Amebis/GEANTLink
Amebis/GEANTLink
1
1
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases 50 Wiki Activity

Compare commits

base: Amebis:master
Branches Tags
Amebis:master
Amebis:ver1.0
Amebis:ver1.1
Amebis:1.3g
Amebis:1.3f
Amebis:1.3e
Amebis:1.3d
Amebis:1.3c
Amebis:1.3b
Amebis:1.3a
Amebis:1.3
Amebis:1.2g
Amebis:1.2f
Amebis:1.1h
Amebis:1.0i
Amebis:1.2e
Amebis:1.1g
Amebis:1.0h
Amebis:1.2d
Amebis:1.1f
Amebis:1.0g
Amebis:1.2c
Amebis:1.1e
Amebis:1.0f
Amebis:1.2b
Amebis:1.1d
Amebis:1.0e
Amebis:1.2a
Amebis:1.1c
Amebis:1.0d
Amebis:1.2
Amebis:1.1b
Amebis:1.0c
Amebis:1.2-beta2
Amebis:1.2-beta1
Amebis:1.2-beta
Amebis:1.1a
Amebis:1.0b
Amebis:1.1
Amebis:1.1-beta2
Amebis:1.1-beta1
Amebis:1.0a
Amebis:1.1-beta
Amebis:1.0
Amebis:1.0-beta8
Amebis:1.0-beta7
Amebis:1.0-beta6
Amebis:1.0-beta5
Amebis:1.0-beta4
Amebis:1.0-beta3
Amebis:1.0-beta2
Amebis:1.0-beta1
Amebis:1.0-beta
Amebis:1.0-alpha17
Amebis:1.0-alpha16
Amebis:1.0-alpha15
Amebis:1.0-alpha14
Amebis:1.0-alpha13
Amebis:1.0-alpha12
Amebis:1.0-alpha11
Amebis:1.0-alpha10
Amebis:1.0-alpha10-owntls
Amebis:1.0-alpha9
Amebis:1.0-alpha8
Amebis:1.0-alpha7
Amebis:1.0-alpha6
Amebis:1.0-alpha5
Amebis:1.0-alpha4
Amebis:1.0-alpha3
Amebis:1.0-alpha2
Amebis:1.0-alpha1
Amebis:1.0-alpha0
...
compare: Amebis:1.0-alpha10-owntls
Branches Tags
Amebis:master
Amebis:ver1.0
Amebis:ver1.1
Amebis:1.3g
Amebis:1.3f
Amebis:1.3e
Amebis:1.3d
Amebis:1.3c
Amebis:1.3b
Amebis:1.3a
Amebis:1.3
Amebis:1.2g
Amebis:1.2f
Amebis:1.1h
Amebis:1.0i
Amebis:1.2e
Amebis:1.1g
Amebis:1.0h
Amebis:1.2d
Amebis:1.1f
Amebis:1.0g
Amebis:1.2c
Amebis:1.1e
Amebis:1.0f
Amebis:1.2b
Amebis:1.1d
Amebis:1.0e
Amebis:1.2a
Amebis:1.1c
Amebis:1.0d
Amebis:1.2
Amebis:1.1b
Amebis:1.0c
Amebis:1.2-beta2
Amebis:1.2-beta1
Amebis:1.2-beta
Amebis:1.1a
Amebis:1.0b
Amebis:1.1
Amebis:1.1-beta2
Amebis:1.1-beta1
Amebis:1.0a
Amebis:1.1-beta
Amebis:1.0
Amebis:1.0-beta8
Amebis:1.0-beta7
Amebis:1.0-beta6
Amebis:1.0-beta5
Amebis:1.0-beta4
Amebis:1.0-beta3
Amebis:1.0-beta2
Amebis:1.0-beta1
Amebis:1.0-beta
Amebis:1.0-alpha17
Amebis:1.0-alpha16
Amebis:1.0-alpha15
Amebis:1.0-alpha14
Amebis:1.0-alpha13
Amebis:1.0-alpha12
Amebis:1.0-alpha11
Amebis:1.0-alpha10
Amebis:1.0-alpha10-owntls
Amebis:1.0-alpha9
Amebis:1.0-alpha8
Amebis:1.0-alpha7
Amebis:1.0-alpha6
Amebis:1.0-alpha5
Amebis:1.0-alpha4
Amebis:1.0-alpha3
Amebis:1.0-alpha2
Amebis:1.0-alpha1
Amebis:1.0-alpha0

7 Commits
master ... 1.0-alpha1

Author SHA1 Message Date
Simon Rozman
e4c3f5cbd8 Version set to 1.0-alpha10-owntls 2016-08-23 14:52:26 +02:00
Simon Rozman
1df98af5a1 Event descriptors updated 2016-08-23 14:48:47 +02:00
Simon Rozman
3cbd749966 Sub-module update 2016-08-23 14:46:06 +02:00
Simon Rozman
2125679385 Server certificate name check extended to search for the name in the subjectAltName(2) extension first; only when none present, compares against Common Name 2016-08-23 14:43:07 +02:00
Simon Rozman
fb5d969c2b Support for the wild-char certificate names dropped 2016-08-23 14:42:43 +02:00
Simon Rozman
f39cb94ee5 Server names can be Unicode now 2016-08-23 14:42:11 +02:00
Simon Rozman
59768e8097 Cipher suite list size is now in number of elements, not bytes 2016-08-23 14:41:25 +02:00
10 changed files with 4891 additions and 4855 deletions
Show Stats Expand all files Collapse all files

10
include/Version.h
View File

@ -29,7 +29,7 @@
// Product version as a single DWORD
// Note: Used for version comparison within C/C++ code.
//
#define PRODUCT_VERSION 0x00ff0900
#define PRODUCT_VERSION 0x00ff0a00
//
// Product version by components
@ -39,26 +39,26 @@
//
#define PRODUCT_VERSION_MAJ 0
#define PRODUCT_VERSION_MIN 255
#define PRODUCT_VERSION_REV 9
#define PRODUCT_VERSION_REV 10
#define PRODUCT_VERSION_BUILD 0
//
// Human readable product version and build year for UI
//
#define PRODUCT_VERSION_STR "1.0-alpha9"
#define PRODUCT_VERSION_STR "1.0-alpha10-owntls"
#define PRODUCT_BUILD_YEAR_STR "2016"
//
// Numerical version presentation for ProductVersion propery in
// MSI packages (syntax: N.N[.N[.N]])
//
#define PRODUCT_VERSION_INST "0.255.9"
#define PRODUCT_VERSION_INST "0.255.10"
//
// The product code for ProductCode property in MSI packages
// Replace with new on every version change, regardless how minor it is.
//
#define PRODUCT_VERSION_GUID "{E6169375-3FA7-443A-921A-44105A94201C}"
#define PRODUCT_VERSION_GUID "{C3675615-0D70-47C7-9BCB-B683A77C6ED6}"
//
// Since the product name is not finally confirmed at the time of

BIN
lib/Events/res/EventsETW.man
View File

Binary file not shown.

