1 //
2 // Copyright (c) ZeroC, Inc. All rights reserved.
3 //
4 
5 #ifndef ICESSL_SCHANNEL_ENGINE_H
6 #define ICESSL_SCHANNEL_ENGINE_H
7 
8 #ifdef _WIN32
9 
10 #include <IceSSL/SSLEngine.h>
11 #include <IceSSL/SChannelEngineF.h>
12 
13 //
14 // SECURITY_WIN32 or SECURITY_KERNEL, must be defined before including security.h
15 // indicating who is compiling the code.
16 //
17 #  ifdef SECURITY_WIN32
18 #    undef SECURITY_WIN32
19 #  endif
20 #  ifdef SECURITY_KERNEL
21 #    undef SECURITY_KERNEL
22 #  endif
23 #  define SECURITY_WIN32 1
24 #  include <security.h>
25 #  include <sspi.h>
26 #  include <schannel.h>
27 #  undef SECURITY_WIN32
28 
29 #if defined(__MINGW32__) || (defined(_MSC_VER) && (_MSC_VER <= 1500))
30 
31 //
32 // Add some definitions missing from MinGW headers.
33 //
34 
35 #   ifndef CERT_TRUST_IS_EXPLICIT_DISTRUST
36 #      define CERT_TRUST_IS_EXPLICIT_DISTRUST 0x04000000
37 #   endif
38 
39 #   ifndef CERT_TRUST_HAS_NOT_SUPPORTED_CRITICAL_EXT
40 #      define CERT_TRUST_HAS_NOT_SUPPORTED_CRITICAL_EXT 0x08000000
41 #   endif
42 
43 #   ifndef SECBUFFER_ALERT
44 #      define SECBUFFER_ALERT 17
45 #   endif
46 
47 #   ifndef SCH_SEND_ROOT_CERT
48 #      define SCH_SEND_ROOT_CERT 0x00040000
49 #   endif
50 
51 #   ifndef SP_PROT_TLS1_1_SERVER
52 #      define SP_PROT_TLS1_1_SERVER 0x00000100
53 #   endif
54 
55 #   ifndef SP_PROT_TLS1_1_CLIENT
56 #      define SP_PROT_TLS1_1_CLIENT 0x00000200
57 #   endif
58 
59 #   ifndef SP_PROT_TLS1_2_SERVER
60 #      define SP_PROT_TLS1_2_SERVER 0x00000400
61 #   endif
62 
63 #   ifndef SP_PROT_TLS1_2_CLIENT
64 #      define SP_PROT_TLS1_2_CLIENT 0x00000800
65 #   endif
66 
67 #endif
68 
69 namespace IceSSL
70 {
71 
72 namespace SChannel
73 {
74 
75 class SSLEngine : public IceSSL::SSLEngine
76 {
77 public:
78 
79     SSLEngine(const Ice::CommunicatorPtr&);
80 
81     //
82     // Setup the engine.
83     //
84     virtual void initialize();
85 
86     virtual IceInternal::TransceiverPtr
87     createTransceiver(const InstancePtr&, const IceInternal::TransceiverPtr&, const std::string&, bool);
88 
89     //
90     // Destroy the engine.
91     //
92     virtual void destroy();
93 
94     virtual void verifyPeer(const std::string&, const ConnectionInfoPtr&, const std::string&);
95 
96     std::string getCipherName(ALG_ID) const;
97 
98     CredHandle newCredentialsHandle(bool);
99 
100     HCERTCHAINENGINE chainEngine() const;
101 
102 private:
103 
104     void parseCiphers(const std::string&);
105 
106     std::vector<PCCERT_CONTEXT> _allCerts;
107     std::vector<PCCERT_CONTEXT> _importedCerts;
108     DWORD _protocols;
109 
110     std::vector<HCERTSTORE> _stores;
111     HCERTSTORE _rootStore;
112 
113     HCERTCHAINENGINE _chainEngine;
114     std::vector<ALG_ID> _ciphers;
115 
116     const bool _strongCrypto;
117 };
118 
119 }
120 
121 }
122 
123 #endif
124 
125 #endif
126