdateUI(wxUpdateUIEvent& event);
virtual void OnRootCADClick(wxCommandEvent& event);
virtual void OnRootCAAddStore(wxCommandEvent& event);
virtual void OnRootCAAddFile(wxCommandEvent& event);
virtual void OnRootCARemove(wxCommandEvent& event);
/// \endcond
///
/// Adds a certificate to the list of trusted root CA list
///
/// \param[in] cert Certificate
///
/// \returns
/// - \c true if certificate was added;
/// - \c false if duplicate found or an error occured.
///
bool AddRootCA(PCCERT_CONTEXT cert);
protected:
const eap::config_provider &m_prov; ///< EAP provider
eap::config_method_tls &m_cfg; ///< TLS configuration
winstd::library m_certmgr; ///< certmgr.dll resource library reference
wxIcon m_icon; ///< Panel icon
std::list<std::wstring> m_server_names_val; ///< Acceptable authenticating server names
};
class wxTLSConfigPanel : public wxPanel
{
public:
///
/// Constructs a configuration panel
///
wxTLSConfigPanel(const eap::config_provider &prov, eap::config_method_tls &cfg, LPCTSTR pszCredTarget, wxWindow* parent);
///
/// Destructs the configuration panel
///
virtual ~wxTLSConfigPanel();
protected:
/// \cond internal
virtual void OnInitDialog(wxInitDialogEvent& event);
#if EAP_TLS < EAP_TLS_SCHANNEL
virtual bool TransferDataFromWindow();
#endif
/// \endcond
protected:
const eap::config_provider &m_prov; ///< EAP provider
eap::config_method_tls &m_cfg; ///< TLS configuration
wxTLSServerTrustPanel *m_server_trust; ///< Server trust configuration panel
wxTLSCredentialsConfigPanel *m_credentials; ///< Credentials configuration panel
};

