blob: f5db95b23c17d4874772c48ab5c7aa20036f8431 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
|
// **********************************************************************
//
// Copyright (c) 2003-present ZeroC, Inc. All rights reserved.
//
// This copy of Ice is licensed to you under the terms described in the
// ICE_LICENSE file included in this distribution.
//
// **********************************************************************
#ifndef ICESSL_SCHANNEL_ENGINE_H
#define ICESSL_SCHANNEL_ENGINE_H
#ifdef _WIN32
#include <IceSSL/SSLEngine.h>
#include <IceSSL/SChannelEngineF.h>
//
// SECURITY_WIN32 or SECURITY_KERNEL, must be defined before including security.h
// indicating who is compiling the code.
//
# ifdef SECURITY_WIN32
# undef SECURITY_WIN32
# endif
# ifdef SECURITY_KERNEL
# undef SECURITY_KERNEL
# endif
# define SECURITY_WIN32 1
# include <security.h>
# include <sspi.h>
# include <schannel.h>
# undef SECURITY_WIN32
#if defined(__MINGW32__) || (defined(_MSC_VER) && (_MSC_VER <= 1500))
//
// Add some definitions missing from MinGW headers.
//
# ifndef CERT_TRUST_IS_EXPLICIT_DISTRUST
# define CERT_TRUST_IS_EXPLICIT_DISTRUST 0x04000000
# endif
# ifndef CERT_TRUST_HAS_NOT_SUPPORTED_CRITICAL_EXT
# define CERT_TRUST_HAS_NOT_SUPPORTED_CRITICAL_EXT 0x08000000
# endif
# ifndef SECBUFFER_ALERT
# define SECBUFFER_ALERT 17
# endif
# ifndef SCH_SEND_ROOT_CERT
# define SCH_SEND_ROOT_CERT 0x00040000
# endif
# ifndef SP_PROT_TLS1_1_SERVER
# define SP_PROT_TLS1_1_SERVER 0x00000100
# endif
# ifndef SP_PROT_TLS1_1_CLIENT
# define SP_PROT_TLS1_1_CLIENT 0x00000200
# endif
# ifndef SP_PROT_TLS1_2_SERVER
# define SP_PROT_TLS1_2_SERVER 0x00000400
# endif
# ifndef SP_PROT_TLS1_2_CLIENT
# define SP_PROT_TLS1_2_CLIENT 0x00000800
# endif
#endif
namespace IceSSL
{
namespace SChannel
{
class SSLEngine : public IceSSL::SSLEngine
{
public:
SSLEngine(const Ice::CommunicatorPtr&);
//
// Setup the engine.
//
virtual void initialize();
virtual IceInternal::TransceiverPtr
createTransceiver(const InstancePtr&, const IceInternal::TransceiverPtr&, const std::string&, bool);
//
// Destroy the engine.
//
virtual void destroy();
virtual void verifyPeer(const std::string&, const ConnectionInfoPtr&, const std::string&);
std::string getCipherName(ALG_ID) const;
CredHandle newCredentialsHandle(bool);
HCERTCHAINENGINE chainEngine() const;
private:
void parseCiphers(const std::string&);
std::vector<PCCERT_CONTEXT> _allCerts;
std::vector<PCCERT_CONTEXT> _importedCerts;
DWORD _protocols;
std::vector<HCERTSTORE> _stores;
HCERTSTORE _rootStore;
HCERTCHAINENGINE _chainEngine;
std::vector<ALG_ID> _ciphers;
const bool _strongCrypto;
};
}
}
#endif
#endif
|