352
lib/TLS/include/Config.h
View File

@ -1,176 +1,176 @@
/*
Copyright 2015-2016 Amebis
Copyright 2016 GÉANT
This file is part of GÉANTLink.
GÉANTLink is free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
GÉANTLink is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
*/
#include <WinStd/Common.h>
#include <Windows.h>
#include <WinCrypt.h> // Must include after <Windows.h>
#include <sal.h>
namespace eap
{
///
/// TLS configuration
///
class config_method_tls;
///
/// Helper function to compile human-readable certificate name for UI display
///
winstd::tstring get_cert_title(PCCERT_CONTEXT cert);
}
#pragma once
#include "Credentials.h"
#include "Method.h"
#include "TLS.h"
#include "../../EAPBase/include/Config.h"
#include <WinStd/Crypt.h>
#include <Windows.h>
#include <list>
#include <string>
namespace eap
{
class config_method_tls : public config_method_with_cred
{
public:
///
/// Constructs configuration
///
/// \param[in] mod EAP module to use for global services
///
config_method_tls(_In_ module &mod);
///
/// Copies configuration
///
/// \param[in] other Configuration to copy from
///
config_method_tls(_In_ const config_method_tls &other);
///
/// Moves configuration
///
/// \param[in] other Configuration to move from
///
config_method_tls(_Inout_ config_method_tls &&other);
///
/// Copies configuration
///
/// \param[in] other Configuration to copy from
///
/// \returns Reference to this object
///
config_method_tls& operator=(_In_ const config_method_tls &other);
///
/// Moves configuration
///
/// \param[in] other Configuration to move from
///
/// \returns Reference to this object
///
config_method_tls& operator=(_Inout_ config_method_tls &&other);
///
/// Clones configuration
///
/// \returns Pointer to cloned configuration
///
virtual config* clone() const;
/// \name XML configuration management
/// @{
///
/// Save to XML document
///
/// \param[in] pDoc XML document
/// \param[in] pConfigRoot Suggested root element for saving
///
virtual void save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const;
///
/// Load from XML document
///
/// \param[in] pConfigRoot Root element for loading
///
virtual void load(_In_ IXMLDOMNode *pConfigRoot);
/// @}
/// \name BLOB management
/// @{
///
/// Packs a configuration
///
/// \param[inout] cursor Memory cursor
///
virtual void operator<<(_Inout_ cursor_out &cursor) const;
///
/// Returns packed size of a configuration
///
/// \returns Size of data when packed (in bytes)
///
virtual size_t get_pk_size() const;
///
/// Unpacks a configuration
///
/// \param[inout] cursor Memory cursor
///
virtual void operator>>(_Inout_ cursor_in &cursor);
/// @}
///
/// Returns EAP method type of this configuration
///
/// \returns `eap::type_tls`
///
virtual winstd::eap_type_t get_method_id() const;
///
/// Adds CA to the list of trusted root CA's
///
/// \sa [CertCreateCertificateContext function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa376033.aspx)
///
bool add_trusted_ca(_In_ DWORD dwCertEncodingType, _In_ const BYTE *pbCertEncoded, _In_ DWORD cbCertEncoded);
public:
std::list<winstd::cert_context> m_trusted_root_ca; ///< Trusted root CAs
std::list<std::string> m_server_names; ///< Acceptable authenticating server names
// Following members are used for session resumptions. They are not exported/imported to XML.
sanitizing_blob m_session_id; ///< TLS session ID
tls_master_secret m_master_secret; ///< TLS master secret
};
}
/*
Copyright 2015-2016 Amebis
Copyright 2016 GÉANT
This file is part of GÉANTLink.
GÉANTLink is free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
GÉANTLink is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
*/
#include <WinStd/Common.h>
#include <Windows.h>
#include <WinCrypt.h> // Must include after <Windows.h>
#include <sal.h>
namespace eap
{
///
/// TLS configuration
///
class config_method_tls;
///
/// Helper function to compile human-readable certificate name for UI display
///
winstd::tstring get_cert_title(PCCERT_CONTEXT cert);
}
#pragma once
#include "Credentials.h"
#include "Method.h"
#include "TLS.h"
#include "../../EAPBase/include/Config.h"
#include <WinStd/Crypt.h>
#include <Windows.h>
#include <list>
#include <string>
namespace eap
{
class config_method_tls : public config_method_with_cred
{
public:
///
/// Constructs configuration
///
/// \param[in] mod EAP module to use for global services
///
config_method_tls(_In_ module &mod);
///
/// Copies configuration
///
/// \param[in] other Configuration to copy from
///
config_method_tls(_In_ const config_method_tls &other);
///
/// Moves configuration
///
/// \param[in] other Configuration to move from
///
config_method_tls(_Inout_ config_method_tls &&other);
///
/// Copies configuration
///
/// \param[in] other Configuration to copy from
///
/// \returns Reference to this object
///
config_method_tls& operator=(_In_ const config_method_tls &other);
///
/// Moves configuration
///
/// \param[in] other Configuration to move from
///
/// \returns Reference to this object
///
config_method_tls& operator=(_Inout_ config_method_tls &&other);
///
/// Clones configuration
///
/// \returns Pointer to cloned configuration
///
virtual config* clone() const;
/// \name XML configuration management
/// @{
///
/// Save to XML document
///
/// \param[in] pDoc XML document
/// \param[in] pConfigRoot Suggested root element for saving
///
virtual void save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const;
///
/// Load from XML document
///
/// \param[in] pConfigRoot Root element for loading
///
virtual void load(_In_ IXMLDOMNode *pConfigRoot);
/// @}
/// \name BLOB management
/// @{
///
/// Packs a configuration
///
/// \param[inout] cursor Memory cursor
///
virtual void operator<<(_Inout_ cursor_out &cursor) const;
///
/// Returns packed size of a configuration
///
/// \returns Size of data when packed (in bytes)
///
virtual size_t get_pk_size() const;
///
/// Unpacks a configuration
///
/// \param[inout] cursor Memory cursor
///
virtual void operator>>(_Inout_ cursor_in &cursor);
/// @}
///
/// Returns EAP method type of this configuration
///
/// \returns `eap::type_tls`
///
virtual winstd::eap_type_t get_method_id() const;
///
/// Adds CA to the list of trusted root CA's
///
/// \sa [CertCreateCertificateContext function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa376033.aspx)
///
bool add_trusted_ca(_In_ DWORD dwCertEncodingType, _In_ const BYTE *pbCertEncoded, _In_ DWORD cbCertEncoded);
public:
std::list<winstd::cert_context> m_trusted_root_ca; ///< Trusted root CAs
std::list<std::wstring> m_server_names; ///< Acceptable authenticating server names
// Following members are used for session resumptions. They are not exported/imported to XML.
sanitizing_blob m_session_id; ///< TLS session ID
tls_master_secret m_master_secret; ///< TLS master secret
};
}

