Amebis/GEANTLink
1
1
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases 50 Wiki Activity

Compare commits

base: Amebis:1.0-alpha6
Branches Tags
Amebis:master Amebis:ver1.0 Amebis:ver1.1
Amebis:1.3g Amebis:1.3f Amebis:1.3e Amebis:1.3d Amebis:1.3c Amebis:1.3b Amebis:1.3a Amebis:1.3 Amebis:1.2g Amebis:1.2f Amebis:1.1h Amebis:1.0i Amebis:1.2e Amebis:1.1g Amebis:1.0h Amebis:1.2d Amebis:1.1f Amebis:1.0g Amebis:1.2c Amebis:1.1e Amebis:1.0f Amebis:1.2b Amebis:1.1d Amebis:1.0e Amebis:1.2a Amebis:1.1c Amebis:1.0d Amebis:1.2 Amebis:1.1b Amebis:1.0c Amebis:1.2-beta2 Amebis:1.2-beta1 Amebis:1.2-beta Amebis:1.1a Amebis:1.0b Amebis:1.1 Amebis:1.1-beta2 Amebis:1.1-beta1 Amebis:1.0a Amebis:1.1-beta Amebis:1.0 Amebis:1.0-beta8 Amebis:1.0-beta7 Amebis:1.0-beta6 Amebis:1.0-beta5 Amebis:1.0-beta4 Amebis:1.0-beta3 Amebis:1.0-beta2 Amebis:1.0-beta1 Amebis:1.0-beta Amebis:1.0-alpha17 Amebis:1.0-alpha16 Amebis:1.0-alpha15 Amebis:1.0-alpha14 Amebis:1.0-alpha13 Amebis:1.0-alpha12 Amebis:1.0-alpha11 Amebis:1.0-alpha10 Amebis:1.0-alpha10-owntls Amebis:1.0-alpha9 Amebis:1.0-alpha8 Amebis:1.0-alpha7 Amebis:1.0-alpha6 Amebis:1.0-alpha5 Amebis:1.0-alpha4 Amebis:1.0-alpha3 Amebis:1.0-alpha2 Amebis:1.0-alpha1 Amebis:1.0-alpha0
..
compare: Amebis:1.0-alpha10-owntls
Branches Tags
Amebis:master Amebis:ver1.0 Amebis:ver1.1
Amebis:1.3g Amebis:1.3f Amebis:1.3e Amebis:1.3d Amebis:1.3c Amebis:1.3b Amebis:1.3a Amebis:1.3 Amebis:1.2g Amebis:1.2f Amebis:1.1h Amebis:1.0i Amebis:1.2e Amebis:1.1g Amebis:1.0h Amebis:1.2d Amebis:1.1f Amebis:1.0g Amebis:1.2c Amebis:1.1e Amebis:1.0f Amebis:1.2b Amebis:1.1d Amebis:1.0e Amebis:1.2a Amebis:1.1c Amebis:1.0d Amebis:1.2 Amebis:1.1b Amebis:1.0c Amebis:1.2-beta2 Amebis:1.2-beta1 Amebis:1.2-beta Amebis:1.1a Amebis:1.0b Amebis:1.1 Amebis:1.1-beta2 Amebis:1.1-beta1 Amebis:1.0a Amebis:1.1-beta Amebis:1.0 Amebis:1.0-beta8 Amebis:1.0-beta7 Amebis:1.0-beta6 Amebis:1.0-beta5 Amebis:1.0-beta4 Amebis:1.0-beta3 Amebis:1.0-beta2 Amebis:1.0-beta1 Amebis:1.0-beta Amebis:1.0-alpha17 Amebis:1.0-alpha16 Amebis:1.0-alpha15 Amebis:1.0-alpha14 Amebis:1.0-alpha13 Amebis:1.0-alpha12 Amebis:1.0-alpha11 Amebis:1.0-alpha10 Amebis:1.0-alpha10-owntls Amebis:1.0-alpha9 Amebis:1.0-alpha8 Amebis:1.0-alpha7 Amebis:1.0-alpha6 Amebis:1.0-alpha5 Amebis:1.0-alpha4 Amebis:1.0-alpha3 Amebis:1.0-alpha2 Amebis:1.0-alpha1 Amebis:1.0-alpha0

29 Commits
1.0-alpha6 ... 1.0-alpha1

Author SHA1 Message Date
Simon Rozman
e4c3f5cbd8 Version set to 1.0-alpha10-owntls 2016-08-23 14:52:26 +02:00
Simon Rozman
1df98af5a1 Event descriptors updated 2016-08-23 14:48:47 +02:00
Simon Rozman
3cbd749966 Sub-module update 2016-08-23 14:46:06 +02:00
Simon Rozman
2125679385 Server certificate name check extended to search for the name in the subjectAltName(2) extension first; only when none present, compares against Common Name 2016-08-23 14:43:07 +02:00
Simon Rozman
fb5d969c2b Support for the wild-char certificate names dropped 2016-08-23 14:42:43 +02:00
Simon Rozman
f39cb94ee5 Server names can be Unicode now 2016-08-23 14:42:11 +02:00
Simon Rozman
59768e8097 Cipher suite list size is now in number of elements, not bytes 2016-08-23 14:41:25 +02:00
Simon Rozman
5720524abe Version set to 1.0-alpha9 2016-08-18 06:33:02 +02:00
Simon Rozman
1f1b9b1084 GUI boots with a predefined configuration on new profiles now 
(closes #10)
 2016-08-18 06:31:16 +02:00
Simon Rozman
076c6b77d7 GUI updated to show "<Your Provider>" when provider ID is blank 2016-08-18 06:30:02 +02:00
Simon Rozman
92460c571f Initial focus changed to the first non-mouse-wheel-capturing control to allow initial scrolling of the configuration dialog using mouse wheel 2016-08-17 16:42:19 +02:00
Simon Rozman
b79a2f26f6 Support for read-only lock added to GUI 2016-08-17 16:27:43 +02:00
Simon Rozman
373c83dbbe Provider identity and help-desk is configurable via GUI now 2016-08-17 15:56:11 +02:00
Simon Rozman
543dada025 Provider and method lists are arrays now, to allow random access for configuration dialog coming-up 2016-08-17 14:47:15 +02:00
Simon Rozman
ce22ec3bfa wxEAPCredentialsPanelPassBase >> wxEAPCredentialsPassPanelBase 2016-08-17 13:48:14 +02:00
Simon Rozman
a04647b7b5 Version set to 1.0-alpha8 2016-08-17 11:51:36 +02:00
Simon Rozman
df1d431bd0 - TLS revised (again) 
- TLS Session resumption issues resolved
- Credential prompt has "Remember" checkbox initially selected when credentials originate from Windows Credential Manager
- Last authentication attempt failure notice is more general and no longer insinuate user credentials are the likely cause of the failure
- Additional log messages added
 2016-08-17 11:50:34 +02:00
Simon Rozman
16527c8124 Client explicitly refuses to accept change cipher spec if no or NULL cipher was proposed now 2016-08-17 09:32:43 +02:00
Simon Rozman
69e6b775f8 Hello requests are no longer included in the handshake hashing (as per RFC) 2016-08-17 09:29:55 +02:00
Simon Rozman
c69316071f Support for encrypted change cipher spec messages added 2016-08-17 09:26:46 +02:00
Simon Rozman
a02d1e7094 Explicit checks on server certificate chain added: 
- Certificate can not be self-signed: Cannot check trust against configured root CAs when server certificate is self-signed
- Server can provide full certificate chain up-to and including root CA. Importing root CA to the store for certificate chain validation would implicitly trust this certificate chain. Thus, we skip all self-signed certificates on import.
 2016-08-17 09:22:38 +02:00
Simon Rozman
078636eb14 make_change_chiper_spec() removed as this message can simply be created using make_message() 2016-08-17 09:09:42 +02:00
Simon Rozman
cabae26e0b Flags describing handshake messages received assembled in a boolean table of flags 2016-08-17 09:01:11 +02:00
Simon Rozman
7376693838 Additional constants 2016-08-17 08:34:25 +02:00
Simon Rozman
a5b3914a09 Comments and some minor clean-up 2016-08-16 22:27:30 +02:00
Simon Rozman
8beb7bd27a Version set to 1.0-alpha7 2016-08-16 16:59:03 +02:00
Simon Rozman
00dd1277c5 Switched to the new key import method, as the old one had issues with PROV_RSA_AES crystallographic provider 2016-08-16 16:55:18 +02:00
Simon Rozman
e9839706b6 TLS clean-up 2016-08-16 16:44:19 +02:00
Simon Rozman
f5b03bc0bf Annotation update 2016-08-16 10:39:42 +02:00
38 changed files with 7953 additions and 5643 deletions
Expand all files Collapse all files

10
include/Version.h
View File

@@ -29,7 +29,7 @@
// Product version as a single DWORD // Product version as a single DWORD
// Note: Used for version comparison within C/C++ code. // Note: Used for version comparison within C/C++ code.
// //
#define PRODUCT_VERSION 0x00ff0600 #define PRODUCT_VERSION 0x00ff0a00
// //
// Product version by components // Product version by components
@@ -39,26 +39,26 @@
// //
#define PRODUCT_VERSION_MAJ 0 #define PRODUCT_VERSION_MAJ 0
#define PRODUCT_VERSION_MIN 255 #define PRODUCT_VERSION_MIN 255
#define PRODUCT_VERSION_REV 6 #define PRODUCT_VERSION_REV 10
#define PRODUCT_VERSION_BUILD 0 #define PRODUCT_VERSION_BUILD 0
// //
// Human readable product version and build year for UI // Human readable product version and build year for UI
// //
#define PRODUCT_VERSION_STR "1.0-alpha6" #define PRODUCT_VERSION_STR "1.0-alpha10-owntls"
#define PRODUCT_BUILD_YEAR_STR "2016" #define PRODUCT_BUILD_YEAR_STR "2016"
// //
// Numerical version presentation for ProductVersion propery in // Numerical version presentation for ProductVersion propery in
// MSI packages (syntax: N.N[.N[.N]]) // MSI packages (syntax: N.N[.N[.N]])
// //
#define PRODUCT_VERSION_INST "0.255.6" #define PRODUCT_VERSION_INST "0.255.10"
// //
// The product code for ProductCode property in MSI packages // The product code for ProductCode property in MSI packages
// Replace with new on every version change, regardless how minor it is. // Replace with new on every version change, regardless how minor it is.
// //
#define PRODUCT_VERSION_GUID "{BC83D8A6-59FB-4DD9-87F7-CCA4822EE432}" #define PRODUCT_VERSION_GUID "{C3675615-0D70-47C7-9BCB-B683A77C6ED6}"
// //
// Since the product name is not finally confirmed at the time of // Since the product name is not finally confirmed at the time of

7
lib/EAPBase/include/Config.h
View File

@@ -89,7 +89,6 @@ inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ eap::config &val);
#include <eaptypes.h> // Must include after <Windows.h> #include <eaptypes.h> // Must include after <Windows.h>
#include <tchar.h> #include <tchar.h>
#include <list>
#include <string> #include <string>
#include <memory> #include <memory>
@@ -342,7 +341,7 @@ namespace eap
bool m_allow_save; ///< Are credentials allowed to be saved to Windows Credential Manager? bool m_allow_save; ///< Are credentials allowed to be saved to Windows Credential Manager?
bool m_use_preshared; ///< Use pre-shared credentials bool m_use_preshared; ///< Use pre-shared credentials
std::unique_ptr<credentials> m_preshared; ///< Pre-shared credentials std::unique_ptr<credentials> m_preshared; ///< Pre-shared credentials
bool m_cred_failed; ///< Did credential fail last time? bool m_auth_failed; ///< Did credential fail last time?
}; };
@@ -451,7 +450,7 @@ namespace eap
winstd::tstring m_lbl_alt_credential; ///< Alternative label for credential prompt winstd::tstring m_lbl_alt_credential; ///< Alternative label for credential prompt
winstd::tstring m_lbl_alt_identity; ///< Alternative label for identity prompt winstd::tstring m_lbl_alt_identity; ///< Alternative label for identity prompt
winstd::tstring m_lbl_alt_password; ///< Alternative label for password prompt winstd::tstring m_lbl_alt_password; ///< Alternative label for password prompt
std::list<std::unique_ptr<config_method> > m_methods; ///< List of method configurations std::vector<std::unique_ptr<config_method> > m_methods; ///< Array of method configurations
}; };
@@ -551,7 +550,7 @@ namespace eap
/// @} /// @}
public: public:
std::list<eap::config_provider> m_providers; ///< List of provider configurations std::vector<eap::config_provider> m_providers; ///< Array of provider configurations
}; };
} }

32
lib/EAPBase/include/Credentials.h
View File

@@ -54,6 +54,18 @@ namespace eap
{ {
class credentials : public config class credentials : public config
{ {
public:
///
/// Credential source when combined
///
enum source_t {
source_unknown = -1, ///< Unknown source
source_cache = 0, ///< Credentials were obtained from EAPHost cache
source_preshared, ///< Credentials were set by method configuration
source_storage ///< Credentials were loaded from Windows Credential Manager
};
public: public:
/// ///
/// Constructs credentials /// Constructs credentials
@@ -158,26 +170,6 @@ namespace eap
/// Returns credential name (for GUI display). /// Returns credential name (for GUI display).
/// ///
virtual winstd::tstring get_name() const; virtual winstd::tstring get_name() const;
///
/// Combine credentials in the following order:
///
/// 1. Cached credentials
/// 2. Pre-configured credentials
/// 3. Stored credentials
///
/// \param[in] cred_cached Cached credentials (optional, can be \c NULL)
/// \param[in] cfg Method configuration
/// \param[in] pszTargetName The name in Windows Credential Manager to retrieve credentials from (optional, can be \c NULL)
///
/// \returns
/// - \c true if credentials were set;
/// - \c false otherwise
///
virtual bool combine(
_In_ const credentials *cred_cached,
_In_ config_method_with_cred &cfg,
_In_opt_z_ LPCTSTR pszTargetName);
}; };

233
lib/EAPBase/include/EAP.h
View File

@@ -57,6 +57,25 @@ namespace eap
/// ///
typedef std::vector<unsigned char, winstd::sanitizing_allocator<unsigned char> > sanitizing_blob; typedef std::vector<unsigned char, winstd::sanitizing_allocator<unsigned char> > sanitizing_blob;
///
/// Sanitizing BLOB of fixed size
///
template<size_t N> struct sanitizing_blob_f;
///
/// Sanitizing BLOB of fixed size (zero initialized)
///
template<size_t N> struct sanitizing_blob_zf;
///
/// Sanitizing BLOB of fixed size (zero initialized in _DEBUG version)
///
#ifdef _DEBUG
#define sanitizing_blob_xf sanitizing_blob_zf
#else
#define sanitizing_blob_xf sanitizing_blob_f
#endif
/// ///
/// Diameter AVP flags /// Diameter AVP flags
/// ///
@@ -347,6 +366,31 @@ inline size_t pksizeof(const winstd::eap_type_t &val);
/// ///
inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ winstd::eap_type_t &val); inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ winstd::eap_type_t &val);
///
/// Packs a BLOB
///
/// \param[inout] cursor Memory cursor
/// \param[in] val Variable with data to pack
///
template<size_t N> inline void operator<<(_Inout_ eap::cursor_out &cursor, _In_ const eap::sanitizing_blob_f<N> &val);
///
/// Returns packed size of a BLOB
///
/// \param[in] val Data to pack
///
/// \returns Size of data when packed (in bytes)
///
template<size_t N> inline size_t pksizeof(_In_ const eap::sanitizing_blob_f<N> &val);
///
/// Unpacks a BLOB
///
/// \param[inout] cursor Memory cursor
/// \param[out] val Variable to receive unpacked value
///
template<size_t N> inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ eap::sanitizing_blob_f<N> &val);
#ifndef htonll #ifndef htonll
/// ///
/// Convert host converts an unsigned __int64 from host to TCP/IP network byte order. /// Convert host converts an unsigned __int64 from host to TCP/IP network byte order.
@@ -381,6 +425,167 @@ namespace eap
}; };
#pragma pack(push)
#pragma pack(1)
template<size_t N>
struct __declspec(novtable) sanitizing_blob_f<N>
{
unsigned char data[N]; ///< BLOB data
///
/// Constructor
///
inline sanitizing_blob_f()
{
}
///
/// Copies a BLOB
///
/// \param[in] other BLOB to copy from
///
inline sanitizing_blob_f(_In_ const sanitizing_blob_f<N> &other)
{
memcpy(data, other.data, N);
}
///
/// Moves the BLOB
///
/// \param[inout] other Zero-initialized BLOB to move from
///
inline sanitizing_blob_f(_Inout_ sanitizing_blob_zf<N> &&other)
{
memcpy(data, other.data, N);
memset(other.data, 0, N);
}
///
/// Destructor
///
inline ~sanitizing_blob_f()
{
SecureZeroMemory(data, N);
}
///
/// Copies a BLOB
///
/// \param[in] other BLOB to copy from
///
/// \returns Reference to this object
///
inline sanitizing_blob_f& operator=(_In_ const sanitizing_blob_f<N> &other)
{
if (this != std::addressof(other))
memcpy(data, other.data, N);
return *this;
}
///
/// Moves the BLOB
///
/// \param[inout] other Zero-initialized BLOB to copy from
///
/// \returns Reference to this object
///
inline sanitizing_blob_f& operator=(_Inout_ sanitizing_blob_zf<N> &&other)
{
if (this != std::addressof(other)) {
memcpy(data, other.data, N);
memset(other.data, 0, N);
}
return *this;
}
///
/// Is BLOB not equal to?
///
/// \param[in] other BLOB to compare against
///
/// \returns
/// - \c true when BLOBs are not equal;
/// - \c false otherwise
///
inline bool operator!=(_In_ const sanitizing_blob_f<N> &other) const
{
return !operator==(other);
}
///
/// Is BLOB equal to?
///
/// \param[in] other BLOB to compare against
///
/// \returns
/// - \c true when BLOBs are equal;
/// - \c false otherwise
///
inline bool operator==(_In_ const sanitizing_blob_f<N> &other) const
{
for (size_t i = 0; i < N; i++)
if (data[i] != other.data[i]) return false;
return true;
}
///
/// Is BLOB empty?
///
/// \returns
/// - \c true when BLOB is all-zero;
/// - \c false otherwise
///
inline bool empty() const
{
for (size_t i = 0; i < N; i++)
if (data[i]) return false;
return true;
}
///
/// Zero the BLOB
///
inline void clear()
{
memset(data, 0, N);
}
};
template<size_t N>
struct __declspec(novtable) sanitizing_blob_zf<N> : sanitizing_blob_f<N>
{
///
/// Constructor
///
inline sanitizing_blob_zf() : sanitizing_blob_f<N>()
{
memset(data, 0, N);
}
///
/// Copies a BLOB
///
/// \param[in] other BLOB to copy from
///
inline sanitizing_blob_zf(_In_ const sanitizing_blob_f<N> &other) :
sanitizing_blob_f<N>(other)
{
}
///
/// Moves the BLOB
///
/// \param[inout] other Zero-initialized BLOB to move from
///
inline sanitizing_blob_zf(_Inout_ sanitizing_blob_zf<N> &&other) :
sanitizing_blob_f<N>(std::move(other))
{
}
};
#pragma pack(pop)
#pragma warning(suppress: 4480) #pragma warning(suppress: 4480)
enum diameter_avp_flags_t : unsigned char { enum diameter_avp_flags_t : unsigned char {
diameter_avp_flag_vendor = 0x80, ///< Vendor-ID present diameter_avp_flag_vendor = 0x80, ///< Vendor-ID present
@@ -742,6 +947,34 @@ inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ winstd::eap_type_t
} }
template<size_t N>
inline void operator<<(_Inout_ eap::cursor_out &cursor, _In_ const eap::sanitizing_blob_f<N> &val)
{
eap::cursor_out::ptr_type ptr_end = cursor.ptr + sizeof(eap::sanitizing_blob_f<N>);
assert(ptr_end <= cursor.ptr_end);
memcpy(cursor.ptr, val.data, sizeof(eap::sanitizing_blob_f<N>));
cursor.ptr = ptr_end;
}
template<size_t N>
inline size_t pksizeof(_In_ const eap::sanitizing_blob_f<N> &val)
{
UNREFERENCED_PARAMETER(val);
return sizeof(eap::sanitizing_blob_f<N>);
}
template<size_t N>
inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ eap::sanitizing_blob_f<N> &val)
{
eap::cursor_in::ptr_type ptr_end = cursor.ptr + sizeof(eap::sanitizing_blob_f<N>);
assert(ptr_end <= cursor.ptr_end);
memcpy(val.data, cursor.ptr, sizeof(eap::sanitizing_blob_f<N>));
cursor.ptr = ptr_end;
}
#ifndef htonll #ifndef htonll
inline unsigned __int64 htonll(unsigned __int64 val) inline unsigned __int64 htonll(unsigned __int64 val)

20
lib/EAPBase/include/Method.h
View File

@@ -56,12 +56,6 @@ namespace eap
/// ///
method(_In_ module &module, _In_ config_provider_list &cfg, _In_ credentials &cred); method(_In_ module &module, _In_ config_provider_list &cfg, _In_ credentials &cred);
///
/// Copies an EAP method
///
/// \param[in] other EAP method to copy from
///
method(_In_ const method &other);
/// ///
/// Moves an EAP method /// Moves an EAP method
@@ -70,15 +64,6 @@ namespace eap
/// ///
method(_Inout_ method &&other); method(_Inout_ method &&other);
///
/// Copies an EAP method
///
/// \param[in] other EAP method to copy from
///
/// \returns Reference to this object
///
method& operator=(_In_ const method &other);
/// ///
/// Moves an EAP method /// Moves an EAP method
/// ///
@@ -139,6 +124,11 @@ namespace eap
/// @} /// @}
private:
// This class is noncopyable.
method(_In_ const method &other);
method& operator=(_In_ const method &other);
public: public:
module &m_module; ///< EAP module module &m_module; ///< EAP module
config_provider_list &m_cfg; ///< Providers configuration config_provider_list &m_cfg; ///< Providers configuration

26
lib/EAPBase/src/Config.cpp
View File

@@ -139,7 +139,7 @@ eap::config_method& eap::config_method::operator=(_Inout_ config_method &&other)
eap::config_method_with_cred::config_method_with_cred(_In_ module &mod) : eap::config_method_with_cred::config_method_with_cred(_In_ module &mod) :
m_allow_save(true), m_allow_save(true),
m_use_preshared(false), m_use_preshared(false),
m_cred_failed(false), m_auth_failed(false),
config_method(mod) config_method(mod)
{ {
} }
@@ -149,7 +149,7 @@ eap::config_method_with_cred::config_method_with_cred(_In_ const config_method_w
m_allow_save(other.m_allow_save), m_allow_save(other.m_allow_save),
m_use_preshared(other.m_use_preshared), m_use_preshared(other.m_use_preshared),
m_preshared(other.m_preshared ? (credentials*)other.m_preshared->clone() : nullptr), m_preshared(other.m_preshared ? (credentials*)other.m_preshared->clone() : nullptr),
m_cred_failed(other.m_cred_failed), m_auth_failed(other.m_auth_failed),
config_method(other) config_method(other)
{ {
} }
@@ -159,7 +159,7 @@ eap::config_method_with_cred::config_method_with_cred(_Inout_ config_method_with
m_allow_save(std::move(other.m_allow_save)), m_allow_save(std::move(other.m_allow_save)),
m_use_preshared(std::move(other.m_use_preshared)), m_use_preshared(std::move(other.m_use_preshared)),
m_preshared(std::move(other.m_preshared)), m_preshared(std::move(other.m_preshared)),
m_cred_failed(std::move(other.m_cred_failed)), m_auth_failed(std::move(other.m_auth_failed)),
config_method(std::move(other)) config_method(std::move(other))
{ {
} }
@@ -172,7 +172,7 @@ eap::config_method_with_cred& eap::config_method_with_cred::operator=(_In_ const
m_allow_save = other.m_allow_save; m_allow_save = other.m_allow_save;
m_use_preshared = other.m_use_preshared; m_use_preshared = other.m_use_preshared;
m_preshared.reset(other.m_preshared ? (credentials*)other.m_preshared->clone() : nullptr); m_preshared.reset(other.m_preshared ? (credentials*)other.m_preshared->clone() : nullptr);
m_cred_failed = other.m_cred_failed; m_auth_failed = other.m_auth_failed;
} }
return *this; return *this;
@@ -186,7 +186,7 @@ eap::config_method_with_cred& eap::config_method_with_cred::operator=(_Inout_ co
m_allow_save = std::move(other.m_allow_save ); m_allow_save = std::move(other.m_allow_save );
m_use_preshared = std::move(other.m_use_preshared); m_use_preshared = std::move(other.m_use_preshared);
m_preshared = std::move(other.m_preshared ); m_preshared = std::move(other.m_preshared );
m_cred_failed = std::move(other.m_cred_failed ); m_auth_failed = std::move(other.m_auth_failed );
} }
return *this; return *this;
@@ -248,7 +248,7 @@ void eap::config_method_with_cred::operator<<(_Inout_ cursor_out &cursor) const
cursor << m_allow_save; cursor << m_allow_save;
cursor << m_use_preshared; cursor << m_use_preshared;
cursor << *m_preshared; cursor << *m_preshared;
cursor << m_cred_failed; cursor << m_auth_failed;
} }
@@ -259,7 +259,7 @@ size_t eap::config_method_with_cred::get_pk_size() const
pksizeof(m_allow_save ) + pksizeof(m_allow_save ) +
pksizeof(m_use_preshared) + pksizeof(m_use_preshared) +
pksizeof(*m_preshared ) + pksizeof(*m_preshared ) +
pksizeof(m_cred_failed ); pksizeof(m_auth_failed );
} }
@@ -269,7 +269,7 @@ void eap::config_method_with_cred::operator>>(_Inout_ cursor_in &cursor)
cursor >> m_allow_save; cursor >> m_allow_save;
cursor >> m_use_preshared; cursor >> m_use_preshared;
cursor >> *m_preshared; cursor >> *m_preshared;
cursor >> m_cred_failed; cursor >> m_auth_failed;
} }
@@ -296,7 +296,8 @@ eap::config_provider::config_provider(_In_ const config_provider &other) :
m_lbl_alt_password(other.m_lbl_alt_password), m_lbl_alt_password(other.m_lbl_alt_password),
config(other) config(other)
{ {
for (list<unique_ptr<config_method> >::const_iterator method = other.m_methods.cbegin(), method_end = other.m_methods.cend(); method != method_end; ++method) m_methods.reserve(other.m_methods.size());
for (vector<unique_ptr<config_method> >::const_iterator method = other.m_methods.cbegin(), method_end = other.m_methods.cend(); method != method_end; ++method)
m_methods.push_back(std::move(unique_ptr<config_method>(*method ? (config_method*)method->get()->clone() : nullptr))); m_methods.push_back(std::move(unique_ptr<config_method>(*method ? (config_method*)method->get()->clone() : nullptr)));
} }
@@ -332,7 +333,8 @@ eap::config_provider& eap::config_provider::operator=(_In_ const config_provider
m_lbl_alt_password = other.m_lbl_alt_password; m_lbl_alt_password = other.m_lbl_alt_password;
m_methods.clear(); m_methods.clear();
for (list<unique_ptr<config_method> >::const_iterator method = other.m_methods.cbegin(), method_end = other.m_methods.cend(); method != method_end; ++method) m_methods.reserve(other.m_methods.size());
for (vector<unique_ptr<config_method> >::const_iterator method = other.m_methods.cbegin(), method_end = other.m_methods.cend(); method != method_end; ++method)
m_methods.push_back(std::move(unique_ptr<config_method>(*method ? (config_method*)method->get()->clone() : nullptr))); m_methods.push_back(std::move(unique_ptr<config_method>(*method ? (config_method*)method->get()->clone() : nullptr)));
} }
@@ -432,7 +434,7 @@ void eap::config_provider::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pC
if (FAILED(hr = eapxml::create_element(pDoc, pConfigRoot, bstr(L"eap-metadata:AuthenticationMethods"), bstr(L"AuthenticationMethods"), bstrNamespace, &pXmlElAuthenticationMethods))) if (FAILED(hr = eapxml::create_element(pDoc, pConfigRoot, bstr(L"eap-metadata:AuthenticationMethods"), bstr(L"AuthenticationMethods"), bstrNamespace, &pXmlElAuthenticationMethods)))
throw com_runtime_error(hr, __FUNCTION__ " Error creating <AuthenticationMethods> element."); throw com_runtime_error(hr, __FUNCTION__ " Error creating <AuthenticationMethods> element.");
for (list<unique_ptr<config_method> >::const_iterator method = m_methods.cbegin(), method_end = m_methods.cend(); method != method_end; ++method) { for (vector<unique_ptr<config_method> >::const_iterator method = m_methods.cbegin(), method_end = m_methods.cend(); method != method_end; ++method) {
// <AuthenticationMethod> // <AuthenticationMethod>
com_obj<IXMLDOMElement> pXmlElAuthenticationMethod; com_obj<IXMLDOMElement> pXmlElAuthenticationMethod;
if (FAILED(hr = eapxml::create_element(pDoc, bstr(L"AuthenticationMethod"), bstrNamespace, &pXmlElAuthenticationMethod))) if (FAILED(hr = eapxml::create_element(pDoc, bstr(L"AuthenticationMethod"), bstrNamespace, &pXmlElAuthenticationMethod)))
@@ -669,7 +671,7 @@ void eap::config_provider_list::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNod
if (FAILED(hr = eapxml::select_node(pConfigRoot, bstr(L"eap-metadata:EAPIdentityProviderList"), &pXmlElIdentityProviderList))) if (FAILED(hr = eapxml::select_node(pConfigRoot, bstr(L"eap-metadata:EAPIdentityProviderList"), &pXmlElIdentityProviderList)))
throw com_runtime_error(hr, __FUNCTION__ " Error selecting <EAPIdentityProviderList> element."); throw com_runtime_error(hr, __FUNCTION__ " Error selecting <EAPIdentityProviderList> element.");
for (list<config_provider>::const_iterator provider = m_providers.cbegin(), provider_end = m_providers.cend(); provider != provider_end; ++provider) { for (vector<config_provider>::const_iterator provider = m_providers.cbegin(), provider_end = m_providers.cend(); provider != provider_end; ++provider) {
// <EAPIdentityProvider> // <EAPIdentityProvider>
com_obj<IXMLDOMElement> pXmlElIdentityProvider; com_obj<IXMLDOMElement> pXmlElIdentityProvider;
if (FAILED(hr = eapxml::create_element(pDoc, bstr(L"EAPIdentityProvider"), bstrNamespace, &pXmlElIdentityProvider))) if (FAILED(hr = eapxml::create_element(pDoc, bstr(L"EAPIdentityProvider"), bstrNamespace, &pXmlElIdentityProvider)))