383
lib/TLS_UI/res/wxTLS_UI.cpp
View File

@@ -1,182 +1,201 @@
///////////////////////////////////////////////////////////////////////////
// C++ code generated with wxFormBuilder (version Jun 17 2015)
// http://www.wxformbuilder.org/
//
// PLEASE DO "NOT" EDIT THIS FILE!
///////////////////////////////////////////////////////////////////////////
#include <StdAfx.h>
#include "wxTLS_UI.h"
///////////////////////////////////////////////////////////////////////////
wxEAPTLSServerTrustConfigPanelBase::wxEAPTLSServerTrustConfigPanelBase( wxWindow* parent, wxWindowID id, const wxPoint& pos, const wxSize& size, long style ) : wxPanel( parent, id, pos, size, style )
{
wxStaticBoxSizer* sb_server_trust;
sb_server_trust = new wxStaticBoxSizer( new wxStaticBox( this, wxID_ANY, _("Server Trust") ), wxVERTICAL );
wxBoxSizer* sb_server_trust_horiz;
sb_server_trust_horiz = new wxBoxSizer( wxHORIZONTAL );
m_server_trust_icon = new wxStaticBitmap( sb_server_trust->GetStaticBox(), wxID_ANY, wxNullBitmap, wxDefaultPosition, wxDefaultSize, 0 );
sb_server_trust_horiz->Add( m_server_trust_icon, 0, wxALL, 5 );
wxBoxSizer* sb_server_trust_vert;
sb_server_trust_vert = new wxBoxSizer( wxVERTICAL );
m_server_trust_label = new wxStaticText( sb_server_trust->GetStaticBox(), wxID_ANY, _("Describe the servers you trust to prevent credential interception in case of man-in-the-middle attacks."), wxDefaultPosition, wxDefaultSize, 0 );
m_server_trust_label->Wrap( 446 );
sb_server_trust_vert->Add( m_server_trust_label, 0, wxALL|wxEXPAND, 5 );
wxBoxSizer* sb_root_ca;
sb_root_ca = new wxBoxSizer( wxVERTICAL );
m_root_ca_lbl = new wxStaticText( sb_server_trust->GetStaticBox(), wxID_ANY, _("Acceptable Certificate Authorities:"), wxDefaultPosition, wxDefaultSize, 0 );
m_root_ca_lbl->Wrap( -1 );
sb_root_ca->Add( m_root_ca_lbl, 0, wxEXPAND|wxBOTTOM, 5 );
m_root_ca = new wxListBox( sb_server_trust->GetStaticBox(), wxID_ANY, wxDefaultPosition, wxDefaultSize, 0, NULL, wxLB_SORT );
m_root_ca->SetToolTip( _("List of certificate authorities server's certificate must be issued by") );
sb_root_ca->Add( m_root_ca, 1, wxEXPAND|wxBOTTOM, 5 );
wxBoxSizer* sb_root_ca_btn;
sb_root_ca_btn = new wxBoxSizer( wxHORIZONTAL );
m_root_ca_add_store = new wxButton( sb_server_trust->GetStaticBox(), wxID_ANY, _("Add CA from Store..."), wxDefaultPosition, wxDefaultSize, 0 );
m_root_ca_add_store->SetToolTip( _("Adds a new certificate authority from the certificate store to the list") );
sb_root_ca_btn->Add( m_root_ca_add_store, 0, wxRIGHT, 5 );
m_root_ca_add_file = new wxButton( sb_server_trust->GetStaticBox(), wxID_ANY, _("Add CA from File..."), wxDefaultPosition, wxDefaultSize, 0 );
m_root_ca_add_file->SetToolTip( _("Adds a new certificate authority from the file to the list") );
sb_root_ca_btn->Add( m_root_ca_add_file, 0, wxRIGHT|wxLEFT, 5 );
m_root_ca_remove = new wxButton( sb_server_trust->GetStaticBox(), wxID_ANY, _("&Remove CA"), wxDefaultPosition, wxDefaultSize, 0 );
m_root_ca_remove->Enable( false );
m_root_ca_remove->SetToolTip( _("Removes selected certificate authorities from the list") );
sb_root_ca_btn->Add( m_root_ca_remove, 0, wxLEFT, 5 );
sb_root_ca->Add( sb_root_ca_btn, 0, wxALIGN_RIGHT, 5 );
sb_server_trust_vert->Add( sb_root_ca, 1, wxEXPAND|wxALL, 5 );
wxBoxSizer* sb_server_names;
sb_server_names = new wxBoxSizer( wxVERTICAL );
m_server_names_label = new wxStaticText( sb_server_trust->GetStaticBox(), wxID_ANY, _("Acceptable server &names:"), wxDefaultPosition, wxDefaultSize, 0 );
m_server_names_label->Wrap( -1 );
sb_server_names->Add( m_server_names_label, 0, wxBOTTOM, 5 );
m_server_names = new wxTextCtrl( sb_server_trust->GetStaticBox(), wxID_ANY, wxEmptyString, wxDefaultPosition, wxDefaultSize, 0 );
m_server_names->SetToolTip( _("A semicolon delimited list of acceptable server FQDN names; blank to skip name check; Unicode characters allowed") );
sb_server_names->Add( m_server_names, 0, wxEXPAND|wxBOTTOM, 5 );
m_server_names_note = new wxStaticText( sb_server_trust->GetStaticBox(), wxID_ANY, _("(Example: foo.bar.com;server2.bar.com)"), wxDefaultPosition, wxDefaultSize, 0 );
m_server_names_note->Wrap( -1 );
sb_server_names->Add( m_server_names_note, 0, wxALIGN_RIGHT, 5 );
sb_server_trust_vert->Add( sb_server_names, 0, wxEXPAND|wxALL, 5 );
sb_server_trust_horiz->Add( sb_server_trust_vert, 1, wxEXPAND, 5 );
sb_server_trust->Add( sb_server_trust_horiz, 1, wxEXPAND, 5 );
this->SetSizer( sb_server_trust );
this->Layout();
// Connect Events