603
lib/TLS/src/Config.cpp
View File

@ -1,305 +1,298 @@
/*
Copyright 2015-2016 Amebis
Copyright 2016 GÉANT
This file is part of GÉANTLink.
GÉANTLink is free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
GÉANTLink is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
*/
#include "StdAfx.h"
#pragma comment(lib, "Cryptui.lib")
using namespace std;
using namespace winstd;
//////////////////////////////////////////////////////////////////////
// eap::get_cert_title
//////////////////////////////////////////////////////////////////////
tstring eap::get_cert_title(PCCERT_CONTEXT cert)
{
tstring name, str, issuer, title;
FILETIME ft;
SYSTEMTIME st;
// Prepare certificate information
CertGetNameString(cert, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, NULL, name);
title += name;
FileTimeToLocalFileTime(&(cert->pCertInfo->NotBefore), &ft);
FileTimeToSystemTime(&ft, &st);
GetDateFormat(LOCALE_USER_DEFAULT, DATE_SHORTDATE, &st, NULL, str);
title += _T(", ");
title += str;
FileTimeToLocalFileTime(&(cert->pCertInfo->NotAfter ), &ft);
FileTimeToSystemTime(&ft, &st);
GetDateFormat(LOCALE_USER_DEFAULT, DATE_SHORTDATE, &st, NULL, str);
title += _T('-');
title += str;
CertGetNameString(cert, CERT_NAME_SIMPLE_DISPLAY_TYPE, CERT_NAME_ISSUER_FLAG, NULL, issuer);
if (name != issuer) {
title += _T(", ");
title += issuer;
}
return title;
}
//////////////////////////////////////////////////////////////////////
// eap::config_method_tls
//////////////////////////////////////////////////////////////////////
eap::config_method_tls::config_method_tls(_In_ module &mod) : config_method_with_cred(mod)
{
m_preshared.reset(new credentials_tls(mod));
}
eap::config_method_tls::config_method_tls(_In_ const config_method_tls &other) :
m_trusted_root_ca(other.m_trusted_root_ca),
m_server_names(other.m_server_names),
m_session_id(other.m_session_id),
m_master_secret(other.m_master_secret),
config_method_with_cred(other)
{
}
eap::config_method_tls::config_method_tls(_Inout_ config_method_tls &&other) :
m_trusted_root_ca(std::move(other.m_trusted_root_ca)),
m_server_names(std::move(other.m_server_names)),
m_session_id(std::move(other.m_session_id)),
m_master_secret(std::move(other.m_master_secret)),
config_method_with_cred(std::move(other))
{
}
eap::config_method_tls& eap::config_method_tls::operator=(_In_ const config_method_tls &other)
{
if (this != &other) {
(config_method_with_cred&)*this = other;
m_trusted_root_ca = other.m_trusted_root_ca;
m_server_names = other.m_server_names;
m_session_id = other.m_session_id;
m_master_secret = other.m_master_secret;
}
return *this;
}
eap::config_method_tls& eap::config_method_tls::operator=(_Inout_ config_method_tls &&other)
{
if (this != &other) {
(config_method_with_cred&&)*this = std::move(other);
m_trusted_root_ca = std::move(other.m_trusted_root_ca);
m_server_names = std::move(other.m_server_names);
m_session_id = std::move(other.m_session_id);
m_master_secret = std::move(other.m_master_secret);
}
return *this;
}
eap::config* eap::config_method_tls::clone() const
{
return new config_method_tls(*this);
}
void eap::config_method_tls::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const
{
assert(pDoc);
assert(pConfigRoot);
config_method_with_cred::save(pDoc, pConfigRoot);
const bstr bstrNamespace(L"urn:ietf:params:xml:ns:yang:ietf-eap-metadata");
HRESULT hr;
// <ServerSideCredential>
com_obj<IXMLDOMElement> pXmlElServerSideCredential;
if (FAILED(hr = eapxml::create_element(pDoc, pConfigRoot, bstr(L"eap-metadata:ServerSideCredential"), bstr(L"ServerSideCredential"), bstrNamespace, &pXmlElServerSideCredential)))
throw com_runtime_error(hr, __FUNCTION__ " Error creating <ServerSideCredential> element.");
for (list<cert_context>::const_iterator i = m_trusted_root_ca.begin(), i_end = m_trusted_root_ca.end(); i != i_end; ++i) {
// <CA>
com_obj<IXMLDOMElement> pXmlElCA;
if (FAILED(hr = eapxml::create_element(pDoc, bstr(L"CA"), bstrNamespace, &pXmlElCA)))
throw com_runtime_error(hr, __FUNCTION__ " Error creating <CA> element.");
// <CA>/<format>
if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElCA, bstr(L"format"), bstrNamespace, bstr(L"PEM"))))
throw com_runtime_error(hr, __FUNCTION__ " Error creating <format> element.");
// <CA>/<cert-data>
const cert_context &cc = *i;
if (FAILED(hr = eapxml::put_element_base64(pDoc, pXmlElCA, bstr(L"cert-data"), bstrNamespace, cc->pbCertEncoded, cc->cbCertEncoded)))
throw com_runtime_error(hr, __FUNCTION__ " Error creating <cert-data> element.");
if (FAILED(hr = pXmlElServerSideCredential->appendChild(pXmlElCA, NULL)))
throw com_runtime_error(hr, __FUNCTION__ " Error appending <CA> element.");
}
// <ServerName>
for (list<string>::const_iterator i = m_server_names.begin(), i_end = m_server_names.end(); i != i_end; ++i) {
wstring str;
MultiByteToWideChar(CP_UTF8, 0, i->c_str(), (int)i->length(), str);
if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElServerSideCredential, bstr(L"ServerName"), bstrNamespace, bstr(str))))
throw com_runtime_error(hr, __FUNCTION__ " Error creating <ServerName> element.");
}
}
void eap::config_method_tls::load(_In_ IXMLDOMNode *pConfigRoot)
{
assert(pConfigRoot);
config_method_with_cred::load(pConfigRoot);
std::wstring xpath(eapxml::get_xpath(pConfigRoot));
m_trusted_root_ca.clear();
m_server_names.clear();
// <ServerSideCredential>
com_obj<IXMLDOMElement> pXmlElServerSideCredential;
if (SUCCEEDED(eapxml::select_element(pConfigRoot, bstr(L"eap-metadata:ServerSideCredential"), &pXmlElServerSideCredential))) {
std::wstring xpathServerSideCredential(xpath + L"/ServerSideCredential");
// <CA>
com_obj<IXMLDOMNodeList> pXmlListCAs;
long lCACount = 0;
if (SUCCEEDED(eapxml::select_nodes(pXmlElServerSideCredential, bstr(L"eap-metadata:CA"), &pXmlListCAs)) && SUCCEEDED(pXmlListCAs->get_length(&lCACount))) {
for (long j = 0; j < lCACount; j++) {
// Load CA certificate.
com_obj<IXMLDOMNode> pXmlElCA;
pXmlListCAs->get_item(j, &pXmlElCA);
bstr bstrFormat;
if (FAILED(eapxml::get_element_value(pXmlElCA, bstr(L"eap-metadata:format"), &bstrFormat))) {
// <format> not specified.
continue;
}
if (CompareStringEx(LOCALE_NAME_INVARIANT, NORM_IGNORECASE, bstrFormat, bstrFormat.length(), L"PEM", -1, NULL, NULL, 0) != CSTR_EQUAL) {
// Certificate must be PEM encoded.
continue;
}
vector<unsigned char> aData;
if (FAILED(eapxml::get_element_base64(pXmlElCA, bstr(L"eap-metadata:cert-data"), aData))) {
// Error reading <cert-data> element.
continue;
}
add_trusted_ca(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, aData.data(), (DWORD)aData.size());
}
// Log loaded CA certificates.
list<tstring> cert_names;
for (std::list<winstd::cert_context>::const_iterator cert = m_trusted_root_ca.cbegin(), cert_end = m_trusted_root_ca.cend(); cert != cert_end; ++cert)
cert_names.push_back(std::move(get_cert_title(*cert)));
m_module.log_config((xpathServerSideCredential + L"/CA").c_str(), cert_names);
}
// <ServerName>
com_obj<IXMLDOMNodeList> pXmlListServerIDs;
long lServerIDCount = 0;
if (SUCCEEDED(eapxml::select_nodes(pXmlElServerSideCredential, bstr(L"eap-metadata:ServerName"), &pXmlListServerIDs)) && SUCCEEDED(pXmlListServerIDs->get_length(&lServerIDCount))) {
for (long j = 0; j < lServerIDCount; j++) {
// Load server name (<ServerName>).
com_obj<IXMLDOMNode> pXmlElServerID;
pXmlListServerIDs->get_item(j, &pXmlElServerID);
bstr bstrServerID;
pXmlElServerID->get_text(&bstrServerID);
// Server names (FQDNs) are always ASCII. Hopefully. Convert them to UTF-8 anyway for consistent comparison. CP_ANSI varies.
string str;
WideCharToMultiByte(CP_UTF8, 0, bstrServerID, bstrServerID.length(), str, NULL, NULL);
m_server_names.push_back(str);
}
m_module.log_config((xpathServerSideCredential + L"/ServerName").c_str(), m_server_names);
}
}
}
void eap::config_method_tls::operator<<(_Inout_ cursor_out &cursor) const
{
config_method_with_cred::operator<<(cursor);
cursor << m_trusted_root_ca;
cursor << m_server_names ;
cursor << m_session_id ;
cursor << m_master_secret ;
}
size_t eap::config_method_tls::get_pk_size() const
{
return
config_method_with_cred::get_pk_size() +
pksizeof(m_trusted_root_ca) +
pksizeof(m_server_names ) +
pksizeof(m_session_id ) +
pksizeof(m_master_secret );
}
void eap::config_method_tls::operator>>(_Inout_ cursor_in &cursor)
{
config_method_with_cred::operator>>(cursor);
cursor >> m_trusted_root_ca;
cursor >> m_server_names ;
cursor >> m_session_id ;
cursor >> m_master_secret ;
}
eap_type_t eap::config_method_tls::get_method_id() const
{
return eap_type_tls;
}
bool eap::config_method_tls::add_trusted_ca(_In_ DWORD dwCertEncodingType, _In_ const BYTE *pbCertEncoded, _In_ DWORD cbCertEncoded)
{
cert_context cert;
if (!cert.create(dwCertEncodingType, pbCertEncoded, cbCertEncoded)) {
// Invalid or unsupported certificate.
return false;
}
for (list<cert_context>::const_iterator i = m_trusted_root_ca.cbegin(), i_end = m_trusted_root_ca.cend();; ++i) {
if (i != i_end) {
if (*i == cert) {