13
lib/EAPBase/src/Credentials.cpp
View File

@@ -83,19 +83,6 @@ tstring eap::credentials::get_name() const
} }
bool eap::credentials::combine(
_In_ const credentials *cred_cached,
_In_ config_method_with_cred &cfg,
_In_opt_z_ LPCTSTR pszTargetName)
{
UNREFERENCED_PARAMETER(cred_cached);
UNREFERENCED_PARAMETER(cfg);
UNREFERENCED_PARAMETER(pszTargetName);
// When there's nothing to combine...
return true;
}
////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////
// eap::credentials_pass // eap::credentials_pass
////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////

20
lib/EAPBase/src/Method.cpp
View File

@@ -36,14 +36,6 @@ eap::method::method(_In_ module &module, _In_ config_provider_list &cfg, _In_ cr
} }
eap::method::method(_In_ const method &other) :
m_module(other.m_module),
m_cfg(other.m_cfg),
m_cred(other.m_cred)
{
}
eap::method::method(_Inout_ method &&other) : eap::method::method(_Inout_ method &&other) :
m_module(other.m_module), m_module(other.m_module),
m_cfg(other.m_cfg), m_cfg(other.m_cfg),
@@ -52,18 +44,6 @@ eap::method::method(_Inout_ method &&other) :
} }
eap::method& eap::method::operator=(_In_ const method &other)
{
if (this != std::addressof(other)) {
assert(std::addressof(m_module) == std::addressof(other.m_module)); // Copy method within same module only!
assert(std::addressof(m_cfg ) == std::addressof(other.m_cfg )); // Copy method with same configuration only!
assert(std::addressof(m_cred ) == std::addressof(other.m_cred )); // Copy method with same credentials only!
}
return *this;
}
eap::method& eap::method::operator=(_Inout_ method &&other) eap::method& eap::method::operator=(_Inout_ method &&other)
{ {
if (this != std::addressof(other)) { if (this != std::addressof(other)) {

229
lib/EAPBase_UI/include/EAP_UI.h
View File

@@ -20,6 +20,7 @@
#include <wx/hyperlink.h> #include <wx/hyperlink.h>
#include <wx/icon.h> #include <wx/icon.h>
#include <wx/scrolwin.h>
#include <wx/statbmp.h> #include <wx/statbmp.h>
#include <Windows.h> #include <Windows.h>
@@ -34,18 +35,21 @@ class wxEAPBannerPanel;
/// ///
template <class _wxT> class wxEAPConfigDialog; template <class _wxT> class wxEAPConfigDialog;
///
/// EAP general-use dialog
///
class wxEAPGeneralDialog;
/// ///
/// EAP top-most credential dialog /// EAP top-most credential dialog
/// ///
class wxEAPCredentialsDialog; class wxEAPCredentialsDialog;
/// ///
/// EAP general note /// EAP general note
/// ///
class wxEAPNotePanel; class wxEAPNotePanel;
/// ///
/// EAP provider-locked congifuration note /// EAP provider-locked congifuration note
/// ///
@@ -56,6 +60,21 @@ class wxEAPProviderLockedPanel;
/// ///
class wxEAPCredentialWarningPanel; class wxEAPCredentialWarningPanel;
///
/// EAP Configuration window
///
class wxEAPConfigWindow;
///
/// EAP provider identity config panel
///
class wxEAPProviderIdentityPanel;
///
/// EAP provider configuration dialog
///
class wxEAPConfigProvider;
/// ///
/// Base template for credential configuration panel /// Base template for credential configuration panel
/// ///
@@ -76,6 +95,11 @@ template <class _Tcred, class _Tbase> class wxPasswordCredentialsPanel;
/// ///
inline bool wxSetIconFromResource(wxStaticBitmap *bmp, wxIcon &icon, HINSTANCE hinst, PCWSTR pszName); inline bool wxSetIconFromResource(wxStaticBitmap *bmp, wxIcon &icon, HINSTANCE hinst, PCWSTR pszName);
///
/// Returns GUI displayable provider name
///
inline wxString wxEAPGetProviderName(const std::wstring &id);
#pragma once #pragma once
#include <wx/msw/winundef.h> // Fixes `CreateDialog` name collision #include <wx/msw/winundef.h> // Fixes `CreateDialog` name collision
@@ -128,10 +152,10 @@ public:
// Set extra style here, as wxFormBuilder overrides all default flags. // Set extra style here, as wxFormBuilder overrides all default flags.
this->SetExtraStyle(this->GetExtraStyle() | wxWS_EX_VALIDATE_RECURSIVELY); this->SetExtraStyle(this->GetExtraStyle() | wxWS_EX_VALIDATE_RECURSIVELY);
for (std::list<eap::config_provider>::iterator provider = m_cfg.m_providers.begin(), provider_end = m_cfg.m_providers.end(); provider != provider_end; ++provider) { for (std::vector<eap::config_provider>::iterator provider = m_cfg.m_providers.begin(), provider_end = m_cfg.m_providers.end(); provider != provider_end; ++provider) {
bool is_single = provider->m_methods.size() == 1; bool is_single = provider->m_methods.size() == 1;
std::list<std::unique_ptr<eap::config_method> >::size_type count = 0; std::vector<std::unique_ptr<eap::config_method> >::size_type count = 0;
std::list<std::unique_ptr<eap::config_method> >::iterator method = provider->m_methods.begin(), method_end = provider->m_methods.end(); std::vector<std::unique_ptr<eap::config_method> >::iterator method = provider->m_methods.begin(), method_end = provider->m_methods.end();
for (; method != method_end; ++method, count++) for (; method != method_end; ++method, count++)
m_providers->AddPage( m_providers->AddPage(
new _wxT( new _wxT(
@@ -139,7 +163,9 @@ public:
*method->get(), *method->get(),
provider->m_id.c_str(), provider->m_id.c_str(),
m_providers), m_providers),
is_single ? provider->m_id : winstd::tstring_printf(_T("%s (%u)"), provider->m_id.c_str(), count)); is_single ?
wxEAPGetProviderName(provider->m_id) :
winstd::tstring_printf(_T("%s (%u)"), wxEAPGetProviderName(provider->m_id), count));
} }
this->Layout(); this->Layout();
@@ -151,6 +177,7 @@ public:
protected: protected:
/// \cond internal /// \cond internal
virtual void OnInitDialog(wxInitDialogEvent& event) virtual void OnInitDialog(wxInitDialogEvent& event)
{ {
// Forward the event to child panels. // Forward the event to child panels.
@@ -160,6 +187,22 @@ protected:
prov->GetEventHandler()->ProcessEvent(event); prov->GetEventHandler()->ProcessEvent(event);
} }
} }
virtual void OnUpdateUI(wxUpdateUIEvent& event)
{
UNREFERENCED_PARAMETER(event);
m_advanced->Enable(!m_cfg.m_providers.at(m_providers->GetSelection()).m_read_only);
}
virtual void OnAdvanced(wxCommandEvent& event)
{
UNREFERENCED_PARAMETER(event);
wxEAPConfigProvider dlg(m_cfg.m_providers.at(m_providers->GetSelection()), this);
dlg.ShowModal();
}
/// \endcond /// \endcond
@@ -168,23 +211,38 @@ protected:
}; };
class wxEAPCredentialsDialog : public wxEAPCredentialsDialogBase class wxEAPGeneralDialog : public wxEAPGeneralDialogBase
{
public:
///
/// Constructs a dialog
///
wxEAPGeneralDialog(wxWindow* parent, const wxString& title = wxEmptyString);
///
/// Adds panels to the dialog
///
void AddContent(wxPanel **contents, size_t content_count);
///
/// Adds single panel to the dialog
///
void AddContent(wxPanel *content);
protected:
/// \cond internal
virtual void OnInitDialog(wxInitDialogEvent& event);
/// \endcond
};
class wxEAPCredentialsDialog : public wxEAPGeneralDialog
{ {
public: public:
/// ///
/// Constructs a credential dialog /// Constructs a credential dialog
/// ///
wxEAPCredentialsDialog(const eap::config_provider &prov, wxWindow* parent); wxEAPCredentialsDialog(const eap::config_provider &prov, wxWindow* parent);
///
/// Adds panels to the dialog
///
void AddContents(wxPanel **contents, size_t content_count);
protected:
/// \cond internal
virtual void OnInitDialog(wxInitDialogEvent& event);
/// \endcond
}; };
@@ -265,6 +323,103 @@ protected:
}; };
class wxEAPConfigWindow : public wxScrolledWindow
{
public:
///
/// Constructs a configuration window
///
/// \param[in] prov Provider configuration data
/// \param[inout] cfg Configuration data
/// \param[in] parent Parent window
///
wxEAPConfigWindow(const eap::config_provider &prov, eap::config_method &cfg, wxWindow* parent);
///
/// Destructs the configuration window
///
virtual ~wxEAPConfigWindow();
protected:
/// \cond internal
virtual void OnInitDialog(wxInitDialogEvent& event);
virtual void OnUpdateUI(wxUpdateUIEvent& event);
/// \endcond
protected:
const eap::config_provider &m_prov; ///< EAP provider
eap::config_method &m_cfg; ///< Method configuration
};
class wxEAPProviderIdentityPanel : public wxEAPProviderIdentityPanelBase
{
public:
///
/// Constructs a provider identity pannel
///
/// \param[inout] prov Provider configuration data
/// \param[in] parent Parent window
///
wxEAPProviderIdentityPanel(eap::config_provider &prov, wxWindow* parent);
friend class wxEAPConfigProvider; // Allows direct setting of keyboard focus
protected:
/// \cond internal
virtual bool TransferDataToWindow();
virtual bool TransferDataFromWindow();
/// \endcond
protected:
eap::config_provider &m_prov; ///< EAP method configuration
winstd::library m_shell32; ///< shell32.dll resource library reference
wxIcon m_icon; ///< Panel icon
};
class wxEAPProviderLockPanel : public wxEAPProviderLockPanelBase
{
public:
///
/// Constructs a provider lock pannel
///
/// \param[inout] prov Provider configuration data
/// \param[in] parent Parent window
///
wxEAPProviderLockPanel(eap::config_provider &prov, wxWindow* parent);
protected:
/// \cond internal
virtual bool TransferDataToWindow();
virtual bool TransferDataFromWindow();
/// \endcond
protected:
eap::config_provider &m_prov; ///< EAP method configuration
winstd::library m_shell32; ///< shell32.dll resource library reference
wxIcon m_icon; ///< Panel icon
};
class wxEAPConfigProvider : public wxEAPGeneralDialog
{
public:
///
/// Constructs a provider config dialog
///
/// \param[inout] prov Provider configuration data
/// \param[in] parent Parent window
///
wxEAPConfigProvider(eap::config_provider &prov, wxWindow* parent);
protected:
eap::config_provider &m_prov; ///< EAP method configuration
wxEAPProviderIdentityPanel *m_identity; ///< Provider identity panel
wxEAPProviderLockPanel *m_lock; ///< Provider lock panel
};
template <class _Tcred, class _wxT> template <class _Tcred, class _wxT>
class wxEAPCredentialsConfigPanel : public wxEAPCredentialsConfigPanelBase class wxEAPCredentialsConfigPanel : public wxEAPCredentialsConfigPanelBase
{ {
@@ -289,6 +444,14 @@ public:
wxSetIconFromResource(m_credentials_icon, m_icon, m_shell32, MAKEINTRESOURCE(/*16770*/269)); wxSetIconFromResource(m_credentials_icon, m_icon, m_shell32, MAKEINTRESOURCE(/*16770*/269));
} }
///
/// Sets keyboard focus to the first control that do not capture mouse wheel
///
inline void SetFocusFromKbd()
{
m_own->SetFocusFromKbd();
}
protected: protected:
/// \cond internal /// \cond internal
@@ -402,7 +565,7 @@ protected:
// Display credential prompt. // Display credential prompt.
wxEAPCredentialsDialog dlg(m_prov, this); wxEAPCredentialsDialog dlg(m_prov, this);
_wxT *panel = new _wxT(m_prov, m_cfg, cred, m_target.c_str(), &dlg, true); _wxT *panel = new _wxT(m_prov, m_cfg, cred, m_target.c_str(), &dlg, true);
dlg.AddContents((wxPanel**)&panel, 1); dlg.AddContent(panel);
if (dlg.ShowModal() == wxID_OK && panel->GetRememberValue()) { if (dlg.ShowModal() == wxID_OK && panel->GetRememberValue()) {
// Write credentials to credential manager. // Write credentials to credential manager.
try { try {
@@ -433,21 +596,21 @@ protected:
_wxT *panel = new _wxT(m_prov, m_cfg, m_cred, _T(""), &dlg, true); _wxT *panel = new _wxT(m_prov, m_cfg, m_cred, _T(""), &dlg, true);
dlg.AddContents((wxPanel**)&panel, 1); dlg.AddContent(panel);
dlg.ShowModal(); dlg.ShowModal();
} }
/// \endcond /// \endcond
protected: protected:
const eap::config_provider &m_prov; ///< EAP provider const eap::config_provider &m_prov; ///< EAP provider
eap::config_method_with_cred &m_cfg; ///< EAP method configuration eap::config_method_with_cred &m_cfg; ///< EAP method configuration
winstd::library m_shell32; ///< shell32.dll resource library reference winstd::library m_shell32; ///< shell32.dll resource library reference
wxIcon m_icon; ///< Panel icon wxIcon m_icon; ///< Panel icon
winstd::tstring m_target; ///< Credential Manager target winstd::tstring m_target; ///< Credential Manager target
private: private:
_Tcred m_cred; ///< Temporary credential data _Tcred m_cred; ///< Temporary credential data
}; };
@@ -486,6 +649,11 @@ public:
this->Disconnect(wxEVT_UPDATE_UI, wxUpdateUIEventHandler(_Tthis::OnUpdateUI)); this->Disconnect(wxEVT_UPDATE_UI, wxUpdateUIEventHandler(_Tthis::OnUpdateUI));
} }
inline void SetRememberValue(bool val)
{
return m_remember->SetValue(val);
}
inline bool GetRememberValue() const inline bool GetRememberValue() const
{ {
return m_remember->GetValue(); return m_remember->GetValue();
@@ -576,12 +744,12 @@ protected:
m_identity->SetSelection(0, -1); m_identity->SetSelection(0, -1);
m_password->SetValue(m_cred.m_password.empty() ? wxEmptyString : s_dummy_password); m_password->SetValue(m_cred.m_password.empty() ? wxEmptyString : s_dummy_password);
return wxEAPCredentialsPanelBase<_Tcred, wxEAPCredentialsPanelPassBase>::TransferDataToWindow(); return wxEAPCredentialsPanelBase<_Tcred, wxEAPCredentialsPassPanelBase>::TransferDataToWindow();
} }
virtual bool TransferDataFromWindow() virtual bool TransferDataFromWindow()
{ {
if (!wxEAPCredentialsPanelBase<_Tcred, wxEAPCredentialsPanelPassBase>::TransferDataFromWindow()) if (!wxEAPCredentialsPanelBase<_Tcred, wxEAPCredentialsPassPanelBase>::TransferDataFromWindow())
return false; return false;
m_cred.m_identity = m_identity->GetValue(); m_cred.m_identity = m_identity->GetValue();
@@ -604,7 +772,7 @@ protected:
m_password ->Enable(false); m_password ->Enable(false);
} }
wxEAPCredentialsPanelBase<_Tcred, wxEAPCredentialsPanelPassBase>::OnUpdateUI(event); wxEAPCredentialsPanelBase<_Tcred, wxEAPCredentialsPassPanelBase>::OnUpdateUI(event);
} }
/// \endcond /// \endcond
@@ -633,3 +801,10 @@ inline bool wxSetIconFromResource(wxStaticBitmap *bmp, wxIcon &icon, HINSTANCE h
} else } else
return false; return false;
} }
inline wxString wxEAPGetProviderName(const std::wstring &id)
{
return
!id.empty() ? id : _("<Your Organization>");
}