this->Connect( wxEVT_UPDATE_UI, wxUpdateUIEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnUpdateUI ) );
m_root_ca->Connect( wxEVT_COMMAND_LISTBOX_DOUBLECLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCADClick ), NULL, this );
m_root_ca_add_store->Connect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCAAddStore ), NULL, this );
m_root_ca_add_file->Connect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCAAddFile ), NULL, this );
m_root_ca_remove->Connect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCARemove ), NULL, this );
}
wxEAPTLSServerTrustConfigPanelBase::~wxEAPTLSServerTrustConfigPanelBase()
{
// Disconnect Events
this->Disconnect( wxEVT_UPDATE_UI, wxUpdateUIEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnUpdateUI ) );
m_root_ca->Disconnect( wxEVT_COMMAND_LISTBOX_DOUBLECLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCADClick ), NULL, this );
m_root_ca_add_store->Disconnect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCAAddStore ), NULL, this );
m_root_ca_add_file->Disconnect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCAAddFile ), NULL, this );
m_root_ca_remove->Disconnect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCARemove ), NULL, this );
}
wxTLSCredentialsPanelBase::wxTLSCredentialsPanelBase( wxWindow* parent, wxWindowID id, const wxPoint& pos, const wxSize& size, long style ) : wxPanel( parent, id, pos, size, style )
{
wxStaticBoxSizer* sb_credentials;
sb_credentials = new wxStaticBoxSizer( new wxStaticBox( this, wxID_ANY, _("TLS Client Certificate") ), wxVERTICAL );
wxBoxSizer* sb_credentials_horiz;
sb_credentials_horiz = new wxBoxSizer( wxHORIZONTAL );
m_credentials_icon = new wxStaticBitmap( sb_credentials->GetStaticBox(), wxID_ANY, wxNullBitmap, wxDefaultPosition, wxDefaultSize, 0 );
sb_credentials_horiz->Add( m_credentials_icon, 0, wxALL, 5 );
wxBoxSizer* sb_credentials_vert;
sb_credentials_vert = new wxBoxSizer( wxVERTICAL );
m_credentials_label = new wxStaticText( sb_credentials->GetStaticBox(), wxID_ANY, _("Please select your client certificate to use for authentication."), wxDefaultPosition, wxDefaultSize, 0 );
m_credentials_label->Wrap( 446 );
sb_credentials_vert->Add( m_credentials_label, 0, wxALL|wxEXPAND, 5 );
wxBoxSizer* sb_cert_radio;
sb_cert_radio = new wxBoxSizer( wxVERTICAL );
m_cert_none = new wxRadioButton( sb_credentials->GetStaticBox(), wxID_ANY, _("Co&nnect without providing a client certificate"), wxDefaultPosition, wxDefaultSize, wxRB_GROUP );
m_cert_none->SetToolTip( _("Select if your server does not require you to provide a client certificate") );
sb_cert_radio->Add( m_cert_none, 1, wxEXPAND, 5 );
wxBoxSizer* sb_cert_select;
sb_cert_select = new wxBoxSizer( wxHORIZONTAL );
m_cert_select = new wxRadioButton( sb_credentials->GetStaticBox(), wxID_ANY, _("Use the following &certificate:"), wxDefaultPosition, wxDefaultSize, 0 );
m_cert_select->SetToolTip( _("Select if you need to provide a client certificate when connecting") );
sb_cert_select->Add( m_cert_select, 0, wxEXPAND, 5 );
wxArrayString m_cert_select_valChoices;
m_cert_select_val = new wxChoice( sb_credentials->GetStaticBox(), wxID_ANY, wxDefaultPosition, wxDefaultSize, m_cert_select_valChoices, wxCB_SORT );
m_cert_select_val->SetSelection( 0 );
m_cert_select_val->SetToolTip( _("Client certificate to use for authentication") );
sb_cert_select->Add( m_cert_select_val, 1, wxEXPAND, 5 );
sb_cert_radio->Add( sb_cert_select, 1, wxEXPAND, 5 );
sb_credentials_vert->Add( sb_cert_radio, 0, wxEXPAND|wxALL, 5 );
m_remember = new wxCheckBox( sb_credentials->GetStaticBox(), wxID_ANY, _("&Remember"), wxDefaultPosition, wxDefaultSize, 0 );
m_remember->SetHelpText( _("Check if you would like to save certificate selection") );
sb_credentials_vert->Add( m_remember, 0, wxALL|wxEXPAND, 5 );
sb_credentials_horiz->Add( sb_credentials_vert, 1, wxEXPAND, 5 );
sb_credentials->Add( sb_credentials_horiz, 0, wxEXPAND, 5 );
this->SetSizer( sb_credentials );
this->Layout();
}
wxTLSCredentialsPanelBase::~wxTLSCredentialsPanelBase()
{
}
///////////////////////////////////////////////////////////////////////////
// C++ code generated with wxFormBuilder (version Jun 17 2015)
// http://www.wxformbuilder.org/
//
// PLEASE DO "NOT" EDIT THIS FILE!
///////////////////////////////////////////////////////////////////////////
#include <StdAfx.h>
#include "wxTLS_UI.h"
///////////////////////////////////////////////////////////////////////////