// This certificate is already on the list.
return false;
}
} else {
// End of list reached. Append certificate.
m_trusted_root_ca.push_back(std::move(cert));
return true;
}
}
}
/*
Copyright 2015-2016 Amebis
Copyright 2016 GÉANT
This file is part of GÉANTLink.
GÉANTLink is free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
GÉANTLink is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
*/
#include "StdAfx.h"
#pragma comment(lib, "Cryptui.lib")
using namespace std;
using namespace winstd;
//////////////////////////////////////////////////////////////////////
// eap::get_cert_title
//////////////////////////////////////////////////////////////////////
tstring eap::get_cert_title(PCCERT_CONTEXT cert)
{
tstring name, str, issuer, title;
FILETIME ft;
SYSTEMTIME st;
// Prepare certificate information
CertGetNameString(cert, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, NULL, name);
title += name;
FileTimeToLocalFileTime(&(cert->pCertInfo->NotBefore), &ft);
FileTimeToSystemTime(&ft, &st);
GetDateFormat(LOCALE_USER_DEFAULT, DATE_SHORTDATE, &st, NULL, str);
title += _T(", ");
title += str;
FileTimeToLocalFileTime(&(cert->pCertInfo->NotAfter ), &ft);
FileTimeToSystemTime(&ft, &st);
GetDateFormat(LOCALE_USER_DEFAULT, DATE_SHORTDATE, &st, NULL, str);
title += _T('-');
title += str;
CertGetNameString(cert, CERT_NAME_SIMPLE_DISPLAY_TYPE, CERT_NAME_ISSUER_FLAG, NULL, issuer);
if (name != issuer) {
title += _T(", ");
title += issuer;
}
return title;
}
//////////////////////////////////////////////////////////////////////
// eap::config_method_tls
//////////////////////////////////////////////////////////////////////
eap::config_method_tls::config_method_tls(_In_ module &mod) : config_method_with_cred(mod)
{
m_preshared.reset(new credentials_tls(mod));
}
eap::config_method_tls::config_method_tls(_In_ const config_method_tls &other) :
m_trusted_root_ca(other.m_trusted_root_ca),
m_server_names(other.m_server_names),
m_session_id(other.m_session_id),
m_master_secret(other.m_master_secret),
config_method_with_cred(other)
{
}
eap::config_method_tls::config_method_tls(_Inout_ config_method_tls &&other) :
m_trusted_root_ca(std::move(other.m_trusted_root_ca)),
m_server_names(std::move(other.m_server_names)),
m_session_id(std::move(other.m_session_id)),
m_master_secret(std::move(other.m_master_secret)),
config_method_with_cred(std::move(other))
{
}
eap::config_method_tls& eap::config_method_tls::operator=(_In_ const config_method_tls &other)
{
if (this != &other) {
(config_method_with_cred&)*this = other;
m_trusted_root_ca = other.m_trusted_root_ca;
m_server_names = other.m_server_names;
m_session_id = other.m_session_id;
m_master_secret = other.m_master_secret;
}
return *this;
}
eap::config_method_tls& eap::config_method_tls::operator=(_Inout_ config_method_tls &&other)
{
if (this != &other) {
(config_method_with_cred&&)*this = std::move(other);
m_trusted_root_ca = std::move(other.m_trusted_root_ca);
m_server_names = std::move(other.m_server_names);
m_session_id = std::move(other.m_session_id);
m_master_secret = std::move(other.m_master_secret);
}
return *this;
}
eap::config* eap::config_method_tls::clone() const
{
return new config_method_tls(*this);
}
void eap::config_method_tls::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const
{
assert(pDoc);
assert(pConfigRoot);
config_method_with_cred::save(pDoc, pConfigRoot);
const bstr bstrNamespace(L"urn:ietf:params:xml:ns:yang:ietf-eap-metadata");
HRESULT hr;
// <ServerSideCredential>
com_obj<IXMLDOMElement> pXmlElServerSideCredential;
if (FAILED(hr = eapxml::create_element(pDoc, pConfigRoot, bstr(L"eap-metadata:ServerSideCredential"), bstr(L"ServerSideCredential"), bstrNamespace, &pXmlElServerSideCredential)))
throw com_runtime_error(hr, __FUNCTION__ " Error creating <ServerSideCredential> element.");
for (list<cert_context>::const_iterator i = m_trusted_root_ca.begin(), i_end = m_trusted_root_ca.end(); i != i_end; ++i) {
// <CA>
com_obj<IXMLDOMElement> pXmlElCA;
if (FAILED(hr = eapxml::create_element(pDoc, bstr(L"CA"), bstrNamespace, &pXmlElCA)))
throw com_runtime_error(hr, __FUNCTION__ " Error creating <CA> element.");
// <CA>/<format>
if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElCA, bstr(L"format"), bstrNamespace, bstr(L"PEM"))))
throw com_runtime_error(hr, __FUNCTION__ " Error creating <format> element.");
// <CA>/<cert-data>
const cert_context &cc = *i;
if (FAILED(hr = eapxml::put_element_base64(pDoc, pXmlElCA, bstr(L"cert-data"), bstrNamespace, cc->pbCertEncoded, cc->cbCertEncoded)))
throw com_runtime_error(hr, __FUNCTION__ " Error creating <cert-data> element.");
if (FAILED(hr = pXmlElServerSideCredential->appendChild(pXmlElCA, NULL)))
throw com_runtime_error(hr, __FUNCTION__ " Error appending <CA> element.");
}
// <ServerName>
for (list<wstring>::const_iterator i = m_server_names.begin(), i_end = m_server_names.end(); i != i_end; ++i) {
if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElServerSideCredential, bstr(L"ServerName"), bstrNamespace, bstr(*i))))
throw com_runtime_error(hr, __FUNCTION__ " Error creating <ServerName> element.");
}
}
void eap::config_method_tls::load(_In_ IXMLDOMNode *pConfigRoot)
{
assert(pConfigRoot);
config_method_with_cred::load(pConfigRoot);
std::wstring xpath(eapxml::get_xpath(pConfigRoot));
m_trusted_root_ca.clear();
m_server_names.clear();
// <ServerSideCredential>
com_obj<IXMLDOMElement> pXmlElServerSideCredential;
if (SUCCEEDED(eapxml::select_element(pConfigRoot, bstr(L"eap-metadata:ServerSideCredential"), &pXmlElServerSideCredential))) {
std::wstring xpathServerSideCredential(xpath + L"/ServerSideCredential");
// <CA>
com_obj<IXMLDOMNodeList> pXmlListCAs;
long lCACount = 0;
if (SUCCEEDED(eapxml::select_nodes(pXmlElServerSideCredential, bstr(L"eap-metadata:CA"), &pXmlListCAs)) && SUCCEEDED(pXmlListCAs->get_length(&lCACount))) {
for (long j = 0; j < lCACount; j++) {
// Load CA certificate.
com_obj<IXMLDOMNode> pXmlElCA;
pXmlListCAs->get_item(j, &pXmlElCA);
bstr bstrFormat;
if (FAILED(eapxml::get_element_value(pXmlElCA, bstr(L"eap-metadata:format"), &bstrFormat))) {
// <format> not specified.
continue;
}
if (CompareStringEx(LOCALE_NAME_INVARIANT, NORM_IGNORECASE, bstrFormat, bstrFormat.length(), L"PEM", -1, NULL, NULL, 0) != CSTR_EQUAL) {
// Certificate must be PEM encoded.
continue;
}
vector<unsigned char> aData;
if (FAILED(eapxml::get_element_base64(pXmlElCA, bstr(L"eap-metadata:cert-data"), aData))) {
// Error reading <cert-data> element.
continue;
}
add_trusted_ca(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, aData.data(), (DWORD)aData.size());
}
// Log loaded CA certificates.
list<tstring> cert_names;
for (std::list<winstd::cert_context>::const_iterator cert = m_trusted_root_ca.cbegin(), cert_end = m_trusted_root_ca.cend(); cert != cert_end; ++cert)
cert_names.push_back(std::move(get_cert_title(*cert)));
m_module.log_config((xpathServerSideCredential + L"/CA").c_str(), cert_names);
}
// <ServerName>
com_obj<IXMLDOMNodeList> pXmlListServerIDs;
long lServerIDCount = 0;
if (SUCCEEDED(eapxml::select_nodes(pXmlElServerSideCredential, bstr(L"eap-metadata:ServerName"), &pXmlListServerIDs)) && SUCCEEDED(pXmlListServerIDs->get_length(&lServerIDCount))) {
for (long j = 0; j < lServerIDCount; j++) {
// Load server name (<ServerName>).
com_obj<IXMLDOMNode> pXmlElServerID;
pXmlListServerIDs->get_item(j, &pXmlElServerID);
bstr bstrServerID;
pXmlElServerID->get_text(&bstrServerID);
m_server_names.push_back(wstring(bstrServerID));
}
m_module.log_config((xpathServerSideCredential + L"/ServerName").c_str(), m_server_names);
}
}
}
void eap::config_method_tls::operator<<(_Inout_ cursor_out &cursor) const
{
config_method_with_cred::operator<<(cursor);
cursor << m_trusted_root_ca;
cursor << m_server_names ;
cursor << m_session_id ;
cursor << m_master_secret ;
}
size_t eap::config_method_tls::get_pk_size() const
{
return
config_method_with_cred::get_pk_size() +
pksizeof(m_trusted_root_ca) +
pksizeof(m_server_names ) +
pksizeof(m_session_id ) +
pksizeof(m_master_secret );
}
void eap::config_method_tls::operator>>(_Inout_ cursor_in &cursor)
{
config_method_with_cred::operator>>(cursor);
cursor >> m_trusted_root_ca;
cursor >> m_server_names ;
cursor >> m_session_id ;
cursor >> m_master_secret ;
}
eap_type_t eap::config_method_tls::get_method_id() const
{
return eap_type_tls;
}
bool eap::config_method_tls::add_trusted_ca(_In_ DWORD dwCertEncodingType, _In_ const BYTE *pbCertEncoded, _In_ DWORD cbCertEncoded)
{
cert_context cert;
if (!cert.create(dwCertEncodingType, pbCertEncoded, cbCertEncoded)) {
// Invalid or unsupported certificate.
return false;
}
for (list<cert_context>::const_iterator i = m_trusted_root_ca.cbegin(), i_end = m_trusted_root_ca.cend();; ++i) {
if (i != i_end) {
if (*i == cert) {
// This certificate is already on the list.
return false;
}
} else {
// End of list reached. Append certificate.
m_trusted_root_ca.push_back(std::move(cert));
return true;
}
}
}