207
lib/EAPBase_UI/res/wxEAP_UI.cpp
View File

@@ -28,6 +28,20 @@ wxEAPConfigDialogBase::wxEAPConfigDialogBase( wxWindow* parent, wxWindowID id, c
sb_content->Add( m_providers, 1, wxEXPAND|wxALL, 10 ); sb_content->Add( m_providers, 1, wxEXPAND|wxALL, 10 );
wxBoxSizer* sb_bottom_horiz;
sb_bottom_horiz = new wxBoxSizer( wxHORIZONTAL );
wxBoxSizer* sb_bottom_horiz_inner;
sb_bottom_horiz_inner = new wxBoxSizer( wxHORIZONTAL );
m_advanced = new wxButton( this, wxID_ANY, _("Advanced..."), wxDefaultPosition, wxDefaultSize, 0 );
m_advanced->SetToolTip( _("Opens dialog with provider settings") );
sb_bottom_horiz_inner->Add( m_advanced, 0, wxALL, 5 );
sb_bottom_horiz->Add( sb_bottom_horiz_inner, 1, wxEXPAND, 5 );
m_buttons = new wxStdDialogButtonSizer(); m_buttons = new wxStdDialogButtonSizer();
m_buttonsOK = new wxButton( this, wxID_OK ); m_buttonsOK = new wxButton( this, wxID_OK );
m_buttons->AddButton( m_buttonsOK ); m_buttons->AddButton( m_buttonsOK );
@@ -35,7 +49,10 @@ wxEAPConfigDialogBase::wxEAPConfigDialogBase( wxWindow* parent, wxWindowID id, c
m_buttons->AddButton( m_buttonsCancel ); m_buttons->AddButton( m_buttonsCancel );
m_buttons->Realize(); m_buttons->Realize();
sb_content->Add( m_buttons, 0, wxEXPAND|wxALL, 5 ); sb_bottom_horiz->Add( m_buttons, 0, wxEXPAND|wxALL, 5 );
sb_content->Add( sb_bottom_horiz, 0, wxEXPAND, 5 );
this->SetSizer( sb_content ); this->SetSizer( sb_content );
@@ -44,16 +61,20 @@ wxEAPConfigDialogBase::wxEAPConfigDialogBase( wxWindow* parent, wxWindowID id, c
// Connect Events // Connect Events
this->Connect( wxEVT_INIT_DIALOG, wxInitDialogEventHandler( wxEAPConfigDialogBase::OnInitDialog ) ); this->Connect( wxEVT_INIT_DIALOG, wxInitDialogEventHandler( wxEAPConfigDialogBase::OnInitDialog ) );
this->Connect( wxEVT_UPDATE_UI, wxUpdateUIEventHandler( wxEAPConfigDialogBase::OnUpdateUI ) );
m_advanced->Connect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPConfigDialogBase::OnAdvanced ), NULL, this );
} }
wxEAPConfigDialogBase::~wxEAPConfigDialogBase() wxEAPConfigDialogBase::~wxEAPConfigDialogBase()
{ {
// Disconnect Events // Disconnect Events
this->Disconnect( wxEVT_INIT_DIALOG, wxInitDialogEventHandler( wxEAPConfigDialogBase::OnInitDialog ) ); this->Disconnect( wxEVT_INIT_DIALOG, wxInitDialogEventHandler( wxEAPConfigDialogBase::OnInitDialog ) );
this->Disconnect( wxEVT_UPDATE_UI, wxUpdateUIEventHandler( wxEAPConfigDialogBase::OnUpdateUI ) );
m_advanced->Disconnect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPConfigDialogBase::OnAdvanced ), NULL, this );
} }
wxEAPCredentialsDialogBase::wxEAPCredentialsDialogBase( wxWindow* parent, wxWindowID id, const wxString& title, const wxPoint& pos, const wxSize& size, long style ) : wxDialog( parent, id, title, pos, size, style ) wxEAPGeneralDialogBase::wxEAPGeneralDialogBase( wxWindow* parent, wxWindowID id, const wxString& title, const wxPoint& pos, const wxSize& size, long style ) : wxDialog( parent, id, title, pos, size, style )
{ {
this->SetSizeHints( wxDefaultSize, wxDefaultSize ); this->SetSizeHints( wxDefaultSize, wxDefaultSize );
@@ -84,13 +105,13 @@ wxEAPCredentialsDialogBase::wxEAPCredentialsDialogBase( wxWindow* parent, wxWind
sb_content->Fit( this ); sb_content->Fit( this );
// Connect Events // Connect Events
this->Connect( wxEVT_INIT_DIALOG, wxInitDialogEventHandler( wxEAPCredentialsDialogBase::OnInitDialog ) ); this->Connect( wxEVT_INIT_DIALOG, wxInitDialogEventHandler( wxEAPGeneralDialogBase::OnInitDialog ) );
} }
wxEAPCredentialsDialogBase::~wxEAPCredentialsDialogBase() wxEAPGeneralDialogBase::~wxEAPGeneralDialogBase()
{ {
// Disconnect Events // Disconnect Events
this->Disconnect( wxEVT_INIT_DIALOG, wxInitDialogEventHandler( wxEAPCredentialsDialogBase::OnInitDialog ) ); this->Disconnect( wxEVT_INIT_DIALOG, wxInitDialogEventHandler( wxEAPGeneralDialogBase::OnInitDialog ) );
} }
@@ -99,20 +120,20 @@ wxEAPBannerPanelBase::wxEAPBannerPanelBase( wxWindow* parent, wxWindowID id, con
this->SetBackgroundColour( wxSystemSettings::GetColour( wxSYS_COLOUR_HIGHLIGHT ) ); this->SetBackgroundColour( wxSystemSettings::GetColour( wxSYS_COLOUR_HIGHLIGHT ) );
this->SetMinSize( wxSize( -1,48 ) ); this->SetMinSize( wxSize( -1,48 ) );
wxBoxSizer* sc_content; wxBoxSizer* sb_content;
sc_content = new wxBoxSizer( wxVERTICAL ); sb_content = new wxBoxSizer( wxVERTICAL );
m_title = new wxStaticText( this, wxID_ANY, wxEmptyString, wxDefaultPosition, wxDefaultSize, wxALIGN_RIGHT ); m_title = new wxStaticText( this, wxID_ANY, wxEmptyString, wxDefaultPosition, wxDefaultSize, wxALIGN_RIGHT );
m_title->Wrap( -1 ); m_title->Wrap( -1 );
m_title->SetFont( wxFont( 18, 70, 90, 90, false, wxEmptyString ) ); m_title->SetFont( wxFont( 18, 70, 90, 90, false, wxEmptyString ) );
m_title->SetForegroundColour( wxSystemSettings::GetColour( wxSYS_COLOUR_HIGHLIGHTTEXT ) ); m_title->SetForegroundColour( wxSystemSettings::GetColour( wxSYS_COLOUR_HIGHLIGHTTEXT ) );
sc_content->Add( m_title, 0, wxALL|wxEXPAND, 5 ); sb_content->Add( m_title, 0, wxALL|wxEXPAND, 5 );
this->SetSizer( sc_content ); this->SetSizer( sb_content );
this->Layout(); this->Layout();
sc_content->Fit( this ); sb_content->Fit( this );
} }
wxEAPBannerPanelBase::~wxEAPBannerPanelBase() wxEAPBannerPanelBase::~wxEAPBannerPanelBase()
@@ -269,7 +290,7 @@ wxEAPCredentialsConfigPanelBase::~wxEAPCredentialsConfigPanelBase()
} }
wxEAPCredentialsPanelPassBase::wxEAPCredentialsPanelPassBase( wxWindow* parent, wxWindowID id, const wxPoint& pos, const wxSize& size, long style ) : wxPanel( parent, id, pos, size, style ) wxEAPCredentialsPassPanelBase::wxEAPCredentialsPassPanelBase( wxWindow* parent, wxWindowID id, const wxPoint& pos, const wxSize& size, long style ) : wxPanel( parent, id, pos, size, style )
{ {
wxStaticBoxSizer* sb_credentials; wxStaticBoxSizer* sb_credentials;
sb_credentials = new wxStaticBoxSizer( new wxStaticBox( this, wxID_ANY, _("Client Credentials") ), wxVERTICAL ); sb_credentials = new wxStaticBoxSizer( new wxStaticBox( this, wxID_ANY, _("Client Credentials") ), wxVERTICAL );
@@ -330,6 +351,168 @@ wxEAPCredentialsPanelPassBase::wxEAPCredentialsPanelPassBase( wxWindow* parent,
this->Layout(); this->Layout();
} }
wxEAPCredentialsPanelPassBase::~wxEAPCredentialsPanelPassBase() wxEAPCredentialsPassPanelBase::~wxEAPCredentialsPassPanelBase()
{ {
} }
wxEAPProviderIdentityPanelBase::wxEAPProviderIdentityPanelBase( wxWindow* parent, wxWindowID id, const wxPoint& pos, const wxSize& size, long style ) : wxPanel( parent, id, pos, size, style )
{
wxStaticBoxSizer* sb_provider_id;
sb_provider_id = new wxStaticBoxSizer( new wxStaticBox( this, wxID_ANY, _("Your Organization") ), wxVERTICAL );
wxBoxSizer* sb_provider_id_horiz;
sb_provider_id_horiz = new wxBoxSizer( wxHORIZONTAL );
m_provider_id_icon = new wxStaticBitmap( sb_provider_id->GetStaticBox(), wxID_ANY, wxNullBitmap, wxDefaultPosition, wxDefaultSize, 0 );
sb_provider_id_horiz->Add( m_provider_id_icon, 0, wxALL, 5 );
wxBoxSizer* sb_provider_id_vert;
sb_provider_id_vert = new wxBoxSizer( wxVERTICAL );
m_provider_id_label = new wxStaticText( sb_provider_id->GetStaticBox(), wxID_ANY, _("Describe your organization to customize user prompts. When organization is introduced, end-users find program messages easier to understand and act."), wxDefaultPosition, wxDefaultSize, 0 );
m_provider_id_label->Wrap( 446 );
sb_provider_id_vert->Add( m_provider_id_label, 0, wxALL|wxEXPAND, 5 );
wxBoxSizer* sb_provider_name;
sb_provider_name = new wxBoxSizer( wxVERTICAL );
m_provider_name_label = new wxStaticText( sb_provider_id->GetStaticBox(), wxID_ANY, _("Your organization &name:"), wxDefaultPosition, wxDefaultSize, 0 );
m_provider_name_label->Wrap( -1 );
sb_provider_name->Add( m_provider_name_label, 0, wxBOTTOM, 5 );
m_provider_name = new wxTextCtrl( sb_provider_id->GetStaticBox(), wxID_ANY, wxEmptyString, wxDefaultPosition, wxDefaultSize, 0 );
m_provider_name->SetToolTip( _("Your organization name as it will appear on helpdesk contact notifications") );
sb_provider_name->Add( m_provider_name, 0, wxEXPAND|wxBOTTOM, 5 );
m_provider_name_note = new wxStaticText( sb_provider_id->GetStaticBox(), wxID_ANY, _("(Keep it short, please)"), wxDefaultPosition, wxDefaultSize, 0 );
m_provider_name_note->Wrap( -1 );
sb_provider_name->Add( m_provider_name_note, 0, wxALIGN_RIGHT, 5 );
sb_provider_id_vert->Add( sb_provider_name, 0, wxEXPAND|wxALL, 5 );
wxBoxSizer* sb_provider_helpdesk;
sb_provider_helpdesk = new wxBoxSizer( wxVERTICAL );
m_provider_helpdesk_label = new wxStaticText( sb_provider_id->GetStaticBox(), wxID_ANY, _("Helpdesk contact &information:"), wxDefaultPosition, wxDefaultSize, 0 );
m_provider_helpdesk_label->Wrap( -1 );
sb_provider_helpdesk->Add( m_provider_helpdesk_label, 0, wxBOTTOM, 5 );
wxFlexGridSizer* sb_provider_helpdesk_inner;
sb_provider_helpdesk_inner = new wxFlexGridSizer( 0, 2, 0, 0 );
sb_provider_helpdesk_inner->AddGrowableCol( 1 );
sb_provider_helpdesk_inner->SetFlexibleDirection( wxBOTH );
sb_provider_helpdesk_inner->SetNonFlexibleGrowMode( wxFLEX_GROWMODE_SPECIFIED );
m_provider_web_icon = new wxStaticText( sb_provider_id->GetStaticBox(), wxID_ANY, _(""), wxDefaultPosition, wxDefaultSize, 0 );
m_provider_web_icon->Wrap( -1 );
m_provider_web_icon->SetFont( wxFont( wxNORMAL_FONT->GetPointSize(), 70, 90, 90, false, wxT("Wingdings") ) );
sb_provider_helpdesk_inner->Add( m_provider_web_icon, 0, wxALIGN_CENTER_VERTICAL|wxBOTTOM|wxRIGHT, 5 );
m_provider_web = new wxTextCtrl( sb_provider_id->GetStaticBox(), wxID_ANY, wxEmptyString, wxDefaultPosition, wxDefaultSize, 0 );
m_provider_web->SetToolTip( _("Your helpdesk website") );
sb_provider_helpdesk_inner->Add( m_provider_web, 1, wxEXPAND|wxALIGN_CENTER_VERTICAL|wxBOTTOM, 5 );
m_provider_email_icon = new wxStaticText( sb_provider_id->GetStaticBox(), wxID_ANY, _("*"), wxDefaultPosition, wxDefaultSize, 0 );
m_provider_email_icon->Wrap( -1 );
m_provider_email_icon->SetFont( wxFont( wxNORMAL_FONT->GetPointSize(), 70, 90, 90, false, wxT("Wingdings") ) );
sb_provider_helpdesk_inner->Add( m_provider_email_icon, 0, wxALIGN_CENTER_VERTICAL|wxBOTTOM|wxRIGHT, 5 );
m_provider_email = new wxTextCtrl( sb_provider_id->GetStaticBox(), wxID_ANY, wxEmptyString, wxDefaultPosition, wxDefaultSize, 0 );
m_provider_email->SetToolTip( _("Your helpdesk e-mail address") );
sb_provider_helpdesk_inner->Add( m_provider_email, 1, wxEXPAND|wxALIGN_CENTER_VERTICAL|wxBOTTOM, 5 );
m_provider_phone_icon = new wxStaticText( sb_provider_id->GetStaticBox(), wxID_ANY, _(")"), wxDefaultPosition, wxDefaultSize, 0 );
m_provider_phone_icon->Wrap( -1 );
m_provider_phone_icon->SetFont( wxFont( wxNORMAL_FONT->GetPointSize(), 70, 90, 90, false, wxT("Wingdings") ) );
sb_provider_helpdesk_inner->Add( m_provider_phone_icon, 0, wxALIGN_CENTER_VERTICAL|wxRIGHT, 5 );
m_provider_phone = new wxTextCtrl( sb_provider_id->GetStaticBox(), wxID_ANY, wxEmptyString, wxDefaultPosition, wxDefaultSize, 0 );
m_provider_phone->SetToolTip( _("Your helpdesk phone number") );
sb_provider_helpdesk_inner->Add( m_provider_phone, 1, wxEXPAND|wxALIGN_CENTER_VERTICAL, 5 );
sb_provider_helpdesk->Add( sb_provider_helpdesk_inner, 1, wxEXPAND, 5 );
sb_provider_id_vert->Add( sb_provider_helpdesk, 1, wxEXPAND, 5 );
sb_provider_id_horiz->Add( sb_provider_id_vert, 1, wxEXPAND, 5 );
sb_provider_id->Add( sb_provider_id_horiz, 1, wxEXPAND, 5 );
this->SetSizer( sb_provider_id );
this->Layout();
// Connect Events
this->Connect( wxEVT_UPDATE_UI, wxUpdateUIEventHandler( wxEAPProviderIdentityPanelBase::OnUpdateUI ) );
}
wxEAPProviderIdentityPanelBase::~wxEAPProviderIdentityPanelBase()
{
// Disconnect Events
this->Disconnect( wxEVT_UPDATE_UI, wxUpdateUIEventHandler( wxEAPProviderIdentityPanelBase::OnUpdateUI ) );
}
wxEAPProviderLockPanelBase::wxEAPProviderLockPanelBase( wxWindow* parent, wxWindowID id, const wxPoint& pos, const wxSize& size, long style ) : wxPanel( parent, id, pos, size, style )
{
wxStaticBoxSizer* sb_provider_lock;
sb_provider_lock = new wxStaticBoxSizer( new wxStaticBox( this, wxID_ANY, _("Configuration Lock") ), wxVERTICAL );
wxBoxSizer* sb_provider_lock_horiz;
sb_provider_lock_horiz = new wxBoxSizer( wxHORIZONTAL );
m_provider_lock_icon = new wxStaticBitmap( sb_provider_lock->GetStaticBox(), wxID_ANY, wxNullBitmap, wxDefaultPosition, wxDefaultSize, 0 );
sb_provider_lock_horiz->Add( m_provider_lock_icon, 0, wxALL, 5 );
wxBoxSizer* sb_provider_lock_vert;
sb_provider_lock_vert = new wxBoxSizer( wxVERTICAL );
m_provider_lock_label = new wxStaticText( sb_provider_lock->GetStaticBox(), wxID_ANY, _("Your configuration can be locked to prevent accidental modification by end-users. Users will only be allowed to enter credentials."), wxDefaultPosition, wxDefaultSize, 0 );
m_provider_lock_label->Wrap( 446 );
sb_provider_lock_vert->Add( m_provider_lock_label, 0, wxALL|wxEXPAND, 5 );
wxBoxSizer* sb_provider_name;
sb_provider_name = new wxBoxSizer( wxVERTICAL );
m_provider_lock = new wxCheckBox( sb_provider_lock->GetStaticBox(), wxID_ANY, _("&Lock this configuration and prevent any further modification via user interface."), wxDefaultPosition, wxDefaultSize, 0 );
sb_provider_name->Add( m_provider_lock, 0, wxEXPAND|wxBOTTOM, 5 );
m_provider_lock_note = new wxStaticText( sb_provider_lock->GetStaticBox(), wxID_ANY, _("(Warning: Once locked, you can not revert using this dialog!)"), wxDefaultPosition, wxDefaultSize, 0 );
m_provider_lock_note->Wrap( -1 );
sb_provider_name->Add( m_provider_lock_note, 0, wxALIGN_RIGHT, 5 );
sb_provider_lock_vert->Add( sb_provider_name, 0, wxEXPAND|wxALL, 5 );
sb_provider_lock_horiz->Add( sb_provider_lock_vert, 1, wxEXPAND, 5 );
sb_provider_lock->Add( sb_provider_lock_horiz, 1, wxEXPAND, 5 );
this->SetSizer( sb_provider_lock );
this->Layout();
// Connect Events
this->Connect( wxEVT_UPDATE_UI, wxUpdateUIEventHandler( wxEAPProviderLockPanelBase::OnUpdateUI ) );
}
wxEAPProviderLockPanelBase::~wxEAPProviderLockPanelBase()
{
// Disconnect Events
this->Disconnect( wxEVT_UPDATE_UI, wxUpdateUIEventHandler( wxEAPProviderLockPanelBase::OnUpdateUI ) );
}

1740
lib/EAPBase_UI/res/wxEAP_UI.fbp
View File

File diff suppressed because it is too large Load Diff

77
lib/EAPBase_UI/res/wxEAP_UI.h
View File

@@ -18,8 +18,8 @@ class wxEAPBannerPanel;
#include <wx/settings.h> #include <wx/settings.h>
#include <wx/string.h> #include <wx/string.h>
#include <wx/notebook.h> #include <wx/notebook.h>
#include <wx/sizer.h>
#include <wx/button.h> #include <wx/button.h>
#include <wx/sizer.h>
#include <wx/dialog.h> #include <wx/dialog.h>
#include <wx/stattext.h> #include <wx/stattext.h>
#include <wx/panel.h> #include <wx/panel.h>
@@ -44,12 +44,15 @@ class wxEAPConfigDialogBase : public wxDialog
protected: protected:
wxEAPBannerPanel *m_banner; wxEAPBannerPanel *m_banner;
wxNotebook* m_providers; wxNotebook* m_providers;
wxButton* m_advanced;
wxStdDialogButtonSizer* m_buttons; wxStdDialogButtonSizer* m_buttons;
wxButton* m_buttonsOK; wxButton* m_buttonsOK;
wxButton* m_buttonsCancel; wxButton* m_buttonsCancel;
// Virtual event handlers, overide them in your derived class // Virtual event handlers, overide them in your derived class
virtual void OnInitDialog( wxInitDialogEvent& event ) { event.Skip(); } virtual void OnInitDialog( wxInitDialogEvent& event ) { event.Skip(); }
virtual void OnUpdateUI( wxUpdateUIEvent& event ) { event.Skip(); }
virtual void OnAdvanced( wxCommandEvent& event ) { event.Skip(); }
public: public:
@@ -60,9 +63,9 @@ class wxEAPConfigDialogBase : public wxDialog
}; };
/////////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////////
/// Class wxEAPCredentialsDialogBase /// Class wxEAPGeneralDialogBase
/////////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////////
class wxEAPCredentialsDialogBase : public wxDialog class wxEAPGeneralDialogBase : public wxDialog
{ {
private: private:
@@ -79,8 +82,8 @@ class wxEAPCredentialsDialogBase : public wxDialog
public: public:
wxEAPCredentialsDialogBase( wxWindow* parent, wxWindowID id = wxID_ANY, const wxString& title = _("EAP Credentials"), const wxPoint& pos = wxDefaultPosition, const wxSize& size = wxDefaultSize, long style = wxDEFAULT_DIALOG_STYLE ); wxEAPGeneralDialogBase( wxWindow* parent, wxWindowID id = wxID_ANY, const wxString& title = wxEmptyString, const wxPoint& pos = wxDefaultPosition, const wxSize& size = wxDefaultSize, long style = wxDEFAULT_DIALOG_STYLE );
~wxEAPCredentialsDialogBase(); ~wxEAPGeneralDialogBase();
}; };
@@ -153,9 +156,9 @@ class wxEAPCredentialsConfigPanelBase : public wxPanel
}; };
/////////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////////
/// Class wxEAPCredentialsPanelPassBase /// Class wxEAPCredentialsPassPanelBase
/////////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////////
class wxEAPCredentialsPanelPassBase : public wxPanel class wxEAPCredentialsPassPanelBase : public wxPanel
{ {
private: private:
@@ -170,8 +173,64 @@ class wxEAPCredentialsPanelPassBase : public wxPanel
public: public:
wxEAPCredentialsPanelPassBase( wxWindow* parent, wxWindowID id = wxID_ANY, const wxPoint& pos = wxDefaultPosition, const wxSize& size = wxSize( 500,-1 ), long style = wxTAB_TRAVERSAL ); wxEAPCredentialsPassPanelBase( wxWindow* parent, wxWindowID id = wxID_ANY, const wxPoint& pos = wxDefaultPosition, const wxSize& size = wxSize( 500,-1 ), long style = wxTAB_TRAVERSAL );
~wxEAPCredentialsPanelPassBase(); ~wxEAPCredentialsPassPanelBase();
};
///////////////////////////////////////////////////////////////////////////////
/// Class wxEAPProviderIdentityPanelBase
///////////////////////////////////////////////////////////////////////////////
class wxEAPProviderIdentityPanelBase : public wxPanel
{
private:
protected:
wxStaticBitmap* m_provider_id_icon;
wxStaticText* m_provider_id_label;
wxStaticText* m_provider_name_label;
wxTextCtrl* m_provider_name;
wxStaticText* m_provider_name_note;
wxStaticText* m_provider_helpdesk_label;
wxStaticText* m_provider_web_icon;
wxTextCtrl* m_provider_web;
wxStaticText* m_provider_email_icon;
wxTextCtrl* m_provider_email;
wxStaticText* m_provider_phone_icon;
wxTextCtrl* m_provider_phone;
// Virtual event handlers, overide them in your derived class
virtual void OnUpdateUI( wxUpdateUIEvent& event ) { event.Skip(); }
public:
wxEAPProviderIdentityPanelBase( wxWindow* parent, wxWindowID id = wxID_ANY, const wxPoint& pos = wxDefaultPosition, const wxSize& size = wxSize( 500,-1 ), long style = wxTAB_TRAVERSAL );
~wxEAPProviderIdentityPanelBase();
};
///////////////////////////////////////////////////////////////////////////////
/// Class wxEAPProviderLockPanelBase
///////////////////////////////////////////////////////////////////////////////
class wxEAPProviderLockPanelBase : public wxPanel
{
private:
protected:
wxStaticBitmap* m_provider_lock_icon;
wxStaticText* m_provider_lock_label;
wxCheckBox* m_provider_lock;
wxStaticText* m_provider_lock_note;
// Virtual event handlers, overide them in your derived class
virtual void OnUpdateUI( wxUpdateUIEvent& event ) { event.Skip(); }
public:
wxEAPProviderLockPanelBase( wxWindow* parent, wxWindowID id = wxID_ANY, const wxPoint& pos = wxDefaultPosition, const wxSize& size = wxSize( 500,-1 ), long style = wxTAB_TRAVERSAL );
~wxEAPProviderLockPanelBase();
}; };

170
lib/EAPBase_UI/src/EAP_UI.cpp
View File

@@ -38,22 +38,19 @@ bool wxEAPBannerPanel::AcceptsFocusFromKeyboard() const
////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////
// wxEAPCredentialsDialog // wxEAPGeneralDialog
////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////
wxEAPCredentialsDialog::wxEAPCredentialsDialog(const eap::config_provider &prov, wxWindow* parent) : wxEAPCredentialsDialogBase(parent) wxEAPGeneralDialog::wxEAPGeneralDialog(wxWindow* parent, const wxString& title) : wxEAPGeneralDialogBase(parent, wxID_ANY, title)
{ {
// Set extra style here, as wxFormBuilder overrides all default flags. // Set extra style here, as wxFormBuilder overrides all default flags.
this->SetExtraStyle(this->GetExtraStyle() | wxWS_EX_VALIDATE_RECURSIVELY); this->SetExtraStyle(this->GetExtraStyle() | wxWS_EX_VALIDATE_RECURSIVELY);
// Set banner title.
m_banner->m_title->SetLabel(wxString::Format(_("%s Credentials"), prov.m_id.c_str()));
m_buttonsOK->SetDefault(); m_buttonsOK->SetDefault();
} }
void wxEAPCredentialsDialog::AddContents(wxPanel **contents, size_t content_count) void wxEAPGeneralDialog::AddContent(wxPanel **contents, size_t content_count)
{ {
if (content_count) { if (content_count) {
for (size_t i = 0; i < content_count; i++) for (size_t i = 0; i < content_count; i++)
@@ -66,13 +63,30 @@ void wxEAPCredentialsDialog::AddContents(wxPanel **contents, size_t content_coun
} }
void wxEAPCredentialsDialog::OnInitDialog(wxInitDialogEvent& event) void wxEAPGeneralDialog::AddContent(wxPanel *content)
{
AddContent(&content, 1);
}
void wxEAPGeneralDialog::OnInitDialog(wxInitDialogEvent& event)
{ {
for (wxSizerItemList::compatibility_iterator panel = m_panels->GetChildren().GetFirst(); panel; panel = panel->GetNext()) for (wxSizerItemList::compatibility_iterator panel = m_panels->GetChildren().GetFirst(); panel; panel = panel->GetNext())
panel->GetData()->GetWindow()->GetEventHandler()->ProcessEvent(event); panel->GetData()->GetWindow()->GetEventHandler()->ProcessEvent(event);
} }
//////////////////////////////////////////////////////////////////////
// wxEAPCredentialsDialog
//////////////////////////////////////////////////////////////////////
wxEAPCredentialsDialog::wxEAPCredentialsDialog(const eap::config_provider &prov, wxWindow* parent) : wxEAPGeneralDialog(parent, _("EAP Credentials"))
{
// Set banner title.
m_banner->m_title->SetLabel(wxString::Format(_("%s Credentials"), wxEAPGetProviderName(prov.m_id).c_str()));
}
////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////
// wxEAPNotePanel // wxEAPNotePanel
////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////
@@ -182,10 +196,150 @@ wxEAPCredentialWarningPanel::wxEAPCredentialWarningPanel(const eap::config_provi
if (m_shell32.load(_T("shell32.dll"), NULL, LOAD_LIBRARY_AS_DATAFILE | LOAD_LIBRARY_AS_IMAGE_RESOURCE)) if (m_shell32.load(_T("shell32.dll"), NULL, LOAD_LIBRARY_AS_DATAFILE | LOAD_LIBRARY_AS_IMAGE_RESOURCE))
wxSetIconFromResource(m_note_icon, m_icon, m_shell32, MAKEINTRESOURCE(161)); wxSetIconFromResource(m_note_icon, m_icon, m_shell32, MAKEINTRESOURCE(161));
m_note_label->SetLabel(_("Previous attempt to connect using provided credentials failed. Please, make sure your credentials are correct, or try again later.")); m_note_label->SetLabel(_("Previous attempt to connect failed. Please, make sure your credentials are correct, or try again later."));
m_note_label->Wrap(449); m_note_label->Wrap(449);
CreateContactFields(prov); CreateContactFields(prov);
this->Layout(); this->Layout();
} }
//////////////////////////////////////////////////////////////////////
// wxEAPConfigWindow
//////////////////////////////////////////////////////////////////////
wxEAPConfigWindow::wxEAPConfigWindow(const eap::config_provider &prov, eap::config_method &cfg, wxWindow* parent) :
m_prov(prov),
m_cfg(cfg),
wxScrolledWindow(parent, wxID_ANY, wxDefaultPosition, wxDefaultSize, wxVSCROLL)
{
this->SetScrollRate(5, 5);
// Connect Events
this->Connect(wxEVT_INIT_DIALOG, wxInitDialogEventHandler(wxEAPConfigWindow::OnInitDialog));
this->Connect(wxEVT_UPDATE_UI, wxUpdateUIEventHandler(wxEAPConfigWindow::OnUpdateUI));
}
wxEAPConfigWindow::~wxEAPConfigWindow()
{
// Disconnect Events
this->Disconnect(wxEVT_UPDATE_UI, wxUpdateUIEventHandler(wxEAPConfigWindow::OnUpdateUI));
this->Disconnect(wxEVT_INIT_DIALOG, wxInitDialogEventHandler(wxEAPConfigWindow::OnInitDialog));
}
void wxEAPConfigWindow::OnInitDialog(wxInitDialogEvent& event)
{
UNREFERENCED_PARAMETER(event);
// Call TransferDataToWindow() manually, as wxScrolledWindow somehow skips that.
TransferDataToWindow();
}
void wxEAPConfigWindow::OnUpdateUI(wxUpdateUIEvent& event)
{
UNREFERENCED_PARAMETER(event);
if (m_parent && m_parent->IsKindOf(wxCLASSINFO(wxNotebook))) {
// We're a notebook page. Set the ID of our provider as our page label.
wxNotebook *notebook = (wxNotebook*)m_parent;
int idx = notebook->FindPage(this);
if (idx != wxNOT_FOUND)
notebook->SetPageText(idx, wxEAPGetProviderName(m_prov.m_id));
} else
this->SetLabel(wxEAPGetProviderName(m_prov.m_id));
}
//////////////////////////////////////////////////////////////////////
// wxEAPProviderIdentityPanel
//////////////////////////////////////////////////////////////////////
wxEAPProviderIdentityPanel::wxEAPProviderIdentityPanel(eap::config_provider &prov, wxWindow* parent) :
m_prov(prov),
wxEAPProviderIdentityPanelBase(parent)
{
// Load and set icon.
if (m_shell32.load(_T("shell32.dll"), NULL, LOAD_LIBRARY_AS_DATAFILE | LOAD_LIBRARY_AS_IMAGE_RESOURCE))
wxSetIconFromResource(m_provider_id_icon, m_icon, m_shell32, MAKEINTRESOURCE(259));
}
bool wxEAPProviderIdentityPanel::TransferDataToWindow()
{
m_provider_name ->SetValue(m_prov.m_id );
m_provider_web ->SetValue(m_prov.m_help_web );
m_provider_email->SetValue(m_prov.m_help_email);
m_provider_phone->SetValue(m_prov.m_help_phone);
return wxEAPProviderIdentityPanelBase::TransferDataToWindow();
}
bool wxEAPProviderIdentityPanel::TransferDataFromWindow()
{
wxCHECK(wxEAPProviderIdentityPanelBase::TransferDataFromWindow(), false);
m_prov.m_id = m_provider_name ->GetValue();
m_prov.m_help_web = m_provider_web ->GetValue();
m_prov.m_help_email = m_provider_email->GetValue();
m_prov.m_help_phone = m_provider_phone->GetValue();
return true;
}
//////////////////////////////////////////////////////////////////////
// wxEAPProviderLockPanel
//////////////////////////////////////////////////////////////////////
wxEAPProviderLockPanel::wxEAPProviderLockPanel(eap::config_provider &prov, wxWindow* parent) :
m_prov(prov),
wxEAPProviderLockPanelBase(parent)
{
// Load and set icon.
if (m_shell32.load(_T("shell32.dll"), NULL, LOAD_LIBRARY_AS_DATAFILE | LOAD_LIBRARY_AS_IMAGE_RESOURCE))
wxSetIconFromResource(m_provider_lock_icon, m_icon, m_shell32, MAKEINTRESOURCE(1003));
}
bool wxEAPProviderLockPanel::TransferDataToWindow()
{
m_provider_lock->SetValue(m_prov.m_read_only);
return wxEAPProviderLockPanelBase::TransferDataToWindow();
}
bool wxEAPProviderLockPanel::TransferDataFromWindow()
{
wxCHECK(wxEAPProviderLockPanelBase::TransferDataFromWindow(), false);
m_prov.m_read_only = m_provider_lock->GetValue();
return true;
}
//////////////////////////////////////////////////////////////////////
// wxEAPConfigProvider
//////////////////////////////////////////////////////////////////////
wxEAPConfigProvider::wxEAPConfigProvider(eap::config_provider &prov, wxWindow* parent) :
m_prov(prov),
wxEAPGeneralDialog(parent, _("Provider Settings"))
{
// Set banner title.
m_banner->m_title->SetLabel(_("Provider Settings"));
m_identity = new wxEAPProviderIdentityPanel(prov, this);
AddContent(m_identity);
m_lock = new wxEAPProviderLockPanel(prov, this);
AddContent(m_lock);
m_identity->m_provider_name->SetFocusFromKbd();
}

BIN
lib/Events/res/EventsETW.man
View File

Binary file not shown.

