Stubbing out winrt password encryption.

Author: stgates

Release/include/cpprest/web_utilities.h

@@ -35,18 +35,30 @@ namespace web
 
 namespace http { namespace client { namespace details {
 class winhttp_client;
+class winrt_client;
 }}}
+namespace experimental { namespace websockets { namespace client { namespace details {
+class winrt_client;
+}}}}
 
 namespace details
 {
-#if defined(_MS_WINDOWS) && !defined(__cplusplus_winrt)
+#if defined(_MS_WINDOWS)
 class zero_memory_deleter
 {
 public:
     _ASYNCRTIMP void operator()(::utility::string_t *data) const;
 };
 typedef std::unique_ptr<std::wstring, zero_memory_deleter> password_string;
-
+#if defined(__cplusplus_winrt)
+class winrt_encryption
+{
+public:
+    winrt_encryption() {}
+    _ASYNCRTIMP winrt_encryption(const std::wstring &data);
+    _ASYNCRTIMP password_string decrypt() const;
+};
+#else
 class win32_encryption
 {
 public:
@@ -59,6 +71,7 @@ class win32_encryption
     size_t m_numCharacters;
 };
 #endif
+#endif
 }
 
 /// <summary>
@@ -96,10 +109,10 @@ class credentials
     CASABLANCA_DEPRECATED("This API is deprecated for security reasons to avoid unnecessary password copies stored in plaintext.")
         utility::string_t password() const
     {
-#if defined(_MS_WINDOWS) && !defined(__cplusplus_winrt)
+#if defined(_MS_WINDOWS)
         return utility::string_t(*m_password.decrypt());
 #else
-        return m_password;
+        throw std::runtime_error("Credentials are not supported on this platform yet.");
 #endif
     }
 
@@ -111,19 +124,23 @@ class credentials
 
 private:
     friend class http::client::details::winhttp_client;
+    friend class http::client::details::winrt_client;
+    friend class experimental::websockets::client::details::winrt_client;
 
-#if defined(_MS_WINDOWS) && !defined(__cplusplus_winrt)
+#if defined(_MS_WINDOWS)
     details::password_string decrypt() const
     {
         return m_password.decrypt();
     }
 #endif
 
     ::utility::string_t m_username;
-#if defined(_MS_WINDOWS) && !defined(__cplusplus_winrt)
-    ::web::details::win32_encryption m_password;
+#if defined(_MS_WINDOWS)
+#if defined(__cplusplus_winrt)
+    details::winrt_encryption m_password;
 #else
-    ::utility::string_t m_password;
+    details::win32_encryption m_password;
+#endif
 #endif
 };
 

Release/src/http/client/http_win7.cpp

@@ -923,16 +923,20 @@ class winhttp_client : public _http_client_communicator
             {
                 return false;
             }
-            auto password = cred.decrypt();
-            if (!WinHttpSetCredentials(
-                hRequestHandle,
-                dwAuthTarget,
-                dwSelectedScheme,
-                cred.username().c_str(),
-                password->c_str(),
-                nullptr))
+
+            // New scope to ensure plaintext password is cleared as soon as possible.
             {
-                return false;
+                auto password = cred.decrypt();
+                if (!WinHttpSetCredentials(
+                    hRequestHandle,
+                    dwAuthTarget,
+                    dwSelectedScheme,
+                    cred.username().c_str(),
+                    password->c_str(),
+                    nullptr))
+                {
+                    return false;
+                }
             }
         }
 

Release/src/http/client/http_win8.cpp

@@ -355,7 +355,7 @@ class winrt_client : public _http_client_communicator
             return;
         }
 
-        if ( msg.method() == http::methods::TRCE )
+        if (msg.method() == http::methods::TRCE)
         {
             // Not supported by WinInet. Generate a more specific exception than what WinInet does.
             request->report_exception(http_exception(L"TRACE is not supported"));
@@ -377,7 +377,7 @@ class winrt_client : public _http_client_communicator
             CLSCTX_INPROC, 
             __uuidof(IXMLHTTPRequest2), 
             reinterpret_cast<void**>(winrt_context->m_hRequest.GetAddressOf()));
-        if ( FAILED(hr) ) 
+        if (FAILED(hr)) 
         {
             request->report_error(hr, L"Failure to create IXMLHTTPRequest2 instance");
             return;
@@ -395,35 +395,40 @@ class winrt_client : public _http_client_communicator
             return;
         }
 
-        utility::string_t username, password, proxy_username, proxy_password;
-        if (client_cred.is_set())
-        {
-            username = client_cred.username();
-            password  = client_cred.password();
-        }
-        if (proxy_cred.is_set())
+        // New scope to ensure plaintext password is cleared as soon as possible.
         {
-            proxy_username = proxy_cred.username();
-            proxy_password  = proxy_cred.password();
-        }
+            utility::string_t username, proxy_username;
+            ::web::details::password_string password, proxy_password;
 