3235
lib/TLS/src/Method.cpp
View File

File diff suppressed because it is too large Load Diff

684
lib/TLS_UI/include/TLS_UI.h
View File

@ -1,342 +1,342 @@
/*
Copyright 2015-2016 Amebis
Copyright 2016 GÉANT
This file is part of GÉANTLink.
GÉANTLink is free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
GÉANTLink is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
*/
#include "../../EAPBase_UI/include/EAP_UI.h"
#include "../../TLS/include/Config.h"
#include "../../TLS/include/Credentials.h"
#include <WinStd/Common.h>
#include <wx/filedlg.h>
#include <wx/msgdlg.h>
#include <Windows.h>
#include <cryptuiapi.h>
#include <WinCrypt.h> // Must include after <Windows.h>
#include <list>
#include <string>
///
/// Helper class for auto-destroyable certificates used in wxWidget's item containers
///
class wxCertificateClientData;
///
/// Validator for host name
///
class wxHostNameValidator;
///
/// Validator for FQDN
///
class wxFQDNValidator;
///
/// Validator for FQDN lists
///
class wxFQDNListValidator;
///
/// TLS credential panel
///
class wxTLSCredentialsPanel;
///
/// TLS server trust configuration panel
///
class wxTLSServerTrustPanel;
///
/// TLS credentials configuration panel
///
typedef wxEAPCredentialsConfigPanel<eap::credentials_tls, wxTLSCredentialsPanel> wxTLSCredentialsConfigPanel;
///
/// TLS configuration panel
///
class wxTLSConfigPanel;
#pragma once
#include "../res/wxTLS_UI.h"
#include <WinStd/Win.h>
#include <wx/clntdata.h>
#include <wx/icon.h>
#include <wx/panel.h>
#include <wx/textctrl.h>
#include <wx/validate.h>
#include <list>
#include <string>
#include <vector>
class wxCertificateClientData : public wxClientData
{
public:
///
/// Constructs client data object with existing handle
///
wxCertificateClientData(PCCERT_CONTEXT cert);
///
/// Releases certificate handle and destructs the object
///
virtual ~wxCertificateClientData();
public:
PCCERT_CONTEXT m_cert; ///< Certificate
};
class wxHostNameValidator : public wxValidator
{
wxDECLARE_DYNAMIC_CLASS(wxHostNameValidator);
wxDECLARE_NO_ASSIGN_CLASS(wxHostNameValidator);
public:
///
/// Construct the validator with a value to store data
///
wxHostNameValidator(std::string *val = NULL);
///
/// Copy constructor
///
wxHostNameValidator(const wxHostNameValidator &other);
///
/// Copies this validator
///
virtual wxObject* Clone() const;
///
/// Validates the value
///
virtual bool Validate(wxWindow *parent);
///
/// Transfers the value to the window
///
virtual bool TransferToWindow();
///
/// Transfers the value from the window
///
virtual bool TransferFromWindow();
///
/// Parses FQDN value
///
static bool Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::string *val_out = NULL);
protected:
std::string *m_val; ///< Pointer to variable to receive control's parsed value
};
class wxFQDNValidator : public wxValidator
{
wxDECLARE_DYNAMIC_CLASS(wxFQDNValidator);
wxDECLARE_NO_ASSIGN_CLASS(wxFQDNValidator);
public:
///
/// Construct the validator with a value to store data
///
wxFQDNValidator(std::string *val = NULL);
///
/// Copy constructor
///
wxFQDNValidator(const wxFQDNValidator &other);
///
/// Copies this validator
///
virtual wxObject* Clone() const;
///
/// Validates the value
///
virtual bool Validate(wxWindow *parent);
///
/// Transfers the value to the window
///
virtual bool TransferToWindow();
///
/// Transfers the value from the window
///
virtual bool TransferFromWindow();
///
/// Parses FQDN value
///
static bool Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::string *val_out = NULL);
protected:
std::string *m_val; ///< Pointer to variable to receive control's parsed value
};
class wxFQDNListValidator : public wxValidator
{
wxDECLARE_DYNAMIC_CLASS(wxFQDNListValidator);
wxDECLARE_NO_ASSIGN_CLASS(wxFQDNListValidator);
public:
///
/// Construct the validator with a value to store data
///
wxFQDNListValidator(std::list<std::string> *val = NULL);
///
/// Copy constructor
///
wxFQDNListValidator(const wxFQDNListValidator &other);
///
/// Copies this validator
///
virtual wxObject* Clone() const;
///
/// Validates the value
///
virtual bool Validate(wxWindow *parent);
///
/// Transfers the value to the window
///
virtual bool TransferToWindow();
///
/// Transfers the value from the window
///
virtual bool TransferFromWindow();
///
/// Parses FQDN list value
///
static bool Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::list<std::string> *val_out = NULL);
protected:
std::list<std::string> *m_val; ///< Pointer to variable to receive control's parsed value
};
class wxTLSCredentialsPanel : public wxEAPCredentialsPanelBase<eap::credentials_tls, wxTLSCredentialsPanelBase>
{
public:
///
/// Constructs a configuration panel
///
/// \param[in] prov Provider configuration data
/// \param[in] cfg Configuration data
/// \param[inout] cred Credentials data
/// \param[in] pszCredTarget Target name of credentials in Windows Credential Manager. Can be further decorated to create final target name.
/// \param[in] parent Parent window
/// \param[in] is_config Is this panel used to pre-enter credentials? When \c true, the "Remember" checkbox is always selected and disabled.
///
wxTLSCredentialsPanel(const eap::config_provider &prov, const eap::config_method_with_cred &cfg, eap::credentials_tls &cred, LPCTSTR pszCredTarget, wxWindow* parent, bool is_config = false);
protected:
/// \cond internal
virtual bool TransferDataToWindow();
virtual bool TransferDataFromWindow();
virtual void OnUpdateUI(wxUpdateUIEvent& event);
/// \endcond
protected:
winstd::library m_shell32; ///< shell32.dll resource library reference
wxIcon m_icon; ///< Panel icon
};
class wxTLSServerTrustPanel : public wxEAPTLSServerTrustConfigPanelBase
{
public:
///
/// Constructs a configuration panel
///
wxTLSServerTrustPanel(const eap::config_provider &prov, eap::config_method_tls &cfg, wxWindow* parent);
protected:
/// \cond internal
virtual bool TransferDataToWindow();
virtual bool TransferDataFromWindow();
virtual void OnUpdateUI(wxUpdateUIEvent& event);
virtual void OnRootCADClick(wxCommandEvent& event);
virtual void OnRootCAAddStore(wxCommandEvent& event);
virtual void OnRootCAAddFile(wxCommandEvent& event);
virtual void OnRootCARemove(wxCommandEvent& event);
/// \endcond
///
/// Adds a certificate to the list of trusted root CA list
///
/// \param[in] cert Certificate
///
/// \returns
/// - \c true if certificate was added;
/// - \c false if duplicate found or an error occured.
///
bool AddRootCA(PCCERT_CONTEXT cert);
protected:
const eap::config_provider &m_prov; ///< EAP provider
eap::config_method_tls &m_cfg; ///< TLS configuration
winstd::library m_certmgr; ///< certmgr.dll resource library reference
wxIcon m_icon; ///< Panel icon
std::list<std::string> m_server_names_val; ///< Acceptable authenticating server names
};
class wxTLSConfigPanel : public wxPanel
{
public:
///
/// Constructs a configuration panel
///
wxTLSConfigPanel(const eap::config_provider &prov, eap::config_method_tls &cfg, LPCTSTR pszCredTarget, wxWindow* parent);
///
/// Destructs the configuration panel
///
virtual ~wxTLSConfigPanel();
protected:
/// \cond internal
virtual void OnInitDialog(wxInitDialogEvent& event);
virtual bool TransferDataFromWindow();
/// \endcond
protected:
const eap::config_provider &m_prov; ///< EAP provider
eap::config_method_tls &m_cfg; ///< TLS configuration
wxTLSServerTrustPanel *m_server_trust; ///< Server trust configuration panel