wxEAPTLSServerTrustConfigPanelBase::wxEAPTLSServerTrustConfigPanelBase( wxWindow* parent, wxWindowID id, const wxPoint& pos, const wxSize& size, long style ) : wxPanel( parent, id, pos, size, style )
{
wxStaticBoxSizer* sb_server_trust;
sb_server_trust = new wxStaticBoxSizer( new wxStaticBox( this, wxID_ANY, _("Server Trust") ), wxVERTICAL );
wxBoxSizer* sb_server_trust_horiz;
sb_server_trust_horiz = new wxBoxSizer( wxHORIZONTAL );
m_server_trust_icon = new wxStaticBitmap( sb_server_trust->GetStaticBox(), wxID_ANY, wxNullBitmap, wxDefaultPosition, wxDefaultSize, 0 );
sb_server_trust_horiz->Add( m_server_trust_icon, 0, wxALL, 5 );
wxBoxSizer* sb_server_trust_vert;
sb_server_trust_vert = new wxBoxSizer( wxVERTICAL );
m_server_trust_label = new wxStaticText( sb_server_trust->GetStaticBox(), wxID_ANY, _("Describe the servers you trust to prevent credential interception in case of man-in-the-middle attacks."), wxDefaultPosition, wxDefaultSize, 0 );
m_server_trust_label->Wrap( 446 );
sb_server_trust_vert->Add( m_server_trust_label, 0, wxALL|wxEXPAND, 5 );
wxBoxSizer* sb_root_ca;
sb_root_ca = new wxBoxSizer( wxVERTICAL );
m_root_ca_lbl = new wxStaticText( sb_server_trust->GetStaticBox(), wxID_ANY, _("Acceptable Certificate Authorities:"), wxDefaultPosition, wxDefaultSize, 0 );
m_root_ca_lbl->Wrap( -1 );
sb_root_ca->Add( m_root_ca_lbl, 0, wxEXPAND|wxBOTTOM, 5 );
m_root_ca = new wxListBox( sb_server_trust->GetStaticBox(), wxID_ANY, wxDefaultPosition, wxDefaultSize, 0, NULL, wxLB_SORT );
m_root_ca->SetToolTip( _("List of certificate authorities server's certificate must be issued by") );
sb_root_ca->Add( m_root_ca, 1, wxEXPAND|wxBOTTOM, 5 );
wxBoxSizer* sb_root_ca_btn;
sb_root_ca_btn = new wxBoxSizer( wxHORIZONTAL );
m_root_ca_add_store = new wxButton( sb_server_trust->GetStaticBox(), wxID_ANY, _("Add CA from Store..."), wxDefaultPosition, wxDefaultSize, 0 );
m_root_ca_add_store->SetToolTip( _("Adds a new certificate authority from the certificate store to the list") );
sb_root_ca_btn->Add( m_root_ca_add_store, 0, wxRIGHT, 5 );
m_root_ca_add_file = new wxButton( sb_server_trust->GetStaticBox(), wxID_ANY, _("Add CA from File..."), wxDefaultPosition, wxDefaultSize, 0 );
m_root_ca_add_file->SetToolTip( _("Adds a new certificate authority from the file to the list") );
sb_root_ca_btn->Add( m_root_ca_add_file, 0, wxRIGHT|wxLEFT, 5 );
m_root_ca_remove = new wxButton( sb_server_trust->GetStaticBox(), wxID_ANY, _("&Remove CA"), wxDefaultPosition, wxDefaultSize, 0 );
m_root_ca_remove->Enable( false );
m_root_ca_remove->SetToolTip( _("Removes selected certificate authorities from the list") );
sb_root_ca_btn->Add( m_root_ca_remove, 0, wxLEFT, 5 );
sb_root_ca->Add( sb_root_ca_btn, 0, wxALIGN_RIGHT, 5 );
sb_server_trust_vert->Add( sb_root_ca, 1, wxEXPAND|wxALL, 5 );
wxBoxSizer* sb_server_names;
sb_server_names = new wxBoxSizer( wxVERTICAL );
m_server_names_label = new wxStaticText( sb_server_trust->GetStaticBox(), wxID_ANY, _("Acceptable server &names:"), wxDefaultPosition, wxDefaultSize, 0 );
m_server_names_label->Wrap( -1 );
sb_server_names->Add( m_server_names_label, 0, wxBOTTOM, 5 );
m_server_names = new wxTextCtrl( sb_server_trust->GetStaticBox(), wxID_ANY, wxEmptyString, wxDefaultPosition, wxDefaultSize, 0 );
m_server_names->SetToolTip( _("A semicolon delimited list of acceptable server FQDN names; blank to skip name check; Unicode characters allowed") );
sb_server_names->Add( m_server_names, 0, wxEXPAND|wxBOTTOM, 5 );
m_server_names_note = new wxStaticText( sb_server_trust->GetStaticBox(), wxID_ANY, _("(Example: foo.bar.com;server2.bar.com)"), wxDefaultPosition, wxDefaultSize, 0 );
m_server_names_note->Wrap( -1 );
sb_server_names->Add( m_server_names_note, 0, wxALIGN_RIGHT, 5 );
sb_server_trust_vert->Add( sb_server_names, 0, wxEXPAND|wxALL, 5 );
sb_server_trust_horiz->Add( sb_server_trust_vert, 1, wxEXPAND, 5 );
sb_server_trust->Add( sb_server_trust_horiz, 1, wxEXPAND, 5 );
this->SetSizer( sb_server_trust );
this->Layout();
// Connect Events
this->Connect( wxEVT_UPDATE_UI, wxUpdateUIEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnUpdateUI ) );
m_root_ca->Connect( wxEVT_COMMAND_LISTBOX_DOUBLECLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCADClick ), NULL, this );
m_root_ca_add_store->Connect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCAAddStore ), NULL, this );
m_root_ca_add_file->Connect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCAAddFile ), NULL, this );