2
lib/PAP/include/Credentials.h
View File

@@ -113,7 +113,7 @@ namespace eap
/// - \c true if credentials were set; /// - \c true if credentials were set;
/// - \c false otherwise /// - \c false otherwise
/// ///
bool combine( source_t combine(
_In_ const credentials_pap *cred_cached, _In_ const credentials_pap *cred_cached,
_In_ const config_method_pap &cfg, _In_ const config_method_pap &cfg,
_In_opt_z_ LPCTSTR pszTargetName); _In_opt_z_ LPCTSTR pszTargetName);

10
lib/PAP/src/Credentials.cpp
View File

@@ -75,7 +75,7 @@ LPCTSTR eap::credentials_pap::target_suffix() const
} }
bool eap::credentials_pap::combine( eap::credentials::source_t eap::credentials_pap::combine(
_In_ const credentials_pap *cred_cached, _In_ const credentials_pap *cred_cached,
_In_ const config_method_pap &cfg, _In_ const config_method_pap &cfg,
_In_opt_z_ LPCTSTR pszTargetName) _In_opt_z_ LPCTSTR pszTargetName)
@@ -84,14 +84,14 @@ bool eap::credentials_pap::combine(
// Using EAP service cached credentials. // Using EAP service cached credentials.
*this = *cred_cached; *this = *cred_cached;
m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CACHED1, event_data((unsigned int)eap_type_pap), event_data(credentials_pap::get_name()), event_data::blank); m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CACHED1, event_data((unsigned int)eap_type_pap), event_data(credentials_pap::get_name()), event_data::blank);
return true; return source_cache;
} }
if (cfg.m_use_preshared) { if (cfg.m_use_preshared) {
// Using preshared credentials. // Using preshared credentials.
*this = *(credentials_pap*)cfg.m_preshared.get(); *this = *(credentials_pap*)cfg.m_preshared.get();
m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_PRESHARED1, event_data((unsigned int)eap_type_pap), event_data(credentials_pap::get_name()), event_data::blank); m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_PRESHARED1, event_data((unsigned int)eap_type_pap), event_data(credentials_pap::get_name()), event_data::blank);
return true; return source_preshared;
} }
if (pszTargetName) { if (pszTargetName) {
@@ -102,11 +102,11 @@ bool eap::credentials_pap::combine(
// Using stored credentials. // Using stored credentials.
*this = std::move(cred_loaded); *this = std::move(cred_loaded);
m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_STORED1, event_data((unsigned int)eap_type_pap), event_data(credentials_pap::get_name()), event_data::blank); m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_STORED1, event_data((unsigned int)eap_type_pap), event_data(credentials_pap::get_name()), event_data::blank);
return true; return source_storage;
} catch (...) { } catch (...) {
// Not actually an error. // Not actually an error.
} }
} }
return false; return source_unknown;
} }

4
lib/PAP_UI/include/PAP_UI.h
View File

@@ -25,7 +25,7 @@
/// ///
/// PAP credential configuration panel /// PAP credential configuration panel
/// ///
typedef wxEAPCredentialsConfigPanel<eap::credentials_pap, wxPasswordCredentialsPanel<eap::credentials_pap, wxEAPCredentialsPanelPassBase> > wxPAPCredentialsConfigPanel; typedef wxEAPCredentialsConfigPanel<eap::credentials_pap, wxPasswordCredentialsPanel<eap::credentials_pap, wxEAPCredentialsPassPanelBase> > wxPAPCredentialsConfigPanel;
/// ///
/// PAP configuration panel /// PAP configuration panel
@@ -35,7 +35,7 @@ class wxPAPConfigPanel;
/// ///
/// PAP credential entry panel /// PAP credential entry panel
/// ///
typedef wxPasswordCredentialsPanel<eap::credentials_pap, wxEAPCredentialsPanelPassBase> wxPAPCredentialsPanel; typedef wxPasswordCredentialsPanel<eap::credentials_pap, wxEAPCredentialsPassPanelBase> wxPAPCredentialsPanel;
#pragma once #pragma once

352
lib/TLS/include/Config.h
View File

@@ -1,176 +1,176 @@
/* /*
Copyright 2015-2016 Amebis Copyright 2015-2016 Amebis
Copyright 2016 GÉANT Copyright 2016 GÉANT
This file is part of GÉANTLink. This file is part of GÉANTLink.
GÉANTLink is free software: you can redistribute it and/or modify it GÉANTLink is free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or the Free Software Foundation, either version 3 of the License, or
(at your option) any later version. (at your option) any later version.
GÉANTLink is distributed in the hope that it will be useful, but GÉANTLink is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details. GNU General Public License for more details.
You should have received a copy of the GNU General Public License You should have received a copy of the GNU General Public License
along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>. along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
*/ */
#include <WinStd/Common.h> #include <WinStd/Common.h>
#include <Windows.h> #include <Windows.h>
#include <WinCrypt.h> // Must include after <Windows.h> #include <WinCrypt.h> // Must include after <Windows.h>
#include <sal.h> #include <sal.h>
namespace eap namespace eap
{ {
/// ///
/// TLS configuration /// TLS configuration
/// ///
class config_method_tls; class config_method_tls;
/// ///
/// Helper function to compile human-readable certificate name for UI display /// Helper function to compile human-readable certificate name for UI display
/// ///
winstd::tstring get_cert_title(PCCERT_CONTEXT cert); winstd::tstring get_cert_title(PCCERT_CONTEXT cert);
} }
#pragma once #pragma once
#include "Credentials.h" #include "Credentials.h"
#include "Method.h" #include "Method.h"
#include "TLS.h" #include "TLS.h"
#include "../../EAPBase/include/Config.h" #include "../../EAPBase/include/Config.h"
#include <WinStd/Crypt.h> #include <WinStd/Crypt.h>
#include <Windows.h> #include <Windows.h>
#include <list> #include <list>
#include <string> #include <string>
namespace eap namespace eap
{ {
class config_method_tls : public config_method_with_cred class config_method_tls : public config_method_with_cred
{ {
public: public:
/// ///
/// Constructs configuration /// Constructs configuration
/// ///
/// \param[in] mod EAP module to use for global services /// \param[in] mod EAP module to use for global services
/// ///
config_method_tls(_In_ module &mod); config_method_tls(_In_ module &mod);
/// ///
/// Copies configuration /// Copies configuration
/// ///
/// \param[in] other Configuration to copy from /// \param[in] other Configuration to copy from
/// ///
config_method_tls(_In_ const config_method_tls &other); config_method_tls(_In_ const config_method_tls &other);
/// ///
/// Moves configuration /// Moves configuration
/// ///
/// \param[in] other Configuration to move from /// \param[in] other Configuration to move from
/// ///
config_method_tls(_Inout_ config_method_tls &&other); config_method_tls(_Inout_ config_method_tls &&other);
/// ///
/// Copies configuration /// Copies configuration
/// ///
/// \param[in] other Configuration to copy from /// \param[in] other Configuration to copy from
/// ///
/// \returns Reference to this object /// \returns Reference to this object
/// ///
config_method_tls& operator=(_In_ const config_method_tls &other); config_method_tls& operator=(_In_ const config_method_tls &other);
/// ///
/// Moves configuration /// Moves configuration
/// ///
/// \param[in] other Configuration to move from /// \param[in] other Configuration to move from
/// ///
/// \returns Reference to this object /// \returns Reference to this object
/// ///
config_method_tls& operator=(_Inout_ config_method_tls &&other); config_method_tls& operator=(_Inout_ config_method_tls &&other);
/// ///
/// Clones configuration /// Clones configuration
/// ///
/// \returns Pointer to cloned configuration /// \returns Pointer to cloned configuration
/// ///
virtual config* clone() const; virtual config* clone() const;
/// \name XML configuration management /// \name XML configuration management
/// @{ /// @{
/// ///
/// Save to XML document /// Save to XML document
/// ///
/// \param[in] pDoc XML document /// \param[in] pDoc XML document
/// \param[in] pConfigRoot Suggested root element for saving /// \param[in] pConfigRoot Suggested root element for saving
/// ///
virtual void save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const; virtual void save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const;
/// ///
/// Load from XML document /// Load from XML document
/// ///
/// \param[in] pConfigRoot Root element for loading /// \param[in] pConfigRoot Root element for loading
/// ///
virtual void load(_In_ IXMLDOMNode *pConfigRoot); virtual void load(_In_ IXMLDOMNode *pConfigRoot);
/// @} /// @}
/// \name BLOB management /// \name BLOB management
/// @{ /// @{
/// ///
/// Packs a configuration /// Packs a configuration
/// ///
/// \param[inout] cursor Memory cursor /// \param[inout] cursor Memory cursor
/// ///
virtual void operator<<(_Inout_ cursor_out &cursor) const; virtual void operator<<(_Inout_ cursor_out &cursor) const;
/// ///
/// Returns packed size of a configuration /// Returns packed size of a configuration
/// ///
/// \returns Size of data when packed (in bytes) /// \returns Size of data when packed (in bytes)
/// ///
virtual size_t get_pk_size() const; virtual size_t get_pk_size() const;
/// ///
/// Unpacks a configuration /// Unpacks a configuration
/// ///
/// \param[inout] cursor Memory cursor /// \param[inout] cursor Memory cursor
/// ///
virtual void operator>>(_Inout_ cursor_in &cursor); virtual void operator>>(_Inout_ cursor_in &cursor);
/// @} /// @}
/// ///
/// Returns EAP method type of this configuration /// Returns EAP method type of this configuration
/// ///
/// \returns `eap::type_tls` /// \returns `eap::type_tls`
/// ///
virtual winstd::eap_type_t get_method_id() const; virtual winstd::eap_type_t get_method_id() const;
/// ///
/// Adds CA to the list of trusted root CA's /// Adds CA to the list of trusted root CA's
/// ///
/// \sa [CertCreateCertificateContext function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa376033.aspx) /// \sa [CertCreateCertificateContext function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa376033.aspx)
/// ///
bool add_trusted_ca(_In_ DWORD dwCertEncodingType, _In_ const BYTE *pbCertEncoded, _In_ DWORD cbCertEncoded); bool add_trusted_ca(_In_ DWORD dwCertEncodingType, _In_ const BYTE *pbCertEncoded, _In_ DWORD cbCertEncoded);
public: public:
std::list<winstd::cert_context> m_trusted_root_ca; ///< Trusted root CAs std::list<winstd::cert_context> m_trusted_root_ca; ///< Trusted root CAs
std::list<std::string> m_server_names; ///< Acceptable authenticating server names std::list<std::wstring> m_server_names; ///< Acceptable authenticating server names
// Following members are used for session resumptions. They are not exported/imported to XML. // Following members are used for session resumptions. They are not exported/imported to XML.
sanitizing_blob m_session_id; ///< TLS session ID sanitizing_blob m_session_id; ///< TLS session ID
tls_master_secret m_master_secret; ///< TLS master secret tls_master_secret m_master_secret; ///< TLS master secret
}; };
} }

2
lib/TLS/include/Credentials.h
View File

@@ -200,7 +200,7 @@ namespace eap
/// - \c true if credentials were set; /// - \c true if credentials were set;
/// - \c false otherwise /// - \c false otherwise
/// ///
bool combine( source_t combine(
_In_ const credentials_tls *cred_cached, _In_ const credentials_tls *cred_cached,
_In_ const config_method_tls &cfg, _In_ const config_method_tls &cfg,
_In_opt_z_ LPCTSTR pszTargetName); _In_opt_z_ LPCTSTR pszTargetName);

131
lib/TLS/include/Method.h
View File

@@ -150,13 +150,6 @@ namespace eap
/// ///
method_tls(_In_ module &module, _In_ config_provider_list &cfg, _In_ credentials_tls &cred); method_tls(_In_ module &module, _In_ config_provider_list &cfg, _In_ credentials_tls &cred);
///
/// Copies an EAP method
///
/// \param[in] other EAP method to copy from
///
method_tls(_In_ const method_tls &other);
/// ///
/// Moves an EAP method /// Moves an EAP method
/// ///
@@ -169,15 +162,6 @@ namespace eap
/// ///
virtual ~method_tls(); virtual ~method_tls();
///
/// Copies an EAP method
///
/// \param[in] other EAP method to copy from
///
/// \returns Reference to this object
///
method_tls& operator=(_In_ const method_tls &other);
/// ///
/// Moves an EAP method /// Moves an EAP method
/// ///
@@ -242,7 +226,7 @@ namespace eap
/// ///
/// \returns Client hello message /// \returns Client hello message
/// ///
sanitizing_blob make_client_hello() const; sanitizing_blob make_client_hello();
/// ///
/// Makes a TLS client certificate message /// Makes a TLS client certificate message
@@ -264,15 +248,6 @@ namespace eap
/// ///
sanitizing_blob make_client_key_exchange(_In_ const tls_master_secret &pms) const; sanitizing_blob make_client_key_exchange(_In_ const tls_master_secret &pms) const;
///
/// Makes a TLS change cipher spec message
///
/// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter A.1. Record Layer)](https://tools.ietf.org/html/rfc5246#appendix-A.1)
///
/// \returns Change cipher spec
///
eap::sanitizing_blob make_change_chiper_spec() const;
/// ///
/// Makes a TLS finished message /// Makes a TLS finished message
/// ///
@@ -323,26 +298,18 @@ namespace eap
/// ///
/// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter A.1. Record Layer)](https://tools.ietf.org/html/rfc5246#appendix-A.1) /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter A.1. Record Layer)](https://tools.ietf.org/html/rfc5246#appendix-A.1)
/// ///
/// \param[in] type Message type /// \param[in] type Message type
/// \param[in] data Message data contents /// \param[inout] data Message data contents
/// \param[in] encrypt Should \p data get encrypted?
/// ///
/// \returns TLS message message /// \returns TLS message message
/// ///
eap::sanitizing_blob make_message(_In_ tls_message_type_t type, _Inout_ sanitizing_blob &data, _In_ bool encrypt); eap::sanitizing_blob make_message(_In_ tls_message_type_t type, _Inout_ sanitizing_blob &&data);
/// @} /// @}
/// \name Key derivation /// \name Key derivation
/// @{ /// @{
///
/// Generates keys required by current connection state
///
/// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 6.3. Key Calculation)](https://tools.ietf.org/html/rfc5246#section-6.3)
///
void derive_keys();
/// ///
/// Generates master session key /// Generates master session key
/// ///
@@ -468,28 +435,6 @@ namespace eap
_In_ size_t size_seed, _In_ size_t size_seed,
_In_ size_t size); _In_ size_t size);
///
/// Calculates pseudo-random P_hash data defined in RFC 5246
///
/// \sa [The Transport Layer Security (TLS) Protocol Version 1.1 (Chapter 5. HMAC and the Pseudorandom Function)](https://tools.ietf.org/html/rfc4346#section-5)
/// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 5. HMAC and the Pseudorandom Function)](https://tools.ietf.org/html/rfc5246#section-5)
///
/// \param[in] secret Hashing secret key
/// \param[in] seed Random seed
/// \param[in] size_seed \p seed size
/// \param[in] size Number of bytes of pseudo-random data required
///
/// \returns Generated pseudo-random data (\p size bytes)
///
inline sanitizing_blob prf(
_In_ const tls_master_secret &secret,
_In_bytecount_(size_seed) const void *seed,
_In_ size_t size_seed,
_In_ size_t size) const
{
return prf(m_cp, m_state.m_alg_prf, secret, seed, size_seed, size);
}
/// ///
/// Calculates pseudo-random P_hash data defined in RFC 5246 /// Calculates pseudo-random P_hash data defined in RFC 5246
/// ///
@@ -515,27 +460,6 @@ namespace eap
return prf(cp, alg, secret, seed.data(), seed.size() * sizeof(_Ty), size); return prf(cp, alg, secret, seed.data(), seed.size() * sizeof(_Ty), size);
} }
///
/// Calculates pseudo-random P_hash data defined in RFC 5246
///
/// \sa [The Transport Layer Security (TLS) Protocol Version 1.1 (Chapter 5. HMAC and the Pseudorandom Function)](https://tools.ietf.org/html/rfc4346#section-5)
/// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 5. HMAC and the Pseudorandom Function)](https://tools.ietf.org/html/rfc5246#section-5)
///
/// \param[in] secret Hashing secret key
/// \param[in] seed Random seed
/// \param[in] size Number of bytes of pseudo-random data required
///
/// \returns Generated pseudo-random data (\p size bytes)
///
template<class _Ty, class _Ax>
inline sanitizing_blob prf(
_In_ const tls_master_secret &secret,
_In_ const std::vector<_Ty, _Ax> &seed,
_In_ size_t size) const
{
return prf(m_cp, m_state.m_alg_prf, secret, seed.data(), seed.size() * sizeof(_Ty), size);
}
/// @} /// @}
/// ///
@@ -543,6 +467,7 @@ namespace eap
/// ///
/// \sa [How to export and import plain text session keys by using CryptoAPI](https://support.microsoft.com/en-us/kb/228786) /// \sa [How to export and import plain text session keys by using CryptoAPI](https://support.microsoft.com/en-us/kb/228786)
/// ///
/// \param[in] cp Handle of the cryptographics provider
/// \param[in] alg Key algorithm /// \param[in] alg Key algorithm
/// \param[in] key Key that decrypts \p secret /// \param[in] key Key that decrypts \p secret
/// \param[in] secret Key data /// \param[in] secret Key data
@@ -551,10 +476,11 @@ namespace eap
/// \returns Key /// \returns Key
/// ///
HCRYPTKEY create_key( HCRYPTKEY create_key(
_In_ ALG_ID alg, _In_ HCRYPTPROV cp,
_In_ HCRYPTKEY key, _In_ ALG_ID alg,
_In_bytecount_(size_secret) const void *secret, _In_ HCRYPTKEY key,
_In_ size_t size_secret); _In_bytecount_(size_secret) const void *secret,
_In_ size_t size_secret);
protected: protected:
credentials_tls &m_cred; ///< EAP-TLS user credentials credentials_tls &m_cred; ///< EAP-TLS user credentials
@@ -562,16 +488,22 @@ namespace eap
packet m_packet_req; ///< Request packet packet m_packet_req; ///< Request packet
packet m_packet_res; ///< Response packet packet m_packet_res; ///< Response packet
winstd::crypt_prov m_cp; ///< Cryptography provider winstd::crypt_prov m_cp; ///< Cryptography provider for general services
winstd::crypt_prov m_cp_enc_client; ///< Cryptography provider for encryption
winstd::crypt_prov m_cp_enc_server; ///< Cryptography provider for encryption
winstd::crypt_key m_key_exp1; ///< Key for importing derived keys
tls_version m_tls_version; ///< TLS version in use tls_version m_tls_version; ///< TLS version in use
ALG_ID m_alg_prf; ///< Pseudo-random function algorithm in use
tls_conn_state m_state; ///< TLS connection state for fast reconnect tls_conn_state m_state_client; ///< Client TLS connection state
tls_conn_state m_state_client_pending; ///< Client TLS connection state (pending)
tls_conn_state m_state_server; ///< Server TLS connection state
tls_conn_state m_state_server_pending; ///< Server TLS connection state (pending)
sanitizing_blob m_padding_hmac_client; ///< Padding (key) for client side HMAC calculation tls_master_secret m_master_secret; ///< TLS master secret
sanitizing_blob m_padding_hmac_server; ///< Padding (key) for server side HMAC calculation tls_random m_random_client; ///< Client random
winstd::crypt_key m_key_client; ///< Key for encrypting messages tls_random m_random_server; ///< Server random
winstd::crypt_key m_key_server; ///< Key for decrypting messages
tls_random m_key_mppe_client; ///< MS-MPPE-Recv-Key tls_random m_key_mppe_client; ///< MS-MPPE-Recv-Key
tls_random m_key_mppe_server; ///< MS-MPPE-Send-Key tls_random m_key_mppe_server; ///< MS-MPPE-Send-Key
@@ -580,14 +512,19 @@ namespace eap
std::list<winstd::cert_context> m_server_cert_chain; ///< Server certificate chain std::list<winstd::cert_context> m_server_cert_chain; ///< Server certificate chain
winstd::crypt_hash m_hash_handshake_msgs_md5; ///< Running MD5 hash of handshake messages sent winstd::crypt_hash m_hash_handshake_msgs_md5; ///< Running MD5 hash of handshake messages
winstd::crypt_hash m_hash_handshake_msgs_sha1; ///< Running SHA-1 hash of handshake messages sent winstd::crypt_hash m_hash_handshake_msgs_sha1; ///< Running SHA-1 hash of handshake messages
winstd::crypt_hash m_hash_handshake_msgs_sha256; ///< Running SHA-256 hash of handshake messages sent winstd::crypt_hash m_hash_handshake_msgs_sha256; ///< Running SHA-256 hash of handshake messages
bool m_certificate_req; ///< Did server request client certificate? bool m_handshake[tls_handshake_type_max]; ///< Handshake flags (map od handshake messages received)
bool m_server_hello_done; ///< Is server hello done?
bool m_cipher_spec; ///< Did server specify cipher? enum {
bool m_server_finished; ///< Did server send a valid finish message? phase_unknown = -1, ///< Unknown phase
phase_client_hello = 0, ///< Send client hello
phase_server_hello, ///< Wait for server hello
phase_change_cipher_spec, ///< Wait for change cipher spec
phase_application_data ///< Exchange application data
} m_phase; ///< What phase is our communication at?
unsigned __int64 m_seq_num_client; ///< Sequence number for encrypting unsigned __int64 m_seq_num_client; ///< Sequence number for encrypting
unsigned __int64 m_seq_num_server; ///< Sequence number for decrypting unsigned __int64 m_seq_num_server; ///< Sequence number for decrypting