wxTLSCredentialsConfigPanel *m_credentials; ///< Credentials configuration panel
};
/*
Copyright 2015-2016 Amebis
Copyright 2016 GÉANT
This file is part of GÉANTLink.
GÉANTLink is free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
GÉANTLink is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
*/
#include "../../EAPBase_UI/include/EAP_UI.h"
#include "../../TLS/include/Config.h"
#include "../../TLS/include/Credentials.h"
#include <WinStd/Common.h>
#include <wx/filedlg.h>
#include <wx/msgdlg.h>
#include <Windows.h>
#include <cryptuiapi.h>
#include <WinCrypt.h> // Must include after <Windows.h>
#include <list>
#include <string>
///
/// Helper class for auto-destroyable certificates used in wxWidget's item containers
///
class wxCertificateClientData;
///
/// Validator for host name
///
class wxHostNameValidator;
///
/// Validator for FQDN
///
class wxFQDNValidator;
///
/// Validator for FQDN lists
///
class wxFQDNListValidator;
///
/// TLS credential panel
///
class wxTLSCredentialsPanel;
///
/// TLS server trust configuration panel
///
class wxTLSServerTrustPanel;
///
/// TLS credentials configuration panel
///
typedef wxEAPCredentialsConfigPanel<eap::credentials_tls, wxTLSCredentialsPanel> wxTLSCredentialsConfigPanel;
///
/// TLS configuration panel
///
class wxTLSConfigPanel;
#pragma once
#include "../res/wxTLS_UI.h"
#include <WinStd/Win.h>
#include <wx/clntdata.h>
#include <wx/icon.h>
#include <wx/panel.h>
#include <wx/textctrl.h>
#include <wx/validate.h>
#include <list>
#include <string>
#include <vector>
class wxCertificateClientData : public wxClientData
{
public:
///
/// Constructs client data object with existing handle
///
wxCertificateClientData(PCCERT_CONTEXT cert);
///
/// Releases certificate handle and destructs the object
///
virtual ~wxCertificateClientData();
public:
PCCERT_CONTEXT m_cert; ///< Certificate
};
class wxHostNameValidator : public wxValidator
{
wxDECLARE_DYNAMIC_CLASS(wxHostNameValidator);
wxDECLARE_NO_ASSIGN_CLASS(wxHostNameValidator);
public:
///
/// Construct the validator with a value to store data
///
wxHostNameValidator(std::wstring *val = NULL);
///
/// Copy constructor
///
wxHostNameValidator(const wxHostNameValidator &other);
///
/// Copies this validator
///
virtual wxObject* Clone() const;
///
/// Validates the value
///
virtual bool Validate(wxWindow *parent);
///
/// Transfers the value to the window
///
virtual bool TransferToWindow();
///
/// Transfers the value from the window
///
virtual bool TransferFromWindow();
///
/// Parses FQDN value
///
static bool Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::wstring *val_out = NULL);
protected:
std::wstring *m_val; ///< Pointer to variable to receive control's parsed value
};
class wxFQDNValidator : public wxValidator
{
wxDECLARE_DYNAMIC_CLASS(wxFQDNValidator);
wxDECLARE_NO_ASSIGN_CLASS(wxFQDNValidator);
public:
///
/// Construct the validator with a value to store data
///
wxFQDNValidator(std::wstring *val = NULL);
///
/// Copy constructor
///
wxFQDNValidator(const wxFQDNValidator &other);
///
/// Copies this validator
///
virtual wxObject* Clone() const;
///
/// Validates the value
///
virtual bool Validate(wxWindow *parent);
///
/// Transfers the value to the window
///
virtual bool TransferToWindow();
///
/// Transfers the value from the window
///
virtual bool TransferFromWindow();
///
/// Parses FQDN value
///
static bool Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::wstring *val_out = NULL);
protected:
std::wstring *m_val; ///< Pointer to variable to receive control's parsed value
};
class wxFQDNListValidator : public wxValidator
{
wxDECLARE_DYNAMIC_CLASS(wxFQDNListValidator);
wxDECLARE_NO_ASSIGN_CLASS(wxFQDNListValidator);
public:
///
/// Construct the validator with a value to store data
///
wxFQDNListValidator(std::list<std::wstring> *val = NULL);
///
/// Copy constructor
///
wxFQDNListValidator(const wxFQDNListValidator &other);
///
/// Copies this validator
///
virtual wxObject* Clone() const;
///
/// Validates the value
///
virtual bool Validate(wxWindow *parent);
///
/// Transfers the value to the window
///
virtual bool TransferToWindow();
///
/// Transfers the value from the window
///
virtual bool TransferFromWindow();
///
/// Parses FQDN list value
///
static bool Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::list<std::wstring> *val_out = NULL);
protected:
std::list<std::wstring> *m_val; ///< Pointer to variable to receive control's parsed value
};
class wxTLSCredentialsPanel : public wxEAPCredentialsPanelBase<eap::credentials_tls, wxTLSCredentialsPanelBase>
{
public:
///
/// Constructs a configuration panel
///
/// \param[in] prov Provider configuration data
/// \param[in] cfg Configuration data
/// \param[inout] cred Credentials data
/// \param[in] pszCredTarget Target name of credentials in Windows Credential Manager. Can be further decorated to create final target name.
/// \param[in] parent Parent window
/// \param[in] is_config Is this panel used to pre-enter credentials? When \c true, the "Remember" checkbox is always selected and disabled.
///
wxTLSCredentialsPanel(const eap::config_provider &prov, const eap::config_method_with_cred &cfg, eap::credentials_tls &cred, LPCTSTR pszCredTarget, wxWindow* parent, bool is_config = false);
protected:
/// \cond internal
virtual bool TransferDataToWindow();
virtual bool TransferDataFromWindow();
virtual void OnUpdateUI(wxUpdateUIEvent& event);
/// \endcond
protected:
winstd::library m_shell32; ///< shell32.dll resource library reference
wxIcon m_icon; ///< Panel icon
};
class wxTLSServerTrustPanel : public wxEAPTLSServerTrustConfigPanelBase
{
public:
///
/// Constructs a configuration panel
///
wxTLSServerTrustPanel(const eap::config_provider &prov, eap::config_method_tls &cfg, wxWindow* parent);
protected:
/// \cond internal
virtual bool TransferDataToWindow();
virtual bool TransferDataFromWindow();
virtual void OnUpdateUI(wxUpdateUIEvent& event);
virtual void OnRootCADClick(wxCommandEvent& event);
virtual void OnRootCAAddStore(wxCommandEvent& event);
virtual void OnRootCAAddFile(wxCommandEvent& event);
virtual void OnRootCARemove(wxCommandEvent& event);
/// \endcond
///
/// Adds a certificate to the list of trusted root CA list
///
/// \param[in] cert Certificate
///
/// \returns
/// - \c true if certificate was added;
/// - \c false if duplicate found or an error occured.
///
bool AddRootCA(PCCERT_CONTEXT cert);
protected:
const eap::config_provider &m_prov; ///< EAP provider
eap::config_method_tls &m_cfg; ///< TLS configuration
winstd::library m_certmgr; ///< certmgr.dll resource library reference
wxIcon m_icon; ///< Panel icon
std::list<std::wstring> m_server_names_val; ///< Acceptable authenticating server names
};
class wxTLSConfigPanel : public wxPanel
{
public:
///
/// Constructs a configuration panel
///
wxTLSConfigPanel(const eap::config_provider &prov, eap::config_method_tls &cfg, LPCTSTR pszCredTarget, wxWindow* parent);
///
/// Destructs the configuration panel
///
virtual ~wxTLSConfigPanel();
protected:
/// \cond internal
virtual void OnInitDialog(wxInitDialogEvent& event);
virtual bool TransferDataFromWindow();
/// \endcond
protected:
const eap::config_provider &m_prov; ///< EAP provider
eap::config_method_tls &m_cfg; ///< TLS configuration
wxTLSServerTrustPanel *m_server_trust; ///< Server trust configuration panel
wxTLSCredentialsConfigPanel *m_credentials; ///< Credentials configuration panel
};