m_root_ca_remove->Connect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCARemove ), NULL, this );
}
wxEAPTLSServerTrustConfigPanelBase::~wxEAPTLSServerTrustConfigPanelBase()
{
// Disconnect Events
this->Disconnect( wxEVT_UPDATE_UI, wxUpdateUIEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnUpdateUI ) );
m_root_ca->Disconnect( wxEVT_COMMAND_LISTBOX_DOUBLECLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCADClick ), NULL, this );
m_root_ca_add_store->Disconnect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCAAddStore ), NULL, this );
m_root_ca_add_file->Disconnect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCAAddFile ), NULL, this );
m_root_ca_remove->Disconnect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCARemove ), NULL, this );
}
wxTLSCredentialsPanelBase::wxTLSCredentialsPanelBase( wxWindow* parent, wxWindowID id, const wxPoint& pos, const wxSize& size, long style ) : wxPanel( parent, id, pos, size, style )
{
wxStaticBoxSizer* sb_credentials;
sb_credentials = new wxStaticBoxSizer( new wxStaticBox( this, wxID_ANY, _("TLS Client Certificate") ), wxVERTICAL );
wxBoxSizer* sb_credentials_horiz;
sb_credentials_horiz = new wxBoxSizer( wxHORIZONTAL );
m_credentials_icon = new wxStaticBitmap( sb_credentials->GetStaticBox(), wxID_ANY, wxNullBitmap, wxDefaultPosition, wxDefaultSize, 0 );
sb_credentials_horiz->Add( m_credentials_icon, 0, wxALL, 5 );
wxBoxSizer* sb_credentials_vert;
sb_credentials_vert = new wxBoxSizer( wxVERTICAL );
m_credentials_label = new wxStaticText( sb_credentials->GetStaticBox(), wxID_ANY, _("Please select your client certificate to use for authentication."), wxDefaultPosition, wxDefaultSize, 0 );
m_credentials_label->Wrap( 446 );
sb_credentials_vert->Add( m_credentials_label, 0, wxALL|wxEXPAND, 5 );
wxBoxSizer* sb_cert_radio;
sb_cert_radio = new wxBoxSizer( wxVERTICAL );
m_cert_none = new wxRadioButton( sb_credentials->GetStaticBox(), wxID_ANY, _("Co&nnect without providing a client certificate"), wxDefaultPosition, wxDefaultSize, wxRB_GROUP );
m_cert_none->SetToolTip( _("Select if your server does not require you to provide a client certificate") );
sb_cert_radio->Add( m_cert_none, 1, wxEXPAND, 5 );
wxBoxSizer* sb_cert_select;
sb_cert_select = new wxBoxSizer( wxHORIZONTAL );
m_cert_select = new wxRadioButton( sb_credentials->GetStaticBox(), wxID_ANY, _("Use the following &certificate:"), wxDefaultPosition, wxDefaultSize, 0 );
m_cert_select->SetToolTip( _("Select if you need to provide a client certificate when connecting") );
sb_cert_select->Add( m_cert_select, 0, wxEXPAND, 5 );
wxArrayString m_cert_select_valChoices;
m_cert_select_val = new wxChoice( sb_credentials->GetStaticBox(), wxID_ANY, wxDefaultPosition, wxDefaultSize, m_cert_select_valChoices, wxCB_SORT );
m_cert_select_val->SetSelection( 0 );
m_cert_select_val->SetToolTip( _("Client certificate to use for authentication") );
sb_cert_select->Add( m_cert_select_val, 1, wxEXPAND, 5 );
sb_cert_radio->Add( sb_cert_select, 1, wxEXPAND, 5 );
sb_credentials_vert->Add( sb_cert_radio, 0, wxEXPAND|wxALL, 5 );
wxBoxSizer* sb_identity;
sb_identity = new wxBoxSizer( wxVERTICAL );
m_identity_label = new wxStaticText( sb_credentials->GetStaticBox(), wxID_ANY, _("Custom &identity:"), wxDefaultPosition, wxDefaultSize, 0 );
m_identity_label->Wrap( -1 );
sb_identity->Add( m_identity_label, 0, wxBOTTOM, 5 );
m_identity = new wxTextCtrl( sb_credentials->GetStaticBox(), wxID_ANY, wxEmptyString, wxDefaultPosition, wxDefaultSize, 0 );
m_identity->SetToolTip( _("Your identity (username@domain) to override one from certificate; or blank to use one provided in certificate") );
sb_identity->Add( m_identity, 0, wxEXPAND|wxBOTTOM, 5 );
m_identity_note = new wxStaticText( sb_credentials->GetStaticBox(), wxID_ANY, _("(Example: user@contoso.com)"), wxDefaultPosition, wxDefaultSize, 0 );
m_identity_note->Wrap( -1 );
sb_identity->Add( m_identity_note, 0, wxALIGN_RIGHT, 5 );
sb_credentials_vert->Add( sb_identity, 1, wxEXPAND|wxALL, 5 );
m_remember = new wxCheckBox( sb_credentials->GetStaticBox(), wxID_ANY, _("&Remember"), wxDefaultPosition, wxDefaultSize, 0 );
m_remember->SetHelpText( _("Check if you would like to save certificate selection") );
sb_credentials_vert->Add( m_remember, 0, wxALL|wxEXPAND, 5 );
sb_credentials_horiz->Add( sb_credentials_vert, 1, wxEXPAND, 5 );
sb_credentials->Add( sb_credentials_horiz, 0, wxEXPAND, 5 );
this->SetSizer( sb_credentials );
this->Layout();
}
wxTLSCredentialsPanelBase::~wxTLSCredentialsPanelBase()
{
}