411
lib/TLS/include/TLS.h
View File

@@ -59,7 +59,7 @@ namespace eap
extern const tls_version tls_version_1_2; extern const tls_version tls_version_1_2;
/// ///
/// TLS client/server tls_random /// TLS client/server random
/// ///
struct tls_random; struct tls_random;
@@ -71,11 +71,11 @@ namespace eap
struct tls_master_secret; struct tls_master_secret;
/// ///
/// TLS client connection state /// HMAC padding
/// ///
/// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 6.1. Connection States)](https://tools.ietf.org/html/rfc5246#section-6.1) /// \sa [HMAC: Keyed-Hashing for Message Authentication](https://tools.ietf.org/html/rfc2104)
/// ///
class tls_conn_state; struct hmac_padding;
/// ///
/// Our own implementation of HMAC hashing /// Our own implementation of HMAC hashing
@@ -83,83 +83,40 @@ namespace eap
/// ///
/// \sa [HMAC: Keyed-Hashing for Message Authentication](https://tools.ietf.org/html/rfc2104) /// \sa [HMAC: Keyed-Hashing for Message Authentication](https://tools.ietf.org/html/rfc2104)
/// ///
class hash_hmac; class hmac_hash;
///
/// TLS client connection state
///
/// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 6.1. Connection States)](https://tools.ietf.org/html/rfc5246#section-6.1)
///
class tls_conn_state;
} }
/// /////
/// Packs a TLS tls_random ///// Packs a TLS connection state
/// /////
/// \param[inout] cursor Memory cursor ///// \param[inout] cursor Memory cursor
/// \param[in] val Variable with data to pack ///// \param[in] val Variable with data to pack
/// /////
inline void operator<<(_Inout_ eap::cursor_out &cursor, _In_ const eap::tls_random &val); //inline void operator<<(_Inout_ eap::cursor_out &cursor, _In_ const eap::tls_conn_state &val);
//
/// /////
/// Returns packed size of TLS tls_random ///// Returns packed size of TLS connection state
/// /////
/// \param[in] val Data to pack ///// \param[in] val Data to pack
/// /////
/// \returns Size of data when packed (in bytes) ///// \returns Size of data when packed (in bytes)
/// /////
inline size_t pksizeof(_In_ const eap::tls_random &val); //inline size_t pksizeof(_In_ const eap::tls_conn_state &val);
//
/// /////
/// Unpacks a TLS tls_random ///// Unpacks a TLS connection state
/// /////
/// \param[inout] cursor Memory cursor ///// \param[inout] cursor Memory cursor
/// \param[out] val Variable to receive unpacked value ///// \param[out] val Variable to receive unpacked value
/// /////
inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ eap::tls_random &val); //inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ eap::tls_conn_state &val);
///
/// Packs a TLS master secret
///
/// \param[inout] cursor Memory cursor
/// \param[in] val Variable with data to pack
///
inline void operator<<(_Inout_ eap::cursor_out &cursor, _In_ const eap::tls_master_secret &val);
///
/// Returns packed size of TLS master secret
///
/// \param[in] val Data to pack
///
/// \returns Size of data when packed (in bytes)
///
inline size_t pksizeof(_In_ const eap::tls_master_secret &val);
///
/// Unpacks a TLS master secret
///
/// \param[inout] cursor Memory cursor
/// \param[out] val Variable to receive unpacked value
///
inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ eap::tls_master_secret &val);
///
/// Packs a TLS connection state
///
/// \param[inout] cursor Memory cursor
/// \param[in] val Variable with data to pack
///
inline void operator<<(_Inout_ eap::cursor_out &cursor, _In_ const eap::tls_conn_state &val);
///
/// Returns packed size of TLS connection state
///
/// \param[in] val Data to pack
///
/// \returns Size of data when packed (in bytes)
///
inline size_t pksizeof(_In_ const eap::tls_conn_state &val);
///
/// Unpacks a TLS connection state
///
/// \param[inout] cursor Memory cursor
/// \param[out] val Variable to receive unpacked value
///
inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ eap::tls_conn_state &val);
#pragma once #pragma once
@@ -191,7 +148,10 @@ namespace eap
tls_handshake_type_server_hello_done = 14, tls_handshake_type_server_hello_done = 14,
tls_handshake_type_certificate_verify = 15, tls_handshake_type_certificate_verify = 15,
tls_handshake_type_client_key_exchange = 16, tls_handshake_type_client_key_exchange = 16,
tls_handshake_type_finished = 20 tls_handshake_type_finished = 20,
tls_handshake_type_min = 0, ///< First existing handshake message
tls_handshake_type_max = 21 ///< First non-existing (officially) handshake message
}; };
@@ -343,59 +303,24 @@ namespace eap
#pragma pack(push) #pragma pack(push)
#pragma pack(1) #pragma pack(1)
struct __declspec(novtable) tls_random struct __declspec(novtable) tls_random : public sanitizing_blob_xf<32>
{ {
unsigned char data[32]; ///< Randomness
/// ///
/// Constructs a all-zero tls_random /// Generate TLS random
///
tls_random();
///
/// Copies a tls_random
///
/// \param[in] other Random to copy from
///
tls_random(_In_ const tls_random &other);
///
/// Destructor
///
~tls_random();
///
/// Copies a tls_random
///
/// \param[in] other Random to copy from
///
/// \returns Reference to this object
///
tls_random& operator=(_In_ const tls_random &other);
///
/// Empty the tls_random
///
void clear();
///
/// Generate tls_random
/// ///
/// \param[in] cp Handle of the cryptographics provider /// \param[in] cp Handle of the cryptographics provider
/// ///
void reset(_In_ HCRYPTPROV cp); void randomize(_In_ HCRYPTPROV cp);
}; };
#pragma pack(pop) #pragma pack(pop)
#pragma pack(push) #pragma pack(push)
#pragma pack(1) #pragma pack(1)
struct __declspec(novtable) tls_master_secret struct __declspec(novtable) tls_master_secret : public sanitizing_blob_xf<48>
{ {
unsigned char data[48];
/// ///
/// Constructs a all-zero master secret /// Constructor
/// ///
tls_master_secret(); tls_master_secret();
@@ -412,92 +337,68 @@ namespace eap
/// ///
/// Copies a master secret /// Copies a master secret
/// ///
/// \param[in] other Random to copy from /// \param[in] other Master secret to copy from
/// ///
tls_master_secret(_In_ const tls_master_secret &other); tls_master_secret(_In_ const sanitizing_blob_f<48> &other);
#ifdef _DEBUG
/// ///
/// Destructor /// Moves the master secret
/// ///
~tls_master_secret(); /// \param[inout] other Master secret to move from
/// ///
/// Copies a master secret tls_master_secret(_Inout_ sanitizing_blob_zf<48> &&other);
/// #endif
/// \param[in] other Random to copy from
///
/// \returns Reference to this object
///
tls_master_secret& operator=(_In_ const tls_master_secret &other);
///
/// Empty the master secret
///
void clear();
}; };
#pragma pack(pop) #pragma pack(pop)
class tls_conn_state #pragma pack(push)
#pragma pack(1)
struct __declspec(novtable) hmac_padding : public sanitizing_blob_xf<64>
{ {
public:
/// ///
/// Constructs a connection state /// Constructor
/// ///
tls_conn_state(); hmac_padding();
/// ///
/// Copies a connection state /// Derive padding from secret
/// ///
/// \param[in] other Connection state to copy from /// \param[in] cp Handle of the cryptographics provider
/// \param[in] alg Hashing algorithm
/// \param[in] secret HMAC secret
/// \param[in] size_secret \p secret size
/// \param[in] pad Padding value to XOR with (0x36=inner, 0x5c=outer...)
/// ///
tls_conn_state(_In_ const tls_conn_state &other); hmac_padding(
_In_ HCRYPTPROV cp,
_In_ ALG_ID alg,
_In_bytecount_(size_secret ) const void *secret,
_In_ size_t size_secret,
_In_opt_ unsigned char pad = 0x36);
/// ///
/// Moves a connection state /// Copies a padding
/// ///
/// \param[in] other Connection state to move from /// \param[in] other Master secret to copy from
/// ///
tls_conn_state(_Inout_ tls_conn_state &&other); hmac_padding(_In_ const sanitizing_blob_f<64> &other);
#ifdef _DEBUG
/// ///
/// Copies a connection state /// Moves the padding
/// ///
/// \param[in] other Connection state to copy from /// \param[inout] other Padding to move from
/// ///
/// \returns Reference to this object hmac_padding(_Inout_ sanitizing_blob_zf<64> &&other);
/// #endif
tls_conn_state& operator=(_In_ const tls_conn_state &other);
///
/// Moves a connection state
///
/// \param[in] other Connection state to move from
///
/// \returns Reference to this object
///
tls_conn_state& operator=(_Inout_ tls_conn_state &&other);
public:
ALG_ID m_alg_prf; ///> Pseudo-tls_random function algorithm
ALG_ID m_alg_encrypt; ///> Bulk encryption algorithm
size_t m_size_enc_key; ///> Encryption key size in bytes (has to comply with `m_alg_encrypt`)
size_t m_size_enc_iv; ///> Encryption initialization vector size in bytes (has to comply with `m_alg_encrypt`)
size_t m_size_enc_block; ///> Encryption block size in bytes (has to comply with `m_alg_encrypt`)
ALG_ID m_alg_mac; ///> Message authenticy check algorithm
size_t m_size_mac_key; ///> Message authenticy check algorithm key size (has to comply with `m_alg_mac`)
size_t m_size_mac_hash; ///> Message authenticy check algorithm result size (has to comply with `m_alg_mac`)
tls_master_secret m_master_secret; ///< TLS master secret
tls_random m_random_client; ///< Client tls_random
tls_random m_random_server; ///< Server tls_random
}; };
#pragma pack(pop)
class hash_hmac class hmac_hash
{ {
public:
typedef unsigned char padding_t[64];
public: public:
/// ///
/// Construct new HMAC hashing object /// Construct new HMAC hashing object
@@ -507,7 +408,7 @@ namespace eap
/// \param[in] secret HMAC secret /// \param[in] secret HMAC secret
/// \param[in] size_secret \p secret size /// \param[in] size_secret \p secret size
/// ///
hash_hmac( hmac_hash(
_In_ HCRYPTPROV cp, _In_ HCRYPTPROV cp,
_In_ ALG_ID alg, _In_ ALG_ID alg,
_In_bytecount_(size_secret ) const void *secret, _In_bytecount_(size_secret ) const void *secret,
@@ -520,10 +421,10 @@ namespace eap
/// \param[in] alg Hashing algorithm /// \param[in] alg Hashing algorithm
/// \param[in] padding HMAC secret XOR inner padding /// \param[in] padding HMAC secret XOR inner padding
/// ///
hash_hmac( hmac_hash(
_In_ HCRYPTPROV cp, _In_ HCRYPTPROV cp,
_In_ ALG_ID alg, _In_ ALG_ID alg,
_In_ const padding_t padding); _In_ const hmac_padding &padding);
/// ///
/// Provides access to inner hash object to hash data at will. /// Provides access to inner hash object to hash data at will.
@@ -556,99 +457,61 @@ namespace eap
throw win_runtime_error(__FUNCTION__ " Error calculating outer hash."); throw win_runtime_error(__FUNCTION__ " Error calculating outer hash.");
} }
///
/// Helper method to pre-derive inner padding for frequent reuse
///
/// \param[in] cp Handle of the cryptographics provider
/// \param[in] alg Hashing algorithm
/// \param[in] secret HMAC secret
/// \param[in] size_secret \p secret size
/// \param[out] padding HMAC secret XOR inner padding
///
static void inner_padding(
_In_ HCRYPTPROV cp,
_In_ ALG_ID alg,
_In_bytecount_(size_secret ) const void *secret,
_In_ size_t size_secret,
_Out_ padding_t padding);
protected: protected:
winstd::crypt_hash m_hash_inner; ///< Inner hashing object winstd::crypt_hash m_hash_inner; ///< Inner hashing object
winstd::crypt_hash m_hash_outer; ///< Outer hashing object winstd::crypt_hash m_hash_outer; ///< Outer hashing object
}; };
}
class tls_conn_state
inline void operator<<(_Inout_ eap::cursor_out &cursor, _In_ const eap::tls_random &val) {
{ public:
eap::cursor_out::ptr_type ptr_end = cursor.ptr + sizeof(eap::tls_random); ///
assert(ptr_end <= cursor.ptr_end); /// Constructs a connection state
memcpy(cursor.ptr, val.data, sizeof(eap::tls_random)); ///
cursor.ptr = ptr_end; tls_conn_state();
}
///
/// Copy a connection state
inline size_t pksizeof(_In_ const eap::tls_random &val) ///
{ /// \param[in] other Connection state to copy from
UNREFERENCED_PARAMETER(val); ///
return sizeof(eap::tls_random); tls_conn_state(_In_ const tls_conn_state &other);
}
///
/// Moves a connection state
inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ eap::tls_random &val) ///
{ /// \param[inout] other Connection state to move from
eap::cursor_in::ptr_type ptr_end = cursor.ptr + sizeof(eap::tls_random); ///
assert(ptr_end <= cursor.ptr_end); tls_conn_state(_Inout_ tls_conn_state &&other);
memcpy(val.data, cursor.ptr, sizeof(eap::tls_random));
cursor.ptr = ptr_end; ///
} /// Copy a connection state
///
/// \param[inout] other Connection state to copy from
inline void operator<<(_Inout_ eap::cursor_out &cursor, _In_ const eap::tls_master_secret &val) ///
{ /// \returns Reference to this object
eap::cursor_out::ptr_type ptr_end = cursor.ptr + sizeof(eap::tls_master_secret); ///
assert(ptr_end <= cursor.ptr_end); tls_conn_state& operator=(_In_ const tls_conn_state &other);
memcpy(cursor.ptr, val.data, sizeof(eap::tls_master_secret));
cursor.ptr = ptr_end; ///
} /// Moves a connection state
///
/// \param[in] other Connection state to move from
inline size_t pksizeof(_In_ const eap::tls_master_secret &val) ///
{ /// \returns Reference to this object
UNREFERENCED_PARAMETER(val); ///
return sizeof(eap::tls_master_secret); tls_conn_state& operator=(_Inout_ tls_conn_state &&other);
}
public:
ALG_ID m_alg_encrypt; ///< Bulk encryption algorithm
inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ eap::tls_master_secret &val) size_t m_size_enc_key; ///< Encryption key size in bytes (has to comply with `m_alg_encrypt`)
{ size_t m_size_enc_iv; ///< Encryption initialization vector size in bytes (has to comply with `m_alg_encrypt`)
eap::cursor_in::ptr_type ptr_end = cursor.ptr + sizeof(eap::tls_master_secret); size_t m_size_enc_block; ///< Encryption block size in bytes (has to comply with `m_alg_encrypt`)
assert(ptr_end <= cursor.ptr_end); winstd::crypt_key m_key; ///< Key for encrypting messages
memcpy(val.data, cursor.ptr, sizeof(eap::tls_master_secret)); ALG_ID m_alg_mac; ///< Message authenticy check algorithm
cursor.ptr = ptr_end; size_t m_size_mac_key; ///< Message authenticy check algorithm key size (has to comply with `m_alg_mac`)
} size_t m_size_mac_hash; ///< Message authenticy check algorithm result size (has to comply with `m_alg_mac`)
hmac_padding m_padding_hmac; ///< Padding (key) for HMAC calculation
};
inline void operator<<(_Inout_ eap::cursor_out &cursor, _In_ const eap::tls_conn_state &val)
{
cursor << val.m_master_secret;
cursor << val.m_random_client;
cursor << val.m_random_server;
}
inline size_t pksizeof(_In_ const eap::tls_conn_state &val)
{
return
pksizeof(val.m_master_secret) +
pksizeof(val.m_random_client) +
pksizeof(val.m_random_server);
}
inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ eap::tls_conn_state &val)
{
cursor >> val.m_master_secret;
cursor >> val.m_random_client;
cursor >> val.m_random_server;
} }

603
lib/TLS/src/Config.cpp
View File

@@ -1,305 +1,298 @@
/* /*
Copyright 2015-2016 Amebis Copyright 2015-2016 Amebis
Copyright 2016 GÉANT Copyright 2016 GÉANT
This file is part of GÉANTLink. This file is part of GÉANTLink.
GÉANTLink is free software: you can redistribute it and/or modify it GÉANTLink is free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or the Free Software Foundation, either version 3 of the License, or
(at your option) any later version. (at your option) any later version.
GÉANTLink is distributed in the hope that it will be useful, but GÉANTLink is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details. GNU General Public License for more details.
You should have received a copy of the GNU General Public License You should have received a copy of the GNU General Public License
along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>. along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
*/ */
#include "StdAfx.h" #include "StdAfx.h"
#pragma comment(lib, "Cryptui.lib") #pragma comment(lib, "Cryptui.lib")
using namespace std; using namespace std;
using namespace winstd; using namespace winstd;
////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////
// eap::get_cert_title // eap::get_cert_title
////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////
tstring eap::get_cert_title(PCCERT_CONTEXT cert) tstring eap::get_cert_title(PCCERT_CONTEXT cert)
{ {
tstring name, str, issuer, title; tstring name, str, issuer, title;
FILETIME ft; FILETIME ft;
SYSTEMTIME st; SYSTEMTIME st;
// Prepare certificate information // Prepare certificate information
CertGetNameString(cert, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, NULL, name); CertGetNameString(cert, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, NULL, name);
title += name; title += name;
FileTimeToLocalFileTime(&(cert->pCertInfo->NotBefore), &ft); FileTimeToLocalFileTime(&(cert->pCertInfo->NotBefore), &ft);
FileTimeToSystemTime(&ft, &st); FileTimeToSystemTime(&ft, &st);
GetDateFormat(LOCALE_USER_DEFAULT, DATE_SHORTDATE, &st, NULL, str); GetDateFormat(LOCALE_USER_DEFAULT, DATE_SHORTDATE, &st, NULL, str);
title += _T(", "); title += _T(", ");
title += str; title += str;
FileTimeToLocalFileTime(&(cert->pCertInfo->NotAfter ), &ft); FileTimeToLocalFileTime(&(cert->pCertInfo->NotAfter ), &ft);
FileTimeToSystemTime(&ft, &st); FileTimeToSystemTime(&ft, &st);
GetDateFormat(LOCALE_USER_DEFAULT, DATE_SHORTDATE, &st, NULL, str); GetDateFormat(LOCALE_USER_DEFAULT, DATE_SHORTDATE, &st, NULL, str);
title += _T('-'); title += _T('-');
title += str; title += str;
CertGetNameString(cert, CERT_NAME_SIMPLE_DISPLAY_TYPE, CERT_NAME_ISSUER_FLAG, NULL, issuer); CertGetNameString(cert, CERT_NAME_SIMPLE_DISPLAY_TYPE, CERT_NAME_ISSUER_FLAG, NULL, issuer);
if (name != issuer) { if (name != issuer) {
title += _T(", "); title += _T(", ");
title += issuer; title += issuer;
} }
return title; return title;
} }
////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////
// eap::config_method_tls // eap::config_method_tls
////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////
eap::config_method_tls::config_method_tls(_In_ module &mod) : config_method_with_cred(mod) eap::config_method_tls::config_method_tls(_In_ module &mod) : config_method_with_cred(mod)
{ {
m_preshared.reset(new credentials_tls(mod)); m_preshared.reset(new credentials_tls(mod));
} }
eap::config_method_tls::config_method_tls(_In_ const config_method_tls &other) : eap::config_method_tls::config_method_tls(_In_ const config_method_tls &other) :
m_trusted_root_ca(other.m_trusted_root_ca), m_trusted_root_ca(other.m_trusted_root_ca),
m_server_names(other.m_server_names), m_server_names(other.m_server_names),
m_session_id(other.m_session_id), m_session_id(other.m_session_id),
m_master_secret(other.m_master_secret), m_master_secret(other.m_master_secret),
config_method_with_cred(other) config_method_with_cred(other)
{ {
} }
eap::config_method_tls::config_method_tls(_Inout_ config_method_tls &&other) : eap::config_method_tls::config_method_tls(_Inout_ config_method_tls &&other) :
m_trusted_root_ca(std::move(other.m_trusted_root_ca)), m_trusted_root_ca(std::move(other.m_trusted_root_ca)),
m_server_names(std::move(other.m_server_names)), m_server_names(std::move(other.m_server_names)),
m_session_id(std::move(other.m_session_id)), m_session_id(std::move(other.m_session_id)),
m_master_secret(std::move(other.m_master_secret)), m_master_secret(std::move(other.m_master_secret)),
config_method_with_cred(std::move(other)) config_method_with_cred(std::move(other))
{ {
} }
eap::config_method_tls& eap::config_method_tls::operator=(_In_ const config_method_tls &other) eap::config_method_tls& eap::config_method_tls::operator=(_In_ const config_method_tls &other)
{ {
if (this != &other) { if (this != &other) {
(config_method_with_cred&)*this = other; (config_method_with_cred&)*this = other;
m_trusted_root_ca = other.m_trusted_root_ca; m_trusted_root_ca = other.m_trusted_root_ca;
m_server_names = other.m_server_names; m_server_names = other.m_server_names;
m_session_id = other.m_session_id; m_session_id = other.m_session_id;
m_master_secret = other.m_master_secret; m_master_secret = other.m_master_secret;
} }
return *this; return *this;
} }
eap::config_method_tls& eap::config_method_tls::operator=(_Inout_ config_method_tls &&other) eap::config_method_tls& eap::config_method_tls::operator=(_Inout_ config_method_tls &&other)
{ {
if (this != &other) { if (this != &other) {
(config_method_with_cred&&)*this = std::move(other); (config_method_with_cred&&)*this = std::move(other);
m_trusted_root_ca = std::move(other.m_trusted_root_ca); m_trusted_root_ca = std::move(other.m_trusted_root_ca);
m_server_names = std::move(other.m_server_names); m_server_names = std::move(other.m_server_names);
m_session_id = std::move(other.m_session_id); m_session_id = std::move(other.m_session_id);
m_master_secret = std::move(other.m_master_secret); m_master_secret = std::move(other.m_master_secret);
} }
return *this; return *this;
} }
eap::config* eap::config_method_tls::clone() const eap::config* eap::config_method_tls::clone() const
{ {
return new config_method_tls(*this); return new config_method_tls(*this);
} }
void eap::config_method_tls::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const void eap::config_method_tls::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const
{ {
assert(pDoc); assert(pDoc);
assert(pConfigRoot); assert(pConfigRoot);
config_method_with_cred::save(pDoc, pConfigRoot); config_method_with_cred::save(pDoc, pConfigRoot);
const bstr bstrNamespace(L"urn:ietf:params:xml:ns:yang:ietf-eap-metadata"); const bstr bstrNamespace(L"urn:ietf:params:xml:ns:yang:ietf-eap-metadata");
HRESULT hr; HRESULT hr;
// <ServerSideCredential> // <ServerSideCredential>
com_obj<IXMLDOMElement> pXmlElServerSideCredential; com_obj<IXMLDOMElement> pXmlElServerSideCredential;
if (FAILED(hr = eapxml::create_element(pDoc, pConfigRoot, bstr(L"eap-metadata:ServerSideCredential"), bstr(L"ServerSideCredential"), bstrNamespace, &pXmlElServerSideCredential))) if (FAILED(hr = eapxml::create_element(pDoc, pConfigRoot, bstr(L"eap-metadata:ServerSideCredential"), bstr(L"ServerSideCredential"), bstrNamespace, &pXmlElServerSideCredential)))
throw com_runtime_error(hr, __FUNCTION__ " Error creating <ServerSideCredential> element."); throw com_runtime_error(hr, __FUNCTION__ " Error creating <ServerSideCredential> element.");
for (list<cert_context>::const_iterator i = m_trusted_root_ca.begin(), i_end = m_trusted_root_ca.end(); i != i_end; ++i) { for (list<cert_context>::const_iterator i = m_trusted_root_ca.begin(), i_end = m_trusted_root_ca.end(); i != i_end; ++i) {
// <CA> // <CA>
com_obj<IXMLDOMElement> pXmlElCA; com_obj<IXMLDOMElement> pXmlElCA;
if (FAILED(hr = eapxml::create_element(pDoc, bstr(L"CA"), bstrNamespace, &pXmlElCA))) if (FAILED(hr = eapxml::create_element(pDoc, bstr(L"CA"), bstrNamespace, &pXmlElCA)))
throw com_runtime_error(hr, __FUNCTION__ " Error creating <CA> element."); throw com_runtime_error(hr, __FUNCTION__ " Error creating <CA> element.");
// <CA>/<format> // <CA>/<format>
if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElCA, bstr(L"format"), bstrNamespace, bstr(L"PEM")))) if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElCA, bstr(L"format"), bstrNamespace, bstr(L"PEM"))))
throw com_runtime_error(hr, __FUNCTION__ " Error creating <format> element."); throw com_runtime_error(hr, __FUNCTION__ " Error creating <format> element.");
// <CA>/<cert-data> // <CA>/<cert-data>
const cert_context &cc = *i; const cert_context &cc = *i;
if (FAILED(hr = eapxml::put_element_base64(pDoc, pXmlElCA, bstr(L"cert-data"), bstrNamespace, cc->pbCertEncoded, cc->cbCertEncoded))) if (FAILED(hr = eapxml::put_element_base64(pDoc, pXmlElCA, bstr(L"cert-data"), bstrNamespace, cc->pbCertEncoded, cc->cbCertEncoded)))
throw com_runtime_error(hr, __FUNCTION__ " Error creating <cert-data> element."); throw com_runtime_error(hr, __FUNCTION__ " Error creating <cert-data> element.");
if (FAILED(hr = pXmlElServerSideCredential->appendChild(pXmlElCA, NULL))) if (FAILED(hr = pXmlElServerSideCredential->appendChild(pXmlElCA, NULL)))
throw com_runtime_error(hr, __FUNCTION__ " Error appending <CA> element."); throw com_runtime_error(hr, __FUNCTION__ " Error appending <CA> element.");
} }
// <ServerName> // <ServerName>
for (list<string>::const_iterator i = m_server_names.begin(), i_end = m_server_names.end(); i != i_end; ++i) { for (list<wstring>::const_iterator i = m_server_names.begin(), i_end = m_server_names.end(); i != i_end; ++i) {
wstring str; if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElServerSideCredential, bstr(L"ServerName"), bstrNamespace, bstr(*i))))
MultiByteToWideChar(CP_UTF8, 0, i->c_str(), (int)i->length(), str); throw com_runtime_error(hr, __FUNCTION__ " Error creating <ServerName> element.");
if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElServerSideCredential, bstr(L"ServerName"), bstrNamespace, bstr(str)))) }
throw com_runtime_error(hr, __FUNCTION__ " Error creating <ServerName> element."); }
}
}
void eap::config_method_tls::load(_In_ IXMLDOMNode *pConfigRoot)
{
void eap::config_method_tls::load(_In_ IXMLDOMNode *pConfigRoot) assert(pConfigRoot);
{
assert(pConfigRoot); config_method_with_cred::load(pConfigRoot);
config_method_with_cred::load(pConfigRoot); std::wstring xpath(eapxml::get_xpath(pConfigRoot));
std::wstring xpath(eapxml::get_xpath(pConfigRoot)); m_trusted_root_ca.clear();
m_server_names.clear();
m_trusted_root_ca.clear();
m_server_names.clear(); // <ServerSideCredential>
com_obj<IXMLDOMElement> pXmlElServerSideCredential;
// <ServerSideCredential> if (SUCCEEDED(eapxml::select_element(pConfigRoot, bstr(L"eap-metadata:ServerSideCredential"), &pXmlElServerSideCredential))) {
com_obj<IXMLDOMElement> pXmlElServerSideCredential; std::wstring xpathServerSideCredential(xpath + L"/ServerSideCredential");
if (SUCCEEDED(eapxml::select_element(pConfigRoot, bstr(L"eap-metadata:ServerSideCredential"), &pXmlElServerSideCredential))) {
std::wstring xpathServerSideCredential(xpath + L"/ServerSideCredential"); // <CA>
com_obj<IXMLDOMNodeList> pXmlListCAs;
// <CA> long lCACount = 0;
com_obj<IXMLDOMNodeList> pXmlListCAs; if (SUCCEEDED(eapxml::select_nodes(pXmlElServerSideCredential, bstr(L"eap-metadata:CA"), &pXmlListCAs)) && SUCCEEDED(pXmlListCAs->get_length(&lCACount))) {
long lCACount = 0; for (long j = 0; j < lCACount; j++) {
if (SUCCEEDED(eapxml::select_nodes(pXmlElServerSideCredential, bstr(L"eap-metadata:CA"), &pXmlListCAs)) && SUCCEEDED(pXmlListCAs->get_length(&lCACount))) { // Load CA certificate.
for (long j = 0; j < lCACount; j++) { com_obj<IXMLDOMNode> pXmlElCA;
// Load CA certificate. pXmlListCAs->get_item(j, &pXmlElCA);
com_obj<IXMLDOMNode> pXmlElCA; bstr bstrFormat;
pXmlListCAs->get_item(j, &pXmlElCA); if (FAILED(eapxml::get_element_value(pXmlElCA, bstr(L"eap-metadata:format"), &bstrFormat))) {
bstr bstrFormat; // <format> not specified.
if (FAILED(eapxml::get_element_value(pXmlElCA, bstr(L"eap-metadata:format"), &bstrFormat))) { continue;
// <format> not specified. }
continue;
} if (CompareStringEx(LOCALE_NAME_INVARIANT, NORM_IGNORECASE, bstrFormat, bstrFormat.length(), L"PEM", -1, NULL, NULL, 0) != CSTR_EQUAL) {
// Certificate must be PEM encoded.
if (CompareStringEx(LOCALE_NAME_INVARIANT, NORM_IGNORECASE, bstrFormat, bstrFormat.length(), L"PEM", -1, NULL, NULL, 0) != CSTR_EQUAL) { continue;
// Certificate must be PEM encoded. }
continue;
} vector<unsigned char> aData;
if (FAILED(eapxml::get_element_base64(pXmlElCA, bstr(L"eap-metadata:cert-data"), aData))) {
vector<unsigned char> aData; // Error reading <cert-data> element.
if (FAILED(eapxml::get_element_base64(pXmlElCA, bstr(L"eap-metadata:cert-data"), aData))) { continue;
// Error reading <cert-data> element. }
continue;
} add_trusted_ca(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, aData.data(), (DWORD)aData.size());
}
add_trusted_ca(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, aData.data(), (DWORD)aData.size());
} // Log loaded CA certificates.
list<tstring> cert_names;
// Log loaded CA certificates. for (std::list<winstd::cert_context>::const_iterator cert = m_trusted_root_ca.cbegin(), cert_end = m_trusted_root_ca.cend(); cert != cert_end; ++cert)
list<tstring> cert_names; cert_names.push_back(std::move(get_cert_title(*cert)));
for (std::list<winstd::cert_context>::const_iterator cert = m_trusted_root_ca.cbegin(), cert_end = m_trusted_root_ca.cend(); cert != cert_end; ++cert) m_module.log_config((xpathServerSideCredential + L"/CA").c_str(), cert_names);
cert_names.push_back(std::move(get_cert_title(*cert))); }
m_module.log_config((xpathServerSideCredential + L"/CA").c_str(), cert_names);
} // <ServerName>
com_obj<IXMLDOMNodeList> pXmlListServerIDs;
// <ServerName> long lServerIDCount = 0;
com_obj<IXMLDOMNodeList> pXmlListServerIDs; if (SUCCEEDED(eapxml::select_nodes(pXmlElServerSideCredential, bstr(L"eap-metadata:ServerName"), &pXmlListServerIDs)) && SUCCEEDED(pXmlListServerIDs->get_length(&lServerIDCount))) {
long lServerIDCount = 0; for (long j = 0; j < lServerIDCount; j++) {
if (SUCCEEDED(eapxml::select_nodes(pXmlElServerSideCredential, bstr(L"eap-metadata:ServerName"), &pXmlListServerIDs)) && SUCCEEDED(pXmlListServerIDs->get_length(&lServerIDCount))) { // Load server name (<ServerName>).
for (long j = 0; j < lServerIDCount; j++) { com_obj<IXMLDOMNode> pXmlElServerID;
// Load server name (<ServerName>). pXmlListServerIDs->get_item(j, &pXmlElServerID);
com_obj<IXMLDOMNode> pXmlElServerID; bstr bstrServerID;
pXmlListServerIDs->get_item(j, &pXmlElServerID); pXmlElServerID->get_text(&bstrServerID);
bstr bstrServerID; m_server_names.push_back(wstring(bstrServerID));
pXmlElServerID->get_text(&bstrServerID); }
// Server names (FQDNs) are always ASCII. Hopefully. Convert them to UTF-8 anyway for consistent comparison. CP_ANSI varies. m_module.log_config((xpathServerSideCredential + L"/ServerName").c_str(), m_server_names);
string str; }
WideCharToMultiByte(CP_UTF8, 0, bstrServerID, bstrServerID.length(), str, NULL, NULL); }
}
m_server_names.push_back(str);
}
void eap::config_method_tls::operator<<(_Inout_ cursor_out &cursor) const
m_module.log_config((xpathServerSideCredential + L"/ServerName").c_str(), m_server_names); {
} config_method_with_cred::operator<<(cursor);
} cursor << m_trusted_root_ca;
} cursor << m_server_names ;
cursor << m_session_id ;
cursor << m_master_secret ;
void eap::config_method_tls::operator<<(_Inout_ cursor_out &cursor) const }
{
config_method_with_cred::operator<<(cursor);
cursor << m_trusted_root_ca; size_t eap::config_method_tls::get_pk_size() const
cursor << m_server_names ; {
cursor << m_session_id ; return
cursor << m_master_secret ; config_method_with_cred::get_pk_size() +
} pksizeof(m_trusted_root_ca) +
pksizeof(m_server_names ) +
pksizeof(m_session_id ) +
size_t eap::config_method_tls::get_pk_size() const pksizeof(m_master_secret );
{ }
return
config_method_with_cred::get_pk_size() +
pksizeof(m_trusted_root_ca) + void eap::config_method_tls::operator>>(_Inout_ cursor_in &cursor)
pksizeof(m_server_names ) + {
pksizeof(m_session_id ) + config_method_with_cred::operator>>(cursor);
pksizeof(m_master_secret ); cursor >> m_trusted_root_ca;
} cursor >> m_server_names ;
cursor >> m_session_id ;
cursor >> m_master_secret ;
void eap::config_method_tls::operator>>(_Inout_ cursor_in &cursor) }
{
config_method_with_cred::operator>>(cursor);
cursor >> m_trusted_root_ca; eap_type_t eap::config_method_tls::get_method_id() const
cursor >> m_server_names ; {
cursor >> m_session_id ; return eap_type_tls;
cursor >> m_master_secret ; }
}
bool eap::config_method_tls::add_trusted_ca(_In_ DWORD dwCertEncodingType, _In_ const BYTE *pbCertEncoded, _In_ DWORD cbCertEncoded)
eap_type_t eap::config_method_tls::get_method_id() const {
{ cert_context cert;
return eap_type_tls; if (!cert.create(dwCertEncodingType, pbCertEncoded, cbCertEncoded)) {
} // Invalid or unsupported certificate.
return false;
}
bool eap::config_method_tls::add_trusted_ca(_In_ DWORD dwCertEncodingType, _In_ const BYTE *pbCertEncoded, _In_ DWORD cbCertEncoded)
{ for (list<cert_context>::const_iterator i = m_trusted_root_ca.cbegin(), i_end = m_trusted_root_ca.cend();; ++i) {
cert_context cert; if (i != i_end) {
if (!cert.create(dwCertEncodingType, pbCertEncoded, cbCertEncoded)) { if (*i == cert) {
// Invalid or unsupported certificate. // This certificate is already on the list.
return false; return false;
} }
} else {
for (list<cert_context>::const_iterator i = m_trusted_root_ca.cbegin(), i_end = m_trusted_root_ca.cend();; ++i) { // End of list reached. Append certificate.
if (i != i_end) { m_trusted_root_ca.push_back(std::move(cert));
if (*i == cert) { return true;
// This certificate is already on the list. }
return false; }
} }
} else {
// End of list reached. Append certificate.
m_trusted_root_ca.push_back(std::move(cert));
return true;
}
}
}