364
lib/TLS_UI/res/wxTLS_UI.cpp
View File

@ -1,182 +1,182 @@
///////////////////////////////////////////////////////////////////////////
// C++ code generated with wxFormBuilder (version Jun 17 2015)
// http://www.wxformbuilder.org/
//
// PLEASE DO "NOT" EDIT THIS FILE!
///////////////////////////////////////////////////////////////////////////
#include <StdAfx.h>
#include "wxTLS_UI.h"
///////////////////////////////////////////////////////////////////////////
wxEAPTLSServerTrustConfigPanelBase::wxEAPTLSServerTrustConfigPanelBase( wxWindow* parent, wxWindowID id, const wxPoint& pos, const wxSize& size, long style ) : wxPanel( parent, id, pos, size, style )
{
wxStaticBoxSizer* sb_server_trust;
sb_server_trust = new wxStaticBoxSizer( new wxStaticBox( this, wxID_ANY, _("Server Trust") ), wxVERTICAL );
wxBoxSizer* sb_server_trust_horiz;
sb_server_trust_horiz = new wxBoxSizer( wxHORIZONTAL );
m_server_trust_icon = new wxStaticBitmap( sb_server_trust->GetStaticBox(), wxID_ANY, wxNullBitmap, wxDefaultPosition, wxDefaultSize, 0 );
sb_server_trust_horiz->Add( m_server_trust_icon, 0, wxALL, 5 );
wxBoxSizer* sb_server_trust_vert;
sb_server_trust_vert = new wxBoxSizer( wxVERTICAL );
m_server_trust_label = new wxStaticText( sb_server_trust->GetStaticBox(), wxID_ANY, _("Describe the servers you trust to prevent credential interception in case of man-in-the-middle attacks."), wxDefaultPosition, wxDefaultSize, 0 );
m_server_trust_label->Wrap( 446 );
sb_server_trust_vert->Add( m_server_trust_label, 0, wxALL|wxEXPAND, 5 );
wxBoxSizer* sb_root_ca;
sb_root_ca = new wxBoxSizer( wxVERTICAL );
m_root_ca_lbl = new wxStaticText( sb_server_trust->GetStaticBox(), wxID_ANY, _("Acceptable Certificate Authorities:"), wxDefaultPosition, wxDefaultSize, 0 );
m_root_ca_lbl->Wrap( -1 );
sb_root_ca->Add( m_root_ca_lbl, 0, wxEXPAND|wxBOTTOM, 5 );
m_root_ca = new wxListBox( sb_server_trust->GetStaticBox(), wxID_ANY, wxDefaultPosition, wxDefaultSize, 0, NULL, wxLB_SORT );
m_root_ca->SetToolTip( _("List of certificate authorities server's certificate must be issued by") );
sb_root_ca->Add( m_root_ca, 1, wxEXPAND|wxBOTTOM, 5 );
wxBoxSizer* sb_root_ca_btn;
sb_root_ca_btn = new wxBoxSizer( wxHORIZONTAL );
m_root_ca_add_store = new wxButton( sb_server_trust->GetStaticBox(), wxID_ANY, _("Add CA from Store..."), wxDefaultPosition, wxDefaultSize, 0 );
m_root_ca_add_store->SetToolTip( _("Adds a new certificate authority from the certificate store to the list") );
sb_root_ca_btn->Add( m_root_ca_add_store, 0, wxRIGHT, 5 );
m_root_ca_add_file = new wxButton( sb_server_trust->GetStaticBox(), wxID_ANY, _("Add CA from File..."), wxDefaultPosition, wxDefaultSize, 0 );
m_root_ca_add_file->SetToolTip( _("Adds a new certificate authority from the file to the list") );
sb_root_ca_btn->Add( m_root_ca_add_file, 0, wxRIGHT|wxLEFT, 5 );
m_root_ca_remove = new wxButton( sb_server_trust->GetStaticBox(), wxID_ANY, _("&Remove CA"), wxDefaultPosition, wxDefaultSize, 0 );
m_root_ca_remove->Enable( false );
m_root_ca_remove->SetToolTip( _("Removes selected certificate authorities from the list") );
sb_root_ca_btn->Add( m_root_ca_remove, 0, wxLEFT, 5 );
sb_root_ca->Add( sb_root_ca_btn, 0, wxALIGN_RIGHT, 5 );
sb_server_trust_vert->Add( sb_root_ca, 1, wxEXPAND|wxALL, 5 );
wxBoxSizer* sb_server_names;
sb_server_names = new wxBoxSizer( wxVERTICAL );
m_server_names_label = new wxStaticText( sb_server_trust->GetStaticBox(), wxID_ANY, _("Acceptable server &names:"), wxDefaultPosition, wxDefaultSize, 0 );
m_server_names_label->Wrap( -1 );
sb_server_names->Add( m_server_names_label, 0, wxBOTTOM, 5 );
m_server_names = new wxTextCtrl( sb_server_trust->GetStaticBox(), wxID_ANY, wxEmptyString, wxDefaultPosition, wxDefaultSize, 0 );
m_server_names->SetToolTip( _("A semicolon delimited list of acceptable server FQDN names; blank to skip name check; \"*\" wildchar allowed") );
sb_server_names->Add( m_server_names, 0, wxEXPAND|wxBOTTOM, 5 );
m_server_names_note = new wxStaticText( sb_server_trust->GetStaticBox(), wxID_ANY, _("(Example: foo.bar.com;*.domain.org)"), wxDefaultPosition, wxDefaultSize, 0 );
m_server_names_note->Wrap( -1 );
sb_server_names->Add( m_server_names_note, 0, wxALIGN_RIGHT, 5 );
sb_server_trust_vert->Add( sb_server_names, 0, wxEXPAND|wxALL, 5 );
sb_server_trust_horiz->Add( sb_server_trust_vert, 1, wxEXPAND, 5 );
sb_server_trust->Add( sb_server_trust_horiz, 1, wxEXPAND, 5 );
this->SetSizer( sb_server_trust );
this->Layout();
// Connect Events
this->Connect( wxEVT_UPDATE_UI, wxUpdateUIEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnUpdateUI ) );
m_root_ca->Connect( wxEVT_COMMAND_LISTBOX_DOUBLECLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCADClick ), NULL, this );
m_root_ca_add_store->Connect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCAAddStore ), NULL, this );
m_root_ca_add_file->Connect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCAAddFile ), NULL, this );
m_root_ca_remove->Connect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCARemove ), NULL, this );
}
wxEAPTLSServerTrustConfigPanelBase::~wxEAPTLSServerTrustConfigPanelBase()
{
// Disconnect Events
this->Disconnect( wxEVT_UPDATE_UI, wxUpdateUIEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnUpdateUI ) );
m_root_ca->Disconnect( wxEVT_COMMAND_LISTBOX_DOUBLECLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCADClick ), NULL, this );
m_root_ca_add_store->Disconnect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCAAddStore ), NULL, this );
m_root_ca_add_file->Disconnect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCAAddFile ), NULL, this );
m_root_ca_remove->Disconnect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCARemove ), NULL, this );
}
wxTLSCredentialsPanelBase::wxTLSCredentialsPanelBase( wxWindow* parent, wxWindowID id, const wxPoint& pos, const wxSize& size, long style ) : wxPanel( parent, id, pos, size, style )
{
wxStaticBoxSizer* sb_credentials;
sb_credentials = new wxStaticBoxSizer( new wxStaticBox( this, wxID_ANY, _("TLS Client Certificate") ), wxVERTICAL );
wxBoxSizer* sb_credentials_horiz;
sb_credentials_horiz = new wxBoxSizer( wxHORIZONTAL );
m_credentials_icon = new wxStaticBitmap( sb_credentials->GetStaticBox(), wxID_ANY, wxNullBitmap, wxDefaultPosition, wxDefaultSize, 0 );
sb_credentials_horiz->Add( m_credentials_icon, 0, wxALL, 5 );
wxBoxSizer* sb_credentials_vert;
sb_credentials_vert = new wxBoxSizer( wxVERTICAL );
m_credentials_label = new wxStaticText( sb_credentials->GetStaticBox(), wxID_ANY, _("Please select your client certificate to use for authentication."), wxDefaultPosition, wxDefaultSize, 0 );
m_credentials_label->Wrap( 446 );
sb_credentials_vert->Add( m_credentials_label, 0, wxALL|wxEXPAND, 5 );
wxBoxSizer* sb_cert_radio;
sb_cert_radio = new wxBoxSizer( wxVERTICAL );
m_cert_none = new wxRadioButton( sb_credentials->GetStaticBox(), wxID_ANY, _("Co&nnect without providing a client certificate"), wxDefaultPosition, wxDefaultSize, wxRB_GROUP );
m_cert_none->SetToolTip( _("Select if your server does not require you to provide a client certificate") );
sb_cert_radio->Add( m_cert_none, 1, wxEXPAND, 5 );
wxBoxSizer* sb_cert_select;
sb_cert_select = new wxBoxSizer( wxHORIZONTAL );
m_cert_select = new wxRadioButton( sb_credentials->GetStaticBox(), wxID_ANY, _("Use the following &certificate:"), wxDefaultPosition, wxDefaultSize, 0 );
m_cert_select->SetToolTip( _("Select if you need to provide a client certificate when connecting") );
sb_cert_select->Add( m_cert_select, 0, wxEXPAND, 5 );
wxArrayString m_cert_select_valChoices;
m_cert_select_val = new wxChoice( sb_credentials->GetStaticBox(), wxID_ANY, wxDefaultPosition, wxDefaultSize, m_cert_select_valChoices, wxCB_SORT );
m_cert_select_val->SetSelection( 0 );
m_cert_select_val->SetToolTip( _("Client certificate to use for authentication") );
sb_cert_select->Add( m_cert_select_val, 1, wxEXPAND, 5 );
sb_cert_radio->Add( sb_cert_select, 1, wxEXPAND, 5 );
sb_credentials_vert->Add( sb_cert_radio, 0, wxEXPAND|wxALL, 5 );
m_remember = new wxCheckBox( sb_credentials->GetStaticBox(), wxID_ANY, _("&Remember"), wxDefaultPosition, wxDefaultSize, 0 );
m_remember->SetHelpText( _("Check if you would like to save certificate selection") );
sb_credentials_vert->Add( m_remember, 0, wxALL|wxEXPAND, 5 );
sb_credentials_horiz->Add( sb_credentials_vert, 1, wxEXPAND, 5 );
sb_credentials->Add( sb_credentials_horiz, 0, wxEXPAND, 5 );
this->SetSizer( sb_credentials );
this->Layout();
}
wxTLSCredentialsPanelBase::~wxTLSCredentialsPanelBase()
{
}
///////////////////////////////////////////////////////////////////////////
// C++ code generated with wxFormBuilder (version Jun 17 2015)
