2 * win32_crypto.c: win32 providers for SVN_AUTH_*
4 * ====================================================================
5 * Licensed to the Apache Software Foundation (ASF) under one
6 * or more contributor license agreements. See the NOTICE file
7 * distributed with this work for additional information
8 * regarding copyright ownership. The ASF licenses this file
9 * to you under the Apache License, Version 2.0 (the
10 * "License"); you may not use this file except in compliance
11 * with the License. You may obtain a copy of the License at
13 * http://www.apache.org/licenses/LICENSE-2.0
15 * Unless required by applicable law or agreed to in writing,
16 * software distributed under the License is distributed on an
17 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
18 * KIND, either express or implied. See the License for the
19 * specific language governing permissions and limitations
21 * ====================================================================
24 /* prevent "empty compilation unit" warning on e.g. UNIX */
25 typedef int win32_crypto__dummy;
27 /* ==================================================================== */
29 #if defined(WIN32) && !defined(__MINGW32__)
33 #include <apr_pools.h>
34 #include <apr_base64.h>
36 #include "svn_error.h"
39 #include "svn_config.h"
41 #include "svn_base64.h"
43 #include "private/svn_auth_private.h"
45 #include "svn_private_config.h"
50 /* The description string that's combined with unencrypted data by the
51 Windows CryptoAPI. Used during decryption to verify that the
52 encrypted data were valid. */
53 static const WCHAR description[] = L"auth_svn.simple.wincrypt";
56 /* Return a copy of ORIG, encrypted using the Windows CryptoAPI and
57 allocated from POOL. */
59 encrypt_data(const svn_string_t *orig,
64 const svn_string_t *crypted = NULL;
66 blobin.cbData = orig->len;
67 blobin.pbData = (BYTE *)orig->data;
68 if (CryptProtectData(&blobin, description, NULL, NULL, NULL,
69 CRYPTPROTECT_UI_FORBIDDEN, &blobout))
71 crypted = svn_string_ncreate((const char *)blobout.pbData,
72 blobout.cbData, pool);
73 LocalFree(blobout.pbData);
78 /* Return a copy of CRYPTED, decrypted using the Windows CryptoAPI and
79 allocated from POOL. */
81 decrypt_data(const svn_string_t *crypted,
87 const svn_string_t *orig = NULL;
89 blobin.cbData = crypted->len;
90 blobin.pbData = (BYTE *)crypted->data;
91 if (CryptUnprotectData(&blobin, &descr, NULL, NULL, NULL,
92 CRYPTPROTECT_UI_FORBIDDEN, &blobout))
94 if (0 == lstrcmpW(descr, description))
95 orig = svn_string_ncreate((const char *)blobout.pbData,
96 blobout.cbData, pool);
97 LocalFree(blobout.pbData);
104 /*-----------------------------------------------------------------------*/
105 /* Windows simple provider, encrypts the password on Win2k and later. */
106 /*-----------------------------------------------------------------------*/
108 /* Implementation of svn_auth__password_set_t that encrypts
109 the incoming password using the Windows CryptoAPI. */
111 windows_password_encrypter(svn_boolean_t *done,
113 const char *realmstring,
114 const char *username,
116 apr_hash_t *parameters,
117 svn_boolean_t non_interactive,
120 const svn_string_t *coded;
122 coded = encrypt_data(svn_string_create(in, pool), pool);
125 coded = svn_base64_encode_string2(coded, FALSE, pool);
126 SVN_ERR(svn_auth__simple_password_set(done, creds, realmstring, username,
127 coded->data, parameters,
128 non_interactive, pool));
134 /* Implementation of svn_auth__password_get_t that decrypts
135 the incoming password using the Windows CryptoAPI and verifies its
138 windows_password_decrypter(svn_boolean_t *done,
141 const char *realmstring,
142 const char *username,
143 apr_hash_t *parameters,
144 svn_boolean_t non_interactive,
147 const svn_string_t *orig;
150 SVN_ERR(svn_auth__simple_password_get(done, &in, creds, realmstring, username,
151 parameters, non_interactive, pool));
155 orig = svn_base64_decode_string(svn_string_create(in, pool), pool);
156 orig = decrypt_data(orig, pool);