10
lib/TLS/src/Credentials.cpp
View File

@@ -254,7 +254,7 @@ tstring eap::credentials_tls::get_name() const
} }
bool eap::credentials_tls::combine( eap::credentials::source_t eap::credentials_tls::combine(
_In_ const credentials_tls *cred_cached, _In_ const credentials_tls *cred_cached,
_In_ const config_method_tls &cfg, _In_ const config_method_tls &cfg,
_In_opt_z_ LPCTSTR pszTargetName) _In_opt_z_ LPCTSTR pszTargetName)
@@ -263,14 +263,14 @@ bool eap::credentials_tls::combine(
// Using EAP service cached credentials. // Using EAP service cached credentials.
*this = *cred_cached; *this = *cred_cached;
m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CACHED1, event_data((unsigned int)eap_type_tls), event_data(credentials_tls::get_name()), event_data::blank); m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CACHED1, event_data((unsigned int)eap_type_tls), event_data(credentials_tls::get_name()), event_data::blank);
return true; return source_cache;
} }
if (cfg.m_use_preshared) { if (cfg.m_use_preshared) {
// Using preshared credentials. // Using preshared credentials.
*this = *(credentials_tls*)cfg.m_preshared.get(); *this = *(credentials_tls*)cfg.m_preshared.get();
m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_PRESHARED1, event_data((unsigned int)eap_type_tls), event_data(credentials_tls::get_name()), event_data::blank); m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_PRESHARED1, event_data((unsigned int)eap_type_tls), event_data(credentials_tls::get_name()), event_data::blank);
return true; return source_preshared;
} }
if (pszTargetName) { if (pszTargetName) {
@@ -281,13 +281,13 @@ bool eap::credentials_tls::combine(
// Using stored credentials. // Using stored credentials.
*this = std::move(cred_loaded); *this = std::move(cred_loaded);
m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_STORED1, event_data((unsigned int)eap_type_tls), event_data(credentials_tls::get_name()), event_data::blank); m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_STORED1, event_data((unsigned int)eap_type_tls), event_data(credentials_tls::get_name()), event_data::blank);
return true; return source_storage;
} catch (...) { } catch (...) {
// Not actually an error. // Not actually an error.
} }
} }
return false; return source_unknown;
} }

3221
lib/TLS/src/Method.cpp
View File

File diff suppressed because it is too large Load Diff

290
lib/TLS/src/TLS.cpp
View File

@@ -37,40 +37,7 @@ const eap::tls_version eap::tls_version_1_2 = { 3, 3 };
// eap::tls_random // eap::tls_random
////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////
eap::tls_random::tls_random() void eap::tls_random::randomize(_In_ HCRYPTPROV cp)
{
memset(data, 0, sizeof(data));
}
eap::tls_random::tls_random(_In_ const tls_random &other)
{
memcpy(data, other.data, sizeof(data));
}
eap::tls_random::~tls_random()
{
SecureZeroMemory(data, sizeof(data));
}
eap::tls_random& eap::tls_random::operator=(_In_ const tls_random &other)
{
if (this != std::addressof(other))
memcpy(data, other.data, sizeof(data));
return *this;
}
void eap::tls_random::clear()
{
memset(data, 0, sizeof(data));
}
void eap::tls_random::reset(_In_ HCRYPTPROV cp)
{ {
_time32((__time32_t*)data); _time32((__time32_t*)data);
if (!CryptGenRandom(cp, sizeof(data) - sizeof(__time32_t), data + sizeof(__time32_t))) if (!CryptGenRandom(cp, sizeof(data) - sizeof(__time32_t), data + sizeof(__time32_t)))
@@ -84,7 +51,6 @@ void eap::tls_random::reset(_In_ HCRYPTPROV cp)
eap::tls_master_secret::tls_master_secret() eap::tls_master_secret::tls_master_secret()
{ {
memset(data, 0, sizeof(data));
} }
@@ -98,30 +64,113 @@ eap::tls_master_secret::tls_master_secret(_In_ HCRYPTPROV cp, _In_ tls_version v
} }
eap::tls_master_secret::tls_master_secret(_In_ const tls_master_secret &other) eap::tls_master_secret::tls_master_secret(_In_ const sanitizing_blob_f<48> &other) :
sanitizing_blob_xf<48>(other)
{ {
memcpy(data, other.data, sizeof(data));
} }
eap::tls_master_secret::~tls_master_secret() #ifdef _DEBUG
eap::tls_master_secret::tls_master_secret(_Inout_ sanitizing_blob_zf<48> &&other) :
sanitizing_blob_xf<48>(std::move(other))
{
}
#endif
//////////////////////////////////////////////////////////////////////
// eap::hmac_padding
//////////////////////////////////////////////////////////////////////
eap::hmac_padding::hmac_padding()
{ {
SecureZeroMemory(data, sizeof(data));
} }
eap::tls_master_secret& eap::tls_master_secret::operator=(_In_ const tls_master_secret &other) eap::hmac_padding::hmac_padding(
_In_ HCRYPTPROV cp,
_In_ ALG_ID alg,
_In_bytecount_(size_secret ) const void *secret,
_In_ size_t size_secret,
_In_opt_ unsigned char pad)
{ {
if (this != std::addressof(other)) if (size_secret > sizeof(hmac_padding)) {
memcpy(data, other.data, sizeof(data)); // If the secret is longer than padding, use secret's hash instead.
crypt_hash hash;
return *this; if (!hash.create(cp, alg))
throw win_runtime_error(__FUNCTION__ " Error creating hash.");
if (!CryptHashData(hash, (const BYTE*)secret, (DWORD)size_secret, 0))
throw win_runtime_error(__FUNCTION__ " Error hashing.");
DWORD size_hash = sizeof(hmac_padding);
if (!CryptGetHashParam(hash, HP_HASHVAL, data, &size_hash, 0))
throw win_runtime_error(__FUNCTION__ " Error finishing hash.");
size_secret = size_hash;
} else
memcpy(data, secret, size_secret);
for (size_t i = 0; i < size_secret; i++)
data[i] ^= pad;
memset(data + size_secret, pad, sizeof(hmac_padding) - size_secret);
} }
void eap::tls_master_secret::clear() eap::hmac_padding::hmac_padding(_In_ const sanitizing_blob_f<64> &other) :
sanitizing_blob_xf<64>(other)
{ {
memset(data, 0, sizeof(data)); }
#ifdef _DEBUG
eap::hmac_padding::hmac_padding(_Inout_ sanitizing_blob_zf<64> &&other) :
sanitizing_blob_xf<64>(std::move(other))
{
}
#endif
//////////////////////////////////////////////////////////////////////
// eap::hmac_hash
//////////////////////////////////////////////////////////////////////
eap::hmac_hash::hmac_hash(
_In_ HCRYPTPROV cp,
_In_ ALG_ID alg,
_In_bytecount_(size_secret ) const void *secret,
_In_ size_t size_secret)
{
// Prepare inner padding and forward to the other constructor.
this->hmac_hash::hmac_hash(cp, alg, hmac_padding(cp, alg, secret, size_secret));
}
eap::hmac_hash::hmac_hash(
_In_ HCRYPTPROV cp,
_In_ ALG_ID alg,
_In_ const hmac_padding &padding)
{
// Create inner hash.
if (!m_hash_inner.create(cp, alg))
throw win_runtime_error(__FUNCTION__ " Error creating inner hash.");
// Initialize it with the inner padding.
if (!CryptHashData(m_hash_inner, padding.data, sizeof(hmac_padding), 0))
throw win_runtime_error(__FUNCTION__ " Error hashing secret XOR inner padding.");
// Convert inner padding to outer padding for final calculation.
hmac_padding padding_out;
for (size_t i = 0; i < sizeof(hmac_padding); i++)
padding_out.data[i] = padding.data[i] ^ (0x36 ^ 0x5c);
// Create outer hash.
if (!m_hash_outer.create(cp, alg))
throw win_runtime_error(__FUNCTION__ " Error creating outer hash.");
// Initialize it with the outer padding.
if (!CryptHashData(m_hash_outer, padding_out.data, sizeof(hmac_padding), 0))
throw win_runtime_error(__FUNCTION__ " Error hashing secret XOR inner padding.");
} }
@@ -129,8 +178,10 @@ void eap::tls_master_secret::clear()
// eap::tls_conn_state // eap::tls_conn_state
////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////
eap::tls_conn_state::tls_conn_state() : eap::tls_conn_state::tls_conn_state()
m_alg_prf (0), #ifdef _DEBUG
// Initialize state primitive members for diagnostic purposes.
:
m_alg_encrypt (0), m_alg_encrypt (0),
m_size_enc_key (0), m_size_enc_key (0),
m_size_enc_iv (0), m_size_enc_iv (0),
@@ -138,32 +189,61 @@ eap::tls_conn_state::tls_conn_state() :
m_alg_mac (0), m_alg_mac (0),
m_size_mac_key (0), m_size_mac_key (0),
m_size_mac_hash (0) m_size_mac_hash (0)
#endif
{ {
} }
eap::tls_conn_state::tls_conn_state(_In_ const tls_conn_state &other) : eap::tls_conn_state::tls_conn_state(_In_ const tls_conn_state &other) :
m_master_secret(other.m_master_secret), m_alg_encrypt (other.m_alg_encrypt ),
m_random_client(other.m_random_client), m_size_enc_key (other.m_size_enc_key ),
m_random_server(other.m_random_server) m_size_enc_iv (other.m_size_enc_iv ),
m_size_enc_block(other.m_size_enc_block),
m_key (other.m_key ),
m_alg_mac (other.m_alg_mac ),
m_size_mac_key (other.m_size_mac_key ),
m_size_mac_hash (other.m_size_mac_hash ),
m_padding_hmac (other.m_padding_hmac )
{ {
} }
eap::tls_conn_state::tls_conn_state(_Inout_ tls_conn_state &&other) : eap::tls_conn_state::tls_conn_state(_Inout_ tls_conn_state &&other) :
m_master_secret(std::move(other.m_master_secret)), m_alg_encrypt (std::move(other.m_alg_encrypt )),
m_random_client(std::move(other.m_random_client)), m_size_enc_key (std::move(other.m_size_enc_key )),
m_random_server(std::move(other.m_random_server)) m_size_enc_iv (std::move(other.m_size_enc_iv )),
m_size_enc_block(std::move(other.m_size_enc_block)),
m_key (std::move(other.m_key )),
m_alg_mac (std::move(other.m_alg_mac )),
m_size_mac_key (std::move(other.m_size_mac_key )),
m_size_mac_hash (std::move(other.m_size_mac_hash )),
m_padding_hmac (std::move(other.m_padding_hmac ))
{ {
#ifdef _DEBUG
// Reinitialize other state primitive members for diagnostic purposes.
other.m_alg_encrypt = 0;
other.m_size_enc_key = 0;
other.m_size_enc_iv = 0;
other.m_size_enc_block = 0;
other.m_alg_mac = 0;
other.m_size_mac_key = 0;
other.m_size_mac_hash = 0;
#endif
} }
eap::tls_conn_state& eap::tls_conn_state::operator=(_In_ const tls_conn_state &other) eap::tls_conn_state& eap::tls_conn_state::operator=(_In_ const tls_conn_state &other)
{ {
if (this != std::addressof(other)) { if (this != std::addressof(other)) {
m_master_secret = other.m_master_secret; m_alg_encrypt = other.m_alg_encrypt ;
m_random_client = other.m_random_client; m_size_enc_key = other.m_size_enc_key ;
m_random_server = other.m_random_server; m_size_enc_iv = other.m_size_enc_iv ;
m_size_enc_block = other.m_size_enc_block;
m_key = other.m_key ;
m_alg_mac = other.m_alg_mac ;
m_size_mac_key = other.m_size_mac_key ;
m_size_mac_hash = other.m_size_mac_hash ;
m_padding_hmac = other.m_padding_hmac ;
} }
return *this; return *this;
@@ -173,83 +253,27 @@ eap::tls_conn_state& eap::tls_conn_state::operator=(_In_ const tls_conn_state &o
eap::tls_conn_state& eap::tls_conn_state::operator=(_Inout_ tls_conn_state &&other) eap::tls_conn_state& eap::tls_conn_state::operator=(_Inout_ tls_conn_state &&other)
{ {
if (this != std::addressof(other)) { if (this != std::addressof(other)) {
m_master_secret = std::move(other.m_master_secret); m_alg_encrypt = std::move(other.m_alg_encrypt );
m_random_client = std::move(other.m_random_client); m_size_enc_key = std::move(other.m_size_enc_key );
m_random_server = std::move(other.m_random_server); m_size_enc_iv = std::move(other.m_size_enc_iv );
m_size_enc_block = std::move(other.m_size_enc_block);
m_key = std::move(other.m_key );
m_alg_mac = std::move(other.m_alg_mac );
m_size_mac_key = std::move(other.m_size_mac_key );
m_size_mac_hash = std::move(other.m_size_mac_hash );
m_padding_hmac = std::move(other.m_padding_hmac );
#ifdef _DEBUG
// Reinitialize other state primitive members for diagnostic purposes.
other.m_alg_encrypt = 0;
other.m_size_enc_key = 0;
other.m_size_enc_iv = 0;
other.m_size_enc_block = 0;
other.m_alg_mac = 0;
other.m_size_mac_key = 0;
other.m_size_mac_hash = 0;
#endif
} }
return *this; return *this;
} }
//////////////////////////////////////////////////////////////////////
// eap::hash_hmac
//////////////////////////////////////////////////////////////////////
eap::hash_hmac::hash_hmac(
_In_ HCRYPTPROV cp,
_In_ ALG_ID alg,
_In_bytecount_(size_secret ) const void *secret,
_In_ size_t size_secret)
{
// Prepare padding.
sanitizing_blob padding(sizeof(padding_t));
inner_padding(cp, alg, secret, size_secret, padding.data());
// Continue with the other constructor.
this->hash_hmac::hash_hmac(cp, alg, padding.data());
}
eap::hash_hmac::hash_hmac(
_In_ HCRYPTPROV cp,
_In_ ALG_ID alg,
_In_ const padding_t padding)
{
// Create inner hash.
if (!m_hash_inner.create(cp, alg))
throw win_runtime_error(__FUNCTION__ " Error creating inner hash.");
// Initialize it with the inner padding.
if (!CryptHashData(m_hash_inner, padding, sizeof(padding_t), 0))
throw win_runtime_error(__FUNCTION__ " Error hashing secret XOR inner padding.");
// Convert inner padding to outer padding for final calculation.
padding_t padding_out;
for (size_t i = 0; i < sizeof(padding_t); i++)
padding_out[i] = padding[i] ^ (0x36 ^ 0x5c);
// Create outer hash.
if (!m_hash_outer.create(cp, alg))
throw win_runtime_error(__FUNCTION__ " Error creating outer hash.");
// Initialize it with the outer padding.
if (!CryptHashData(m_hash_outer, padding_out, sizeof(padding_t), 0))
throw win_runtime_error(__FUNCTION__ " Error hashing secret XOR inner padding.");
}
void eap::hash_hmac::inner_padding(
_In_ HCRYPTPROV cp,
_In_ ALG_ID alg,
_In_bytecount_(size_secret ) const void *secret,
_In_ size_t size_secret,
_Out_ padding_t padding)
{
if (size_secret > sizeof(padding_t)) {
// If the secret is longer than padding, use secret's hash instead.
crypt_hash hash;
if (!hash.create(cp, alg))
throw win_runtime_error(__FUNCTION__ " Error creating hash.");
if (!CryptHashData(hash, (const BYTE*)secret, (DWORD)size_secret, 0))
throw win_runtime_error(__FUNCTION__ " Error hashing.");
DWORD size_hash = sizeof(padding_t);
if (!CryptGetHashParam(hash, HP_HASHVAL, padding, &size_hash, 0))
throw win_runtime_error(__FUNCTION__ " Error finishing hash.");
size_secret = size_hash;
} else
memcpy(padding, secret, size_secret);
for (size_t i = 0; i < size_secret; i++)
padding[i] ^= 0x36;
memset(padding + size_secret, 0x36, sizeof(padding_t) - size_secret);
}

684
lib/TLS_UI/include/TLS_UI.h
View File

@@ -1,342 +1,342 @@
/* /*
Copyright 2015-2016 Amebis Copyright 2015-2016 Amebis
Copyright 2016 GÉANT Copyright 2016 GÉANT
This file is part of GÉANTLink. This file is part of GÉANTLink.
GÉANTLink is free software: you can redistribute it and/or modify it GÉANTLink is free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or the Free Software Foundation, either version 3 of the License, or
(at your option) any later version. (at your option) any later version.
GÉANTLink is distributed in the hope that it will be useful, but GÉANTLink is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details. GNU General Public License for more details.
You should have received a copy of the GNU General Public License You should have received a copy of the GNU General Public License
along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>. along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
*/ */
#include "../../EAPBase_UI/include/EAP_UI.h" #include "../../EAPBase_UI/include/EAP_UI.h"
#include "../../TLS/include/Config.h" #include "../../TLS/include/Config.h"
#include "../../TLS/include/Credentials.h" #include "../../TLS/include/Credentials.h"
#include <WinStd/Common.h> #include <WinStd/Common.h>
#include <wx/filedlg.h> #include <wx/filedlg.h>
#include <wx/msgdlg.h> #include <wx/msgdlg.h>
#include <Windows.h> #include <Windows.h>
#include <cryptuiapi.h> #include <cryptuiapi.h>
#include <WinCrypt.h> // Must include after <Windows.h> #include <WinCrypt.h> // Must include after <Windows.h>
#include <list> #include <list>
#include <string> #include <string>
/// ///
/// Helper class for auto-destroyable certificates used in wxWidget's item containers /// Helper class for auto-destroyable certificates used in wxWidget's item containers
/// ///
class wxCertificateClientData; class wxCertificateClientData;
/// ///
/// Validator for host name /// Validator for host name
/// ///
class wxHostNameValidator; class wxHostNameValidator;
/// ///
/// Validator for FQDN /// Validator for FQDN
/// ///
class wxFQDNValidator; class wxFQDNValidator;
/// ///
/// Validator for FQDN lists /// Validator for FQDN lists
/// ///
class wxFQDNListValidator; class wxFQDNListValidator;
/// ///
/// TLS credential panel /// TLS credential panel
/// ///
class wxTLSCredentialsPanel; class wxTLSCredentialsPanel;
/// ///
/// TLS server trust configuration panel /// TLS server trust configuration panel
/// ///
class wxTLSServerTrustPanel; class wxTLSServerTrustPanel;
/// ///
/// TLS credentials configuration panel /// TLS credentials configuration panel
/// ///
typedef wxEAPCredentialsConfigPanel<eap::credentials_tls, wxTLSCredentialsPanel> wxTLSCredentialsConfigPanel; typedef wxEAPCredentialsConfigPanel<eap::credentials_tls, wxTLSCredentialsPanel> wxTLSCredentialsConfigPanel;
/// ///
/// TLS configuration panel /// TLS configuration panel
/// ///
class wxTLSConfigPanel; class wxTLSConfigPanel;
#pragma once #pragma once
#include "../res/wxTLS_UI.h" #include "../res/wxTLS_UI.h"
#include <WinStd/Win.h> #include <WinStd/Win.h>
#include <wx/clntdata.h> #include <wx/clntdata.h>
#include <wx/icon.h> #include <wx/icon.h>
#include <wx/panel.h> #include <wx/panel.h>
#include <wx/textctrl.h> #include <wx/textctrl.h>
#include <wx/validate.h> #include <wx/validate.h>
#include <list> #include <list>
#include <string> #include <string>
#include <vector> #include <vector>
class wxCertificateClientData : public wxClientData class wxCertificateClientData : public wxClientData
{ {
public: public:
/// ///
/// Constructs client data object with existing handle /// Constructs client data object with existing handle
/// ///
wxCertificateClientData(PCCERT_CONTEXT cert); wxCertificateClientData(PCCERT_CONTEXT cert);
/// ///
/// Releases certificate handle and destructs the object /// Releases certificate handle and destructs the object
/// ///
virtual ~wxCertificateClientData(); virtual ~wxCertificateClientData();
public: public:
PCCERT_CONTEXT m_cert; ///< Certificate PCCERT_CONTEXT m_cert; ///< Certificate
}; };
class wxHostNameValidator : public wxValidator class wxHostNameValidator : public wxValidator
{ {
wxDECLARE_DYNAMIC_CLASS(wxHostNameValidator); wxDECLARE_DYNAMIC_CLASS(wxHostNameValidator);
wxDECLARE_NO_ASSIGN_CLASS(wxHostNameValidator); wxDECLARE_NO_ASSIGN_CLASS(wxHostNameValidator);
public: public:
/// ///
/// Construct the validator with a value to store data /// Construct the validator with a value to store data
/// ///
wxHostNameValidator(std::string *val = NULL); wxHostNameValidator(std::wstring *val = NULL);
/// ///
/// Copy constructor /// Copy constructor
/// ///
wxHostNameValidator(const wxHostNameValidator &other); wxHostNameValidator(const wxHostNameValidator &other);
/// ///
/// Copies this validator /// Copies this validator
/// ///
virtual wxObject* Clone() const; virtual wxObject* Clone() const;
/// ///
/// Validates the value /// Validates the value
/// ///
virtual bool Validate(wxWindow *parent); virtual bool Validate(wxWindow *parent);
/// ///
/// Transfers the value to the window /// Transfers the value to the window
/// ///
virtual bool TransferToWindow(); virtual bool TransferToWindow();
/// ///
/// Transfers the value from the window /// Transfers the value from the window
/// ///
virtual bool TransferFromWindow(); virtual bool TransferFromWindow();
/// ///
/// Parses FQDN value /// Parses FQDN value
/// ///
static bool Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::string *val_out = NULL); static bool Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::wstring *val_out = NULL);
protected: protected:
std::string *m_val; ///< Pointer to variable to receive control's parsed value std::wstring *m_val; ///< Pointer to variable to receive control's parsed value
}; };
class wxFQDNValidator : public wxValidator class wxFQDNValidator : public wxValidator
{ {
wxDECLARE_DYNAMIC_CLASS(wxFQDNValidator); wxDECLARE_DYNAMIC_CLASS(wxFQDNValidator);
wxDECLARE_NO_ASSIGN_CLASS(wxFQDNValidator); wxDECLARE_NO_ASSIGN_CLASS(wxFQDNValidator);
public: public:
/// ///
/// Construct the validator with a value to store data /// Construct the validator with a value to store data
/// ///
wxFQDNValidator(std::string *val = NULL); wxFQDNValidator(std::wstring *val = NULL);
/// ///
/// Copy constructor /// Copy constructor
/// ///
wxFQDNValidator(const wxFQDNValidator &other); wxFQDNValidator(const wxFQDNValidator &other);
/// ///
/// Copies this validator /// Copies this validator
/// ///
virtual wxObject* Clone() const; virtual wxObject* Clone() const;
/// ///
/// Validates the value /// Validates the value
/// ///
virtual bool Validate(wxWindow *parent); virtual bool Validate(wxWindow *parent);
/// ///
/// Transfers the value to the window /// Transfers the value to the window
/// ///
virtual bool TransferToWindow(); virtual bool TransferToWindow();
/// ///
/// Transfers the value from the window /// Transfers the value from the window
/// ///
virtual bool TransferFromWindow(); virtual bool TransferFromWindow();
/// ///
/// Parses FQDN value /// Parses FQDN value
/// ///
static bool Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::string *val_out = NULL); static bool Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::wstring *val_out = NULL);
protected: protected:
std::string *m_val; ///< Pointer to variable to receive control's parsed value std::wstring *m_val; ///< Pointer to variable to receive control's parsed value
}; };
class wxFQDNListValidator : public wxValidator class wxFQDNListValidator : public wxValidator
{ {
wxDECLARE_DYNAMIC_CLASS(wxFQDNListValidator); wxDECLARE_DYNAMIC_CLASS(wxFQDNListValidator);
wxDECLARE_NO_ASSIGN_CLASS(wxFQDNListValidator); wxDECLARE_NO_ASSIGN_CLASS(wxFQDNListValidator);
public: public:
/// ///
/// Construct the validator with a value to store data /// Construct the validator with a value to store data
/// ///
wxFQDNListValidator(std::list<std::string> *val = NULL); wxFQDNListValidator(std::list<std::wstring> *val = NULL);
/// ///
/// Copy constructor /// Copy constructor
/// ///
wxFQDNListValidator(const wxFQDNListValidator &other); wxFQDNListValidator(const wxFQDNListValidator &other);
/// ///
/// Copies this validator /// Copies this validator
/// ///
virtual wxObject* Clone() const; virtual wxObject* Clone() const;
/// ///
/// Validates the value /// Validates the value
/// ///
virtual bool Validate(wxWindow *parent); virtual bool Validate(wxWindow *parent);
/// ///
/// Transfers the value to the window /// Transfers the value to the window
/// ///
virtual bool TransferToWindow(); virtual bool TransferToWindow();
/// ///
/// Transfers the value from the window /// Transfers the value from the window
/// ///
virtual bool TransferFromWindow(); virtual bool TransferFromWindow();
/// ///
/// Parses FQDN list value /// Parses FQDN list value
/// ///
static bool Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::list<std::string> *val_out = NULL); static bool Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::list<std::wstring> *val_out = NULL);
protected: protected:
std::list<std::string> *m_val; ///< Pointer to variable to receive control's parsed value std::list<std::wstring> *m_val; ///< Pointer to variable to receive control's parsed value
}; };
class wxTLSCredentialsPanel : public wxEAPCredentialsPanelBase<eap::credentials_tls, wxTLSCredentialsPanelBase> class wxTLSCredentialsPanel : public wxEAPCredentialsPanelBase<eap::credentials_tls, wxTLSCredentialsPanelBase>
{ {
public: public:
/// ///
/// Constructs a configuration panel /// Constructs a configuration panel
/// ///
/// \param[in] prov Provider configuration data /// \param[in] prov Provider configuration data
/// \param[in] cfg Configuration data /// \param[in] cfg Configuration data
/// \param[inout] cred Credentials data /// \param[inout] cred Credentials data
/// \param[in] pszCredTarget Target name of credentials in Windows Credential Manager. Can be further decorated to create final target name. /// \param[in] pszCredTarget Target name of credentials in Windows Credential Manager. Can be further decorated to create final target name.
/// \param[in] parent Parent window /// \param[in] parent Parent window
/// \param[in] is_config Is this panel used to pre-enter credentials? When \c true, the "Remember" checkbox is always selected and disabled. /// \param[in] is_config Is this panel used to pre-enter credentials? When \c true, the "Remember" checkbox is always selected and disabled.
/// ///
wxTLSCredentialsPanel(const eap::config_provider &prov, const eap::config_method_with_cred &cfg, eap::credentials_tls &cred, LPCTSTR pszCredTarget, wxWindow* parent, bool is_config = false); wxTLSCredentialsPanel(const eap::config_provider &prov, const eap::config_method_with_cred &cfg, eap::credentials_tls &cred, LPCTSTR pszCredTarget, wxWindow* parent, bool is_config = false);
protected: protected:
/// \cond internal /// \cond internal
virtual bool TransferDataToWindow(); virtual bool TransferDataToWindow();
virtual bool TransferDataFromWindow(); virtual bool TransferDataFromWindow();
virtual void OnUpdateUI(wxUpdateUIEvent& event); virtual void OnUpdateUI(wxUpdateUIEvent& event);
/// \endcond /// \endcond
protected: protected:
winstd::library m_shell32; ///< shell32.dll resource library reference winstd::library m_shell32; ///< shell32.dll resource library reference
wxIcon m_icon; ///< Panel icon wxIcon m_icon; ///< Panel icon
}; };
class wxTLSServerTrustPanel : public wxEAPTLSServerTrustConfigPanelBase class wxTLSServerTrustPanel : public wxEAPTLSServerTrustConfigPanelBase
{ {
public: public:
/// ///
/// Constructs a configuration panel /// Constructs a configuration panel
/// ///
wxTLSServerTrustPanel(const eap::config_provider &prov, eap::config_method_tls &cfg, wxWindow* parent); wxTLSServerTrustPanel(const eap::config_provider &prov, eap::config_method_tls &cfg, wxWindow* parent);
protected: protected:
/// \cond internal /// \cond internal
virtual bool TransferDataToWindow(); virtual bool TransferDataToWindow();
virtual bool TransferDataFromWindow(); virtual bool TransferDataFromWindow();
virtual void OnUpdateUI(wxUpdateUIEvent& event); virtual void OnUpdateUI(wxUpdateUIEvent& event);
virtual void OnRootCADClick(wxCommandEvent& event); virtual void OnRootCADClick(wxCommandEvent& event);
virtual void OnRootCAAddStore(wxCommandEvent& event); virtual void OnRootCAAddStore(wxCommandEvent& event);
virtual void OnRootCAAddFile(wxCommandEvent& event); virtual void OnRootCAAddFile(wxCommandEvent& event);
virtual void OnRootCARemove(wxCommandEvent& event); virtual void OnRootCARemove(wxCommandEvent& event);
/// \endcond /// \endcond
/// ///
/// Adds a certificate to the list of trusted root CA list /// Adds a certificate to the list of trusted root CA list
/// ///
/// \param[in] cert Certificate /// \param[in] cert Certificate
/// ///
/// \returns /// \returns
/// - \c true if certificate was added; /// - \c true if certificate was added;
/// - \c false if duplicate found or an error occured. /// - \c false if duplicate found or an error occured.
/// ///
bool AddRootCA(PCCERT_CONTEXT cert); bool AddRootCA(PCCERT_CONTEXT cert);
protected: protected:
const eap::config_provider &m_prov; ///< EAP provider const eap::config_provider &m_prov; ///< EAP provider
eap::config_method_tls &m_cfg; ///< TLS configuration eap::config_method_tls &m_cfg; ///< TLS configuration
winstd::library m_certmgr; ///< certmgr.dll resource library reference winstd::library m_certmgr; ///< certmgr.dll resource library reference
wxIcon m_icon; ///< Panel icon wxIcon m_icon; ///< Panel icon
std::list<std::string> m_server_names_val; ///< Acceptable authenticating server names std::list<std::wstring> m_server_names_val; ///< Acceptable authenticating server names
}; };
class wxTLSConfigPanel : public wxPanel class wxTLSConfigPanel : public wxPanel
{ {
public: public:
/// ///
/// Constructs a configuration panel /// Constructs a configuration panel
/// ///
wxTLSConfigPanel(const eap::config_provider &prov, eap::config_method_tls &cfg, LPCTSTR pszCredTarget, wxWindow* parent); wxTLSConfigPanel(const eap::config_provider &prov, eap::config_method_tls &cfg, LPCTSTR pszCredTarget, wxWindow* parent);
/// ///
/// Destructs the configuration panel /// Destructs the configuration panel
/// ///
virtual ~wxTLSConfigPanel(); virtual ~wxTLSConfigPanel();
protected: protected:
/// \cond internal /// \cond internal
virtual void OnInitDialog(wxInitDialogEvent& event); virtual void OnInitDialog(wxInitDialogEvent& event);
virtual bool TransferDataFromWindow(); virtual bool TransferDataFromWindow();
/// \endcond /// \endcond
protected: protected:
const eap::config_provider &m_prov; ///< EAP provider const eap::config_provider &m_prov; ///< EAP provider
eap::config_method_tls &m_cfg; ///< TLS configuration eap::config_method_tls &m_cfg; ///< TLS configuration
wxTLSServerTrustPanel *m_server_trust; ///< Server trust configuration panel wxTLSServerTrustPanel *m_server_trust; ///< Server trust configuration panel
wxTLSCredentialsConfigPanel *m_credentials; ///< Credentials configuration panel wxTLSCredentialsConfigPanel *m_credentials; ///< Credentials configuration panel
}; };