3518
lib/TLS_UI/res/wxTLS_UI.fbp
View File

File diff suppressed because it is too large Load Diff

3
lib/TLS_UI/res/wxTLS_UI.h
View File

@@ -80,6 +80,9 @@ class wxTLSCredentialsPanelBase : public wxPanel
wxRadioButton* m_cert_none;
wxRadioButton* m_cert_select;
wxChoice* m_cert_select_val;
wxStaticText* m_identity_label;
wxTextCtrl* m_identity;
wxStaticText* m_identity_note;
wxCheckBox* m_remember;
public:

1254
lib/TLS_UI/src/TLS_UI.cpp
View File

File diff suppressed because it is too large Load Diff

22
lib/TTLS/include/Method.h
View File

@@ -57,11 +57,11 @@ namespace eap
///
/// Constructs an EAP method
///
/// \param[in] mod EAP module to use for global services
/// \param[in] cfg Providers configuration
/// \param[in] mod EAP module to use for global services
/// \param[in] cfg Connection configuration
/// \param[in] cred User credentials
///
method_ttls(_In_ module &module, _In_ config_provider_list &cfg, _In_ credentials_ttls &cred);
method_ttls(_In_ module &module, _In_ config_connection &cfg, _In_ credentials_ttls &cred);
///
/// Moves an EAP method
@@ -112,6 +112,9 @@ namespace eap
/// @}
protected:
#if EAP_TLS < EAP_TLS_SCHANNEL
///
/// Generates master session key
///
@@ -119,7 +122,18 @@ namespace eap
///
virtual void derive_msk();
protected:
#else
///
/// Processes an application message
///
/// \param[in] msg Application message data
/// \param[in] size_msg Application message data size
///
virtual void process_application_data(_In_bytecount_(size_msg) const void *msg, _In_ size_t size_msg);
#endif
///
/// Makes a PAP client message
///

2
lib/TTLS/include/Module.h
View File

@@ -221,7 +221,7 @@ namespace eap
{}
public:
config_provider_list m_cfg; ///< Providers configuration
config_connection m_cfg; ///< Connection configuration
credentials_ttls m_cred; ///< User credentials
method_ttls m_method; ///< EAP-TTLS method
};

4
lib/TTLS/src/Credentials.cpp
View File

@@ -189,6 +189,8 @@ void eap::credentials_ttls::operator>>(_Inout_ cursor_in &cursor)
void eap::credentials_ttls::store(_In_z_ LPCTSTR pszTargetName) const
{
assert(0); // Not that we would ever store inner&outer credentials to Windows Credential Manager joined, but for completness sake... Here we go:
credentials_tls::store(pszTargetName);
if (m_inner)
@@ -198,6 +200,8 @@ void eap::credentials_ttls::store(_In_z_ LPCTSTR pszTargetName) const
void eap::credentials_ttls::retrieve(_In_z_ LPCTSTR pszTargetName)
{
assert(0); // Not that we would ever retrieve inner&outer credentials to Windows Credential Manager joined, but for completness sake... Here we go:
credentials_tls::retrieve(pszTargetName);
if (m_inner)