// http://www.wxformbuilder.org/
//
// PLEASE DO "NOT" EDIT THIS FILE!
///////////////////////////////////////////////////////////////////////////
#include <StdAfx.h>
#include "wxTLS_UI.h"
///////////////////////////////////////////////////////////////////////////
wxEAPTLSServerTrustConfigPanelBase::wxEAPTLSServerTrustConfigPanelBase( wxWindow* parent, wxWindowID id, const wxPoint& pos, const wxSize& size, long style ) : wxPanel( parent, id, pos, size, style )
{
wxStaticBoxSizer* sb_server_trust;
sb_server_trust = new wxStaticBoxSizer( new wxStaticBox( this, wxID_ANY, _("Server Trust") ), wxVERTICAL );
wxBoxSizer* sb_server_trust_horiz;
sb_server_trust_horiz = new wxBoxSizer( wxHORIZONTAL );
m_server_trust_icon = new wxStaticBitmap( sb_server_trust->GetStaticBox(), wxID_ANY, wxNullBitmap, wxDefaultPosition, wxDefaultSize, 0 );
sb_server_trust_horiz->Add( m_server_trust_icon, 0, wxALL, 5 );
wxBoxSizer* sb_server_trust_vert;
sb_server_trust_vert = new wxBoxSizer( wxVERTICAL );
m_server_trust_label = new wxStaticText( sb_server_trust->GetStaticBox(), wxID_ANY, _("Describe the servers you trust to prevent credential interception in case of man-in-the-middle attacks."), wxDefaultPosition, wxDefaultSize, 0 );
m_server_trust_label->Wrap( 446 );
sb_server_trust_vert->Add( m_server_trust_label, 0, wxALL|wxEXPAND, 5 );
wxBoxSizer* sb_root_ca;
sb_root_ca = new wxBoxSizer( wxVERTICAL );
m_root_ca_lbl = new wxStaticText( sb_server_trust->GetStaticBox(), wxID_ANY, _("Acceptable Certificate Authorities:"), wxDefaultPosition, wxDefaultSize, 0 );
m_root_ca_lbl->Wrap( -1 );
sb_root_ca->Add( m_root_ca_lbl, 0, wxEXPAND|wxBOTTOM, 5 );
m_root_ca = new wxListBox( sb_server_trust->GetStaticBox(), wxID_ANY, wxDefaultPosition, wxDefaultSize, 0, NULL, wxLB_SORT );
m_root_ca->SetToolTip( _("List of certificate authorities server's certificate must be issued by") );
sb_root_ca->Add( m_root_ca, 1, wxEXPAND|wxBOTTOM, 5 );
wxBoxSizer* sb_root_ca_btn;
sb_root_ca_btn = new wxBoxSizer( wxHORIZONTAL );
m_root_ca_add_store = new wxButton( sb_server_trust->GetStaticBox(), wxID_ANY, _("Add CA from Store..."), wxDefaultPosition, wxDefaultSize, 0 );
m_root_ca_add_store->SetToolTip( _("Adds a new certificate authority from the certificate store to the list") );
sb_root_ca_btn->Add( m_root_ca_add_store, 0, wxRIGHT, 5 );
m_root_ca_add_file = new wxButton( sb_server_trust->GetStaticBox(), wxID_ANY, _("Add CA from File..."), wxDefaultPosition, wxDefaultSize, 0 );
m_root_ca_add_file->SetToolTip( _("Adds a new certificate authority from the file to the list") );
sb_root_ca_btn->Add( m_root_ca_add_file, 0, wxRIGHT|wxLEFT, 5 );
m_root_ca_remove = new wxButton( sb_server_trust->GetStaticBox(), wxID_ANY, _("&Remove CA"), wxDefaultPosition, wxDefaultSize, 0 );
m_root_ca_remove->Enable( false );
m_root_ca_remove->SetToolTip( _("Removes selected certificate authorities from the list") );
sb_root_ca_btn->Add( m_root_ca_remove, 0, wxLEFT, 5 );
sb_root_ca->Add( sb_root_ca_btn, 0, wxALIGN_RIGHT, 5 );
sb_server_trust_vert->Add( sb_root_ca, 1, wxEXPAND|wxALL, 5 );
wxBoxSizer* sb_server_names;
sb_server_names = new wxBoxSizer( wxVERTICAL );
m_server_names_label = new wxStaticText( sb_server_trust->GetStaticBox(), wxID_ANY, _("Acceptable server &names:"), wxDefaultPosition, wxDefaultSize, 0 );
m_server_names_label->Wrap( -1 );
sb_server_names->Add( m_server_names_label, 0, wxBOTTOM, 5 );
m_server_names = new wxTextCtrl( sb_server_trust->GetStaticBox(), wxID_ANY, wxEmptyString, wxDefaultPosition, wxDefaultSize, 0 );
m_server_names->SetToolTip( _("A semicolon delimited list of acceptable server FQDN names; blank to skip name check; Unicode characters allowed") );
sb_server_names->Add( m_server_names, 0, wxEXPAND|wxBOTTOM, 5 );
m_server_names_note = new wxStaticText( sb_server_trust->GetStaticBox(), wxID_ANY, _("(Example: foo.bar.com;server2.bar.com)"), wxDefaultPosition, wxDefaultSize, 0 );
m_server_names_note->Wrap( -1 );
sb_server_names->Add( m_server_names_note, 0, wxALIGN_RIGHT, 5 );
sb_server_trust_vert->Add( sb_server_names, 0, wxEXPAND|wxALL, 5 );
sb_server_trust_horiz->Add( sb_server_trust_vert, 1, wxEXPAND, 5 );
sb_server_trust->Add( sb_server_trust_horiz, 1, wxEXPAND, 5 );
this->SetSizer( sb_server_trust );
this->Layout();
// Connect Events
this->Connect( wxEVT_UPDATE_UI, wxUpdateUIEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnUpdateUI ) );
m_root_ca->Connect( wxEVT_COMMAND_LISTBOX_DOUBLECLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCADClick ), NULL, this );
m_root_ca_add_store->Connect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCAAddStore ), NULL, this );
m_root_ca_add_file->Connect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCAAddFile ), NULL, this );
m_root_ca_remove->Connect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCARemove ), NULL, this );
}
wxEAPTLSServerTrustConfigPanelBase::~wxEAPTLSServerTrustConfigPanelBase()
{
// Disconnect Events
this->Disconnect( wxEVT_UPDATE_UI, wxUpdateUIEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnUpdateUI ) );
m_root_ca->Disconnect( wxEVT_COMMAND_LISTBOX_DOUBLECLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCADClick ), NULL, this );
m_root_ca_add_store->Disconnect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCAAddStore ), NULL, this );
m_root_ca_add_file->Disconnect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCAAddFile ), NULL, this );
m_root_ca_remove->Disconnect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCARemove ), NULL, this );
}
wxTLSCredentialsPanelBase::wxTLSCredentialsPanelBase( wxWindow* parent, wxWindowID id, const wxPoint& pos, const wxSize& size, long style ) : wxPanel( parent, id, pos, size, style )
{
wxStaticBoxSizer* sb_credentials;
sb_credentials = new wxStaticBoxSizer( new wxStaticBox( this, wxID_ANY, _("TLS Client Certificate") ), wxVERTICAL );
wxBoxSizer* sb_credentials_horiz;
sb_credentials_horiz = new wxBoxSizer( wxHORIZONTAL );
m_credentials_icon = new wxStaticBitmap( sb_credentials->GetStaticBox(), wxID_ANY, wxNullBitmap, wxDefaultPosition, wxDefaultSize, 0 );
sb_credentials_horiz->Add( m_credentials_icon, 0, wxALL, 5 );
wxBoxSizer* sb_credentials_vert;
sb_credentials_vert = new wxBoxSizer( wxVERTICAL );
m_credentials_label = new wxStaticText( sb_credentials->GetStaticBox(), wxID_ANY, _("Please select your client certificate to use for authentication."), wxDefaultPosition, wxDefaultSize, 0 );
m_credentials_label->Wrap( 446 );
sb_credentials_vert->Add( m_credentials_label, 0, wxALL|wxEXPAND, 5 );
wxBoxSizer* sb_cert_radio;
sb_cert_radio = new wxBoxSizer( wxVERTICAL );
m_cert_none = new wxRadioButton( sb_credentials->GetStaticBox(), wxID_ANY, _("Co&nnect without providing a client certificate"), wxDefaultPosition, wxDefaultSize, wxRB_GROUP );
m_cert_none->SetToolTip( _("Select if your server does not require you to provide a client certificate") );
sb_cert_radio->Add( m_cert_none, 1, wxEXPAND, 5 );
wxBoxSizer* sb_cert_select;
sb_cert_select = new wxBoxSizer( wxHORIZONTAL );
m_cert_select = new wxRadioButton( sb_credentials->GetStaticBox(), wxID_ANY, _("Use the following &certificate:"), wxDefaultPosition, wxDefaultSize, 0 );
m_cert_select->SetToolTip( _("Select if you need to provide a client certificate when connecting") );
sb_cert_select->Add( m_cert_select, 0, wxEXPAND, 5 );
wxArrayString m_cert_select_valChoices;
m_cert_select_val = new wxChoice( sb_credentials->GetStaticBox(), wxID_ANY, wxDefaultPosition, wxDefaultSize, m_cert_select_valChoices, wxCB_SORT );
m_cert_select_val->SetSelection( 0 );
m_cert_select_val->SetToolTip( _("Client certificate to use for authentication") );
sb_cert_select->Add( m_cert_select_val, 1, wxEXPAND, 5 );
sb_cert_radio->Add( sb_cert_select, 1, wxEXPAND, 5 );
sb_credentials_vert->Add( sb_cert_radio, 0, wxEXPAND|wxALL, 5 );
m_remember = new wxCheckBox( sb_credentials->GetStaticBox(), wxID_ANY, _("&Remember"), wxDefaultPosition, wxDefaultSize, 0 );
m_remember->SetHelpText( _("Check if you would like to save certificate selection") );
sb_credentials_vert->Add( m_remember, 0, wxALL|wxEXPAND, 5 );
sb_credentials_horiz->Add( sb_credentials_vert, 1, wxEXPAND, 5 );
sb_credentials->Add( sb_credentials_horiz, 0, wxEXPAND, 5 );
this->SetSizer( sb_credentials );
this->Layout();
}
wxTLSCredentialsPanelBase::~wxTLSCredentialsPanelBase()
{
}

3250
lib/TLS_UI/res/wxTLS_UI.fbp
View File

File diff suppressed because it is too large Load Diff

1246
lib/TLS_UI/src/TLS_UI.cpp
View File

File diff suppressed because it is too large Load Diff

2
lib/WinStd

@ -1 +1 @@
Subproject commit 8a0799c2b75ebb783a6b777121e1e9ddc89a5549
Subproject commit f94b72379ec67fad89a99336048890c4e7ddda34