364
lib/TLS_UI/res/wxTLS_UI.cpp
View File

@@ -1,182 +1,182 @@
/////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////
// C++ code generated with wxFormBuilder (version Jun 17 2015) // C++ code generated with wxFormBuilder (version Jun 17 2015)
// http://www.wxformbuilder.org/ // http://www.wxformbuilder.org/
// //
// PLEASE DO "NOT" EDIT THIS FILE! // PLEASE DO "NOT" EDIT THIS FILE!
/////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////
#include <StdAfx.h> #include <StdAfx.h>
#include "wxTLS_UI.h" #include "wxTLS_UI.h"
/////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////
wxEAPTLSServerTrustConfigPanelBase::wxEAPTLSServerTrustConfigPanelBase( wxWindow* parent, wxWindowID id, const wxPoint& pos, const wxSize& size, long style ) : wxPanel( parent, id, pos, size, style ) wxEAPTLSServerTrustConfigPanelBase::wxEAPTLSServerTrustConfigPanelBase( wxWindow* parent, wxWindowID id, const wxPoint& pos, const wxSize& size, long style ) : wxPanel( parent, id, pos, size, style )
{ {
wxStaticBoxSizer* sb_server_trust; wxStaticBoxSizer* sb_server_trust;
sb_server_trust = new wxStaticBoxSizer( new wxStaticBox( this, wxID_ANY, _("Server Trust") ), wxVERTICAL ); sb_server_trust = new wxStaticBoxSizer( new wxStaticBox( this, wxID_ANY, _("Server Trust") ), wxVERTICAL );
wxBoxSizer* sb_server_trust_horiz; wxBoxSizer* sb_server_trust_horiz;
sb_server_trust_horiz = new wxBoxSizer( wxHORIZONTAL ); sb_server_trust_horiz = new wxBoxSizer( wxHORIZONTAL );
m_server_trust_icon = new wxStaticBitmap( sb_server_trust->GetStaticBox(), wxID_ANY, wxNullBitmap, wxDefaultPosition, wxDefaultSize, 0 ); m_server_trust_icon = new wxStaticBitmap( sb_server_trust->GetStaticBox(), wxID_ANY, wxNullBitmap, wxDefaultPosition, wxDefaultSize, 0 );
sb_server_trust_horiz->Add( m_server_trust_icon, 0, wxALL, 5 ); sb_server_trust_horiz->Add( m_server_trust_icon, 0, wxALL, 5 );
wxBoxSizer* sb_server_trust_vert; wxBoxSizer* sb_server_trust_vert;
sb_server_trust_vert = new wxBoxSizer( wxVERTICAL ); sb_server_trust_vert = new wxBoxSizer( wxVERTICAL );
m_server_trust_label = new wxStaticText( sb_server_trust->GetStaticBox(), wxID_ANY, _("Describe the servers you trust to prevent credential interception in case of man-in-the-middle attacks."), wxDefaultPosition, wxDefaultSize, 0 ); m_server_trust_label = new wxStaticText( sb_server_trust->GetStaticBox(), wxID_ANY, _("Describe the servers you trust to prevent credential interception in case of man-in-the-middle attacks."), wxDefaultPosition, wxDefaultSize, 0 );
m_server_trust_label->Wrap( 446 ); m_server_trust_label->Wrap( 446 );
sb_server_trust_vert->Add( m_server_trust_label, 0, wxALL|wxEXPAND, 5 ); sb_server_trust_vert->Add( m_server_trust_label, 0, wxALL|wxEXPAND, 5 );
wxBoxSizer* sb_root_ca; wxBoxSizer* sb_root_ca;
sb_root_ca = new wxBoxSizer( wxVERTICAL ); sb_root_ca = new wxBoxSizer( wxVERTICAL );
m_root_ca_lbl = new wxStaticText( sb_server_trust->GetStaticBox(), wxID_ANY, _("Acceptable Certificate Authorities:"), wxDefaultPosition, wxDefaultSize, 0 ); m_root_ca_lbl = new wxStaticText( sb_server_trust->GetStaticBox(), wxID_ANY, _("Acceptable Certificate Authorities:"), wxDefaultPosition, wxDefaultSize, 0 );
m_root_ca_lbl->Wrap( -1 ); m_root_ca_lbl->Wrap( -1 );
sb_root_ca->Add( m_root_ca_lbl, 0, wxEXPAND|wxBOTTOM, 5 ); sb_root_ca->Add( m_root_ca_lbl, 0, wxEXPAND|wxBOTTOM, 5 );
m_root_ca = new wxListBox( sb_server_trust->GetStaticBox(), wxID_ANY, wxDefaultPosition, wxDefaultSize, 0, NULL, wxLB_SORT ); m_root_ca = new wxListBox( sb_server_trust->GetStaticBox(), wxID_ANY, wxDefaultPosition, wxDefaultSize, 0, NULL, wxLB_SORT );
m_root_ca->SetToolTip( _("List of certificate authorities server's certificate must be issued by") ); m_root_ca->SetToolTip( _("List of certificate authorities server's certificate must be issued by") );
sb_root_ca->Add( m_root_ca, 1, wxEXPAND|wxBOTTOM, 5 ); sb_root_ca->Add( m_root_ca, 1, wxEXPAND|wxBOTTOM, 5 );
wxBoxSizer* sb_root_ca_btn; wxBoxSizer* sb_root_ca_btn;
sb_root_ca_btn = new wxBoxSizer( wxHORIZONTAL ); sb_root_ca_btn = new wxBoxSizer( wxHORIZONTAL );
m_root_ca_add_store = new wxButton( sb_server_trust->GetStaticBox(), wxID_ANY, _("Add CA from Store..."), wxDefaultPosition, wxDefaultSize, 0 ); m_root_ca_add_store = new wxButton( sb_server_trust->GetStaticBox(), wxID_ANY, _("Add CA from Store..."), wxDefaultPosition, wxDefaultSize, 0 );
m_root_ca_add_store->SetToolTip( _("Adds a new certificate authority from the certificate store to the list") ); m_root_ca_add_store->SetToolTip( _("Adds a new certificate authority from the certificate store to the list") );
sb_root_ca_btn->Add( m_root_ca_add_store, 0, wxRIGHT, 5 ); sb_root_ca_btn->Add( m_root_ca_add_store, 0, wxRIGHT, 5 );
m_root_ca_add_file = new wxButton( sb_server_trust->GetStaticBox(), wxID_ANY, _("Add CA from File..."), wxDefaultPosition, wxDefaultSize, 0 ); m_root_ca_add_file = new wxButton( sb_server_trust->GetStaticBox(), wxID_ANY, _("Add CA from File..."), wxDefaultPosition, wxDefaultSize, 0 );
m_root_ca_add_file->SetToolTip( _("Adds a new certificate authority from the file to the list") ); m_root_ca_add_file->SetToolTip( _("Adds a new certificate authority from the file to the list") );
sb_root_ca_btn->Add( m_root_ca_add_file, 0, wxRIGHT|wxLEFT, 5 ); sb_root_ca_btn->Add( m_root_ca_add_file, 0, wxRIGHT|wxLEFT, 5 );
m_root_ca_remove = new wxButton( sb_server_trust->GetStaticBox(), wxID_ANY, _("&Remove CA"), wxDefaultPosition, wxDefaultSize, 0 ); m_root_ca_remove = new wxButton( sb_server_trust->GetStaticBox(), wxID_ANY, _("&Remove CA"), wxDefaultPosition, wxDefaultSize, 0 );
m_root_ca_remove->Enable( false ); m_root_ca_remove->Enable( false );
m_root_ca_remove->SetToolTip( _("Removes selected certificate authorities from the list") ); m_root_ca_remove->SetToolTip( _("Removes selected certificate authorities from the list") );
sb_root_ca_btn->Add( m_root_ca_remove, 0, wxLEFT, 5 ); sb_root_ca_btn->Add( m_root_ca_remove, 0, wxLEFT, 5 );
sb_root_ca->Add( sb_root_ca_btn, 0, wxALIGN_RIGHT, 5 ); sb_root_ca->Add( sb_root_ca_btn, 0, wxALIGN_RIGHT, 5 );
sb_server_trust_vert->Add( sb_root_ca, 1, wxEXPAND|wxALL, 5 ); sb_server_trust_vert->Add( sb_root_ca, 1, wxEXPAND|wxALL, 5 );
wxBoxSizer* sb_server_names; wxBoxSizer* sb_server_names;
sb_server_names = new wxBoxSizer( wxVERTICAL ); sb_server_names = new wxBoxSizer( wxVERTICAL );
m_server_names_label = new wxStaticText( sb_server_trust->GetStaticBox(), wxID_ANY, _("Acceptable server &names:"), wxDefaultPosition, wxDefaultSize, 0 ); m_server_names_label = new wxStaticText( sb_server_trust->GetStaticBox(), wxID_ANY, _("Acceptable server &names:"), wxDefaultPosition, wxDefaultSize, 0 );
m_server_names_label->Wrap( -1 ); m_server_names_label->Wrap( -1 );
sb_server_names->Add( m_server_names_label, 0, wxBOTTOM, 5 ); sb_server_names->Add( m_server_names_label, 0, wxBOTTOM, 5 );
m_server_names = new wxTextCtrl( sb_server_trust->GetStaticBox(), wxID_ANY, wxEmptyString, wxDefaultPosition, wxDefaultSize, 0 ); m_server_names = new wxTextCtrl( sb_server_trust->GetStaticBox(), wxID_ANY, wxEmptyString, wxDefaultPosition, wxDefaultSize, 0 );
m_server_names->SetToolTip( _("A semicolon delimited list of acceptable server FQDN names; blank to skip name check; \"*\" wildchar allowed") ); m_server_names->SetToolTip( _("A semicolon delimited list of acceptable server FQDN names; blank to skip name check; Unicode characters allowed") );
sb_server_names->Add( m_server_names, 0, wxEXPAND|wxBOTTOM, 5 ); sb_server_names->Add( m_server_names, 0, wxEXPAND|wxBOTTOM, 5 );
m_server_names_note = new wxStaticText( sb_server_trust->GetStaticBox(), wxID_ANY, _("(Example: foo.bar.com;*.domain.org)"), wxDefaultPosition, wxDefaultSize, 0 ); m_server_names_note = new wxStaticText( sb_server_trust->GetStaticBox(), wxID_ANY, _("(Example: foo.bar.com;server2.bar.com)"), wxDefaultPosition, wxDefaultSize, 0 );
m_server_names_note->Wrap( -1 ); m_server_names_note->Wrap( -1 );
sb_server_names->Add( m_server_names_note, 0, wxALIGN_RIGHT, 5 ); sb_server_names->Add( m_server_names_note, 0, wxALIGN_RIGHT, 5 );
sb_server_trust_vert->Add( sb_server_names, 0, wxEXPAND|wxALL, 5 ); sb_server_trust_vert->Add( sb_server_names, 0, wxEXPAND|wxALL, 5 );
sb_server_trust_horiz->Add( sb_server_trust_vert, 1, wxEXPAND, 5 ); sb_server_trust_horiz->Add( sb_server_trust_vert, 1, wxEXPAND, 5 );
sb_server_trust->Add( sb_server_trust_horiz, 1, wxEXPAND, 5 ); sb_server_trust->Add( sb_server_trust_horiz, 1, wxEXPAND, 5 );
this->SetSizer( sb_server_trust ); this->SetSizer( sb_server_trust );
this->Layout(); this->Layout();
// Connect Events // Connect Events
this->Connect( wxEVT_UPDATE_UI, wxUpdateUIEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnUpdateUI ) ); this->Connect( wxEVT_UPDATE_UI, wxUpdateUIEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnUpdateUI ) );
m_root_ca->Connect( wxEVT_COMMAND_LISTBOX_DOUBLECLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCADClick ), NULL, this ); m_root_ca->Connect( wxEVT_COMMAND_LISTBOX_DOUBLECLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCADClick ), NULL, this );
m_root_ca_add_store->Connect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCAAddStore ), NULL, this ); m_root_ca_add_store->Connect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCAAddStore ), NULL, this );
m_root_ca_add_file->Connect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCAAddFile ), NULL, this ); m_root_ca_add_file->Connect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCAAddFile ), NULL, this );
m_root_ca_remove->Connect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCARemove ), NULL, this ); m_root_ca_remove->Connect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCARemove ), NULL, this );
} }
wxEAPTLSServerTrustConfigPanelBase::~wxEAPTLSServerTrustConfigPanelBase() wxEAPTLSServerTrustConfigPanelBase::~wxEAPTLSServerTrustConfigPanelBase()
{ {
// Disconnect Events // Disconnect Events
this->Disconnect( wxEVT_UPDATE_UI, wxUpdateUIEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnUpdateUI ) ); this->Disconnect( wxEVT_UPDATE_UI, wxUpdateUIEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnUpdateUI ) );
m_root_ca->Disconnect( wxEVT_COMMAND_LISTBOX_DOUBLECLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCADClick ), NULL, this ); m_root_ca->Disconnect( wxEVT_COMMAND_LISTBOX_DOUBLECLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCADClick ), NULL, this );
m_root_ca_add_store->Disconnect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCAAddStore ), NULL, this ); m_root_ca_add_store->Disconnect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCAAddStore ), NULL, this );
m_root_ca_add_file->Disconnect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCAAddFile ), NULL, this ); m_root_ca_add_file->Disconnect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCAAddFile ), NULL, this );
m_root_ca_remove->Disconnect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCARemove ), NULL, this ); m_root_ca_remove->Disconnect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCARemove ), NULL, this );
} }
wxTLSCredentialsPanelBase::wxTLSCredentialsPanelBase( wxWindow* parent, wxWindowID id, const wxPoint& pos, const wxSize& size, long style ) : wxPanel( parent, id, pos, size, style ) wxTLSCredentialsPanelBase::wxTLSCredentialsPanelBase( wxWindow* parent, wxWindowID id, const wxPoint& pos, const wxSize& size, long style ) : wxPanel( parent, id, pos, size, style )
{ {
wxStaticBoxSizer* sb_credentials; wxStaticBoxSizer* sb_credentials;
sb_credentials = new wxStaticBoxSizer( new wxStaticBox( this, wxID_ANY, _("TLS Client Certificate") ), wxVERTICAL ); sb_credentials = new wxStaticBoxSizer( new wxStaticBox( this, wxID_ANY, _("TLS Client Certificate") ), wxVERTICAL );
wxBoxSizer* sb_credentials_horiz; wxBoxSizer* sb_credentials_horiz;
sb_credentials_horiz = new wxBoxSizer( wxHORIZONTAL ); sb_credentials_horiz = new wxBoxSizer( wxHORIZONTAL );
m_credentials_icon = new wxStaticBitmap( sb_credentials->GetStaticBox(), wxID_ANY, wxNullBitmap, wxDefaultPosition, wxDefaultSize, 0 ); m_credentials_icon = new wxStaticBitmap( sb_credentials->GetStaticBox(), wxID_ANY, wxNullBitmap, wxDefaultPosition, wxDefaultSize, 0 );
sb_credentials_horiz->Add( m_credentials_icon, 0, wxALL, 5 ); sb_credentials_horiz->Add( m_credentials_icon, 0, wxALL, 5 );
wxBoxSizer* sb_credentials_vert; wxBoxSizer* sb_credentials_vert;
sb_credentials_vert = new wxBoxSizer( wxVERTICAL ); sb_credentials_vert = new wxBoxSizer( wxVERTICAL );
m_credentials_label = new wxStaticText( sb_credentials->GetStaticBox(), wxID_ANY, _("Please select your client certificate to use for authentication."), wxDefaultPosition, wxDefaultSize, 0 ); m_credentials_label = new wxStaticText( sb_credentials->GetStaticBox(), wxID_ANY, _("Please select your client certificate to use for authentication."), wxDefaultPosition, wxDefaultSize, 0 );
m_credentials_label->Wrap( 446 ); m_credentials_label->Wrap( 446 );
sb_credentials_vert->Add( m_credentials_label, 0, wxALL|wxEXPAND, 5 ); sb_credentials_vert->Add( m_credentials_label, 0, wxALL|wxEXPAND, 5 );
wxBoxSizer* sb_cert_radio; wxBoxSizer* sb_cert_radio;
sb_cert_radio = new wxBoxSizer( wxVERTICAL ); sb_cert_radio = new wxBoxSizer( wxVERTICAL );
m_cert_none = new wxRadioButton( sb_credentials->GetStaticBox(), wxID_ANY, _("Co&nnect without providing a client certificate"), wxDefaultPosition, wxDefaultSize, wxRB_GROUP ); m_cert_none = new wxRadioButton( sb_credentials->GetStaticBox(), wxID_ANY, _("Co&nnect without providing a client certificate"), wxDefaultPosition, wxDefaultSize, wxRB_GROUP );
m_cert_none->SetToolTip( _("Select if your server does not require you to provide a client certificate") ); m_cert_none->SetToolTip( _("Select if your server does not require you to provide a client certificate") );
sb_cert_radio->Add( m_cert_none, 1, wxEXPAND, 5 ); sb_cert_radio->Add( m_cert_none, 1, wxEXPAND, 5 );
wxBoxSizer* sb_cert_select; wxBoxSizer* sb_cert_select;
sb_cert_select = new wxBoxSizer( wxHORIZONTAL ); sb_cert_select = new wxBoxSizer( wxHORIZONTAL );
m_cert_select = new wxRadioButton( sb_credentials->GetStaticBox(), wxID_ANY, _("Use the following &certificate:"), wxDefaultPosition, wxDefaultSize, 0 ); m_cert_select = new wxRadioButton( sb_credentials->GetStaticBox(), wxID_ANY, _("Use the following &certificate:"), wxDefaultPosition, wxDefaultSize, 0 );
m_cert_select->SetToolTip( _("Select if you need to provide a client certificate when connecting") ); m_cert_select->SetToolTip( _("Select if you need to provide a client certificate when connecting") );
sb_cert_select->Add( m_cert_select, 0, wxEXPAND, 5 ); sb_cert_select->Add( m_cert_select, 0, wxEXPAND, 5 );
wxArrayString m_cert_select_valChoices; wxArrayString m_cert_select_valChoices;
m_cert_select_val = new wxChoice( sb_credentials->GetStaticBox(), wxID_ANY, wxDefaultPosition, wxDefaultSize, m_cert_select_valChoices, wxCB_SORT ); m_cert_select_val = new wxChoice( sb_credentials->GetStaticBox(), wxID_ANY, wxDefaultPosition, wxDefaultSize, m_cert_select_valChoices, wxCB_SORT );
m_cert_select_val->SetSelection( 0 ); m_cert_select_val->SetSelection( 0 );
m_cert_select_val->SetToolTip( _("Client certificate to use for authentication") ); m_cert_select_val->SetToolTip( _("Client certificate to use for authentication") );
sb_cert_select->Add( m_cert_select_val, 1, wxEXPAND, 5 ); sb_cert_select->Add( m_cert_select_val, 1, wxEXPAND, 5 );
sb_cert_radio->Add( sb_cert_select, 1, wxEXPAND, 5 ); sb_cert_radio->Add( sb_cert_select, 1, wxEXPAND, 5 );
sb_credentials_vert->Add( sb_cert_radio, 0, wxEXPAND|wxALL, 5 ); sb_credentials_vert->Add( sb_cert_radio, 0, wxEXPAND|wxALL, 5 );
m_remember = new wxCheckBox( sb_credentials->GetStaticBox(), wxID_ANY, _("&Remember"), wxDefaultPosition, wxDefaultSize, 0 ); m_remember = new wxCheckBox( sb_credentials->GetStaticBox(), wxID_ANY, _("&Remember"), wxDefaultPosition, wxDefaultSize, 0 );
m_remember->SetHelpText( _("Check if you would like to save certificate selection") ); m_remember->SetHelpText( _("Check if you would like to save certificate selection") );
sb_credentials_vert->Add( m_remember, 0, wxALL|wxEXPAND, 5 ); sb_credentials_vert->Add( m_remember, 0, wxALL|wxEXPAND, 5 );
sb_credentials_horiz->Add( sb_credentials_vert, 1, wxEXPAND, 5 ); sb_credentials_horiz->Add( sb_credentials_vert, 1, wxEXPAND, 5 );
sb_credentials->Add( sb_credentials_horiz, 0, wxEXPAND, 5 ); sb_credentials->Add( sb_credentials_horiz, 0, wxEXPAND, 5 );
this->SetSizer( sb_credentials ); this->SetSizer( sb_credentials );
this->Layout(); this->Layout();
} }
wxTLSCredentialsPanelBase::~wxTLSCredentialsPanelBase() wxTLSCredentialsPanelBase::~wxTLSCredentialsPanelBase()
{ {
} }

3250
lib/TLS_UI/res/wxTLS_UI.fbp
View File

File diff suppressed because it is too large Load Diff

1245
lib/TLS_UI/src/TLS_UI.cpp
View File

File diff suppressed because it is too large Load Diff

3
lib/TTLS/include/Credentials.h
View File

@@ -32,6 +32,7 @@ namespace eap
#include "../../PAP/include/Credentials.h" #include "../../PAP/include/Credentials.h"
#include <memory> #include <memory>
#include <utility>
namespace eap namespace eap
@@ -187,7 +188,7 @@ namespace eap
/// - \c true if credentials were set; /// - \c true if credentials were set;
/// - \c false otherwise /// - \c false otherwise
/// ///
bool combine( std::pair<source_t, source_t> combine(
_In_ const credentials_ttls *cred_cached, _In_ const credentials_ttls *cred_cached,
_In_ const config_method_ttls &cfg, _In_ const config_method_ttls &cfg,
_In_opt_z_ LPCTSTR pszTargetName); _In_opt_z_ LPCTSTR pszTargetName);

16
lib/TTLS/include/Method.h
View File

@@ -63,13 +63,6 @@ namespace eap
/// ///
method_ttls(_In_ module &module, _In_ config_provider_list &cfg, _In_ credentials_ttls &cred); method_ttls(_In_ module &module, _In_ config_provider_list &cfg, _In_ credentials_ttls &cred);
///
/// Copies an EAP method
///
/// \param[in] other EAP method to copy from
///
method_ttls(_In_ const method_ttls &other);
/// ///
/// Moves an EAP method /// Moves an EAP method
/// ///
@@ -77,15 +70,6 @@ namespace eap
/// ///
method_ttls(_Inout_ method_ttls &&other); method_ttls(_Inout_ method_ttls &&other);
///
/// Copies an EAP method
///
/// \param[in] other EAP method to copy from
///
/// \returns Reference to this object
///
method_ttls& operator=(_In_ const method_ttls &other);
/// ///
/// Moves an EAP method /// Moves an EAP method
/// ///