74
lib/TTLS/src/Method.cpp
View File

@@ -28,7 +28,7 @@ using namespace winstd;
// eap::method_ttls
//////////////////////////////////////////////////////////////////////
eap::method_ttls::method_ttls(_In_ module &module, _In_ config_provider_list &cfg, _In_ credentials_ttls &cred) :
eap::method_ttls::method_ttls(_In_ module &module, _In_ config_connection &cfg, _In_ credentials_ttls &cred) :
m_cred(cred),
m_version(version_0),
method_tls(module, cfg, cred)
@@ -72,6 +72,7 @@ void eap::method_ttls::process_request_packet(
// Do the TLS.
method_tls::process_request_packet(pReceivedPacket, dwReceivedPacketSize, pEapOutput);
#if EAP_TLS < EAP_TLS_SCHANNEL
if (m_phase == phase_application_data) {
// Send inner authentication.
if (!m_state_client.m_alg_encrypt)
@@ -84,10 +85,8 @@ void eap::method_ttls::process_request_packet(
m_packet_res.m_flags = 0;
sanitizing_blob msg_application(make_message(tls_message_type_application_data, make_pap_client()));
m_packet_res.m_data.insert(m_packet_res.m_data.end(), msg_application.begin(), msg_application.end());
pEapOutput->fAllowNotifications = FALSE;
pEapOutput->action = EapPeerMethodResponseActionSend;
}
#endif
}
@@ -126,13 +125,25 @@ void eap::method_ttls::get_result(
case EapPeerMethodResultFailure:
m_module.log_event(&EAPMETHOD_TTLS_INNER_FAILURE, event_data((unsigned int)eap_type_ttls), event_data::blank);
cfg_method->m_inner->m_auth_failed = true;
// Mark credentials as failed, so GUI can re-prompt user.
// But be careful: do so only if this happened after transition from handshake to application data phase.
cfg_method->m_inner->m_auth_failed = m_phase_prev < phase_application_data;
break;
default:
throw win_runtime_error(ERROR_NOT_SUPPORTED, __FUNCTION__ " Not supported.");
}
#if EAP_TLS >= EAP_TLS_SCHANNEL
// EAP-TTLS uses different label in PRF for MSK derivation than EAP-TLS.
static const DWORD s_key_id = 0x01; // EAP-TTLSv0 Keying Material
static const SecPkgContext_EapPrfInfo s_prf_info = { 0, sizeof(s_key_id), (PBYTE)&s_key_id };
SECURITY_STATUS status = SetContextAttributes(m_sc_ctx, SECPKG_ATTR_EAP_PRF_INFO, (void*)&s_prf_info, sizeof(s_prf_info));
if (FAILED(status))
throw sec_runtime_error(status, __FUNCTION__ "Error setting EAP-TTLS PRF in Schannel.");
#endif
// The TLS was OK.
method_tls::get_result(EapPeerMethodResultSuccess, ppResult);
@@ -146,6 +157,8 @@ void eap::method_ttls::get_result(
}
#if EAP_TLS < EAP_TLS_SCHANNEL
void eap::method_ttls::derive_msk()
{
//
@@ -179,6 +192,57 @@ void eap::method_ttls::derive_msk()
_key_block += sizeof(tls_random);
}
#else
void eap::method_ttls::process_application_data(_In_bytecount_(size_msg) const void *msg, _In_ size_t size_msg)
{
UNREFERENCED_PARAMETER(msg);
UNREFERENCED_PARAMETER(size_msg);
// Prepare inner authentication.
if (!(m_sc_ctx.m_attrib & ISC_RET_CONFIDENTIALITY))
throw runtime_error(__FUNCTION__ " Refusing to send credentials unencrypted.");
m_module.log_event(&EAPMETHOD_TTLS_INNER_CRED, event_data((unsigned int)eap_type_ttls), event_data(m_cred.m_inner->get_name()), event_data::blank);
SECURITY_STATUS status;
// Get maximum message sizes.
SecPkgContext_StreamSizes sizes;
status = QueryContextAttributes(m_sc_ctx, SECPKG_ATTR_STREAM_SIZES, &sizes);
if (FAILED(status))
throw sec_runtime_error(status, __FUNCTION__ " Error getting Schannel required encryption sizes.");
// Make PAP message.
sanitizing_blob msg_pap(make_pap_client());
assert(msg_pap.size() < sizes.cbMaximumMessage);
unsigned long size_data = std::min<unsigned long>(sizes.cbMaximumMessage, (unsigned long)msg_pap.size()); // Truncate
sanitizing_blob data(sizes.cbHeader + size_data + sizes.cbTrailer, 0);
memcpy(data.data() + sizes.cbHeader, msg_pap.data(), size_data);
// Prepare input/output buffer(s).
SecBuffer buf[] = {
{ sizes.cbHeader, SECBUFFER_STREAM_HEADER , data.data() },
{ size_data, SECBUFFER_DATA , data.data() + sizes.cbHeader },
{ sizes.cbTrailer, SECBUFFER_STREAM_TRAILER, data.data() + sizes.cbHeader + size_data },
{ 0, SECBUFFER_EMPTY , NULL },
};
SecBufferDesc buf_desc = {
SECBUFFER_VERSION,
_countof(buf),
buf
};
// Encrypt the message.
status = EncryptMessage(m_sc_ctx, 0, &buf_desc, 0);
if (FAILED(status))
throw sec_runtime_error(status, __FUNCTION__ " Error encrypting message.");
m_packet_res.m_data.insert(m_packet_res.m_data.end(), (const unsigned char*)buf[0].pvBuffer, (const unsigned char*)buf[0].pvBuffer + buf[0].cbBuffer + buf[1].cbBuffer + buf[2].cbBuffer);
}
#endif
eap::sanitizing_blob eap::method_ttls::make_pap_client() const
{