169 /* Get cached encrypted credentials from the simple provider's cache. */
171 windows_simple_first_creds(void **credentials,
173 void *provider_baton,
174 apr_hash_t *parameters,
175 const char *realmstring,
178 return svn_auth__simple_creds_cache_get(credentials,
183 windows_password_decrypter,
184 SVN_AUTH__WINCRYPT_PASSWORD_TYPE,
188 /* Save encrypted credentials to the simple provider's cache. */
190 windows_simple_save_creds(svn_boolean_t *saved,
192 void *provider_baton,
193 apr_hash_t *parameters,
194 const char *realmstring,
197 return svn_auth__simple_creds_cache_set(saved, credentials,
201 windows_password_encrypter,
202 SVN_AUTH__WINCRYPT_PASSWORD_TYPE,
206 static const svn_auth_provider_t windows_simple_provider = {
207 SVN_AUTH_CRED_SIMPLE,
208 windows_simple_first_creds,
210 windows_simple_save_creds
216 svn_auth_get_windows_simple_provider(svn_auth_provider_object_t **provider,
219 svn_auth_provider_object_t *po = apr_pcalloc(pool, sizeof(*po));
221 po->vtable = &windows_simple_provider;
226 /*-----------------------------------------------------------------------*/
227 /* Windows SSL server trust provider, validates ssl certificate using */
229 /*-----------------------------------------------------------------------*/
231 /* Implementation of svn_auth__password_set_t that encrypts
232 the incoming password using the Windows CryptoAPI. */
234 windows_ssl_client_cert_pw_encrypter(svn_boolean_t *done,
236 const char *realmstring,
237 const char *username,
239 apr_hash_t *parameters,
240 svn_boolean_t non_interactive,
243 const svn_string_t *coded;
245 coded = encrypt_data(svn_string_create(in, pool), pool);
248 coded = svn_base64_encode_string2(coded, FALSE, pool);
249 SVN_ERR(svn_auth__ssl_client_cert_pw_set(done, creds, realmstring,
250 username, coded->data,
251 parameters, non_interactive,
258 /* Implementation of svn_auth__password_get_t that decrypts
259 the incoming password using the Windows CryptoAPI and verifies its
262 windows_ssl_client_cert_pw_decrypter(svn_boolean_t *done,
265 const char *realmstring,
266 const char *username,
267 apr_hash_t *parameters,
268 svn_boolean_t non_interactive,
271 const svn_string_t *orig;
274 SVN_ERR(svn_auth__ssl_client_cert_pw_get(done, &in, creds, realmstring,
275 username, parameters,
276 non_interactive, pool));
280 orig = svn_base64_decode_string(svn_string_create(in, pool), pool);
281 orig = decrypt_data(orig, pool);
294 /* Get cached encrypted credentials from the simple provider's cache. */
296 windows_ssl_client_cert_pw_first_creds(void **credentials,
298 void *provider_baton,
299 apr_hash_t *parameters,
300 const char *realmstring,
303 return svn_auth__ssl_client_cert_pw_cache_get(
304 credentials, iter_baton, provider_baton, parameters, realmstring,
305 windows_ssl_client_cert_pw_decrypter,
306 SVN_AUTH__WINCRYPT_PASSWORD_TYPE, pool);
309 /* Save encrypted credentials to the simple provider's cache. */
311 windows_ssl_client_cert_pw_save_creds(svn_boolean_t *saved,
313 void *provider_baton,
314 apr_hash_t *parameters,
315 const char *realmstring,
318 return svn_auth__ssl_client_cert_pw_cache_set(
319 saved, credentials, provider_baton, parameters, realmstring,
320 windows_ssl_client_cert_pw_encrypter,
321 SVN_AUTH__WINCRYPT_PASSWORD_TYPE, pool);
324 static const svn_auth_provider_t windows_ssl_client_cert_pw_provider = {
325 SVN_AUTH_CRED_SSL_CLIENT_CERT_PW,
326 windows_ssl_client_cert_pw_first_creds,
328 windows_ssl_client_cert_pw_save_creds
334 svn_auth_get_windows_ssl_client_cert_pw_provider
335 (svn_auth_provider_object_t **provider,
338 svn_auth_provider_object_t *po = apr_pcalloc(pool, sizeof(*po));
340 po->vtable = &windows_ssl_client_cert_pw_provider;
345 /*-----------------------------------------------------------------------*/
346 /* Windows SSL server trust provider, validates ssl certificate using */
348 /*-----------------------------------------------------------------------*/
350 /* Helper to create CryptoAPI CERT_CONTEXT from base64 encoded BASE64_CERT.
351 * Returns NULL on error.