11
lib/TTLS/src/Credentials.cpp
View File

@@ -226,15 +226,12 @@ std::wstring eap::credentials_ttls::get_identity() const
} }
bool eap::credentials_ttls::combine( pair<eap::credentials::source_t, eap::credentials::source_t> eap::credentials_ttls::combine(
_In_ const credentials_ttls *cred_cached, _In_ const credentials_ttls *cred_cached,
_In_ const config_method_ttls &cfg, _In_ const config_method_ttls &cfg,
_In_opt_z_ LPCTSTR pszTargetName) _In_opt_z_ LPCTSTR pszTargetName)
{ {
bool return pair<source_t, source_t>(
is_outer_set = credentials_tls::combine(cred_cached, cfg, pszTargetName), credentials_tls::combine(cred_cached, cfg, pszTargetName),
is_inner_set = dynamic_cast<const credentials_pap*>(m_inner.get()) ? ((credentials_pap*)m_inner.get())->combine(cred_cached ? (credentials_pap*)cred_cached->m_inner.get() : NULL, (const config_method_pap&)*cfg.m_inner, pszTargetName) : source_unknown);
dynamic_cast<const credentials_pap*>(m_inner.get()) ? ((credentials_pap*)m_inner.get())->combine(cred_cached ? (credentials_pap*)cred_cached->m_inner.get() : NULL, (const config_method_pap&)*cfg.m_inner, pszTargetName) : false;
return is_outer_set && is_inner_set;
} }

81
lib/TTLS/src/Method.cpp
View File

@@ -36,14 +36,6 @@ eap::method_ttls::method_ttls(_In_ module &module, _In_ config_provider_list &cf
} }
eap::method_ttls::method_ttls(_In_ const method_ttls &other) :
m_cred(other.m_cred),
m_version(other.m_version),
method_tls(other)
{
}
eap::method_ttls::method_ttls(_Inout_ method_ttls &&other) : eap::method_ttls::method_ttls(_Inout_ method_ttls &&other) :
m_cred(other.m_cred), m_cred(other.m_cred),
m_version(std::move(other.m_version)), m_version(std::move(other.m_version)),
@@ -52,17 +44,6 @@ eap::method_ttls::method_ttls(_Inout_ method_ttls &&other) :
} }
eap::method_ttls& eap::method_ttls::operator=(_In_ const method_ttls &other)
{
if (this != std::addressof(other)) {
(method_tls&)*this = other;
m_version = other.m_version;
}
return *this;
}
eap::method_ttls& eap::method_ttls::operator=(_Inout_ method_ttls &&other) eap::method_ttls& eap::method_ttls::operator=(_Inout_ method_ttls &&other)
{ {
if (this != std::addressof(other)) { if (this != std::addressof(other)) {
@@ -88,28 +69,24 @@ void eap::method_ttls::process_request_packet(
m_module.log_event(&EAPMETHOD_TTLS_HANDSHAKE_START, event_data((unsigned int)eap_type_ttls), event_data((unsigned char)m_version), event_data((unsigned char)ver_remote), event_data::blank); m_module.log_event(&EAPMETHOD_TTLS_HANDSHAKE_START, event_data((unsigned int)eap_type_ttls), event_data((unsigned char)m_version), event_data((unsigned char)ver_remote), event_data::blank);
} }
if (!m_server_finished) { // Do the TLS.
// Do the TLS. method_tls::process_request_packet(pReceivedPacket, dwReceivedPacketSize, pEapOutput);
method_tls::process_request_packet(pReceivedPacket, dwReceivedPacketSize, pEapOutput);
if (m_server_finished) { if (m_phase == phase_application_data) {
// Piggyback inner authentication. // Send inner authentication.
if (!m_cipher_spec) if (!m_state_client.m_alg_encrypt)
throw runtime_error(__FUNCTION__ " Refusing to send credentials unencrypted."); throw runtime_error(__FUNCTION__ " Refusing to send credentials unencrypted.");
m_packet_res.m_code = EapCodeResponse; m_module.log_event(&EAPMETHOD_TTLS_INNER_CRED, event_data((unsigned int)eap_type_ttls), event_data(m_cred.m_inner->get_name()), event_data::blank);
m_packet_res.m_id = m_packet_req.m_id;
m_packet_res.m_flags = 0;
sanitizing_blob client(make_pap_client());
sanitizing_blob application(make_message(tls_message_type_application_data, client, m_cipher_spec));
m_packet_res.m_data.assign(application.begin(), application.end());
pEapOutput->fAllowNotifications = FALSE; m_packet_res.m_code = EapCodeResponse;
pEapOutput->action = EapPeerMethodResponseActionSend; m_packet_res.m_id = m_packet_req.m_id;
} m_packet_res.m_flags = 0;
} else { sanitizing_blob msg_application(make_message(tls_message_type_application_data, make_pap_client()));
// Do the TLS. Again. m_packet_res.m_data.insert(m_packet_res.m_data.end(), msg_application.begin(), msg_application.end());
method_tls::process_request_packet(pReceivedPacket, dwReceivedPacketSize, pEapOutput);
pEapOutput->fAllowNotifications = FALSE;
pEapOutput->action = EapPeerMethodResponseActionSend;
} }
} }
@@ -131,20 +108,36 @@ void eap::method_ttls::get_result(
_In_ EapPeerMethodResultReason reason, _In_ EapPeerMethodResultReason reason,
_Inout_ EapPeerMethodResult *ppResult) _Inout_ EapPeerMethodResult *ppResult)
{ {
if (!m_server_finished) { if (m_phase != phase_application_data) {
// Do the TLS. // Do the TLS.
method_tls::get_result(reason, ppResult); method_tls::get_result(reason, ppResult);
} else { } else {
// The TLS finished, this is inner authentication's bussines.
config_provider &cfg_prov(m_cfg.m_providers.front()); config_provider &cfg_prov(m_cfg.m_providers.front());
config_method_ttls *cfg_method = dynamic_cast<config_method_ttls*>(cfg_prov.m_methods.front().get()); config_method_ttls *cfg_method = dynamic_cast<config_method_ttls*>(cfg_prov.m_methods.front().get());
assert(cfg_method); assert(cfg_method);
// Mark credentials appropriately, so GUI can re-prompt user. switch (reason) {
cfg_method->m_inner->m_cred_failed = reason == EapPeerMethodResultFailure; case EapPeerMethodResultSuccess: {
m_module.log_event(&EAPMETHOD_TTLS_INNER_SUCCESS, event_data((unsigned int)eap_type_ttls), event_data::blank);
cfg_method->m_inner->m_auth_failed = false;
break;
}
case EapPeerMethodResultFailure:
m_module.log_event(&EAPMETHOD_TTLS_INNER_FAILURE, event_data((unsigned int)eap_type_ttls), event_data::blank);
cfg_method->m_inner->m_auth_failed = true;
break;
default:
throw win_runtime_error(ERROR_NOT_SUPPORTED, __FUNCTION__ " Not supported.");
}
// The TLS was OK. // The TLS was OK.
method_tls::get_result(EapPeerMethodResultSuccess, ppResult); method_tls::get_result(EapPeerMethodResultSuccess, ppResult);
// Do not report failure to EAPHost, as it will not save updated configuration then. But we need it to save it, to alert user on next connection attempt.
// EAPHost is well aware of the failed condition.
//if (reason == EapPeerMethodResultFailure) { //if (reason == EapPeerMethodResultFailure) {
// ppResult->fIsSuccess = FALSE; // ppResult->fIsSuccess = FALSE;
// ppResult->dwFailureReasonCode = EAP_E_AUTHENTICATION_FAILED; // ppResult->dwFailureReasonCode = EAP_E_AUTHENTICATION_FAILED;
@@ -172,9 +165,9 @@ void eap::method_ttls::derive_msk()
// //
static const unsigned char s_label[] = "ttls keying material"; static const unsigned char s_label[] = "ttls keying material";
sanitizing_blob seed(s_label, s_label + _countof(s_label) - 1); sanitizing_blob seed(s_label, s_label + _countof(s_label) - 1);
seed.insert(seed.end(), (const unsigned char*)&m_state.m_random_client, (const unsigned char*)(&m_state.m_random_client + 1)); seed.insert(seed.end(), (const unsigned char*)&m_random_client, (const unsigned char*)(&m_random_client + 1));
seed.insert(seed.end(), (const unsigned char*)&m_state.m_random_server, (const unsigned char*)(&m_state.m_random_server + 1)); seed.insert(seed.end(), (const unsigned char*)&m_random_server, (const unsigned char*)(&m_random_server + 1));
sanitizing_blob key_block(prf(m_cp, CALG_TLS1PRF, m_state.m_master_secret, seed, 2*sizeof(tls_random))); sanitizing_blob key_block(prf(m_cp, CALG_TLS1PRF, m_master_secret, seed, 2*sizeof(tls_random)));
const unsigned char *_key_block = key_block.data(); const unsigned char *_key_block = key_block.data();
// MSK: MPPE-Recv-Key // MSK: MPPE-Recv-Key

11
lib/TTLS/src/Module.cpp
View File

@@ -109,14 +109,17 @@ void eap::peer_ttls::get_identity(
{ {
// Combine credentials. // Combine credentials.
user_impersonator impersonating(hTokenImpersonateUser); user_impersonator impersonating(hTokenImpersonateUser);
*pfInvokeUI = cred_out.combine( pair<eap::credentials::source_t, eap::credentials::source_t> cred_source(cred_out.combine(
#ifdef EAP_USE_NATIVE_CREDENTIAL_CACHE #ifdef EAP_USE_NATIVE_CREDENTIAL_CACHE
&cred_in, &cred_in,
#else #else
NULL, NULL,
#endif #endif
*cfg_method, *cfg_method,
(dwFlags & EAP_FLAG_GUEST_ACCESS) == 0 ? cfg_prov.m_id.c_str() : NULL) ? FALSE : TRUE; (dwFlags & EAP_FLAG_GUEST_ACCESS) == 0 ? cfg_prov.m_id.c_str() : NULL));
// If either of credentials is unknown, request UI.
*pfInvokeUI = cred_source.first == eap::credentials::source_unknown || cred_source.second == eap::credentials::source_unknown ? TRUE : FALSE;
} }
if (*pfInvokeUI) { if (*pfInvokeUI) {
@@ -132,14 +135,14 @@ void eap::peer_ttls::get_identity(
// If we got here, we have all credentials we need. But, wait! // If we got here, we have all credentials we need. But, wait!
if (cfg_method->m_cred_failed) { if (cfg_method->m_auth_failed) {
// Outer TLS: Credentials failed on last connection attempt. // Outer TLS: Credentials failed on last connection attempt.
log_event(&EAPMETHOD_TRACE_EVT_CRED_PROBLEM, event_data((unsigned int)eap_type_tls), event_data::blank); log_event(&EAPMETHOD_TRACE_EVT_CRED_PROBLEM, event_data((unsigned int)eap_type_tls), event_data::blank);
*pfInvokeUI = TRUE; *pfInvokeUI = TRUE;
return; return;
} }
if (cfg_method->m_inner->m_cred_failed) { if (cfg_method->m_inner->m_auth_failed) {
// Inner: Credentials failed on last connection attempt. // Inner: Credentials failed on last connection attempt.
log_event(&EAPMETHOD_TRACE_EVT_CRED_PROBLEM, event_data((unsigned int)type_inner), event_data::blank); log_event(&EAPMETHOD_TRACE_EVT_CRED_PROBLEM, event_data((unsigned int)type_inner), event_data::blank);
*pfInvokeUI = TRUE; *pfInvokeUI = TRUE;

13
lib/TTLS_UI/include/TTLS_UI.h
View File

@@ -45,7 +45,6 @@ class wxTTLSCredentialsPanel;
#include <wx/choicebk.h> #include <wx/choicebk.h>
#include <wx/icon.h> #include <wx/icon.h>
#include <wx/scrolwin.h>
#include <wx/stattext.h> #include <wx/stattext.h>
#include <Windows.h> #include <Windows.h>
@@ -74,32 +73,28 @@ protected:
}; };
class wxTTLSConfigWindow : public wxScrolledWindow class wxTTLSConfigWindow : public wxEAPConfigWindow
{ {
public: public:
/// ///
/// Constructs a configuration panel /// Constructs a configuration panel
/// ///
/// \param[in] prov Provider configuration data
/// \param[inout] cfg Configuration data /// \param[inout] cfg Configuration data
/// \param[in] pszCredTarget Target name of credentials in Windows Credential Manager. Can be further decorated to create final target name. /// \param[in] pszCredTarget Target name of credentials in Windows Credential Manager. Can be further decorated to create final target name.
/// \param[in] parent Parent window /// \param[in] parent Parent window
/// ///
wxTTLSConfigWindow(const eap::config_provider &prov, eap::config_method &cfg, LPCTSTR pszCredTarget, wxWindow* parent); wxTTLSConfigWindow(const eap::config_provider &prov, eap::config_method &cfg, LPCTSTR pszCredTarget, wxWindow* parent);
///
/// Destructs the configuration panel
///
virtual ~wxTTLSConfigWindow();
protected: protected:
/// \cond internal /// \cond internal
virtual bool TransferDataToWindow(); virtual bool TransferDataToWindow();
virtual bool TransferDataFromWindow(); virtual bool TransferDataFromWindow();
virtual void OnInitDialog(wxInitDialogEvent& event); virtual void OnInitDialog(wxInitDialogEvent& event);
virtual void OnUpdateUI(wxUpdateUIEvent& event);
/// \endcond /// \endcond
protected: protected:
const eap::config_provider &m_prov; ///< EAP provider
eap::config_method_ttls &m_cfg; ///< TTLS configuration eap::config_method_ttls &m_cfg; ///< TTLS configuration
wxStaticText *m_outer_title; ///< Outer authentication title wxStaticText *m_outer_title; ///< Outer authentication title
wxTTLSConfigPanel *m_outer_identity; ///< Outer identity configuration panel wxTTLSConfigPanel *m_outer_identity; ///< Outer identity configuration panel
@@ -108,7 +103,7 @@ protected:
wxChoicebook *m_inner_type; ///< Inner authentication type wxChoicebook *m_inner_type; ///< Inner authentication type
// Temporary inner method configurations to hold data until applied // Temporary inner method configurations to hold data until applied
eap::config_method_pap m_cfg_pap; ///< PAP configuration eap::config_method_pap m_cfg_pap; ///< PAP configuration
}; };

37
lib/TTLS_UI/src/Module.cpp
View File

@@ -83,8 +83,26 @@ void eap::peer_ttls_ui::invoke_config_ui(
{ {
// Unpack configuration. // Unpack configuration.
config_provider_list cfg(*this); config_provider_list cfg(*this);
if (dwConnectionDataInSize) if (dwConnectionDataInSize) {
// Load existing configuration.
unpack(cfg, pConnectionDataIn, dwConnectionDataInSize); unpack(cfg, pConnectionDataIn, dwConnectionDataInSize);
} else {
// This is a blank network profile. Create default configuraton.
// Start with PAP inner configuration.
unique_ptr<config_method_ttls> cfg_method(new config_method_ttls(*this));
cfg_method->m_inner.reset(new config_method_pap(*this));
cfg_method->m_anonymous_identity = L"@";
cfg_method->m_use_preshared = true;
cfg_method->m_preshared.reset(new credentials_tls(*this));
// Start with one method.
config_provider cfg_provider(*this);
cfg_provider.m_methods.push_back(std::move(cfg_method));
// Start with one provider.
cfg.m_providers.push_back(std::move(cfg_provider));
}
// Initialize application. // Initialize application.
new wxApp(); new wxApp();
@@ -163,14 +181,14 @@ void eap::peer_ttls_ui::invoke_identity_ui(
} }
// Combine credentials. // Combine credentials.
cred_out.combine( pair<eap::credentials::source_t, eap::credentials::source_t> cred_source(cred_out.combine(
#ifdef EAP_USE_NATIVE_CREDENTIAL_CACHE #ifdef EAP_USE_NATIVE_CREDENTIAL_CACHE
&cred_in, &cred_in,
#else #else
NULL, NULL,
#endif #endif
*cfg_method, *cfg_method,
(dwFlags & EAP_FLAG_GUEST_ACCESS) == 0 ? cfg_prov.m_id.c_str() : NULL); (dwFlags & EAP_FLAG_GUEST_ACCESS) == 0 ? cfg_prov.m_id.c_str() : NULL));
if (dwFlags & EAP_FLAG_GUEST_ACCESS) { if (dwFlags & EAP_FLAG_GUEST_ACCESS) {
// Disable credential saving for guests. // Disable credential saving for guests.
@@ -190,10 +208,18 @@ void eap::peer_ttls_ui::invoke_identity_ui(
parent.AdoptAttributesFromHWND(); parent.AdoptAttributesFromHWND();
wxTopLevelWindows.Append(&parent); wxTopLevelWindows.Append(&parent);
// Create and launch credentials dialog. // Create credentials dialog.
wxEAPCredentialsDialog dlg(cfg_prov, &parent); wxEAPCredentialsDialog dlg(cfg_prov, &parent);
wxTTLSCredentialsPanel *panel = new wxTTLSCredentialsPanel(cfg_prov, *cfg_method, cred_out, cfg_prov.m_id.c_str(), &dlg); wxTTLSCredentialsPanel *panel = new wxTTLSCredentialsPanel(cfg_prov, *cfg_method, cred_out, cfg_prov.m_id.c_str(), &dlg);
dlg.AddContents((wxPanel**)&panel, 1); dlg.AddContent(panel);
// Set "Remember" checkboxes according to credential source,
panel->m_outer_cred->SetRememberValue(cred_source.first == eap::credentials::source_storage);
wxPAPCredentialsPanel *panel_inner_cred_pap = dynamic_cast<wxPAPCredentialsPanel*>(panel->m_inner_cred);
if (panel_inner_cred_pap)
panel_inner_cred_pap->SetRememberValue(cred_source.second == eap::credentials::source_storage);
// Centre and display dialog.
dlg.Centre(wxBOTH); dlg.Centre(wxBOTH);
result = dlg.ShowModal(); result = dlg.ShowModal();
if (result == wxID_OK) { if (result == wxID_OK) {
@@ -208,7 +234,6 @@ void eap::peer_ttls_ui::invoke_identity_ui(
} }
} }
wxPAPCredentialsPanel *panel_inner_cred_pap = dynamic_cast<wxPAPCredentialsPanel*>(panel->m_inner_cred);
if (panel_inner_cred_pap && panel_inner_cred_pap->GetRememberValue()) { if (panel_inner_cred_pap && panel_inner_cred_pap->GetRememberValue()) {
try { try {
cred_out.m_inner->store(cfg_prov.m_id.c_str()); cred_out.m_inner->store(cfg_prov.m_id.c_str());

59
lib/TTLS_UI/src/TTLS_UI.cpp
View File

@@ -38,14 +38,6 @@ wxTTLSConfigPanel::wxTTLSConfigPanel(const eap::config_provider &prov, eap::conf
bool wxTTLSConfigPanel::TransferDataToWindow() bool wxTTLSConfigPanel::TransferDataToWindow()
{ {
if (m_prov.m_read_only) {
// This is provider-locked configuration. Disable controls.
m_outer_identity_same ->Enable(false);
m_outer_identity_empty ->Enable(false);
m_outer_identity_custom ->Enable(false);
m_outer_identity_custom_val->Enable(false);
}
// Populate identity controls. // Populate identity controls.
if (m_cfg.m_anonymous_identity.empty()) { if (m_cfg.m_anonymous_identity.empty()) {
m_outer_identity_same->SetValue(true); m_outer_identity_same->SetValue(true);
@@ -82,8 +74,17 @@ void wxTTLSConfigPanel::OnUpdateUI(wxUpdateUIEvent& event)
{ {
UNREFERENCED_PARAMETER(event); UNREFERENCED_PARAMETER(event);
if (!m_prov.m_read_only) { if (m_prov.m_read_only) {
// This is provider-locked configuration. Disable controls.
m_outer_identity_same ->Enable(false);
m_outer_identity_empty ->Enable(false);
m_outer_identity_custom ->Enable(false);
m_outer_identity_custom_val->Enable(false);
} else {
// This is not a provider-locked configuration. Selectively enable/disable controls. // This is not a provider-locked configuration. Selectively enable/disable controls.
m_outer_identity_same ->Enable(true);
m_outer_identity_empty ->Enable(true);
m_outer_identity_custom ->Enable(true);
m_outer_identity_custom_val->Enable(m_outer_identity_custom->GetValue()); m_outer_identity_custom_val->Enable(m_outer_identity_custom->GetValue());
} }
} }
@@ -94,10 +95,9 @@ void wxTTLSConfigPanel::OnUpdateUI(wxUpdateUIEvent& event)
////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////
wxTTLSConfigWindow::wxTTLSConfigWindow(const eap::config_provider &prov, eap::config_method &cfg, LPCTSTR pszCredTarget, wxWindow* parent) : wxTTLSConfigWindow::wxTTLSConfigWindow(const eap::config_provider &prov, eap::config_method &cfg, LPCTSTR pszCredTarget, wxWindow* parent) :
m_prov(prov),
m_cfg((eap::config_method_ttls&)cfg), m_cfg((eap::config_method_ttls&)cfg),
m_cfg_pap(cfg.m_module), m_cfg_pap(cfg.m_module),
wxScrolledWindow(parent, wxID_ANY, wxDefaultPosition, wxDefaultSize, wxVSCROLL) wxEAPConfigWindow(prov, cfg, parent)
{ {
wxBoxSizer* sb_content; wxBoxSizer* sb_content;
sb_content = new wxBoxSizer( wxVERTICAL ); sb_content = new wxBoxSizer( wxVERTICAL );
@@ -112,7 +112,8 @@ wxTTLSConfigWindow::wxTTLSConfigWindow(const eap::config_provider &prov, eap::co
m_inner_type = new wxChoicebook(this, wxID_ANY, wxDefaultPosition, wxDefaultSize, wxCHB_DEFAULT); m_inner_type = new wxChoicebook(this, wxID_ANY, wxDefaultPosition, wxDefaultSize, wxCHB_DEFAULT);
m_inner_type->SetToolTip( _("Select inner authentication method from the list") ); m_inner_type->SetToolTip( _("Select inner authentication method from the list") );
m_inner_type->AddPage(new wxPAPConfigPanel(m_prov, m_cfg_pap, pszCredTarget, m_inner_type), _("PAP")); wxPAPConfigPanel *panel_pap = new wxPAPConfigPanel(m_prov, m_cfg_pap, pszCredTarget, m_inner_type);
m_inner_type->AddPage(panel_pap, _("PAP"));
sb_content->Add(m_inner_type, 0, wxALL|wxEXPAND, 5); sb_content->Add(m_inner_type, 0, wxALL|wxEXPAND, 5);
sb_content->Add(20, 20, 1, wxALL|wxEXPAND, 5); sb_content->Add(20, 20, 1, wxALL|wxEXPAND, 5);
@@ -135,32 +136,17 @@ wxTTLSConfigWindow::wxTTLSConfigWindow(const eap::config_provider &prov, eap::co
size.y = 500; size.y = 500;
} }
this->SetMinSize(size); this->SetMinSize(size);
this->SetScrollRate(5, 5);
this->SetSizer(sb_content); this->SetSizer(sb_content);
this->Layout(); this->Layout();
m_inner_type->SetFocusFromKbd(); // m_inner_type->SetFocusFromKbd(); // This control steals mouse-wheel scrolling for itself
panel_pap->SetFocusFromKbd();
// Connect Events
this->Connect(wxEVT_INIT_DIALOG, wxInitDialogEventHandler(wxTTLSConfigWindow::OnInitDialog));
}
wxTTLSConfigWindow::~wxTTLSConfigWindow()
{
// Disconnect Events
this->Disconnect(wxEVT_INIT_DIALOG, wxInitDialogEventHandler(wxTTLSConfigWindow::OnInitDialog));
} }
bool wxTTLSConfigWindow::TransferDataToWindow() bool wxTTLSConfigWindow::TransferDataToWindow()
{ {
if (m_prov.m_read_only) {
// This is provider-locked configuration. Disable controls.
m_inner_type->GetChoiceCtrl()->Enable(false);
}
eap::config_method_pap *cfg_pap = dynamic_cast<eap::config_method_pap*>(m_cfg.m_inner.get()); eap::config_method_pap *cfg_pap = dynamic_cast<eap::config_method_pap*>(m_cfg.m_inner.get());
if (cfg_pap) { if (cfg_pap) {
m_cfg_pap = *cfg_pap; m_cfg_pap = *cfg_pap;
@@ -196,8 +182,7 @@ bool wxTTLSConfigWindow::TransferDataFromWindow()
void wxTTLSConfigWindow::OnInitDialog(wxInitDialogEvent& event) void wxTTLSConfigWindow::OnInitDialog(wxInitDialogEvent& event)
{ {
// Call TransferDataToWindow() manually, as wxScrolledWindow somehow skips that. wxEAPConfigWindow::OnInitDialog(event);
TransferDataToWindow();
// Forward the event to child panels. // Forward the event to child panels.
m_outer_identity->GetEventHandler()->ProcessEvent(event); m_outer_identity->GetEventHandler()->ProcessEvent(event);
@@ -207,6 +192,14 @@ void wxTTLSConfigWindow::OnInitDialog(wxInitDialogEvent& event)
} }
void wxTTLSConfigWindow::OnUpdateUI(wxUpdateUIEvent& event)
{
wxEAPConfigWindow::OnUpdateUI(event);
m_inner_type->GetChoiceCtrl()->Enable(!m_prov.m_read_only);
}
////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////
// wxTTLSCredentialsPanel // wxTTLSCredentialsPanel
////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////
@@ -226,7 +219,7 @@ wxTTLSCredentialsPanel::wxTTLSCredentialsPanel(const eap::config_provider &prov,
assert(m_cfg.m_inner); assert(m_cfg.m_inner);
if (m_cfg.m_inner->m_cred_failed) if (m_cfg.m_inner->m_auth_failed)
sb_content->Add(new wxEAPCredentialWarningPanel(m_prov, this), 0, wxALL|wxEXPAND, 5); sb_content->Add(new wxEAPCredentialWarningPanel(m_prov, this), 0, wxALL|wxEXPAND, 5);
const eap::config_method_pap *cfg_inner_pap = dynamic_cast<const eap::config_method_pap*>(m_cfg.m_inner.get()); const eap::config_method_pap *cfg_inner_pap = dynamic_cast<const eap::config_method_pap*>(m_cfg.m_inner.get());
@@ -245,7 +238,7 @@ wxTTLSCredentialsPanel::wxTTLSCredentialsPanel(const eap::config_provider &prov,
m_outer_title->SetForegroundColour( wxSystemSettings::GetColour( wxSYS_COLOUR_INACTIVECAPTION ) ); m_outer_title->SetForegroundColour( wxSystemSettings::GetColour( wxSYS_COLOUR_INACTIVECAPTION ) );
sb_content->Add(m_outer_title, 0, wxALL|wxALIGN_RIGHT, 5); sb_content->Add(m_outer_title, 0, wxALL|wxALIGN_RIGHT, 5);
if (m_cfg.m_cred_failed) if (m_cfg.m_auth_failed)
sb_content->Add(new wxEAPCredentialWarningPanel(m_prov, this), 0, wxALL|wxEXPAND, 5); sb_content->Add(new wxEAPCredentialWarningPanel(m_prov, this), 0, wxALL|wxEXPAND, 5);
m_outer_cred = new wxTLSCredentialsPanel(m_prov, (const eap::config_method_tls&)m_cfg, (eap::credentials_tls&)cred, pszCredTarget, this, is_config); m_outer_cred = new wxTLSCredentialsPanel(m_prov, (const eap::config_method_tls&)m_cfg, (eap::credentials_tls&)cred, pszCredTarget, this, is_config);

2
lib/WinStd

Submodule lib/WinStd updated: dfbe66a826...f94b72379e