2
lib/TTLS/src/Module.cpp
View File

@@ -74,7 +74,7 @@ void eap::peer_ttls::get_identity(
assert(ppwszIdentity);
// Unpack configuration.
config_provider_list cfg(*this);
config_connection cfg(*this);
unpack(cfg, pConnectionData, dwConnectionDataSize);
if (cfg.m_providers.empty() || cfg.m_providers.front().m_methods.empty())
throw invalid_argument(__FUNCTION__ " Configuration has no providers and/or methods.");

1
lib/TTLS/src/StdAfx.h
View File

@@ -30,3 +30,4 @@
#include <WinStd/EAP.h>
#include <EapHostError.h>
#include <schannel.h>

2
lib/TTLS_UI/res/wxTTLS_UI.cpp
View File

@@ -32,7 +32,7 @@ wxTTLSConfigPanelBase::wxTTLSConfigPanelBase( wxWindow* parent, wxWindowID id, c
wxBoxSizer* sb_outer_identity_radio;
sb_outer_identity_radio = new wxBoxSizer( wxVERTICAL );
m_outer_identity_same = new wxRadioButton( sb_outer_identity->GetStaticBox(), wxID_ANY, _("&Same as inner identity"), wxDefaultPosition, wxDefaultSize, wxRB_GROUP );
m_outer_identity_same = new wxRadioButton( sb_outer_identity->GetStaticBox(), wxID_ANY, _("&True identity"), wxDefaultPosition, wxDefaultSize, wxRB_GROUP );
m_outer_identity_same->SetToolTip( _("Use my true user name") );
sb_outer_identity_radio->Add( m_outer_identity_same, 1, wxEXPAND, 5 );

2
lib/TTLS_UI/res/wxTTLS_UI.fbp
View File

@@ -309,7 +309,7 @@
<property name="gripper">0</property>
<property name="hidden">0</property>
<property name="id">wxID_ANY</property>
<property name="label">&amp;Same as inner identity</property>
<property name="label">&amp;True identity</property>
<property name="max_size"></property>
<property name="maximize_button">0</property>
<property name="maximum_size"></property>

12
lib/TTLS_UI/src/Module.cpp
View File

@@ -48,7 +48,7 @@ void eap::peer_ttls_ui::config_xml2blob(
UNREFERENCED_PARAMETER(dwFlags);
// Load configuration from XML.
config_provider_list cfg(*this);
config_connection cfg(*this);
cfg.load(pConfigRoot);
// Pack configuration.
@@ -66,7 +66,7 @@ void eap::peer_ttls_ui::config_blob2xml(
UNREFERENCED_PARAMETER(dwFlags);
// Unpack configuration.
config_provider_list cfg(*this);
config_connection cfg(*this);
unpack(cfg, pConnectionData, dwConnectionDataSize);
// Save configuration to XML.
@@ -82,7 +82,7 @@ void eap::peer_ttls_ui::invoke_config_ui(
_Inout_ DWORD *pdwConnectionDataOutSize)
{
// Unpack configuration.
config_provider_list cfg(*this);
config_connection cfg(*this);
if (dwConnectionDataInSize) {
// Load existing configuration.
unpack(cfg, pConnectionDataIn, dwConnectionDataInSize);
@@ -112,7 +112,7 @@ void eap::peer_ttls_ui::invoke_config_ui(
{
// Create wxWidget-approved parent window.
wxWindow parent;
parent.SetHWND((WXHWND)hwndParent);
parent.SetHWND((WXHWND)(hwndParent ? hwndParent : GetForegroundWindow()));
parent.AdoptAttributesFromHWND();
wxTopLevelWindows.Append(&parent);
@@ -148,7 +148,7 @@ void eap::peer_ttls_ui::invoke_identity_ui(
assert(ppwszIdentity);
// Unpack configuration.
config_provider_list cfg(*this);
config_connection cfg(*this);
unpack(cfg, pConnectionData, dwConnectionDataSize);
if (cfg.m_providers.empty() || cfg.m_providers.front().m_methods.empty())
throw invalid_argument(__FUNCTION__ " Configuration has no providers and/or methods.");
@@ -204,7 +204,7 @@ void eap::peer_ttls_ui::invoke_identity_ui(
{
// Create wxWidget-approved parent window.
wxWindow parent;
parent.SetHWND((WXHWND)hwndParent);
parent.SetHWND((WXHWND)(hwndParent ? hwndParent : GetForegroundWindow()));
parent.AdoptAttributesFromHWND();
wxTopLevelWindows.Append(&parent);

2
lib/WinStd

Submodule lib/WinStd updated: f94b72379e...54ab70b263

2
output/Setup/.gitignore vendored
View File

@@ -1 +1,3 @@
/GEANTLink*.msi
/CredWrite.exe
/MsiUseFeature.exe