-        hr = winrt_context->m_hRequest->Open(
-            msg.method().c_str(), 
-            encoded_resource.c_str(), 
-            Make<HttpRequestCallback>(winrt_context).Get(), 
-            username.c_str(),
-            password.c_str(), 
-            proxy_username.c_str(),
-            proxy_password.c_str());
-        if (FAILED(hr)) 
+            if (client_cred.is_set())
+            {
+                username = client_cred.username();
+                password = client_cred.decrypt();
+            }
+            if (proxy_cred.is_set())
+            {
+                proxy_username = proxy_cred.username();
+                proxy_password = proxy_cred.decrypt();
+            }
+
+            hr = winrt_context->m_hRequest->Open(
+                msg.method().c_str(),
+                encoded_resource.c_str(),
+                Make<HttpRequestCallback>(winrt_context).Get(),
+                username.c_str(),
+                password->c_str(),
+                proxy_username.c_str(),
+                proxy_password->c_str());
+        }
+        if (FAILED(hr))
         {
             request->report_error(hr, L"Failure to open HTTP request");
             return;
         }
 
         // Suppress automatic prompts for user credentials, since they are already provided.
         hr = winrt_context->m_hRequest->SetProperty(XHR_PROP_NO_CRED_PROMPT, TRUE);
-        if(FAILED(hr))
+        if (FAILED(hr))
         {
             request->report_error(hr, L"Failure to set no credentials prompt property");
             return;

Release/src/utilities/web_utilities.cpp

@@ -35,13 +35,30 @@ namespace web
 {
 namespace details
 {
-#if defined(_MS_WINDOWS) && !defined(__cplusplus_winrt)
+#if defined(_MS_WINDOWS)
 void zero_memory_deleter::operator()(::utility::string_t *data) const
 {
+#if defined(__cplusplus_winrt)
     SecureZeroMemory(reinterpret_cast<void *>(const_cast<::utility::string_t::value_type *>(data->data())), data->size());
+#else
+    // TODO
+#endif
     delete data;
 }
 
+#if defined(__cplusplus_winrt)
+winrt_encryption::winrt_encryption(const std::wstring &data)
+{
+    // TODO
+}
+
+password_string winrt_encryption::decrypt() const
+{
+    auto data = password_string(new std::wstring());
+    // TODO
+    return std::move(data);
+}
+#else
 win32_encryption::win32_encryption(const std::wstring &data) :
     m_numCharacters(data.size())
 {
@@ -81,6 +98,7 @@ password_string win32_encryption::decrypt() const
     return std::move(data);
 }
 #endif
+#endif
 }
 
 }

Release/src/websockets/client/ws_winrt.cpp

@@ -105,9 +105,10 @@ class winrt_client : public _websocket_client_impl, public std::enable_shared_fr
 
         if (m_config.credentials().is_set())
         {
+            auto password = m_config.credentials().decrypt();
             m_msg_websocket->Control->ServerCredential = ref new Windows::Security::Credentials::PasswordCredential("WebSocketClientCredentialResource",
                 Platform::StringReference(m_config.credentials().username().c_str()),
-                Platform::StringReference(m_config.credentials().password().c_str()));
+                Platform::StringReference(password->c_str()));
         }
 
         m_context = ref new ReceiveContext([=](websocket_incoming_message &msg)
@@ -178,12 +179,13 @@ class winrt_client : public _websocket_client_impl, public std::enable_shared_fr
         const auto &proxy_cred = proxy.credentials();
         if(proxy_cred.is_set())
         {
+            auto password = proxy_cred.decrypt();
             m_msg_websocket->Control->ProxyCredential = ref new Windows::Security::Credentials::PasswordCredential("WebSocketClientProxyCredentialResource",
-                ref new Platform::String(proxy_cred.username().c_str()),
-                ref new Platform::String(proxy_cred.password().c_str()));
+                Platform::StringReference(proxy_cred.username().c_str()),
+                Platform::StringReference(password->c_str()));
         }
 
-        const auto uri = ref new Windows::Foundation::Uri(ref new Platform::String(m_uri.to_string().c_str()));
+        const auto uri = ref new Windows::Foundation::Uri(Platform::StringReference(m_uri.to_string().c_str()));
 
         m_msg_websocket->MessageReceived += ref new TypedEventHandler<MessageWebSocket^, MessageWebSocketMessageReceivedEventArgs^>(m_context, &ReceiveContext::OnReceive);
         m_msg_websocket->Closed += ref new TypedEventHandler<IWebSocket^, WebSocketClosedEventArgs^>(m_context, &ReceiveContext::OnClosed);
@@ -415,8 +417,7 @@ class winrt_client : public _websocket_client_impl, public std::enable_shared_fr
     pplx::task<void> close(websocket_close_status status, const utility::string_t &strreason=_XPLATSTR(""))
     {
         // Send a close frame to the server
-        Platform::String^ reason = ref new Platform::String(strreason.data());
-        m_msg_websocket->Close(static_cast<unsigned short>(status), reason);
+        m_msg_websocket->Close(static_cast<unsigned short>(status), Platform::StringReference(strreason.c_str()));
         // Wait for the close response frame from the server.
         return pplx::create_task(m_close_tce);
     }