353 static PCCERT_CONTEXT
354 certcontext_from_base64(const char *base64_cert, apr_pool_t *pool)
356 PCCERT_CONTEXT cert_context = NULL;
360 /* Use apr-util as CryptStringToBinaryA is available only on XP+. */
361 binary_cert = apr_palloc(pool,
362 apr_base64_decode_len(base64_cert));
363 cert_len = apr_base64_decode((char*)binary_cert, base64_cert);
365 /* Parse the certificate into a context. */
366 cert_context = CertCreateCertificateContext
367 (X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, binary_cert, cert_len);
372 /* Helper for windows_ssl_server_trust_first_credentials for validating
373 * certificate using CryptoApi. Sets *OK_P to TRUE if base64 encoded ASCII_CERT
374 * certificate considered as valid.
377 windows_validate_certificate(svn_boolean_t *ok_p,
378 const char *ascii_cert,
381 PCCERT_CONTEXT cert_context = NULL;
382 CERT_CHAIN_PARA chain_para;
383 PCCERT_CHAIN_CONTEXT chain_context = NULL;
387 /* Parse the certificate into a context. */
388 cert_context = certcontext_from_base64(ascii_cert, pool);
392 /* Retrieve the certificate chain of the certificate
393 (a certificate without a valid root does not have a chain). */
394 memset(&chain_para, 0, sizeof(chain_para));
395 chain_para.cbSize = sizeof(chain_para);
397 if (CertGetCertificateChain(NULL, cert_context, NULL, NULL, &chain_para,
398 CERT_CHAIN_CACHE_END_CERT |
399 CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT,
400 NULL, &chain_context))
402 CERT_CHAIN_POLICY_PARA policy_para;
403 CERT_CHAIN_POLICY_STATUS policy_status;
405 policy_para.cbSize = sizeof(policy_para);
406 policy_para.dwFlags = 0;
407 policy_para.pvExtraPolicyPara = NULL;
409 policy_status.cbSize = sizeof(policy_status);
411 if (CertVerifyCertificateChainPolicy(CERT_CHAIN_POLICY_SSL,
412 chain_context, &policy_para,
415 if (policy_status.dwError == S_OK)
417 /* Windows thinks the certificate is valid. */
422 CertFreeCertificateChain(chain_context);
424 CertFreeCertificateContext(cert_context);
430 /* Retrieve ssl server CA failure overrides (if any) from CryptoApi. */
432 windows_ssl_server_trust_first_credentials(void **credentials,
434 void *provider_baton,
435 apr_hash_t *parameters,
436 const char *realmstring,
439 apr_uint32_t *failure_ptr = svn_hash_gets(parameters,
440 SVN_AUTH_PARAM_SSL_SERVER_FAILURES);
441 apr_uint32_t failures = *failure_ptr;
442 const svn_auth_ssl_server_cert_info_t *cert_info =
443 svn_hash_gets(parameters, SVN_AUTH_PARAM_SSL_SERVER_CERT_INFO);
448 /* We can accept only unknown certificate authority. */
449 if (failures & SVN_AUTH_SSL_UNKNOWNCA)
453 SVN_ERR(windows_validate_certificate(&ok, cert_info->ascii_cert, pool));
455 /* Windows thinks that certificate is ok. */
458 /* Clear failure flag. */
459 failures &= ~SVN_AUTH_SSL_UNKNOWNCA;
463 /* If all failures are cleared now, we return the creds */
466 svn_auth_cred_ssl_server_trust_t *creds =
467 apr_pcalloc(pool, sizeof(*creds));
468 creds->accepted_failures = *failure_ptr & ~failures;
469 creds->may_save = FALSE; /* No need to save it. */
470 *credentials = creds;
476 static const svn_auth_provider_t windows_server_trust_provider = {
477 SVN_AUTH_CRED_SSL_SERVER_TRUST,
478 windows_ssl_server_trust_first_credentials,
485 svn_auth_get_windows_ssl_server_trust_provider
486 (svn_auth_provider_object_t **provider, apr_pool_t *pool)
488 svn_auth_provider_object_t *po = apr_pcalloc(pool, sizeof(*po));
490 po->vtable = &windows_server_trust_provider;
494 static const svn_auth_provider_t windows_server_authority_provider = {
495 SVN_AUTH_CRED_SSL_SERVER_AUTHORITY,
496 windows_ssl_server_trust_first_credentials,
503 svn_auth__get_windows_ssl_server_authority_provider(
504 svn_auth_provider_object_t **provider,
507 svn_auth_provider_object_t *po = apr_pcalloc(pool, sizeof(*po));
509 po->vtable = &windows_server_authority_provider;